Initial code for webtry, a web application for allowing users to try out Skia.

experimental/webtry/main.cpp

+#include <sys/time.h>
+#include <sys/resource.h>
+
+#include "SkCanvas.h"
+#include "SkCommandLineFlags.h"
+#include "SkData.h"
+#include "SkForceLinking.h"
+#include "SkGraphics.h"
+#include "SkImageEncoder.h"
+#include "SkImageInfo.h"
+#include "SkStream.h"
+#include "SkSurface.h"
+
+#include "seccomp_bpf.h"
+#include "syscall_reporter.h"
+
+DEFINE_string(out, "", "Filename of the PNG to write to.");
+DEFINE_bool(logSyscall, false, "Dump the name of the blocked syscall that was attempted. Use only for debugging.");
+
+static int installSyscallFilter(void) {

[mtklein, 2014/04/08 19:00:23]

Usually static methods are named_like_this

[jcgregorio, 2014/04/09 14:10:31]

Done.

+    struct sock_filter filter[] = {
+        /* Validate architecture. */
+        VALIDATE_ARCHITECTURE,
+        /* Grab the system call number. */
+        EXAMINE_SYSCALL,
+        /* List allowed syscalls. */
+        ALLOW_SYSCALL(exit_group),
+        ALLOW_SYSCALL(exit),
+        ALLOW_SYSCALL(fstat),
+        ALLOW_SYSCALL(read),
+        ALLOW_SYSCALL(write),
+        ALLOW_SYSCALL(close),
+        ALLOW_SYSCALL(mmap),
+        ALLOW_SYSCALL(munmap),
+        ALLOW_SYSCALL(brk),
+        KILL_PROCESS,
+    };
+    struct sock_fprog prog = {
+        (unsigned short)(sizeof(filter)/sizeof(filter[0])),

[mtklein, 2014/04/08 19:00:23]

SK_ARRAY_COUNT?

[jcgregorio, 2014/04/09 14:10:31]

Done.

+        filter,
+    };
+
+    if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {

[mtklein, 2014/04/08 19:00:23]

This function could use a bit of comment narration.  I can guess what's going on
up until here, but it's not clear to me what the PR_SET_NO_NEW_PRIVS call does.

[jcgregorio, 2014/04/09 14:10:31]

Done.

+        perror("prctl(NO_NEW_PRIVS)");
+        goto failed;
+    }
+    if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) {
+        perror("prctl(SECCOMP)");
+        goto failed;
+    }
+    return 0;
+
+failed:
+    if (errno == EINVAL)
+        fprintf(stderr, "SECCOMP_FILTER is not available. :(\n");
+    return 1;
+}
+
+void setLimits() {

[mtklein, 2014/04/08 19:00:23]

static void set_limits?

[jcgregorio, 2014/04/09 14:10:31]

Done.

+    struct rlimit n;
+
+    // Limit to 5 seconds of CPU.
+    n.rlim_cur = 5;
+    n.rlim_max = 5;
+    if (setrlimit(RLIMIT_CPU, &n)) {
+        perror("setrlimit(RLIMIT_CPU)");
+    }
+
+    // Limit to 50M of Address space.
+    n.rlim_cur = 50000000;
+    n.rlim_max = 50000000;
+    if (setrlimit(RLIMIT_AS, &n)) {
+        perror("setrlimit(RLIMIT_CPU)");
+    }
+}
+
+void draw(SkCanvas* canvas);

[mtklein, 2014/04/08 19:00:23]

Can't hurt to remind us that this comes from outside with an explicit "extern"?

[jcgregorio, 2014/04/09 14:10:31]

Done.

+
+int main(int argc, char** argv) {
+    SkCommandLineFlags::Parse(argc, argv);
+    SkForceLinking(false);

[mtklein, 2014/04/08 19:00:23]

Typically I use the __SK_FORCE_IMAGE_DECODER_LINKING macro up top somewhere, if
only so you don't have to think about what false means. 

[jcgregorio, 2014/04/09 14:10:31]

Done.

+    SkAutoGraphics init;
+
+    SkFILEWStream stream(FLAGS_out[0]);

[mtklein, 2014/04/08 19:00:23]

Bail if FLAGS_out.count() == 0?

[jcgregorio, 2014/04/09 14:10:31]

Done.

+
+    SkImageInfo info = SkImageInfo::MakeN32(300, 300, kPremul_SkAlphaType);
+    SkAutoTUnref<SkSurface> surface(SkSurface::NewRaster(info));
+    SkCanvas* canvas = surface->getCanvas();
+
+    setLimits();
+
+    if (FLAGS_logSyscall && install_syscall_reporter()) {

[mtklein, 2014/04/08 19:00:23]

Ordinarily I'd prefer true, false over 0, 1.  I guess you're writing
installSyscallFilter() to be similar to install_sycall_reporter(), which returns
an int because it's C?  I'm on board with that if so.  Can you note
installSyscallFilter() returns 0 on success, and check != 0 for both of these
calls?

[jcgregorio, 2014/04/09 14:10:31]

Done.

+        return 1;
+    }
+    if (installSyscallFilter()) {
+        return 1;
+    }
+
+    draw(canvas);
+
+    // Write out the image as a PNG.
+    SkAutoTUnref<SkImage> image(surface->newImageSnapshot());

[mtklein, 2014/04/08 19:00:23]

I know it's sort of notional, but I can't help but notice that this code doesn't
quite match up with what we show on the page.  Think it's worth making it linked
to the same source, or is it inevitable that we make little white lies about
what support code's running?

[jcgregorio, 2014/04/09 14:10:31]

Yeah, I'm torn between making the code look exactly like what's executed, or the
code that's here, which you could in theory cut and paste as a complete program
and compile into a working program.

For now I'm fine with the little white lie.

On 2014/04/08 19:00:23, mtklein wrote:

+    SkAutoTUnref<SkData> data(image->encode(SkImageEncoder::kPNG_Type, 100));
+    if (NULL == data.get()) {
+        printf("Failed to encode\n");
+        exit(1);
+    }
+    stream.write(data->data(), data->size());
+}