Chromium Code Reviews Chromium Code Reviews
Issue 264923011:
Add a whitelist check for nacl-nonsfi mode (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome/browser/nacl_host/nacl_browser_delegate_impl.cc |
| diff --git a/chrome/browser/nacl_host/nacl_browser_delegate_impl.cc b/chrome/browser/nacl_host/nacl_browser_delegate_impl.cc |
| index c4ffd39b654fdaa82ad3a13f5b922a8d0e99ba7c..fdc4b771673ef2c220789bb97da49a8c50ba9f39 100644 |
| --- a/chrome/browser/nacl_host/nacl_browser_delegate_impl.cc |
| +++ b/chrome/browser/nacl_host/nacl_browser_delegate_impl.cc |
| @@ -18,6 +18,7 @@ |
| #include "chrome/common/chrome_paths_internal.h" |
| #include "chrome/common/chrome_version_info.h" |
| #include "chrome/common/logging_chrome.h" |
| +#include "chrome/common/pepper_permission_util.h" |
| #include "content/public/browser/browser_thread.h" |
| #include "content/public/browser/render_frame_host.h" |
| #include "content/public/browser/site_instance.h" |
| @@ -34,6 +35,13 @@ using extensions::SharedModuleInfo; |
| namespace { |
| +// These are temporarily needed for testing non-sfi mode on ChromeOS without |
| +// passing command-line arguments to Chrome. |
| +const char* const kAllowedNonSfiOrigins[] = { |
| + "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F", // see crbug.com/355141 |
|
Tom Sepez
2014/05/09 19:27:32
nit: add http:// so various code review tools may
elijahtaylor1
2014/05/09 19:31:24
Done.
|
| + "4EB74897CB187C7633357C2FE832E0AD6A44883A" // see crbug.com/355141 |
| +}; |
| + |
| // Handles an extension's NaCl process transitioning in or out of idle state by |
| // relaying the state to the extension's process manager. |
| // |
| @@ -108,6 +116,9 @@ NaClBrowserDelegateImpl::NaClBrowserDelegateImpl( |
| ProfileManager* profile_manager) |
| : profile_manager_(profile_manager), inverse_debug_patterns_(false) { |
| DCHECK(profile_manager_); |
| + for (size_t i = 0; i < arraysize(kAllowedNonSfiOrigins); ++i) { |
| + allowed_nonsfi_origins_.insert(kAllowedNonSfiOrigins[i]); |
| + } |
| } |
| NaClBrowserDelegateImpl::~NaClBrowserDelegateImpl() { |
| @@ -210,15 +221,8 @@ bool NaClBrowserDelegateImpl::MapUrlToLocalFilePath( |
| bool use_blocking_api, |
| const base::FilePath& profile_directory, |
| base::FilePath* file_path) { |
| - // Get the profile associated with the renderer. |
| - Profile* profile = profile_manager_->GetProfileByPath(profile_directory); |
| - if (!profile) |
| - return false; |
| - |
| scoped_refptr<extensions::InfoMap> extension_info_map = |
| - extensions::ExtensionSystem::Get(profile)->info_map(); |
| - DCHECK(extension_info_map); |
| - |
| + GetExtensionInfoMap(profile_directory); |
| // Check that the URL is recognized by the extension system. |
| const extensions::Extension* extension = |
| extension_info_map->extensions().GetExtensionOrAppByURL(file_url); |
| @@ -279,3 +283,23 @@ content::BrowserPpapiHost::OnKeepaliveCallback |
| NaClBrowserDelegateImpl::GetOnKeepaliveCallback() { |
| return base::Bind(&OnKeepalive); |
| } |
| + |
| +bool NaClBrowserDelegateImpl::IsNonSfiModeAllowed( |
| + const base::FilePath& profile_directory, |
| + const GURL& manifest_url) { |
| + const extensions::ExtensionSet* extension_set = |
| + &GetExtensionInfoMap(profile_directory)->extensions(); |
| + return chrome::IsExtensionOrSharedModuleWhitelisted( |
| + manifest_url, extension_set, allowed_nonsfi_origins_); |
| +} |
| + |
| +scoped_refptr<extensions::InfoMap> NaClBrowserDelegateImpl::GetExtensionInfoMap( |
| + const base::FilePath& profile_directory) { |
| + // Get the profile associated with the renderer. |
| + Profile* profile = profile_manager_->GetProfileByPath(profile_directory); |
| + DCHECK(profile); |
| + scoped_refptr<extensions::InfoMap> extension_info_map = |
| + extensions::ExtensionSystem::Get(profile)->info_map(); |
| + DCHECK(extension_info_map); |
| + return extension_info_map; |
| +} |
