Issue 8688002: PPB_TCPSocket_Private/PPB_UDPSocket_Private are exposed to Browser

Issue 8688002: PPB_TCPSocket_Private/PPB_UDPSocket_Private are exposed to Browser (Closed)

Created:
9 years, 1 month ago by ygorshenin

Modified:
9 years ago

Reviewers:
yzshen, Dmitry Polukhin, tony, jam, viettrungluu, zel, dmichael (off chromium), yzshen1, darin (slow to review), brettw

CC:
chromium-reviews, joi+watch-content_chromium.org, darin-cc_chromium.org, dpranke-watch+content_chromium.org

Base URL:
http://git.chromium.org/chromium/src.git@master

Visibility:
Public.

More Reviews

Description

PPB_{TCP|UDP}Socket_Private interfaces are exposed to Browser process. Added shared (between NaCl and Pepper) tests for both interfaces. BUG=105859 TEST=ui_tests Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=112693

Patch Set 1 #

Total comments: 10

Patch Set 2 : Fixed issues. #

Patch Set 3 : Added protection. #

Patch Set 4 : Added UDP protection. #

Patch Set 5 : Fixed desctuctors in TCP/UDP: added Disconnect/Close calls. #

Patch Set 6 : Restored comments. #

Patch Set 7 : Deleted NaCl tests. #

Total comments: 105

Patch Set 8 : Fixed codereview issues. #

Total comments: 16

Patch Set 9 : Moved PPAPI tests, fixed issues. #

Patch Set 10 : TCP/UDP APIs marked as PPAPI_THUNK_EXPORT #

Patch Set 11 : Added PPAPI_IN_PROCESS TCP and UDP tests. #

Total comments: 6

Patch Set 12 : Fixed issues. #

Total comments: 19

Patch Set 13 : Fixed issues. #

Patch Set 14 : Removed base/scoped_array dependency. #

Total comments: 8

Created: 9 years ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+2064 lines, -569 lines)			Patch
M	chrome/test/ui/ppapi_uitest.cc	View	1 2 3 4 5 6 7 8 9 10 11	3 chunks	+18 lines, -0 lines	0 comments	Download
M	content/browser/renderer_host/pepper_tcp_socket.cc	View	1 2 3 4 5 6 7 8 9 10 11	3 chunks	+5 lines, -5 lines	0 comments	Download
M	content/browser/renderer_host/pepper_udp_socket.cc	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+0 lines, -1 line	0 comments	Download
M	content/browser/renderer_host/render_process_host_impl.cc	View	1 2 3 4 5 6 7 8 9 10 11 12	1 chunk	+1 line, -0 lines	0 comments	Download
M	content/public/common/content_switches.h	View	1 2 3 4 5 6 7 8 9 10 11 12	1 chunk	+2 lines, -0 lines	3 comments	Download
M	content/public/common/content_switches.cc	View	1 2 3 4 5 6	1 chunk	+4 lines, -0 lines	0 comments	Download
M	content/renderer/pepper_plugin_delegate_impl.h	View	1 2 3 4 5 6 7 8 9 10 11	4 chunks	+65 lines, -1 line	0 comments	Download
M	content/renderer/pepper_plugin_delegate_impl.cc	View	1 2 3 4 5 6 7 8 9 10 11 12	2 chunks	+167 lines, -0 lines	0 comments	Download
M	content/renderer/render_view_impl.h	View	1 2 3 4 5 6 7 8 9 10 11 12	3 chunks	+40 lines, -0 lines	0 comments	Download
M	content/renderer/render_view_impl.cc	View	1 2 3 4 5 6 7 8 9 10 11 12	6 chunks	+94 lines, -0 lines	5 comments	Download
M	ppapi/ppapi_shared.gypi	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+5 lines, -0 lines	0 comments	Download
M	ppapi/ppapi_sources.gypi	View	1 2 3 4 5 6 7 8 9 10 11 12	1 chunk	+5 lines, -1 line	0 comments	Download
M	ppapi/proxy/ppb_tcp_socket_private_proxy.h	View		1 chunk	+0 lines, -7 lines	0 comments	Download
M	ppapi/proxy/ppb_tcp_socket_private_proxy.cc	View	1 2 3 4 5 6 7 8 9 10 11	2 chunks	+32 lines, -321 lines	0 comments	Download
M	ppapi/proxy/ppb_udp_socket_private_proxy.h	View		2 chunks	+0 lines, -8 lines	0 comments	Download
M	ppapi/proxy/ppb_udp_socket_private_proxy.cc	View	1 2 3 4 5 6 7 8 9 10 11	2 chunks	+24 lines, -219 lines	0 comments	Download
A	ppapi/shared_impl/private/tcp_socket_private_impl.h	View	1 2 3 4 5 6 7 8 9 10 11 12	1 chunk	+116 lines, -0 lines	0 comments	Download
A	ppapi/shared_impl/private/tcp_socket_private_impl.cc	View	1 2 3 4 5 6 7 8 9 10 11 12	1 chunk	+289 lines, -0 lines	0 comments	Download
A	ppapi/shared_impl/private/udp_socket_private_impl.h	View	1 2 3 4 5 6 7 8 9 10 11 12	1 chunk	+92 lines, -0 lines	0 comments	Download
A	ppapi/shared_impl/private/udp_socket_private_impl.cc	View	1 2 3 4 5 6 7 8 9 10 11 12	1 chunk	+209 lines, -0 lines	0 comments	Download
A	ppapi/tests/test_tcp_socket_private_shared.h	View	1 2 3 4 5 6 7 8	1 chunk	+49 lines, -0 lines	0 comments	Download
A	ppapi/tests/test_tcp_socket_private_shared.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13	1 chunk	+271 lines, -0 lines	0 comments	Download
A	ppapi/tests/test_udp_socket_private_shared.h	View	1 2 3 4 5 6 7 8	1 chunk	+42 lines, -0 lines	0 comments	Download
A	ppapi/tests/test_udp_socket_private_shared.cc	View	1 2 3 4 5 6 7 8	1 chunk	+182 lines, -0 lines	0 comments	Download
M	ppapi/thunk/ppb_tcp_socket_private_api.h	View	1 2 3 4 5 6 7 8 9	1 chunk	+2 lines, -1 line	0 comments	Download
M	ppapi/thunk/ppb_udp_socket_private_api.h	View	1 2 3 4 5 6 7 8 9	1 chunk	+2 lines, -1 line	0 comments	Download
M	webkit/glue/webkit_glue.gypi	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+4 lines, -0 lines	0 comments	Download
M	webkit/plugins/ppapi/mock_plugin_delegate.h	View	1	1 chunk	+24 lines, -0 lines	0 comments	Download
M	webkit/plugins/ppapi/mock_plugin_delegate.cc	View	1	1 chunk	+53 lines, -0 lines	0 comments	Download
M	webkit/plugins/ppapi/plugin_delegate.h	View	1 2 3 4 5 6 7	2 chunks	+30 lines, -0 lines	0 comments	Download
A	webkit/plugins/ppapi/ppb_tcp_socket_private_impl.h	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+37 lines, -0 lines	0 comments	Download
A	webkit/plugins/ppapi/ppb_tcp_socket_private_impl.cc	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+91 lines, -0 lines	0 comments	Download
A	webkit/plugins/ppapi/ppb_udp_socket_private_impl.h	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+34 lines, -0 lines	0 comments	Download
A	webkit/plugins/ppapi/ppb_udp_socket_private_impl.cc	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+71 lines, -0 lines	0 comments	Download
M	webkit/plugins/ppapi/resource_creation_impl.cc	View	1 2 3 4 5 6 7 8 9 10 11	3 chunks	+4 lines, -4 lines	0 comments	Download

