Hook up PpapiPermissions in more places.

ppapi/proxy/plugin_dispatcher.h

Index: ppapi/proxy/plugin_dispatcher.h
diff --git a/ppapi/proxy/plugin_dispatcher.h b/ppapi/proxy/plugin_dispatcher.h
index 66b5e2d8b65dc5b428e04d67b5a7d85e9ad0a29a..b691b519c254d49e23c1c1297503b496e9be3234 100644
--- a/ppapi/proxy/plugin_dispatcher.h
+++ b/ppapi/proxy/plugin_dispatcher.h
@@ -83,8 +83,18 @@ class PPAPI_PROXY_EXPORT PluginDispatcher
   // will be automatically called when requested by the renderer side. The
   // module ID will be set upon receipt of the InitializeModule message.
   //
+  // Note about permissions: On the host side, the dispatcher and the plugin

[bbudge, 2012/10/01 17:32:01]

s/host/plugin?

+  // run in the same address space (including in nacl). This means that the
+  // permissions here are subject to malicious modification and bypass, and
+  // an exploited or malicious plugin could send any IPC messages and just
+  // bypass the permissions. All permissions must be checked "for realz" in the
+  // host process when receiving messages. We check them on the plugin side
+  // primarily to keep honest plugins honest, especially with respect to
+  // dev interfaces that they "shouldn't" be using.
+  //
   // You must call InitPluginWithChannel after the constructor.
   PluginDispatcher(PP_GetInterface_Func get_interface,
+                   const PpapiPermissions& permissions,
                    bool incognito);
   virtual ~PluginDispatcher();