summaryrefslogtreecommitdiffstats
path: root/ppapi
diff options
context:
space:
mode:
authorjvoung@google.com <jvoung@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2012-01-31 20:59:52 +0000
committerjvoung@google.com <jvoung@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2012-01-31 20:59:52 +0000
commitbd68281ba08cc627fc1e33273cb2d77f20a454f8 (patch)
tree7cfea0eb278d0bd727ad03fe18cae047d3346431 /ppapi
parenta1a1694e0cbe5b670e5993ada823333c8b9ee1d5 (diff)
downloadchromium_src-bd68281ba08cc627fc1e33273cb2d77f20a454f8.zip
chromium_src-bd68281ba08cc627fc1e33273cb2d77f20a454f8.tar.gz
chromium_src-bd68281ba08cc627fc1e33273cb2d77f20a454f8.tar.bz2
Use CORS for fetching NaCl resources from extensions.
Undoes some changes done to allow PNaCl to read its own files from an extension: http://codereview.chromium.org/8974020/ R=bbudge@chromium.org,sehr@google.com,jorgelo@google.com BUG=108131 TEST= extension_mime_handler test Review URL: http://codereview.chromium.org/9159037 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@119953 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'ppapi')
-rw-r--r--ppapi/native_client/src/shared/ppapi_proxy/browser_nacl_file_rpc_server.cc4
-rw-r--r--ppapi/native_client/src/trusted/plugin/file_downloader.cc21
-rw-r--r--ppapi/native_client/src/trusted/plugin/file_downloader.h3
-rw-r--r--ppapi/native_client/src/trusted/plugin/json_manifest.cc20
-rw-r--r--ppapi/native_client/src/trusted/plugin/json_manifest.h2
-rw-r--r--ppapi/native_client/src/trusted/plugin/manifest.h2
-rw-r--r--ppapi/native_client/src/trusted/plugin/plugin.cc11
-rw-r--r--ppapi/native_client/src/trusted/plugin/plugin.h5
-rw-r--r--ppapi/native_client/src/trusted/plugin/pnacl_coordinator.cc24
-rw-r--r--ppapi/native_client/src/trusted/plugin/pnacl_resources.cc5
-rw-r--r--ppapi/native_client/src/trusted/plugin/service_runtime.cc4
-rw-r--r--ppapi/native_client/tests/ppapi_browser/extension_mime_handler/manifest.json4
12 files changed, 30 insertions, 75 deletions
diff --git a/ppapi/native_client/src/shared/ppapi_proxy/browser_nacl_file_rpc_server.cc b/ppapi/native_client/src/shared/ppapi_proxy/browser_nacl_file_rpc_server.cc
index 07dd318..9923273 100644
--- a/ppapi/native_client/src/shared/ppapi_proxy/browser_nacl_file_rpc_server.cc
+++ b/ppapi/native_client/src/shared/ppapi_proxy/browser_nacl_file_rpc_server.cc
@@ -37,9 +37,7 @@ void NaClFileRpcServer::StreamAsFile(
plugin::Plugin* plugin = LookupBrowserPppForInstance(instance)->plugin();
// Will always call the callback on success or failure.
- bool success = plugin->StreamAsFile(url,
- false, // Don't allow extension access.
- remote_callback);
+ bool success = plugin->StreamAsFile(url, remote_callback);
DebugPrintf("NaClFile::StreamAsFile: success=%d\n", success);
rpc->result = NACL_SRPC_RESULT_OK;
diff --git a/ppapi/native_client/src/trusted/plugin/file_downloader.cc b/ppapi/native_client/src/trusted/plugin/file_downloader.cc
index 576f496..8b73697 100644
--- a/ppapi/native_client/src/trusted/plugin/file_downloader.cc
+++ b/ppapi/native_client/src/trusted/plugin/file_downloader.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -43,11 +43,9 @@ void FileDownloader::Initialize(Plugin* instance) {
bool FileDownloader::Open(
const nacl::string& url,
DownloadFlags flags,
- bool allow_extension_url,
const pp::CompletionCallback& callback,
PP_URLLoaderTrusted_StatusCallback progress_callback) {
- PLUGIN_PRINTF(("FileDownloader::Open (url=%s, allow_extension_url=%d)\n",
- url.c_str(), allow_extension_url));
+ PLUGIN_PRINTF(("FileDownloader::Open (url=%s)\n", url.c_str()));
if (callback.pp_completion_callback().func == NULL ||
instance_ == NULL ||
file_io_trusted_interface_ == NULL)
@@ -70,14 +68,14 @@ bool FileDownloader::Open(
url_scheme_ = instance_->GetUrlScheme(url);
bool grant_universal_access = false;
if (url_scheme_ == SCHEME_CHROME_EXTENSION) {
- if (allow_extension_url) {
- // This NEXE has been granted rights to access URLs in the chrome
- // extension scheme.
