NaCl Validation Caching: support incognito mode.

When the validation cache handles a query from an incognito process it:
1) checks the main cache without reordering it.
2) if 1 fails, checks a seperate "incognito" cache that is never persisted to
disk.

When the validation cache handles a set from incognito process, it routes the
set directly to the incognito cache.

The net result is that incognito can use non-incognito cache entries, and cache
entries created in incognito mode are only usable by incognito within a single
browser session.

BUG= http://code.google.com/p/nativeclient/issues/detail?id=2515
TEST= Run nexe in browser with NACL_VALIDATION_CACHE=1


Review URL: https://chromiumcodereview.appspot.com/10446047

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@139481 0039d316-1c4b-4281-b951-d872f2087c98

9 files changed, 73 insertions, 34 deletions

diff --git a/chrome/browser/nacl_host/nacl_browser.cc b/chrome/browser/nacl_host/nacl_browser.cc
index e2c0d49..a237480 100644
--- a/chrome/browser/nacl_host/nacl_browser.cc
+++ b/chrome/browser/nacl_host/nacl_browser.cc
@@ -275,20 +275,32 @@ const FilePath& NaClBrowser::GetIrtFilePath() {
   return irt_filepath_;
 }
 
-bool NaClBrowser::QueryKnownToValidate(const std::string& signature) {
-  bool result = validation_cache_.QueryKnownToValidate(signature);
-  LogCacheQuery(result ? CACHE_HIT : CACHE_MISS);
-  // Queries can modify the MRU order of the cache.
-  MarkValidationCacheAsModified();
-  return result;
+bool NaClBrowser::QueryKnownToValidate(const std::string& signature,
+                                       bool off_the_record) {
+  if (off_the_record) {
+    // If we're off the record, don't reorder the main cache.
+    return validation_cache_.QueryKnownToValidate(signature, false) ||
+        off_the_record_validation_cache_.QueryKnownToValidate(signature, true);
+  } else {
+    bool result = validation_cache_.QueryKnownToValidate(signature, true);
+    LogCacheQuery(result ? CACHE_HIT : CACHE_MISS);
+    // Queries can modify the MRU order of the cache.
+    MarkValidationCacheAsModified();
+    return result;
+  }
 }
 
-void NaClBrowser::SetKnownToValidate(const std::string& signature) {
-  validation_cache_.SetKnownToValidate(signature);
-  // The number of sets should be equal to the number of cache misses, minus
-  // validation failures and successful validations where stubout occurs.
-  LogCacheSet(CACHE_HIT);
-  MarkValidationCacheAsModified();
+void NaClBrowser::SetKnownToValidate(const std::string& signature,
+                                     bool off_the_record) {
+  if (off_the_record) {
+    off_the_record_validation_cache_.SetKnownToValidate(signature);
+  } else {
+    validation_cache_.SetKnownToValidate(signature);
+    // The number of sets should be equal to the number of cache misses, minus
+    // validation failures and successful validations where stubout occurs.
+    LogCacheSet(CACHE_HIT);
+    MarkValidationCacheAsModified();
+  }
 }
 
 void NaClBrowser::MarkValidationCacheAsModified() {
diff --git a/chrome/browser/nacl_host/nacl_browser.h b/chrome/browser/nacl_host/nacl_browser.h
index 96b63c4..f90e542 100644
--- a/chrome/browser/nacl_host/nacl_browser.h
+++ b/chrome/browser/nacl_host/nacl_browser.h
@@ -52,8 +52,8 @@ class NaClBrowser {
     return validation_cache_.GetValidationCacheKey();
   }
 
-  bool QueryKnownToValidate(const std::string& signature);
-  void SetKnownToValidate(const std::string& signature);
+  bool QueryKnownToValidate(const std::string& signature, bool off_the_record);
+  void SetKnownToValidate(const std::string& signature, bool off_the_record);
 
  private:
   friend struct DefaultSingletonTraits<NaClBrowser>;
@@ -95,6 +95,7 @@ class NaClBrowser {
   NaClResourceState irt_state_;
 
