Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(84)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/nacl/browser/nacl_process_host.cc

Issue 264923011: Add a whitelist check for nacl-nonsfi mode (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« chrome/common/pepper_permission_util.cc ('K') | « components/nacl/browser/nacl_browser_delegate.h ('k') | components/nacl/browser/test_nacl_browser_delegate.h » ('j') | components/nacl/renderer/ppb_nacl_private_impl.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/nacl/browser/nacl_process_host.h" 5 #include "components/nacl/browser/nacl_process_host.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
11 #include "base/base_switches.h" 11 #include "base/base_switches.h"
12 #include "base/bind.h" 12 #include "base/bind.h"
13 #include "base/command_line.h" 13 #include "base/command_line.h"
14 #include "base/file_util.h" 14 #include "base/file_util.h"
15 #include "base/message_loop/message_loop.h" 15 #include "base/message_loop/message_loop.h"
16 #include "base/metrics/histogram.h" 16 #include "base/metrics/histogram.h"
17 #include "base/path_service.h" 17 #include "base/path_service.h"
18 #include "base/process/launch.h" 18 #include "base/process/launch.h"
19 #include "base/process/process_iterator.h" 19 #include "base/process/process_iterator.h"
20 #include "base/rand_util.h" 20 #include "base/rand_util.h"
21 #include "base/strings/string_number_conversions.h" 21 #include "base/strings/string_number_conversions.h"
22 #include "base/strings/string_split.h" 22 #include "base/strings/string_split.h"
23 #include "base/strings/string_util.h" 23 #include "base/strings/string_util.h"
24 #include "base/strings/stringprintf.h" 24 #include "base/strings/stringprintf.h"
25 #include "base/strings/utf_string_conversions.h" 25 #include "base/strings/utf_string_conversions.h"
26 #include "base/threading/sequenced_worker_pool.h" 26 #include "base/threading/sequenced_worker_pool.h"
27 #include "base/win/windows_version.h" 27 #include "base/win/windows_version.h"
28 #include "build/build_config.h" 28 #include "build/build_config.h"
29 #include "components/nacl/browser/nacl_browser.h" 29 #include "components/nacl/browser/nacl_browser.h"
30 #include "components/nacl/browser/nacl_browser_delegate.h"
30 #include "components/nacl/browser/nacl_host_message_filter.h" 31 #include "components/nacl/browser/nacl_host_message_filter.h"
31 #include "components/nacl/common/nacl_cmd_line.h" 32 #include "components/nacl/common/nacl_cmd_line.h"
32 #include "components/nacl/common/nacl_host_messages.h" 33 #include "components/nacl/common/nacl_host_messages.h"
33 #include "components/nacl/common/nacl_messages.h" 34 #include "components/nacl/common/nacl_messages.h"
34 #include "components/nacl/common/nacl_process_type.h" 35 #include "components/nacl/common/nacl_process_type.h"
35 #include "components/nacl/common/nacl_switches.h" 36 #include "components/nacl/common/nacl_switches.h"
36 #include "content/public/browser/browser_child_process_host.h" 37 #include "content/public/browser/browser_child_process_host.h"
37 #include "content/public/browser/browser_ppapi_host.h" 38 #include "content/public/browser/browser_ppapi_host.h"
38 #include "content/public/browser/child_process_data.h" 39 #include "content/public/browser/child_process_data.h"
39 #include "content/public/browser/plugin_service.h" 40 #include "content/public/browser/plugin_service.h"
(...skipping 382 matching lines...) Expand 10 before | Expand all | Expand 10 after
422 // We'll make sure this actually finished in StartWithLaunchedProcess, below. 423 // We'll make sure this actually finished in StartWithLaunchedProcess, below.
