Non-SFI Mode: Build ipc/ library by PNaCl toolchain for nacl_helper_nonsfi.

ipc/ipc_channel_posix.cc

Index: ipc/ipc_channel_posix.cc
diff --git a/ipc/ipc_channel_posix.cc b/ipc/ipc_channel_posix.cc
index 2dfd17e6730cbd305d7a2046def6d90276dea172..f5ac1e48fc6db7ff8bada9caf62d07b88dfaee2d 100644
--- a/ipc/ipc_channel_posix.cc
+++ b/ipc/ipc_channel_posix.cc
@@ -10,13 +10,16 @@
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/types.h>
-#include <sys/un.h>
 #include <unistd.h>
 
 #if defined(OS_OPENBSD)
 #include <sys/uio.h>
 #endif
 
+#if !defined(__native_client_nonsfi__)
+#include <sys/un.h>
+#endif
+
 #include <map>
 #include <string>
 
@@ -173,9 +176,9 @@ void Channel::NotifyProcessForkedForTesting() {
 
 //------------------------------------------------------------------------------
 
-#if defined(OS_LINUX)
+#if defined(OS_LINUX) || defined(__native_client_nonsfi__)
 int ChannelPosix::global_pid_ = 0;
-#endif  // OS_LINUX
+#endif
 
 ChannelPosix::ChannelPosix(const IPC::ChannelHandle& channel_handle,
                            Mode mode, Listener* listener)
@@ -255,6 +258,11 @@ bool ChannelPosix::CreatePipe(
     }
 #endif   // IPC_USES_READWRITE
   } else if (mode_ & MODE_NAMED_FLAG) {
+#if defined(__native_client_nonsfi__)
+    // IPC channels in nacl_helper_nonsfi should not be NAMED mode.

[Mark Seaborn, 2014/10/22 00:35:51]

Nit: "in NAMED mode"?

[hidehiko, 2014/10/22 13:31:05]

Done.

+    NOTREACHED();

[Mark Seaborn, 2014/10/22 00:35:51]

How about CHECK(false)?  NOTREACHED is a no-op in release builds.

[hidehiko, 2014/10/22 13:31:05]

Done. Replaced by LOG(FATAL).

+    return false;
+#else
     // Case 2 from comment above.
     int local_pipe_fd = -1;
 
@@ -276,6 +284,7 @@ bool ChannelPosix::CreatePipe(
     }
 
     local_pipe.reset(local_pipe_fd);
+#endif  // !defined(__native_client_nonsfi__)
   } else {
     local_pipe.reset(PipeMap::GetInstance()->Lookup(pipe_name_));
     if (mode_ & MODE_CLIENT_FLAG) {
@@ -336,10 +345,16 @@ bool ChannelPosix::CreatePipe(
   }
 #endif  // IPC_USES_READWRITE
 
-  if ((mode_ & MODE_SERVER_FLAG) && (mode_ & MODE_NAMED_FLAG))
+  if ((mode_ & MODE_SERVER_FLAG) && (mode_ & MODE_NAMED_FLAG)) {
+#if defined(__native_client_nonsfi__)
+    // IPC channels in nacl_helper_nonsfi should not be NAMED or SERVER mode.

[Mark Seaborn, 2014/10/22 00:35:51]

Nit: add "in", so "in NAMED or SERVER mode"?

[hidehiko, 2014/10/22 13:31:05]

Done.

+    NOTREACHED();

[Mark Seaborn, 2014/10/22 00:35:51]

Also CHECK(false)?  Same below...

It would be confusing for code paths to become no-ops that return success.

[hidehiko, 2014/10/22 13:31:06]

Done.

+#else
     server_listen_pipe_.reset(local_pipe.release());
-  else
+#endif
+  } else {
     pipe_.reset(local_pipe.release());
+  }
   return true;
 }
 
@@ -351,6 +366,10 @@ bool ChannelPosix::Connect() {
 
   bool did_connect = true;
   if (server_listen_pipe_.is_valid()) {
+#if defined(__native_client_nonsfi__)
+    // IPC channels in nacl_helper_nonsfi should always be client mode.
+    NOTREACHED();

[Mark Seaborn, 2014/10/22 00:35:51]

Also CHECK(false)?

Is Connect() used at all in nacl_helper_nonsfi?  If not, should the whole
function body have this #if?

[hidehiko, 2014/10/22 13:31:06]

Done.

Connect() is actually used from ChannelProxy, which is the based of SyncChannel
used from NonSfiListener and PPAPI IPC channel implementation.

+#else
     // Watch the pipe for connections, and turn any connections into
     // active sockets.
     base::MessageLoopForIO::current()->WatchFileDescriptor(
@@ -359,6 +378,7 @@ bool ChannelPosix::Connect() {
         base::MessageLoopForIO::WATCH_READ,
         &server_listen_connection_watcher_,
         this);
+#endif
   } else {
     did_connect = AcceptConnection();
   }
@@ -581,10 +601,13 @@ bool ChannelPosix::HasAcceptedConnection() const {
   return AcceptsConnections() && pipe_.is_valid();
 }
 
+#if !defined(__native_client_nonsfi__)
+// GetPeerEuid is not supported in nacl_helper_nonsfi.
 bool ChannelPosix::GetPeerEuid(uid_t* peer_euid) const {
   DCHECK(!(mode_ & MODE_SERVER) || HasAcceptedConnection());
   return IPC::GetPeerEuid(pipe_.get(), peer_euid);
 }
+#endif
 
 void ChannelPosix::ResetToAcceptingConnectionState() {
   // Unregister libevent for the unix domain socket and close it.
@@ -623,16 +646,20 @@ bool ChannelPosix::IsNamedServerInitialized(
   return base::PathExists(base::FilePath(channel_id));
 }
 
-#if defined(OS_LINUX)
+#if defined(OS_LINUX) || defined(__native_client_nonsfi__)

[Mark Seaborn, 2014/10/22 00:35:51]

Do we really need SetGlobalPid()?  It would be better if the sandboxed process
does not know its own PID.  Currently we disable getpid().

