Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(269)

Side by Side Diff: components/nacl/renderer/ppb_nacl_private_impl.cc

Issue 649603004: Non-SFI NaCl: Batch-open resource files (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: address comments Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/nacl/renderer/ppb_nacl_private_impl.h" 5 #include "components/nacl/renderer/ppb_nacl_private_impl.h"
6 6
7 #include <numeric> 7 #include <numeric>
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after
82 if (!render_thread) 82 if (!render_thread)
83 return false; 83 return false;
84 if (!g_pnacl_resource_host.Get().get()) { 84 if (!g_pnacl_resource_host.Get().get()) {
85 g_pnacl_resource_host.Get() = new PnaclTranslationResourceHost( 85 g_pnacl_resource_host.Get() = new PnaclTranslationResourceHost(
86 render_thread->GetIOMessageLoopProxy()); 86 render_thread->GetIOMessageLoopProxy());
87 render_thread->AddFilter(g_pnacl_resource_host.Get().get()); 87 render_thread->AddFilter(g_pnacl_resource_host.Get().get());
88 } 88 }
89 return true; 89 return true;
90 } 90 }
91 91
92 bool CheckSecurityOrigin(content::PepperPluginInstance* plugin_instance,
Mark Seaborn 2015/03/04 05:07:31 If the SchemeIs("chrome-extension") check moves he
Yusuke Sato 2015/03/04 18:45:49 Done.
93 const GURL& gurl) {
94 // IMPORTANT: Make sure the document can request the given URL. If we don't
95 // check, a malicious app could probe the extension system. This enforces a
96 // same-origin policy which prevents the app from requesting resources from
97 // another app.
98 blink::WebSecurityOrigin security_origin =
99 plugin_instance->GetContainer()->element().document().securityOrigin();
100 return security_origin.canRequest(gurl);
101 }
102
92 // This contains state that is produced by LaunchSelLdr() and consumed 103 // This contains state that is produced by LaunchSelLdr() and consumed
93 // by StartPpapiProxy(). 104 // by StartPpapiProxy().
94 struct InstanceInfo { 105 struct InstanceInfo {
95 InstanceInfo() : plugin_pid(base::kNullProcessId), plugin_child_id(0) {} 106 InstanceInfo() : plugin_pid(base::kNullProcessId), plugin_child_id(0) {}
96 GURL url; 107 GURL url;
97 ppapi::PpapiPermissions permissions; 108 ppapi::PpapiPermissions permissions;
98 base::ProcessId plugin_pid; 109 base::ProcessId plugin_pid;
99 int plugin_child_id; 110 int plugin_child_id;
100 IPC::ChannelHandle channel_handle; 111 IPC::ChannelHandle channel_handle;
101 }; 112 };
(...skipping 266 matching lines...) Expand 10 before | Expand all | Expand 10 after
368 // destructed (without passing it to ManifestServiceChannel). 379 // destructed (without passing it to ManifestServiceChannel).
369 scoped_ptr<ManifestServiceChannel::Delegate> manifest_service_proxy( 380 scoped_ptr<ManifestServiceChannel::Delegate> manifest_service_proxy(
370 new ManifestServiceProxy(instance, process_type)); 381 new ManifestServiceProxy(instance, process_type));
371 382
372 FileDescriptor result_socket; 383 FileDescriptor result_socket;
373 IPC::Sender* sender = content::RenderThread::Get(); 384 IPC::Sender* sender = content::RenderThread::Get();
374 DCHECK(sender); 385 DCHECK(sender);
375 int routing_id = GetRoutingID(instance); 386 int routing_id = GetRoutingID(instance);
376 NexeLoadManager* load_manager = GetNexeLoadManager(instance); 387 NexeLoadManager* load_manager = GetNexeLoadManager(instance);
377 DCHECK(load_manager); 388 DCHECK(load_manager);
378 if (!routing_id || !load_manager) { 389 content::PepperPluginInstance* plugin_instance =
390 content::PepperPluginInstance::Get(instance);
391 DCHECK(plugin_instance);
392 if (!routing_id || !load_manager || !plugin_instance) {
379 if (nexe_file_info->handle != PP_kInvalidFileHandle) { 393 if (nexe_file_info->handle != PP_kInvalidFileHandle) {
380 base::File closer(nexe_file_info->handle); 394 base::File closer(nexe_file_info->handle);
381 } 395 }
382 ppapi::PpapiGlobals::Get()->GetMainThreadMessageLoop()->PostTask( 396 ppapi::PpapiGlobals::Get()->GetMainThreadMessageLoop()->PostTask(
383 FROM_HERE, base::Bind(callback.func, callback.user_data, 397 FROM_HERE, base::Bind(callback.func, callback.user_data,
384 static_cast<int32_t>(PP_ERROR_FAILED))); 398 static_cast<int32_t>(PP_ERROR_FAILED)));
385 return; 399 return;
386 } 400 }
387 401
388 InstanceInfo instance_info; 402 InstanceInfo instance_info;
389 instance_info.url = GURL(alleged_url); 403 instance_info.url = GURL(alleged_url);
390 404
391 uint32_t perm_bits = ppapi::PERMISSION_NONE; 405 uint32_t perm_bits = ppapi::PERMISSION_NONE;
392 // Conditionally block 'Dev' interfaces. We do this for the NaCl process, so 406 // Conditionally block 'Dev' interfaces. We do this for the NaCl process, so
393 // it's clearer to developers when they are using 'Dev' inappropriately. We 407 // it's clearer to developers when they are using 'Dev' inappropriately. We
394 // must also check on the trusted side of the proxy. 408 // must also check on the trusted side of the proxy.
