File: nacl_process_host.h

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (226 lines) | stat: -rw-r--r-- 8,369 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
 
// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef COMPONENTS_NACL_BROWSER_NACL_PROCESS_HOST_H_
#define COMPONENTS_NACL_BROWSER_NACL_PROCESS_HOST_H_

#include "base/memory/raw_ptr.h"
#include "build/build_config.h"

#include <stddef.h>
#include <stdint.h>

#include <vector>

#include "base/files/file.h"
#include "base/files/file_path.h"
#include "base/memory/read_only_shared_memory_region.h"
#include "base/memory/ref_counted.h"
#include "base/memory/weak_ptr.h"
#include "base/process/process.h"
#include "components/nacl/common/nacl_types.h"
#include "content/public/browser/browser_child_process_host_delegate.h"
#include "content/public/browser/browser_child_process_host_iterator.h"
#include "ipc/ipc_channel_handle.h"
#include "net/socket/socket_descriptor.h"
#include "ppapi/shared_impl/ppapi_permissions.h"
#include "url/gurl.h"

namespace content {
class BrowserChildProcessHost;
class BrowserPpapiHost;
}

namespace IPC {
class ChannelProxy;
}

namespace nacl {

// NaClFileToken is a single-use nonce that the NaCl loader process can use
// to query the browser process for trusted information about a file.  This
// helps establish that the file is known by the browser to be immutable
// and suitable for file-identity-based validation caching.  lo == 0 && hi
// == 0 indicates the token is invalid and no additional information is
// available.
struct NaClFileToken {
  uint64_t lo;
  uint64_t hi;
};

class NaClHostMessageFilter;
void* AllocateAddressSpaceASLR(base::ProcessHandle process, size_t size);

// Represents the browser side of the browser <--> NaCl communication
// channel. There will be one NaClProcessHost per NaCl process
// The browser is responsible for starting the NaCl process
// when requested by the renderer.
// After that, most of the communication is directly between NaCl plugin
// running in the renderer and NaCl processes.
class NaClProcessHost : public content::BrowserChildProcessHostDelegate {
 public:
  // manifest_url: the URL of the manifest of the Native Client plugin being
  // executed.
  // nexe_file: A file that corresponds to the nexe module to be loaded.
  // nexe_token: A cache validation token for nexe_file.
  // prefetched_resource_files_info: An array of resource files prefetched.
  // permissions: PPAPI permissions, to control access to private APIs.
  // permission_bits: controls which interfaces the NaCl plugin can use.
  // off_the_record: was the process launched from an incognito renderer?
  // process_type: the type of NaCl process.
  // profile_directory: is the path of current profile directory.
  NaClProcessHost(
      const GURL& manifest_url,
      base::File nexe_file,
      const NaClFileToken& nexe_token,
      const std::vector<NaClResourcePrefetchResult>& prefetched_resource_files,
      ppapi::PpapiPermissions permissions,
      uint32_t permission_bits,
      bool off_the_record,
      NaClAppProcessType process_type,
      const base::FilePath& profile_directory);

  NaClProcessHost(const NaClProcessHost&) = delete;
  NaClProcessHost& operator=(const NaClProcessHost&) = delete;

  ~NaClProcessHost() override;

  void OnProcessCrashed(int exit_status) override;

  // Do any minimal work that must be done at browser startup.
  static void EarlyStartup();

  // Specifies throttling time in milliseconds for PpapiHostMsg_Keepalive IPCs.
  static void SetPpapiKeepAliveThrottleForTesting(unsigned milliseconds);

  // Initialize the new NaCl process. Result is returned by sending ipc
  // message reply_msg.
  void Launch(NaClHostMessageFilter* nacl_host_message_filter,
              IPC::Message* reply_msg,
              const base::FilePath& manifest_path);

  void OnChannelConnected(int32_t peer_pid) override;

  bool Send(IPC::Message* msg);

  content::BrowserChildProcessHost* process() { return process_.get(); }
  content::BrowserPpapiHost* browser_ppapi_host() { return ppapi_host_.get(); }

 private:
  void LaunchNaClGdb();

  // Mark the process as using a particular GDB debug stub port and notify
  // listeners (if the port is not kGdbDebugStubPortUnknown).
  void SetDebugStubPort(int port);

