Remove the socket_count parameter from NaCl Launch IPC messages.

After some refactoring, the socket_count is now hardcoded to 1, so we can assume there is only a single socket and avoid using a vector as well. BUG= http://code.google.com/p/nativeclient/issues/detail?id=3241 Review URL: https://codereview.chromium.org/11787029 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@175821 0039d316-1c4b-4281-b951-d872f2087c98

Remove the socket_count parameter from NaCl Launch IPC messages.
After some refactoring, the socket_count is now hardcoded to 1, so we can assume there is only a single socket and avoid using a vector as well. BUG= http://code.google.com/p/nativeclient/issues/detail?id=3241 Review URL: https://codereview.chromium.org/11787029 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@175821 0039d316-1c4b-4281-b951-d872f2087c98
6294dd04 · jvoung@google.com · f2d7606b · 6294dd04 · 6294dd04 · 6294dd04
Commit 6294dd04 authored Jan 09, 2013 by jvoung@google.com
10 changed files
--- a/chrome/browser/nacl_host/nacl_process_host.cc
+++ b/chrome/browser/nacl_host/nacl_process_host.cc
@@ -127,8 +127,12 @@ ppapi::PpapiPermissions GetNaClPermissions(uint32 permission_bits) {
 }  // namespace
 struct NaClProcessHost::NaClInternal {
-  std::vector<nacl::Handle> sockets_for_renderer;
+  nacl::Handle socket_for_renderer;
-  std::vector<nacl::Handle> sockets_for_sel_ldr;
+  nacl::Handle socket_for_sel_ldr;
+  NaClInternal()
+    : socket_for_renderer(nacl::kInvalidHandle),
+      socket_for_sel_ldr(nacl::kInvalidHandle) { }
 };
 // -----------------------------------------------------------------------------
@@ -204,13 +208,14 @@ NaClProcessHost::~NaClProcessHost() {
    LOG(ERROR) << message;
  }
-  for (size_t i = 0; i < internal_->sockets_for_renderer.size(); i++) {
+  if (internal_->socket_for_renderer != nacl::kInvalidHandle) {
-    if (nacl::Close(internal_->sockets_for_renderer[i]) != 0) {
+    if (nacl::Close(internal_->socket_for_renderer) != 0) {
      NOTREACHED() << "nacl::Close() failed";
    }
  }
-  for (size_t i = 0; i < internal_->sockets_for_sel_ldr.size(); i++) {
-    if (nacl::Close(internal_->sockets_for_sel_ldr[i]) != 0) {
+  if (internal_->socket_for_sel_ldr != nacl::kInvalidHandle) {
+    if (nacl::Close(internal_->socket_for_sel_ldr) != 0) {
      NOTREACHED() << "nacl::Close() failed";
    }
  }
@@ -252,21 +257,12 @@ void NaClProcessHost::EarlyStartup() {
 void NaClProcessHost::Launch(
    ChromeRenderMessageFilter* chrome_render_message_filter,
-    int socket_count,
    IPC::Message* reply_msg,
    scoped_refptr<ExtensionInfoMap> extension_info_map) {
  chrome_render_message_filter_ = chrome_render_message_filter;
  reply_msg_ = reply_msg;
  extension_info_map_ = extension_info_map;
-  // Place an arbitrary limit on the number of sockets to limit
-  // exposure in case the renderer is compromised.  We can increase
-  // this if necessary.
-  if (socket_count > 8) {
-    delete this;
-    return;
-  }
  // Start getting the IRT open asynchronously while we launch the NaCl process.
  // We'll make sure this actually finished in StartWithLaunchedProcess, below.
  NaClBrowser* nacl_browser = NaClBrowser::GetInstance();
@@ -286,18 +282,16 @@ void NaClProcessHost::Launch(
  // This means the sandboxed renderer cannot send handles to the
  // browser process.
-  for (int i = 0; i < socket_count; i++) {
+  nacl::Handle pair[2];
-    nacl::Handle pair[2];
+  // Create a connected socket
-    // Create a connected socket
+  if (nacl::SocketPair(pair) == -1) {
-    if (nacl::SocketPair(pair) == -1) {
+    delete this;
-      delete this;
+    return;
-      return;
-    }
-    internal_->sockets_for_renderer.push_back(pair[0]);
-    internal_->sockets_for_sel_ldr.push_back(pair[1]);
-    SetCloseOnExec(pair[0]);
-    SetCloseOnExec(pair[1]);
  }
+  internal_->socket_for_renderer = pair[0];
+  internal_->socket_for_sel_ldr = pair[1];
+  SetCloseOnExec(pair[0]);
+  SetCloseOnExec(pair[1]);