395 if (load_manager->DevInterfacesEnabled()) 409 if (load_manager->DevInterfacesEnabled())
396 perm_bits |= ppapi::PERMISSION_DEV; 410 perm_bits |= ppapi::PERMISSION_DEV;
397 instance_info.permissions = 411 instance_info.permissions =
398 ppapi::PpapiPermissions::GetForCommandLine(perm_bits); 412 ppapi::PpapiPermissions::GetForCommandLine(perm_bits);
399 std::string error_message_string; 413 std::string error_message_string;
400 NaClLaunchResult launch_result; 414 NaClLaunchResult launch_result;
401 415
402 IPC::PlatformFileForTransit nexe_for_transit = 416 IPC::PlatformFileForTransit nexe_for_transit =
403 IPC::InvalidPlatformFileForTransit(); 417 IPC::InvalidPlatformFileForTransit();
418
419 std::vector<std::pair<
420 std::string /*url*/, std::string /*key*/> > resource_files_to_prefetch;
421 if (process_type == kNativeNaClProcessType) {
Mark Seaborn 2015/03/04 05:07:31 This should be conditionalised on Non-SFI mode for
Yusuke Sato 2015/03/04 18:45:49 Done.
422 JsonManifest* manifest = GetJsonManifest(instance);
423 if (manifest)
424 manifest->GetPrefetchableFiles(&resource_files_to_prefetch);
425 for (size_t i = 0; i < resource_files_to_prefetch.size(); ++i) {
426 const GURL gurl(resource_files_to_prefetch[i].first);
427 DCHECK(gurl.SchemeIs("chrome-extension"));
Mark Seaborn 2015/03/04 05:07:30 I had in mind that this check would move into Chec
Yusuke Sato 2015/03/04 18:45:50 Done. Removed.
428 // IMPORTANT SECURITY CHECK. DO NOT REMOVE.
Mark Seaborn 2015/03/04 05:07:31 Nit: doesn't really need caps. :-) The caps are k
Yusuke Sato 2015/03/04 18:45:49 Done.
429 if (!CheckSecurityOrigin(plugin_instance, gurl)) {
430 resource_files_to_prefetch.clear();
431 break;
432 }
433 }
434 }
435
404 #if defined(OS_POSIX) 436 #if defined(OS_POSIX)
405 if (nexe_file_info->handle != PP_kInvalidFileHandle) 437 if (nexe_file_info->handle != PP_kInvalidFileHandle)
406 nexe_for_transit = base::FileDescriptor(nexe_file_info->handle, true); 438 nexe_for_transit = base::FileDescriptor(nexe_file_info->handle, true);
407 #elif defined(OS_WIN) 439 #elif defined(OS_WIN)
408 // Duplicate the handle on the browser side instead of the renderer. 440 // Duplicate the handle on the browser side instead of the renderer.
409 // This is because BrokerGetFileForProcess isn't part of content/public, and 441 // This is because BrokerGetFileForProcess isn't part of content/public, and
410 // it's simpler to do the duplication in the browser anyway. 442 // it's simpler to do the duplication in the browser anyway.
411 nexe_for_transit = nexe_file_info->handle; 443 nexe_for_transit = nexe_file_info->handle;
412 #else 444 #else
413 #error Unsupported target platform. 445 #error Unsupported target platform.
