3 * Copyright (c) 2012 The Native Client Authors. All rights reserved.
4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file.
8 #ifndef NATIVE_CLIENT_SRC_TRUSTED_REVERSE_SERVICE_REVERSE_SERVICE_H_
9 #define NATIVE_CLIENT_SRC_TRUSTED_REVERSE_SERVICE_REVERSE_SERVICE_H_
13 #include "native_client/src/include/nacl_compiler_annotations.h"
14 #include "native_client/src/include/nacl_macros.h"
15 #include "native_client/src/include/nacl_scoped_ptr.h"
16 #include "native_client/src/include/nacl_string.h"
18 #include "native_client/src/public/name_service.h"
19 #include "native_client/src/shared/platform/refcount_base.h"
20 #include "native_client/src/shared/platform/nacl_sync.h"
21 #include "native_client/src/trusted/desc/nacl_desc_wrapper.h"
22 #include "native_client/src/trusted/reverse_service/reverse_service_c.h"
23 #include "native_client/src/trusted/service_runtime/include/sys/errno.h"
29 // The CreateProcessFunctorInterface allows delivery of results to an
30 // RPC handler via the Results arguments. This is so that RPC
31 // handlers can invoke their done closure to send the output arguments
32 // -- when the functor returns, the code that invoked the
33 // CreateProcessFunctorInterface can unlock mutex locks, deallocate
34 // memory, or finalize storage as needed. (See the 2-phase comment in
35 // src/trusted/sel_universal/reverse_emulate.cc,
36 // ReverseEmulate::CreateProcessFunctorResult.)
38 // The out_pid_or_errno contains an identifier for informing the
39 // embedding interface that it is okay to free the resources
40 // associated with the child process once it has exited, or a negative
41 // ABI error value otherwise (see
42 // service_runtime/include/sys/errno.h).
43 class CreateProcessFunctorInterface {
45 CreateProcessFunctorInterface() {}
46 virtual ~CreateProcessFunctorInterface() {}
48 virtual void Results(nacl::DescWrapper* out_sock_addr,
49 nacl::DescWrapper* out_app_addr,
50 int32_t out_pid_or_errno) = 0;
54 class ReverseInterface : public RefCountBase {
56 virtual ~ReverseInterface() {}
59 virtual void StartupInitializationComplete() = 0;
63 // Some of these functions require that the actual operation be done
64 // in a different thread, so that the implementation of the
65 // interface will have to block the requesting thread. However, on
66 // surf away, the thread switch may get cancelled, and the
67 // implementation will have to reply with a failure indication.
69 // The bool functions returns false if the service thread unblocked
70 // because of surf-away, shutdown, or other issues. The plugin,
71 // when it tells sel_ldr to shut down, will also signal all threads
72 // that are waiting for main thread callbacks to wake up and abandon
73 // their vigil after the callbacks are all cancelled (by abandoning
74 // the WeakRefAnchor or by bombing their CompletionCallbackFactory).
75 // Since shutdown/surfaway is the only admissible error, we use bool
76 // as the return type.
77 virtual bool EnumerateManifestKeys(std::set<nacl::string>* keys) = 0;
79 virtual bool OpenManifestEntry(nacl::string url_key,
80 struct NaClFileInfo* info) = 0;
81 virtual bool CloseManifestEntry(int32_t desc) = 0;
82 virtual void ReportCrash() = 0;
84 // The low-order 8 bits of the |exit_status| should be reported to
85 // any interested parties.
86 virtual void ReportExitStatus(int exit_status) = 0;
88 // Standard output and standard error redirection, via setting
89 // NACL_EXE_STDOUT to the string "DEBUG_ONLY:dev://postmessage" (see
90 // native_client/src/trusted/nacl_resource.* and sel_ldr). NB: the
91 // contents of |message| is arbitrary bytes and not an Unicode
92 // string, so the implementation should take care to handle this
94 virtual void DoPostMessage(nacl::string message) = 0;
96 // Create new service runtime process and return secure command
97 // channel and untrusted application channel socket addresses. Returns
98 // 0 if successful or negative ABI error value otherwise (see
99 // service_runtime/include/sys/errno.h).
100 // TODO(phosek): remove the stub interface once the plugin provides one.
101 virtual int CreateProcess(nacl::DescWrapper** out_sock_addr,
102 nacl::DescWrapper** out_app_addr) {
103 UNREFERENCED_PARAMETER(out_sock_addr);
104 UNREFERENCED_PARAMETER(out_app_addr);
105 return -NACL_ABI_EAGAIN;
108 // Create new service runtime process and return, via the functor,
109 // the secure command channel and untrusted application channel
110 // socket addresses and a non-negative pid or negated errno value.
111 // See CreateProcessFunctorInterface above.
113 // TODO(bsy): remove the stub interface once the plugin provides
115 virtual void CreateProcessFunctorResult(
116 CreateProcessFunctorInterface* functor) {
117 UNREFERENCED_PARAMETER(functor);
120 virtual void FinalizeProcess(int32_t pid) {
121 UNREFERENCED_PARAMETER(pid);
125 // Quota checking for files that were sent to the untrusted module.
126 // TODO(sehr): remove the stub interface once the plugin provides one.
127 virtual int64_t RequestQuotaForWrite(nacl::string file_id,
129 int64_t bytes_to_write) {
130 UNREFERENCED_PARAMETER(file_id);
131 UNREFERENCED_PARAMETER(offset);
132 return bytes_to_write;
135 // covariant impl of Ref()
136 ReverseInterface* Ref() { // down_cast
137 return reinterpret_cast<ReverseInterface*>(RefCountBase::Ref());
141 class ReverseService : public RefCountBase {
143 ReverseService(DescWrapper* conn_cap, ReverseInterface* rif);
145 // covariant impl of Ref()
146 ReverseService* Ref() { // down_cast
147 return reinterpret_cast<ReverseService*>(RefCountBase::Ref());
150 // Start starts the reverse service by initiating a connection on
151 // the conn_cap and spawning a service thread using the
152 // ReverseInterface rif, both provided in the ctor.
154 // If |crash_report| is true, then the ReportCrash virtual function
155 // will be invoked when the reverse channel is closed. Typically
156 // this is needed only in one (the "primary" or "bootstrap")
157 // instance of the reverse service, since additional channels
158 // created are often used for and are under application program
159 // control, and the untrusted application should be able to close
160 // those channels without generating a false crash report.
161 bool Start(bool crash_report);
167 void WaitForServiceThreadsToExit();
169 void IncrThreadCount();
170 void DecrThreadCount();
172 ReverseInterface* reverse_interface() const { return reverse_interface_; }
178 NACL_DISALLOW_COPY_AND_ASSIGN(ReverseService);
180 NaClReverseService* service_;
181 ReverseInterface* reverse_interface_;