Initialize NSS in the PPAPI process for ClearKey CDM.

BUG=156864
TEST=content_browsertests passes on linux_rel_precise.


Review URL: https://chromiumcodereview.appspot.com/11411013

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@168372 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 29 insertions, 1 deletions

diff --git a/content/ppapi_plugin/ppapi_plugin_main.cc b/content/ppapi_plugin/ppapi_plugin_main.cc
index 38875b09..63fa8e1 100644
--- a/content/ppapi_plugin/ppapi_plugin_main.cc
+++ b/content/ppapi_plugin/ppapi_plugin_main.cc
@@ -14,6 +14,7 @@
 #include "content/public/common/content_switches.h"
 #include "content/public/common/main_function_params.h"
 #include "content/public/plugin/content_plugin_client.h"
+#include "crypto/nss_util.h"
 #include "ppapi/proxy/proxy_module.h"
 #include "ui/base/ui_base_switches.h"
 
@@ -80,6 +81,12 @@ int PpapiPluginMain(const MainFunctionParams& parameters) {
   MessageLoop main_message_loop;
   base::PlatformThread::SetName("CrPPAPIMain");
 
+#if defined(OS_LINUX) && defined(USE_NSS)
+  // Some out-of-process PPAPI plugins use NSS.
+  // NSS must be initialized before enabling the sandbox below.
+  crypto::WarmUpNSSSafely();
+#endif
+
   // Allow the embedder to perform any necessary per-process initialization
   // before the sandbox is initialized.
   if (GetContentClient()->plugin())
diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc
index dac0e22..3198101 100644
--- a/crypto/nss_util.cc
+++ b/crypto/nss_util.cc
@@ -651,6 +651,17 @@ void EnsureNSPRInit() {
   g_nspr_singleton.Get();
 }
 
+void WarmUpNSSSafely() {
+  // We might fork, but we haven't loaded any security modules.
+  crypto::DisableNSSForkCheck();
+  // If we're sandboxed, we shouldn't be able to open user security modules,
+  // but it's more correct to tell NSS to not even try.
+  // Loading user security modules would have security implications.
+  crypto::ForceNSSNoDBInit();
+  // Initialize NSS.
+  crypto::EnsureNSSInit();
+}
+
 void EnsureNSSInit() {
   // Initializing SSL causes us to do blocking IO.
   // Temporarily allow it until we fix
diff --git a/crypto/nss_util.h b/crypto/nss_util.h
index 9e09d6d..25043f9 100644
--- a/crypto/nss_util.h
+++ b/crypto/nss_util.h
@@ -36,6 +36,16 @@ CRYPTO_EXPORT void EarlySetupForNSSInit();
 // thread-safe, and NSPR will only ever be initialized once.
 CRYPTO_EXPORT void EnsureNSPRInit();
 
+// Initialize NSS safely for strict sandboxing.  This function makes sure that
+// NSS is initialized safely and will have proper entropy in a restricted,
+// sandboxed environment.
+//
+// As a defense in depth measure, this function should be called in a sandboxed
+// environment to make sure NSS will not load security modules that could
+// expose private data and keys.  Make sure to get an LGTM from Security
+// if you use this.
+CRYPTO_EXPORT void WarmUpNSSSafely();
+
 // Initialize NSS if it isn't already initialized.  This must be called before
 // any other NSS functions.  This function is thread-safe, and NSS will only
 // ever be initialized once.
@@ -58,7 +68,7 @@ CRYPTO_EXPORT void EnsureNSSInit();
 // WARNING: Use this with caution.
 CRYPTO_EXPORT void ForceNSSNoDBInit();
 
-// This methods is used to disable checks in NSS when used in a forked process.
+// This method is used to disable checks in NSS when used in a forked process.
 // NSS checks whether it is running a forked process to avoid problems when
 // using user security modules in a forked process.  However if we are sure
 // there are no modules loaded before the process is forked then there is no