Non-SFI NaCl: Batch-open resource files

components/nacl/browser/nacl_file_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/nacl/browser/nacl_file_host.h"
 
 #include "base/bind.h"
 #include "base/files/file.h"
 #include "base/files/file_path.h"
 #include "base/files/file_util.h"
 #include "base/path_service.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/threading/sequenced_worker_pool.h"
 #include "components/nacl/browser/nacl_browser.h"
 #include "components/nacl/browser/nacl_browser_delegate.h"
 #include "components/nacl/browser/nacl_host_message_filter.h"
 #include "components/nacl/common/nacl_host_messages.h"
+#include "components/nacl/common/nacl_types.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/site_instance.h"
 #include "ipc/ipc_platform_file.h"
 
 using content::BrowserThread;
 
 namespace {
 
 // Force a prefix to prevent user from opening "magic" files.
 const char* kExpectedFilePrefix = "pnacl_public_";
 
 // Restrict PNaCl file lengths to reduce likelyhood of hitting bugs
 // in file name limit error-handling-code-paths, etc.
 const size_t kMaxFileLength = 40;
 
 void NotifyRendererOfError(
     nacl::NaClHostMessageFilter* nacl_host_message_filter,
     IPC::Message* reply_msg) {
   reply_msg->set_reply_error();
   nacl_host_message_filter->Send(reply_msg);
 }
 
+typedef void (*WriteFileInfoReplyPnacl)(IPC::Message* reply_msg,
+                                        IPC::PlatformFileForTransit file_desc,
+                                        uint64 file_token_lo,
+                                        uint64 file_token_hi);
+
+void DoRegisterOpenedNaClExecutableFilePnacl(
+    scoped_refptr<nacl::NaClHostMessageFilter> nacl_host_message_filter,
+    base::File file,
+    base::FilePath file_path,
+    IPC::Message* reply_msg,
+    WriteFileInfoReplyPnacl write_reply_message) {
+  // IO thread owns the NaClBrowser singleton.
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+
+  nacl::NaClBrowser* nacl_browser = nacl::NaClBrowser::GetInstance();
+  uint64 file_token_lo = 0;
+  uint64 file_token_hi = 0;
+  nacl_browser->PutFilePath(file_path, &file_token_lo, &file_token_hi);
+
+  IPC::PlatformFileForTransit file_desc = IPC::TakeFileHandleForProcess(
+      file.Pass(), nacl_host_message_filter->PeerHandle());
+
+  write_reply_message(reply_msg, file_desc, file_token_lo, file_token_hi);
+  nacl_host_message_filter->Send(reply_msg);
+}
+
 typedef void (*WriteFileInfoReply)(IPC::Message* reply_msg,
-                                   IPC::PlatformFileForTransit file_desc,
-                                   uint64 file_token_lo,
-                                   uint64 file_token_hi);
+                                   nacl::NaClOpenExecutableResult open_result);
 
 void DoRegisterOpenedNaClExecutableFile(
     scoped_refptr<nacl::NaClHostMessageFilter> nacl_host_message_filter,
     base::File file,
     base::FilePath file_path,
+    scoped_ptr<base::File[]> resource_files,
+    const std::vector<base::FilePath>& resource_file_paths,
     IPC::Message* reply_msg,
     WriteFileInfoReply write_reply_message) {
   // IO thread owns the NaClBrowser singleton.
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
 
   nacl::NaClBrowser* nacl_browser = nacl::NaClBrowser::GetInstance();
   uint64 file_token_lo = 0;
   uint64 file_token_hi = 0;
   nacl_browser->PutFilePath(file_path, &file_token_lo, &file_token_hi);
 
   IPC::PlatformFileForTransit file_desc = IPC::TakeFileHandleForProcess(
       file.Pass(),
       nacl_host_message_filter->PeerHandle());
 
-  write_reply_message(reply_msg, file_desc, file_token_lo, file_token_hi);
+  std::vector<IPC::PlatformFileForTransit> resource_file_handles;
+  std::vector<std::pair<uint64, uint64> > resource_file_tokens;

[teravest, 2014/10/24 16:18:06]

Why are you using a pair of uint64 here instead of NaClFileToken?

[Yusuke Sato, 2014/11/04 22:50:21]

Stopped using a pair and switched to a struct following your suggestion in other
file. I think we can't use NaClFileToken in nacl::NaClOpenExecutableResult since
we can't use the type in component/nacl/common/.

