system/ulib/loader-service/loader-service.c - zircon - Git at Google

 // Copyright 2016 The Fuchsia Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include <loader-service/loader-service.h>

 #include <lib/async/loop.h>
 #include <lib/async/wait.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <fdio/io.h>
 #include <inttypes.h>
 #include <ldmsg/ldmsg.h>
 #include <limits.h>
 #include <stdatomic.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/stat.h>
 #include <unistd.h>
 #include <zircon/compiler.h>
 #include <zircon/device/vfs.h>
 #include <zircon/status.h>
 #include <zircon/syscalls.h>
 #include <zircon/types.h>

 #define PREFIX_MAX 32

 struct loader_service {
     atomic_int refcount;
     async_t* async;

     const loader_service_ops_t* ops;
     void* ctx;
     int dirfd; // Used by fd_ops.

     char config_prefix[PREFIX_MAX];
     bool config_exclusive;
 };

 static void loader_service_addref(loader_service_t* svc) {
     atomic_fetch_add(&svc->refcount, 1);
 }

 static void loader_service_deref(loader_service_t* svc) {
     if (atomic_fetch_sub(&svc->refcount, 1) == 1) {
         if (svc->ops->finalizer)
             svc->ops->finalizer(svc->ctx);
         free(svc);
     }
 }

 static const char* const libpaths[] = {
     "/system/lib",
     "/boot/lib",
 };

 zx_status_t loader_service_publish_data_sink_fs(const char* sink_name, zx_handle_t vmo) {
     union {
         vmo_create_config_t header;
         struct {
             alignas(vmo_create_config_t) char h[sizeof(vmo_create_config_t)];
             char name[ZX_MAX_NAME_LEN];
         };
     } config;

     zx_status_t status = zx_object_get_property(
         vmo, ZX_PROP_NAME, config.name, sizeof(config.name));
     if (status != ZX_OK)
         return status;
     if (config.name[0] == '\0') {
         zx_info_handle_basic_t info;
         status = zx_object_get_info(vmo, ZX_INFO_HANDLE_BASIC,
                                     &info, sizeof(info), NULL, NULL);
         if (status != ZX_OK)
             return status;
         snprintf(config.name, sizeof(config.name), "unnamed.%" PRIu64,
                  info.koid);
     }

     int tmp_dir_fd = open("/tmp", O_DIRECTORY);
     if (tmp_dir_fd < 0) {
         fprintf(stderr, "dlsvc: cannot open /tmp for data-sink \"%s\": %m\n",
                 sink_name);
         close(tmp_dir_fd);
         zx_handle_close(vmo);
         return ZX_ERR_NOT_FOUND;
     }
     if (mkdirat(tmp_dir_fd, sink_name, 0777) != 0 && errno != EEXIST) {
         fprintf(stderr, "dlsvc: cannot mkdir \"/tmp/%s\" for data-sink: %m\n",
                 sink_name);
         close(tmp_dir_fd);
         zx_handle_close(vmo);
         return ZX_ERR_NOT_FOUND;
     }
     int sink_dir_fd = openat(tmp_dir_fd, sink_name, O_RDONLY | O_DIRECTORY);
     close(tmp_dir_fd);
     if (sink_dir_fd < 0) {
         fprintf(stderr,
                 "dlsvc: cannot open data-sink directory \"/tmp/%s\": %m\n",
                 sink_name);
         zx_handle_close(vmo);
         return ZX_ERR_NOT_FOUND;
     }

     config.header.vmo = vmo;
     ssize_t result = ioctl_vfs_vmo_create(
         sink_dir_fd, &config.header,
         sizeof(config.header) + strlen(config.name) + 1);
     close(sink_dir_fd);

     if (result < 0) {
         fprintf(stderr,
                 "dlsvc: ioctl_vfs_vmo_create failed"
                 " for data-sink \"%s\" item \"%s\": %s\n",
                 sink_name, config.name, zx_status_get_string(result));
         return result;
     }
     return ZX_OK;
 }

 // When loading a library object, search in the hard-coded locations.
 static int open_from_libpath(const char* fn) {
     int fd = -1;
     for (size_t n = 0; fd < 0 && n < countof(libpaths); ++n) {
         char path[PATH_MAX];
         snprintf(path, sizeof(path), "%s/%s", libpaths[n], fn);
         fd = open(path, O_RDONLY);
     }
     return fd;
 }

