NaCl: enable meta-based validation for shared libraries.

chrome/nacl/nacl_validation_query.cc

Index: chrome/nacl/nacl_validation_query.cc
diff --git a/chrome/nacl/nacl_validation_query.cc b/chrome/nacl/nacl_validation_query.cc
index 37d9b7866e51fa0c356e4a4871b1a7f95f926b2e..a9aa63bb81bc01538ae27fc4f2ed01a38e21e1a0 100644
--- a/chrome/nacl/nacl_validation_query.cc
+++ b/chrome/nacl/nacl_validation_query.cc
@@ -29,6 +29,11 @@ NaClValidationQuery* NaClValidationQueryContext::CreateQuery() {
   return query;
 }
 
+bool NaClValidationQueryContext::ResolveFileNonce(uint64 nonce, int32* fd,
+                                                  std::string* path) {
+  return db_->ResolveFileNonce(nonce, fd, path);
+}
+
 NaClValidationQuery::NaClValidationQuery(NaClValidationDB* db,
                                          const std::string& profile_key)
     : state_(READY),
@@ -127,6 +132,23 @@ static void DestroyQuery(void* query) {
   delete static_cast<NaClValidationQuery*>(query);
 }
 
+static int ResolveFileNonce(void* handle, uint64 nonce, int32* fd,

[Mark Seaborn, 2013/05/16 23:01:47]

So you're returning absolute filenames to the NaCl process.  This means that
you'll reveal pathnames like "/home/mseaborn/..." to the NaCl process.

That isn't ideal, although env vars are currently inherited by the NaCl process
which expose similar information.  But it would be nice not to add to the set of
things that are exposed this way.

Could you pass a hash of the filename to the NaCl process instead?

[Nick Bray (chromium), 2013/05/21 20:09:06]

Security team is not worried, and I have too much to deal with already.  The
interface does not preclude changing this later.

+                            char** file_path, uint32 *file_path_length) {
+  std::string path;
+  *file_path = NULL;
+  *file_path_length = 0;
+  bool ok = static_cast<NaClValidationQueryContext*>(handle)->
+      ResolveFileNonce(nonce, fd, &path);
+  if (ok) {
+    *file_path = (char *) malloc(path.length() + 1);

[Mark Seaborn, 2013/05/16 23:01:47]

Use C++-style casts?

[Nick Bray (chromium), 2013/05/21 20:09:06]

Done.

+    CHECK(*file_path);
+    memcpy(*file_path, path.data(), path.length());
+    (*file_path)[path.length()] = 0;
+    *file_path_length = (uint32) path.length();

[Mark Seaborn, 2013/05/16 23:01:47]

Ditto

[Nick Bray (chromium), 2013/05/21 20:09:06]

Done.

+  }
+  return ok;
+}
+
 struct NaClValidationCache* CreateValidationCache(
     NaClValidationDB* db, const std::string& profile_key,
     const std::string& nacl_version) {
@@ -140,5 +162,6 @@ struct NaClValidationCache* CreateValidationCache(
   cache->QueryKnownToValidate = QueryKnownToValidate;
   cache->SetKnownToValidate = SetKnownToValidate;
   cache->DestroyQuery = DestroyQuery;
+  cache->ResolveFileNonce = ResolveFileNonce;
   return cache;
 }