diff options
author | mseaborn@chromium.org <mseaborn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-17 00:47:50 +0000 |
---|---|---|
committer | mseaborn@chromium.org <mseaborn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-17 00:47:50 +0000 |
commit | e4f6eb02319b57de1c2f0d0c23cde72a486e2bfd (patch) | |
tree | 5794afb3d0b0f103fe75f0e243da2a509fc876a4 /ppapi/c | |
parent | dc976477a26ef1b7e1cd4ae455812c05759c8468 (diff) | |
download | chromium_src-e4f6eb02319b57de1c2f0d0c23cde72a486e2bfd.zip chromium_src-e4f6eb02319b57de1c2f0d0c23cde72a486e2bfd.tar.gz chromium_src-e4f6eb02319b57de1c2f0d0c23cde72a486e2bfd.tar.bz2 |
Supply Windows handle-passing function to NaCl
Pass BrokerDuplicateHandle() to the NaCl loader process in
nacl_listener.cc.
Pass BrokerDuplicateHandle() to the NaCl trusted plugin. We need to
add this to PPB_NaCl_Private in order to pass it through.
Remove the use of the "init_handle_passing" SRPC call. Otherwise the
NaCl process will attempt to do an imc_connect() to the renderer,
which involves sending a handle to it, which fails.
Add a wrapper for AddTargetPeer() to 'content' so that
nacl_process_host.cc can use it.
Change the renderer's handle-passing policy to allow sending handles
other than Sections. The NaCl trusted plugin sends other handle types
to the NaCl loader process.
This change will allow the sandbox to be tightened up, in the future,
so that the NaCl loader process and the renderer process do not have
handles to each other.
BUG=http://code.google.com/p/nativeclient/issues/detail?id=2719
TEST=nacl_integration etc.
Review URL: https://chromiumcodereview.appspot.com/10039001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@132496 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'ppapi/c')
-rw-r--r-- | ppapi/c/private/ppb_nacl_private.h | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/ppapi/c/private/ppb_nacl_private.h b/ppapi/c/private/ppb_nacl_private.h index e275a90..939f37f 100644 --- a/ppapi/c/private/ppb_nacl_private.h +++ b/ppapi/c/private/ppb_nacl_private.h @@ -1,4 +1,4 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -8,7 +8,7 @@ #include "ppapi/c/pp_resource.h" #include "ppapi/c/pp_stdint.h" -#define PPB_NACL_PRIVATE_INTERFACE "PPB_NaCl(Private);0.2" +#define PPB_NACL_PRIVATE_INTERFACE "PPB_NaCl(Private);0.3" struct PPB_NaCl_Private { // This function launches NaCl's sel_ldr process. On success, the function @@ -33,6 +33,22 @@ struct PPB_NaCl_Private { // Enables the creation of sel_ldr processes from other than the main thread. void (*EnableBackgroundSelLdrLaunch)(); + + // This is Windows-specific. This is a replacement for + // DuplicateHandle() for use inside the Windows sandbox. Note that + // we provide this via dependency injection only to avoid the + // linkage problems that occur because the NaCl plugin is built as a + // separate DLL/DSO (see + // http://code.google.com/p/chromium/issues/detail?id=114439#c8). + // We use void* rather than the Windows HANDLE type to avoid an + // #ifdef here. We use int rather than PP_Bool/bool so that this is + // usable with NaClSetBrokerDuplicateHandleFunc() without further + // wrapping. + int (*BrokerDuplicateHandle)(void* source_handle, + uint32_t process_id, + void** target_handle, + uint32_t desired_access, + uint32_t options); }; #endif // PPAPI_C_PRIVATE_PPB_NACL_PRIVATE_H_ |