Add a whitelist check for nacl-nonsfi mode

chrome/common/pepper_permission_util.cc

Index: chrome/common/pepper_permission_util.cc
diff --git a/chrome/common/pepper_permission_util.cc b/chrome/common/pepper_permission_util.cc
index a8e767539da0a18ca8112348597b9119d9cc604e..aedf0b7cbec19f7e843b744796c0e9320a06a524 100644
--- a/chrome/common/pepper_permission_util.cc
+++ b/chrome/common/pepper_permission_util.cc
@@ -17,6 +17,7 @@
 
 using extensions::Extension;
 using extensions::Manifest;
+using extensions::SharedModuleInfo;
 
 namespace chrome {
 
@@ -49,20 +50,24 @@ bool IsExtensionOrSharedModuleWhitelisted(
   // is whitelisted.
   const Extension* extension = extension_set ? extension_set->GetByID(host)
                                              : NULL;
-  if (extension) {
-    typedef std::vector<extensions::SharedModuleInfo::ImportInfo>
-        ImportInfoVector;
-    const ImportInfoVector& imports =
-        extensions::SharedModuleInfo::GetImports(extension);
-    for (ImportInfoVector::const_iterator it = imports.begin();
-         it != imports.end(); ++it) {
-      const Extension* imported_extension = extension_set->GetByID(
-          it->extension_id);
-      if (imported_extension &&
-          extensions::SharedModuleInfo::IsSharedModule(imported_extension) &&
-          HostIsInSet(it->extension_id, whitelist)) {
-        return true;
-      }
+  if (!extension)
+    return false;
+
+  typedef std::vector<SharedModuleInfo::ImportInfo> ImportInfoVector;
+  const ImportInfoVector& imports = SharedModuleInfo::GetImports(extension);
+  for (ImportInfoVector::const_iterator it = imports.begin();
+       it != imports.end(); ++it) {
+    const Extension* imported_extension = extension_set->GetByID(
+        it->extension_id);
+    if (imported_extension &&
+        SharedModuleInfo::IsSharedModule(imported_extension) &&
+        // We check the whitelist explicitly even though the extension should

[Mark Seaborn, 2014/05/09 02:12:31]

Could you possibly explain what this change does in the commit message, and
explain the reason?

i.e. Before the change, this implicitly whitelists extension A if it depends on
extension B which was explicitly whitelisted.  With this change, you're adding a
sanity check to ensure that B whitelisted A as being allowed to import B.

When you say "the extension should never have been allowed to be installed in
the first place", could you also say in the comment where the check for that is
implemented, for context?

[elijahtaylor1, 2014/05/09 05:37:58]

Done.  While adjusting this comment, I thought of another additional sanity
check to do for shared modules' whitelists, so I added that and a comment to
this CL.

+        // never have been allowed to be installed in the first place if this
+        // fails.
+        SharedModuleInfo::IsExportAllowedByWhitelist(imported_extension,
+                                                     host) &&
+        HostIsInSet(it->extension_id, whitelist)) {
+      return true;
     }
   }