Non-SFI NaCl: Batch-open resource files

components/nacl/renderer/ppb_nacl_private_impl.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/nacl/renderer/ppb_nacl_private_impl.h"
 
 #include <numeric>
 #include <string>
 #include <vector>
 
@@ skipping 357 matching lines @@
   // destructed (without passing it to ManifestServiceChannel).
   scoped_ptr<ManifestServiceChannel::Delegate> manifest_service_proxy(
       new ManifestServiceProxy(instance, process_type));
 
   FileDescriptor result_socket;
   IPC::Sender* sender = content::RenderThread::Get();
   DCHECK(sender);
   int routing_id = GetRoutingID(instance);
   NexeLoadManager* load_manager = GetNexeLoadManager(instance);
   DCHECK(load_manager);
-  if (!routing_id || !load_manager) {
+  content::PepperPluginInstance* plugin_instance =
+      content::PepperPluginInstance::Get(instance);
+  DCHECK(plugin_instance);
+  if (!routing_id || !load_manager || !plugin_instance) {
     if (nexe_file_info->handle != PP_kInvalidFileHandle) {
       base::File closer(nexe_file_info->handle);
     }
     ppapi::PpapiGlobals::Get()->GetMainThreadMessageLoop()->PostTask(
         FROM_HERE, base::Bind(callback.func, callback.user_data,
                               static_cast<int32_t>(PP_ERROR_FAILED)));
     return;
   }
 
   InstanceInfo instance_info;
   instance_info.url = GURL(alleged_url);
 
   uint32_t perm_bits = ppapi::PERMISSION_NONE;
   // Conditionally block 'Dev' interfaces. We do this for the NaCl process, so
   // it's clearer to developers when they are using 'Dev' inappropriately. We
   // must also check on the trusted side of the proxy.
   if (load_manager->DevInterfacesEnabled())
     perm_bits |= ppapi::PERMISSION_DEV;
   instance_info.permissions =
       ppapi::PpapiPermissions::GetForCommandLine(perm_bits);
   std::string error_message_string;
   NaClLaunchResult launch_result;
 
   IPC::PlatformFileForTransit nexe_for_transit =
       IPC::InvalidPlatformFileForTransit();
+
+  std::vector<std::pair<
+    std::string /*url*/, std::string /*key*/> > prefetched_resource_files;

[Mark Seaborn, 2015/02/25 20:01:24]

How about "resource_files_to_prefetch", since they're not prefetched yet?

[Yusuke Sato, 2015/03/01 06:59:37]

Done.

+  if (process_type == kNativeNaClProcessType) {
+    JsonManifest* manifest = GetJsonManifest(instance);
+    if (manifest)
+      manifest->GetPrefetchableFiles(&prefetched_resource_files);
+    blink::WebSecurityOrigin security_origin =
+        plugin_instance->GetContainer()->element().document().securityOrigin();
+    for (size_t i = 0; i < prefetched_resource_files.size(); ++i) {
+      const GURL gurl(prefetched_resource_files[i].first);
+      DCHECK(gurl.SchemeIs("chrome-extension"));
+      // IMPORTANT SECURITY CHECK: See the comment in OpenNaClResources().

[Mark Seaborn, 2015/02/25 20:01:24]

OpenNaClResources() no longer exists, I think.

[Yusuke Sato, 2015/03/01 06:59:37]

Removed the comment

+      if (!security_origin.canRequest(gurl)) {

[Mark Seaborn, 2015/02/25 20:01:24]

Duplicating the two checks that OpenNaClExecutable() worries me a little in case
they get out of sync.  Could you split the checks into a separate function and
use that here?

I suspect that
plugin_instance->GetContainer()->element().document().securityOrigin() isn't
expensive enough that calling it once per file would matter if this is split
out.

[Yusuke Sato, 2015/03/01 06:59:37]

Done.

+        prefetched_resource_files.clear();
+        break;
+      }
+    }
+  }
+
 #if defined(OS_POSIX)
   if (nexe_file_info->handle != PP_kInvalidFileHandle)
     nexe_for_transit = base::FileDescriptor(nexe_file_info->handle, true);
 #elif defined(OS_WIN)
   // Duplicate the handle on the browser side instead of the renderer.
   // This is because BrokerGetFileForProcess isn't part of content/public, and
   // it's simpler to do the duplication in the browser anyway.
   nexe_for_transit = nexe_file_info->handle;
 #else
 #error Unsupported target platform.
 #endif
   if (!sender->Send(new NaClHostMsg_LaunchNaCl(
           NaClLaunchParams(
               instance_info.url.spec(),
               nexe_for_transit,
               nexe_file_info->token_lo,
               nexe_file_info->token_hi,
+              prefetched_resource_files,
               routing_id,
               perm_bits,
               PP_ToBool(uses_nonsfi_mode),
               process_type),
           &launch_result,
           &error_message_string))) {
     ppapi::PpapiGlobals::Get()->GetMainThreadMessageLoop()->PostTask(
         FROM_HERE,
         base::Bind(callback.func, callback.user_data,
                    static_cast<int32_t>(PP_ERROR_FAILED)));
@@ skipping 1220 matching lines @@
   &StreamPexe
 };
 
 }  // namespace
 
 const PPB_NaCl_Private* GetNaClPrivateInterface() {
   return &nacl_interface;
 }
 
 }  // namespace nacl