diff options
| author | dspringer@google.com <dspringer@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-08 22:35:38 +0000 |
|---|---|---|
| committer | dspringer@google.com <dspringer@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-08 22:35:38 +0000 |
| commit | ada848b1ae7e1ac9bcf19adf66d457b61edecd1a (patch) | |
| tree | 9ca00d98dda446acf8e913bb3363f89a77f24f0e /chrome/renderer | |
| parent | 4381198d840e71ee89d8d27b22dcad8fa4863e6a (diff) | |
| download | chromium_src-ada848b1ae7e1ac9bcf19adf66d457b61edecd1a.zip chromium_src-ada848b1ae7e1ac9bcf19adf66d457b61edecd1a.tar.gz chromium_src-ada848b1ae7e1ac9bcf19adf66d457b61edecd1a.tar.bz2 | |
Fix Pepper2D on the Mac so that it runs in the sandbox. Note that trusted
plugins still have to run outside of the sandbox (this is not a regression).
This CL allows untrusted Pepper 2D plugins to run in the sandbox on the Mac.
BUG=40701
TEST=pepper_test_plugin (has to run w/ --no-sandbox on Mac), run any untrusted
.nexe that uses Pepper 2D or 3D (examples are inthe NaCl SDK).
Review URL: http://codereview.chromium.org/1558032
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@44016 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/renderer')
| -rw-r--r-- | chrome/renderer/pepper_devices.cc | 30 | ||||
| -rw-r--r-- | chrome/renderer/render_process.cc | 4 | ||||
| -rw-r--r-- | chrome/renderer/render_process_impl.cc | 4 | ||||
| -rw-r--r-- | chrome/renderer/render_view.cc | 2 | ||||
| -rw-r--r-- | chrome/renderer/webplugin_delegate_proxy.cc | 2 |
5 files changed, 24 insertions, 18 deletions
diff --git a/chrome/renderer/pepper_devices.cc b/chrome/renderer/pepper_devices.cc index 72027eb..12e34d1 100644 --- a/chrome/renderer/pepper_devices.cc +++ b/chrome/renderer/pepper_devices.cc @@ -3,6 +3,7 @@ // found in the LICENSE file. #include "chrome/renderer/pepper_devices.h" +#include "chrome/renderer/render_thread.h" #include "chrome/renderer/webplugin_delegate_pepper.h" #include "skia/ext/platform_canvas.h" #include "webkit/glue/plugins/plugin_instance.h" @@ -30,19 +31,24 @@ NPError Graphics2DDeviceContext::Initialize( // Allocate the transport DIB and the PlatformCanvas pointing to it. #if defined(OS_MACOSX) - // On the Mac, there is no clean way to create a TransportDIB::Handle and - // then Map() it. Using TransportDIB::Create() followed by - // TransportDIB::Map() will leak a TransportDIB object (you can't Create() - // then Map(), then delete because the file descriptor used by the underlying - // shared memory object gets closed.) Work around this issue by creating - // a SharedMemory object then pass that into TransportDIB::Map(). - scoped_ptr<base::SharedMemory> shared_memory(new base::SharedMemory()); - if (!shared_memory->Create(L"", false /* read write */, - false /* do not open existing */, buffer_size)) { - return NPERR_OUT_OF_MEMORY_ERROR; - } + // On the Mac, shared memory has to be created in the browser in order to + // work in the sandbox. Do this by sending a message to the browser + // requesting a TransportDIB (see also + // chrome/renderer/webplugin_delegate_proxy.cc, method + // WebPluginDelegateProxy::CreateBitmap() for similar code). Note that the + // TransportDIB is _not_ cached in the browser; this is because this memory + // gets flushed by the renderer into another TransportDIB that represents the + // page, which is then in turn flushed to the screen by the browser