Use ChannelMojo from the browser to NaCl loader process.

components/nacl/browser/nacl_process_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/nacl/browser/nacl_process_host.h"
 
 #include <string.h>
 #include <algorithm>
 #include <string>
 #include <utility>
@@ skipping 31 matching lines @@
 #include "components/nacl/common/nacl_switches.h"
 #include "components/url_formatter/url_formatter.h"
 #include "content/public/browser/browser_child_process_host.h"
 #include "content/public/browser/browser_ppapi_host.h"
 #include "content/public/browser/child_process_data.h"
 #include "content/public/browser/plugin_service.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/child_process_host.h"
 #include "content/public/common/content_switches.h"
+#include "content/public/common/mojo_channel_switches.h"
 #include "content/public/common/process_type.h"
 #include "content/public/common/sandboxed_process_launcher_delegate.h"
 #include "ipc/ipc_channel.h"
 #include "ipc/ipc_switches.h"
+#include "mojo/edk/embedder/embedder.h"
 #include "net/socket/socket_descriptor.h"
 #include "ppapi/host/host_factory.h"
 #include "ppapi/host/ppapi_host.h"
 #include "ppapi/proxy/ppapi_messages.h"
 #include "ppapi/shared_impl/ppapi_constants.h"
 #include "ppapi/shared_impl/ppapi_nacl_plugin_args.h"
 
 #if defined(OS_POSIX)
 
 #include <arpa/inet.h>
@@ skipping 90 matching lines @@
 namespace {
 
 #if defined(OS_POSIX) && !defined(OS_MACOSX)
 content::ZygoteHandle g_nacl_zygote;
 #endif  // defined(OS_POSIX) && !defined(OS_MACOSX)
 
 // NOTE: changes to this class need to be reviewed by the security team.
 class NaClSandboxedProcessLauncherDelegate
     : public content::SandboxedProcessLauncherDelegate {
  public:
-  NaClSandboxedProcessLauncherDelegate(ChildProcessHost* host)
-#if defined(OS_POSIX)
-      : ipc_fd_(host->TakeClientFileDescriptor())
-#endif
-  {}
+  NaClSandboxedProcessLauncherDelegate(ChildProcessHost* host) {}
 
   ~NaClSandboxedProcessLauncherDelegate() override {}
 
 #if defined(OS_WIN)
   void PostSpawnTarget(base::ProcessHandle process) override {
     // For Native Client sel_ldr processes on 32-bit Windows, reserve 1 GB of
     // address space to prevent later failure due to address space fragmentation
     // from .dll loading. The NaCl process will attempt to locate this space by
     // scanning the address space using VirtualQuery.
     // TODO(bbudge) Handle the --no-sandbox case.
     // http://code.google.com/p/nativeclient/issues/detail?id=2131
     const SIZE_T kNaClSandboxSize = 1 << 30;
     if (!nacl::AllocateAddressSpaceASLR(process, kNaClSandboxSize)) {
       DLOG(WARNING) << "Failed to reserve address space for Native Client";
     }
   }
 #elif defined(OS_POSIX)
 #if !defined(OS_MACOSX)
   content::ZygoteHandle* GetZygote() override {
     return content::GetGenericZygote();
   }
 #endif  // !defined(OS_MACOSX)
 
-  base::ScopedFD TakeIpcFd() override { return std::move(ipc_fd_); }
+  base::ScopedFD TakeIpcFd() override { return base::ScopedFD(-1); }

[Mark Seaborn, 2016/07/08 20:26:19]

Nit: I think you can use base::ScopedFD() without an argument here.

[Anand Mistry (off Chromium), 2016/07/12 07:26:23]

Although it's correct here, I've undone this change because it would be better
for me to eliminate SandboxedProcessLauncherDelegate::TakeIpcFD and
ChildProcessHost::TakeClientFileDescriptor everywhere at the same time instead
of in a piecemeal manner.