414 #endif 446 #endif
415 if (!sender->Send(new NaClHostMsg_LaunchNaCl( 447 if (!sender->Send(new NaClHostMsg_LaunchNaCl(
416 NaClLaunchParams( 448 NaClLaunchParams(
417 instance_info.url.spec(), 449 instance_info.url.spec(),
418 nexe_for_transit, 450 nexe_for_transit,
419 nexe_file_info->token_lo, 451 nexe_file_info->token_lo,
420 nexe_file_info->token_hi, 452 nexe_file_info->token_hi,
453 resource_files_to_prefetch,
421 routing_id, 454 routing_id,
422 perm_bits, 455 perm_bits,
423 PP_ToBool(uses_nonsfi_mode), 456 PP_ToBool(uses_nonsfi_mode),
424 process_type), 457 process_type),
425 &launch_result, 458 &launch_result,
426 &error_message_string))) { 459 &error_message_string))) {
427 ppapi::PpapiGlobals::Get()->GetMainThreadMessageLoop()->PostTask( 460 ppapi::PpapiGlobals::Get()->GetMainThreadMessageLoop()->PostTask(
428 FROM_HERE, 461 FROM_HERE,
429 base::Bind(callback.func, callback.user_data, 462 base::Bind(callback.func, callback.user_data,
430 static_cast<int32_t>(PP_ERROR_FAILED))); 463 static_cast<int32_t>(PP_ERROR_FAILED)));
(...skipping 275 matching lines...) Expand 10 before | Expand all | Expand 10 after
706 nacl_plugin_instance->pexe_size = pexe_size; 739 nacl_plugin_instance->pexe_size = pexe_size;
707 } 740 }
708 } 741 }
709 742
710 PP_FileHandle OpenNaClExecutable(PP_Instance instance, 743 PP_FileHandle OpenNaClExecutable(PP_Instance instance,
711 const char* file_url, 744 const char* file_url,
712 uint64_t* nonce_lo, 745 uint64_t* nonce_lo,
713 uint64_t* nonce_hi) { 746 uint64_t* nonce_hi) {
714 // Fast path only works for installed file URLs. 747 // Fast path only works for installed file URLs.
715 GURL gurl(file_url); 748 GURL gurl(file_url);
716 if (!gurl.SchemeIs("chrome-extension")) 749 if (!gurl.SchemeIs("chrome-extension"))
Mark Seaborn 2015/03/04 05:07:30 Ditto: I had in mind that this check would move in
Yusuke Sato 2015/03/04 18:45:49 Done.
717 return PP_kInvalidFileHandle; 750 return PP_kInvalidFileHandle;
718 751
719 NexeLoadManager* load_manager = GetNexeLoadManager(instance); 752 NexeLoadManager* load_manager = GetNexeLoadManager(instance);
720 DCHECK(load_manager); 753 DCHECK(load_manager);
721 if (!load_manager) 754 if (!load_manager)
722 return PP_kInvalidFileHandle; 755 return PP_kInvalidFileHandle;
723 756
724 content::PepperPluginInstance* plugin_instance = 757 content::PepperPluginInstance* plugin_instance =
725 content::PepperPluginInstance::Get(instance); 758 content::PepperPluginInstance::Get(instance);
726 if (!plugin_instance) 759 if (!plugin_instance)
727 return PP_kInvalidFileHandle; 760 return PP_kInvalidFileHandle;
728 // IMPORTANT: Make sure the document can request the given URL. If we don't 761
729 // check, a malicious app could probe the extension system. This enforces a 762 // IMPORTANT SECURITY CHECK. DO NOT REMOVE.
730 // same-origin policy which prevents the app from requesting resources from 763 if (!CheckSecurityOrigin(plugin_instance, gurl))
731 // another app.
732 blink::WebSecurityOrigin security_origin =
733 plugin_instance->GetContainer()->element().document().securityOrigin();
734 if (!security_origin.canRequest(gurl))
735 return PP_kInvalidFileHandle; 764 return PP_kInvalidFileHandle;
736 765
737 IPC::PlatformFileForTransit out_fd = IPC::InvalidPlatformFileForTransit(); 766 IPC::PlatformFileForTransit out_fd = IPC::InvalidPlatformFileForTransit();
738 IPC::Sender* sender = content::RenderThread::Get(); 767 IPC::Sender* sender = content::RenderThread::Get();
739 DCHECK(sender); 768 DCHECK(sender);
740 *nonce_lo = 0; 769 *nonce_lo = 0;
741 *nonce_hi = 0; 770 *nonce_hi = 0;
742 base::FilePath file_path; 771 base::FilePath file_path;
743 if (!sender->Send( 772 if (!sender->Send(
744 new NaClHostMsg_OpenNaClExecutable(GetRoutingID(instance), 773 new NaClHostMsg_OpenNaClExecutable(GetRoutingID(instance),
(...skipping 906 matching lines...) Expand 10 before | Expand all | Expand 10 after
1651 &StreamPexe 1680 &StreamPexe
1652 }; 1681 };
1653 1682
1654 } // namespace 1683 } // namespace
1655 1684
1656 const PPB_NaCl_Private* GetNaClPrivateInterface() { 1685 const PPB_NaCl_Private* GetNaClPrivateInterface() {
1657 return &nacl_interface; 1686 return &nacl_interface;
1658 } 1687 }
1659 1688
1660 } // namespace nacl 1689 } // namespace nacl
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698