Messages

Total messages: 38 (0 generated)

Expand Messages | Collapse Messages

Dmitry Polukhin

http://codereview.chromium.org/8688002/diff/1/ppapi/native_client/tests/ppapi_browser/ppb_tcp_socket_private/ppapi_ppb_tcp_socket_private.html File ppapi/native_client/tests/ppapi_browser/ppb_tcp_socket_private/ppapi_ppb_tcp_socket_private.html (right): http://codereview.chromium.org/8688002/diff/1/ppapi/native_client/tests/ppapi_browser/ppb_tcp_socket_private/ppapi_ppb_tcp_socket_private.html#newcode9 ppapi/native_client/tests/ppapi_browser/ppb_tcp_socket_private/ppapi_ppb_tcp_socket_private.html:9: <script type="text/javascript" src="ppapi_ppb_tcp_socket_private.js"></script> Please keep line 80 chars. http://codereview.chromium.org/8688002/diff/1/ppapi/native_client/tests/ppapi_browser/ppb_udp_socket_private/ppapi_ppb_udp_socket_private.cc ...

9 years, 1 month ago (2011-11-24 13:05:45 UTC) #1

ygorshenin

PTAL http://codereview.chromium.org/8688002/diff/1/ppapi/native_client/tests/ppapi_browser/ppb_tcp_socket_private/ppapi_ppb_tcp_socket_private.html File ppapi/native_client/tests/ppapi_browser/ppb_tcp_socket_private/ppapi_ppb_tcp_socket_private.html (right): http://codereview.chromium.org/8688002/diff/1/ppapi/native_client/tests/ppapi_browser/ppb_tcp_socket_private/ppapi_ppb_tcp_socket_private.html#newcode9 ppapi/native_client/tests/ppapi_browser/ppb_tcp_socket_private/ppapi_ppb_tcp_socket_private.html:9: <script type="text/javascript" src="ppapi_ppb_tcp_socket_private.js"></script> On 2011/11/24 13:05:45, Dmitry Polukhin ...

9 years, 1 month ago (2011-11-24 13:40:34 UTC) #2

Dmitry Polukhin

Yuzhu and Trung, Please take a look to TCP/UDP implementation in render process. NaCl part ...

9 years, 1 month ago (2011-11-24 13:44:35 UTC) #3

Dmitry Polukhin

+ darin@chromium.org for OWNER review in content/browser and webkit/ + dmichael@chromium.org for OWNER review in ...

9 years, 1 month ago (2011-11-24 15:07:42 UTC) #4

dmichael (off chromium)

Why are we proxying a private interface to NaCl at all? Can you explain the ...