 // Always consumes the fd.
 static zx_handle_t load_object_fd(int fd, const char* fn, zx_handle_t* out) {
     zx_status_t status = fdio_get_vmo(fd, out);
     close(fd);
     if (status == ZX_OK)
         zx_object_set_property(*out, ZX_PROP_NAME, fn, strlen(fn));
     return status;
 }

 static zx_status_t fs_load_object(void* ctx, const char* name, zx_handle_t* out) {
     int fd = open_from_libpath(name);
     if (fd >= 0)
         return load_object_fd(fd, name, out);
     return ZX_ERR_NOT_FOUND;
 }

 static zx_status_t fs_load_abspath(void* ctx, const char* path, zx_handle_t* out) {
     int fd = open(path, O_RDONLY);
     if (fd >= 0)
         return load_object_fd(fd, path, out);
     return ZX_ERR_NOT_FOUND;
 }

 // For now, just publish data-sink VMOs as files under /tmp/<sink-name>/.
 // The individual file is named by its VMO's name.
 static zx_status_t fs_publish_data_sink(void* ctx, const char* name, zx_handle_t vmo) {
     return loader_service_publish_data_sink_fs(name, vmo);
 }

 static const loader_service_ops_t fs_ops = {
     .load_object = fs_load_object,
     .load_abspath = fs_load_abspath,
     .publish_data_sink = fs_publish_data_sink,
 };

 static zx_status_t fd_load_object(void* ctx, const char* name, zx_handle_t* out) {
     int dirfd = *(int*)ctx;
     char path[PATH_MAX];
     if (snprintf(path, sizeof(path), "lib/%s", name) >= PATH_MAX)
         return ZX_ERR_BAD_PATH;
     int fd = openat(dirfd, path, O_RDONLY);
     if (fd >= 0)
         return load_object_fd(fd, name, out);
     return ZX_ERR_NOT_FOUND;
 }

 static zx_status_t fd_load_abspath(void* ctx, const char* path, zx_handle_t* out) {
     int dirfd = *(int*)ctx;
     int fd = openat(dirfd, path, O_RDONLY);
     if (fd >= 0)
         return load_object_fd(fd, path, out);
     return ZX_ERR_NOT_FOUND;
 }

 static zx_status_t fd_publish_data_sink(void* ctx, const char* name, zx_handle_t vmo) {
     zx_handle_close(vmo);
     return ZX_ERR_NOT_SUPPORTED;
 }

 static zx_status_t fd_finalizer(void* ctx) {
     int dirfd = *(int*)ctx;
     close(dirfd);
     return ZX_OK;
 }

 static const loader_service_ops_t fd_ops = {
     .load_object = fd_load_object,
     .load_abspath = fd_load_abspath,
     .publish_data_sink = fd_publish_data_sink,
     .finalizer = fd_finalizer,
 };

 static zx_status_t loader_service_rpc(zx_handle_t h, loader_service_t* svc) {
     ldmsg_req_t req;
     uint32_t req_len = sizeof(req);
     zx_handle_t req_handle = ZX_HANDLE_INVALID;
     uint32_t req_handle_len;
     zx_status_t status =
         zx_channel_read(h, 0, &req, &req_handle, req_len, 1, &req_len, &req_handle_len);
     if (status != ZX_OK) {
         // This is the normal error for the other end going away,
         // which happens when the process dies.
         if (status != ZX_ERR_PEER_CLOSED)
             fprintf(stderr, "dlsvc: msg read error %d: %s\n", status, zx_status_get_string(status));
         return status;
     }

     const char* data = NULL;
     size_t len = 0;
     status = ldmsg_req_decode(&req, req_len, &data, &len);

     if (status != ZX_OK) {
         zx_handle_close(req_handle);
         fprintf(stderr, "dlsvc: invalid message\n");
         return ZX_ERR_IO;
     }

