Add a whitelist check for nacl-nonsfi mode

components/nacl/browser/nacl_process_host.cc

Index: components/nacl/browser/nacl_process_host.cc
diff --git a/components/nacl/browser/nacl_process_host.cc b/components/nacl/browser/nacl_process_host.cc
index ff88399e67227e1e12c0d1f083acd3ed6c543fe4..8073fb597e6354accae8630399eb4f3c880ab46a 100644
--- a/components/nacl/browser/nacl_process_host.cc
+++ b/components/nacl/browser/nacl_process_host.cc
@@ -27,6 +27,7 @@
 #include "base/win/windows_version.h"
 #include "build/build_config.h"
 #include "components/nacl/browser/nacl_browser.h"
+#include "components/nacl/browser/nacl_browser_delegate.h"
 #include "components/nacl/browser/nacl_host_message_filter.h"
 #include "components/nacl/common/nacl_cmd_line.h"
 #include "components/nacl/common/nacl_host_messages.h"
@@ -430,15 +431,21 @@ void NaClProcessHost::Launch(
   }
 
   if (uses_nonsfi_mode_) {

[Mark Seaborn, 2014/05/03 01:37:59]

Note that this code path was originally just meant to be a sanity check that
prevents the renderer from requesting a nonsfi child process when it shouldn't.

This code path doesn't control whether the trusted plugin (in the renderer)
selects "arm-nonsfi" from the manifest file.  That's controlled by
components/nacl/renderer/ppb_nacl_private_impl.cc currently.  You might need to
add an IPC to plumb the info through from renderer to browser -- Hidehiko
started doing that when he changed ppb_nacl_private_impl.cc (but didn't commit
it because it turned out not to be necessary).

Oh, I see you've seen ppb_nacl_private_impl.cc already...

[elijahtaylor1, 2014/05/06 05:56:15]

I'll address this in ppb_nacl_private_impl.cc

-#if defined(OS_LINUX)
+    const bool kNonSFIModeSwitchEnabled =

[Mark Seaborn, 2014/05/03 01:37:59]

Nit: I think the "k" naming style is only for values that are constant at
compile time.

[elijahtaylor1, 2014/05/06 05:56:15]

Done.

+        cmd->HasSwitch(switches::kEnableNaClNonSfiMode);
+#if defined(OS_CHROMEOS)

[Mark Seaborn, 2014/05/03 01:37:59]

We also need to make this ARM-only.

[elijahtaylor1, 2014/05/06 05:56:15]

Done.

     const bool kNonSFIModeSupported = true;
+#elif defined(OS_LINUX)
+    const bool kNonSFIModeSupported = kNonSFIModeSwitchEnabled;
 #else
     const bool kNonSFIModeSupported = false;
 #endif
-    if (!kNonSFIModeSupported ||
-        !cmd->HasSwitch(switches::kEnableNaClNonSfiMode)) {
-      SendErrorToRenderer("NaCl non-SFI mode works only on Linux with"
-                          " --enable-nacl-nonsfi-mode specified");
+    bool is_enabled = kNonSFIModeSwitchEnabled ||
+        NaClBrowser::GetDelegate()->IsNonSfiModeAllowed(manifest_url_);
+
+    if (!kNonSFIModeSupported || !is_enabled) {
+      SendErrorToRenderer("NaCl non-SFI mode is not available for this platform"
+                          " and NaCl module.");
       delete this;
       return;
     }