this patch adds the manifest proxy server to sel_ldr and the manifest

src/trusted/reverse_service/reverse_service.cc

 /*
  * Copyright (c) 2011 The Native Client Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */
 
+#include <string.h>
+
 #include "native_client/src/trusted/reverse_service/reverse_service.h"
 
 #include "native_client/src/include/nacl_compiler_annotations.h"
 #include "native_client/src/include/nacl_scoped_ptr.h"
-
+#include "native_client/src/include/portability_io.h"
 #include "native_client/src/shared/platform/nacl_log.h"
 #include "native_client/src/shared/platform/nacl_sync.h"
 #include "native_client/src/shared/platform/nacl_sync_checked.h"
 #include "native_client/src/shared/platform/nacl_threads.h"
 #include "native_client/src/shared/srpc/nacl_srpc.h"
 
+#include "native_client/src/trusted/desc/nacl_desc_invalid.h"
+
 namespace {
 
 void Test(NaClSrpcRpc* rpc,
           NaClSrpcArg** in_args,
           NaClSrpcArg** out_args,
           NaClSrpcClosure* done) {
   char *msg = in_args[0]->arrays.str;
   UNREFERENCED_PARAMETER(out_args);
   // use rpc->channel rather than rpc->channel->server_instance_data
   // to show that Test RPCs arrive in different channels.
   NaClLog(1, "Test: [%"NACL_PRIxPTR"] %s\n",
           reinterpret_cast<uintptr_t>(rpc->channel), msg);
   rpc->result = NACL_SRPC_RESULT_OK;
   done->Run(done);
 }
 
 void AddChannel(NaClSrpcRpc* rpc,
                 NaClSrpcArg** in_args,
                 NaClSrpcArg** out_args,
                 NaClSrpcClosure* done) {
   nacl::ReverseService* service = reinterpret_cast<nacl::ReverseService*>(
       rpc->channel->server_instance_data);
+
   UNREFERENCED_PARAMETER(in_args);
-  UNREFERENCED_PARAMETER(out_args);
+
   NaClLog(4, "Entered AddChannel\n");
-  out_args[0]->u.bval = service->Start();
+  service->Start();
+  out_args[0]->u.bval = 1;

[polina, 2011/06/15 00:40:29]

Start now always succeeds?

[bsy, 2011/06/15 20:03:35]

weird.  reverted.

   NaClLog(4, "Leaving AddChannel\n");
   rpc->result = NACL_SRPC_RESULT_OK;
   done->Run(done);
 }
 
 void RevLog(NaClSrpcRpc* rpc,
             NaClSrpcArg** in_args,
             NaClSrpcArg** out_args,
             NaClSrpcClosure* done) {
   nacl::ReverseService* service = reinterpret_cast<nacl::ReverseService*>(
       rpc->channel->server_instance_data);
   UNREFERENCED_PARAMETER(out_args);
   char* message = in_args[0]->arrays.str;
 
   if (NULL == service->reverse_interface()) {
     NaClLog(1, "Log RPC, no reverse_interface.  Message: %s\n", message);
   } else {
     service->reverse_interface()->Log(message);
   }
   done->Run(done);
 }
 
+// Manifest name service, internal APIs.
+//
+// Manifest file lookups result in read-only file descriptors with a
+// handle.  When the descriptor is closed, the service runtime must
+// inform the plugin of this using the handle, so that the File object
+// reference can be closed (thereby allowing the browser to delete or
+// otherwise garbage collect the file).  Files, being from the
+// manifest, cannot be deleted.  The manifest is also a read-only
+// object, so no new entries can be made to it.
+//
+// Read-only proxies do not require quota support per se, since we do
+// not limit read bandwidth.  Quota support is needed for storage
+// limits, though could also be used to limit write bandwidth (prevent
+// disk output saturation, limit malicious code's ability to cause
+// disk failures, especially with flash disks with limited write
+// cycles).
+
+// NACL_NAME_SERVICE_LIST list::C -- enumerate all names in the manifest

[polina, 2011/06/15 00:40:29]

NACL_MANIFEST_LIST?

[bsy, 2011/06/15 20:03:35]

Done.

+void ManifestListRpc(NaClSrpcRpc* rpc,
+                     NaClSrpcArg** in_args,
+                     NaClSrpcArg** out_args,
+                     NaClSrpcClosure* done) {
+  size_t nbytes = out_args[0]->u.count;
+  char* dest = out_args[0]->arrays.carr;

[polina, 2011/06/15 00:40:29]

It would be more readable if you used out_args directly below: my first reaction
was that you were reading from out args instead of in args by mistake.

[bsy, 2011/06/15 20:03:35]

Done.  Also eliminated nbytes.

+
+  UNREFERENCED_PARAMETER(in_args);
+  // temporary test return value. TODO(bsy) hook up to real manifest info
+  out_args[0]->u.count = SNPRINTF(dest, nbytes,
+                                  "This is a reply from the manifest reverse"
+                                  " service in the plugin.");
+  rpc->result = NACL_SRPC_RESULT_OK;
+  done->Run(done);
+}
+
+// NACL_NAME_SERVICE_LOOKUP lookup:si:ihC -- look up by string name,

[polina, 2011/06/15 00:40:29]

NACL_MANIFEST_LOOKUP?