9 years ago (2011-11-28 16:42:03 UTC) #5

polina

The NaCl tests have been dropped and replaced with ppapi/tests, which ended up in the ...

9 years ago (2011-11-28 20:01:56 UTC) #6

dmichael (off chromium)

http://codereview.chromium.org/8688002/diff/22001/ppapi/proxy/ppb_tcp_socket_private_proxy.cc File ppapi/proxy/ppb_tcp_socket_private_proxy.cc (right): http://codereview.chromium.org/8688002/diff/22001/ppapi/proxy/ppb_tcp_socket_private_proxy.cc#newcode76 ppapi/proxy/ppb_tcp_socket_private_proxy.cc:76: nit: extra carriage return added http://codereview.chromium.org/8688002/diff/22001/ppapi/proxy/ppb_tcp_socket_private_proxy.cc#newcode115 ppapi/proxy/ppb_tcp_socket_private_proxy.cc:115: MessageLoop::current()->PostTask(FROM_HERE, new ...

9 years ago (2011-11-28 20:38:43 UTC) #7

yzshen1

Thanks! http://codereview.chromium.org/8688002/diff/22001/content/browser/renderer_host/pepper_message_filter.cc File content/browser/renderer_host/pepper_message_filter.cc (right): http://codereview.chromium.org/8688002/diff/22001/content/browser/renderer_host/pepper_message_filter.cc#newcode45 content/browser/renderer_host/pepper_message_filter.cc:45: #include "ppapi/proxy/ppb_tcp_socket_private_proxy.h" you can probably remove this include. ...

9 years ago (2011-11-28 20:59:15 UTC) #8

yzshen1

http://codereview.chromium.org/8688002/diff/22001/content/renderer/pepper_plugin_delegate_impl.cc File content/renderer/pepper_plugin_delegate_impl.cc (right): http://codereview.chromium.org/8688002/diff/22001/content/renderer/pepper_plugin_delegate_impl.cc#newcode1699 content/renderer/pepper_plugin_delegate_impl.cc:1699: tcp_sockets_.AddWithID( On 2011/11/28 20:59:16, yzshen1 wrote: > Two issues ...

9 years ago (2011-11-28 21:38:59 UTC) #9

yzshen1

http://codereview.chromium.org/8688002/diff/22001/ppapi/shared_impl/tcp_socket_impl.cc File ppapi/shared_impl/tcp_socket_impl.cc (right): http://codereview.chromium.org/8688002/diff/22001/ppapi/shared_impl/tcp_socket_impl.cc#newcode134 ppapi/shared_impl/tcp_socket_impl.cc:134: if (read_callback_.func || ssl_handshake_callback_.func) On 2011/11/28 20:38:43, dmichael wrote: ...

9 years ago (2011-11-28 22:11:14 UTC) #10

dmichael (off chromium)

9 years ago (2011-11-28 22:21:27 UTC) #11

http://codereview.chromium.org/8688002/diff/22001/ppapi/shared_impl/tcp_socke...
File ppapi/shared_impl/tcp_socket_impl.cc (right):

http://codereview.chromium.org/8688002/diff/22001/ppapi/shared_impl/tcp_socke...
ppapi/shared_impl/tcp_socket_impl.cc:134: if (read_callback_.func ||
ssl_handshake_callback_.func)
On 2011/11/28 22:11:14, yzshen1 wrote:
> On 2011/11/28 20:38:43, dmichael wrote:
> > A plugin will eventually be able to provide a completion callbacks with a
null
> > func to mean 'block until completion' off the main thread. As written, your
> code
> > would allow another read to happen in that case.
> Dave: with line 129-130, it won't get into this state.
> 
> Since I am the author of this code, I will be happy to make the change to
enable
> 'block until completion' off the main thread.
> 
> But I am not sure about what should be changed. For example, what should be
done
> in OnReadCompleted() to notify the plugin in an off-main-thread-blocking
> scenario. Would you please explain that to me or point me to relevant
code/doc?
> Thanks!
> 
> > You should probably use a
> > different indicator for whether a read or handshake is in progress (here and
> > elsewhere).
> 
There's a lot of work still to be done for blocking completion callbacks; it
doesn't make sense to add that support here yet. I'm intending to implement a
completion callback helper at some point that will use a condition variable to
wake up the caller. There's going to be 1 big lock for the proxy, which is also
not implemented yet.

I agree, as-is, the callback function will work to signal if an operation is
in-progress. But I'm afraid it's a subtlety that will be missed later when
implementing blocking completion callbacks. And as it's written right now, it
could be a little confusing. A null 'func' has two possible meanings here:
blocking completion callback, or the associated operation is not in-progress.

If you think I'm being overly pedantic, please stick a TODO (put my name on it
if you like) to use some other strategy for determining if an operation is in
progress. This will be important later, but it doesn't need to hold up the CL.

yzshen1

On 2011/11/28 22:21:27, dmichael wrote: > http://codereview.chromium.org/8688002/diff/22001/ppapi/shared_impl/tcp_socket_impl.cc > File ppapi/shared_impl/tcp_socket_impl.cc (right): > > http://codereview.chromium.org/8688002/diff/22001/ppapi/shared_impl/tcp_socket_impl.cc#newcode134 > ...