     zx_handle_t rsp_handle = ZX_HANDLE_INVALID;
     switch (req.header.ordinal) {
     case LDMSG_OP_CONFIG: {
         size_t len = strlen(data);
         if (len < 2 || len >= sizeof(svc->config_prefix) - 1 || strchr(data, '/') != NULL) {
             status = ZX_ERR_INVALID_ARGS;
             break;
         }
         strncpy(svc->config_prefix, data, len + 1);
         svc->config_exclusive = false;
         if (svc->config_prefix[len - 1] == '!') {
             --len;
             svc->config_exclusive = true;
         }
         svc->config_prefix[len] = '/';
         svc->config_prefix[len + 1] = '\0';
         status = ZX_OK;
         break;
     }
     case LDMSG_OP_LOAD_OBJECT:
         // If a prefix is configured, try loading with that prefix first
         if (svc->config_prefix[0] != '\0') {
             size_t maxlen = PREFIX_MAX + strlen(data) + 1;
             char prefixed_name[maxlen];
             snprintf(prefixed_name, maxlen, "%s%s", svc->config_prefix, data);
             if (((status = svc->ops->load_object(svc->ctx, prefixed_name, &rsp_handle)) == ZX_OK) ||
                 svc->config_exclusive) {
                 // if loading with prefix succeeds, or loading
                 // with prefix is configured to be exclusive of
                 // non-prefix loading, stop here
                 break;
             }
             // otherwise, if non-exclusive, try loading without the prefix
         }
         status = svc->ops->load_object(svc->ctx, data, &rsp_handle);
         break;
     case LDMSG_OP_LOAD_SCRIPT_INTERPRETER:
     case LDMSG_OP_DEBUG_LOAD_CONFIG:
         // When loading a script interpreter or debug configuration file,
         // we expect an absolute path.
         if (data[0] != '/') {
             fprintf(stderr, "dlsvc: invalid %s '%s' is not an absolute path\n",
                     req.header.ordinal == LDMSG_OP_LOAD_SCRIPT_INTERPRETER ? "script interpreter" : "debug config file",
                     data);
             status = ZX_ERR_NOT_FOUND;
             break;
         }
         status = svc->ops->load_abspath(svc->ctx, data, &rsp_handle);
         break;
     case LDMSG_OP_DEBUG_PUBLISH_DATA_SINK:
         status = svc->ops->publish_data_sink(svc->ctx, data, req_handle);
         req_handle = ZX_HANDLE_INVALID;
         break;
     case LDMSG_OP_CLONE:
         status = loader_service_attach(svc, req_handle);
         req_handle = ZX_HANDLE_INVALID;
         break;
     case LDMSG_OP_DEBUG_PRINT:
         fprintf(stderr, "dlsvc: debug: %s\n", data);
         status = ZX_OK;
         break;
     case LDMSG_OP_DONE:
         zx_handle_close(req_handle);
         return ZX_ERR_PEER_CLOSED;
     default:
         // This case cannot happen because ldmsg_req_decode will return an
         // error for invalid ordinals.
         __builtin_trap();
     }

     if (status == ZX_ERR_NOT_FOUND) {
         fprintf(stderr, "dlsvc: could not open '%s'\n", data);
     }

     if (req_handle != ZX_HANDLE_INVALID) {
         fprintf(stderr, "dlsvc: unused handle (%#x) opcode=%#x data=\"%s\"\n",
                 req_handle, req.header.ordinal, data);
         zx_handle_close(req_handle);
     }

     ldmsg_rsp_t rsp;
     memset(&rsp, 0, sizeof(rsp));
     rsp.header.txid = req.header.txid;
     rsp.header.ordinal = req.header.ordinal;
     rsp.rv = status;
     rsp.object = rsp_handle == ZX_HANDLE_INVALID ? FIDL_HANDLE_ABSENT : FIDL_HANDLE_PRESENT;
     if ((status = zx_channel_write(h, 0, &rsp, ldmsg_rsp_get_size(&rsp),
                                    &rsp_handle, rsp_handle != ZX_HANDLE_INVALID ? 1 : 0)) < 0) {
         fprintf(stderr, "dlsvc: msg write error: %d: %s\n", status, zx_status_get_string(status));
         return status;
     }
     return ZX_OK;
 }

 zx_status_t loader_service_create(async_t* async,
                                   const loader_service_ops_t* ops,
                                   void* ctx,
                                   loader_service_t** out) {
     if (out == NULL || ops == NULL) {
         return ZX_ERR_INVALID_ARGS;
     }