- grant_universal_access = true;
- }
+ // Use CORS to access URLs in the chrome extension scheme. If the files
+ // are truly restricted, then they should not be listed as a
+ // web_accessible_resource in the extension manifest.
+ url_request.SetAllowCrossOriginRequests(true);
} else if (url_scheme_ == SCHEME_DATA) {
// TODO(elijahtaylor) Remove this when data URIs can be read without
// universal access.
+ // https://bugs.webkit.org/show_bug.cgi?id=17352
if (streaming_to_buffer()) {
grant_universal_access = true;
} else {
@@ -92,9 +90,8 @@ bool FileDownloader::Open(
if (url_loader_trusted_interface_ != NULL) {
if (grant_universal_access) {
- // TODO(sehr,jvoung): this should use
- // pp::URLRequestInfo::SetAllowCrossOriginRequests() when
- // support for web accessible resources is added to extensions.
+ // TODO(sehr,jvoung): See if we can remove this -- currently
+ // only used for data URIs.
url_loader_trusted_interface_->GrantUniversalAccess(
url_loader_.pp_resource());
}
diff --git a/ppapi/native_client/src/trusted/plugin/file_downloader.h b/ppapi/native_client/src/trusted/plugin/file_downloader.h
index 399db7a..44617a7 100644
--- a/ppapi/native_client/src/trusted/plugin/file_downloader.h
+++ b/ppapi/native_client/src/trusted/plugin/file_downloader.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -57,7 +57,6 @@ class FileDownloader {
// update received by the loader.
bool Open(const nacl::string& url,
DownloadFlags flags,
- bool allow_extension_url,
const pp::CompletionCallback& callback,
PP_URLLoaderTrusted_StatusCallback progress_callback);
diff --git a/ppapi/native_client/src/trusted/plugin/json_manifest.cc b/ppapi/native_client/src/trusted/plugin/json_manifest.cc
index 1c0e981..3f09233 100644
--- a/ppapi/native_client/src/trusted/plugin/json_manifest.cc
+++ b/ppapi/native_client/src/trusted/plugin/json_manifest.cc
@@ -196,7 +196,6 @@ bool GetKeyUrl(const Json::Value& dictionary,
const nacl::string& sandbox_isa,
const Manifest* manifest,
nacl::string* full_url,
- bool* permit_extension_url,
ErrorInfo* error_info,
bool* is_portable) {
CHECK(full_url != NULL && error_info != NULL);
@@ -210,14 +209,12 @@ bool GetKeyUrl(const Json::Value& dictionary,
if (isa_dict.isMember(sandbox_isa)) {
nacl::string relative_url = isa_dict[sandbox_isa][kUrlKey].asString();
*is_portable = false;
- return manifest->ResolveURL(relative_url, full_url, permit_extension_url,
- error_info);
+ return manifest->ResolveURL(relative_url, full_url, error_info);
}
if (isa_dict.isMember(kPortableKey)) {
nacl::string relative_url = isa_dict[kPortableKey][kUrlKey].asString();
*is_portable = true;
- return manifest->ResolveURL(relative_url, full_url, permit_extension_url,
- error_info);
+ return manifest->ResolveURL(relative_url, full_url, error_info);
}
error_info->SetReport(ERROR_MANIFEST_RESOLVE_URL,
"neither ISA-specific nor portable representations"
@@ -330,10 +327,7 @@ bool JsonManifest::MatchesSchema(ErrorInfo* error_info) {
bool JsonManifest::ResolveURL(const nacl::string& relative_url,
nacl::string* full_url,
- bool* permit_extension_url,
ErrorInfo* error_info) const {
- // JSON manifests cannot confer extension access rights.
- *permit_extension_url = false;
// The contents of the manifest are resolved relative to the manifest URL.
CHECK(url_util_ != NULL);
pp::Var resolved_url =
@@ -374,10 +368,7 @@ bool JsonManifest::GetProgramURL(nacl::string* full_url,
return false;
}
- // The program URL must be in the current origin.
