OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/nacl/renderer/ppb_nacl_private_impl.h" | 5 #include "components/nacl/renderer/ppb_nacl_private_impl.h" |
6 | 6 |
7 #include <numeric> | 7 #include <numeric> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
82 if (!render_thread) | 82 if (!render_thread) |
83 return false; | 83 return false; |
84 if (!g_pnacl_resource_host.Get().get()) { | 84 if (!g_pnacl_resource_host.Get().get()) { |
85 g_pnacl_resource_host.Get() = new PnaclTranslationResourceHost( | 85 g_pnacl_resource_host.Get() = new PnaclTranslationResourceHost( |
86 render_thread->GetIOMessageLoopProxy()); | 86 render_thread->GetIOMessageLoopProxy()); |
87 render_thread->AddFilter(g_pnacl_resource_host.Get().get()); | 87 render_thread->AddFilter(g_pnacl_resource_host.Get().get()); |
88 } | 88 } |
89 return true; | 89 return true; |
90 } | 90 } |
91 | 91 |
92 bool CheckSecurityOrigin(content::PepperPluginInstance* plugin_instance, | |
Mark Seaborn
2015/03/04 05:07:31
If the SchemeIs("chrome-extension") check moves he
Yusuke Sato
2015/03/04 18:45:49
Done.
| |
93 const GURL& gurl) { | |
94 // IMPORTANT: Make sure the document can request the given URL. If we don't | |
95 // check, a malicious app could probe the extension system. This enforces a | |
96 // same-origin policy which prevents the app from requesting resources from | |
97 // another app. | |
98 blink::WebSecurityOrigin security_origin = | |
99 plugin_instance->GetContainer()->element().document().securityOrigin(); | |
100 return security_origin.canRequest(gurl); | |
101 } | |
102 | |
92 // This contains state that is produced by LaunchSelLdr() and consumed | 103 // This contains state that is produced by LaunchSelLdr() and consumed |
93 // by StartPpapiProxy(). | 104 // by StartPpapiProxy(). |
94 struct InstanceInfo { | 105 struct InstanceInfo { |
95 InstanceInfo() : plugin_pid(base::kNullProcessId), plugin_child_id(0) {} | 106 InstanceInfo() : plugin_pid(base::kNullProcessId), plugin_child_id(0) {} |
96 GURL url; | 107 GURL url; |
97 ppapi::PpapiPermissions permissions; | 108 ppapi::PpapiPermissions permissions; |
98 base::ProcessId plugin_pid; | 109 base::ProcessId plugin_pid; |
99 int plugin_child_id; | 110 int plugin_child_id; |
100 IPC::ChannelHandle channel_handle; | 111 IPC::ChannelHandle channel_handle; |
101 }; | 112 }; |
(...skipping 266 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
368 // destructed (without passing it to ManifestServiceChannel). | 379 // destructed (without passing it to ManifestServiceChannel). |
369 scoped_ptr<ManifestServiceChannel::Delegate> manifest_service_proxy( | 380 scoped_ptr<ManifestServiceChannel::Delegate> manifest_service_proxy( |
370 new ManifestServiceProxy(instance, process_type)); | 381 new ManifestServiceProxy(instance, process_type)); |
371 | 382 |
372 FileDescriptor result_socket; | 383 FileDescriptor result_socket; |
373 IPC::Sender* sender = content::RenderThread::Get(); | 384 IPC::Sender* sender = content::RenderThread::Get(); |
374 DCHECK(sender); | 385 DCHECK(sender); |
375 int routing_id = GetRoutingID(instance); | 386 int routing_id = GetRoutingID(instance); |
376 NexeLoadManager* load_manager = GetNexeLoadManager(instance); | 387 NexeLoadManager* load_manager = GetNexeLoadManager(instance); |
377 DCHECK(load_manager); | 388 DCHECK(load_manager); |
378 if (!routing_id || !load_manager) { | 389 content::PepperPluginInstance* plugin_instance = |
390 content::PepperPluginInstance::Get(instance); | |
391 DCHECK(plugin_instance); | |
392 if (!routing_id || !load_manager || !plugin_instance) { | |
379 if (nexe_file_info->handle != PP_kInvalidFileHandle) { | 393 if (nexe_file_info->handle != PP_kInvalidFileHandle) { |
380 base::File closer(nexe_file_info->handle); | 394 base::File closer(nexe_file_info->handle); |
381 } | 395 } |
382 ppapi::PpapiGlobals::Get()->GetMainThreadMessageLoop()->PostTask( | 396 ppapi::PpapiGlobals::Get()->GetMainThreadMessageLoop()->PostTask( |
383 FROM_HERE, base::Bind(callback.func, callback.user_data, | 397 FROM_HERE, base::Bind(callback.func, callback.user_data, |