     loader_service_t* svc = calloc(1, sizeof(loader_service_t));
     if (svc == NULL) {
         return ZX_ERR_NO_MEMORY;
     }

     if (!async) {
         zx_status_t status = async_loop_create(NULL, &async);
         if (status != ZX_OK) {
             free(svc);
             return status;
         }

         status = async_loop_start_thread(async, "loader-service", NULL);
         if (status != ZX_OK) {
             free(svc);
             async_loop_destroy(async);
             return status;
         }
     }

     svc->async = async;
     svc->ops = ops;
     svc->ctx = ctx;

     // When we create the loader service, we initialize the refcount to 1, which
     // causes the loader service to stay alive at least until someone calls
     // |loader_service_release|, at which point the service will be destroyed
     // once the last client goes away.
     loader_service_addref(svc);

     *out = svc;
     return ZX_OK;
 }

 zx_status_t loader_service_release(loader_service_t* svc) {
     // This call to |loader_service_deref| balances the |loader_service_addref|
     // call in |loader_service_create|. This reference prevents the loader
     // service from being destroyed before its creator is done with it.
     loader_service_deref(svc);
     return ZX_OK;
 }

 zx_status_t loader_service_create_fs(async_t* async,
                                      loader_service_t** out) {
     return loader_service_create(async, &fs_ops, NULL, out);
 }

 zx_status_t loader_service_create_fd(async_t* async,
                                      int dirfd,
                                      loader_service_t** out) {
     loader_service_t* svc;
     zx_status_t status = loader_service_create(async, &fd_ops, NULL, &svc);
     svc->dirfd = dirfd;
     svc->ctx = &svc->dirfd;
     *out = svc;
     return status;
 }

 typedef struct loader_service_wait loader_service_wait_t;
 struct loader_service_wait {
     async_wait_t wait;
     loader_service_t* svc;
 };

 static inline loader_service_t* loader_service_wait_get_svc(async_wait_t* wait) {
     return ((loader_service_wait_t*)wait)->svc;
 }

 static async_wait_result_t loader_service_handler(async_t* async,
                                                   async_wait_t* wait,
                                                   zx_status_t status,
                                                   const zx_packet_signal_t* signal) {
     loader_service_t* svc = loader_service_wait_get_svc(wait);
     if (status != ZX_OK)
         goto stop;
     status = loader_service_rpc(wait->object, svc);
     if (status != ZX_OK)
         goto stop;
     return ASYNC_WAIT_AGAIN;
 stop:
     zx_handle_close(wait->object);
     free(wait);
     loader_service_deref(svc); // Balanced in |loader_service_attach|.
     return ASYNC_WAIT_FINISHED;
 }

 zx_status_t loader_service_attach(loader_service_t* svc, zx_handle_t h) {
     zx_status_t status = ZX_OK;
     loader_service_wait_t* wait = NULL;

     if (svc == NULL) {
         status = ZX_ERR_INVALID_ARGS;
         goto done;
     }

     wait = calloc(1, sizeof(loader_service_wait_t));
     if (wait == NULL) {
         status = ZX_ERR_NO_MEMORY;
         goto done;
     }

     wait->wait.handler = loader_service_handler;
     wait->wait.object = h;
     wait->wait.trigger = ZX_CHANNEL_READABLE | ZX_CHANNEL_PEER_CLOSED;
     wait->wait.flags = ASYNC_FLAG_HANDLE_SHUTDOWN;
     wait->svc = svc;

     status = async_begin_wait(svc->async, (async_wait_t*)wait);

     if (status == ZX_OK)
         loader_service_addref(svc); // Balanced in |loader_service_handler|.

 done:
     if (status != ZX_OK) {
         zx_handle_close(h);
         free(wait);
     }
     return status;
 }

 zx_status_t loader_service_connect(loader_service_t* svc, zx_handle_t* out) {
     zx_handle_t h0, h1;
     zx_status_t status;
     if ((status = zx_channel_create(0, &h0, &h1)) != ZX_OK) {
         return status;
     }
     if ((status = loader_service_attach(svc, h1)) != ZX_OK) {
         zx_handle_close(h0);
         return status;
     }
     *out = h0;
     return ZX_OK;
 }
	// Copyright 2016 The Fuchsia Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include <loader-service/loader-service.h>

