Change NaCl IPC PPAPI proxy startup to support a NaCl-Browser process

chrome/browser/nacl_host/nacl_process_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/nacl_host/nacl_process_host.h"
 
 #include <string>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/message_loop.h"
 #include "base/path_service.h"
 #include "base/string_number_conversions.h"
 #include "base/string_split.h"
 #include "base/string_util.h"
 #include "base/stringprintf.h"
 #include "base/utf_string_conversions.h"
 #include "base/win/windows_version.h"
 #include "build/build_config.h"
+#include "chrome/browser/browser_process.h"
 #include "chrome/browser/extensions/extension_info_map.h"
+#include "chrome/browser/io_thread.h"
 #include "chrome/browser/nacl_host/nacl_browser.h"
 #include "chrome/browser/renderer_host/chrome_render_message_filter.h"
 #include "chrome/common/chrome_constants.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/chrome_version_info.h"
 #include "chrome/common/logging_chrome.h"
 #include "chrome/common/nacl_cmd_line.h"
 #include "chrome/common/nacl_messages.h"
 #include "chrome/common/render_messages.h"
 #include "chrome/common/url_constants.h"
 #include "content/public/browser/browser_child_process_host.h"
 #include "content/public/browser/child_process_data.h"
 #include "content/public/common/child_process_host.h"
+#include "ipc/ipc_channel.h"
 #include "ipc/ipc_switches.h"
 #include "native_client/src/shared/imc/nacl_imc.h"
 #include "net/base/net_util.h"
+#include "ppapi/proxy/ppapi_messages.h"
 
 #if defined(OS_POSIX)
 #include <fcntl.h>
 
 #include "ipc/ipc_channel_posix.h"
 #elif defined(OS_WIN)
 #include <windows.h>
 
 #include "base/threading/thread.h"
 #include "base/process_util.h"
 #include "base/win/scoped_handle.h"
 #include "chrome/browser/nacl_host/nacl_broker_service_win.h"
 #include "chrome/common/nacl_debug_exception_handler_win.h"
 #include "content/public/common/sandbox_init.h"
 #endif
 
 using content::BrowserThread;
 using content::ChildProcessData;
 using content::ChildProcessHost;
+using ppapi::proxy::SerializedHandle;
 
 namespace {
 
 #if defined(OS_WIN)
 bool RunningOnWOW64() {
   return (base::win::OSInfo::GetInstance()->wow64_status() ==
           base::win::OSInfo::WOW64_ENABLED);
 }
 #endif
 
@@ skipping 39 matching lines @@
 
 }  // namespace
 
 struct NaClProcessHost::NaClInternal {
   std::vector<nacl::Handle> sockets_for_renderer;
   std::vector<nacl::Handle> sockets_for_sel_ldr;
 };
 
 // -----------------------------------------------------------------------------
 
+NaClProcessHost::PluginListener::PluginListener(NaClProcessHost* host)
+    : host_(host) {
+}
+
+bool NaClProcessHost::PluginListener::OnMessageReceived(
+    const IPC::Message& msg) {
+  return host_->OnUntrustedMessageForwarded(msg);
+}
+
 NaClProcessHost::NaClProcessHost(const GURL& manifest_url, bool off_the_record)
     : manifest_url_(manifest_url),
 #if defined(OS_WIN)
       process_launched_by_broker_(false),
 #elif defined(OS_LINUX)
       wait_for_nacl_gdb_(false),
 #endif
       reply_msg_(NULL),
 #if defined(OS_WIN)
       debug_exception_handler_requested_(false),
 #endif
       internal_(new NaClInternal()),
       ALLOW_THIS_IN_INITIALIZER_LIST(weak_factory_(this)),
       enable_exception_handling_(false),
       enable_debug_stub_(false),
-      off_the_record_(off_the_record) {
+      off_the_record_(off_the_record),
+      enable_ipc_proxy_(false),
+      ALLOW_THIS_IN_INITIALIZER_LIST(ipc_plugin_listener_(this)) {
   process_.reset(content::BrowserChildProcessHost::Create(
       content::PROCESS_TYPE_NACL_LOADER, this));
 
   // Set the display name so the user knows what plugin the process is running.
   // We aren't on the UI thread so getting the pref locale for language
   // formatting isn't possible, so IDN will be lost, but this is probably OK
   // for this use case.
   process_->SetName(net::FormatUrl(manifest_url_, std::string()));
 
   // We allow untrusted hardware exception handling to be enabled via
@@ skipping 531 matching lines @@
 }
 
 bool NaClProcessHost::SendStart() {
   if (!enable_ipc_proxy_) {
     if (!ReplyToRenderer(IPC::ChannelHandle()))
       return false;
   }
   return StartNaClExecution();
 }
 
+// This method is called when NaClProcessHostMsg_PpapiChannelCreated is
+// received or PpapiHostMsg_ChannelCreated is forwarded by our plugin
+// listener.
 void NaClProcessHost::OnPpapiChannelCreated(
     const IPC::ChannelHandle& channel_handle) {
   DCHECK(enable_ipc_proxy_);
-  ReplyToRenderer(channel_handle);
+  // If the proxy channel is null, this must be the initial NaCl-Browser IPC
+  // channel.
+  if (!ipc_proxy_channel_.get()) {
+    ipc_proxy_channel_.reset(
+        new IPC::ChannelProxy(channel_handle,
+                              IPC::Channel::MODE_CLIENT,
+                              &ipc_plugin_listener_,
+                              base::MessageLoopProxy::current()));
+    // Send a message to create the NaCl-Renderer channel. The handle is just
+    // a place holder.
+    ipc_proxy_channel_->Send(
+        new PpapiMsg_CreateNaClChannel(
+            chrome_render_message_filter_->render_process_id(),
+            chrome_render_message_filter_->off_the_record(),
+            SerializedHandle(SerializedHandle::CHANNEL_HANDLE,
+                             IPC::InvalidPlatformFileForTransit())));
+  } else if (reply_msg_) {
+    // Otherwise, this must be a renderer channel.
+    ReplyToRenderer(channel_handle);
+  } else {
+    // Attempt to open more than 1 renderer channel is not supported.
+    // Shut down the NaCl process.
+    process_->GetHost()->ForceShutdown();
+  }
+}
+
+bool NaClProcessHost::OnUntrustedMessageForwarded(const IPC::Message& msg) {
+  // Handle messages that have been forwarded from our PluginListener.
+  // These messages come from untrusted code so should be handled with care.
+  bool handled = true;
+  IPC_BEGIN_MESSAGE_MAP(NaClProcessHost, msg)
+    IPC_MESSAGE_HANDLER(PpapiHostMsg_ChannelCreated,
+                        OnPpapiChannelCreated)
+    IPC_MESSAGE_UNHANDLED(handled = false)
+  IPC_END_MESSAGE_MAP()
+  return handled;
 }
 
 bool NaClProcessHost::StartWithLaunchedProcess() {
 #if defined(OS_LINUX)
   if (wait_for_nacl_gdb_) {
     if (LaunchNaClGdb(base::GetProcId(process_->GetData().handle))) {
       // We will be called with wait_for_nacl_gdb_ = false once debugger is
       // attached to the program.
       return true;
     }
@@ skipping 86 matching lines @@
   } else {
     NaClStartDebugExceptionHandlerThread(
         process_handle.Take(), info,
         base::MessageLoopProxy::current(),
         base::Bind(&NaClProcessHost::OnDebugExceptionHandlerLaunchedByBroker,
                    weak_factory_.GetWeakPtr()));
     return true;
   }
 }
 #endif