  // Launch the process
  if (!LaunchSelLdr()) {
@@ -618,33 +612,31 @@ void NaClProcessHost::OnResourcesReady() {
 bool NaClProcessHost::ReplyToRenderer(
    const IPC::ChannelHandle& channel_handle) {
-  std::vector<nacl::FileDescriptor> handles_for_renderer;
+  nacl::FileDescriptor handle_for_renderer;
-  for (size_t i = 0; i < internal_->sockets_for_renderer.size(); i++) {
 #if defined(OS_WIN)
-    // Copy the handle into the renderer process.
+  // Copy the handle into the renderer process.
-    HANDLE handle_in_renderer;
+  HANDLE handle_in_renderer;
-    if (!DuplicateHandle(base::GetCurrentProcessHandle(),
+  if (!DuplicateHandle(base::GetCurrentProcessHandle(),
-                         reinterpret_cast<HANDLE>(
+                       reinterpret_cast<HANDLE>(
-                             internal_->sockets_for_renderer[i]),
+                           internal_->socket_for_renderer),
-                         chrome_render_message_filter_->peer_handle(),
+                       chrome_render_message_filter_->peer_handle(),
-                         &handle_in_renderer,
+                       &handle_in_renderer,
-                         0,  // Unused given DUPLICATE_SAME_ACCESS.
+                       0,  // Unused given DUPLICATE_SAME_ACCESS.
-                         FALSE,
+                       FALSE,
-                         DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
+                       DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
-      DLOG(ERROR) << "DuplicateHandle() failed";
+    DLOG(ERROR) << "DuplicateHandle() failed";
-      return false;
+    return false;
-    }
+  }
-    handles_for_renderer.push_back(
+  handle_for_renderer = reinterpret_cast<nacl::FileDescriptor>(
-        reinterpret_cast<nacl::FileDescriptor>(handle_in_renderer));
+      handle_in_renderer);
 #else
-    // No need to dup the imc_handle - we don't pass it anywhere else so
+  // No need to dup the imc_handle - we don't pass it anywhere else so
-    // it cannot be closed.
+  // it cannot be closed.
-    nacl::FileDescriptor imc_handle;
+  nacl::FileDescriptor imc_handle;
-    imc_handle.fd = internal_->sockets_for_renderer[i];
+  imc_handle.fd = internal_->socket_for_renderer;
-    imc_handle.auto_close = true;
+  imc_handle.auto_close = true;
-    handles_for_renderer.push_back(imc_handle);
+  handle_for_renderer = imc_handle;
 #endif
-  }
 #if defined(OS_WIN)
  // If we are on 64-bit Windows, the NaCl process's sandbox is
@@ -662,12 +654,12 @@ bool NaClProcessHost::ReplyToRenderer(
  const ChildProcessData& data = process_->GetData();
  ChromeViewHostMsg_LaunchNaCl::WriteReplyParams(
-      reply_msg_, handles_for_renderer,
+      reply_msg_, handle_for_renderer,
      channel_handle, base::GetProcId(data.handle), data.id);
  chrome_render_message_filter_->Send(reply_msg_);
  chrome_render_message_filter_ = NULL;
  reply_msg_ = NULL;
-  internal_->sockets_for_renderer.clear();
+  internal_->socket_for_renderer = nacl::kInvalidHandle;
  return true;
 }
@@ -719,12 +711,10 @@ bool NaClProcessHost::StartNaClExecution() {
  CHECK_NE(irt_file, base::kInvalidPlatformFileValue);
  const ChildProcessData& data = process_->GetData();
-  for (size_t i = 0; i < internal_->sockets_for_sel_ldr.size(); i++) {
+  if (!ShareHandleToSelLdr(data.handle,
-    if (!ShareHandleToSelLdr(data.handle,
+                           internal_->socket_for_sel_ldr, true,
-                             internal_->sockets_for_sel_ldr[i], true,
+                           &params.handles)) {
-                             &params.handles)) {
+    return false;
-      return false;
-    }
  }
  // Send over the IRT file handle.  We don't close our own copy!
@@ -766,7 +756,7 @@ bool NaClProcessHost::StartNaClExecution() {
  process_->Send(new NaClProcessMsg_Start(params));
-  internal_->sockets_for_sel_ldr.clear();
+  internal_->socket_for_sel_ldr = nacl::kInvalidHandle;
  return true;
 }

