1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "components/nacl/broker/nacl_broker_listener.h"
6
7 #include <utility>
8
9 #include "base/base_switches.h"
10 #include "base/bind.h"
11 #include "base/command_line.h"
12 #include "base/path_service.h"
13 #include "base/process/launch.h"
14 #include "base/process/process.h"
15 #include "base/process/process_handle.h"
16 #include "base/rand_util.h"
17 #include "base/strings/string_number_conversions.h"
18 #include "base/threading/thread_task_runner_handle.h"
19 #include "base/win/win_util.h"
20 #include "components/nacl/common/nacl_cmd_line.h"
21 #include "components/nacl/common/nacl_debug_exception_handler_win.h"
22 #include "components/nacl/common/nacl_messages.h"
23 #include "components/nacl/common/nacl_service.h"
24 #include "components/nacl/common/nacl_switches.h"
25 #include "content/public/common/content_switches.h"
26 #include "content/public/common/sandbox_init.h"
27 #include "ipc/ipc_channel.h"
28 #include "mojo/public/cpp/platform/platform_channel.h"
29 #include "mojo/public/cpp/system/invitation.h"
30 #include "mojo/public/cpp/system/message_pipe.h"
31 #include "sandbox/win/src/sandbox_policy.h"
32
33 namespace {
34
SendReply(IPC::Channel * channel,int32_t pid,bool result)35 void SendReply(IPC::Channel* channel, int32_t pid, bool result) {
36 channel->Send(new NaClProcessMsg_DebugExceptionHandlerLaunched(pid, result));
37 }
38
39 } // namespace
40
41 NaClBrokerListener::NaClBrokerListener() = default;
42
43 NaClBrokerListener::~NaClBrokerListener() = default;
44
Listen()45 void NaClBrokerListener::Listen() {
46 NaClService service(base::ThreadTaskRunnerHandle::Get());
47 channel_ =
48 IPC::Channel::CreateClient(service.TakeChannelPipe().release(), this,
49 base::ThreadTaskRunnerHandle::Get());
50 CHECK(channel_->Connect());
51 run_loop_.Run();
52 }
53
GetSandboxType()54 sandbox::policy::SandboxType NaClBrokerListener::GetSandboxType() {
55 return sandbox::policy::SandboxType::kPpapi;
56 }
57
OnChannelConnected(int32_t peer_pid)58 void NaClBrokerListener::OnChannelConnected(int32_t peer_pid) {
59 browser_process_ = base::Process::OpenWithExtraPrivileges(peer_pid);
60 CHECK(browser_process_.IsValid());
61 }
62
OnMessageReceived(const IPC::Message & msg)63 bool NaClBrokerListener::OnMessageReceived(const IPC::Message& msg) {
64 bool handled = true;
65 IPC_BEGIN_MESSAGE_MAP(NaClBrokerListener, msg)
66 IPC_MESSAGE_HANDLER(NaClProcessMsg_LaunchLoaderThroughBroker,
67 OnLaunchLoaderThroughBroker)
68 IPC_MESSAGE_HANDLER(NaClProcessMsg_LaunchDebugExceptionHandler,
69 OnLaunchDebugExceptionHandler)
70 IPC_MESSAGE_HANDLER(NaClProcessMsg_StopBroker, OnStopBroker)
71 IPC_MESSAGE_UNHANDLED(handled = false)
72 IPC_END_MESSAGE_MAP()
73 return handled;
74 }
75
OnChannelError()76 void NaClBrokerListener::OnChannelError() {
77 // The browser died unexpectedly, quit to avoid a zombie process.
78 run_loop_.QuitWhenIdle();
79 }
80
OnLaunchLoaderThroughBroker(int launch_id,mojo::MessagePipeHandle ipc_channel_handle)81 void NaClBrokerListener::OnLaunchLoaderThroughBroker(
82 int launch_id,
83 mojo::MessagePipeHandle ipc_channel_handle) {
84 base::ProcessHandle loader_handle_in_browser = 0;
85
86 // Create the path to the nacl broker/loader executable - it's the executable
87 // this code is running in.
88 base::FilePath exe_path;
89 base::PathService::Get(base::FILE_EXE, &exe_path);
90 if (!exe_path.empty()) {
91 base::CommandLine* cmd_line = new base::CommandLine(exe_path);
92 nacl::CopyNaClCommandLineArguments(cmd_line);
93
94 cmd_line->AppendSwitchASCII(switches::kProcessType,
95 switches::kNaClLoaderProcess);
96
97 // Mojo IPC setup.
98 mojo::PlatformChannel channel;
99 base::HandlesToInheritVector handles;
100 channel.PrepareToPassRemoteEndpoint(&handles, cmd_line);
101
102 mojo::OutgoingInvitation invitation;
103 MojoResult fuse_result = mojo::FuseMessagePipes(
104 mojo::ScopedMessagePipeHandle(ipc_channel_handle),
105 invitation.AttachMessagePipe(0));
106 DCHECK_EQ(MOJO_RESULT_OK, fuse_result);
107
108 base::Process loader_process;
109 sandbox::ResultCode result = content::StartSandboxedProcess(
110 this, cmd_line, handles, &loader_process);
111
112 if (result == sandbox::SBOX_ALL_OK) {
113 mojo::OutgoingInvitation::Send(std::move(invitation),
114 loader_process.Handle(),
115 channel.TakeLocalEndpoint());
116
117 // Note: PROCESS_DUP_HANDLE is necessary here, because:
118 // 1) The current process is the broker, which is the loader's parent.
119 // 2) The browser is not the loader's parent, and so only gets the
120 // access rights we confer here.
121 // 3) The browser calls DuplicateHandle to set up communications with
122 // the loader.
123 // 4) The target process handle to DuplicateHandle needs to have
124 // PROCESS_DUP_HANDLE access rights.
125 DuplicateHandle(
126 ::GetCurrentProcess(), loader_process.Handle(),
127 browser_process_.Handle(), &loader_handle_in_browser,
128 PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION | PROCESS_TERMINATE,
129 FALSE, 0);
130 }
131 }
132
133 channel_->Send(
134 new NaClProcessMsg_LoaderLaunched(launch_id, loader_handle_in_browser));
135 }
136
OnLaunchDebugExceptionHandler(int32_t pid,base::ProcessHandle process_handle,const std::string & startup_info)137 void NaClBrokerListener::OnLaunchDebugExceptionHandler(
138 int32_t pid,
139 base::ProcessHandle process_handle,
140 const std::string& startup_info) {
141 NaClStartDebugExceptionHandlerThread(
142 base::Process(process_handle), startup_info,
143 base::ThreadTaskRunnerHandle::Get(),
144 base::BindRepeating(SendReply, channel_.get(), pid));
145 }
146
OnStopBroker()147 void NaClBrokerListener::OnStopBroker() {
148 run_loop_.QuitWhenIdle();
149 }
150