Non-SFI NaCl: Batch-open resource files

components/nacl/browser/nacl_host_message_filter.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/nacl/browser/nacl_host_message_filter.h"
 
 #include "base/sys_info.h"
 #include "components/nacl/browser/nacl_browser.h"
 #include "components/nacl/browser/nacl_file_host.h"
 #include "components/nacl/browser/nacl_process_host.h"
 #include "components/nacl/browser/pnacl_host.h"
 #include "components/nacl/common/nacl_host_messages.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/plugin_service.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/web_contents.h"
 #include "ipc/ipc_platform_file.h"
 #include "native_client/src/public/nacl_file_info.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_context_getter.h"
 #include "ppapi/shared_impl/ppapi_permissions.h"
 #include "url/gurl.h"
 
 namespace nacl {
 
 namespace {
 
+// The maximum number of resource file handles NaClProcessMsg_Start message
+// can have.
+// TODO(yusukes): Increase the number.
+const size_t kMaxPreOpenResourceFiles = 2;
+
 ppapi::PpapiPermissions GetNaClPermissions(
     uint32 permission_bits,
     content::BrowserContext* browser_context,
     const GURL& document_url) {
   // Only allow NaCl plugins to request certain permissions. We don't want
   // a compromised renderer to be able to start a nacl plugin with e.g. Flash
   // permissions which may expand the surface area of the sandbox.
   uint32 masked_bits = permission_bits & ppapi::PERMISSION_DEV;
   if (content::PluginService::GetInstance()->PpapiDevChannelSupported(
           browser_context, document_url))
@@ skipping 78 matching lines @@
 }
 
 void NaClHostMessageFilter::OnLaunchNaCl(
     const nacl::NaClLaunchParams& launch_params,
     IPC::Message* reply_msg) {
   // If we're running llc or ld for the PNaCl translator, we don't need to look
   // up permissions, and we don't have the right browser state to look up some
   // of the whitelisting parameters anyway.
   if (launch_params.process_type == kPNaClTranslatorProcessType) {
     uint32 perms = launch_params.permission_bits & ppapi::PERMISSION_DEV;
-    LaunchNaClContinuation(
+    LaunchNaClContinuationOnIOThread(
         launch_params,
         reply_msg,
+        std::vector<nacl::NaClResourceFileInfo>(),
         ppapi::PpapiPermissions(perms));
     return;
   }
-  content::BrowserThread::PostTaskAndReplyWithResult(
+  content::BrowserThread::PostTask(
       content::BrowserThread::UI,
       FROM_HERE,
-      base::Bind(&GetPpapiPermissions,
-                 launch_params.permission_bits,
-                 render_process_id_,
-                 launch_params.render_view_id),
       base::Bind(&NaClHostMessageFilter::LaunchNaClContinuation,
                  this,
                  launch_params,
                  reply_msg));
 }
 
