Adding nonsfi content handler

services/nacl/content_handler_main_nonsfi.cc

Index: services/nacl/content_handler_main_nonsfi.cc
diff --git a/services/nacl/content_handler_main_nonsfi.cc b/services/nacl/content_handler_main_nonsfi.cc
new file mode 100644
index 0000000000000000000000000000000000000000..70e2f162835ce9cbcd84fb2cf233edbc6979d2df
--- /dev/null
+++ b/services/nacl/content_handler_main_nonsfi.cc
@@ -0,0 +1,103 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <fcntl.h>
+
+#include "base/files/file_util.h"
+#include "mojo/application/application_runner_chromium.h"
+#include "mojo/application/content_handler_factory.h"
+#include "mojo/data_pipe_utils/data_pipe_utils.h"
+#include "mojo/message_pump/message_pump_mojo.h"
+#include "mojo/nacl/mojo_interface_nacl_nonsfi.h"
+#include "mojo/public/c/system/main.h"
+#include "mojo/public/cpp/application/application_impl.h"
+#include "native_client/src/public/nonsfi/elf_loader.h"
+
+namespace nacl {
+namespace content_handler {
+namespace {
+
+// Copies response (input) into new temporary file open by fd (output).
+bool URLResponseToTempFile(mojo::URLResponsePtr& response, int* fd) {
+  base::FilePath path;
+  if (!base::CreateTemporaryFile(&path)) {
+    return false;
+  }
+
+  if (!mojo::common::BlockingCopyToFile(response->body.Pass(), path)) {

[Mark Seaborn, 2015/09/01 21:05:47]

This still has the issue that if the process is killed part-way through the
download, a non-empty temp file is left behind.  It would be better if there
were a variant of BlockingCopyToFile() that writes to an FD.  That could be done
in a separate change?

[Sean Klein, 2015/09/01 22:55:27]

Made a separate CL for this issue (I'll post it as soon as this one goes
through). It seems to work though -- I made a new "BlockingCopyToFile"-esque
function which creates a temp file, unlinks the file, copies, and then returns a
file descriptor.

Isn't there still the possibility of leaving an empty temp file between creating
and unlinking? Or is this considered an acceptable failure state?

[Mark Seaborn, 2015/09/02 20:27:15]

Yes, that's still a possibility, but the window is much smaller, and the file
would only be zero-size.

Using Linux's new memfd_create() syscall would avoid this problem, but we can't
rely on it being available yet.

+    base::DeleteFile(path, false);
+    return false;
+  }
+  *fd = open(path.value().c_str(), O_RDONLY);
+  if (fd < 0) {

[Mark Seaborn, 2015/09/01 21:05:47]

fd is a pointer.  This is "fd < NULL". :-)

[Sean Klein, 2015/09/01 22:55:27]

Whoops! Changed to (*fd < 0)

+    LOG(FATAL) << "Failed to open " << path.value().c_str() << ": "
+               << strerror(errno) << "\n";
+  }
+
+  // Since we unlink an open file, the temp file will be removed as soon as the
+  // fd is closed.
+  if (unlink(path.value().c_str())) {
+    LOG(FATAL) << "Failed to unlink " << path.value().c_str() << ": "
+               << strerror(errno) << "\n";
+  }
+  return true;
+}
+
+}  // namespace
+
+class NaClContentHandler : public mojo::ApplicationDelegate,
+                           public mojo::ContentHandlerFactory::Delegate {
+ public:
+  NaClContentHandler() : content_handler_factory_(this) {}
+
+ private:
+  // Overridden from ApplicationDelegate:
+  void Initialize(mojo::ApplicationImpl* app) override {}
+
+  // Overridden from ApplicationDelegate:
+  bool ConfigureIncomingConnection(
+      mojo::ApplicationConnection* connection) override {
+    connection->AddService(&content_handler_factory_);
+    return true;
+  }
+
+  // Overridden from ContentHandlerFactory::ManagedDelegate:
+  void RunApplication(
+      mojo::InterfaceRequest<mojo::Application> application_request,
+      mojo::URLResponsePtr response) override {
+    // Needed to use Mojo interfaces on this thread.
+    base::MessageLoop loop(mojo::common::MessagePumpMojo::Create());
+    // Acquire the nexe.
+    int fd;
+    if (!URLResponseToTempFile(response, &fd)) {
+      LOG(FATAL) << "could not redirect nexe to temp file";
+    }
+
+    // Run -- Also, closes the fd, removing the temp file.
+    uintptr_t entry = NaClLoadElfFile(fd);
+
+    mojo_set_initial_handle(
+        application_request.PassMessagePipe().release().value());
+    int argc = 1;
+    char* argvp = (char *) "NaClMain";

[Mark Seaborn, 2015/09/01 21:05:47]

Nit: use C++ style cast

[Sean Klein, 2015/09/01 22:55:27]

Using const_cast.

+    nacl_irt_nonsfi_entry(argc, &argvp, environ,

[Mark Seaborn, 2015/09/01 21:05:47]

Let's use an empty set of env vars instead of passing environment variables
through by default.

Nick's SFI NaCl version doesn't pass env vars through (since it uses
NaClChromeMainStart()).

[Sean Klein, 2015/09/01 22:55:27]

Done.

+                          reinterpret_cast<nacl_entry_func_t>(entry),
+                          mojo_irt_nonsfi_query);
+    abort();
+    NOTREACHED();
+  }
+
+  mojo::ContentHandlerFactory content_handler_factory_;
+
+  DISALLOW_COPY_AND_ASSIGN(NaClContentHandler);
+};
+
+}  // namespace content_handler
+}  // namespace nacl
+
+MojoResult MojoMain(MojoHandle application_request) {
+  mojo::ApplicationRunnerChromium runner(
+      new nacl::content_handler::NaClContentHandler());
+  return runner.Run(application_request);
+}