Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(243)

Unified Diff: components/nacl/browser/nacl_browser.cc

Issue 224803002: Enable mmap and identity-based validation caching on pnacl-{llc,ld}.nexe (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix token handover for main nexe Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « components/nacl/browser/nacl_browser.h ('k') | components/nacl/browser/nacl_file_host.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/nacl/browser/nacl_browser.cc
diff --git a/components/nacl/browser/nacl_browser.cc b/components/nacl/browser/nacl_browser.cc
index f271af69b0f8c957fa9a914cc4baefba1102c9cd..9dfa49f2a3f2c776c8d49f855eb2c909d42067a4 100644
--- a/components/nacl/browser/nacl_browser.cc
+++ b/components/nacl/browser/nacl_browser.cc
@@ -116,20 +116,24 @@ const int64 kCrashesIntervalInSeconds = 120;
namespace nacl {
-base::File OpenNaClExecutableImpl(const base::FilePath& file_path) {
+base::File OpenNaClReadExecImpl(const base::FilePath& file_path,
+ bool is_executable) {
// Get a file descriptor. On Windows, we need 'GENERIC_EXECUTE' in order to
// memory map the executable.
// IMPORTANT: This file descriptor must not have write access - that could
// allow a NaCl inner sandbox escape.
- base::File file(file_path,
- (base::File::FLAG_OPEN |
- base::File::FLAG_READ |
- base::File::FLAG_EXECUTE)); // Windows only flag.
+
+ base::File file(file_path, is_executable
+ ? base::File::FLAG_OPEN |
+ base::File::FLAG_READ |
+ base::File::FLAG_EXECUTE // Windows only flag
+ : base::File::FLAG_OPEN |
+ base::File::FLAG_READ);
if (!file.IsValid())
return file.Pass();
// Check that the file does not reference a directory. Returning a descriptor
- // to an extension directory could allow an outer sandbox escape. openat(...)
+ // to a directory could allow an outer sandbox escape. openat(...)
// could be used to traverse into the file system.
base::File::Info file_info;
if (!file.GetInfo(&file_info) || file_info.is_directory)
« no previous file with comments | « components/nacl/browser/nacl_browser.h ('k') | components/nacl/browser/nacl_file_host.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698