Remove LoadModule SRPC for non-SFI mode.

components/nacl/browser/nacl_process_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/nacl/browser/nacl_process_host.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
@@ skipping 239 matching lines @@
     : socket_for_renderer(NACL_INVALID_HANDLE),
       socket_for_sel_ldr(NACL_INVALID_HANDLE) { }
 };
 
 // -----------------------------------------------------------------------------
 
 unsigned NaClProcessHost::keepalive_throttle_interval_milliseconds_ =
     ppapi::kKeepaliveThrottleIntervalDefaultMilliseconds;
 
 NaClProcessHost::NaClProcessHost(const GURL& manifest_url,
+                                 base::File nexe_file,
                                  int render_view_id,
                                  uint32 permission_bits,
                                  bool uses_irt,
                                  bool uses_nonsfi_mode,
                                  bool enable_dyncode_syscalls,
                                  bool enable_exception_handling,
                                  bool enable_crash_throttling,
                                  bool off_the_record,
                                  const base::FilePath& profile_directory)
     : manifest_url_(manifest_url),
+      nexe_file_(nexe_file.Pass()),
       permissions_(GetNaClPermissions(permission_bits)),
 #if defined(OS_WIN)
       process_launched_by_broker_(false),
 #endif
       reply_msg_(NULL),
 #if defined(OS_WIN)
       debug_exception_handler_requested_(false),
 #endif
       internal_(new NaClInternal()),
       weak_factory_(this),
@@ skipping 168 matching lines @@
 
     if (!nonsfi_mode_enabled) {
       SendErrorToRenderer(
           "NaCl non-SFI mode is not available for this platform"
           " and NaCl module.");
       delete this;
       return;
     }
   }
 
+  // TODO(hidehiko): We no longer use imc socket channel for non-SFI mode.
+  // Do not create them.

[Mark Seaborn, 2014/06/18 19:53:12]

Nit: 'them' -> 'it', since you're referring to one thing?

[hidehiko, 2014/06/19 07:01:59]

Done.

+
   // Rather than creating a socket pair in the renderer, and passing
   // one side through the browser to sel_ldr, socket pairs are created
   // in the browser and then passed to the renderer and sel_ldr.
   //
   // This is mainly for the benefit of Windows, where sockets cannot
   // be passed in messages, but are copied via DuplicateHandle().
   // This means the sandboxed renderer cannot send handles to the
   // browser process.
 
   NaClHandle pair[2];
@@ skipping 344 matching lines @@
 void NaClProcessHost::OnDebugStubPortSelected(uint16_t debug_stub_port) {
   CHECK(!uses_nonsfi_mode_);
   SetDebugStubPort(debug_stub_port);
 }
 #endif
 
 bool NaClProcessHost::StartNaClExecution() {
   NaClBrowser* nacl_browser = NaClBrowser::GetInstance();
 
   NaClStartParams params;
+
   // Enable PPAPI proxy channel creation only for renderer processes.
   params.enable_ipc_proxy = enable_ppapi_proxy();
-  if (!uses_nonsfi_mode_) {
+  if (uses_nonsfi_mode_) {
+    // Currently, non-SFI mode is supported only on Linux.
+#if defined(OS_LINUX)
+    // Note: nexe_file_ still keeps the ownership at this moment, because

[Mark Seaborn, 2014/06/18 19:53:12]

Is this because a base::File can't be used as a parameter in IPC messages, and
params.nexe_file is a non-auto-freed type?  It might be worth commenting that
here.

[hidehiko, 2014/06/19 07:01:59]

Done.

+    // this params may just be destructed before sending IPC is properly

[Mark Seaborn, 2014/06/18 19:53:12]

Nit: 'destroyed' rather than 'destructed'?  Also "this params" -> "params"?

[hidehiko, 2014/06/19 07:01:59]

Done.

+    // processed.
+    params.nexe_file =
+        base::FileDescriptor(nexe_file_.GetPlatformFile(), true);
+#endif
+  } else {
     params.validation_cache_enabled = nacl_browser->ValidationCacheIsEnabled();
     params.validation_cache_key = nacl_browser->GetValidationCacheKey();
     params.version = NaClBrowser::GetDelegate()->GetVersionString();
     params.enable_exception_handling = enable_exception_handling_;
     params.enable_debug_stub = enable_debug_stub_ &&
         NaClBrowser::GetDelegate()->URLMatchesDebugPatterns(manifest_url_);
     params.uses_irt = uses_irt_;
     params.enable_dyncode_syscalls = enable_dyncode_syscalls_;
   }
 
@@ skipping 42 matching lines @@
     net::SocketDescriptor server_bound_socket = GetDebugStubSocketHandle();
     if (server_bound_socket != net::kInvalidSocket) {
       params.debug_stub_server_bound_socket =
           FileDescriptor(server_bound_socket, true);
     }
   }
 #endif
 
   process_->Send(new NaClProcessMsg_Start(params));
 
+  if (uses_nonsfi_mode_) {
+    // Send() is processed, so we release the ownership of the nexe_file_ here.
+    nexe_file_.TakePlatformFile();

[Mark Seaborn, 2014/06/18 19:53:11]

Wouldn't it be cleaner to do this immediately before Send()?

After Send(), this will be referring to an FD that has already been close()'d
(since you pass auto_close=True to FileDescriptor above), which is slightly
dodgy.

[hidehiko, 2014/06/19 07:01:59]

Done.

+  }
   internal_->socket_for_sel_ldr = NACL_INVALID_HANDLE;
   return true;
 }
 
 // This method is called when NaClProcessHostMsg_PpapiChannelCreated is
 // received.
 void NaClProcessHost::OnPpapiChannelsCreated(
     const IPC::ChannelHandle& browser_channel_handle,
     const IPC::ChannelHandle& ppapi_renderer_channel_handle,
     const IPC::ChannelHandle& trusted_renderer_channel_handle,
@@ skipping 234 matching lines @@
         process_handle.Take(), info,
         base::MessageLoopProxy::current(),
         base::Bind(&NaClProcessHost::OnDebugExceptionHandlerLaunchedByBroker,
                    weak_factory_.GetWeakPtr()));
     return true;
   }
 }
 #endif
 
 }  // namespace nacl