Index: components/nacl/renderer/ppb_nacl_private_impl.cc |
diff --git a/components/nacl/renderer/ppb_nacl_private_impl.cc b/components/nacl/renderer/ppb_nacl_private_impl.cc |
index 3c84afe5d1ee4a16187fef0b715342f5b239acf4..3e2780e6464b6db340bde7cacb57880778c366ff 100644 |
--- a/components/nacl/renderer/ppb_nacl_private_impl.cc |
+++ b/components/nacl/renderer/ppb_nacl_private_impl.cc |
@@ -89,6 +89,17 @@ bool InitializePnaclResourceHost() { |
return true; |
} |
+bool CheckSecurityOrigin(content::PepperPluginInstance* plugin_instance, |
Mark Seaborn
2015/03/04 05:07:31
If the SchemeIs("chrome-extension") check moves he
Yusuke Sato
2015/03/04 18:45:49
Done.
|
+ const GURL& gurl) { |
+ // IMPORTANT: Make sure the document can request the given URL. If we don't |
+ // check, a malicious app could probe the extension system. This enforces a |
+ // same-origin policy which prevents the app from requesting resources from |
+ // another app. |
+ blink::WebSecurityOrigin security_origin = |
+ plugin_instance->GetContainer()->element().document().securityOrigin(); |
+ return security_origin.canRequest(gurl); |
+} |
+ |
// This contains state that is produced by LaunchSelLdr() and consumed |
// by StartPpapiProxy(). |
struct InstanceInfo { |
@@ -375,7 +386,10 @@ void LaunchSelLdr(PP_Instance instance, |
int routing_id = GetRoutingID(instance); |
NexeLoadManager* load_manager = GetNexeLoadManager(instance); |
DCHECK(load_manager); |
- if (!routing_id || !load_manager) { |
+ content::PepperPluginInstance* plugin_instance = |
+ content::PepperPluginInstance::Get(instance); |
+ DCHECK(plugin_instance); |
+ if (!routing_id || !load_manager || !plugin_instance) { |
if (nexe_file_info->handle != PP_kInvalidFileHandle) { |
base::File closer(nexe_file_info->handle); |
} |
@@ -401,6 +415,24 @@ void LaunchSelLdr(PP_Instance instance, |
IPC::PlatformFileForTransit nexe_for_transit = |
IPC::InvalidPlatformFileForTransit(); |
+ |
+ std::vector<std::pair< |
+ std::string /*url*/, std::string /*key*/> > resource_files_to_prefetch; |
+ if (process_type == kNativeNaClProcessType) { |
Mark Seaborn
2015/03/04 05:07:31
This should be conditionalised on Non-SFI mode for
Yusuke Sato
2015/03/04 18:45:49
Done.
|
+ JsonManifest* manifest = GetJsonManifest(instance); |
+ if (manifest) |
+ manifest->GetPrefetchableFiles(&resource_files_to_prefetch); |
+ for (size_t i = 0; i < resource_files_to_prefetch.size(); ++i) { |
+ const GURL gurl(resource_files_to_prefetch[i].first); |
+ DCHECK(gurl.SchemeIs("chrome-extension")); |
Mark Seaborn
2015/03/04 05:07:30
I had in mind that this check would move into Chec
Yusuke Sato
2015/03/04 18:45:50
Done. Removed.
|
+ // IMPORTANT SECURITY CHECK. DO NOT REMOVE. |
Mark Seaborn
2015/03/04 05:07:31
Nit: doesn't really need caps. :-)
The caps are k
Yusuke Sato
2015/03/04 18:45:49
Done.
|
+ if (!CheckSecurityOrigin(plugin_instance, gurl)) { |
+ resource_files_to_prefetch.clear(); |
+ break; |
+ } |
+ } |
+ } |
+ |
#if defined(OS_POSIX) |
if (nexe_file_info->handle != PP_kInvalidFileHandle) |
nexe_for_transit = base::FileDescriptor(nexe_file_info->handle, true); |
@@ -418,6 +450,7 @@ void LaunchSelLdr(PP_Instance instance, |
nexe_for_transit, |
nexe_file_info->token_lo, |
nexe_file_info->token_hi, |
+ resource_files_to_prefetch, |
routing_id, |
perm_bits, |
PP_ToBool(uses_nonsfi_mode), |
@@ -725,13 +758,9 @@ PP_FileHandle OpenNaClExecutable(PP_Instance instance, |
content::PepperPluginInstance::Get(instance); |
if (!plugin_instance) |
return PP_kInvalidFileHandle; |
- // IMPORTANT: Make sure the document can request the given URL. If we don't |
- // check, a malicious app could probe the extension system. This enforces a |
- // same-origin policy which prevents the app from requesting resources from |
- // another app. |
- blink::WebSecurityOrigin security_origin = |
- plugin_instance->GetContainer()->element().document().securityOrigin(); |
- if (!security_origin.canRequest(gurl)) |
+ |
+ // IMPORTANT SECURITY CHECK. DO NOT REMOVE. |
+ if (!CheckSecurityOrigin(plugin_instance, gurl)) |
return PP_kInvalidFileHandle; |
IPC::PlatformFileForTransit out_fd = IPC::InvalidPlatformFileForTransit(); |