384 static_cast<int32_t>(PP_ERROR_FAILED))); | 398 static_cast<int32_t>(PP_ERROR_FAILED))); |
385 return; | 399 return; |
386 } | 400 } |
387 | 401 |
388 InstanceInfo instance_info; | 402 InstanceInfo instance_info; |
389 instance_info.url = GURL(alleged_url); | 403 instance_info.url = GURL(alleged_url); |
390 | 404 |
391 uint32_t perm_bits = ppapi::PERMISSION_NONE; | 405 uint32_t perm_bits = ppapi::PERMISSION_NONE; |
392 // Conditionally block 'Dev' interfaces. We do this for the NaCl process, so | 406 // Conditionally block 'Dev' interfaces. We do this for the NaCl process, so |
393 // it's clearer to developers when they are using 'Dev' inappropriately. We | 407 // it's clearer to developers when they are using 'Dev' inappropriately. We |
394 // must also check on the trusted side of the proxy. | 408 // must also check on the trusted side of the proxy. |
395 if (load_manager->DevInterfacesEnabled()) | 409 if (load_manager->DevInterfacesEnabled()) |
396 perm_bits |= ppapi::PERMISSION_DEV; | 410 perm_bits |= ppapi::PERMISSION_DEV; |
397 instance_info.permissions = | 411 instance_info.permissions = |
398 ppapi::PpapiPermissions::GetForCommandLine(perm_bits); | 412 ppapi::PpapiPermissions::GetForCommandLine(perm_bits); |
399 std::string error_message_string; | 413 std::string error_message_string; |
400 NaClLaunchResult launch_result; | 414 NaClLaunchResult launch_result; |
401 | 415 |
402 IPC::PlatformFileForTransit nexe_for_transit = | 416 IPC::PlatformFileForTransit nexe_for_transit = |
403 IPC::InvalidPlatformFileForTransit(); | 417 IPC::InvalidPlatformFileForTransit(); |
418 | |
419 std::vector<std::pair< | |
420 std::string /*url*/, std::string /*key*/> > resource_files_to_prefetch; | |
421 if (process_type == kNativeNaClProcessType) { | |
Mark Seaborn
2015/03/04 05:07:31
This should be conditionalised on Non-SFI mode for
Yusuke Sato
2015/03/04 18:45:49
Done.
| |
422 JsonManifest* manifest = GetJsonManifest(instance); | |
423 if (manifest) | |
424 manifest->GetPrefetchableFiles(&resource_files_to_prefetch); | |
425 for (size_t i = 0; i < resource_files_to_prefetch.size(); ++i) { | |
426 const GURL gurl(resource_files_to_prefetch[i].first); | |
427 DCHECK(gurl.SchemeIs("chrome-extension")); | |
Mark Seaborn
2015/03/04 05:07:30
I had in mind that this check would move into Chec
Yusuke Sato
2015/03/04 18:45:50
Done. Removed.
| |
428 // IMPORTANT SECURITY CHECK. DO NOT REMOVE. | |
Mark Seaborn
2015/03/04 05:07:31
Nit: doesn't really need caps. :-)
The caps are k
Yusuke Sato
2015/03/04 18:45:49
Done.
| |
429 if (!CheckSecurityOrigin(plugin_instance, gurl)) { | |
430 resource_files_to_prefetch.clear(); | |
431 break; | |
432 } | |
433 } | |
434 } | |
435 | |
404 #if defined(OS_POSIX) | 436 #if defined(OS_POSIX) |
405 if (nexe_file_info->handle != PP_kInvalidFileHandle) | 437 if (nexe_file_info->handle != PP_kInvalidFileHandle) |
406 nexe_for_transit = base::FileDescriptor(nexe_file_info->handle, true); | 438 nexe_for_transit = base::FileDescriptor(nexe_file_info->handle, true); |
407 #elif defined(OS_WIN) | 439 #elif defined(OS_WIN) |
408 // Duplicate the handle on the browser side instead of the renderer. | 440 // Duplicate the handle on the browser side instead of the renderer. |
409 // This is because BrokerGetFileForProcess isn't part of content/public, and | 441 // This is because BrokerGetFileForProcess isn't part of content/public, and |
410 // it's simpler to do the duplication in the browser anyway. | 442 // it's simpler to do the duplication in the browser anyway. |
411 nexe_for_transit = nexe_file_info->handle; | 443 nexe_for_transit = nexe_file_info->handle; |
412 #else | 444 #else |
413 #error Unsupported target platform. | 445 #error Unsupported target platform. |
414 #endif | 446 #endif |
415 if (!sender->Send(new NaClHostMsg_LaunchNaCl( | 447 if (!sender->Send(new NaClHostMsg_LaunchNaCl( |
416 NaClLaunchParams( | 448 NaClLaunchParams( |
417 instance_info.url.spec(), | 449 instance_info.url.spec(), |
418 nexe_for_transit, | 450 nexe_for_transit, |
419 nexe_file_info->token_lo, | 451 nexe_file_info->token_lo, |
420 nexe_file_info->token_hi, | 452 nexe_file_info->token_hi, |
