OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/nacl/renderer/ppb_nacl_private_impl.h" | 5 #include "components/nacl/renderer/ppb_nacl_private_impl.h" |
6 | 6 |
7 #include <numeric> | 7 #include <numeric> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
82 if (!render_thread) | 82 if (!render_thread) |
83 return false; | 83 return false; |
84 if (!g_pnacl_resource_host.Get().get()) { | 84 if (!g_pnacl_resource_host.Get().get()) { |
85 g_pnacl_resource_host.Get() = new PnaclTranslationResourceHost( | 85 g_pnacl_resource_host.Get() = new PnaclTranslationResourceHost( |
86 render_thread->GetIOMessageLoopProxy()); | 86 render_thread->GetIOMessageLoopProxy()); |
87 render_thread->AddFilter(g_pnacl_resource_host.Get().get()); | 87 render_thread->AddFilter(g_pnacl_resource_host.Get().get()); |
88 } | 88 } |
89 return true; | 89 return true; |
90 } | 90 } |
91 | 91 |
| 92 bool CanOpenViaFastPath(content::PepperPluginInstance* plugin_instance, |
| 93 const GURL& gurl) { |
| 94 // Fast path only works for installed file URLs. |
| 95 if (!gurl.SchemeIs("chrome-extension")) |
| 96 return PP_kInvalidFileHandle; |
| 97 |
| 98 // IMPORTANT: Make sure the document can request the given URL. If we don't |
| 99 // check, a malicious app could probe the extension system. This enforces a |
| 100 // same-origin policy which prevents the app from requesting resources from |
| 101 // another app. |
| 102 blink::WebSecurityOrigin security_origin = |
| 103 plugin_instance->GetContainer()->element().document().securityOrigin(); |
| 104 return security_origin.canRequest(gurl); |
| 105 } |
| 106 |
92 // This contains state that is produced by LaunchSelLdr() and consumed | 107 // This contains state that is produced by LaunchSelLdr() and consumed |
93 // by StartPpapiProxy(). | 108 // by StartPpapiProxy(). |
94 struct InstanceInfo { | 109 struct InstanceInfo { |
95 InstanceInfo() : plugin_pid(base::kNullProcessId), plugin_child_id(0) {} | 110 InstanceInfo() : plugin_pid(base::kNullProcessId), plugin_child_id(0) {} |
96 GURL url; | 111 GURL url; |
97 ppapi::PpapiPermissions permissions; | 112 ppapi::PpapiPermissions permissions; |
98 base::ProcessId plugin_pid; | 113 base::ProcessId plugin_pid; |
99 int plugin_child_id; | 114 int plugin_child_id; |
100 IPC::ChannelHandle channel_handle; | 115 IPC::ChannelHandle channel_handle; |
101 }; | 116 }; |
(...skipping 266 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
368 // destructed (without passing it to ManifestServiceChannel). | 383 // destructed (without passing it to ManifestServiceChannel). |
369 scoped_ptr<ManifestServiceChannel::Delegate> manifest_service_proxy( | 384 scoped_ptr<ManifestServiceChannel::Delegate> manifest_service_proxy( |
370 new ManifestServiceProxy(instance, process_type)); | 385 new ManifestServiceProxy(instance, process_type)); |
371 | 386 |
372 FileDescriptor result_socket; | 387 FileDescriptor result_socket; |
373 IPC::Sender* sender = content::RenderThread::Get(); | 388 IPC::Sender* sender = content::RenderThread::Get(); |
374 DCHECK(sender); | 389 DCHECK(sender); |
375 int routing_id = GetRoutingID(instance); | 390 int routing_id = GetRoutingID(instance); |
376 NexeLoadManager* load_manager = GetNexeLoadManager(instance); | 391 NexeLoadManager* load_manager = GetNexeLoadManager(instance); |
377 DCHECK(load_manager); | 392 DCHECK(load_manager); |
378 if (!routing_id || !load_manager) { | 393 content::PepperPluginInstance* plugin_instance = |
| 394 content::PepperPluginInstance::Get(instance); |
| 395 DCHECK(plugin_instance); |
| 396 if (!routing_id || !load_manager || !plugin_instance) { |
379 if (nexe_file_info->handle != PP_kInvalidFileHandle) { | 397 if (nexe_file_info->handle != PP_kInvalidFileHandle) { |
380 base::File closer(nexe_file_info->handle); | 398 base::File closer(nexe_file_info->handle); |
381 } | 399 } |
382 ppapi::PpapiGlobals::Get()->GetMainThreadMessageLoop()->PostTask( | 400 ppapi::PpapiGlobals::Get()->GetMainThreadMessageLoop()->PostTask( |