9 years ago (2011-11-28 22:37:53 UTC) #12

On 2011/11/28 22:21:27, dmichael wrote:
>
http://codereview.chromium.org/8688002/diff/22001/ppapi/shared_impl/tcp_socke...
> File ppapi/shared_impl/tcp_socket_impl.cc (right):
> 
>
http://codereview.chromium.org/8688002/diff/22001/ppapi/shared_impl/tcp_socke...
> ppapi/shared_impl/tcp_socket_impl.cc:134: if (read_callback_.func ||
> ssl_handshake_callback_.func)
> On 2011/11/28 22:11:14, yzshen1 wrote:
> > On 2011/11/28 20:38:43, dmichael wrote:
> > > A plugin will eventually be able to provide a completion callbacks with a
> null
> > > func to mean 'block until completion' off the main thread. As written,
your
> > code
> > > would allow another read to happen in that case.
> > Dave: with line 129-130, it won't get into this state.
> > 
> > Since I am the author of this code, I will be happy to make the change to
> enable
> > 'block until completion' off the main thread.
> > 
> > But I am not sure about what should be changed. For example, what should be
> done
> > in OnReadCompleted() to notify the plugin in an off-main-thread-blocking
> > scenario. Would you please explain that to me or point me to relevant
> code/doc?
> > Thanks!
> > 
> > > You should probably use a
> > > different indicator for whether a read or handshake is in progress (here
and
> > > elsewhere).
> > 
> There's a lot of work still to be done for blocking completion callbacks; it
> doesn't make sense to add that support here yet. I'm intending to implement a
> completion callback helper at some point that will use a condition variable to
> wake up the caller. There's going to be 1 big lock for the proxy, which is
also
> not implemented yet.
> 
> I agree, as-is, the callback function will work to signal if an operation is
> in-progress. But I'm afraid it's a subtlety that will be missed later when
> implementing blocking completion callbacks. And as it's written right now, it
> could be a little confusing. A null 'func' has two possible meanings here:
> blocking completion callback, or the associated operation is not in-progress.
> 
> If you think I'm being overly pedantic, please stick a TODO (put my name on it
> if you like) to use some other strategy for determining if an operation is in
> progress. This will be important later, but it doesn't need to hold up the CL.

Thanks for your explanation, Dave!

Yuri: if you would like to make the change, please go ahead. otherwise, please
add a TODO with my name on it. :) Thanks!

ygorshenin

PTAL http://codereview.chromium.org/8688002/diff/22001/content/browser/renderer_host/pepper_message_filter.cc File content/browser/renderer_host/pepper_message_filter.cc (right): http://codereview.chromium.org/8688002/diff/22001/content/browser/renderer_host/pepper_message_filter.cc#newcode45 content/browser/renderer_host/pepper_message_filter.cc:45: #include "ppapi/proxy/ppb_tcp_socket_private_proxy.h" On 2011/11/28 20:59:16, yzshen1 wrote: > ...

9 years ago (2011-11-29 18:30:08 UTC) #13

yzshen1

Thanks! http://codereview.chromium.org/8688002/diff/22001/content/renderer/pepper_plugin_delegate_impl.cc File content/renderer/pepper_plugin_delegate_impl.cc (right): http://codereview.chromium.org/8688002/diff/22001/content/renderer/pepper_plugin_delegate_impl.cc#newcode1780 content/renderer/pepper_plugin_delegate_impl.cc:1780: DCHECK(tcp_sockets_.Lookup(socket_id)); Add comment about why we don't do ...

9 years ago (2011-11-29 20:19:32 UTC) #15

ygorshenin

PTAL Moved tests from http://codereview.chromium.org/8555002/ (already viewed by Polina). http://codereview.chromium.org/8688002/diff/22001/content/renderer/pepper_plugin_delegate_impl.cc File content/renderer/pepper_plugin_delegate_impl.cc (right): http://codereview.chromium.org/8688002/diff/22001/content/renderer/pepper_plugin_delegate_impl.cc#newcode1780 content/renderer/pepper_plugin_delegate_impl.cc:1780: ...

9 years ago (2011-11-30 11:50:53 UTC) #16

Dmitry Polukhin

Darin, please take a look to this CL we need OWNER review in content/browser/ and ...

9 years ago (2011-11-30 18:45:03 UTC) #17

yzshen1

9 years ago (2011-11-30 21:11:03 UTC) #18

ygorshenin

PTAL +tony@chromium.org for OWNER review in webkit/ +jam@chromium.org for OWNER review in content/ http://codereview.chromium.org/8688002/diff/22001/ppapi/proxy/ppb_tcp_socket_private_proxy.cc File ...

9 years ago (2011-12-01 10:58:31 UTC) #19

yzshen1

Thanks! http://codereview.chromium.org/8688002/diff/51001/ppapi/shared_impl/private/tcp_socket_private_impl.cc File ppapi/shared_impl/private/tcp_socket_private_impl.cc (right): http://codereview.chromium.org/8688002/diff/51001/ppapi/shared_impl/private/tcp_socket_private_impl.cc#newcode255 ppapi/shared_impl/private/tcp_socket_private_impl.cc:255: void TCPSocketPrivateImpl::PostAbort(PP_CompletionCallback callback) { It seems this method ...

