1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef COMPONENTS_NACL_BROWSER_NACL_PROCESS_HOST_H_ 6 #define COMPONENTS_NACL_BROWSER_NACL_PROCESS_HOST_H_ 7 8 #include "build/build_config.h" 9 10 #include "base/files/file_path.h" 11 #include "base/files/file_util_proxy.h" 12 #include "base/memory/ref_counted.h" 13 #include "base/memory/weak_ptr.h" 14 #include "base/message_loop/message_loop.h" 15 #include "base/process/process.h" 16 #include "components/nacl/common/nacl_types.h" 17 #include "content/public/browser/browser_child_process_host_delegate.h" 18 #include "content/public/browser/browser_child_process_host_iterator.h" 19 #include "ipc/ipc_channel_handle.h" 20 #include "net/socket/socket_descriptor.h" 21 #include "ppapi/shared_impl/ppapi_permissions.h" 22 #include "url/gurl.h" 23 24 namespace content { 25 class BrowserChildProcessHost; 26 class BrowserPpapiHost; 27 } 28 29 namespace IPC { 30 class ChannelProxy; 31 } 32 33 namespace nacl { 34 35 class NaClHostMessageFilter; 36 void* AllocateAddressSpaceASLR(base::ProcessHandle process, size_t size); 37 38 // Represents the browser side of the browser <--> NaCl communication 39 // channel. There will be one NaClProcessHost per NaCl process 40 // The browser is responsible for starting the NaCl process 41 // when requested by the renderer. 42 // After that, most of the communication is directly between NaCl plugin 43 // running in the renderer and NaCl processes. 44 class NaClProcessHost : public content::BrowserChildProcessHostDelegate { 45 public: 46 // manifest_url: the URL of the manifest of the Native Client plugin being 47 // executed. 48 // permissions: PPAPI permissions, to control access to private APIs. 49 // render_view_id: RenderView routing id, to control access to private APIs. 50 // permission_bits: controls which interfaces the NaCl plugin can use. 51 // uses_irt: whether the launched process should use the IRT. 52 // uses_nonsfi_mode: whether the program should be loaded under non-SFI mode. 53 // enable_dyncode_syscalls: whether the launched process should allow dyncode 54 // and mmap with PROT_EXEC. 55 // enable_exception_handling: whether the launched process should allow 56 // hardware exception handling. 57 // enable_crash_throttling: whether a crash of this process contributes 58 // to the crash throttling statistics, and also 59 // whether this process should not start when too 60 // many crashes have been observed. 61 // off_the_record: was the process launched from an incognito renderer? 62 // profile_directory: is the path of current profile directory. 63 NaClProcessHost(const GURL& manifest_url, 64 ppapi::PpapiPermissions permissions, 65 int render_view_id, 66 uint32 permission_bits, 67 bool uses_irt, 68 bool uses_nonsfi_mode, 69 bool enable_dyncode_syscalls, 70 bool enable_exception_handling, 71 bool enable_crash_throttling, 72 bool off_the_record, 73 const base::FilePath& profile_directory); 74 virtual ~NaClProcessHost(); 75 76 virtual void OnProcessCrashed(int exit_status) OVERRIDE; 77 78 // Do any minimal work that must be done at browser startup. 79 static void EarlyStartup(); 80 81 // Specifies throttling time in milliseconds for PpapiHostMsg_Keepalive IPCs. 82 static void SetPpapiKeepAliveThrottleForTesting(unsigned milliseconds); 83 84 // Initialize the new NaCl process. Result is returned by sending ipc 85 // message reply_msg. 86 void Launch(NaClHostMessageFilter* nacl_host_message_filter, 87 IPC::Message* reply_msg, 88 const base::FilePath& manifest_path); 89 90 virtual void OnChannelConnected(int32 peer_pid) OVERRIDE; 91 92 #if defined(OS_WIN) 93 void OnProcessLaunchedByBroker(base::ProcessHandle handle); 94 void OnDebugExceptionHandlerLaunchedByBroker(bool success); 95 #endif 96 97 bool Send(IPC::Message* msg); 98 process()99 content::BrowserChildProcessHost* process() { return process_.get(); } browser_ppapi_host()100 content::BrowserPpapiHost* browser_ppapi_host() { return ppapi_host_.get(); } 101 102 private: 103 // Internal class that holds the NaClHandle objecs so that 104 // nacl_process_host.h doesn't include NaCl headers. Needed since it's 105 // included by src\content, which can't depend on the NaCl gyp file because it 106 // depends on chrome.gyp (circular dependency). 107 struct NaClInternal; 108 109 bool LaunchNaClGdb(); 110 111 // Mark the process as using a particular GDB debug stub port and notify 112 // listeners (if the port is not kGdbDebugStubPortUnknown). 113 void SetDebugStubPort(int port); 114 115 #if defined(OS_POSIX) 116 // Create bound TCP socket in the browser process so that the NaCl GDB debug 117 // stub can use it to accept incoming connections even when the Chrome sandbox 118 // is enabled. 