- bool dummy_permit_extension_url;
- return ResolveURL(nexe_url, full_url, &dummy_permit_extension_url,
- error_info);
+ return ResolveURL(nexe_url, full_url, error_info);
}
bool JsonManifest::GetFileKeys(std::set<nacl::string>* keys) const {
@@ -396,7 +387,6 @@ bool JsonManifest::GetFileKeys(std::set<nacl::string>* keys) const {
bool JsonManifest::ResolveKey(const nacl::string& key,
nacl::string* full_url,
- bool* permit_extension_url,
ErrorInfo* error_info,
bool* is_portable) const {
NaClLog(3, "JsonManifest::ResolveKey(%s)\n", key.c_str());
@@ -405,7 +395,7 @@ bool JsonManifest::ResolveKey(const nacl::string& key,
*full_url = "";
if (key == kProgramKey) {
return GetKeyUrl(dictionary_, key, sandbox_isa_, this, full_url,
- permit_extension_url, error_info, is_portable);
+ error_info, is_portable);
}
nacl::string::const_iterator p = find(key.begin(), key.end(), '/');
if (p == key.end()) {
@@ -442,7 +432,7 @@ bool JsonManifest::ResolveKey(const nacl::string& key,
return false;
}
return GetKeyUrl(files, rest, sandbox_isa_, this, full_url,
- permit_extension_url, error_info, is_portable);
+ error_info, is_portable);
}
} // namespace plugin
diff --git a/ppapi/native_client/src/trusted/plugin/json_manifest.h b/ppapi/native_client/src/trusted/plugin/json_manifest.h
index 71b435d..aa8799e 100644
--- a/ppapi/native_client/src/trusted/plugin/json_manifest.h
+++ b/ppapi/native_client/src/trusted/plugin/json_manifest.h
@@ -53,7 +53,6 @@ class JsonManifest : public Manifest {
// Resolves a URL relative to the manifest base URL
virtual bool ResolveURL(const nacl::string& relative_url,
nacl::string* full_url,
- bool* permit_extension_url,
ErrorInfo* error_info) const;
// Gets the file names from the "files" section of the manifest. No
@@ -70,7 +69,6 @@ class JsonManifest : public Manifest {
// representation or an ISA-specific version of the file.
virtual bool ResolveKey(const nacl::string& key,
nacl::string* full_url,
- bool* permit_extension_url,
ErrorInfo* error_info,
bool* is_portable) const;
diff --git a/ppapi/native_client/src/trusted/plugin/manifest.h b/ppapi/native_client/src/trusted/plugin/manifest.h
index 0ed7730..77b3db3 100644
--- a/ppapi/native_client/src/trusted/plugin/manifest.h
+++ b/ppapi/native_client/src/trusted/plugin/manifest.h
@@ -47,7 +47,6 @@ class Manifest {
// Resolves a URL relative to the manifest base URL
virtual bool ResolveURL(const nacl::string& relative_url,
nacl::string* full_url,
- bool* permit_extension_url,
ErrorInfo* error_info) const = 0;
// Gets the file names from the "files" section of the manifest. No
@@ -64,7 +63,6 @@ class Manifest {
// representation or an ISA-specific version of the file.
virtual bool ResolveKey(const nacl::string& key,
nacl::string* full_url,
- bool* permit_extension_url,
ErrorInfo* error_info,
bool* is_portable) const = 0;
diff --git a/ppapi/native_client/src/trusted/plugin/plugin.cc b/ppapi/native_client/src/trusted/plugin/plugin.cc
index 8274663..84f8a67 100644
--- a/ppapi/native_client/src/trusted/plugin/plugin.cc
+++ b/ppapi/native_client/src/trusted/plugin/plugin.cc
@@ -943,8 +943,7 @@ bool Plugin::Init(uint32_t argc, const char* argn[], const char* argv[]) {
manifest_url = LookupArgument(kNaClManifestAttribute);
// For content handlers the NEXE runs in the security context of the
// content it is rendering and the NEXE itself appears to be a
- // cross-origin resource stored in a Chrome extension. We request
- // universal access during the NEXE load so that we can read the NEXE.
+ // cross-origin resource stored in a Chrome extension.
}
// Use the document URL as the base for resolving relative URLs to find the
// manifest. This takes into account the setting of <base> tags that
@@ -1631,7 +1630,6 @@ void Plugin::ProcessNaClManifest(const nacl::string& manifest_json) {
CHECK(
nexe_downloader_.Open(program_url,
DOWNLOAD_TO_FILE,
- NexeIsContentHandler(),
open_callback,
&UpdateDownloadProgress));
return;
@@ -1673,7 +1671,6 @@ void Plugin::RequestNaClManifest(const nacl::string& url) {
// Will always call the callback on success or failure.