	#include <lib/async/loop.h>
	#include <lib/async/wait.h>
	#include <errno.h>
	#include <fcntl.h>
	#include <fdio/io.h>
	#include <inttypes.h>
	#include <ldmsg/ldmsg.h>
	#include <limits.h>
	#include <stdatomic.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <sys/stat.h>
	#include <unistd.h>
	#include <zircon/compiler.h>
	#include <zircon/device/vfs.h>
	#include <zircon/status.h>
	#include <zircon/syscalls.h>
	#include <zircon/types.h>

	#define PREFIX_MAX 32

	struct loader_service {
	atomic_int refcount;
	async_t* async;

	const loader_service_ops_t* ops;
	void* ctx;
	int dirfd; // Used by fd_ops.

	char config_prefix[PREFIX_MAX];
	bool config_exclusive;
	};

	static void loader_service_addref(loader_service_t* svc) {
	atomic_fetch_add(&svc->refcount, 1);
	}

	static void loader_service_deref(loader_service_t* svc) {
	if (atomic_fetch_sub(&svc->refcount, 1) == 1) {
	if (svc->ops->finalizer)
	svc->ops->finalizer(svc->ctx);
	free(svc);
	}
	}

	static const char* const libpaths[] = {
	"/system/lib",
	"/boot/lib",
	};

	zx_status_t loader_service_publish_data_sink_fs(const char* sink_name, zx_handle_t vmo) {
	union {
	vmo_create_config_t header;
	struct {
	alignas(vmo_create_config_t) char h[sizeof(vmo_create_config_t)];
	char name[ZX_MAX_NAME_LEN];
	};
	} config;

	zx_status_t status = zx_object_get_property(
	vmo, ZX_PROP_NAME, config.name, sizeof(config.name));
	if (status != ZX_OK)
	return status;
	if (config.name[0] == '\0') {
	zx_info_handle_basic_t info;
	status = zx_object_get_info(vmo, ZX_INFO_HANDLE_BASIC,
	&info, sizeof(info), NULL, NULL);
	if (status != ZX_OK)
	return status;
	snprintf(config.name, sizeof(config.name), "unnamed.%" PRIu64,
	info.koid);
	}

	int tmp_dir_fd = open("/tmp", O_DIRECTORY);
	if (tmp_dir_fd < 0) {
	fprintf(stderr, "dlsvc: cannot open /tmp for data-sink \"%s\": %m\n",
	sink_name);
	close(tmp_dir_fd);
	zx_handle_close(vmo);
	return ZX_ERR_NOT_FOUND;
	}
	if (mkdirat(tmp_dir_fd, sink_name, 0777) != 0 && errno != EEXIST) {
	fprintf(stderr, "dlsvc: cannot mkdir \"/tmp/%s\" for data-sink: %m\n",
	sink_name);
	close(tmp_dir_fd);
	zx_handle_close(vmo);
	return ZX_ERR_NOT_FOUND;
	}
	int sink_dir_fd = openat(tmp_dir_fd, sink_name, O_RDONLY \| O_DIRECTORY);
	close(tmp_dir_fd);
	if (sink_dir_fd < 0) {
	fprintf(stderr,
	"dlsvc: cannot open data-sink directory \"/tmp/%s\": %m\n",
	sink_name);
	zx_handle_close(vmo);
	return ZX_ERR_NOT_FOUND;
	}

	config.header.vmo = vmo;
	ssize_t result = ioctl_vfs_vmo_create(
	sink_dir_fd, &config.header,
	sizeof(config.header) + strlen(config.name) + 1);
	close(sink_dir_fd);

	if (result < 0) {
	fprintf(stderr,
	"dlsvc: ioctl_vfs_vmo_create failed"
	" for data-sink \"%s\" item \"%s\": %s\n",
	sink_name, config.name, zx_status_get_string(result));
	return result;
	}
	return ZX_OK;
	}

	// When loading a library object, search in the hard-coded locations.
	static int open_from_libpath(const char* fn) {
	int fd = -1;
	for (size_t n = 0; fd < 0 && n < countof(libpaths); ++n) {
	char path[PATH_MAX];
	snprintf(path, sizeof(path), "%s/%s", libpaths[n], fn);
	fd = open(path, O_RDONLY);
	}
	return fd;
	}