119 net::SocketDescriptor GetDebugStubSocketHandle(); 120 #endif 121 122 #if defined(OS_WIN) 123 // Called when the debug stub port has been selected. 124 void OnDebugStubPortSelected(uint16_t debug_stub_port); 125 #endif 126 127 bool LaunchSelLdr(); 128 129 // BrowserChildProcessHostDelegate implementation: 130 virtual bool OnMessageReceived(const IPC::Message& msg) OVERRIDE; 131 virtual void OnProcessLaunched() OVERRIDE; 132 133 void OnResourcesReady(); 134 135 // Enable the PPAPI proxy only for NaCl processes corresponding to a renderer. enable_ppapi_proxy()136 bool enable_ppapi_proxy() { return render_view_id_ != 0; } 137 138 // Sends the reply message to the renderer who is waiting for the plugin 139 // to load. Returns true on success. 140 bool ReplyToRenderer( 141 const IPC::ChannelHandle& ppapi_channel_handle, 142 const IPC::ChannelHandle& trusted_channel_handle, 143 const IPC::ChannelHandle& manifest_service_channel_handle); 144 145 // Sends the reply with error message to the renderer. 146 void SendErrorToRenderer(const std::string& error_message); 147 148 // Sends the reply message to the renderer. Either result or 149 // error message must be empty. 150 void SendMessageToRenderer(const NaClLaunchResult& result, 151 const std::string& error_message); 152 153 // Sends the message to the NaCl process to load the plugin. Returns true 154 // on success. 155 bool StartNaClExecution(); 156 157 // Does post-process-launching tasks for starting the NaCl process once 158 // we have a connection. 159 // 160 // Returns false on failure. 161 bool StartWithLaunchedProcess(); 162 163 // Message handlers for validation caching. 164 void OnQueryKnownToValidate(const std::string& signature, bool* result); 165 void OnSetKnownToValidate(const std::string& signature); 166 void OnResolveFileToken(uint64 file_token_lo, uint64 file_token_hi, 167 IPC::Message* reply_msg); 168 void FileResolved(const base::FilePath& file_path, 169 IPC::Message* reply_msg, 170 base::File file); 171 172 #if defined(OS_WIN) 173 // Message handler for Windows hardware exception handling. 174 void OnAttachDebugExceptionHandler(const std::string& info, 175 IPC::Message* reply_msg); 176 bool AttachDebugExceptionHandler(const std::string& info, 177 IPC::Message* reply_msg); 178 #endif 179 180 // Called when the PPAPI IPC channels to the browser/renderer have been 181 // created. 182 void OnPpapiChannelsCreated( 183 const IPC::ChannelHandle& browser_channel_handle, 184 const IPC::ChannelHandle& ppapi_renderer_channel_handle, 185 const IPC::ChannelHandle& trusted_renderer_channel_handle, 186 const IPC::ChannelHandle& manifest_service_channel_handle); 187 188 GURL manifest_url_; 189 ppapi::PpapiPermissions permissions_; 190 191 #if defined(OS_WIN) 192 // This field becomes true when the broker successfully launched 193 // the NaCl loader. 194 bool process_launched_by_broker_; 195 #endif 196 // The NaClHostMessageFilter that requested this NaCl process. We use 197 // this for sending the reply once the process has started. 198 scoped_refptr<NaClHostMessageFilter> nacl_host_message_filter_; 199 200 // The reply message to send. We must always send this message when the 201 // sub-process either succeeds or fails to unblock the renderer waiting for 202 // the reply. NULL when there is no reply to send. 203 IPC::Message* reply_msg_; 204 #if defined(OS_WIN) 205 bool debug_exception_handler_requested_; 206 scoped_ptr<IPC::Message> attach_debug_exception_handler_reply_msg_; 207 #endif 208 209 // The file path to the manifest is passed to nacl-gdb when it is used to 210 // debug the NaCl loader. 211 base::FilePath manifest_path_; 212 213 // Socket pairs for the NaCl process and renderer. 214 scoped_ptr<NaClInternal> internal_; 215 216 base::WeakPtrFactory<NaClProcessHost> weak_factory_; 217 218 scoped_ptr<content::BrowserChildProcessHost> process_; 219 220 bool uses_irt_; 221 bool uses_nonsfi_mode_; 222 223 bool enable_debug_stub_; 224 bool enable_dyncode_syscalls_; 225 bool enable_exception_handling_; 226 bool enable_crash_throttling_; 227 228 bool off_the_record_; 229 230 const base::FilePath profile_directory_; 231 232 // Channel proxy to terminate the NaCl-Browser PPAPI channel. 233 scoped_ptr<IPC::ChannelProxy> ipc_proxy_channel_; 234 // Browser host for plugin process. 235 scoped_ptr<content::BrowserPpapiHost> ppapi_host_; 236 237 int render_view_id_; 238 239 // Throttling time in milliseconds for PpapiHostMsg_Keepalive IPCs. 240 static unsigned keepalive_throttle_interval_milliseconds_; 241 242 DISALLOW_COPY_AND_ASSIGN(NaClProcessHost); 243 }; 244 245 } // namespace nacl 246 247 #endif // COMPONENTS_NACL_BROWSER_NACL_PROCESS_HOST_H_ 248