Simplify ZygoteForkDelegate API further

components/nacl/loader/nacl_helper_linux.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // A mini-zygote specifically for Native Client.
 
 #include "components/nacl/loader/nacl_helper_linux.h"
 
 #include <errno.h>
 #include <fcntl.h>
 #include <link.h>
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 
 #include <string>
 #include <vector>
 
 #include "base/at_exit.h"
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "base/message_loop/message_loop.h"
 #include "base/posix/eintr_wrapper.h"
 #include "base/posix/global_descriptors.h"
 #include "base/posix/unix_domain_socket_linux.h"
 #include "base/process/kill.h"
+#include "base/process/process_handle.h"
 #include "base/rand_util.h"
 #include "components/nacl/common/nacl_switches.h"
 #include "components/nacl/loader/nacl_listener.h"
 #include "components/nacl/loader/nacl_sandbox_linux.h"
 #include "content/public/common/zygote_fork_delegate_linux.h"
 #include "crypto/nss_util.h"
 #include "ipc/ipc_descriptors.h"
 #include "ipc/ipc_switches.h"
 #include "sandbox/linux/services/libc_urandom_override.h"
 
@@ skipping 64 matching lines @@
   listener.set_uses_nonsfi_mode(uses_nonsfi_mode);
   listener.set_prereserved_sandbox_size(system_info.prereserved_sandbox_size);
   listener.set_number_of_cores(system_info.number_of_cores);
   listener.Listen();
   _exit(0);
 }
 
 // Start the NaCl loader in a child created by the NaCl loader Zygote.
 void ChildNaClLoaderInit(const std::vector<int>& child_fds,
                          const NaClLoaderSystemInfo& system_info,
-                         bool uses_nonsfi_mode) {
+                         bool uses_nonsfi_mode,
+                         const std::string& channel_id) {
   const int parent_fd = child_fds[content::ZygoteForkDelegate::kParentFDIndex];
   const int dummy_fd = child_fds[content::ZygoteForkDelegate::kDummyFDIndex];
+
   bool validack = false;
-  const size_t kMaxReadSize = 1024;
-  char buffer[kMaxReadSize];
+  base::ProcessId real_pid;
   // Wait until the parent process has discovered our PID.  We
   // should not fork any child processes (which the seccomp
   // sandbox does) until then, because that can interfere with the
   // parent's discovery of our PID.
-  const ssize_t nread = HANDLE_EINTR(read(parent_fd, buffer, kMaxReadSize));
+  const ssize_t nread =
+      HANDLE_EINTR(read(parent_fd, &real_pid, sizeof(real_pid)));
+  if (static_cast<size_t>(nread) == sizeof(real_pid)) {
+    // Make sure the parent didn't accidentally send us our real PID.
+    // We don't want it to be discoverable anywhere in our address space
+    // when we start running untrusted code.
+    CHECK(real_pid == 0);
 
-  if (nread < 0) {
-    perror("read");
+    CommandLine::ForCurrentProcess()->AppendSwitchASCII(
+        switches::kProcessChannelID, channel_id);
+    validack = true;
+  } else {
+    if (nread < 0)
+      perror("read");
     LOG(ERROR) << "read returned " << nread;
-  } else if (nread > 0) {
-    VLOG(1) << "NaCl loader is synchronised with Chrome zygote";
-    CommandLine::ForCurrentProcess()->AppendSwitchASCII(
-        switches::kProcessChannelID, std::string(buffer, nread));
-    validack = true;
   }
+
   if (IGNORE_EINTR(close(dummy_fd)) != 0)
     LOG(ERROR) << "close(dummy_fd) failed";
   if (IGNORE_EINTR(close(parent_fd)) != 0)
     LOG(ERROR) << "close(parent_fd) failed";
   if (validack) {
     BecomeNaClLoader(child_fds, system_info, uses_nonsfi_mode);
   } else {
     LOG(ERROR) << "Failed to synch with zygote";
   }
   _exit(1);
 }
 
 // Handle a fork request from the Zygote.
 // Some of this code was lifted from
 // content/browser/zygote_main_linux.cc:ForkWithRealPid()
 bool HandleForkRequest(const std::vector<int>& child_fds,
                        const NaClLoaderSystemInfo& system_info,
                        PickleIterator* input_iter,
                        Pickle* output_pickle) {
   bool uses_nonsfi_mode;
   if (!input_iter->ReadBool(&uses_nonsfi_mode)) {
     LOG(ERROR) << "Could not read uses_nonsfi_mode status";
     return false;
   }
 
+  std::string channel_id;
+  if (!input_iter->ReadString(&channel_id)) {
+    LOG(ERROR) << "Could not read channel_id string";
+    return false;
+  }
+
   if (content::ZygoteForkDelegate::kNumPassedFDs != child_fds.size()) {
     LOG(ERROR) << "nacl_helper: unexpected number of fds, got "
         << child_fds.size();
     return false;
   }
 
   VLOG(1) << "nacl_helper: forking";
   pid_t child_pid = fork();
   if (child_pid < 0) {
     PLOG(ERROR) << "*** fork() failed.";
   }
 
   if (child_pid == 0) {
-    ChildNaClLoaderInit(child_fds, system_info, uses_nonsfi_mode);
+    ChildNaClLoaderInit(child_fds, system_info, uses_nonsfi_mode, channel_id);
     NOTREACHED();
   }
 
   // I am the parent.
   // First, close the dummy_fd so the sandbox won't find me when
   // looking for the child's pid in /proc. Also close other fds.
   for (size_t i = 0; i < child_fds.size(); i++) {
     if (IGNORE_EINTR(close(child_fds[i])) != 0)
       LOG(ERROR) << "close(child_fds[i]) failed";
   }
@@ skipping 232 matching lines @@
   // Now handle requests from the Zygote.
   while (true) {
     bool request_handled = HandleZygoteRequest(kNaClZygoteDescriptor,
                                                system_info);
     // Do not turn this into a CHECK() without thinking about robustness
     // against malicious IPC requests.
     DCHECK(request_handled);
   }
   NOTREACHED();
 }