	// Always consumes the fd.
	static zx_handle_t load_object_fd(int fd, const char* fn, zx_handle_t* out) {
	zx_status_t status = fdio_get_vmo(fd, out);
	close(fd);
	if (status == ZX_OK)
	zx_object_set_property(*out, ZX_PROP_NAME, fn, strlen(fn));
	return status;
	}

	static zx_status_t fs_load_object(void* ctx, const char* name, zx_handle_t* out) {
	int fd = open_from_libpath(name);
	if (fd >= 0)
	return load_object_fd(fd, name, out);
	return ZX_ERR_NOT_FOUND;
	}

	static zx_status_t fs_load_abspath(void* ctx, const char* path, zx_handle_t* out) {
	int fd = open(path, O_RDONLY);
	if (fd >= 0)
	return load_object_fd(fd, path, out);
	return ZX_ERR_NOT_FOUND;
	}

	// For now, just publish data-sink VMOs as files under /tmp/<sink-name>/.
	// The individual file is named by its VMO's name.
	static zx_status_t fs_publish_data_sink(void* ctx, const char* name, zx_handle_t vmo) {
	return loader_service_publish_data_sink_fs(name, vmo);
	}

	static const loader_service_ops_t fs_ops = {
	.load_object = fs_load_object,
	.load_abspath = fs_load_abspath,
	.publish_data_sink = fs_publish_data_sink,
	};

	static zx_status_t fd_load_object(void* ctx, const char* name, zx_handle_t* out) {
	int dirfd = (int)ctx;
	char path[PATH_MAX];
	if (snprintf(path, sizeof(path), "lib/%s", name) >= PATH_MAX)
	return ZX_ERR_BAD_PATH;
	int fd = openat(dirfd, path, O_RDONLY);
	if (fd >= 0)
	return load_object_fd(fd, name, out);
	return ZX_ERR_NOT_FOUND;
	}

	static zx_status_t fd_load_abspath(void* ctx, const char* path, zx_handle_t* out) {
	int dirfd = (int)ctx;
	int fd = openat(dirfd, path, O_RDONLY);
	if (fd >= 0)
	return load_object_fd(fd, path, out);
	return ZX_ERR_NOT_FOUND;
	}

	static zx_status_t fd_publish_data_sink(void* ctx, const char* name, zx_handle_t vmo) {
	zx_handle_close(vmo);
	return ZX_ERR_NOT_SUPPORTED;
	}

	static zx_status_t fd_finalizer(void* ctx) {
	int dirfd = (int)ctx;
	close(dirfd);
	return ZX_OK;
	}

	static const loader_service_ops_t fd_ops = {
	.load_object = fd_load_object,
	.load_abspath = fd_load_abspath,
	.publish_data_sink = fd_publish_data_sink,
	.finalizer = fd_finalizer,
	};

	static zx_status_t loader_service_rpc(zx_handle_t h, loader_service_t* svc) {
	ldmsg_req_t req;
	uint32_t req_len = sizeof(req);
	zx_handle_t req_handle = ZX_HANDLE_INVALID;
	uint32_t req_handle_len;
	zx_status_t status =
	zx_channel_read(h, 0, &req, &req_handle, req_len, 1, &req_len, &req_handle_len);
	if (status != ZX_OK) {
	// This is the normal error for the other end going away,
	// which happens when the process dies.
	if (status != ZX_ERR_PEER_CLOSED)
	fprintf(stderr, "dlsvc: msg read error %d: %s\n", status, zx_status_get_string(status));
	return status;
	}

	const char* data = NULL;
	size_t len = 0;
	status = ldmsg_req_decode(&req, req_len, &data, &len);

	if (status != ZX_OK) {
	zx_handle_close(req_handle);
	fprintf(stderr, "dlsvc: invalid message\n");
	return ZX_ERR_IO;
	}