 #endif  // OS_WIN
-
- private:
-#if defined(OS_POSIX)
-  base::ScopedFD ipc_fd_;
-#endif  // OS_POSIX
 };
 
 void CloseFile(base::File file) {
   // The base::File destructor will close the file for us.
 }
 
 }  // namespace
 
 unsigned NaClProcessHost::keepalive_throttle_interval_milliseconds_ =
     ppapi::kKeepaliveThrottleIntervalDefaultMilliseconds;
@@ skipping 89 matching lines @@
 #if defined(OS_WIN)
       debug_exception_handler_requested_(false),
 #endif
       uses_nonsfi_mode_(uses_nonsfi_mode),
       enable_debug_stub_(false),
       enable_crash_throttling_(false),
       off_the_record_(off_the_record),
       process_type_(process_type),
       profile_directory_(profile_directory),
       render_view_id_(render_view_id),
+      mojo_child_token_(mojo::edk::GenerateRandomToken()),
       weak_factory_(this) {
   process_.reset(content::BrowserChildProcessHost::Create(
-      static_cast<content::ProcessType>(PROCESS_TYPE_NACL_LOADER), this));
+      static_cast<content::ProcessType>(PROCESS_TYPE_NACL_LOADER), this,
+      mojo_child_token_));
 
   // Set the display name so the user knows what plugin the process is running.
   // We aren't on the UI thread so getting the pref locale for language
   // formatting isn't possible, so IDN will be lost, but this is probably OK
   // for this use case.
   process_->SetName(url_formatter::FormatUrl(manifest_url_));
 
   enable_debug_stub_ = base::CommandLine::ForCurrentProcess()->HasSwitch(
       switches::kEnableNaClDebug);
   DCHECK(process_type_ != kUnknownNaClProcessType);
@@ skipping 247 matching lines @@
   base::FilePath script =
       command_line.GetSwitchValuePath(switches::kNaClGdbScript);
   if (!script.empty()) {
     cmd_line.AppendArg("--command");
     cmd_line.AppendArgNative(script.value());
   }
   base::LaunchProcess(cmd_line, base::LaunchOptions());
 }
 
 bool NaClProcessHost::LaunchSelLdr() {
-  std::string channel_id = process_->GetHost()->CreateChannel();
-  if (channel_id.empty()) {
-    SendErrorToRenderer("CreateChannel() failed");
+  std::string mojo_channel_token =
+      process_->GetHost()->CreateChannelMojo(mojo_child_token_);

[Mark Seaborn, 2016/07/08 20:26:19]

Since mojo_child_token_ isn't used after this, you could reset it to save a
little memory.

[Anand Mistry (off Chromium), 2016/07/12 07:26:23]

Done.

+  if (mojo_channel_token.empty()) {
+    SendErrorToRenderer("CreateChannelMojo() failed");
     return false;
   }
 
   // Build command line for nacl.
 
 #if defined(OS_LINUX)
   int flags = ChildProcessHost::CHILD_ALLOW_SELF;
 #else
   int flags = ChildProcessHost::CHILD_NORMAL;
 #endif
@@ skipping 39 matching lines @@
   }
 #endif
 
   std::unique_ptr<base::CommandLine> cmd_line(new base::CommandLine(exe_path));
   CopyNaClCommandLineArguments(cmd_line.get());
 
   cmd_line->AppendSwitchASCII(switches::kProcessType,
                               (uses_nonsfi_mode_ ?
                                switches::kNaClLoaderNonSfiProcess :
                                switches::kNaClLoaderProcess));
-  cmd_line->AppendSwitchASCII(switches::kProcessChannelID, channel_id);
+  cmd_line->AppendSwitchASCII(switches::kMojoChannelToken, mojo_channel_token);
   if (NaClBrowser::GetDelegate()->DialogsAreSuppressed())
     cmd_line->AppendSwitch(switches::kNoErrorDialogs);
 
 #if defined(OS_WIN)
   cmd_line->AppendArg(switches::kPrefetchArgumentOther);
 #endif  // defined(OS_WIN)
 
 // On Windows we might need to start the broker process to launch a new loader
 #if defined(OS_WIN)
   if (RunningOnWOW64()) {
     if (!NaClBrokerService::GetInstance()->LaunchLoader(
-            weak_factory_.GetWeakPtr(), channel_id)) {
+            weak_factory_.GetWeakPtr(), mojo_channel_token)) {
       SendErrorToRenderer("broker service did not launch process");
       return false;
     }
     return true;
   }
 #endif
   process_->Launch(
       new NaClSandboxedProcessLauncherDelegate(process_->GetHost()),
       cmd_line.release(),
       true);
@@ skipping 625 matching lines @@
     NaClStartDebugExceptionHandlerThread(
         std::move(process), info, base::ThreadTaskRunnerHandle::Get(),
         base::Bind(&NaClProcessHost::OnDebugExceptionHandlerLaunchedByBroker,
                    weak_factory_.GetWeakPtr()));
     return true;
   }
 }
 #endif
 
 }  // namespace nacl