[Pepper] Wire up append mode writing support of FileIO

ppapi/proxy/nacl_message_scanner.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "ppapi/proxy/nacl_message_scanner.h"
 
 #include <vector>
 #include "base/bind.h"
 #include "ipc/ipc_message.h"
 #include "ipc/ipc_message_macros.h"
@@ skipping 363 matching lines @@
             untrusted_msg, &params, &nested_msg))
       return;
 
     switch (nested_msg.type()) {
       case PpapiHostMsg_FileIO_Close::ID: {
         FileIOMap::iterator it = files_.find(params.pp_resource());
         if (it == files_.end())
           return;
         // Audit FileIO Close messages to make sure the plugin reports an
         // accurate file size.
-        int64_t max_written_offset = 0;
+        FileGrowth file_growth;
         if (!UnpackMessage<PpapiHostMsg_FileIO_Close>(
-                nested_msg, &max_written_offset))
+                nested_msg, &file_growth))
           return;
 
         int64_t trusted_max_written_offset = it->second->max_written_offset();
         delete it->second;
         files_.erase(it);
         // If the plugin is under-reporting, rewrite the message with the
         // trusted value.
-        if (trusted_max_written_offset > max_written_offset) {
+        if (trusted_max_written_offset > file_growth.max_written_offset) {
           new_msg_ptr->reset(
               new PpapiHostMsg_ResourceCall(
                   params,
-                  PpapiHostMsg_FileIO_Close(trusted_max_written_offset)));
+                  PpapiHostMsg_FileIO_Close(
+                      FileGrowth(trusted_max_written_offset, 0))));

[bbudge, 2014/01/22 20:47:27]

We could probably change the FileIO class to know about append mode, and change
NaClIPCAdapter to return 'bytes_written' so we can have an accurate value for
this and can create a FileGrowth that has both of these values. Would that be
helpful, or is this good enough for the quota system?

[tzik, 2014/01/23 08:42:54]

Ah, I didn't know we provide quota managed writable file descriptor to NaCl.
It has a separate mechanism to RequestOSFileHandle and is only for trusted
plugins, right?

Yes, we should use QuotaReservation for them too.

[bbudge, 2014/01/23 11:50:06]

The NaCl app gets a file descriptor that is backed by a NaClDescQuota in the
trusted part of the plugin process. That holds the real file descriptor / handle
and does the quota verification. It knows both the actual offset and length of
the write and can control how much is written. Here's the part that checks
quota:

https://code.google.com/p/chromium/codesearch#chromium/src/components/nacl/lo...

So you'd change the FileIO class to have a write mode and a FileGrowth field,
and change the Grow method.

         }
       }
       case PpapiHostMsg_FileIO_SetLength::ID: {
         FileIOMap::iterator it = files_.find(params.pp_resource());
         if (it == files_.end())
           return;
         // Audit FileIO SetLength messages to make sure the plugin is within
         // the current quota reservation. In addition, deduct the file size
         // increase from the quota reservation.
         int64_t length = 0;
@@ skipping 13 matching lines @@
               new PpapiHostMsg_ResourceCall(
                   params,
                   PpapiHostMsg_FileIO_SetLength(-1)));
         }
         break;
       }
       case PpapiHostMsg_FileSystem_ReserveQuota::ID: {
         // Audit FileSystem ReserveQuota messages to make sure the plugin
         // reports accurate file sizes.
         int64_t amount = 0;
-        FileOffsetMap max_written_offsets;
+        FileGrowthMap file_growths;
         if (!UnpackMessage<PpapiHostMsg_FileSystem_ReserveQuota>(
-                nested_msg, &amount, &max_written_offsets))
+                nested_msg, &amount, &file_growths))
           return;
 
         bool audit_failed = false;
-        for (FileOffsetMap::iterator it = max_written_offsets.begin();
-            it != max_written_offsets.end(); ++it) {
+        for (FileGrowthMap::iterator it = file_growths.begin();
+            it != file_growths.end(); ++it) {
           FileIOMap::iterator file_it = files_.find(it->first);
           if (file_it == files_.end())
             continue;
           int64_t trusted_max_written_offset =
               file_it->second->max_written_offset();
-          if (trusted_max_written_offset > it->second) {
+          if (trusted_max_written_offset > it->second.max_written_offset) {
             audit_failed = true;
-            it->second = trusted_max_written_offset;
+            it->second.max_written_offset = trusted_max_written_offset;
+          }
+          if (it->second.append_mode_write_amount < 0) {
+            audit_failed = true;
+            it->second.append_mode_write_amount = 0;
           }
         }
         if (audit_failed) {
           new_msg_ptr->reset(
               new PpapiHostMsg_ResourceCall(
                   params,
                   PpapiHostMsg_FileSystem_ReserveQuota(
-                      amount, max_written_offsets)));
+                      amount, file_growths)));
         }
         break;
       }
       case PpapiHostMsg_ResourceDestroyed::ID: {
         // Audit resource destroyed messages to release FileSystems.
         PP_Resource resource;
         if (!UnpackMessage<PpapiHostMsg_ResourceDestroyed>(
                 nested_msg, &resource))
           return;
         FileSystemMap::iterator fs_it = file_systems_.find(resource);
@@ skipping 45 matching lines @@
           files_.insert(std::make_pair(
               resource,
               new FileIO(file_system, max_written_offset)));
         }
       }
       break;
     }
     case PpapiPluginMsg_FileSystem_ReserveQuotaReply::ID: {
       // The amount of reserved quota for a FileSystem was refreshed.
       int64_t amount = 0;
-      FileOffsetMap max_written_offsets;
+      FileSizeMap max_written_offsets;
       if (ppapi::UnpackMessage<PpapiPluginMsg_FileSystem_ReserveQuotaReply>(
           msg, &amount, &max_written_offsets)) {
         FileSystemMap::iterator it = file_systems_.find(resource);
         DCHECK(it != file_systems_.end());
         it->second->UpdateReservedQuota(amount);
 
-        FileOffsetMap::const_iterator offset_it = max_written_offsets.begin();
+        FileSizeMap::const_iterator offset_it = max_written_offsets.begin();
         for (; offset_it != max_written_offsets.end(); ++offset_it) {
           FileIOMap::iterator fio_it = files_.find(offset_it->first);
           DCHECK(fio_it != files_.end());
           if (fio_it != files_.end())
             fio_it->second->SetMaxWrittenOffset(offset_it->second);
         }
       }
       break;
     }
   }
 }
 
 }  // namespace proxy
 }  // namespace ppapi