Home | History | Annotate | Download | only in browser 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef COMPONENTS_NACL_BROWSER_NACL_PROCESS_HOST_H_
      6 #define COMPONENTS_NACL_BROWSER_NACL_PROCESS_HOST_H_
      7 
      8 #include "build/build_config.h"
      9 
     10 #include "base/files/file_path.h"
     11 #include "base/files/file_util_proxy.h"
     12 #include "base/memory/ref_counted.h"
     13 #include "base/memory/weak_ptr.h"
     14 #include "base/message_loop/message_loop.h"
     15 #include "base/process/process.h"
     16 #include "components/nacl/common/nacl_types.h"
     17 #include "content/public/browser/browser_child_process_host_delegate.h"
     18 #include "content/public/browser/browser_child_process_host_iterator.h"
     19 #include "ipc/ipc_channel_handle.h"
     20 #include "net/socket/socket_descriptor.h"
     21 #include "ppapi/shared_impl/ppapi_permissions.h"
     22 #include "url/gurl.h"
     23 
     24 class CommandLine;
     25 
     26 namespace content {
     27 class BrowserChildProcessHost;
     28 class BrowserPpapiHost;
     29 }
     30 
     31 namespace IPC {
     32 class ChannelProxy;
     33 }
     34 
     35 namespace nacl {
     36 
     37 class NaClHostMessageFilter;
     38 void* AllocateAddressSpaceASLR(base::ProcessHandle process, size_t size);
     39 
     40 // Represents the browser side of the browser <--> NaCl communication
     41 // channel. There will be one NaClProcessHost per NaCl process
     42 // The browser is responsible for starting the NaCl process
     43 // when requested by the renderer.
     44 // After that, most of the communication is directly between NaCl plugin
     45 // running in the renderer and NaCl processes.
     46 class NaClProcessHost : public content::BrowserChildProcessHostDelegate {
     47  public:
     48   // manifest_url: the URL of the manifest of the Native Client plugin being
     49   // executed.
     50   // render_view_id: RenderView routing id, to control access to private APIs.
     51   // permission_bits: controls which interfaces the NaCl plugin can use.
     52   // uses_irt: whether the launched process should use the IRT.
     53   // enable_dyncode_syscalls: whether the launched process should allow dyncode
     54   //                          and mmap with PROT_EXEC.
     55   // enable_exception_handling: whether the launched process should allow
     56   //                            hardware exception handling.
     57   // enable_crash_throttling: whether a crash of this process contributes
     58   //                          to the crash throttling statistics, and also
     59   //                          whether this process should not start when too
     60   //                          many crashes have been observed.
     61   // off_the_record: was the process launched from an incognito renderer?
     62   // profile_directory: is the path of current profile directory.
     63   NaClProcessHost(const GURL& manifest_url,
     64                   int render_view_id,
     65                   uint32 permission_bits,
     66                   bool uses_irt,
     67                   bool enable_dyncode_syscalls,
     68                   bool enable_exception_handling,
     69                   bool enable_crash_throttling,
     70                   bool off_the_record,
     71                   const base::FilePath& profile_directory);
     72   virtual ~NaClProcessHost();
     73 
     74   virtual void OnProcessCrashed(int exit_status) OVERRIDE;
     75 
     76   // Do any minimal work that must be done at browser startup.
     77   static void EarlyStartup();
     78 
     79   // Initialize the new NaCl process. Result is returned by sending ipc
     80   // message reply_msg.
     81   void Launch(NaClHostMessageFilter* nacl_host_message_filter,
     82               IPC::Message* reply_msg,
     83               const base::FilePath& manifest_path);
     84 
     85   virtual void OnChannelConnected(int32 peer_pid) OVERRIDE;
     86 
     87 #if defined(OS_WIN)
     88   void OnProcessLaunchedByBroker(base::ProcessHandle handle);
     89   void OnDebugExceptionHandlerLaunchedByBroker(bool success);
     90 #endif
     91 
     92   bool Send(IPC::Message* msg);
     93 
     94   content::BrowserChildProcessHost* process() { return process_.get(); }
     95   content::BrowserPpapiHost* browser_ppapi_host() { return ppapi_host_.get(); }
     96 
     97  private:
     98   friend class PluginListener;
     99 
    100   // Internal class that holds the NaClHandle objecs so that
    101   // nacl_process_host.h doesn't include NaCl headers.  Needed since it's
    102   // included by src\content, which can't depend on the NaCl gyp file because it
    103   // depends on chrome.gyp (circular dependency).
    104   struct NaClInternal;
    105 
    106   // PluginListener that forwards any messages from untrusted code that aren't
    107   // handled by the PepperMessageFilter to us.
    108   class PluginListener : public IPC::Listener {
    109    public:
    110     explicit PluginListener(NaClProcessHost* host);
    111     virtual bool OnMessageReceived(const IPC::Message& message) OVERRIDE;
    112    private:
    113     // Non-owning pointer so we can forward messages to the host.
    114     NaClProcessHost* host_;
    115   };
    116 
    117   bool LaunchNaClGdb();
    118 
    119 #if defined(OS_POSIX)
    120   // Create bound TCP socket in the browser process so that the NaCl GDB debug
    121   // stub can use it to accept incoming connections even when the Chrome sandbox
    122   // is enabled.