   NaClValidationCache validation_cache_;
+  NaClValidationCache off_the_record_validation_cache_;
   FilePath validation_cache_file_path_;
   bool validation_cache_is_enabled_;
   bool validation_cache_is_modified_;
diff --git a/chrome/browser/nacl_host/nacl_process_host.cc b/chrome/browser/nacl_host/nacl_process_host.cc
index b5aa055..bd4449a 100644
--- a/chrome/browser/nacl_host/nacl_process_host.cc
+++ b/chrome/browser/nacl_host/nacl_process_host.cc
@@ -114,7 +114,7 @@ struct NaClProcessHost::NaClInternal {
 
 // -----------------------------------------------------------------------------
 
-NaClProcessHost::NaClProcessHost(const GURL& manifest_url)
+NaClProcessHost::NaClProcessHost(const GURL& manifest_url, bool off_the_record)
     : manifest_url_(manifest_url),
 #if defined(OS_WIN)
       process_launched_by_broker_(false),
@@ -127,7 +127,8 @@ NaClProcessHost::NaClProcessHost(const GURL& manifest_url)
 #endif
       internal_(new NaClInternal()),
       ALLOW_THIS_IN_INITIALIZER_LIST(weak_factory_(this)),
-      enable_exception_handling_(false) {
+      enable_exception_handling_(false),
+      off_the_record_(off_the_record) {
   process_.reset(content::BrowserChildProcessHost::Create(
       content::PROCESS_TYPE_NACL_LOADER, this));
 
@@ -683,11 +684,11 @@ bool NaClProcessHost::StartWithLaunchedProcess() {
 void NaClProcessHost::OnQueryKnownToValidate(const std::string& signature,
                                              bool* result) {
   NaClBrowser* nacl_browser = NaClBrowser::GetInstance();
-  *result = nacl_browser->QueryKnownToValidate(signature);
+  *result = nacl_browser->QueryKnownToValidate(signature, off_the_record_);
 }
 
 void NaClProcessHost::OnSetKnownToValidate(const std::string& signature) {
-  NaClBrowser::GetInstance()->SetKnownToValidate(signature);
+  NaClBrowser::GetInstance()->SetKnownToValidate(signature, off_the_record_);
 }
 
 #if defined(OS_WIN)
diff --git a/chrome/browser/nacl_host/nacl_process_host.h b/chrome/browser/nacl_host/nacl_process_host.h
index b134370..4ab9413a 100644
--- a/chrome/browser/nacl_host/nacl_process_host.h
+++ b/chrome/browser/nacl_host/nacl_process_host.h
@@ -34,9 +34,10 @@ class BrowserChildProcessHost;
 // running in the renderer and NaCl processes.
 class NaClProcessHost : public content::BrowserChildProcessHostDelegate {
  public:
-  // The argument is the URL of the manifest of the Native Client plugin being
+  // manifest_url: the URL of the manifest of the Native Client plugin being
   // executed.
-  explicit NaClProcessHost(const GURL& manifest_url);
+  // off_the_record: was the process launched from an incognito renderer?
+  NaClProcessHost(const GURL& manifest_url, bool off_the_record);
   virtual ~NaClProcessHost();
 
   // Do any minimal work that must be done at browser startup.
@@ -149,6 +150,8 @@ class NaClProcessHost : public content::BrowserChildProcessHostDelegate {
 
   bool enable_exception_handling_;
 
+  bool off_the_record_;
+
   DISALLOW_COPY_AND_ASSIGN(NaClProcessHost);
 };
 
diff --git a/chrome/browser/nacl_host/nacl_validation_cache.cc b/chrome/browser/nacl_host/nacl_validation_cache.cc
index 669fe94..d2abfc8b 100644
--- a/chrome/browser/nacl_host/nacl_validation_cache.cc
+++ b/chrome/browser/nacl_host/nacl_validation_cache.cc
@@ -32,9 +32,15 @@ NaClValidationCache::~NaClValidationCache() {
   // Make clang's style checking happy by adding a destructor.
 }
 