CHECK(nexe_downloader_.Open(nmf_resolved_url.AsString(),
DOWNLOAD_TO_BUFFER,
- NexeIsContentHandler(),
open_callback,
NULL));
} else {
@@ -1682,7 +1679,6 @@ void Plugin::RequestNaClManifest(const nacl::string& url) {
// Will always call the callback on success or failure.
CHECK(nexe_downloader_.Open(nmf_resolved_url.AsString(),
DOWNLOAD_TO_FILE,
- NexeIsContentHandler(),
open_callback,
NULL));
}
@@ -1753,10 +1749,8 @@ int32_t Plugin::GetPOSIXFileDesc(const nacl::string& url) {
bool Plugin::StreamAsFile(const nacl::string& url,
- bool permits_extension_urls,
PP_CompletionCallback callback) {
- PLUGIN_PRINTF(("Plugin::StreamAsFile (url='%s', permits_extension_urls=%d)\n",
- url.c_str(), permits_extension_urls));
+ PLUGIN_PRINTF(("Plugin::StreamAsFile (url='%s')\n", url.c_str()));
FileDownloader* downloader = new FileDownloader();
downloader->Initialize(this);
url_downloaders_.insert(downloader);
@@ -1777,7 +1771,6 @@ bool Plugin::StreamAsFile(const nacl::string& url,
// If true, will always call the callback on success or failure.
return downloader->Open(url,
DOWNLOAD_TO_FILE,
- permits_extension_urls || NexeIsContentHandler(),
open_callback,
&UpdateDownloadProgress);
}
diff --git a/ppapi/native_client/src/trusted/plugin/plugin.h b/ppapi/native_client/src/trusted/plugin/plugin.h
index 6f5f374..13e50fa 100644
--- a/ppapi/native_client/src/trusted/plugin/plugin.h
+++ b/ppapi/native_client/src/trusted/plugin/plugin.h
@@ -288,12 +288,7 @@ class Plugin : public pp::InstancePrivate {
// Requests a URL asynchronously resulting in a call to pp_callback with
// a PP_Error indicating status. On success an open file descriptor
// corresponding to the url body is recorded for further lookup.
- // permits_extension_urls determines whether a call to stream as file
- // should be allowed to load URLs that are outside of the origin of the
- // plugin. This is used by, e.g., the pnacl coordinator, which loads
- // llc, ld, and various object files from a chrome extension URL.
bool StreamAsFile(const nacl::string& url,
- bool permits_extension_urls,
PP_CompletionCallback pp_callback);
// Returns an open POSIX file descriptor retrieved by StreamAsFile()
// or NACL_NO_FILE_DESC. The caller must take ownership of the descriptor.
diff --git a/ppapi/native_client/src/trusted/plugin/pnacl_coordinator.cc b/ppapi/native_client/src/trusted/plugin/pnacl_coordinator.cc
index 57d2f11..807fe61 100644
--- a/ppapi/native_client/src/trusted/plugin/pnacl_coordinator.cc
+++ b/ppapi/native_client/src/trusted/plugin/pnacl_coordinator.cc
@@ -248,16 +248,11 @@ class ExtensionManifest : public Manifest {
virtual bool ResolveURL(const nacl::string& relative_url,
nacl::string* full_url,
- bool* permit_extension_url,
ErrorInfo* error_info) const {
// Does not do general URL resolution, simply appends relative_url to
// the end of manifest_base_url_.
UNREFERENCED_PARAMETER(error_info);
*full_url = manifest_base_url_ + relative_url;
- // Since the pnacl coordinator manifest provides access to resources
- // in the chrome extension, lookups will need to access resources in their
- // extension origin rather than the plugin's origin.
- *permit_extension_url = true;
return true;
}
@@ -270,7 +265,6 @@ class ExtensionManifest : public Manifest {
virtual bool ResolveKey(const nacl::string& key,
nacl::string* full_url,
- bool* permit_extension_url,
ErrorInfo* error_info,
bool* is_portable) const {
*is_portable = false;
@@ -284,7 +278,7 @@ class ExtensionManifest : public Manifest {
}
// Append what follows files to the pnacl URL prefix.
