fuchsia: make NativeLibrary use fdio_get_vmo_exec

This lets us remove ambient replace-as-executable from things that don't use V8. This includes: * cast_runner and web_runner, which simply provide fuchsia.sys.Runner glue implementations * http, which provides a legacy HTTP implementation that also doesn't need to directly execute memory. We can also remove the implied executability from some tests. As a start, convert the base unittests (which test LoadLibrary) to eschew the deprecated-ambient-replace-as-executable feature. Bug: fxb/37924 Change-Id: I461312972881a0e05d31834227e482c78b445ef9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1881697 Commit-Queue: Drew Fisher <zarvox@google.com> Reviewed-by: Wez <wez@chromium.org> Cr-Commit-Position: refs/heads/master@{#711367}

fuchsia: make NativeLibrary use fdio_get_vmo_exec
This lets us remove ambient replace-as-executable from things that don't use V8. This includes: * cast_runner and web_runner, which simply provide fuchsia.sys.Runner glue implementations * http, which provides a legacy HTTP implementation that also doesn't need to directly execute memory. We can also remove the implied executability from some tests. As a start, convert the base unittests (which test LoadLibrary) to eschew the deprecated-ambient-replace-as-executable feature. Bug: fxb/37924 Change-Id: I461312972881a0e05d31834227e482c78b445ef9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1881697 Commit-Queue: Drew Fisher <zarvox@google.com> Reviewed-by: Wez <wez@chromium.org> Cr-Commit-Position: refs/heads/master@{#711367}
689f4ac0 · Drew Fisher · Commit Bot · 80f0a769 · 689f4ac0 · 689f4ac0
Commit 689f4ac0 authored Oct 31, 2019 by Drew Fisher Committed by Commit Bot Oct 31, 2019
8 changed files
--- a/base/BUILD.gn
+++ b/base/BUILD.gn
@@ -3118,6 +3118,8 @@ test("base_unittests") {
      "//third_party/fuchsia-sdk/sdk:sys",
      "//third_party/fuchsia-sdk/sdk:sys_cpp",
    ]
+
+    manifest = "//build/config/fuchsia/tests.cmx"
  }

  if (!is_fuchsia && !is_ios) {

--- a/base/native_library_fuchsia.cc
+++ b/base/native_library_fuchsia.cc
@@ -5,6 +5,8 @@
 #include "base/native_library.h"

 #include <fcntl.h>
+#include <fuchsia/io/cpp/fidl.h>
+#include <lib/fdio/directory.h>
 #include <lib/fdio/io.h>
 #include <lib/zx/vmo.h>
 #include <stdio.h>
@@ -43,37 +45,29 @@ NativeLibrary LoadNativeLibraryWithOptions(const FilePath& library_path,
  FilePath computed_path;
  base::PathService::Get(DIR_SOURCE_ROOT, &computed_path);
  computed_path = computed_path.AppendASCII("lib").Append(components[0]);
-  base::File library(computed_path,
-                     base::File::FLAG_OPEN | base::File::FLAG_READ);
-  if (!library.IsValid()) {
-    if (error) {
-      error->message = base::StringPrintf(
-          "open library: %s",
-          base::File::ErrorToString(library.error_details()).c_str());
-    }
-    return nullptr;
-  }

-  zx::vmo vmo;
-  zx_status_t status = fdio_get_vmo_clone(library.GetPlatformFile(),
-                                          vmo.reset_and_get_address());
+  // Use fdio_open_fd (a Fuchsia-specific API) here so we can pass the
+  // appropriate FS rights flags to request executability.
+  // TODO(1018538): Teach base::File about FLAG_EXECUTE on Fuchsia, and then
+  // use it here instead of using fdio_open_fd() directly.
+  base::ScopedFD fd;
+  zx_status_t status = fdio_open_fd(
+      computed_path.value().c_str(),
+      fuchsia::io::OPEN_RIGHT_READABLE | fuchsia::io::OPEN_RIGHT_EXECUTABLE,
+      base::ScopedFD::Receiver(fd).get());
  if (status != ZX_OK) {
    if (error) {
-      error->message = base::StringPrintf("fdio_get_vmo_clone: %s",
-                                          zx_status_get_string(status));
+      error->message =
+          base::StringPrintf("fdio_open_fd: %s", zx_status_get_string(status));
    }
    return nullptr;
  }