	zx_handle_t rsp_handle = ZX_HANDLE_INVALID;
	switch (req.header.ordinal) {
	case LDMSG_OP_CONFIG: {
	size_t len = strlen(data);
	if (len < 2 \|\| len >= sizeof(svc->config_prefix) - 1 \|\| strchr(data, '/') != NULL) {
	status = ZX_ERR_INVALID_ARGS;
	break;
	}
	strncpy(svc->config_prefix, data, len + 1);
	svc->config_exclusive = false;
	if (svc->config_prefix[len - 1] == '!') {
	--len;
	svc->config_exclusive = true;
	}
	svc->config_prefix[len] = '/';
	svc->config_prefix[len + 1] = '\0';
	status = ZX_OK;
	break;
	}
	case LDMSG_OP_LOAD_OBJECT:
	// If a prefix is configured, try loading with that prefix first
	if (svc->config_prefix[0] != '\0') {
	size_t maxlen = PREFIX_MAX + strlen(data) + 1;
	char prefixed_name[maxlen];
	snprintf(prefixed_name, maxlen, "%s%s", svc->config_prefix, data);
	if (((status = svc->ops->load_object(svc->ctx, prefixed_name, &rsp_handle)) == ZX_OK) \|\|
	svc->config_exclusive) {
	// if loading with prefix succeeds, or loading
	// with prefix is configured to be exclusive of
	// non-prefix loading, stop here
	break;
	}
	// otherwise, if non-exclusive, try loading without the prefix
	}
	status = svc->ops->load_object(svc->ctx, data, &rsp_handle);
	break;
	case LDMSG_OP_LOAD_SCRIPT_INTERPRETER:
	case LDMSG_OP_DEBUG_LOAD_CONFIG:
	// When loading a script interpreter or debug configuration file,
	// we expect an absolute path.
	if (data[0] != '/') {
	fprintf(stderr, "dlsvc: invalid %s '%s' is not an absolute path\n",
	req.header.ordinal == LDMSG_OP_LOAD_SCRIPT_INTERPRETER ? "script interpreter" : "debug config file",
	data);
	status = ZX_ERR_NOT_FOUND;
	break;
	}
	status = svc->ops->load_abspath(svc->ctx, data, &rsp_handle);
	break;
	case LDMSG_OP_DEBUG_PUBLISH_DATA_SINK:
	status = svc->ops->publish_data_sink(svc->ctx, data, req_handle);
	req_handle = ZX_HANDLE_INVALID;
	break;
	case LDMSG_OP_CLONE:
	status = loader_service_attach(svc, req_handle);
	req_handle = ZX_HANDLE_INVALID;
	break;
	case LDMSG_OP_DEBUG_PRINT:
	fprintf(stderr, "dlsvc: debug: %s\n", data);
	status = ZX_OK;
	break;
	case LDMSG_OP_DONE:
	zx_handle_close(req_handle);
	return ZX_ERR_PEER_CLOSED;
	default:
	// This case cannot happen because ldmsg_req_decode will return an
	// error for invalid ordinals.
	__builtin_trap();
	}

	if (status == ZX_ERR_NOT_FOUND) {
	fprintf(stderr, "dlsvc: could not open '%s'\n", data);
	}

	if (req_handle != ZX_HANDLE_INVALID) {
	fprintf(stderr, "dlsvc: unused handle (%#x) opcode=%#x data=\"%s\"\n",
	req_handle, req.header.ordinal, data);
	zx_handle_close(req_handle);
	}

	ldmsg_rsp_t rsp;
	memset(&rsp, 0, sizeof(rsp));
	rsp.header.txid = req.header.txid;
	rsp.header.ordinal = req.header.ordinal;
	rsp.rv = status;
	rsp.object = rsp_handle == ZX_HANDLE_INVALID ? FIDL_HANDLE_ABSENT : FIDL_HANDLE_PRESENT;
	if ((status = zx_channel_write(h, 0, &rsp, ldmsg_rsp_get_size(&rsp),
	&rsp_handle, rsp_handle != ZX_HANDLE_INVALID ? 1 : 0)) < 0) {
	fprintf(stderr, "dlsvc: msg write error: %d: %s\n", status, zx_status_get_string(status));
	return status;
	}
	return ZX_OK;
	}

	zx_status_t loader_service_create(async_t* async,
	const loader_service_ops_t* ops,
	void* ctx,
	loader_service_t** out) {
	if (out == NULL \|\| ops == NULL) {
	return ZX_ERR_INVALID_ARGS;
	}

	loader_service_t* svc = calloc(1, sizeof(loader_service_t));
	if (svc == NULL) {
	return ZX_ERR_NO_MEMORY;
	}

	if (!async) {
	zx_status_t status = async_loop_create(NULL, &async);
	if (status != ZX_OK) {
	free(svc);
	return status;
	}

	status = async_loop_start_thread(async, "loader-service", NULL);
	if (status != ZX_OK) {
	free(svc);
	async_loop_destroy(async);
	return status;
	}
	}

	svc->async = async;
	svc->ops = ops;
	svc->ctx = ctx;