+  for (size_t i = 0; i < resource_file_paths.size(); ++i) {
+    uint64 resource_file_token_lo = 0;
+    uint64 resource_file_token_hi = 0;
+    nacl_browser->PutFilePath(resource_file_paths[i],
+                              &resource_file_token_lo,
+                              &resource_file_token_hi);
+    resource_file_handles.push_back(IPC::TakeFileHandleForProcess(
+        resource_files[i].Pass(), nacl_host_message_filter->PeerHandle()));
+    resource_file_tokens.push_back(std::make_pair(resource_file_token_lo,
+                                                  resource_file_token_hi));
+  }
+
+  write_reply_message(reply_msg,
+                      nacl::NaClOpenExecutableResult(file_desc,
+                                                     file_token_lo,
+                                                     file_token_hi,
+                                                     resource_file_handles,
+                                                     resource_file_tokens));
   nacl_host_message_filter->Send(reply_msg);
 }
 
 void DoOpenPnaclFile(
     scoped_refptr<nacl::NaClHostMessageFilter> nacl_host_message_filter,
     const std::string& filename,
     bool is_executable,
     IPC::Message* reply_msg) {
   DCHECK(BrowserThread::GetBlockingPool()->RunsTasksOnCurrentThread());
   base::FilePath full_filepath;
@@ skipping 19 matching lines @@
     return;
   }
 
   // This function is running on the blocking pool, but the path needs to be
   // registered in a structure owned by the IO thread.
   // Not all PNaCl files are executable. Only register those that are
   // executable in the NaCl file_path cache.
   if (is_executable) {
     BrowserThread::PostTask(
         BrowserThread::IO, FROM_HERE,
-        base::Bind(&DoRegisterOpenedNaClExecutableFile,
+        base::Bind(&DoRegisterOpenedNaClExecutableFilePnacl,
                    nacl_host_message_filter,
                    Passed(file_to_open.Pass()), full_filepath, reply_msg,
-                   static_cast<WriteFileInfoReply>(
+                   static_cast<WriteFileInfoReplyPnacl>(
                        NaClHostMsg_GetReadonlyPnaclFD::WriteReplyParams)));
   } else {
     IPC::PlatformFileForTransit target_desc =
         IPC::TakeFileHandleForProcess(file_to_open.Pass(),
                                       nacl_host_message_filter->PeerHandle());
     uint64_t dummy_file_token = 0;
     NaClHostMsg_GetReadonlyPnaclFD::WriteReplyParams(
         reply_msg, target_desc, dummy_file_token, dummy_file_token);
     nacl_host_message_filter->Send(reply_msg);
   }
 }
 
 // Convert the file URL into a file descriptor.
 // This function is security sensitive.  Be sure to check with a security
 // person before you modify it.
 void DoOpenNaClExecutableOnThreadPool(
     scoped_refptr<nacl::NaClHostMessageFilter> nacl_host_message_filter,
     const GURL& file_url,
+    const std::vector<GURL>& resource_urls,
     IPC::Message* reply_msg) {
   DCHECK(BrowserThread::GetBlockingPool()->RunsTasksOnCurrentThread());
 
   base::FilePath file_path;
   if (!nacl::NaClBrowser::GetDelegate()->MapUrlToLocalFilePath(
           file_url,
           true /* use_blocking_api */,
           nacl_host_message_filter->profile_directory(),
           &file_path)) {
     NotifyRendererOfError(nacl_host_message_filter.get(), reply_msg);
     return;
   }
 
   base::File file = nacl::OpenNaClReadExecImpl(file_path,
                                                true /* is_executable */);
-  if (file.IsValid()) {
-    // This function is running on the blocking pool, but the path needs to be
-    // registered in a structure owned by the IO thread.
-    BrowserThread::PostTask(
-        BrowserThread::IO, FROM_HERE,
-        base::Bind(
-            &DoRegisterOpenedNaClExecutableFile,
-            nacl_host_message_filter,
-            Passed(file.Pass()), file_path, reply_msg,
-            static_cast<WriteFileInfoReply>(
-                NaClHostMsg_OpenNaClExecutable::WriteReplyParams)));
-  } else {
+  if (!file.IsValid()) {
     NotifyRendererOfError(nacl_host_message_filter.get(), reply_msg);
     return;
   }
+
+  scoped_ptr<base::File[]> resource_files;

[teravest, 2014/10/24 16:18:05]

nit: Why not just do the following?
  scoped_ptr<base::File[]> resource_files(new base::File[resource_urls.size()]);

[Yusuke Sato, 2014/11/04 22:50:21]

This is because resource_urls can be empty (eg. when the nacl executable is not
a non-SFI one) and I didn't want to call 'new base::File[0]'.

