components/nacl/loader/nacl_ipc_adapter.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_NACL_NACL_IPC_ADAPTER_H_
   6 #define CHROME_NACL_NACL_IPC_ADAPTER_H_
   7
   8 #include <map>
   9 #include <queue>
  10 #include <string>
  11 #include <vector>
  12
  13 #include "base/basictypes.h"
  14 #include "base/callback.h"
  15 #include "base/files/scoped_file.h"
  16 #include "base/memory/ref_counted.h"
  17 #include "base/memory/scoped_ptr.h"
  18 #include "base/memory/scoped_vector.h"
  19 #include "base/memory/shared_memory.h"
  20 #include "base/pickle.h"
  21 #include "base/synchronization/condition_variable.h"
  22 #include "base/synchronization/lock.h"
  23 #include "base/task_runner.h"
  24 #include "ipc/ipc_listener.h"
  25 #include "ipc/ipc_platform_file.h"
  26 #include "ppapi/c/pp_stdint.h"
  27 #include "ppapi/proxy/nacl_message_scanner.h"
  28
  29 struct NaClDesc;
  30 struct NaClImcTypedMsgHdr;
  31 struct PP_Size;
  32
  33 namespace IPC {
  34 class Channel;
  35 struct ChannelHandle;
  36 }
  37
  38 namespace ppapi {
  39 class HostResource;
  40 }
  41
  42 // Adapts a Chrome IPC channel to an IPC channel that we expose to Native
  43 // Client. This provides a mapping in both directions, so when IPC messages
  44 // come in from another process, we rewrite them and allow them to be received
  45 // via a recvmsg-like interface in the NaCl code. When NaCl code calls sendmsg,
  46 // we implement that as sending IPC messages on the channel.
  47 //
  48 // This object also provides the necessary logic for rewriting IPC messages.
  49 // NaCl code is platform-independent and runs in a Posix-like enviroment, but
  50 // some formatting in the message and the way handles are transferred varies
  51 // by platform. This class bridges that gap to provide what looks like a
  52 // normal platform-specific IPC implementation to Chrome, and a Posix-like
  53 // version on every platform to NaCl.
  54 //
  55 // This object must be threadsafe since the nacl environment determines which
  56 // thread every function is called on.
  57 class NaClIPCAdapter : public base::RefCountedThreadSafe<NaClIPCAdapter>,
  58                        public IPC::Listener {
  59  public:
  60   // Chrome's IPC message format varies by platform, NaCl's does not. In
  61   // particular, the header has some extra fields on Posix platforms. Since
  62   // NaCl is a Posix environment, it gets that version of the header. This
  63   // header is duplicated here so we have a cross-platform definition of the
  64   // header we're exposing to NaCl.
  65 #pragma pack(push, 4)
  66   struct NaClMessageHeader : public base::Pickle::Header {
  67     int32 routing;
  68     uint32 type;
  69     uint32 flags;
  70     uint16 num_fds;
  71     uint16 pad;
  72   };
  73 #pragma pack(pop)
  74
  75   typedef base::Callback<void(IPC::PlatformFileForTransit, base::FilePath)>
  76       ResolveFileTokenReplyCallback;
  77
  78   typedef base::Callback<void(uint64_t,  // file_token_lo
  79                               uint64_t,  // file_token_hi
  80                               ResolveFileTokenReplyCallback)>
  81       ResolveFileTokenCallback;
  82
  83   typedef base::Callback<void(const IPC::Message&,
  84                               IPC::PlatformFileForTransit,
  85                               base::FilePath)> OpenResourceReplyCallback;
  86
  87   typedef base::Callback<bool(const IPC::Message&,
  88                               const std::string&,  // key
  89                               OpenResourceReplyCallback)> OpenResourceCallback;
  90
  91   // Creates an adapter, using the thread associated with the given task
  92   // runner for posting messages. In normal use, the task runner will post to
  93   // the I/O thread of the process.
  94   //
  95   // If you use this constructor, you MUST call ConnectChannel after the
  96   // NaClIPCAdapter is constructed, or the NaClIPCAdapter's channel will not be
  97   // connected.
  98   //
  99   // |resolve_file_token_cb| is an optional callback to be invoked for
 100   // resolving file tokens received from the renderer. When the file token
 101   // is resolved, the ResolveFileTokenReplyCallback passed inside the
 102   // ResolveFileTokenCallback will be invoked. |open_resource_cb| is also an
 103   // optional callback to be invoked for intercepting open_resource IRT calls.
 104   // |open_resource_cb| may immediately call a OpenResourceReplyCallback
 105   // function to send a pre-opened resource descriptor to the untrusted side.
 106   // OpenResourceCallback returns true when OpenResourceReplyCallback is called.
 107   NaClIPCAdapter(
 108       const IPC::ChannelHandle& handle,
 109       base::TaskRunner* runner,
 110       ResolveFileTokenCallback resolve_file_token_cb,
 111       OpenResourceCallback open_resource_cb);
 112
 113   // Initializes with a given channel that's already created for testing
 114   // purposes. This function will take ownership of the given channel.
