NaCl: enable meta-based validation for shared libraries.

chrome/nacl/nacl_listener.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/nacl/nacl_listener.h"
 
 #include <errno.h>
 #include <stdlib.h>
 
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/message_loop.h"
 #include "base/rand_util.h"
 #include "chrome/common/nacl_messages.h"
 #include "chrome/nacl/nacl_ipc_adapter.h"
 #include "chrome/nacl/nacl_validation_db.h"
 #include "chrome/nacl/nacl_validation_query.h"
 #include "ipc/ipc_channel_handle.h"
 #include "ipc/ipc_switches.h"
 #include "ipc/ipc_sync_channel.h"
 #include "ipc/ipc_sync_message_filter.h"
 #include "native_client/src/trusted/service_runtime/sel_main_chrome.h"
+#include "native_client/src/trusted/validator/nacl_file_info.h"
 
 #if defined(OS_POSIX)
 #include "base/file_descriptor_posix.h"
 #endif
 
 #if defined(OS_LINUX)
 #include "content/public/common/child_process_sandbox_support_linux.h"
 #endif
 
 #if defined(OS_WIN)
@@ skipping 89 matching lines @@
     return result;
   }
 
   virtual void SetKnownToValidate(const std::string& signature) OVERRIDE {
     // Caching is optional: NaCl will still work correctly if the IPC fails.
     if (!listener_->Send(new NaClProcessMsg_SetKnownToValidate(signature))) {
       LOG(ERROR) << "Failed to update NaCl validation cache.";
     }
   }
 
+  virtual bool ResolveFileToken(struct NaClFileToken *file_token,

[Mark Seaborn, 2013/05/24 20:21:58]

Fix "*" spacing style

[Nick Bray (chromium), 2013/05/24 21:35:24]

Done.

+                                int32* fd, std::string* path) OVERRIDE {
+    *fd = -1;
+    *path = "";
+    if (file_token->lo == 0 && file_token->hi == 0) {
+      return false;
+    }
+    IPC::PlatformFileForTransit ipc_fd;
+    base::FilePath ipc_path;
+    if (!listener_->Send(new NaClProcessMsg_ResolveFileToken(file_token->lo,
+                                                             file_token->hi,
+                                                             &ipc_fd,
+                                                             &ipc_path))) {
+      return false;
+    }
+    if (ipc_fd == IPC::InvalidPlatformFileForTransit()) {
+      return false;
+    }
+    base::PlatformFile handle =
+        IPC::PlatformFileForTransitToPlatformFile(ipc_fd);
+#if defined(OS_WIN)
+    // On Windows, valid handles are 32 bit unsigned integers so this is safe.
+    *fd = reinterpret_cast<uintptr_t>(handle);
+#else
+    *fd = handle;
+#endif
+    // It doesn't matter if the path is valid UTF8 as long as it's repeatable

[Mark Seaborn, 2013/05/24 20:21:58]

Do you mean "It doesn't matter if the path is invalid UTF8"?

Not sure what you mean by repeatable here.

[Nick Bray (chromium), 2013/05/24 21:35:24]

Done.

+    // and unforgeable.
+    *path = ipc_path.AsUTF8Unsafe();
+    return true;
+  }
+
  private:
   // The listener never dies, otherwise this might be a dangling reference.
   NaClListener* listener_;
 };
 
 
 NaClListener::NaClListener() : shutdown_event_(true, false),
                                io_thread_("NaCl_IOThread"),
 #if defined(OS_LINUX)
                                prereserved_sandbox_size_(0),
@@ skipping 133 matching lines @@
 #if defined(OS_WIN)
   args->broker_duplicate_handle_func = BrokerDuplicateHandle;
   args->attach_debug_exception_handler_func = AttachDebugExceptionHandler;
 #endif
 #if defined(OS_LINUX)
   args->prereserved_sandbox_size = prereserved_sandbox_size_;
 #endif
   NaClChromeMainStart(args);
   NOTREACHED();
 }