/* Copyright (c) 2012 The Chromium Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ /* This file contains NaCl private interfaces. This interface is not versioned * and is for internal Chrome use. It may change without notice. */ label Chrome { M25 = 1.0 }; #inline c #include "ppapi/c/private/pp_file_handle.h" #include "ppapi/c/private/ppb_instance_private.h" #endinl /** NaCl-specific errors that should be reported to the user. * These error codes are reported via UMA so, if you edit them: * 1) make sure you understand UMA first. * 2) update src/tools/metrics/histograms/histograms.xml * Values are explicitly specified to make sure they don't shift around when * edited, and also to make reading about:histograms easier. */ enum PP_NaClError { PP_NACL_ERROR_LOAD_SUCCESS = 0, PP_NACL_ERROR_LOAD_ABORTED = 1, PP_NACL_ERROR_UNKNOWN = 2, PP_NACL_ERROR_MANIFEST_RESOLVE_URL = 3, PP_NACL_ERROR_MANIFEST_LOAD_URL = 4, PP_NACL_ERROR_MANIFEST_STAT = 5, PP_NACL_ERROR_MANIFEST_TOO_LARGE = 6, PP_NACL_ERROR_MANIFEST_OPEN = 7, PP_NACL_ERROR_MANIFEST_MEMORY_ALLOC = 8, PP_NACL_ERROR_MANIFEST_READ = 9, PP_NACL_ERROR_MANIFEST_PARSING = 10, PP_NACL_ERROR_MANIFEST_SCHEMA_VALIDATE = 11, PP_NACL_ERROR_MANIFEST_GET_NEXE_URL = 12, PP_NACL_ERROR_NEXE_LOAD_URL = 13, PP_NACL_ERROR_NEXE_ORIGIN_PROTOCOL = 14, PP_NACL_ERROR_NEXE_FH_DUP = 15, PP_NACL_ERROR_NEXE_STAT = 16, PP_NACL_ERROR_ELF_CHECK_IO = 17, PP_NACL_ERROR_ELF_CHECK_FAIL = 18, PP_NACL_ERROR_SEL_LDR_INIT = 19, PP_NACL_ERROR_SEL_LDR_CREATE_LAUNCHER = 20, PP_NACL_ERROR_SEL_LDR_FD = 21, PP_NACL_ERROR_SEL_LDR_LAUNCH = 22, /* Deprecated, safe to reuse the value because it's never logged in UMA. PP_NACL_ERROR_SEL_LDR_COMMUNICATION = 23, */ PP_NACL_ERROR_SEL_LDR_SEND_NEXE = 24, PP_NACL_ERROR_SEL_LDR_HANDLE_PASSING = 25, PP_NACL_ERROR_SEL_LDR_START_MODULE = 26, PP_NACL_ERROR_SEL_LDR_START_STATUS = 27, PP_NACL_ERROR_SRPC_CONNECTION_FAIL = 28, PP_NACL_ERROR_START_PROXY_CHECK_PPP = 29, PP_NACL_ERROR_START_PROXY_ALLOC = 30, PP_NACL_ERROR_START_PROXY_MODULE = 31, PP_NACL_ERROR_START_PROXY_INSTANCE = 32, PP_NACL_ERROR_SEL_LDR_COMMUNICATION_CMD_CHANNEL = 33, PP_NACL_ERROR_SEL_LDR_COMMUNICATION_REV_SETUP = 34, PP_NACL_ERROR_SEL_LDR_COMMUNICATION_WRAPPER = 35, PP_NACL_ERROR_SEL_LDR_COMMUNICATION_REV_SERVICE = 36, PP_NACL_ERROR_START_PROXY_CRASH = 37, PP_NACL_ERROR_MANIFEST_PROGRAM_MISSING_ARCH = 38, PP_NACL_ERROR_PNACL_CACHE_OPEN_INPROGRESS = 39, PP_NACL_ERROR_PNACL_CACHE_OPEN_NOACCESS = 40, PP_NACL_ERROR_PNACL_CACHE_OPEN_NOQUOTA = 41, PP_NACL_ERROR_PNACL_CACHE_OPEN_NOSPACE = 42, PP_NACL_ERROR_PNACL_CACHE_OPEN_OTHER = 43, PP_NACL_ERROR_PNACL_CACHE_DIRECTORY_CREATE = 44, PP_NACL_ERROR_PNACL_CACHE_FILEOPEN_NOACCESS = 45, PP_NACL_ERROR_PNACL_CACHE_FILEOPEN_NOQUOTA = 46, PP_NACL_ERROR_PNACL_CACHE_FILEOPEN_NOSPACE = 47, PP_NACL_ERROR_PNACL_CACHE_FILEOPEN_NOTAFILE = 48, PP_NACL_ERROR_PNACL_CACHE_FILEOPEN_OTHER = 49, PP_NACL_ERROR_PNACL_CACHE_FETCH_NOACCESS = 50, PP_NACL_ERROR_PNACL_CACHE_FETCH_NOTFOUND = 51, PP_NACL_ERROR_PNACL_CACHE_FETCH_OTHER = 52, PP_NACL_ERROR_PNACL_CACHE_FINALIZE_COPY_NOQUOTA = 53, PP_NACL_ERROR_PNACL_CACHE_FINALIZE_COPY_NOSPACE = 54, PP_NACL_ERROR_PNACL_CACHE_FINALIZE_COPY_OTHER = 55, PP_NACL_ERROR_PNACL_CACHE_FINALIZE_RENAME_NOACCESS = 56, PP_NACL_ERROR_PNACL_CACHE_FINALIZE_RENAME_OTHER = 57, PP_NACL_ERROR_PNACL_RESOURCE_FETCH = 58, PP_NACL_ERROR_PNACL_PEXE_FETCH_ABORTED = 59, PP_NACL_ERROR_PNACL_PEXE_FETCH_NOACCESS = 60, PP_NACL_ERROR_PNACL_PEXE_FETCH_OTHER = 61, PP_NACL_ERROR_PNACL_THREAD_CREATE = 62, PP_NACL_ERROR_PNACL_LLC_SETUP = 63, PP_NACL_ERROR_PNACL_LD_SETUP = 64, PP_NACL_ERROR_PNACL_LLC_INTERNAL = 65, PP_NACL_ERROR_PNACL_LD_INTERNAL = 66, PP_NACL_ERROR_PNACL_CREATE_TEMP = 67, /* This entry is no longer used, but should not be removed, because UMA numbers need to be kept consistent. */ PP_NACL_ERROR_PNACL_NOT_ENABLED = 68, PP_NACL_ERROR_MANIFEST_NOACCESS_URL = 69, PP_NACL_ERROR_NEXE_NOACCESS_URL = 70, PP_NACL_ERROR_PNACL_CRASH_THROTTLED = 71, /* If you add a code, read the enum comment above on how to update histograms. */ PP_NACL_ERROR_MAX }; /** Event types that NaCl may use when reporting load progress or errors. */ enum PP_NaClEventType { PP_NACL_EVENT_LOADSTART, PP_NACL_EVENT_PROGRESS, PP_NACL_EVENT_ERROR, PP_NACL_EVENT_ABORT, PP_NACL_EVENT_LOAD, PP_NACL_EVENT_LOADEND, PP_NACL_EVENT_CRASH }; enum PP_UrlSchemeType { PP_SCHEME_CHROME_EXTENSION, PP_SCHEME_DATA, PP_SCHEME_OTHER }; enum PP_NaClReadyState { /* The trusted plugin begins in this ready state. */ PP_NACL_READY_STATE_UNSENT = 0, /* The manifest file has been requested, but not yet received. */ PP_NACL_READY_STATE_OPENED = 1, /* The manifest file has been received and the nexe successfully requested. */ PP_NACL_READY_STATE_LOADING = 3, /* The nexe has been loaded and the proxy started, so it is ready for interaction with the page. */ PP_NACL_READY_STATE_DONE = 4 }; struct PP_PNaClOptions { PP_Bool translate; PP_Bool is_debug; int32_t opt_level; }; /* Callback invoked upon completion of PPP_ManifestService::OpenResource(). */ typedef void PP_OpenResourceCompletionCallback([inout] mem_t user_data, [in] PP_FileHandle file_handle); /* ManifestService to support irt_open_resource() function. * All functions of the service should have PP_Bool return value. It represents * whether the service is still alive or not. Trivially Quit() should always * return false. However, other functions also can return false. * Once false is called, as the service has been destructed, all functions * should never be called afterwords. */ interface PPP_ManifestService { /* Called when ManifestService should be destructed. */ PP_Bool Quit([inout] mem_t user_data); /* Called when PPAPI initialization in the NaCl plugin is finished. */ PP_Bool StartupInitializationComplete([inout] mem_t user_data); /* Called when irt_open_resource() is invoked in the NaCl plugin. * Upon completion, callback will be invoked with given callback_user_data * and the result file handle (or PP_kInvalidFileHandle on error). */ PP_Bool OpenResource([inout] mem_t user_data, [in] str_t entry_key, [in] PP_OpenResourceCompletionCallback callback, [inout] mem_t callback_user_data); }; /* Corresponds to NaClFileInfo in * native_client/src/trusted/validator/nacl_file_info.h */ struct PP_NaClFileInfo { PP_FileHandle handle; /* See NaClFileToken comment in nacl_file_info.h */ uint64_t token_lo; uint64_t token_hi; }; /* PPB_NaCl_Private */ interface PPB_NaCl_Private { /* Launches NaCl's sel_ldr process. Returns PP_EXTERNAL_PLUGIN_OK on success * and writes