383 FROM_HERE, base::Bind(callback.func, callback.user_data, | 401 FROM_HERE, base::Bind(callback.func, callback.user_data, |
384 static_cast<int32_t>(PP_ERROR_FAILED))); | 402 static_cast<int32_t>(PP_ERROR_FAILED))); |
385 return; | 403 return; |
386 } | 404 } |
387 | 405 |
388 InstanceInfo instance_info; | 406 InstanceInfo instance_info; |
389 instance_info.url = GURL(alleged_url); | 407 instance_info.url = GURL(alleged_url); |
390 | 408 |
391 uint32_t perm_bits = ppapi::PERMISSION_NONE; | 409 uint32_t perm_bits = ppapi::PERMISSION_NONE; |
392 // Conditionally block 'Dev' interfaces. We do this for the NaCl process, so | 410 // Conditionally block 'Dev' interfaces. We do this for the NaCl process, so |
393 // it's clearer to developers when they are using 'Dev' inappropriately. We | 411 // it's clearer to developers when they are using 'Dev' inappropriately. We |
394 // must also check on the trusted side of the proxy. | 412 // must also check on the trusted side of the proxy. |
395 if (load_manager->DevInterfacesEnabled()) | 413 if (load_manager->DevInterfacesEnabled()) |
396 perm_bits |= ppapi::PERMISSION_DEV; | 414 perm_bits |= ppapi::PERMISSION_DEV; |
397 instance_info.permissions = | 415 instance_info.permissions = |
398 ppapi::PpapiPermissions::GetForCommandLine(perm_bits); | 416 ppapi::PpapiPermissions::GetForCommandLine(perm_bits); |
399 std::string error_message_string; | 417 std::string error_message_string; |
400 NaClLaunchResult launch_result; | 418 NaClLaunchResult launch_result; |
401 | 419 |
402 IPC::PlatformFileForTransit nexe_for_transit = | 420 IPC::PlatformFileForTransit nexe_for_transit = |
403 IPC::InvalidPlatformFileForTransit(); | 421 IPC::InvalidPlatformFileForTransit(); |
| 422 |
| 423 std::vector<std::pair< |
| 424 std::string /*key*/, std::string /*url*/> > resource_files_to_prefetch; |
| 425 if (process_type == kNativeNaClProcessType && uses_nonsfi_mode) { |
| 426 JsonManifest* manifest = GetJsonManifest(instance); |
| 427 if (manifest) |
| 428 manifest->GetPrefetchableFiles(&resource_files_to_prefetch); |
| 429 for (size_t i = 0; i < resource_files_to_prefetch.size(); ++i) { |
| 430 const GURL gurl(resource_files_to_prefetch[i].second); |
| 431 // Important security check. Do not remove. |
| 432 if (!CanOpenViaFastPath(plugin_instance, gurl)) { |
| 433 resource_files_to_prefetch.clear(); |
| 434 break; |
| 435 } |
| 436 } |
| 437 } |
| 438 |
404 #if defined(OS_POSIX) | 439 #if defined(OS_POSIX) |
405 if (nexe_file_info->handle != PP_kInvalidFileHandle) | 440 if (nexe_file_info->handle != PP_kInvalidFileHandle) |
406 nexe_for_transit = base::FileDescriptor(nexe_file_info->handle, true); | 441 nexe_for_transit = base::FileDescriptor(nexe_file_info->handle, true); |
407 #elif defined(OS_WIN) | 442 #elif defined(OS_WIN) |
408 // Duplicate the handle on the browser side instead of the renderer. | 443 // Duplicate the handle on the browser side instead of the renderer. |
409 // This is because BrokerGetFileForProcess isn't part of content/public, and | 444 // This is because BrokerGetFileForProcess isn't part of content/public, and |
410 // it's simpler to do the duplication in the browser anyway. | 445 // it's simpler to do the duplication in the browser anyway. |
411 nexe_for_transit = nexe_file_info->handle; | 446 nexe_for_transit = nexe_file_info->handle; |
412 #else | 447 #else |
413 #error Unsupported target platform. | 448 #error Unsupported target platform. |
414 #endif | 449 #endif |
415 if (!sender->Send(new NaClHostMsg_LaunchNaCl( | 450 if (!sender->Send(new NaClHostMsg_LaunchNaCl( |
416 NaClLaunchParams( | 451 NaClLaunchParams( |
417 instance_info.url.spec(), | 452 instance_info.url.spec(), |
418 nexe_for_transit, | 453 nexe_for_transit, |
419 nexe_file_info->token_lo, | 454 nexe_file_info->token_lo, |
420 nexe_file_info->token_hi, | 455 nexe_file_info->token_hi, |
| 456 resource_files_to_prefetch, |
421 routing_id, | 457 routing_id, |
422 perm_bits, | 458 perm_bits, |