9 years ago (2011-12-01 18:34:23 UTC) #20

tony

The changes to webkit_glue.gypi LGTM. Please ask an owner of webkit/plugins/ppapi to review the changes ...

9 years ago (2011-12-01 18:54:30 UTC) #21

jam

just looked at content changes. i'm unfamiliar with the code you're changing in webkit/plugins/ppapi, so ...

9 years ago (2011-12-01 19:50:31 UTC) #22

Dmitry Polukhin

+ brettw@chromium.org for OWNER review in webkit/plugins/ppapi Yuzhu, thank you a lot for reviewing our ...

9 years ago (2011-12-01 19:52:21 UTC) #23

brettw

http://codereview.chromium.org/8688002/diff/51001/content/renderer/render_view_impl.cc File content/renderer/render_view_impl.cc (right): http://codereview.chromium.org/8688002/diff/51001/content/renderer/render_view_impl.cc#newcode283 content/renderer/render_view_impl.cc:283: "okddffdblfhhnmhodogpojmfkjmhinfp" What is this? http://codereview.chromium.org/8688002/diff/51001/content/renderer/render_view_impl.cc#newcode4760 content/renderer/render_view_impl.cc:4760: pepper_delegate_.OnTCPSocketConnectACK( Is it ...

9 years ago (2011-12-02 03:56:13 UTC) #25

Dmitry Polukhin

http://codereview.chromium.org/8688002/diff/51001/content/public/common/content_switches.h File content/public/common/content_switches.h (right): http://codereview.chromium.org/8688002/diff/51001/content/public/common/content_switches.h#newcode17 content/public/common/content_switches.h:17: CONTENT_EXPORT extern const char kAllowNaClSocketAPI[]; On 2011/12/01 19:50:31, John ...

9 years ago (2011-12-02 11:37:32 UTC) #26

jam

On 2011/12/02 11:37:32, Dmitry Polukhin wrote: > http://codereview.chromium.org/8688002/diff/51001/content/public/common/content_switches.h > File content/public/common/content_switches.h (right): > > http://codereview.chromium.org/8688002/diff/51001/content/public/common/content_switches.h#newcode17 ...

9 years ago (2011-12-02 18:52:21 UTC) #27

jam

Based on discussion with others, I'm reverting this change. The main issues is that this ...

9 years ago (2011-12-02 19:17:48 UTC) #28

darin (slow to review)

http://codereview.chromium.org/8688002/diff/56007/content/public/common/content_switches.h File content/public/common/content_switches.h (right): http://codereview.chromium.org/8688002/diff/56007/content/public/common/content_switches.h#newcode18 content/public/common/content_switches.h:18: CONTENT_EXPORT extern const char kAllowNaClSocketAPI[]; Is this really the ...

9 years ago (2011-12-02 20:34:42 UTC) #29

zel

On 2011/12/02 19:17:48, John Abd-El-Malek wrote: > Based on discussion with others, I'm reverting this ...

9 years ago (2011-12-02 20:51:42 UTC) #30

jam

On Fri, Dec 2, 2011 at 12:51 PM, <zelidrag@chromium.org> wrote: > On 2011/12/02 19:17:48, John ...

9 years ago (2011-12-02 20:55:45 UTC) #31

yzshen1

9 years ago (2011-12-02 21:19:26 UTC) #32

brettw

On Fri, Dec 2, 2011 at 12:55 PM, John Abd-El-Malek <jam@chromium.org> wrote: > > > ...

9 years ago (2011-12-02 21:26:32 UTC) #33

On Fri, Dec 2, 2011 at 12:55 PM, John Abd-El-Malek <jam@chromium.org> wrote:
>
>
> On Fri, Dec 2, 2011 at 12:51 PM, <zelidrag@chromium.org> wrote:
>>
>> On 2011/12/02 19:17:48, John Abd-El-Malek wrote:
>>>
>>> Based on discussion with others, I'm reverting this change. The main
>>> issues is
>>> that this was improperly committed, because there were outstanding
>>> comments
>>
>> from
>>>
>>> other reviewers, and also there were no OWNERS approval.
>>
>>
>>> If you're in a rush to get this in, feel free to IM or email me and I
>>> will
>>> review updated revisions. The two things that should be taken care of are
>>> the
>>> nacl issue and filtering the messages outside of RenderViewImpl. While
>>> these
>>
>> may
>>>
>>> seem minor, a number of people have been spending this whole year
>>> refactoring
>>> this code to simplify RenderView and to separate nacl from content, and
>>> so
>>
>> this
>>>
>>> is taking a step back.
>>
>>
>> First, let me I apologize for creating pressure around landing this CL
>> before
>> M17 branch point. We should not have shortcut the review process because
>> of
>> that.
>>
>> Dmitry, let's address John's existing comments first before we land this
>> CL on
>> TOT. I will make sure that we merge this into the branch even if the
>> branch gets
>> cut before this CL lands.
>>
>> John, you said in your previous comment that you haven't completed your
>> review
>> yet. I would appreciate if you can finish the missing part soon, so Dmitry
>> does
>> not have to make several CR round trips across timezones.
>
>
> Good point, I should have clarified that. The only other issue I had was
> what Brett commented on as well. The IPCs should be dispatched directly
> where they're needed.