a NaClHandle to imc_handle. Returns PP_EXTERNAL_PLUGIN_FAILED on * failure. The |enable_ppapi_dev| parameter controls whether GetInterface * returns 'Dev' interfaces to the NaCl plugin. The |uses_ppapi| flag * indicates that the nexe run by sel_ldr will use the PPAPI APIs. * This implies that LaunchSelLdr is run from the main thread. If a nexe * does not need PPAPI, then it can run off the main thread. * The |uses_irt| flag indicates whether the IRT should be loaded in this * NaCl process. This is true for ABI stable nexes. * The |uses_nonsfi_mode| flag indicates whether or not nonsfi-mode should * be used with the binary pointed by the url. * The |enable_dyncode_syscalls| flag indicates whether or not the nexe * will be able to use dynamic code system calls (e.g., mmap with PROT_EXEC). * The |enable_exception_handling| flag indicates whether or not the nexe * will be able to use hardware exception handling. * The |enable_crash_throttling| flag indicates whether or not crashes of * the nexe contribute to crash throttling statisics and whether nexe starts * are throttled by crash throttling. */ void LaunchSelLdr([in] PP_Instance instance, [in] PP_Bool main_service_runtime, [in] str_t alleged_url, [in] PP_Bool uses_irt, [in] PP_Bool uses_ppapi, [in] PP_Bool uses_nonsfi_mode, [in] PP_Bool enable_ppapi_dev, [in] PP_Bool enable_dyncode_syscalls, [in] PP_Bool enable_exception_handling, [in] PP_Bool enable_crash_throttling, [in] PPP_ManifestService manifest_service_interface, [inout] mem_t manifest_service_user_data, [out] mem_t imc_handle, [in] PP_CompletionCallback callback); /* This function starts the IPC proxy so the nexe can communicate with the * browser. */ PP_Bool StartPpapiProxy(PP_Instance instance); /* On POSIX systems, this function returns the file descriptor of * /dev/urandom. On non-POSIX systems, this function returns 0. */ int32_t UrandomFD(); /* Whether the Pepper 3D interfaces should be disabled in the NaCl PPAPI * proxy. This is so paranoid admins can effectively prevent untrusted shader * code to be processed by the graphics stack. */ PP_Bool Are3DInterfacesDisabled(); /* This is Windows-specific. This is a replacement for DuplicateHandle() for * use inside the Windows sandbox. Note that we provide this via dependency * injection only to avoid the linkage problems that occur because the NaCl * plugin is built as a separate DLL/DSO * (see http://code.google.com/p/chromium/issues/detail?id=114439#c8). */ int32_t BrokerDuplicateHandle([in] PP_FileHandle source_handle, [in] uint32_t process_id, [out] PP_FileHandle target_handle, [in] uint32_t desired_access, [in] uint32_t options); /* Returns a read-only file descriptor for a url for pnacl translator tools, * or an invalid handle on failure. */ PP_FileHandle GetReadonlyPnaclFd([in] str_t url); /* This creates a temporary file that will be deleted by the time * the last handle is closed (or earlier on POSIX systems), and * returns a posix handle to that temporary file. */ PP_FileHandle CreateTemporaryFile([in] PP_Instance instance); /* Return the number of processors in the system as reported by the OS */ int32_t GetNumberOfProcessors(); /* Return whether the non-SFI mode is enabled. */ PP_Bool IsNonSFIModeEnabled(); /* Create a temporary