Enable meta-based validation for shared libraries.

src/trusted/manifest_name_service_proxy/manifest_proxy.c

 /*
  * Copyright (c) 2012 The Native Client Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */
 
 #include <string.h>
 
 #include "native_client/src/trusted/manifest_name_service_proxy/manifest_proxy.h"
 
 #include "native_client/src/shared/platform/nacl_log.h"
 #include "native_client/src/shared/platform/nacl_sync.h"
 #include "native_client/src/shared/platform/nacl_sync_checked.h"
 #include "native_client/src/shared/srpc/nacl_srpc.h"
+#include "native_client/src/trusted/desc/nacl_desc_io.h"
 #include "native_client/src/trusted/reverse_service/manifest_rpc.h"
 #include "native_client/src/trusted/reverse_service/reverse_control_rpc.h"
 #include "native_client/src/trusted/service_runtime/include/sys/errno.h"
+#include "native_client/src/trusted/service_runtime/include/sys/fcntl.h"
 #include "native_client/src/trusted/service_runtime/include/sys/nacl_name_service.h"
 #include "native_client/src/trusted/service_runtime/nacl_secure_service.h"
+#include "native_client/src/trusted/validator/rich_file_info.h"
+#include "native_client/src/trusted/validator/validation_cache.h"
 
 static void NaClManifestWaitForChannel_yield_mu(
     struct NaClManifestProxyConnection *self) {
   NaClLog(4, "Entered NaClManifestWaitForChannel_yield_mu\n");
   NaClXMutexLock(&self->mu);
   NaClLog(4, "NaClManifestWaitForChannel_yield_mu: checking channel\n");
   while (!self->channel_initialized) {
     NaClLog(4, "NaClManifestWaitForChannel_yield_mu: waiting\n");
     NaClXCondVarWait(&self->cv, &self->mu);
   }
@@ skipping 71 matching lines @@
     struct NaClSrpcArg      **out_args,
     struct NaClSrpcClosure  *done_cls) {
   struct NaClManifestProxyConnection  *proxy_conn =
       (struct NaClManifestProxyConnection *) rpc->channel->server_instance_data;
   char                                *name = in_args[0]->arrays.str;
   int                                 flags = in_args[1]->u.ival;
   char                                cookie[20];
   uint32_t                            cookie_size = sizeof cookie;
   int                                 status;
   struct NaClDesc                     *desc;
+  uint64_t                            nonce;
   NaClSrpcError                       srpc_error;
 
   NaClLog(4, "NaClManifestNameServiceLookupRpc\n");
 
   NaClManifestWaitForChannel_yield_mu(proxy_conn);
 
   NaClLog(4,
           "NaClManifestNameServiceLookupRpc: name %s, flags %d\n",
           name, flags);
   NaClLog(4,
           "NaClManifestNameServiceLookupRpc: invoking %s\n",
           NACL_MANIFEST_LOOKUP);
 
   if (NACL_SRPC_RESULT_OK !=
       (srpc_error =
        NaClSrpcInvokeBySignature(&proxy_conn->client_channel,
                                  NACL_MANIFEST_LOOKUP,
                                  name,
                                  flags,
                                  &status,
                                  &desc,
+                                 &nonce,
                                  &cookie_size,
                                  cookie))) {
     NaClLog(LOG_ERROR,
             ("Manifest lookup via channel 0x%"NACL_PRIxPTR" with RPC "
              NACL_MANIFEST_LOOKUP" failed: %d\n"),
             (uintptr_t) &proxy_conn->client_channel,
             srpc_error);
     rpc->result = srpc_error;
   } else {
+    struct NaClManifestProxy *proxy =
+        (struct NaClManifestProxy *) proxy_conn->base.server;
+    struct NaClValidationCache *validation_cache = proxy->nap->validation_cache;
+    int32_t new_fd;
+    char *file_path;
+    uint32_t file_path_length;
+
     NaClLog(4,
             "NaClManifestNameServiceLookupRpc: got cookie %.*s\n",
             cookie_size, cookie);
+
+    if (nonce != 0 && validation_cache->ResolveFileNonce != NULL &&
+        validation_cache->ResolveFileNonce(validation_cache->handle, nonce,
+                                           &new_fd, &file_path,
+                                           &file_path_length)) {
+      struct RichFileInfo info;
+      uint32_t flags;
+      /*
+       * We don't entirely trust the render process, so swap the handle with one
+       * from the browser process that should be equivalent.
+       */
+      NaClDescUnref(desc);
+      desc = NaClDescIoDescFromHandleAllocCtor((NaClHandle) new_fd,
+                                               NACL_ABI_O_RDONLY);
+
+      /* Mark the desc as OK for mmaping. */
+      flags = NaClDescGetFlags(desc);
+      NaClDescSetFlags(desc, flags | NACL_DESC_FLAGS_MMAP_EXEC_OK);
+
+      /* Provide metadata for validation. */
+      RichFileInfoCtor(&info);
+      info.known_file = 1;
+      info.file_path = file_path; /* Takes ownership. */
+      info.file_path_length = file_path_length;
+      SetFileOriginInfo(desc, &info);
+      RichFileInfoDtor(&info);
+    }
+
     out_args[0]->u.ival = status;
     out_args[1]->u.hval = desc;
     rpc->result = NACL_SRPC_RESULT_OK;
   }
   (*done_cls->Run)(done_cls);
   NaClDescUnref(desc);
   NaClManifestReleaseChannel_release_mu(proxy_conn);
 }
 
 static void NaClManifestNameServiceDeleteRpc(
@@ skipping 237 matching lines @@
   /*
    * The NaClManifestProxyConnectionFactory creates a subclass of a
    * NaClSimpleServiceConnectionFactory object that uses the reverse
    * connection object nap->reverse_client to obtain a new RPC channel
    * with each manifest connection.
    */
   NaClSimpleServiceAcceptConnection,
   NaClSimpleServiceAcceptAndSpawnHandler,
   NaClSimpleServiceRpcHandler,
 };