Implement open_resource in non-SFI mode.

components/nacl/renderer/ppb_nacl_private_impl.cc

Index: components/nacl/renderer/ppb_nacl_private_impl.cc
diff --git a/components/nacl/renderer/ppb_nacl_private_impl.cc b/components/nacl/renderer/ppb_nacl_private_impl.cc
index 85ff3227ed91ade21a0a43591d5d99c1e8ed79a1..b85629b65af2c998fa5b417a2d58c0d6dd03e47e 100644
--- a/components/nacl/renderer/ppb_nacl_private_impl.cc
+++ b/components/nacl/renderer/ppb_nacl_private_impl.cc
@@ -158,13 +158,13 @@ class ChannelConnectedCallback {
   DISALLOW_COPY_AND_ASSIGN(ChannelConnectedCallback);
 };
 
-// Thin adapter from PP_ManifestService to ManifestServiceChannel::Delegate.
+// Thin adapter from PPP_ManifestService to ManifestServiceChannel::Delegate.
 // Note that user_data is managed by the caller of LaunchSelLdr. Please see
 // also PP_ManifestService's comment for more details about resource
 // management.
 class ManifestServiceProxy : public ManifestServiceChannel::Delegate {
  public:
-  ManifestServiceProxy(const PP_ManifestService* manifest_service,
+  ManifestServiceProxy(const PPP_ManifestService* manifest_service,
                        void* user_data)
       : manifest_service_(*manifest_service),
         user_data_(user_data) {
@@ -184,7 +184,30 @@ class ManifestServiceProxy : public ManifestServiceChannel::Delegate {
     }
   }
 
+  virtual void OpenResource(
+      const std::string& key,
+      const ManifestServiceChannel::OpenResourceCallback& callback) OVERRIDE {
+    if (!user_data_)
+      return;
+
+    // The allocated callback will be freed in DidOpenResource, which is always
+    // called regardless whether OpenResource() succeeds or fails.
+    if (!PP_ToBool(manifest_service_.OpenResource(
+            user_data_,
+            key.c_str(),
+            DidOpenResource,
+            new ManifestServiceChannel::OpenResourceCallback(callback)))) {
+      user_data_ = NULL;
+    }
+  }
+
  private:
+  static void DidOpenResource(void* user_data, PP_FileHandle file_handle) {
+    scoped_ptr<ManifestServiceChannel::OpenResourceCallback> callback(
+        static_cast<ManifestServiceChannel::OpenResourceCallback*>(user_data));
+    callback->Run(file_handle);
+  }
+
   void Quit() {
     if (!user_data_)
       return;
@@ -194,7 +217,7 @@ class ManifestServiceProxy : public ManifestServiceChannel::Delegate {
     user_data_ = NULL;
   }
 
-  PP_ManifestService manifest_service_;
+  PPP_ManifestService manifest_service_;
   void* user_data_;
   DISALLOW_COPY_AND_ASSIGN(ManifestServiceProxy);
 };
@@ -209,7 +232,7 @@ void LaunchSelLdr(PP_Instance instance,
                   PP_Bool enable_dyncode_syscalls,
                   PP_Bool enable_exception_handling,
                   PP_Bool enable_crash_throttling,
-                  const PP_ManifestService* manifest_service_interface,
+                  const PPP_ManifestService* manifest_service_interface,
                   void* manifest_service_user_data,
                   void* imc_handle,
                   struct PP_Var* error_message,
@@ -324,8 +347,14 @@ void LaunchSelLdr(PP_Instance instance,
   if (load_manager &&
       IsValidChannelHandle(
           launch_result.manifest_service_ipc_channel_handle)) {

[Mark Seaborn, 2014/05/01 23:28:33]

Since you explained this in your previous reply...

If you want, you can move the "enable_dyncode_syscalls && uses_nonsfi_mode"
conditions to the if() here (keeping the comment), and remove
"open_resource_enabled_".  I think that would be cleaner.

[hidehiko, 2014/05/02 01:32:27]

Done.

+    // For security hardening, disable the IPCs for open_resource() when they
+    // aren't needed.  PNaCl doesn't expose open_resource(), and the new
+    // open_resource() IPCs are currently only used for Non-SFI NaCl so far,
+    // not SFI NaCl. Note that enable_dyncode_syscalls is true if and only if
+    // the plugin is a non-PNaCl plugin.
     scoped_ptr<ManifestServiceChannel> manifest_service_channel(
         new ManifestServiceChannel(
+            enable_dyncode_syscalls && uses_nonsfi_mode,
             launch_result.manifest_service_ipc_channel_handle,
             connected_callback,
             manifest_service_proxy.Pass(),