423 NaClBrowser* nacl_browser = NaClBrowser::GetInstance(); 424 NaClBrowser* nacl_browser = NaClBrowser::GetInstance();
424 nacl_browser->EnsureAllResourcesAvailable(); 425 nacl_browser->EnsureAllResourcesAvailable();
425 if (!nacl_browser->IsOk()) { 426 if (!nacl_browser->IsOk()) {
426 SendErrorToRenderer("could not find all the resources needed" 427 SendErrorToRenderer("could not find all the resources needed"
427 " to launch the process"); 428 " to launch the process");
428 delete this; 429 delete this;
429 return; 430 return;
430 } 431 }
431 432
432 if (uses_nonsfi_mode_) { 433 if (uses_nonsfi_mode_) {
Mark Seaborn 2014/05/03 01:37:59 Note that this code path was originally just meant
elijahtaylor1 2014/05/06 05:56:15 I'll address this in ppb_nacl_private_impl.cc
433 #if defined(OS_LINUX) 434 const bool kNonSFIModeSwitchEnabled =
Mark Seaborn 2014/05/03 01:37:59 Nit: I think the "k" naming style is only for valu
elijahtaylor1 2014/05/06 05:56:15 Done.
435 cmd->HasSwitch(switches::kEnableNaClNonSfiMode);
436 #if defined(OS_CHROMEOS)
Mark Seaborn 2014/05/03 01:37:59 We also need to make this ARM-only.
elijahtaylor1 2014/05/06 05:56:15 Done.
434 const bool kNonSFIModeSupported = true; 437 const bool kNonSFIModeSupported = true;
438 #elif defined(OS_LINUX)
439 const bool kNonSFIModeSupported = kNonSFIModeSwitchEnabled;
435 #else 440 #else
436 const bool kNonSFIModeSupported = false; 441 const bool kNonSFIModeSupported = false;
437 #endif 442 #endif
438 if (!kNonSFIModeSupported || 443 bool is_enabled = kNonSFIModeSwitchEnabled ||
439 !cmd->HasSwitch(switches::kEnableNaClNonSfiMode)) { 444 NaClBrowser::GetDelegate()->IsNonSfiModeAllowed(manifest_url_);
440 SendErrorToRenderer("NaCl non-SFI mode works only on Linux with" 445
441 " --enable-nacl-nonsfi-mode specified"); 446 if (!kNonSFIModeSupported || !is_enabled) {
447 SendErrorToRenderer("NaCl non-SFI mode is not available for this platform"
448 " and NaCl module.");
442 delete this; 449 delete this;
443 return; 450 return;
444 } 451 }
445 } 452 }
446 453
447 // Rather than creating a socket pair in the renderer, and passing 454 // Rather than creating a socket pair in the renderer, and passing
448 // one side through the browser to sel_ldr, socket pairs are created 455 // one side through the browser to sel_ldr, socket pairs are created
449 // in the browser and then passed to the renderer and sel_ldr. 456 // in the browser and then passed to the renderer and sel_ldr.
450 // 457 //
451 // This is mainly for the benefit of Windows, where sockets cannot 458 // This is mainly for the benefit of Windows, where sockets cannot
(...skipping 640 matching lines...) Expand 10 before | Expand all | Expand 10 after
1092 process_handle.Take(), info, 1099 process_handle.Take(), info,
1093 base::MessageLoopProxy::current(), 1100 base::MessageLoopProxy::current(),
1094 base::Bind(&NaClProcessHost::OnDebugExceptionHandlerLaunchedByBroker, 1101 base::Bind(&NaClProcessHost::OnDebugExceptionHandlerLaunchedByBroker,
1095 weak_factory_.GetWeakPtr())); 1102 weak_factory_.GetWeakPtr()));
1096 return true; 1103 return true;
1097 } 1104 }
1098 } 1105 }
1099 #endif 1106 #endif
1100 1107
1101 } // namespace nacl 1108 } // namespace nacl
OLDNEW
« chrome/common/pepper_permission_util.cc ('K') | « components/nacl/browser/nacl_browser_delegate.h ('k') | components/nacl/browser/test_nacl_browser_delegate.h » ('j') | components/nacl/renderer/ppb_nacl_private_impl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698