-bool NaClValidationCache::QueryKnownToValidate(const std::string& signature) {
+bool NaClValidationCache::QueryKnownToValidate(const std::string& signature,
+                                               bool reorder) {
   if (signature.length() == kValidationCacheEntrySize) {
-    ValidationCacheType::iterator iter = validation_cache_.Get(signature);
+    ValidationCacheType::iterator iter;
+    if (reorder) {
+      iter = validation_cache_.Get(signature);
+    } else {
+      iter = validation_cache_.Peek(signature);
+    }
     if (iter != validation_cache_.end()) {
       return iter->second;
     }
diff --git a/chrome/browser/nacl_host/nacl_validation_cache.h b/chrome/browser/nacl_host/nacl_validation_cache.h
index bdcb217..3c55464 100644
--- a/chrome/browser/nacl_host/nacl_validation_cache.h
+++ b/chrome/browser/nacl_host/nacl_validation_cache.h
@@ -22,7 +22,7 @@ class NaClValidationCache {
   }
 
   // Is the validation signature in the database?
-  bool QueryKnownToValidate(const std::string& signature);
+  bool QueryKnownToValidate(const std::string& signature, bool reorder);
 
   // Put the validation signature in the database.
   void SetKnownToValidate(const std::string& signature);
diff --git a/chrome/browser/nacl_host/nacl_validation_cache_unittest.cc b/chrome/browser/nacl_host/nacl_validation_cache_unittest.cc
index 42c9653..2b1cdd6 100644
--- a/chrome/browser/nacl_host/nacl_validation_cache_unittest.cc
+++ b/chrome/browser/nacl_host/nacl_validation_cache_unittest.cc
@@ -39,37 +39,37 @@ class NaClValidationCacheTest : public ::testing::Test {
 
 TEST_F(NaClValidationCacheTest, Sanity) {
   ASSERT_EQ(0, (int) cache1.size());
-  ASSERT_FALSE(cache1.QueryKnownToValidate(sig1));
-  ASSERT_FALSE(cache1.QueryKnownToValidate(sig2));
+  ASSERT_FALSE(cache1.QueryKnownToValidate(sig1, true));
+  ASSERT_FALSE(cache1.QueryKnownToValidate(sig2, true));
 }
 
 TEST_F(NaClValidationCacheTest, Sig1) {
   cache1.SetKnownToValidate(sig1);
   ASSERT_EQ(1, (int) cache1.size());
-  ASSERT_TRUE(cache1.QueryKnownToValidate(sig1));
-  ASSERT_FALSE(cache1.QueryKnownToValidate(sig2));
+  ASSERT_TRUE(cache1.QueryKnownToValidate(sig1, true));
+  ASSERT_FALSE(cache1.QueryKnownToValidate(sig2, true));
 }
 
 TEST_F(NaClValidationCacheTest, Sig2) {
   cache1.SetKnownToValidate(sig2);
   ASSERT_EQ(1, (int) cache1.size());
-  ASSERT_FALSE(cache1.QueryKnownToValidate(sig1));
-  ASSERT_TRUE(cache1.QueryKnownToValidate(sig2));
+  ASSERT_FALSE(cache1.QueryKnownToValidate(sig1, true));
+  ASSERT_TRUE(cache1.QueryKnownToValidate(sig2, true));
 }
 
 TEST_F(NaClValidationCacheTest, SigBoth) {
   cache1.SetKnownToValidate(sig1);
   cache1.SetKnownToValidate(sig2);
   ASSERT_EQ(2, (int) cache1.size());
-  ASSERT_TRUE(cache1.QueryKnownToValidate(sig1));
-  ASSERT_TRUE(cache1.QueryKnownToValidate(sig2));
+  ASSERT_TRUE(cache1.QueryKnownToValidate(sig1, true));
+  ASSERT_TRUE(cache1.QueryKnownToValidate(sig2, true));
 }
 
