diff options
| author | bbudge@chromium.org <bbudge@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-12-28 02:17:38 +0000 |
|---|---|---|
| committer | bbudge@chromium.org <bbudge@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-12-28 02:17:38 +0000 |
| commit | 2e9903c857ee69a3f8e4d1dfea961ff6fafe7ba3 (patch) | |
| tree | e9ecf46fce22eed8383fd03c4339e840ddf7746c /ppapi/ppapi_tests.gypi | |
| parent | 0ab279ae9dc3c5f24a00c2365fc3e3507c92bce4 (diff) | |
| download | chromium_src-2e9903c857ee69a3f8e4d1dfea961ff6fafe7ba3.zip chromium_src-2e9903c857ee69a3f8e4d1dfea961ff6fafe7ba3.tar.gz chromium_src-2e9903c857ee69a3f8e4d1dfea961ff6fafe7ba3.tar.bz2 | |
Do PPB_FileIO Write on the plugin side.
This eliminates IPC for FileIO.Write, instead using the plugin's file descriptor.
Performs the file op on the plugin's thread if blocking, otherwise on the file
thread.
FileIOResources know their maximum written offset after they are opened.
They can thus calculate whether a Write or SetLength operation will extend
this max offset. If so, they call FileSystemResource::RequestQuota. This can
return synchronously or asynchronously, and either returns the requested
amount or 0 in case it can't be satisfied.
FileSystemResource will request a quota reservation from the host, queuing
up unsatisfied requests. The quota reservation will be at least 1MB with this
CL. The main point of a quota reservation is to reduce the number of times
we query the quota system.
Both the FileSystemResource and the host maintain a collection of open files
that are subject to quota. These are kept in sync. Maps that take PP_Resource
to resource or host are used to ensure good performance and make it easier
to keep the resource and host collections synced.
SetLength uses the plugin side machinery to request quota. When its request
is granted, it calls over to the host side as before. This is because of OS X
sandbox restrictions.
For trusted plugins, I assume that this plugin / host checking is sufficient. In
particular, SetLength is performed in the browser process without checking
the length against quota restrictions. We're essentially assuming trusted
plugins don't cheat.
For untrusted plugins, this approach isn't sufficient. NaClMessageScanner
audits the FIleSystem and FileIO message traffic to maintain a parallel
accounting of quota reservation and current file sizes. In addition, we wrap
the native file handle in a NaClDescQuota for files that need quota checking.
This NaClDescQuota uses NaClMessageScanner information to determine
whether or not to allow a Write. We must check at the descriptor level since
the untrusted plugin may bypass our proxy code and use the file handle
directly to Write. We must also fail any attempt to call ftruncate directly.
BUG=194304
Review URL: https://codereview.chromium.org/100703004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@242659 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'ppapi/ppapi_tests.gypi')
| -rw-r--r-- | ppapi/ppapi_tests.gypi | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ppapi/ppapi_tests.gypi b/ppapi/ppapi_tests.gypi index 0b4570a..9a4dd52 100644 --- a/ppapi/ppapi_tests.gypi +++ b/ppapi/ppapi_tests.gypi @@ -174,6 +174,7 @@ 'proxy/interface_list_unittest.cc', 'proxy/mock_resource.cc', 'proxy/mock_resource.h', + 'proxy/nacl_message_scanner_unittest.cc', 'proxy/pdf_resource_unittest.cc', 'proxy/plugin_dispatcher_unittest.cc', 'proxy/plugin_resource_tracker_unittest.cc', @@ -207,7 +208,7 @@ }], ], # TODO(jschuh): crbug.com/167187 fix size_t to int truncations. - 'msvs_disabled_warnings': [ 4267, ], + 'msvs_disabled_warnings': [ 4267, ], }, { 'target_name': 'ppapi_example_skeleton', |