| Index: components/nacl/browser/nacl_process_host.cc
|
| diff --git a/components/nacl/browser/nacl_process_host.cc b/components/nacl/browser/nacl_process_host.cc
|
| index cbb716c9197524929435a25d6e14e3fcdc3013b2..38a6ebd9d60d90793904d6156ef2a64bb0468948 100644
|
| --- a/components/nacl/browser/nacl_process_host.cc
|
| +++ b/components/nacl/browser/nacl_process_host.cc
|
| @@ -38,6 +38,7 @@
|
| #include "content/public/browser/browser_ppapi_host.h"
|
| #include "content/public/browser/child_process_data.h"
|
| #include "content/public/browser/plugin_service.h"
|
| +#include "content/public/browser/render_process_host.h"
|
| #include "content/public/common/child_process_host.h"
|
| #include "content/public/common/content_switches.h"
|
| #include "content/public/common/process_type.h"
|
| @@ -228,12 +229,16 @@ bool ShareHandleToSelLdr(
|
| return true;
|
| }
|
|
|
| -ppapi::PpapiPermissions GetNaClPermissions(uint32 permission_bits) {
|
| +ppapi::PpapiPermissions GetNaClPermissions(
|
| + uint32 permission_bits,
|
| + content::BrowserContext* browser_context,
|
| + const GURL& document_url) {
|
| // Only allow NaCl plugins to request certain permissions. We don't want
|
| // a compromised renderer to be able to start a nacl plugin with e.g. Flash
|
| // permissions which may expand the surface area of the sandbox.
|
| uint32 masked_bits = permission_bits & ppapi::PERMISSION_DEV;
|
| - if (content::PluginService::GetInstance()->PpapiDevChannelSupported())
|
| + if (content::PluginService::GetInstance()->PpapiDevChannelSupported(
|
| + browser_context, document_url))
|
| masked_bits |= ppapi::PERMISSION_DEV_CHANNEL;
|
| return ppapi::PpapiPermissions::GetForCommandLine(masked_bits);
|
| }
|
| @@ -256,7 +261,9 @@ struct NaClProcessHost::NaClInternal {
|
| unsigned NaClProcessHost::keepalive_throttle_interval_milliseconds_ =
|
| ppapi::kKeepaliveThrottleIntervalDefaultMilliseconds;
|
|
|
| -NaClProcessHost::NaClProcessHost(const GURL& manifest_url,
|
| +NaClProcessHost::NaClProcessHost(const GURL& document_url,
|
| + const GURL& manifest_url,
|
| + int render_process_id,
|
| int render_view_id,
|
| uint32 permission_bits,
|
| bool uses_irt,
|
| @@ -267,7 +274,6 @@ NaClProcessHost::NaClProcessHost(const GURL& manifest_url,
|
| bool off_the_record,
|
| const base::FilePath& profile_directory)
|
| : manifest_url_(manifest_url),
|
| - permissions_(GetNaClPermissions(permission_bits)),
|
| #if defined(OS_WIN)
|
| process_launched_by_broker_(false),
|
| #endif
|
| @@ -286,6 +292,12 @@ NaClProcessHost::NaClProcessHost(const GURL& manifest_url,
|
| off_the_record_(off_the_record),
|
| profile_directory_(profile_directory),
|
| render_view_id_(render_view_id) {
|
| +
|
| + content::RenderProcessHost* host =
|
| + content::RenderProcessHost::FromID(render_process_id);
|
| + permissions_ = GetNaClPermissions(permission_bits,
|
| + host->GetBrowserContext(),
|
| + document_url);
|
| process_.reset(content::BrowserChildProcessHost::Create(
|
| PROCESS_TYPE_NACL_LOADER, this));
|
|
|
|
|
Chromium Code Reviews
Issue 338523007:
Pepper: Whitelist dev channel APIs for some apps. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src