Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(269)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/nacl_host/nacl_process_host.cc

Issue 11471011: Add PPAPI permissions for the testing interface (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 8 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | chrome/renderer/pepper/ppb_nacl_private_impl.cc » ('j') | ppapi/proxy/ppb_testing_proxy.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/nacl_host/nacl_process_host.h" 5 #include "chrome/browser/nacl_host/nacl_process_host.h"
6 6
7 #include <string> 7 #include <string>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after
108 reinterpret_cast<nacl::FileDescriptor>(channel)); 108 reinterpret_cast<nacl::FileDescriptor>(channel));
109 #else 109 #else
110 nacl::FileDescriptor channel; 110 nacl::FileDescriptor channel;
111 channel.fd = sourceh; 111 channel.fd = sourceh;
112 channel.auto_close = close_source; 112 channel.auto_close = close_source;
113 handles_for_sel_ldr->push_back(channel); 113 handles_for_sel_ldr->push_back(channel);
114 #endif 114 #endif
115 return true; 115 return true;
116 } 116 }
117 117
118 ppapi::PpapiPermissions GetNaClPermissions(uint32 permission_bits) {
bbudge 2012/12/07 22:23:41 Good idea to restrict the permissions requested by
119 // Only allow NaCl plugins to request certain permissions. We don't want
120 // a compromised renderer to be able to start a nacl plugin with e.g. Flash
121 // permissions which may expand the surface area of the sandbox.
122 uint32 masked_bits = permission_bits & ppapi::PERMISSION_DEV;
123 return ppapi::PpapiPermissions::GetForCommandLine(masked_bits);
124 }
125
118 } // namespace 126 } // namespace
119 127
120 struct NaClProcessHost::NaClInternal { 128 struct NaClProcessHost::NaClInternal {
121 std::vector<nacl::Handle> sockets_for_renderer; 129 std::vector<nacl::Handle> sockets_for_renderer;
122 std::vector<nacl::Handle> sockets_for_sel_ldr; 130 std::vector<nacl::Handle> sockets_for_sel_ldr;
123 }; 131 };
124 132
125 // ----------------------------------------------------------------------------- 133 // -----------------------------------------------------------------------------
126 134
127 NaClProcessHost::PluginListener::PluginListener(NaClProcessHost* host) 135 NaClProcessHost::PluginListener::PluginListener(NaClProcessHost* host)
128 : host_(host) { 136 : host_(host) {
129 } 137 }
130 138
131 bool NaClProcessHost::PluginListener::OnMessageReceived( 139 bool NaClProcessHost::PluginListener::OnMessageReceived(
132 const IPC::Message& msg) { 140 const IPC::Message& msg) {
133 return host_->OnUntrustedMessageForwarded(msg); 141 return host_->OnUntrustedMessageForwarded(msg);
134 } 142 }
135 143
136 NaClProcessHost::NaClProcessHost(const GURL& manifest_url, 144 NaClProcessHost::NaClProcessHost(const GURL& manifest_url,
137 int render_view_id, 145 int render_view_id,
138 uint32 permission_bits, 146 uint32 permission_bits,
139 bool off_the_record) 147 bool off_the_record)
140 : manifest_url_(manifest_url), 148 : manifest_url_(manifest_url),
141 permissions_(ppapi::PpapiPermissions::GetForCommandLine(permission_bits)), 149 permissions_(GetNaClPermissions(permission_bits)),
142 #if defined(OS_WIN) 150 #if defined(OS_WIN)
143 process_launched_by_broker_(false), 151 process_launched_by_broker_(false),
144 #elif defined(OS_LINUX) 152 #elif defined(OS_LINUX)
145 wait_for_nacl_gdb_(false), 153 wait_for_nacl_gdb_(false),
146 #endif 154 #endif
147 reply_msg_(NULL), 155 reply_msg_(NULL),
148 #if defined(OS_WIN) 156 #if defined(OS_WIN)
149 debug_exception_handler_requested_(false), 157 debug_exception_handler_requested_(false),
150 #endif 158 #endif
151 internal_(new NaClInternal()), 159 internal_(new NaClInternal()),
(...skipping 769 matching lines...) Expand 10 before | Expand all | Expand 10 after
921 } else { 929 } else {
922 NaClStartDebugExceptionHandlerThread( 930 NaClStartDebugExceptionHandlerThread(
923 process_handle.Take(), info, 931 process_handle.Take(), info,
924 base::MessageLoopProxy::current(), 932 base::MessageLoopProxy::current(),
925 base::Bind(&NaClProcessHost::OnDebugExceptionHandlerLaunchedByBroker, 933 base::Bind(&NaClProcessHost::OnDebugExceptionHandlerLaunchedByBroker,
926 weak_factory_.GetWeakPtr())); 934 weak_factory_.GetWeakPtr()));
927 return true; 935 return true;
928 } 936 }
929 } 937 }
930 #endif 938 #endif
OLDNEW
« no previous file with comments | « no previous file | chrome/renderer/pepper/ppb_nacl_private_impl.cc » ('j') | ppapi/proxy/ppb_testing_proxy.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698