 TEST_F(NaClValidationCacheTest, DoubleSet) {
   cache1.SetKnownToValidate(sig1);
   cache1.SetKnownToValidate(sig1);
   ASSERT_EQ(1, (int) cache1.size());
-  ASSERT_TRUE(cache1.QueryKnownToValidate(sig1));
+  ASSERT_TRUE(cache1.QueryKnownToValidate(sig1, true));
 }
 
 TEST_F(NaClValidationCacheTest, EmptyIdentical) {
@@ -115,7 +115,7 @@ TEST_F(NaClValidationCacheTest, InOrderIdentical) {
   ASSERT_TRUE(IsIdentical(cache1, cache2));
 }
 
-TEST_F(NaClValidationCacheTest, OutOfOrderNotIdentical) {
+TEST_F(NaClValidationCacheTest, QueryReorders) {
   cache1.SetKnownToValidate(sig1);
   cache1.SetKnownToValidate(sig2);
 
@@ -123,6 +123,19 @@ TEST_F(NaClValidationCacheTest, OutOfOrderNotIdentical) {
   cache2.SetKnownToValidate(sig1);
 
   ASSERT_FALSE(IsIdentical(cache1, cache2));
+  cache2.QueryKnownToValidate(sig2, true);
+  ASSERT_TRUE(IsIdentical(cache1, cache2));
+}
+
+TEST_F(NaClValidationCacheTest, ForceNoReorder) {
+  cache1.SetKnownToValidate(sig1);
+  cache1.SetKnownToValidate(sig2);
+
+  cache2.SetKnownToValidate(sig2);
+  cache2.SetKnownToValidate(sig1);
+
+  cache2.QueryKnownToValidate(sig2, false);
+  ASSERT_FALSE(IsIdentical(cache1, cache2));
 }
 
 TEST_F(NaClValidationCacheTest, SerializeDeserialize) {
diff --git a/chrome/browser/renderer_host/chrome_render_message_filter.cc b/chrome/browser/renderer_host/chrome_render_message_filter.cc
index 8a9d16c..722fb1b 100644
--- a/chrome/browser/renderer_host/chrome_render_message_filter.cc
+++ b/chrome/browser/renderer_host/chrome_render_message_filter.cc
@@ -55,6 +55,7 @@ ChromeRenderMessageFilter::ChromeRenderMessageFilter(
     net::URLRequestContextGetter* request_context)
     : render_process_id_(render_process_id),
       profile_(profile),
+      off_the_record_(profile_->IsOffTheRecord()),
       request_context_(request_context),
       extension_info_map_(ExtensionSystem::Get(profile)->info_map()),
       cookie_settings_(CookieSettings::Factory::GetForProfile(profile)),
@@ -157,7 +158,7 @@ void ChromeRenderMessageFilter::OverrideThreadForMessage(
 void ChromeRenderMessageFilter::OnLaunchNaCl(const GURL& manifest_url,
                                              int socket_count,
                                              IPC::Message* reply_msg) {
-  NaClProcessHost* host = new NaClProcessHost(manifest_url);
+  NaClProcessHost* host = new NaClProcessHost(manifest_url, off_the_record_);
   host->Launch(this, socket_count, reply_msg, extension_info_map_);
 }
 #endif
diff --git a/chrome/browser/renderer_host/chrome_render_message_filter.h b/chrome/browser/renderer_host/chrome_render_message_filter.h
index 0dfb1df..5f5db95 100644
--- a/chrome/browser/renderer_host/chrome_render_message_filter.h
+++ b/chrome/browser/renderer_host/chrome_render_message_filter.h
@@ -165,6 +165,8 @@ class ChromeRenderMessageFilter : public content::BrowserMessageFilter {
   // The Profile associated with our renderer process.  This should only be
   // accessed on the UI thread!
   Profile* profile_;
+  // Copied from the profile so that it can be read on the IO thread.
+  bool off_the_record_;
   scoped_refptr<net::URLRequestContextGetter> request_context_;
   scoped_refptr<ExtensionInfoMap> extension_info_map_;
   // Used to look up permissions at database creation time.