My suggestion should be a 10-minute change and will make your patch a
fair bit smaller. I realize that the other code does it the way you do
it now, but your addition of a big block of a bunch of forwarding
functions makes the way we've been doing it seem like it's no longer
scaling. Because of the size and criticality of RenderView, we're
particularly sensitive to additions of code there. You don't have to
fix the existing code, I'll take a TODO to convert those over to the
new filter.

Brett

brettw

http://codereview.chromium.org/8688002/diff/56007/content/renderer/render_view_impl.cc File content/renderer/render_view_impl.cc (right): http://codereview.chromium.org/8688002/diff/56007/content/renderer/render_view_impl.cc#newcode282 content/renderer/render_view_impl.cc:282: static const char* kPredefinedAllowedSocketOrigins[] = { Can you add ...

9 years ago (2011-12-02 21:43:13 UTC) #34

jam

9 years ago (2011-12-02 21:54:34 UTC) #35

darin (slow to review)

On Fri, Dec 2, 2011 at 1:19 PM, <yzshen@chromium.org> wrote: > > http://codereview.chromium.**org/8688002/diff/56007/** > content/public/common/content_**switches.h<http://codereview.chromium.org/8688002/diff/56007/content/public/common/content_switches.h> ...

9 years ago (2011-12-02 22:41:14 UTC) #36

Dmitry Polukhin

CL to re-land changes is here http://codereview.chromium.org/8804006 please add you comments to new CL. http://codereview.chromium.org/8688002/diff/51001/content/public/common/content_switches.h ...

9 years ago (2011-12-05 11:29:05 UTC) #37

CL to re-land changes is here http://codereview.chromium.org/8804006 please add
you comments to new CL.

http://codereview.chromium.org/8688002/diff/51001/content/public/common/conte...
File content/public/common/content_switches.h (right):

http://codereview.chromium.org/8688002/diff/51001/content/public/common/conte...
content/public/common/content_switches.h:17: CONTENT_EXPORT extern const char
kAllowNaClSocketAPI[];
On 2011/12/01 19:50:31, John Abd-El-Malek wrote:
> this doesn't belong in content, since it's NaCl related which is in chrome.
> 
> so move this out to chrome, and have it be propagated to the renderer by
editing
> ChromeContentBrowserClient::AppendExtraCommandLineSwitches instead of
> RenderProcessHostImpl::PropagateBrowserCommandLineToRenderer

Done.

http://codereview.chromium.org/8688002/diff/51001/content/renderer/render_vie...
File content/renderer/render_view_impl.cc (right):

http://codereview.chromium.org/8688002/diff/51001/content/renderer/render_vie...
content/renderer/render_view_impl.cc:283: "okddffdblfhhnmhodogpojmfkjmhinfp"
On 2011/12/02 03:56:14, brettw wrote:
> What is this?

Added comment.

http://codereview.chromium.org/8688002/diff/51001/content/renderer/render_vie...
content/renderer/render_view_impl.cc:438:
command_line.GetSwitchValueASCII(switches::kAllowNaClSocketAPI);
On 2011/12/01 19:50:31, John Abd-El-Malek wrote:
> here and in the header, please don't mention nacl in content. see
> http://www.chromium.org/developers/content-module
> 
> if you want to have the core code in content, you can ask the embedder whether
> to allow this feature or not through the ContentRendererClient interface.
> Chrome's implementation can then use the nacl flag

Done.

http://codereview.chromium.org/8688002/diff/51001/content/renderer/render_vie...
content/renderer/render_view_impl.cc:4760:
pepper_delegate_.OnTCPSocketConnectACK(
On 2011/12/02 03:56:14, brettw wrote:
> Is it possible to add a filter from the pepper delegate rather than have all
> these modifications here? This is a lot of modifications to this critical
file.
> 
> You can see the beginning of OnMessageReceived does some dispatch to various
> observers before falling through to the regular message handling.

RenderViewObserver is huge interface but for message filtering we need to
implement much smaller interface IPC::Channel::Listener. If you think that
PepperPluginDelegateImpl should implement RenderViewObserver, please let me and
I'll use observers mechanism instead of explicit message forwarding to
pepper_delegate_.

http://codereview.chromium.org/8688002/diff/56007/content/public/common/conte...
File content/public/common/content_switches.h (right):

http://codereview.chromium.org/8688002/diff/56007/content/public/common/conte...
content/public/common/content_switches.h:18: CONTENT_EXPORT extern const char
kAllowNaClSocketAPI[];
On 2011/12/02 21:19:27, yzshen1 wrote:
> On 2011/12/02 20:34:42, darin wrote:
> > Is this really the NaCl socket API?  The socket API is part of Pepper. 
Should
> > this be kAllowPepperSocketAPI instead?
> > 
> > What is NaCl-specific about this CL?
> 
> When the socket API is used by non-NaCl pepper plugins (Flapper), we don't
> restrict it to a set of selective origins. So it seems appropriate to have
NaCl
> in the name.
> 
> But I think it is better not to enforce the origin restriction in render view.
> It will affect not only NaCl, but also other in-process pepper plugins.
> 

Actually I think that TCP/UDP should be exposed to limited list of trusted
plugins. I think it's dangerous to give these interfaces to all trusted plugins
(some of these interface have Flash, i.e. it should be enforced that only Flash
uses them).