 void NaClHostMessageFilter::LaunchNaClContinuation(
     const nacl::NaClLaunchParams& launch_params,
+    IPC::Message* reply_msg) {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+
+  ppapi::PpapiPermissions permissions =
+      GetPpapiPermissions(launch_params.permission_bits,
+                          render_process_id_,
+                          launch_params.render_view_id);
+
+  content::RenderViewHost* rvh = content::RenderViewHost::FromID(
+      render_process_id(), launch_params.render_view_id);
+  if (!rvh) {
+    BadMessageReceived();  // Kill the renderer.
+    return;
+  }
+
+  nacl::NaClLaunchParams safe_launch_params(launch_params);
+  safe_launch_params.resource_files_to_prefetch.clear();
+
+  content::SiteInstance* site_instance = rvh->GetSiteInstance();
+  for (size_t i = 0; i < launch_params.resource_files_to_prefetch.size(); ++i) {
+    GURL gurl(launch_params.resource_files_to_prefetch[i].first);
+    // IMPORTANT SECURITY CHECK: Do the same check as OpenNaClExecutable()
+    // in nacl_file_host.cc.
+    if (!content::SiteInstance::IsSameWebSite(
+            site_instance->GetBrowserContext(),
+            site_instance->GetSiteURL(),
+            gurl)) {
+      continue;
+    }
+    safe_launch_params.resource_files_to_prefetch.push_back(
+        launch_params.resource_files_to_prefetch[i]);
+  }
+
+  // Process a list of resource file URLs in
+  // |launch_params.resource_files_to_prefetch|.
+  content::BrowserThread::PostBlockingPoolTask(
+      FROM_HERE,
+      base::Bind(&NaClHostMessageFilter::BatchOpenResourceFiles,
+                 this,
+                 safe_launch_params,
+                 reply_msg,
+                 permissions));
+}
+
+void NaClHostMessageFilter::BatchOpenResourceFiles(
+    const nacl::NaClLaunchParams& launch_params,
     IPC::Message* reply_msg,
     ppapi::PpapiPermissions permissions) {
+  std::vector<nacl::NaClResourceFileInfo> prefetched_resource_files_info;
+  for (size_t i = 0; i < launch_params.resource_files_to_prefetch.size(); ++i) {
+    nacl::NaClResourceFileInfo prefetched_resource_file;
+    GURL gurl(launch_params.resource_files_to_prefetch[i].first);
+    if (!nacl::NaClBrowser::GetDelegate()->MapUrlToLocalFilePath(
+            gurl,
+            true,  // use_blocking_api
+            profile_directory_,
+            &prefetched_resource_file.file_path_metadata)) {
+      continue;
+    }
+    base::File file = nacl::OpenNaClReadExecImpl(
+        prefetched_resource_file.file_path_metadata,
+        true /* is_executable */);
+    if (!file.IsValid())
+      continue;
+
+    prefetched_resource_file.file =
+        IPC::TakeFileHandleForProcess(file.Pass(), PeerHandle());
+    prefetched_resource_file.file_key =
+        launch_params.resource_files_to_prefetch[i].second;
+
+    prefetched_resource_files_info.push_back(prefetched_resource_file);
+    if (prefetched_resource_files_info.size() >= kMaxPreOpenResourceFiles)
+      break;
+  }
+
+  content::BrowserThread::PostTask(
+      content::BrowserThread::IO,
+      FROM_HERE,
+      base::Bind(&NaClHostMessageFilter::LaunchNaClContinuationOnIOThread,
+                 this,
+                 launch_params,
+                 reply_msg,
+                 prefetched_resource_files_info,
+                 permissions));
+}
+
+void NaClHostMessageFilter::LaunchNaClContinuationOnIOThread(
+    const nacl::NaClLaunchParams& launch_params,
+    IPC::Message* reply_msg,
+    const std::vector<
+      nacl::NaClResourceFileInfo>& prefetched_resource_files_info,
+    ppapi::PpapiPermissions permissions) {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+
   NaClFileToken nexe_token = {
       launch_params.nexe_token_lo,  // lo
       launch_params.nexe_token_hi   // hi
   };
 
   base::PlatformFile nexe_file;
 #if defined(OS_WIN)
   // Duplicate the nexe file handle from the renderer process into the browser
   // process.
   if (!::DuplicateHandle(PeerHandle(),
@@ skipping 14 matching lines @@
   nexe_file =
       IPC::PlatformFileForTransitToPlatformFile(launch_params.nexe_file);
 #else
 #error Unsupported platform.
 #endif
 
   NaClProcessHost* host = new NaClProcessHost(
       GURL(launch_params.manifest_url),
       base::File(nexe_file),
       nexe_token,
+      prefetched_resource_files_info,
       permissions,
       launch_params.render_view_id,
       launch_params.permission_bits,
       launch_params.uses_nonsfi_mode,
       off_the_record_,
       launch_params.process_type,
       profile_directory_);
   GURL manifest_url(launch_params.manifest_url);
   base::FilePath manifest_path;
   // We're calling MapUrlToLocalFilePath with the non-blocking API
@@ skipping 103 matching lines @@
                                      reply_msg);
 }
 
 void NaClHostMessageFilter::OnNaClDebugEnabledForURL(const GURL& nmf_url,
                                                      bool* should_debug) {
   *should_debug =
       nacl::NaClBrowser::GetDelegate()->URLMatchesDebugPatterns(nmf_url);
 }
 
 }  // namespace nacl