Non-SFI mode: Remove old Non-SFI code.

components/nacl/loader/nacl_helper_linux.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // A mini-zygote specifically for Native Client.
 
 #include "components/nacl/loader/nacl_helper_linux.h"
 
 #include <errno.h>
 #include <fcntl.h>
@@ skipping 14 matching lines @@
 #include "base/memory/scoped_ptr.h"
 #include "base/memory/scoped_vector.h"
 #include "base/message_loop/message_loop.h"
 #include "base/posix/eintr_wrapper.h"
 #include "base/posix/global_descriptors.h"
 #include "base/posix/unix_domain_socket_linux.h"
 #include "base/process/kill.h"
 #include "base/process/process_handle.h"
 #include "base/rand_util.h"
 #include "components/nacl/common/nacl_switches.h"
-#include "components/nacl/loader/nacl_listener.h"
-#include "components/nacl/loader/nonsfi/nonsfi_listener.h"
 #include "components/nacl/loader/sandbox_linux/nacl_sandbox_linux.h"
 #include "content/public/common/content_descriptors.h"
 #include "content/public/common/send_zygote_child_ping_linux.h"
 #include "content/public/common/zygote_fork_delegate_linux.h"
 #include "ipc/ipc_descriptors.h"
 #include "ipc/ipc_switches.h"
 #include "sandbox/linux/services/credentials.h"
 #include "sandbox/linux/services/namespace_sandbox.h"
 
 #if defined(OS_NACL_NONSFI)
+#include "components/nacl/loader/nonsfi/nonsfi_listener.h"
 #include "native_client/src/public/nonsfi/irt_exception_handling.h"
 #else
 #include <link.h>
-#include "components/nacl/loader/nonsfi/irt_exception_handling.h"
+#include "components/nacl/loader/nacl_listener.h"
 #endif
 
 namespace {
 
 struct NaClLoaderSystemInfo {
   size_t prereserved_sandbox_size;
   long number_of_cores;
 };
 
+#if defined(OS_NACL_NONSFI)
 // Replace |file_descriptor| with the reading end of a closed pipe.
 void ReplaceFDWithDummy(int file_descriptor) {
   // Make sure that file_descriptor is an open descriptor.
   PCHECK(-1 != fcntl(file_descriptor, F_GETFD, 0));
   int pipefd[2];
   PCHECK(0 == pipe(pipefd));
   PCHECK(-1 != dup2(pipefd[0], file_descriptor));
   PCHECK(0 == IGNORE_EINTR(close(pipefd[0])));
   PCHECK(0 == IGNORE_EINTR(close(pipefd[1])));
 }
+#endif
 
 // The child must mimic the behavior of zygote_main_linux.cc on the child
 // side of the fork. See zygote_main_linux.cc:HandleForkRequest from
 //   if (!child) {
 void BecomeNaClLoader(base::ScopedFD browser_fd,
                       const NaClLoaderSystemInfo& system_info,
                       bool uses_nonsfi_mode,
                       nacl::NaClSandbox* nacl_sandbox) {
   DCHECK(nacl_sandbox);
   VLOG(1) << "NaCl loader: setting up IPC descriptor";
   // Close or shutdown IPC channels that we don't need anymore.
   PCHECK(0 == IGNORE_EINTR(close(kNaClZygoteDescriptor)));
+
+#if defined(OS_NACL_NONSFI)
   // In Non-SFI mode, it's important to close any non-expected IPC channels.
-  if (uses_nonsfi_mode) {
-    // The low-level kSandboxIPCChannel is used by renderers and NaCl for
-    // various operations. See the LinuxSandbox::METHOD_* methods. NaCl uses
-    // LinuxSandbox::METHOD_MAKE_SHARED_MEMORY_SEGMENT in SFI mode, so this
-    // should only be closed in Non-SFI mode.
-    // This file descriptor is insidiously used by a number of APIs. Closing it
-    // could lead to difficult to debug issues. Instead of closing it, replace
-    // it with a dummy.
-    const int sandbox_ipc_channel =
-        base::GlobalDescriptors::kBaseDescriptor + kSandboxIPCChannel;
+  CHECK(uses_nonsfi_mode);
+  // The low-level kSandboxIPCChannel is used by renderers and NaCl for
+  // various operations. See the LinuxSandbox::METHOD_* methods. NaCl uses
+  // LinuxSandbox::METHOD_MAKE_SHARED_MEMORY_SEGMENT in SFI mode, so this
+  // should only be closed in Non-SFI mode.
+  // This file descriptor is insidiously used by a number of APIs. Closing it
+  // could lead to difficult to debug issues. Instead of closing it, replace
+  // it with a dummy.
+  const int sandbox_ipc_channel =
+      base::GlobalDescriptors::kBaseDescriptor + kSandboxIPCChannel;
 
-    ReplaceFDWithDummy(sandbox_ipc_channel);
+  ReplaceFDWithDummy(sandbox_ipc_channel);
 
-    // Install crash signal handlers before disallowing system calls.
-#if defined(OS_NACL_NONSFI)
-    nonsfi_initialize_signal_handler();
+  // Install crash signal handlers before disallowing system calls.
+  nonsfi_initialize_signal_handler();
 #else
-    nacl::nonsfi::InitializeSignalHandler();
+  CHECK(!uses_nonsfi_mode);
 #endif
-  }
 
   // Always ignore SIGPIPE, for consistency with other Chrome processes and
   // because some IPC code, such as sync_socket_posix.cc, requires this.
   // We do this before seccomp-bpf is initialized.
   PCHECK(signal(SIGPIPE, SIG_IGN) != SIG_ERR);
 
   // Finish layer-1 sandbox initialization and initialize the layer-2 sandbox.
   CHECK(!nacl_sandbox->HasOpenDirectory());
   nacl_sandbox->InitializeLayerTwoSandbox(uses_nonsfi_mode);
   nacl_sandbox->SealLayerOneSandbox();
@@ skipping 356 matching lines @@
   // Now handle requests from the Zygote.
   while (true) {
     bool request_handled = HandleZygoteRequest(
         kNaClZygoteDescriptor, system_info, nacl_sandbox.get());
     // Do not turn this into a CHECK() without thinking about robustness
     // against malicious IPC requests.
     DCHECK(request_handled);
   }
   NOTREACHED();
 }