Add RequestOSFileHandle as a private PPAPI

content/renderer/pepper/pepper_file_io_host.cc

Index: content/renderer/pepper/pepper_file_io_host.cc
diff --git a/content/renderer/pepper/pepper_file_io_host.cc b/content/renderer/pepper/pepper_file_io_host.cc
index d0fb617c54b5a363db8dc467af64da0128b320d7..51d6b43d9d1b4f31e47423aa5039104953f3fdba 100644
--- a/content/renderer/pepper/pepper_file_io_host.cc
+++ b/content/renderer/pepper/pepper_file_io_host.cc
@@ -6,7 +6,10 @@
 
 #include "base/bind.h"
 #include "base/callback_helpers.h"
+#include "base/command_line.h"
 #include "base/files/file_util_proxy.h"
+#include "base/strings/string_tokenizer.h"
+#include "content/public/common/content_switches.h"
 #include "ppapi/c/pp_errors.h"
 #include "ppapi/host/dispatch_host_message.h"
 #include "ppapi/host/ppapi_host.h"
@@ -115,6 +118,16 @@ PepperFileIOHost::PepperFileIOHost(RendererPpapiHost* host,
   webkit::ppapi::PluginInstance* plugin_instance =
       webkit::ppapi::HostGlobals::Get()->GetInstance(instance);
   plugin_delegate_ = plugin_instance ? plugin_instance->delegate() : NULL;
+
+  const CommandLine& command_line = *CommandLine::ForCurrentProcess();
+  std::string allowed_list =
+      command_line.GetSwitchValueASCII(switches::kAllowGetOSFileHandleAPI);
+  if (!allowed_list.empty()) {
+    base::StringTokenizer t(allowed_list, ",");
+    while (t.GetNext()) {
+      allowed_hosts_.insert(t.token());
+    }
+  }
 }
 
 PepperFileIOHost::~PepperFileIOHost() {
@@ -446,22 +459,51 @@ int32_t PepperFileIOHost::OnHostMsgWillSetLength(
   return PP_OK_COMPLETIONPENDING;
 }
 
+bool PepperFileIOHost::IsGetOSFileDescriptorAllowed() const {
+  if (is_running_in_process_)
+    return true;
+
+  DCHECK(file_system_url_.SchemeIsFileSystem());

[yzshen1, 2013/03/27 20:47:58]

nit: please consider changing line 466-467 to a NOTREACHED() in the if at line
468.

[hamaji, 2013/03/28 00:17:29]

Done.

[hamaji, 2013/03/28 00:42:57]

Actually, Kinuko said this can happen for filesystem types which I don't know
and she said we should just fail without DCHECK. So, I removed this.

+  DCHECK(file_system_url_.inner_url());
+  if (!file_system_url_.SchemeIsFileSystem() ||
+      !file_system_url_.inner_url())
+    return false;
+
+  const GURL& url = *file_system_url_.inner_url();
+  if (!url.is_valid())
+    return false;
+
+  if (url.SchemeIs("chrome-extension")) {
+    // TODO(hamaji): http://crbug.com/224123
+    return false;
+  }
+
+  if (allowed_hosts_.count(url.host()))
+    return true;
+
+  return false;
+}
+
 int32_t PepperFileIOHost::OnHostMsgGetOSFileDescriptor(
     ppapi::host::HostMessageContext* context) {
-  if (!is_running_in_process_)
+  if (!IsGetOSFileDescriptorAllowed())
+    return PP_ERROR_FAILED;
+
+  // TODO(hamaji): Should fail if quota is not unlimited.

[dmichael (off chromium), 2013/03/27 19:40:53]

I think you need a bug filed for this (maybe 224123 would be appropriate)

[hamaji, 2013/03/28 00:17:29]

Done. I've also updated the summary of 224123.

+
+  RendererPpapiHost* renderer_ppapi_host =
+      RendererPpapiHost::GetForPPInstance(pp_instance());
+
+  IPC::PlatformFileForTransit file =
+      renderer_ppapi_host->ShareHandleWithRemote(file_, false);
+  if (file == IPC::InvalidPlatformFileForTransit())
     return PP_ERROR_FAILED;
-  int32_t fd =
-#if defined(OS_POSIX)
-    file_;
-#elif defined(OS_WIN)
-    reinterpret_cast<uintptr_t>(file_);
-#else
-    -1;  // Platform not supported.
-#endif
-  // TODO(victorhsieh): Pass the file handle in the reply params once this works
-  // in-process.
-  host()->SendReply(context->MakeReplyMessageContext(),
-      PpapiPluginMsg_FileIO_GetOSFileDescriptorReply(fd));
+  ppapi::host::ReplyMessageContext reply_context =
+      context->MakeReplyMessageContext();
+  reply_context.params.AppendHandle(ppapi::proxy::SerializedHandle(
+      ppapi::proxy::SerializedHandle::FILE, file));
+  host()->SendReply(reply_context,
+                    PpapiPluginMsg_FileIO_GetOSFileDescriptorReply());
   return PP_OK_COMPLETIONPENDING;
 }
 
@@ -569,4 +611,3 @@ void PepperFileIOHost::ExecutePlatformWillWriteCallback(
 }
 
 }  // namespace content
-