Enable mmap and identity-based validation caching on pnacl-{llc,ld}.nexe

components/nacl/browser/nacl_file_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/nacl/browser/nacl_file_host.h"
 
 #include "base/bind.h"
 #include "base/file_util.h"
 #include "base/files/file.h"
 #include "base/files/file_path.h"
@@ skipping 20 matching lines @@
 // in file name limit error-handling-code-paths, etc.
 const size_t kMaxFileLength = 40;
 
 void NotifyRendererOfError(
     nacl::NaClHostMessageFilter* nacl_host_message_filter,
     IPC::Message* reply_msg) {
   reply_msg->set_reply_error();
   nacl_host_message_filter->Send(reply_msg);
 }
 
-base::File PnaclDoOpenFile(const base::FilePath& file_to_open) {
-  return base::File(file_to_open,
-                    base::File::FLAG_OPEN | base::File::FLAG_READ);
+typedef void (*WriteFileInfoReply)(IPC::Message* reply_msg,
+                                   IPC::PlatformFileForTransit file_desc,
+                                   uint64 file_token_lo,
+                                   uint64 file_token_hi);
+
+void DoRegisterOpenedNaClExecutableFile(
+    scoped_refptr<nacl::NaClHostMessageFilter> nacl_host_message_filter,
+    base::File file,
+    base::FilePath file_path,
+    IPC::Message* reply_msg,
+    WriteFileInfoReply write_reply_message) {
+  // IO thread owns the NaClBrowser singleton.
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+
+  nacl::NaClBrowser* nacl_browser = nacl::NaClBrowser::GetInstance();
+  uint64 file_token_lo = 0;
+  uint64 file_token_hi = 0;
+  nacl_browser->PutFilePath(file_path, &file_token_lo, &file_token_hi);
+
+  IPC::PlatformFileForTransit file_desc = IPC::TakeFileHandleForProcess(
+      file.Pass(),
+      nacl_host_message_filter->PeerHandle());
+
+  write_reply_message(reply_msg, file_desc, file_token_lo, file_token_hi);
+  nacl_host_message_filter->Send(reply_msg);
 }
 
 void DoOpenPnaclFile(
     scoped_refptr<nacl::NaClHostMessageFilter> nacl_host_message_filter,
     const std::string& filename,
+    bool is_executable,
     IPC::Message* reply_msg) {
   DCHECK(BrowserThread::GetBlockingPool()->RunsTasksOnCurrentThread());
   base::FilePath full_filepath;
 
   // PNaCl must be installed.
   base::FilePath pnacl_dir;
   if (!nacl::NaClBrowser::GetDelegate()->GetPnaclDirectory(&pnacl_dir) ||
       !base::PathExists(pnacl_dir)) {
     NotifyRendererOfError(nacl_host_message_filter.get(), reply_msg);
     return;
   }
 
   // Do some validation.
   if (!nacl_file_host::PnaclCanOpenFile(filename, &full_filepath)) {
     NotifyRendererOfError(nacl_host_message_filter.get(), reply_msg);
     return;
   }
 
-  base::File file_to_open = PnaclDoOpenFile(full_filepath);
+  base::File file_to_open = nacl::OpenNaClReadExecImpl(full_filepath,
+                                                       is_executable);
   if (!file_to_open.IsValid()) {
     NotifyRendererOfError(nacl_host_message_filter.get(), reply_msg);
     return;
   }
 