    123   net::SocketDescriptor GetDebugStubSocketHandle();
    124 #endif
    125   bool LaunchSelLdr();
    126 
    127   // BrowserChildProcessHostDelegate implementation:
    128   virtual bool OnMessageReceived(const IPC::Message& msg) OVERRIDE;
    129   virtual void OnProcessLaunched() OVERRIDE;
    130 
    131   void OnResourcesReady();
    132 
    133   // Enable the PPAPI proxy only for NaCl processes corresponding to a renderer.
    134   bool enable_ppapi_proxy() { return render_view_id_ != 0; }
    135 
    136   // Sends the reply message to the renderer who is waiting for the plugin
    137   // to load. Returns true on success.
    138   bool ReplyToRenderer(const IPC::ChannelHandle& channel_handle);
    139 
    140   // Sends the reply with error message to the renderer.
    141   void SendErrorToRenderer(const std::string& error_message);
    142 
    143   // Sends the reply message to the renderer. Either result or
    144   // error message must be empty.
    145   void SendMessageToRenderer(const NaClLaunchResult& result,
    146                              const std::string& error_message);
    147 
    148   // Sends the message to the NaCl process to load the plugin. Returns true
    149   // on success.
    150   bool StartNaClExecution();
    151 
    152   // Called once all initialization is complete and the NaCl process is
    153   // ready to go. Returns true on success.
    154   bool SendStart();
    155 
    156   // Does post-process-launching tasks for starting the NaCl process once
    157   // we have a connection.
    158   //
    159   // Returns false on failure.
    160   bool StartWithLaunchedProcess();
    161 
    162   // Message handlers for validation caching.
    163   void OnQueryKnownToValidate(const std::string& signature, bool* result);
    164   void OnSetKnownToValidate(const std::string& signature);
    165   void OnResolveFileToken(uint64 file_token_lo, uint64 file_token_hi,
    166                           IPC::Message* reply_msg);
    167   void FileResolved(const base::FilePath& file_path,
    168                     IPC::Message* reply_msg,
    169                     const base::PlatformFile& file);
    170 
    171 #if defined(OS_WIN)
    172   // Message handler for Windows hardware exception handling.
    173   void OnAttachDebugExceptionHandler(const std::string& info,
    174                                      IPC::Message* reply_msg);
    175   bool AttachDebugExceptionHandler(const std::string& info,
    176                                    IPC::Message* reply_msg);
    177 #endif
    178 
    179   // Called when a PPAPI IPC channel has been created.
    180   void OnPpapiChannelCreated(const IPC::ChannelHandle& channel_handle);
    181   // Called by PluginListener, so messages from the untrusted side of
    182   // the IPC proxy can be handled.
    183   bool OnUntrustedMessageForwarded(const IPC::Message& msg);
    184 
    185   GURL manifest_url_;
    186   ppapi::PpapiPermissions permissions_;
    187 
    188 #if defined(OS_WIN)
    189   // This field becomes true when the broker successfully launched
    190   // the NaCl loader.
    191   bool process_launched_by_broker_;
    192 #endif
    193   // The NaClHostMessageFilter that requested this NaCl process.  We use
    194   // this for sending the reply once the process has started.
    195   scoped_refptr<NaClHostMessageFilter> nacl_host_message_filter_;
    196 
    197   // The reply message to send. We must always send this message when the
    198   // sub-process either succeeds or fails to unblock the renderer waiting for
    199   // the reply. NULL when there is no reply to send.
    200   IPC::Message* reply_msg_;
    201 #if defined(OS_WIN)
    202   bool debug_exception_handler_requested_;
    203   scoped_ptr<IPC::Message> attach_debug_exception_handler_reply_msg_;
    204 #endif
    205 
    206   // The file path to the manifest is passed to nacl-gdb when it is used to
    207   // debug the NaCl loader.
    208   base::FilePath manifest_path_;
    209 
    210   // Socket pairs for the NaCl process and renderer.
    211   scoped_ptr<NaClInternal> internal_;
    212 
    213   base::WeakPtrFactory<NaClProcessHost> weak_factory_;
    214 
    215   scoped_ptr<content::BrowserChildProcessHost> process_;
    216 
    217   bool uses_irt_;
    218 
    219   bool enable_debug_stub_;
    220   bool enable_dyncode_syscalls_;
    221   bool enable_exception_handling_;
    222   bool enable_crash_throttling_;
    223 
    224   bool off_the_record_;
    225 
    226   const base::FilePath profile_directory_;
    227 
    228   // Channel proxy to terminate the NaCl-Browser PPAPI channel.
    229   scoped_ptr<IPC::ChannelProxy> ipc_proxy_channel_;
    230   // Plugin listener, to forward browser channel messages to us.
    231   PluginListener ipc_plugin_listener_;
    232   // Browser host for plugin process.
    233   scoped_ptr<content::BrowserPpapiHost> ppapi_host_;
    234 
    235   int render_view_id_;
    236 
    237   DISALLOW_COPY_AND_ASSIGN(NaClProcessHost);
    238 };
    239 
    240 }  // namespace nacl
    241 
    242 #endif  // COMPONENTS_NACL_BROWSER_NACL_PROCESS_HOST_H_
    243