453 resource_files_to_prefetch, | |
421 routing_id, | 454 routing_id, |
422 perm_bits, | 455 perm_bits, |
423 PP_ToBool(uses_nonsfi_mode), | 456 PP_ToBool(uses_nonsfi_mode), |
424 process_type), | 457 process_type), |
425 &launch_result, | 458 &launch_result, |
426 &error_message_string))) { | 459 &error_message_string))) { |
427 ppapi::PpapiGlobals::Get()->GetMainThreadMessageLoop()->PostTask( | 460 ppapi::PpapiGlobals::Get()->GetMainThreadMessageLoop()->PostTask( |
428 FROM_HERE, | 461 FROM_HERE, |
429 base::Bind(callback.func, callback.user_data, | 462 base::Bind(callback.func, callback.user_data, |
430 static_cast<int32_t>(PP_ERROR_FAILED))); | 463 static_cast<int32_t>(PP_ERROR_FAILED))); |
(...skipping 275 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
706 nacl_plugin_instance->pexe_size = pexe_size; | 739 nacl_plugin_instance->pexe_size = pexe_size; |
707 } | 740 } |
708 } | 741 } |
709 | 742 |
710 PP_FileHandle OpenNaClExecutable(PP_Instance instance, | 743 PP_FileHandle OpenNaClExecutable(PP_Instance instance, |
711 const char* file_url, | 744 const char* file_url, |
712 uint64_t* nonce_lo, | 745 uint64_t* nonce_lo, |
713 uint64_t* nonce_hi) { | 746 uint64_t* nonce_hi) { |
714 // Fast path only works for installed file URLs. | 747 // Fast path only works for installed file URLs. |
715 GURL gurl(file_url); | 748 GURL gurl(file_url); |
716 if (!gurl.SchemeIs("chrome-extension")) | 749 if (!gurl.SchemeIs("chrome-extension")) |
Mark Seaborn
2015/03/04 05:07:30
Ditto: I had in mind that this check would move in
Yusuke Sato
2015/03/04 18:45:49
Done.
| |
717 return PP_kInvalidFileHandle; | 750 return PP_kInvalidFileHandle; |
718 | 751 |
719 NexeLoadManager* load_manager = GetNexeLoadManager(instance); | 752 NexeLoadManager* load_manager = GetNexeLoadManager(instance); |
720 DCHECK(load_manager); | 753 DCHECK(load_manager); |
721 if (!load_manager) | 754 if (!load_manager) |
722 return PP_kInvalidFileHandle; | 755 return PP_kInvalidFileHandle; |
723 | 756 |
724 content::PepperPluginInstance* plugin_instance = | 757 content::PepperPluginInstance* plugin_instance = |
725 content::PepperPluginInstance::Get(instance); | 758 content::PepperPluginInstance::Get(instance); |
726 if (!plugin_instance) | 759 if (!plugin_instance) |
727 return PP_kInvalidFileHandle; | 760 return PP_kInvalidFileHandle; |
728 // IMPORTANT: Make sure the document can request the given URL. If we don't | 761 |
729 // check, a malicious app could probe the extension system. This enforces a | 762 // IMPORTANT SECURITY CHECK. DO NOT REMOVE. |
730 // same-origin policy which prevents the app from requesting resources from | 763 if (!CheckSecurityOrigin(plugin_instance, gurl)) |
731 // another app. | |
732 blink::WebSecurityOrigin security_origin = | |
733 plugin_instance->GetContainer()->element().document().securityOrigin(); | |
734 if (!security_origin.canRequest(gurl)) | |
735 return PP_kInvalidFileHandle; | 764 return PP_kInvalidFileHandle; |
736 | 765 |
737 IPC::PlatformFileForTransit out_fd = IPC::InvalidPlatformFileForTransit(); | 766 IPC::PlatformFileForTransit out_fd = IPC::InvalidPlatformFileForTransit(); |
738 IPC::Sender* sender = content::RenderThread::Get(); | 767 IPC::Sender* sender = content::RenderThread::Get(); |
739 DCHECK(sender); | 768 DCHECK(sender); |
740 *nonce_lo = 0; | 769 *nonce_lo = 0; |
741 *nonce_hi = 0; | 770 *nonce_hi = 0; |
742 base::FilePath file_path; | 771 base::FilePath file_path; |
743 if (!sender->Send( | 772 if (!sender->Send( |
744 new NaClHostMsg_OpenNaClExecutable(GetRoutingID(instance), | 773 new NaClHostMsg_OpenNaClExecutable(GetRoutingID(instance), |
(...skipping 906 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1651 &StreamPexe | 1680 &StreamPexe |
1652 }; | 1681 }; |
1653 | 1682 |
1654 } // namespace | 1683 } // namespace |
1655 | 1684 |
1656 const PPB_NaCl_Private* GetNaClPrivateInterface() { | 1685 const PPB_NaCl_Private* GetNaClPrivateInterface() { |
1657 return &nacl_interface; | 1686 return &nacl_interface; |
1658 } | 1687 } |
1659 | 1688 |
1660 } // namespace nacl | 1689 } // namespace nacl |
OLD | NEW |