file, which will be deleted by the time the * last handle is closed (or earlier on POSIX systems), to use for * the nexe with the cache information given by |pexe_url|, * |abi_version|, |opt_level|, and |headers|. If the nexe is already present * in the cache, |is_hit| is set to PP_TRUE and the contents of the nexe will * be copied into the temporary file. Otherwise |is_hit| is set to PP_FALSE * and the temporary file will be writeable. Currently the implementation is * a stub, which always sets is_hit to false and calls the implementation of * CreateTemporaryFile. In a subsequent CL it will call into the browser * which will remember the association between the cache key and the fd, and * copy the nexe into the cache after the translation finishes. */ int32_t GetNexeFd([in] PP_Instance instance, [in] str_t pexe_url, [in] uint32_t abi_version, [in] uint32_t opt_level, [in] str_t headers, [in] str_t extra_flags, [out] PP_Bool is_hit, [out] PP_FileHandle nexe_handle, [in] PP_CompletionCallback callback); /* Report to the browser that translation of the pexe for |instance| * has finished, or aborted with an error. If |success| is true, the * browser may then store the translation in the cache. The renderer * must first have called GetNexeFd for the same instance. (The browser is * not guaranteed to store the nexe even if |success| is true; if there is * an error on the browser side, or the file is too big for the cache, or * the browser is in incognito mode, no notification will be delivered to * the plugin.) */ void ReportTranslationFinished([in] PP_Instance instance, [in] PP_Bool success, [in] int32_t opt_level, [in] int64_t pexe_size, [in] int64_t compile_time_us, [in] int64_t total_time_us); /* Dispatch a progress event on the DOM element where the given instance is * embedded. */ void DispatchEvent([in] PP_Instance instance, [in] PP_NaClEventType event_type, [in] str_t resource_url, [in] PP_Bool length_is_computable, [in] uint64_t loaded_bytes, [in] uint64_t total_bytes); /* Report that the nexe loaded successfully. */ void ReportLoadSuccess([in] PP_Instance instance, [in] str_t url, [in] uint64_t loaded_bytes, [in] uint64_t total_bytes); /* Report an error that occured while attempting to load a nexe. */ void ReportLoadError([in] PP_Instance instance, [in] PP_NaClError error, [in] str_t error_message); /* Reports that loading a nexe was aborted. */ void ReportLoadAbort([in] PP_Instance instance); /* Reports that the nexe has crashed. */ void NexeDidCrash([in] PP_Instance instance, [in] str_t crash_log); /* Performs internal setup when an instance is created. */ void InstanceCreated([in] PP_Instance instance); /* Performs internal cleanup when an instance is destroyed. */ void InstanceDestroyed([in] PP_Instance instance); /* Return true if the NaCl debug stub is enabled and the app loaded from * alleged_nmf_url will be attached to a debugger. */ PP_Bool NaClDebugEnabledForURL([in] str_t alleged_nmf_url); /* Returns the kind of SFI sandbox implemented by NaCl on this * platform. */ str_t GetSandboxArch(); /* Logs the message to the console. */ void LogToConsole([in] PP_Instance instance, [in] str_t message); /* Returns the NaCl readiness status for this instance. */ PP_NaClReadyState