	// When we create the loader service, we initialize the refcount to 1, which
	// causes the loader service to stay alive at least until someone calls
	// \|loader_service_release\|, at which point the service will be destroyed
	// once the last client goes away.
	loader_service_addref(svc);

	*out = svc;
	return ZX_OK;
	}

	zx_status_t loader_service_release(loader_service_t* svc) {
	// This call to \|loader_service_deref\| balances the \|loader_service_addref\|
	// call in \|loader_service_create\|. This reference prevents the loader
	// service from being destroyed before its creator is done with it.
	loader_service_deref(svc);
	return ZX_OK;
	}

	zx_status_t loader_service_create_fs(async_t* async,
	loader_service_t** out) {
	return loader_service_create(async, &fs_ops, NULL, out);
	}

	zx_status_t loader_service_create_fd(async_t* async,
	int dirfd,
	loader_service_t** out) {
	loader_service_t* svc;
	zx_status_t status = loader_service_create(async, &fd_ops, NULL, &svc);
	svc->dirfd = dirfd;
	svc->ctx = &svc->dirfd;
	*out = svc;
	return status;
	}

	typedef struct loader_service_wait loader_service_wait_t;
	struct loader_service_wait {
	async_wait_t wait;
	loader_service_t* svc;
	};

	static inline loader_service_t* loader_service_wait_get_svc(async_wait_t* wait) {
	return ((loader_service_wait_t*)wait)->svc;
	}

	static async_wait_result_t loader_service_handler(async_t* async,
	async_wait_t* wait,
	zx_status_t status,
	const zx_packet_signal_t* signal) {
	loader_service_t* svc = loader_service_wait_get_svc(wait);
	if (status != ZX_OK)
	goto stop;
	status = loader_service_rpc(wait->object, svc);
	if (status != ZX_OK)
	goto stop;
	return ASYNC_WAIT_AGAIN;
	stop:
	zx_handle_close(wait->object);
	free(wait);
	loader_service_deref(svc); // Balanced in \|loader_service_attach\|.
	return ASYNC_WAIT_FINISHED;
	}

	zx_status_t loader_service_attach(loader_service_t* svc, zx_handle_t h) {
	zx_status_t status = ZX_OK;
	loader_service_wait_t* wait = NULL;

	if (svc == NULL) {
	status = ZX_ERR_INVALID_ARGS;
	goto done;
	}

	wait = calloc(1, sizeof(loader_service_wait_t));
	if (wait == NULL) {
	status = ZX_ERR_NO_MEMORY;
	goto done;
	}

	wait->wait.handler = loader_service_handler;
	wait->wait.object = h;
	wait->wait.trigger = ZX_CHANNEL_READABLE \| ZX_CHANNEL_PEER_CLOSED;
	wait->wait.flags = ASYNC_FLAG_HANDLE_SHUTDOWN;
	wait->svc = svc;

	status = async_begin_wait(svc->async, (async_wait_t*)wait);

	if (status == ZX_OK)
	loader_service_addref(svc); // Balanced in \|loader_service_handler\|.

	done:
	if (status != ZX_OK) {
	zx_handle_close(h);
	free(wait);
	}
	return status;
	}

	zx_status_t loader_service_connect(loader_service_t* svc, zx_handle_t* out) {
	zx_handle_t h0, h1;
	zx_status_t status;
	if ((status = zx_channel_create(0, &h0, &h1)) != ZX_OK) {
	return status;
	}
	if ((status = loader_service_attach(svc, h1)) != ZX_OK) {
	zx_handle_close(h0);
	return status;
	}
	*out = h0;
	return ZX_OK;
	}