process. + // When |transport_dib_| goes out of scope in the dtor, all of its shared + // memory gets reclaimed. TransportDIB::Handle dib_handle; - shared_memory->GiveToProcess(0 /* pid, not needed */, &dib_handle); + IPC::Message* msg = new ViewHostMsg_AllocTransportDIB(buffer_size, + false, + &dib_handle); + if (!RenderThread::current()->Send(msg)) + return NPERR_GENERIC_ERROR; + if (!TransportDIB::is_valid(dib_handle)) + return NPERR_OUT_OF_MEMORY_ERROR; transport_dib_.reset(TransportDIB::Map(dib_handle)); #else transport_dib_.reset(TransportDIB::Create(buffer_size, ++next_buffer_id_)); diff --git a/chrome/renderer/render_process.cc b/chrome/renderer/render_process.cc index 07e642e..85c374e 100644 --- a/chrome/renderer/render_process.cc +++ b/chrome/renderer/render_process.cc @@ -171,9 +171,9 @@ TransportDIB* RenderProcess::CreateTransportDIB(size_t size) { return TransportDIB::Create(size, sequence_number_++); #elif defined(OS_MACOSX) // defined(OS_WIN) || defined(OS_LINUX) // Mac creates transport DIBs in the browser, so we need to do a sync IPC to - // get one. + // get one. The TransportDIB is cached in the browser. TransportDIB::Handle handle; - IPC::Message* msg = new ViewHostMsg_AllocTransportDIB(size, &handle); + IPC::Message* msg = new ViewHostMsg_AllocTransportDIB(size, true, &handle); if (!main_thread()->Send(msg)) return NULL; if (handle.fd < 0) diff --git a/chrome/renderer/render_process_impl.cc b/chrome/renderer/render_process_impl.cc index 5b4c383..e82fed9c 100644 --- a/chrome/renderer/render_process_impl.cc +++ b/chrome/renderer/render_process_impl.cc @@ -192,9 +192,9 @@ TransportDIB* RenderProcessImpl::CreateTransportDIB(size_t size) { return TransportDIB::Create(size, transport_dib_next_sequence_number_++); #elif defined(OS_MACOSX) // defined(OS_WIN) || defined(OS_LINUX) // Mac creates transport DIBs in the browser, so we need to do a sync IPC to - // get one. + // get one. The TransportDIB is cached in the browser. TransportDIB::Handle handle; - IPC::Message* msg = new ViewHostMsg_AllocTransportDIB(size, &handle); + IPC::Message* msg = new ViewHostMsg_AllocTransportDIB(size, true, &handle); if (!main_thread()->Send(msg)) return NULL; if (handle.fd < 0) diff --git a/chrome/renderer/render_view.cc b/chrome/renderer/render_view.cc index ba8c80f..c1025ab37 100644 --- a/chrome/renderer/render_view.cc +++ b/chrome/renderer/render_view.cc @@ -4874,7 +4874,7 @@ TransportDIB::Handle RenderView::AcceleratedSurfaceAllocTransportDIB( size_t size) { TransportDIB::Handle dib_handle; // Assume this is a synchronous RPC. - if (Send(new ViewHostMsg_AllocTransportDIB(size, &dib_handle))) + if (Send(new ViewHostMsg_AllocTransportDIB(size, true, &dib_handle))) return dib_handle; // Return an invalid handle if Send() fails. return TransportDIB::DefaultHandleValue(); diff --git a/chrome/renderer/webplugin_delegate_proxy.cc b/chrome/renderer/webplugin_delegate_proxy.cc index fbadb86..2d27522 100644 --- a/chrome/renderer/webplugin_delegate_proxy.cc +++ b/chrome/renderer/webplugin_delegate_proxy.cc @@ -617,7 +617,7 @@ bool WebPluginDelegateProxy::CreateBitmap( #endif #if defined(OS_MACOSX) TransportDIB::Handle handle; - IPC::Message* msg = new ViewHostMsg_AllocTransportDIB(size, &handle); + IPC::Message* msg = new ViewHostMsg_AllocTransportDIB(size, true, &handle); if (!RenderThread::current()->Send(msg)) return false; if (handle.fd < 0) |