Handle-passing: Allow a handle-passing function to be supplied by Chromium

src/shared/imc/win/nacl_imc.cc

 /*
  * Copyright (c) 2012 The Native Client Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */
 
 
 // NaCl inter-module communication primitives.
 
 #ifndef NOMINMAX
 #define NOMINMAX  // Disables the generation of the min and max macro in
                   // <windows.h>.
 #endif
 
 #include <algorithm>
 #include <ctype.h>
 #include <limits.h>
 #include <stdio.h>
 #include <string>
 #include <windows.h>
 #include <sys/types.h>
 
 #include "native_client/src/include/atomic_ops.h"
 #include "native_client/src/include/portability.h"
 #include "native_client/src/shared/imc/nacl_imc.h"
 #include "native_client/src/shared/imc/nacl_imc_c.h"
 #include "native_client/src/trusted/handle_pass/handle_lookup.h"
 
-// Duplicate a Windows HANDLE.
+
+static NaClBrokerDuplicateHandleFunc g_broker_duplicate_handle_func;

[sehr (please use chromium), 2012/04/10 21:27:35]

I think the general preference is for an anonymous namespace rather than
file-scoped statics.

[Mark Seaborn, 2012/04/10 21:47:23]

Done.

+
+void NaClSetBrokerDuplicateHandleFunc(NaClBrokerDuplicateHandleFunc func) {
+  g_broker_duplicate_handle_func = func;
+}
+
+// Duplicate a Windows HANDLE within the current process.
 NaClHandle NaClDuplicateNaClHandle(NaClHandle handle) {
   NaClHandle dup_handle;
   if (DuplicateHandle(GetCurrentProcess(),
                       handle,
                       GetCurrentProcess(),
                       &dup_handle,
                       0,
                       FALSE,
                       DUPLICATE_SAME_ACCESS)) {
     return dup_handle;
@@ skipping 216 matching lines @@
   }
   if (0 < message->handle_count && message->handles) {
     // TODO(shiki): On Windows Vista, we can use GetNamedPipeClientProcessId()
     // and GetNamedPipeServerProcessId() and probably we can remove
     // kEchoRequest and kEchoResponse completely.
     if (WriteAll(handle, &header, sizeof header) != sizeof header ||
         ReadAll(handle, &header, sizeof header) != sizeof header ||
         header.command != kEchoResponse) {
       return -1;
     }
+    HANDLE target;
+    if (g_broker_duplicate_handle_func == NULL) {
+      // TODO(mseaborn): Remove these non-NACL_STANDALONE cases.
+      // Chromium is being changed to supply g_broker_duplicate_handle_func.
 #ifdef NACL_STANDALONE  // not in Chrome
-    HANDLE target = OpenProcess(PROCESS_DUP_HANDLE, FALSE, header.pid);
+      target = OpenProcess(PROCESS_DUP_HANDLE, FALSE, header.pid);
 #else
-    HANDLE target = NaClHandlePassLookupHandle(header.pid);
+      target = NaClHandlePassLookupHandle(header.pid);
 #endif
-    if (target == NULL) {
-      return -1;
+      if (target == NULL) {
+        return -1;
+      }
     }
     for (uint32_t i = 0; i < message->handle_count; ++i) {
       HANDLE temp_remote_handle;
-      if (DuplicateHandle(GetCurrentProcess(), message->handles[i],
-                          target, &temp_remote_handle,
-                          0, FALSE, DUPLICATE_SAME_ACCESS) == FALSE) {
+      bool success;
+      if (g_broker_duplicate_handle_func != NULL) {
+        success = g_broker_duplicate_handle_func(message->handles[i],
+                                                 header.pid,
+                                                 &temp_remote_handle,
+                                                 0, DUPLICATE_SAME_ACCESS);
+      } else {
+        success = DuplicateHandle(GetCurrentProcess(), message->handles[i],
+                                  target, &temp_remote_handle,
+                                  0, FALSE, DUPLICATE_SAME_ACCESS);
+      }
+      if (!success) {
         // Send the kCancel message to revoke the handles duplicated
         // so far in the remote peer.
         header.command = kCancel;
         header.handle_count = i;
         if (0 < i) {
           WriteAll(handle, &header, sizeof header);
           WriteAll(handle, remote_handles, sizeof(uint64_t) * i);
         }
+        if (g_broker_duplicate_handle_func == NULL) {
 #ifdef NACL_STANDALONE
-        CloseHandle(target);
+          CloseHandle(target);
 #endif
+        }
         return -1;
       }
       remote_handles[i] = reinterpret_cast<uint64_t>(temp_remote_handle);
     }
+    if (g_broker_duplicate_handle_func == NULL) {
 #ifdef NACL_STANDALONE
-    CloseHandle(target);
+      CloseHandle(target);
 #endif
+    }
   }
   header.command = kMessage;
   header.handle_count = message->handle_count;
   for (uint32_t i = 0; i < message->iov_length; ++i) {
     if (UINT32_MAX - header.message_length < message->iov[i].length) {
       return -1;
     }
     header.message_length += static_cast<uint32_t>(message->iov[i].length);
   }
   if (WriteAll(handle, &header, sizeof header) != sizeof header) {
@@ skipping 274 matching lines @@
       break;
     }
     default:
       return -1;
       break;
     }
   }
 }
 
 }  // namespace nacl