-  // VMOs must be marked as exec-capable to be mapped executable in dlopen_vmo,
-  // and fdio_get_vmo_clone shouldn't be marking every VMO it returns
-  // exec-capable.  So we should mark it as exec-capable here.
-  // In the fullness of time, this invalid handle should be swapped out for a
-  // ZX_RSRC_KIND_VMEX handle.
-  status = vmo.replace_as_executable(zx::handle(), &vmo);
+  zx::vmo vmo;
+  status = fdio_get_vmo_exec(fd.get(), vmo.reset_and_get_address());
  if (status != ZX_OK) {
    if (error) {
-      error->message = base::StringPrintf("zx_vmo_replace_as_executable: %s",
+      error->message = base::StringPrintf("fdio_get_vmo_exec: %s",
                                          zx_status_get_string(status));
    }
    return nullptr;

--- a/build/config/fuchsia/package.gni
+++ b/build/config/fuchsia/package.gni
@@ -12,7 +12,7 @@ import("//build/config/sysroot.gni")
 #     if different than |target_name|.
 # binary: The executable target which should be launched.
 # manifest: A path to the manifest that will be used.
-#     "testonly" targets default to using //build/config/fuchsia/tests.cmx.
+#     "testonly" targets default to using //build/config/fuchsia/tests-with-exec.cmx.
 #     Non-test targets must explicitly specify a |manifest|.
 # deps: Additional targets to build and include in the package (optional).
 template("fuchsia_package") {
@@ -27,7 +27,10 @@ template("fuchsia_package") {

    if (!defined(manifest)) {
      assert(testonly == true)
-      manifest = "//build/config/fuchsia/tests.cmx"
+
+      # TODO(1019938): switch the default to tests.cmx which doesn't request
+      # the deprecated-ambient-replace-as-executable feature.
+      manifest = "//build/config/fuchsia/tests-with-exec.cmx"
    }
  }
  assert(defined(pkg.binary))

--- a/build/config/fuchsia/tests-with-exec.cmx
+++ b/build/config/fuchsia/tests-with-exec.cmx
+{
+  "sandbox": {
+    "features": [
+      "deprecated-ambient-replace-as-executable",
+      "isolated-persistent-storage",
+      "isolated-temp",
+      "root-ssl-certificates",
+      "vulkan"
+    ],
+    "dev": [
+      "null",
+      "zero"
+    ],
+    "services": [
+      "fuchsia.device.NameProvider",
+      "fuchsia.deprecatedtimezone.Timezone",
+      "fuchsia.fonts.Provider",
+      "fuchsia.logger.Log",
+      "fuchsia.logger.LogSink",
+      "fuchsia.media.Audio",
+      "fuchsia.media.drm.Widevine",
+      "fuchsia.mediacodec.CodecFactory",
+      "fuchsia.net.NameLookup",
+      "fuchsia.netstack.Netstack",
+      "fuchsia.posix.socket.Provider",
+      "fuchsia.process.Launcher",
+      "fuchsia.sys.Environment",
+      "fuchsia.sys.Launcher",
+      "fuchsia.sys.Loader",
+      "fuchsia.sysmem.Allocator",
+      "fuchsia.ui.input.ImeService",
+      "fuchsia.ui.input.ImeVisibilityService",
+      "fuchsia.web.ContextProvider"
+    ]
+  }
+}
--- a/build/config/fuchsia/tests.cmx
+++ b/build/config/fuchsia/tests.cmx
 {
  "sandbox": {
    "features": [
-      "deprecated-ambient-replace-as-executable",
      "isolated-persistent-storage",
      "isolated-temp",
      "root-ssl-certificates",

--- a/fuchsia/engine/web_engine_integration_tests.cmx
+++ b/fuchsia/engine/web_engine_integration_tests.cmx
 {
  "sandbox": {
    "features": [
-      "deprecated-ambient-replace-as-executable",
      "hub",
      "isolated-persistent-storage",
      "isolated-temp"

--- a/fuchsia/runners/cast/cast_runner.cmx
+++ b/fuchsia/runners/cast/cast_runner.cmx
 {
  "sandbox": {
-    "features": [
-      "deprecated-ambient-replace-as-executable"
-    ],
    "services": [
      "chromium.cast.ApplicationConfigManager",
      "fuchsia.deprecatedtimezone.Timezone",

--- a/fuchsia/runners/web/web_runner.cmx
+++ b/fuchsia/runners/web/web_runner.cmx
 {
  "sandbox": {
    "features": [
-      "isolated-persistent-storage",
-      "deprecated-ambient-replace-as-executable"
+      "isolated-persistent-storage"
    ],
    "services": [
      "fuchsia.deprecatedtimezone.Timezone",