As for enforcement in render, I think it is better to do in browser during
processing TCPSocket_Create/UDPSocket_Create. I tried to do it but failed to do
it easy because Pepper message filter in browser miss context what page sent the
request (or which exactly plugin did it).

http://codereview.chromium.org/8688002/diff/56007/content/renderer/render_vie...
File content/renderer/render_view_impl.cc (right):

http://codereview.chromium.org/8688002/diff/56007/content/renderer/render_vie...
content/renderer/render_view_impl.cc:282: static const char*
kPredefinedAllowedSocketOrigins[] = {
On 2011/12/02 21:54:35, John Abd-El-Malek wrote:
> On 2011/12/02 21:43:13, brettw wrote:
> > Can you add a comment here explaining that these are whitelisted extension
> IDs?
> > Also, when you move CanUseSocketAPIs, this can be moved to the pepper plugin
> > delegate impl file.
> 
> actually, this should also be in the chrome file that implements
> ContentRendererClient, since content module doesn't know about extensions
(it's
> a chrome feature)

Done.

http://codereview.chromium.org/8688002/diff/56007/content/renderer/render_vie...
content/renderer/render_view_impl.cc:598: bool
RenderViewImpl::CanUseSocketAPIs() {
On 2011/12/02 21:43:13, brettw wrote:
> Can you move this code to the pepper plugin delegate impl? It's not needed in
> RenderView, and we should try hard to have as little in RenderView as
possible.

Done.

yzshen

9 years ago (2011-12-05 19:26:14 UTC) #38

On Mon, Dec 5, 2011 at 3:29 AM, <dpolukhin@chromium.org> wrote:

> CL to re-land changes is here
http://codereview.chromium.**org/8804006<http://codereview.chromium.org/88040...
add
> you comments to new CL.
>
>
>
> http://codereview.chromium.**org/8688002/diff/51001/**
>
content/public/common/content_**switches.h<http://codereview.chromium.org/8688002/diff/51001/content/public/common/content_switches.h>
> File content/public/common/content_**switches.h (right):
>
> http://codereview.chromium.**org/8688002/diff/51001/**
>
content/public/common/content_**switches.h#newcode17<http://codereview.chromium.org/8688002/diff/51001/content/public/common/content_switches.h#newcode17>
> content/public/common/content_**switches.h:17: CONTENT_EXPORT extern const
> char kAllowNaClSocketAPI[];
>
> On 2011/12/01 19:50:31, John Abd-El-Malek wrote:
>
>> this doesn't belong in content, since it's NaCl related which is in
>>
> chrome.
>
>  so move this out to chrome, and have it be propagated to the renderer
>>
> by editing
>
>> ChromeContentBrowserClient::**AppendExtraCommandLineSwitches instead of
>> RenderProcessHostImpl::**PropagateBrowserCommandLineToR**enderer
>>
>
> Done.
>
>
> http://codereview.chromium.**org/8688002/diff/51001/**
>
content/renderer/render_view_**impl.cc<http://codereview.chromium.org/8688002/diff/51001/content/renderer/render_view_impl.cc>
> File content/renderer/render_view_**impl.cc (right):
>
> http://codereview.chromium.**org/8688002/diff/51001/**
>
content/renderer/render_view_**impl.cc#newcode283<http://codereview.chromium.org/8688002/diff/51001/content/renderer/render_view_impl.cc#newcode283>
> content/renderer/render_view_**impl.cc:283:
> "**okddffdblfhhnmhodogpojmfkjmhin**fp"
>
> On 2011/12/02 03:56:14, brettw wrote:
>
>> What is this?
>>
>
> Added comment.
>
>
> http://codereview.chromium.**org/8688002/diff/51001/**
>
content/renderer/render_view_**impl.cc#newcode438<http://codereview.chromium.org/8688002/diff/51001/content/renderer/render_view_impl.cc#newcode438>
> content/renderer/render_view_**impl.cc:438:
> command_line.**GetSwitchValueASCII(switches::**kAllowNaClSocketAPI);
> On 2011/12/01 19:50:31, John Abd-El-Malek wrote:
>
>> here and in the header, please don't mention nacl in content. see
>>
http://www.chromium.org/**developers/content-module<http://www.chromium.org/d...
>>
>
>  if you want to have the core code in content, you can ask the embedder
>>
> whether
>
>> to allow this feature or not through the ContentRendererClient
>>
> interface.
>
>> Chrome's implementation can then use the nacl flag
>>
>
> Done.
>
> http://codereview.chromium.**org/8688002/diff/51001/**
>
content/renderer/render_view_**impl.cc#newcode4760<http://codereview.chromium.org/8688002/diff/51001/content/renderer/render_view_impl.cc#newcode4760>
> content/renderer/render_view_**impl.cc:4760:
> pepper_delegate_.**OnTCPSocketConnectACK(
> On 2011/12/02 03:56:14, brettw wrote:
>
>> Is it possible to add a filter from the pepper delegate rather than
>>
> have all
>
>> these modifications here? This is a lot of modifications to this
>>
> critical file.
>
>  You can see the beginning of OnMessageReceived does some dispatch to
>>
> various
>
>> observers before falling through to the regular message handling.
>>
>
> RenderViewObserver is huge interface but for message filtering we need
> to implement much smaller interface IPC::Channel::Listener. If you think
> that PepperPluginDelegateImpl should implement RenderViewObserver,
> please let me and I'll use observers mechanism instead of explicit
> message forwarding to pepper_delegate_.
>
>
> http://codereview.chromium.**org/8688002/diff/56007/**
>
content/public/common/content_**switches.h<http://codereview.chromium.org/8688002/diff/56007/content/public/common/content_switches.h>
> File content/public/common/content_**switches.h (right):
>
> http://codereview.chromium.**org/8688002/diff/56007/**
>
content/public/common/content_**switches.h#newcode18<http://codereview.chromium.org/8688002/diff/56007/content/public/common/content_switches.h#newcode18>
> content/public/common/content_**switches.h:18: CONTENT_EXPORT extern const
> char kAllowNaClSocketAPI[];
> On 2011/12/02 21:19:27, yzshen1 wrote:
>
>> On 2011/12/02 20:34:42, darin wrote:
>> > Is this really the NaCl socket API?  The socket API is part of
>>
> Pepper.  Should
>
>> > this be kAllowPepperSocketAPI instead?
>> >
>> > What is NaCl-specific about this CL?
>>
>
>  When the socket API is used by non-NaCl pepper plugins (Flapper), we
>>
> don't
>
>> restrict it to a set of selective origins. So it seems appropriate to
>>
> have NaCl
>
>> in the name.
>>
>
>  But I think it is better not to enforce the origin restriction in
>>
> render view.
>
>> It will affect not only NaCl, but also other in-process pepper
>>
> plugins.
>
>
> Actually I think that TCP/UDP should be exposed to limited list of
> trusted plugins. I think it's dangerous to give these interfaces to all
> trusted plugins (some of these interface have Flash, i.e. it should be
> enforced that only Flash uses them).