#if BUILDFLAG(IS_POSIX)
  // Create bound TCP socket in the browser process so that the NaCl GDB debug
  // stub can use it to accept incoming connections even when the Chrome sandbox
  // is enabled.
  net::SocketDescriptor GetDebugStubSocketHandle();
#endif

  bool LaunchSelLdr();

  // BrowserChildProcessHostDelegate implementation:
  bool OnMessageReceived(const IPC::Message& msg) override;
  void OnProcessLaunched() override;

  void OnResourcesReady();

  // Sends the reply message to the renderer who is waiting for the plugin
  // to load. Returns true on success.
  void ReplyToRenderer(
      mojo::ScopedMessagePipeHandle ppapi_channel_handle,
      mojo::ScopedMessagePipeHandle trusted_channel_handle,
      mojo::ScopedMessagePipeHandle manifest_service_channel_handle,
      base::ReadOnlySharedMemoryRegion crash_info_shmem_region);

  // Sends the reply with error message to the renderer.
  void SendErrorToRenderer(const std::string& error_message);

  // Sends the reply message to the renderer. Either result or
  // error message must be empty.
  void SendMessageToRenderer(const NaClLaunchResult& result,
                             const std::string& error_message);

  // Sends the message to the NaCl process to load the plugin. Returns true
  // on success.
  bool StartNaClExecution();

  void StartNaClFileResolved(
      NaClStartParams params,
      const base::FilePath& file_path,
      base::File nexe_file);

  // Starts browser PPAPI proxy. Returns true on success.
  bool StartPPAPIProxy(mojo::ScopedMessagePipeHandle channel_handle);

  // Does post-process-launching tasks for starting the NaCl process once
  // we have a connection.
  //
  // Returns false on failure.
  bool StartWithLaunchedProcess();

  // Message handlers for validation caching.
  void OnQueryKnownToValidate(const std::string& signature, bool* result);
  void OnSetKnownToValidate(const std::string& signature);
  void OnResolveFileToken(uint64_t file_token_lo, uint64_t file_token_hi);
  void FileResolved(uint64_t file_token_lo,
                    uint64_t file_token_hi,
                    const base::FilePath& file_path,
                    base::File file);

  // Called when the PPAPI IPC channels to the browser/renderer have been
  // created.
  void OnPpapiChannelsCreated(
      const IPC::ChannelHandle& ppapi_browser_channel_handle,
      const IPC::ChannelHandle& ppapi_renderer_channel_handle,
      const IPC::ChannelHandle& trusted_renderer_channel_handle,
      const IPC::ChannelHandle& manifest_service_channel_handle,
      base::ReadOnlySharedMemoryRegion crash_info_shmem_region);

  GURL manifest_url_;
  base::File nexe_file_;
  NaClFileToken nexe_token_;
  std::vector<NaClResourcePrefetchResult> prefetched_resource_files_;

  ppapi::PpapiPermissions permissions_;

  // The NaClHostMessageFilter that requested this NaCl process.  We use
  // this for sending the reply once the process has started.
  scoped_refptr<NaClHostMessageFilter> nacl_host_message_filter_;

  // The reply message to send. We must always send this message when the
  // sub-process either succeeds or fails to unblock the renderer waiting for
  // the reply. NULL when there is no reply to send.
  raw_ptr<IPC::Message, AcrossTasksDanglingUntriaged> reply_msg_;

  // The file path to the manifest is passed to nacl-gdb when it is used to
  // debug the NaCl loader.
  base::FilePath manifest_path_;

  std::unique_ptr<content::BrowserChildProcessHost> process_;

  bool enable_debug_stub_;
  bool enable_crash_throttling_;
  bool off_the_record_;
  NaClAppProcessType process_type_;

  const base::FilePath profile_directory_;

  // Channel proxy to terminate the NaCl-Browser PPAPI channel.
  std::unique_ptr<IPC::ChannelProxy> ipc_proxy_channel_;
  // Browser host for plugin process.
  std::unique_ptr<content::BrowserPpapiHost> ppapi_host_;

  // Throttling time in milliseconds for PpapiHostMsg_Keepalive IPCs.
  static unsigned keepalive_throttle_interval_milliseconds_;

  base::WeakPtrFactory<NaClProcessHost> weak_factory_{this};
};

}  // namespace nacl

#endif  // COMPONENTS_NACL_BROWSER_NACL_PROCESS_HOST_H_