+  if (!resource_urls.empty())
+    resource_files.reset(new base::File[resource_urls.size()]);
+  std::vector<base::FilePath> resource_file_paths(resource_urls.size());
+
+  for (size_t i = 0; i < resource_urls.size(); ++i) {
+    if (!nacl::NaClBrowser::GetDelegate()->MapUrlToLocalFilePath(
+            resource_urls[i],
+            true /* use_blocking_api */,
+            nacl_host_message_filter->profile_directory(),
+            &resource_file_paths[i])) {
+      NotifyRendererOfError(nacl_host_message_filter.get(), reply_msg);
+      return;
+    }
+    resource_files[i] = nacl::OpenNaClReadExecImpl(resource_file_paths[i],
+                                                   true /* is_executable */);
+    if (!resource_files[i].IsValid()) {
+      NotifyRendererOfError(nacl_host_message_filter.get(), reply_msg);
+      return;
+    }
+  }
+
+  // This function is running on the blocking pool, but the path needs to be
+  // registered in a structure owned by the IO thread.
+  BrowserThread::PostTask(
+      BrowserThread::IO,
+      FROM_HERE,
+      base::Bind(&DoRegisterOpenedNaClExecutableFile,
+                 nacl_host_message_filter,
+                 Passed(file.Pass()),
+                 file_path,
+                 Passed(resource_files.Pass()),
+                 resource_file_paths,
+                 reply_msg,
+                 static_cast<WriteFileInfoReply>(
+                     NaClHostMsg_OpenNaClExecutable::WriteReplyParams)));
 }
 
 }  // namespace
 
 namespace nacl_file_host {
 
 void GetReadonlyPnaclFd(
     scoped_refptr<nacl::NaClHostMessageFilter> nacl_host_message_filter,
     const std::string& filename,
     bool is_executable,
@@ skipping 39 matching lines @@
   base::FilePath full_path = pnacl_dir.AppendASCII(
       std::string(kExpectedFilePrefix) + filename);
   *file_to_open = full_path;
   return true;
 }
 
 void OpenNaClExecutable(
     scoped_refptr<nacl::NaClHostMessageFilter> nacl_host_message_filter,
     int render_view_id,
     const GURL& file_url,
+    const std::vector<GURL>& resource_urls,
     IPC::Message* reply_msg) {
   if (!BrowserThread::CurrentlyOn(BrowserThread::UI)) {
     BrowserThread::PostTask(
         BrowserThread::UI, FROM_HERE,
         base::Bind(
             &OpenNaClExecutable,
             nacl_host_message_filter,
-            render_view_id, file_url, reply_msg));
+            render_view_id, file_url, resource_urls, reply_msg));
     return;
   }
 
   // Make sure render_view_id is valid and that the URL is a part of the
   // render view's site. Without these checks, apps could probe the extension
   // directory or run NaCl code from other extensions.
   content::RenderViewHost* rvh = content::RenderViewHost::FromID(
       nacl_host_message_filter->render_process_id(), render_view_id);
   if (!rvh) {
     nacl_host_message_filter->BadMessageReceived();  // Kill the renderer.
     return;
   }
   content::SiteInstance* site_instance = rvh->GetSiteInstance();
   if (!content::SiteInstance::IsSameWebSite(site_instance->GetBrowserContext(),
                                             site_instance->GetSiteURL(),
                                             file_url)) {
     NotifyRendererOfError(nacl_host_message_filter.get(), reply_msg);
     return;
   }
 
+  for (size_t i = 0; i < resource_urls.size(); ++i) {
+    if (!content::SiteInstance::IsSameWebSite(
+            site_instance->GetBrowserContext(),
+            site_instance->GetSiteURL(),
+            resource_urls[i])) {
+      NotifyRendererOfError(nacl_host_message_filter.get(), reply_msg);
+      return;
+    }
+  }
+
   // The URL is part of the current app. Now query the extension system for the
   // file path and convert that to a file descriptor. This should be done on a
   // blocking pool thread.
   if (!BrowserThread::PostBlockingPoolTask(
       FROM_HERE,
       base::Bind(
           &DoOpenNaClExecutableOnThreadPool,
           nacl_host_message_filter,
-          file_url, reply_msg))) {
+          file_url, resource_urls, reply_msg))) {
     NotifyRendererOfError(nacl_host_message_filter.get(), reply_msg);
   }
 }
 
 }  // namespace nacl_file_host