GetNaClReadyState([in] PP_Instance instance); /* Returns the exit status of the plugin process. */ int32_t GetExitStatus([in] PP_Instance instance); /* Sets the exit status of the plugin process. */ void SetExitStatus([in] PP_Instance instance, [in] int32_t exit_status); /* Logs the message via VLOG. */ void Vlog([in] str_t message); /* Initializes internal state for a NaCl plugin. */ void InitializePlugin([in] PP_Instance instance, [in] uint32_t argc, [in, size_as=argc] str_t[] argn, [in, size_as=argv] str_t[] argv); /* Returns the size of the nexe. */ int64_t GetNexeSize([in] PP_Instance instance); /* Requests the NaCl manifest specified in the plugin arguments. */ void RequestNaClManifest([in] PP_Instance instance, [in] PP_CompletionCallback callback); PP_Var GetManifestBaseURL([in] PP_Instance instance); /* Processes the NaCl manifest once it's been retrieved. * TODO(teravest): Move the rest of the supporting logic out of the trusted * plugin. */ void ProcessNaClManifest([in] PP_Instance instance, [in] str_t program_url); PP_Bool DevInterfacesEnabled([in] PP_Instance instance); PP_Bool GetManifestProgramURL([in] PP_Instance instance, [out] PP_Var full_url, [out] PP_PNaClOptions pnacl_options, [out] PP_Bool uses_nonsfi_mode); PP_Bool ManifestResolveKey([in] PP_Instance instance, [in] PP_Bool helper_process, [in] str_t key, [out] PP_Var full_url, [out] PP_PNaClOptions pnacl_options); /* Returns the filenames for the llc and ld tools, parsing that information * from the file given in |filename|. */ PP_Bool GetPnaclResourceInfo([in] PP_Instance instance, [in] str_t filename, [out] PP_Var llc_tool_name, [out] PP_Var ld_tool_name); // PP_Var string of attributes describing the CPU features supported // by the current architecture. The string is a comma-delimited list // of attributes supported by LLVM in its -mattr= option: // http://llvm.org/docs/CommandGuide/llc.html#cmdoption-mattr PP_Var GetCpuFeatureAttrs(); /* Posts a message to the JavaScript object for the given instance. * This method may be called on any thread. */ void PostMessageToJavaScript([in] PP_Instance instance, [in] str_t message); /* Downloads the .nexe file at the given URL to a file, and sets |file_info| * to information for a handle to a file containing its contents. * If metadata for identity-based validation caching is available * then it sets token information in |file_info| (otherwise left untouched). */ void DownloadNexe([in] PP_Instance instance, [in] str_t url, [out] PP_NaClFileInfo file_info, [in] PP_CompletionCallback callback); /* Downloads a non-nexe file specified in the manifest, and sets |file_info| * to corresponding information about the file. */ void DownloadFile([in] PP_Instance instance, [in] str_t url, [out] PP_NaClFileInfo file_info, [in] PP_CompletionCallback callback); /* Reports the status of sel_ldr for UMA reporting. * |max_status| has to be provided because the implementation of this * interface can't access the NaClErrorCode enum. */ void ReportSelLdrStatus([in] PP_Instance instance, [in] int32_t load_status, [in] int32_t max_status); /* Logs time taken by an operation to UMA histograms. * This function is safe to call on any thread. */ void LogTranslateTime([in] str_t histogram_name, [in] int64_t time_us); };