--- a/chrome/browser/nacl_host/nacl_process_host.h
+++ b/chrome/browser/nacl_host/nacl_process_host.h
@@ -59,7 +59,6 @@ class NaClProcessHost : public content::BrowserChildProcessHostDelegate {
  // Initialize the new NaCl process. Result is returned by sending ipc
  // message reply_msg.
  void Launch(ChromeRenderMessageFilter* chrome_render_message_filter,
-              int socket_count,
              IPC::Message* reply_msg,
              scoped_refptr<ExtensionInfoMap> extension_info_map);

--- a/chrome/browser/renderer_host/chrome_render_message_filter.cc
+++ b/chrome/browser/renderer_host/chrome_render_message_filter.cc
@@ -176,13 +176,12 @@ net::HostResolver* ChromeRenderMessageFilter::GetHostResolver() {
 void ChromeRenderMessageFilter::OnLaunchNaCl(const GURL& manifest_url,
                                             int render_view_id,
                                             uint32 permission_bits,
-                                             int socket_count,
                                             IPC::Message* reply_msg) {
  NaClProcessHost* host = new NaClProcessHost(manifest_url,
                                              render_view_id,
                                              permission_bits,
                                              off_the_record_);
-  host->Launch(this, socket_count, reply_msg, extension_info_map_);
+  host->Launch(this, reply_msg, extension_info_map_);
 }
 void ChromeRenderMessageFilter::OnGetReadonlyPnaclFd(

--- a/chrome/browser/renderer_host/chrome_render_message_filter.h
+++ b/chrome/browser/renderer_host/chrome_render_message_filter.h
@@ -81,7 +81,6 @@ class ChromeRenderMessageFilter : public content::BrowserMessageFilter {
  void OnLaunchNaCl(const GURL& manifest_url,
                    int render_view_id,
                    uint32 permission_bits,
-                    int socket_count,
                    IPC::Message* reply_msg);
  void OnGetReadonlyPnaclFd(const std::string& filename,
                            IPC::Message* reply_msg);

--- a/chrome/common/render_messages.h
+++ b/chrome/common/render_messages.h
@@ -541,13 +541,11 @@ IPC_MESSAGE_ROUTED3(ChromeViewHostMsg_ForwardMessageToExternalHost,
 // a new instance of the Native Client process. The browser will launch
 // the process and return an IPC channel handle. This handle will only
 // be valid if the NaCl IPC proxy is enabled.
-IPC_SYNC_MESSAGE_CONTROL4_4(ChromeViewHostMsg_LaunchNaCl,
+IPC_SYNC_MESSAGE_CONTROL3_4(ChromeViewHostMsg_LaunchNaCl,
                            GURL /* manifest_url */,
                            int /* render_view_id */,
                            uint32 /* permission_bits */,
-                            int /* socket count */,
+                            nacl::FileDescriptor /* imc channel handle */,
-                            std::vector<nacl::FileDescriptor>
-                                /* imc channel handles */,
                            IPC::ChannelHandle /* ipc_channel_handle */,
                            base::ProcessId /* plugin_pid */,
                            int /* plugin_child_id */)

--- a/chrome/renderer/pepper/ppb_nacl_private_impl.cc
+++ b/chrome/renderer/pepper/ppb_nacl_private_impl.cc
@@ -70,9 +70,8 @@ PP_NaClResult LaunchSelLdr(PP_Instance instance,
                           const char* alleged_url,
                           PP_Bool uses_ppapi,
                           PP_Bool enable_ppapi_dev,
-                           int socket_count,
+                           void* imc_handle) {
-                           void* imc_handles) {
+  nacl::FileDescriptor result_socket;
-  std::vector<nacl::FileDescriptor> sockets;
  IPC::Sender* sender = content::RenderThread::Get();
  if (sender == NULL)
    sender = g_background_thread_sender.Pointer()->get();
@@ -104,7 +103,7 @@ PP_NaClResult LaunchSelLdr(PP_Instance instance,
          instance_info.url,
          routing_id,
          perm_bits,
-          socket_count, &sockets,
+          &result_socket,
          &instance_info.channel_handle,
          &instance_info.plugin_pid,
          &instance_info.plugin_child_id))) {
@@ -120,11 +119,8 @@ PP_NaClResult LaunchSelLdr(PP_Instance instance,
  if (!invalid_handle)
    g_instance_info.Get()[instance] = instance_info;
-  CHECK(static_cast<int>(sockets.size()) == socket_count);
+  *(static_cast<nacl::Handle*>(imc_handle)) =
-  for (int i = 0; i < socket_count; i++) {
+      nacl::ToNativeHandle(result_socket);
-    static_cast<nacl::Handle*>(imc_handles)[i] =
-        nacl::ToNativeHandle(sockets[i]);
-  }
  return PP_NACL_OK;
 }