-  // Send the reply!
-  // Do any DuplicateHandle magic that is necessary first.
-  IPC::PlatformFileForTransit target_desc =
-      IPC::TakeFileHandleForProcess(file_to_open.Pass(),
-                                    nacl_host_message_filter->PeerHandle());
-  if (target_desc == IPC::InvalidPlatformFileForTransit()) {
-    NotifyRendererOfError(nacl_host_message_filter.get(), reply_msg);
-    return;
+  // This function is running on the blocking pool, but the path needs to be
+  // registered in a structure owned by the IO thread.
+  // Not all PNaCl files are executable. Only register those that are
+  // executable in the NaCl file_path cache.
+  if (is_executable) {
+    BrowserThread::PostTask(
+        BrowserThread::IO, FROM_HERE,
+        base::Bind(&DoRegisterOpenedNaClExecutableFile,
+                   nacl_host_message_filter,
+                   Passed(file_to_open.Pass()), full_filepath, reply_msg,
+                   static_cast<WriteFileInfoReply>(
+                       NaClHostMsg_GetReadonlyPnaclFD::WriteReplyParams)));
+  } else {
+    IPC::PlatformFileForTransit target_desc =
+        IPC::TakeFileHandleForProcess(file_to_open.Pass(),
+                                      nacl_host_message_filter->PeerHandle());
+    uint64_t dummy_file_token = 0;
+    NaClHostMsg_GetReadonlyPnaclFD::WriteReplyParams(
+        reply_msg, target_desc, dummy_file_token, dummy_file_token);
+    nacl_host_message_filter->Send(reply_msg);
   }
-  NaClHostMsg_GetReadonlyPnaclFD::WriteReplyParams(
-      reply_msg, target_desc);
-  nacl_host_message_filter->Send(reply_msg);
-}
-
-void DoRegisterOpenedNaClExecutableFile(
-    scoped_refptr<nacl::NaClHostMessageFilter> nacl_host_message_filter,
-    base::File file,
-    base::FilePath file_path,
-    IPC::Message* reply_msg) {
-  // IO thread owns the NaClBrowser singleton.
-  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
-
-  nacl::NaClBrowser* nacl_browser = nacl::NaClBrowser::GetInstance();
-  uint64 file_token_lo = 0;
-  uint64 file_token_hi = 0;
-  nacl_browser->PutFilePath(file_path, &file_token_lo, &file_token_hi);
-
-  IPC::PlatformFileForTransit file_desc = IPC::TakeFileHandleForProcess(
-      file.Pass(),
-      nacl_host_message_filter->PeerHandle());
-
-  NaClHostMsg_OpenNaClExecutable::WriteReplyParams(
-      reply_msg, file_desc, file_token_lo, file_token_hi);
-  nacl_host_message_filter->Send(reply_msg);
 }
 
 // Convert the file URL into a file descriptor.
 // This function is security sensitive.  Be sure to check with a security
 // person before you modify it.
 void DoOpenNaClExecutableOnThreadPool(
     scoped_refptr<nacl::NaClHostMessageFilter> nacl_host_message_filter,
     const GURL& file_url,
     IPC::Message* reply_msg) {
   DCHECK(BrowserThread::GetBlockingPool()->RunsTasksOnCurrentThread());
 
   base::FilePath file_path;
   if (!nacl::NaClBrowser::GetDelegate()->MapUrlToLocalFilePath(
           file_url,
           true /* use_blocking_api */,
           nacl_host_message_filter->profile_directory(),
           &file_path)) {
     NotifyRendererOfError(nacl_host_message_filter.get(), reply_msg);
     return;
   }
 
-  base::File file = nacl::OpenNaClExecutableImpl(file_path);
+  base::File file = nacl::OpenNaClReadExecImpl(file_path,
+                                               true /* is_executable */);
   if (file.IsValid()) {
     // This function is running on the blocking pool, but the path needs to be
     // registered in a structure owned by the IO thread.
     BrowserThread::PostTask(
         BrowserThread::IO, FROM_HERE,
         base::Bind(
             &DoRegisterOpenedNaClExecutableFile,
             nacl_host_message_filter,
-            Passed(file.Pass()), file_path, reply_msg));
+            Passed(file.Pass()), file_path, reply_msg,
+            static_cast<WriteFileInfoReply>(
+                NaClHostMsg_OpenNaClExecutable::WriteReplyParams)));
   } else {
     NotifyRendererOfError(nacl_host_message_filter.get(), reply_msg);
     return;
   }
 }
 
 }  // namespace
 
 namespace nacl_file_host {
 
 void GetReadonlyPnaclFd(
     scoped_refptr<nacl::NaClHostMessageFilter> nacl_host_message_filter,
     const std::string& filename,
+    bool is_executable,
     IPC::Message* reply_msg) {
   if (!BrowserThread::PostBlockingPoolTask(
           FROM_HERE,
           base::Bind(&DoOpenPnaclFile,
                      nacl_host_message_filter,
                      filename,
+                     is_executable,
                      reply_msg))) {
     NotifyRendererOfError(nacl_host_message_filter.get(), reply_msg);
   }
 }
 
 // This function is security sensitive.  Be sure to check with a security
 // person before you modify it.
 bool PnaclCanOpenFile(const std::string& filename,

[jvoung (off chromium), 2014/06/27 22:46:28]

This attempts to only allow the file to have a-z, 0-9, and underscore, along
with a known prefix "pnacl_public_" and only if it's based within the PNaCl
component updater subdirectory, under user-data-dir.

                       base::FilePath* file_to_open) {
   if (filename.length() > kMaxFileLength)
     return false;
 
   if (filename.empty())
     return false;
 
   // Restrict character set of the file name to something really simple
   // (a-z, 0-9, and underscores).
   for (size_t i = 0; i < filename.length(); ++i) {
@@ skipping 56 matching lines @@
       FROM_HERE,
       base::Bind(
           &DoOpenNaClExecutableOnThreadPool,
           nacl_host_message_filter,
           file_url, reply_msg))) {
     NotifyRendererOfError(nacl_host_message_filter.get(), reply_msg);
   }
 }
 
 }  // namespace nacl_file_host