I agree that maybe not every trusted plugin should be allowed to use
TCP/UDP.

However, the current implementation of access control seems inconsistent
and confusing:
- in-process: only a selective set of origins are allowed to use TCP/UDP
interface. (NaCl uses this path.)
- out-of-proces: no restriction. (Pepper Flash uses this path.)
What is more, the way of checking page origins doesn't work for trusted
plugins. Consider Pepper Flash: it can be on any page.

I wish this could be addressed.
But I am okay with adding a TODO (feel free to assign to me, if you would
like to) and leave it to a future CL.

As for enforcement in render, I think it is better to do in browser
> during processing TCPSocket_Create/UDPSocket_**Create. I tried to do it
> but failed to do it easy because Pepper message filter in browser miss
> context what page sent the request (or which exactly plugin did it).




>
>
> http://codereview.chromium.**org/8688002/diff/56007/**
>
content/renderer/render_view_**impl.cc<http://codereview.chromium.org/8688002/diff/56007/content/renderer/render_view_impl.cc>
> File content/renderer/render_view_**impl.cc (right):
>
> http://codereview.chromium.**org/8688002/diff/56007/**
>
content/renderer/render_view_**impl.cc#newcode282<http://codereview.chromium.org/8688002/diff/56007/content/renderer/render_view_impl.cc#newcode282>
> content/renderer/render_view_**impl.cc:282: static const char*
> kPredefinedAllowedSocketOrigin**s[] = {
> On 2011/12/02 21:54:35, John Abd-El-Malek wrote:
>
>> On 2011/12/02 21:43:13, brettw wrote:
>> > Can you add a comment here explaining that these are whitelisted
>>
> extension
>
>> IDs?
>> > Also, when you move CanUseSocketAPIs, this can be moved to the
>>
> pepper plugin
>
>> > delegate impl file.
>>
>
>  actually, this should also be in the chrome file that implements
>> ContentRendererClient, since content module doesn't know about
>>
> extensions (it's
>
>> a chrome feature)
>>
>
> Done.
>
>
> http://codereview.chromium.**org/8688002/diff/56007/**
>
content/renderer/render_view_**impl.cc#newcode598<http://codereview.chromium.org/8688002/diff/56007/content/renderer/render_view_impl.cc#newcode598>
> content/renderer/render_view_**impl.cc:598: bool
> RenderViewImpl::**CanUseSocketAPIs() {
> On 2011/12/02 21:43:13, brettw wrote:
>
>> Can you move this code to the pepper plugin delegate impl? It's not
>>
> needed in
>
>> RenderView, and we should try hard to have as little in RenderView as
>>
> possible.
>
> Done.
>
>
http://codereview.chromium.**org/8688002/<http://codereview.chromium.org/8688...
>



-- 
Best regards,
Yuzhu Shen.

Expand Messages | Collapse Messages