--- a/ppapi/api/private/ppb_nacl_private.idl
+++ b/ppapi/api/private/ppb_nacl_private.idl
@@ -37,9 +37,9 @@ enum PP_NaClError {
 /* PPB_NaCl_Private */
 interface PPB_NaCl_Private {
-  /* Launches NaCl's sel_ldr process.  Returns PP_NACL_OK on success and writes
+  /* Launches NaCl's sel_ldr process.  Returns PP_NACL_OK on success and
-   * |socket_count| nacl::Handles to imc_handles. Returns PP_NACL_FAILED on
+   * writes a nacl::Handle to imc_handle. Returns PP_NACL_FAILED on failure.
-   * failure. The |enable_ppapi_dev| parameter controls whether GetInterface
+   * The |enable_ppapi_dev| parameter controls whether GetInterface
   * returns 'Dev' interfaces to the NaCl plugin.  The |uses_ppapi| flag
   * indicates that the nexe run by sel_ldr will use the PPAPI APIs.
   * This implies that LaunchSelLdr is run from the main thread.  If a nexe
@@ -49,8 +49,7 @@ interface PPB_NaCl_Private {
                             [in] str_t alleged_url,
                             [in] PP_Bool uses_ppapi,
                             [in] PP_Bool enable_ppapi_dev,
-                             [in] int32_t socket_count,
+                             [out] mem_t imc_handle);
-                             [out] mem_t imc_handles);
  /* This function starts the IPC proxy so the nexe can communicate with the
   * browser. Returns PP_NACL_OK on success, otherwise a result code indicating

--- a/ppapi/c/private/ppb_nacl_private.h
+++ b/ppapi/c/private/ppb_nacl_private.h
@@ -3,7 +3,7 @@
 * found in the LICENSE file.
 */
-/* From private/ppb_nacl_private.idl modified Thu Dec 13 13:40:29 2012. */
+/* From private/ppb_nacl_private.idl modified Mon Jan  7 12:49:31 2013. */
 #ifndef PPAPI_C_PRIVATE_PPB_NACL_PRIVATE_H_
 #define PPAPI_C_PRIVATE_PPB_NACL_PRIVATE_H_
@@ -62,9 +62,9 @@ typedef enum {
 */
 /* PPB_NaCl_Private */
 struct PPB_NaCl_Private_1_0 {
-  /* Launches NaCl's sel_ldr process.  Returns PP_NACL_OK on success and writes
+  /* Launches NaCl's sel_ldr process.  Returns PP_NACL_OK on success and
-   * |socket_count| nacl::Handles to imc_handles. Returns PP_NACL_FAILED on
+   * writes a nacl::Handle to imc_handle. Returns PP_NACL_FAILED on failure.
-   * failure. The |enable_ppapi_dev| parameter controls whether GetInterface
+   * The |enable_ppapi_dev| parameter controls whether GetInterface
   * returns 'Dev' interfaces to the NaCl plugin.  The |uses_ppapi| flag
   * indicates that the nexe run by sel_ldr will use the PPAPI APIs.
   * This implies that LaunchSelLdr is run from the main thread.  If a nexe
@@ -74,8 +74,7 @@ struct PPB_NaCl_Private_1_0 {
                                const char* alleged_url,
                                PP_Bool uses_ppapi,
                                PP_Bool enable_ppapi_dev,
-                                int32_t socket_count,
+                                void* imc_handle);
-                                void* imc_handles);
  /* This function starts the IPC proxy so the nexe can communicate with the
   * browser. Returns PP_NACL_OK on success, otherwise a result code indicating
   * the failure. PP_NACL_FAILED is returned if LaunchSelLdr wasn't called with

--- a/ppapi/native_client/src/trusted/plugin/nacl_entry_points.h
+++ b/ppapi/native_client/src/trusted/plugin/nacl_entry_points.h
@@ -20,8 +20,7 @@ typedef PP_NaClResult (*LaunchNaClProcessFunc)(PP_Instance instance,
                                               const char* alleged_url,
                                               PP_Bool uses_ppapi,
                                               PP_Bool enable_ppapi_dev,
-                                               int socket_count,
+                                               nacl::Handle* result_socket);
-                                               nacl::Handle* result_sockets);
 extern LaunchNaClProcessFunc launch_nacl_process;

--- a/ppapi/native_client/src/trusted/plugin/sel_ldr_launcher_chrome.cc
+++ b/ppapi/native_client/src/trusted/plugin/sel_ldr_launcher_chrome.cc
@@ -21,13 +21,10 @@ bool SelLdrLauncherChrome::Start(PP_Instance instance,
  if (!launch_nacl_process)
    return false;
  // send a synchronous message to the browser process
-  // TODO(sehr): This is asserted to be one.  Remove this parameter.
-  static const int kNumberOfChannelsToBeCreated = 1;
  if (launch_nacl_process(instance,
                          url,
                          PP_FromBool(uses_ppapi),
                          PP_FromBool(enable_ppapi_dev),
-                          kNumberOfChannelsToBeCreated,
                          &channel_) != PP_NACL_OK) {
    return false;
  }