3

In Google's NaCl (native client) SDK there is sel_ldr.py (secure elf loader), which allows a user to run a NaCl executable (.nexe) created through the NaCl or PNaCl toolchain. What exactly does sel_ldr.py do while running these .nexe files?

Specifically how does sel_ldr handle operating system calls of the NaCl executables? Reading NaCl documentation most of the information pertains to using the pepper API to create Chrome browser portable applications, and there is not much detail on how the sel_ldr service-runtime handles these NaCl executables.

I have created many NaCl executables that while running in sel_ldr can create directories, files, pipe, sleep, and use various other system calls and it works correctly. I know native client itself monitors system calls. Is that monitoring done through the use of the pepper API or does sel_ldr.py intercept and redirect system calls to NaCl's own system call implementations within its service-runtime sandbox?

Fish Below the Ice
  • 1,273
  • 13
  • 23
Guy Axel
  • 33
  • 5

1 Answers1

4

NaCl is a small operating system which shims calls to the underlying operating system. The inner sandbox can't do regular syscalls (the validator enforces this), so it has to go through NaCl's trampoline syscalls which jump to trusted code that performs similar types of checking that regular operating systems would do before calling the underlying operating system's own syscall.

Pepper API calls are just another type of syscall, but they're only present when embedded within Chrome. Pepper calls are in reality inter-process communication between a NaCl module and Chrome processes.

The overall implementation is the service runtime, a good description can be found in the original NaCl research paper. There's an older site (unfortunately not the current documentation) with an anatomy of a syscall, and the source is obviously open.

JF Bastien
  • 6,673
  • 2
  • 26
  • 34
  • 1
    Stack Overflow won't let me post more than 2 links, so here are source references: [the developer-exposed header](http://src.chromium.org/viewvc/native_client/trunk/src/native_client/src/trusted/service_runtime/include/sys/nacl_syscalls.h) and the [x86-32 context switch](http://src.chromium.org/viewvc/native_client/trunk/src/native_client/src/trusted/service_runtime/arch/x86_32/nacl_syscall_32.S) code. – JF Bastien Sep 03 '14 at 21:20
  • 1
    This is an excellent answer! I'm very happy Chrome developers are on Stack Overflow. When the devenv gets a compiler I'll be dancing with joy. – Janus Troelsen Jan 12 '15 at 04:28