Pepper: Whitelist dev channel APIs for some apps.

components/nacl/browser/nacl_host_message_filter.cc

Index: components/nacl/browser/nacl_host_message_filter.cc
diff --git a/components/nacl/browser/nacl_host_message_filter.cc b/components/nacl/browser/nacl_host_message_filter.cc
index a71f419358b74d586fa80c269b809f6973e2bd05..16f55929e2673bfb8d71622c75ae9ad28c00ea58 100644
--- a/components/nacl/browser/nacl_host_message_filter.cc
+++ b/components/nacl/browser/nacl_host_message_filter.cc
@@ -10,13 +10,56 @@
 #include "components/nacl/browser/nacl_process_host.h"
 #include "components/nacl/browser/pnacl_host.h"
 #include "components/nacl/common/nacl_host_messages.h"
+#include "content/public/browser/browser_thread.h"
+#include "content/public/browser/plugin_service.h"
+#include "content/public/browser/render_process_host.h"
+#include "content/public/browser/web_contents.h"
 #include "ipc/ipc_platform_file.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_context_getter.h"
+#include "ppapi/shared_impl/ppapi_permissions.h"
 #include "url/gurl.h"
 
 namespace nacl {
 
+namespace {
+
+ppapi::PpapiPermissions GetNaClPermissions(
+    uint32 permission_bits,
+    content::BrowserContext* browser_context,
+    const GURL& document_url) {
+  // Only allow NaCl plugins to request certain permissions. We don't want
+  // a compromised renderer to be able to start a nacl plugin with e.g. Flash
+  // permissions which may expand the surface area of the sandbox.
+  uint32 masked_bits = permission_bits & ppapi::PERMISSION_DEV;
+  if (content::PluginService::GetInstance()->PpapiDevChannelSupported(
+          browser_context, document_url))
+    masked_bits |= ppapi::PERMISSION_DEV_CHANNEL;
+  return ppapi::PpapiPermissions::GetForCommandLine(masked_bits);
+}
+
+
+ppapi::PpapiPermissions GetPpapiPermissions(uint32 permission_bits,
+                                            int render_process_id,
+                                            int render_view_id) {
+  // We get the URL from WebContents from the RenderViewHost, since we don't
+  // have a BrowserPpapiHost yet.
+  content::RenderProcessHost* host =
+      content::RenderProcessHost::FromID(render_process_id);
+  content::RenderViewHost* view_host =
+      content::RenderViewHost::FromID(render_process_id, render_view_id);
+  GURL document_url;
+  content::WebContents* contents =
+      content::WebContents::FromRenderViewHost(view_host);
+  if (contents)
+    document_url = contents->GetLastCommittedURL();
+  return GetNaClPermissions(permission_bits,
+                            host->GetBrowserContext(),
+                            document_url);
+}
+
+}  // namespace
+
 NaClHostMessageFilter::NaClHostMessageFilter(
     int render_process_id,
     bool is_off_the_record,
@@ -72,8 +115,35 @@ net::HostResolver* NaClHostMessageFilter::GetHostResolver() {
 void NaClHostMessageFilter::OnLaunchNaCl(
     const nacl::NaClLaunchParams& launch_params,
     IPC::Message* reply_msg) {
+  // PNaCl hack
+  if (!launch_params.enable_dyncode_syscalls) {
+    uint32 perms = launch_params.permission_bits & ppapi::PERMISSION_DEV;
+    LaunchNaClContinuation(
+        launch_params,
+        reply_msg,
+        ppapi::PpapiPermissions(perms));
+    return;
+  }
+  content::BrowserThread::PostTaskAndReplyWithResult(
+      content::BrowserThread::UI,
+      FROM_HERE,
+      base::Bind(&GetPpapiPermissions,
+                 launch_params.permission_bits,
+                 render_process_id_,
+                 launch_params.render_view_id),
+      base::Bind(&NaClHostMessageFilter::LaunchNaClContinuation,
+                 this,
+                 launch_params,
+                 reply_msg));
+}
+
+void NaClHostMessageFilter::LaunchNaClContinuation(
+    const nacl::NaClLaunchParams& launch_params,
+    IPC::Message* reply_msg,
+    ppapi::PpapiPermissions permissions) {
   NaClProcessHost* host = new NaClProcessHost(
       GURL(launch_params.manifest_url),
+      permissions,
       launch_params.render_view_id,
       launch_params.permission_bits,
       launch_params.uses_irt,