[bsy, 2011/06/15 20:03:35]

Done.

+// resulting in a handle (if name is in the preimage), a object proxy
+// handle, and an error code.
+void ManifestLookupRpc(NaClSrpcRpc* rpc,
+                       NaClSrpcArg** in_args,
+                       NaClSrpcArg** out_args,
+                       NaClSrpcClosure* done) {
+  char* fname = in_args[0]->arrays.str;
+  int flags = in_args[0]->u.ival;
+
+  NaClLog(0, "ManifestLookupRpc: %s, %d\n", fname, flags);
+  out_args[0]->u.ival = 0;  // ok
+  out_args[1]->u.hval = (struct NaClDesc*) NaClDescInvalidMake();

[polina, 2011/06/15 00:40:29]

is this a dummy place holder for now?

[polina, 2011/06/15 00:51:05]

It would be helpful to note this here, not just the CL description.

[bsy, 2011/06/15 20:03:35]

yes

[bsy, 2011/06/15 20:03:35]

Done.

+  out_args[2]->u.count = 10;
+  strncpy(out_args[2]->arrays.carr, "123456789", 10);
+  rpc->result = NACL_SRPC_RESULT_OK;
+  done->Run(done);
+}
+
+// unref:C:i -- dereferences the file by object proxy handle.  The

[polina, 2011/06/15 00:40:29]

NACL_MANIFEST_UNREF?

[bsy, 2011/06/15 20:03:35]

Done.

+// file descriptor should have been closed.
+void ManifestUnrefRpc(NaClSrpcRpc* rpc,
+                      NaClSrpcArg** in_args,
+                      NaClSrpcArg** out_args,
+                      NaClSrpcClosure* done) {
+  char* proxy_handle = in_args[0]->arrays.carr;
+
+  NaClLog(0, "ManifestUnrefRpc: %s\n", proxy_handle);
+  out_args[0]->u.ival = 0;  // ok
+  rpc->result = NACL_SRPC_RESULT_OK;
+  done->Run(done);
+}
+
 }  // namespace
 
 namespace nacl {
 
 // need NaClThreadIfFactoryFunction that keeps "this" to do counting
 
 struct ReverseCountingThreadInterface {
   struct NaClThreadInterface base NACL_IS_REFCOUNT_SUBCLASS;
   nacl::ReverseService* rev;
 };
@@ skipping 104 matching lines @@
   },
   NaClThreadInterfaceStartThread,
   ReverseThreadIfLaunchCallback,
   ReverseThreadIfExit,
 };
 
 NaClSrpcHandlerDesc const ReverseService::handlers[] = {
   { "test:s:", Test, },
   { "revlog:s:", RevLog, },
   { "add_channel::b", AddChannel, },
+  { NACL_MANIFEST_LIST, ManifestListRpc, },

[polina, 2011/06/15 00:40:29]

why do these require constants and not others?

[bsy, 2011/06/15 20:03:35]

these are RPCs that are used by the manifest proxy code.  the others are used by
a different sub-module.  i'll make these into preproccessor symbols too and make
the corresponding changes in the relying code.

+  { NACL_MANIFEST_LOOKUP, ManifestLookupRpc, },
+  { NACL_MANIFEST_UNREF, ManifestUnrefRpc, },
   { NULL, NULL, },
 };
 
 ReverseService::ReverseService(nacl::DescWrapper* conn_cap,
                                ReverseInterface* rif)
     : service_socket_(NULL),
       reverse_interface_(rif),
       thread_count_(0) {
   /*
    * We wait for service threads to exit before dtor'ing, so the
@@ skipping 13 matching lines @@
 ReverseService::~ReverseService() {
   if (thread_count_ != 0) {
     NaClLog(LOG_FATAL, "ReverseService dtor when thread count is nonzero\n");
   }
   NaClCondVarDtor(&cv_);
   NaClMutexDtor(&mu_);
 }
 
 
 bool ReverseService::Start() {
+  NaClLog(4, "Entered ReverseService::Start\n");
   return service_socket_->StartService(reinterpret_cast<void*>(this));
 }
 
 void ReverseService::WaitForServiceThreadsToExit() {
   NaClLog(4, "ReverseService::WaitForServiceThreadsToExit\n");
   NaClXMutexLock(&mu_);
   while (0 != thread_count_) {
     NaClXCondVarWait(&cv_, &mu_);
     NaClLog(5, "ReverseService::WaitForServiceThreadsToExit: woke up\n");
   }
@@ skipping 19 matching lines @@
             ("ReverseService::DecrThreadCount:"
              " Decrementing thread count when count is zero\n"));
   }
   if (0 == --thread_count_) {
     NaClXCondVarBroadcast(&cv_);
   }
   NaClXMutexUnlock(&mu_);
 }
 
 }  // namespace nacl