Does nacl_helper currently initialise global_pid_ before enabling the sandbox?

What does this PID value get used for?  Do the renderer/browser processes
complain if the Non-SFI process doesn't know its own PID?

[hidehiko, 2014/10/22 13:31:05]

We need "something" non-null PID for Hello message. It is used in host process's
ChanneProxy to check if the connection is actually established.

Current nacl_helper does not use global_pid, but getpid() (in libc) seems to
cache the pid, so that it works now.
Actually, invocation of getpid() in NonSfiListener::OnStart does not crash,
although it is not allowed in nonsfi_sandbox.

I'm planning to use SetGlobalPid() in nacl_helper_linux, regardless of whether
it is for nacl_helper or nacl_helper_nonsfi, in a following CL.

[Mark Seaborn, 2014/10/23 03:33:48]

Ah, you mean the "peer_pid_ == base::kNullProcessId" checks in OnAddFilter() and
OnRemoveFilter()?

Is the PID value passed into any place where its actual numeric value matters? 
I am doubtful that it is really needed.

Maybe (in a future change) you could pass a dummy value, like -1, for the PID? 
(We could use 1, but it's less good as a dummy value since it is a valid process
ID.)

 // static
 void ChannelPosix::SetGlobalPid(int pid) {
   global_pid_ = pid;
 }
-#endif  // OS_LINUX
+#endif
 
 // Called by libevent when we can read from the pipe without blocking.
 void ChannelPosix::OnFileCanReadWithoutBlocking(int fd) {
   if (fd == server_listen_pipe_.get()) {
+#if defined(__native_client_nonsfi__)
+    // IPC channels in nacl_helper_nonsfi should not be SERVER mode.
+    NOTREACHED();
+#else
     int new_pipe = 0;
     if (!ServerAcceptConnection(server_listen_pipe_.get(), &new_pipe) ||
         new_pipe < 0) {
@@ -671,6 +698,7 @@ void ChannelPosix::OnFileCanReadWithoutBlocking(int fd) {
       NOTREACHED() << "AcceptConnection should not fail on server";
     }
     waiting_connect_ = false;
+#endif
   } else if (fd == pipe_) {
     if (waiting_connect_ && (mode_ & MODE_SERVER_FLAG)) {
       waiting_connect_ = false;
@@ -744,14 +772,24 @@ void ChannelPosix::ClosePipeOnError() {
 }
 
 int ChannelPosix::GetHelloMessageProcId() const {
-  int pid = base::GetCurrentProcId();
-#if defined(OS_LINUX)
   // Our process may be in a sandbox with a separate PID namespace.
+#if defined(__native_client_nonsfi__)
+  // In nacl_helper_nonsfi, our process should be always in the sandbox, unless
+  // --no-sandbox is set. In such a situation, calling GetCurrentProcId()
+  // would hit the sandbox restriction. global_pid_ should be initialize at
+  // the very beginning of the nacl_helper_nonsfi, regardless of the
+  // --no-sandbox flag.
+  CHECK(global_pid_);
+  return global_pid_;
+#else
+#if defined(OS_LINUX)
   if (global_pid_) {
-    pid = global_pid_;
+    return global_pid_;
   }
-#endif
-  return pid;
+  // Fall through to below.
+#endif  // defined(OS_LINUX)
+  return base::GetCurrentProcId();
+#endif  // defined(__native_client_nonsfi__)
 }
 
 void ChannelPosix::QueueHelloMessage() {
@@ -923,11 +961,15 @@ bool ChannelPosix::ExtractFileDescriptorsFromMsghdr(msghdr* msg) {
                         file_descriptors,
                         file_descriptors + num_file_descriptors);
 
+#if !defined(__native_client_nonsfi__)
+      // The PNaCl toolchain for Non-SFI binary build does not support
+      // MSG_CTRUNC.
       // Check this after adding the FDs so we don't leak them.
       if (msg->msg_flags & MSG_CTRUNC) {
         ClearInputFDs();
         return false;
       }
+#endif
 
       return true;
     }
@@ -1032,9 +1074,14 @@ void ChannelPosix::Close() {
   }
 
   if (server_listen_pipe_.is_valid()) {
+#if defined(__native_client_nonsfi__)
+    // IPC channels in nacl_helper_nonsfi should not be SERVER mode.
+    NOTREACHED();
+#else
     server_listen_pipe_.reset();
     // Unregister libevent for the listening socket and close it.
     server_listen_connection_watcher_.StopWatchingFileDescriptor();
+#endif
   }
 
   CloseClientFileDescriptor();
@@ -1075,11 +1122,11 @@ bool Channel::IsNamedServerInitialized(
   return ChannelPosix::IsNamedServerInitialized(channel_id);
 }
 
-#if defined(OS_LINUX)
+#if defined(OS_LINUX) || defined(__native_client_nonsfi__)
 // static
 void Channel::SetGlobalPid(int pid) {
   ChannelPosix::SetGlobalPid(pid);
 }
-#endif  // OS_LINUX
+#endif
 
 }  // namespace IPC