423 PP_ToBool(uses_nonsfi_mode), | 459 PP_ToBool(uses_nonsfi_mode), |
424 process_type), | 460 process_type), |
425 &launch_result, | 461 &launch_result, |
426 &error_message_string))) { | 462 &error_message_string))) { |
427 ppapi::PpapiGlobals::Get()->GetMainThreadMessageLoop()->PostTask( | 463 ppapi::PpapiGlobals::Get()->GetMainThreadMessageLoop()->PostTask( |
428 FROM_HERE, | 464 FROM_HERE, |
429 base::Bind(callback.func, callback.user_data, | 465 base::Bind(callback.func, callback.user_data, |
430 static_cast<int32_t>(PP_ERROR_FAILED))); | 466 static_cast<int32_t>(PP_ERROR_FAILED))); |
(...skipping 273 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
704 NaClPluginInstance* nacl_plugin_instance = GetNaClPluginInstance(instance); | 740 NaClPluginInstance* nacl_plugin_instance = GetNaClPluginInstance(instance); |
705 if (nacl_plugin_instance) { | 741 if (nacl_plugin_instance) { |
706 nacl_plugin_instance->pexe_size = pexe_size; | 742 nacl_plugin_instance->pexe_size = pexe_size; |
707 } | 743 } |
708 } | 744 } |
709 | 745 |
710 PP_FileHandle OpenNaClExecutable(PP_Instance instance, | 746 PP_FileHandle OpenNaClExecutable(PP_Instance instance, |
711 const char* file_url, | 747 const char* file_url, |
712 uint64_t* nonce_lo, | 748 uint64_t* nonce_lo, |
713 uint64_t* nonce_hi) { | 749 uint64_t* nonce_hi) { |
714 // Fast path only works for installed file URLs. | |
715 GURL gurl(file_url); | |
716 if (!gurl.SchemeIs("chrome-extension")) | |
717 return PP_kInvalidFileHandle; | |
718 | |
719 NexeLoadManager* load_manager = GetNexeLoadManager(instance); | 750 NexeLoadManager* load_manager = GetNexeLoadManager(instance); |
720 DCHECK(load_manager); | 751 DCHECK(load_manager); |
721 if (!load_manager) | 752 if (!load_manager) |
722 return PP_kInvalidFileHandle; | 753 return PP_kInvalidFileHandle; |
723 | 754 |
724 content::PepperPluginInstance* plugin_instance = | 755 content::PepperPluginInstance* plugin_instance = |
725 content::PepperPluginInstance::Get(instance); | 756 content::PepperPluginInstance::Get(instance); |
726 if (!plugin_instance) | 757 if (!plugin_instance) |
727 return PP_kInvalidFileHandle; | 758 return PP_kInvalidFileHandle; |
728 // IMPORTANT: Make sure the document can request the given URL. If we don't | 759 |
729 // check, a malicious app could probe the extension system. This enforces a | 760 GURL gurl(file_url); |
730 // same-origin policy which prevents the app from requesting resources from | 761 // Important security check. Do not remove. |
731 // another app. | 762 if (!CanOpenViaFastPath(plugin_instance, gurl)) |
732 blink::WebSecurityOrigin security_origin = | |
733 plugin_instance->GetContainer()->element().document().securityOrigin(); | |
734 if (!security_origin.canRequest(gurl)) | |
735 return PP_kInvalidFileHandle; | 763 return PP_kInvalidFileHandle; |
736 | 764 |
737 IPC::PlatformFileForTransit out_fd = IPC::InvalidPlatformFileForTransit(); | 765 IPC::PlatformFileForTransit out_fd = IPC::InvalidPlatformFileForTransit(); |
738 IPC::Sender* sender = content::RenderThread::Get(); | 766 IPC::Sender* sender = content::RenderThread::Get(); |
739 DCHECK(sender); | 767 DCHECK(sender); |
740 *nonce_lo = 0; | 768 *nonce_lo = 0; |
741 *nonce_hi = 0; | 769 *nonce_hi = 0; |
742 base::FilePath file_path; | 770 base::FilePath file_path; |
743 if (!sender->Send( | 771 if (!sender->Send( |
744 new NaClHostMsg_OpenNaClExecutable(GetRoutingID(instance), | 772 new NaClHostMsg_OpenNaClExecutable(GetRoutingID(instance), |
(...skipping 906 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1651 &StreamPexe | 1679 &StreamPexe |
1652 }; | 1680 }; |
1653 | 1681 |
1654 } // namespace | 1682 } // namespace |
1655 | 1683 |
1656 const PPB_NaCl_Private* GetNaClPrivateInterface() { | 1684 const PPB_NaCl_Private* GetNaClPrivateInterface() { |
1657 return &nacl_interface; | 1685 return &nacl_interface; |
1658 } | 1686 } |
1659 | 1687 |
1660 } // namespace nacl | 1688 } // namespace nacl |
OLD | NEW |