 115   NaClIPCAdapter(scoped_ptr<IPC::Channel> channel, base::TaskRunner* runner);
 116
 117   // Connect the channel. This must be called after the constructor that accepts
 118   // an IPC::ChannelHandle, and causes the Channel to be connected on the IO
 119   // thread.
 120   void ConnectChannel();
 121
 122   // Implementation of sendmsg. Returns the number of bytes written or -1 on
 123   // failure.
 124   int Send(const NaClImcTypedMsgHdr* msg);
 125
 126   // Implementation of recvmsg. Returns the number of bytes read or -1 on
 127   // failure. This will block until there's an error or there is data to
 128   // read.
 129   int BlockingReceive(NaClImcTypedMsgHdr* msg);
 130
 131   // Closes the IPC channel.
 132   void CloseChannel();
 133
 134   // Make a NaClDesc that refers to this NaClIPCAdapter. Note that the returned
 135   // NaClDesc is reference-counted, and a reference is returned.
 136   NaClDesc* MakeNaClDesc();
 137
 138 #if defined(OS_POSIX)
 139   base::ScopedFD TakeClientFileDescriptor();
 140 #endif
 141
 142   // Listener implementation.
 143   bool OnMessageReceived(const IPC::Message& message) override;
 144   void OnChannelConnected(int32 peer_pid) override;
 145   void OnChannelError() override;
 146
 147  private:
 148   friend class base::RefCountedThreadSafe<NaClIPCAdapter>;
 149
 150   class RewrittenMessage;
 151
 152   // This is the data that must only be accessed inside the lock. This struct
 153   // just separates it so it's easier to see.
 154   struct LockedData {
 155     LockedData();
 156     ~LockedData();
 157
 158     // Messages that we have read off of the Chrome IPC channel that are waiting
 159     // to be received by the plugin.
 160     std::queue< scoped_refptr<RewrittenMessage> > to_be_received_;
 161
 162     ppapi::proxy::NaClMessageScanner nacl_msg_scanner_;
 163
 164     // Data that we've queued from the plugin to send, but doesn't consist of a
 165     // full message yet. The calling code can break apart the message into
 166     // smaller pieces, and we need to send the message to the other process in
 167     // one chunk.
 168     //
 169     // The IPC channel always starts a new send() at the beginning of each
 170     // message, so we don't need to worry about arbitrary message boundaries.
 171     std::string to_be_sent_;
 172
 173     bool channel_closed_;
 174   };
 175
 176   // This is the data that must only be accessed on the I/O thread (as defined
 177   // by TaskRunner). This struct just separates it so it's easier to see.
 178   struct IOThreadData {
 179     IOThreadData();
 180     ~IOThreadData();
 181
 182     scoped_ptr<IPC::Channel> channel_;
 183
 184     // When we send a synchronous message (from untrusted to trusted), we store
 185     // its type here, so that later we can associate the reply with its type
 186     // for scanning.
 187     typedef std::map<int, uint32> PendingSyncMsgMap;
 188     PendingSyncMsgMap pending_sync_msgs_;
 189   };
 190
 191   ~NaClIPCAdapter() override;
 192
 193   void SaveOpenResourceMessage(const IPC::Message& orig_msg,
 194                                IPC::PlatformFileForTransit ipc_fd,
 195                                base::FilePath file_path);
 196
 197   bool RewriteMessage(const IPC::Message& msg, uint32_t type);
 198
 199   // Returns 0 if nothing is waiting.
 200   int LockedReceive(NaClImcTypedMsgHdr* msg);
 201
 202   // Sends a message that we know has been completed to the Chrome process.
 203   bool SendCompleteMessage(const char* buffer, size_t buffer_len);
 204
 205   // Clears the LockedData.to_be_sent_ structure in a way to make sure that
 206   // the memory is deleted. std::string can sometimes hold onto the buffer
 207   // for future use which we don't want.
 208   void ClearToBeSent();
 209
 210   void ConnectChannelOnIOThread();
 211   void CloseChannelOnIOThread();
 212   void SendMessageOnIOThread(scoped_ptr<IPC::Message> message);
 213
 214   // Saves the message to forward to NaCl. This method assumes that the caller
 215   // holds the lock for locked_data_.
 216   void SaveMessage(const IPC::Message& message,
 217                    RewrittenMessage* rewritten_message);
 218
 219   base::Lock lock_;
 220   base::ConditionVariable cond_var_;
 221
 222   scoped_refptr<base::TaskRunner> task_runner_;
 223
 224   ResolveFileTokenCallback resolve_file_token_cb_;
 225   OpenResourceCallback open_resource_cb_;
 226
 227   // To be accessed inside of lock_ only.
 228   LockedData locked_data_;
 229
 230   // To be accessed on the I/O thread (via task runner) only.
 231   IOThreadData io_thread_data_;
 232
 233   DISALLOW_COPY_AND_ASSIGN(NaClIPCAdapter);
 234 };
 235
 236 // Export TranslatePepperFileReadWriteOpenFlags for testing.
 237 int TranslatePepperFileReadWriteOpenFlagsForTesting(int32_t pp_open_flags);
 238
 239 #endif  // CHROME_NACL_NACL_IPC_ADAPTER_H_