nacl::string key_basename = key.substr(kFilesPrefix.length());
- return ResolveURL(key_basename, full_url, permit_extension_url, error_info);
+ return ResolveURL(key_basename, full_url, error_info);
}
private:
@@ -322,14 +316,11 @@ class PnaclLDManifest : public Manifest {
virtual bool ResolveURL(const nacl::string& relative_url,
nacl::string* full_url,
- bool* permit_extension_url,
ErrorInfo* error_info) const {
- if (nexe_manifest_->ResolveURL(relative_url, full_url,
- permit_extension_url, error_info)) {
+ if (nexe_manifest_->ResolveURL(relative_url, full_url, error_info)) {
return true;
}
- return extension_manifest_->ResolveURL(relative_url, full_url,
- permit_extension_url, error_info);
+ return extension_manifest_->ResolveURL(relative_url, full_url, error_info);
}
virtual bool GetFileKeys(std::set<nacl::string>* keys) const {
@@ -341,14 +332,12 @@ class PnaclLDManifest : public Manifest {
virtual bool ResolveKey(const nacl::string& key,
nacl::string* full_url,
- bool* permit_extension_url,
ErrorInfo* error_info,
bool* is_portable) const {
- if (nexe_manifest_->ResolveKey(key, full_url, permit_extension_url,
- error_info, is_portable)) {
+ if (nexe_manifest_->ResolveKey(key, full_url, error_info, is_portable)) {
return true;
}
- return extension_manifest_->ResolveKey(key, full_url, permit_extension_url,
+ return extension_manifest_->ResolveKey(key, full_url,
error_info, is_portable);
}
@@ -696,8 +685,7 @@ void PnaclCoordinator::NexeWriteDidOpen(int32_t pp_error) {
pp::CompletionCallback cb =
callback_factory_.NewCallback(&PnaclCoordinator::RunTranslate);
- // "false" here indicates the pexe must be in user's manifest file origin.
- if (!plugin_->StreamAsFile(pexe_url_, false, cb.pp_completion_callback())) {
+ if (!plugin_->StreamAsFile(pexe_url_, cb.pp_completion_callback())) {
ReportNonPpapiError(nacl::string("failed to download ") + pexe_url_ + ".");
}
}
diff --git a/ppapi/native_client/src/trusted/plugin/pnacl_resources.cc b/ppapi/native_client/src/trusted/plugin/pnacl_resources.cc
index 044cc17..ecf6191 100644
--- a/ppapi/native_client/src/trusted/plugin/pnacl_resources.cc
+++ b/ppapi/native_client/src/trusted/plugin/pnacl_resources.cc
@@ -45,10 +45,8 @@ void PnaclResources::StartDownloads() {
CHECK(resource_urls_.size() > 0);
for (size_t i = 0; i < resource_urls_.size(); ++i) {
nacl::string full_url;
- bool permit_extension_url = false;
ErrorInfo error_info;
- if (!manifest_->ResolveURL(resource_urls_[i], &full_url,
- &permit_extension_url, &error_info)) {
+ if (!manifest_->ResolveURL(resource_urls_[i], &full_url, &error_info)) {
coordinator_->ReportNonPpapiError(nacl::string("failed to resolve ") +
resource_urls_[i] + ": " +
error_info.message() + ".");
@@ -59,7 +57,6 @@ void PnaclResources::StartDownloads() {
resource_urls_[i],
full_url);
if (!plugin_->StreamAsFile(full_url,
- permit_extension_url,
ready_callback.pp_completion_callback())) {
coordinator_->ReportNonPpapiError(nacl::string("failed to download ") +
resource_urls_[i] + ".");
diff --git a/ppapi/native_client/src/trusted/plugin/service_runtime.cc b/ppapi/native_client/src/trusted/plugin/service_runtime.cc
index 230b45f..9f0bb28 100644
--- a/ppapi/native_client/src/trusted/plugin/service_runtime.cc
+++ b/ppapi/native_client/src/trusted/plugin/service_runtime.cc
@@ -253,8 +253,7 @@ void PluginReverseInterface::OpenManifestEntry_MainThreadContinuation(
NaClLog(4, "Entered OpenManifestEntry_MainThreadContinuation\n");
std::string mapped_url;
- bool permit_extension_url = false;
- if (!manifest_->ResolveKey(p->url, &mapped_url, &permit_extension_url,
+ if (!manifest_->ResolveKey(p->url, &mapped_url,
p->error_info, p->is_portable)) {
NaClLog(4, "OpenManifestEntry_MainThreadContinuation: ResolveKey failed\n");
// Failed, and error_info has the details on what happened. Wake
@@ -278,7 +277,6 @@ void PluginReverseInterface::OpenManifestEntry_MainThreadContinuation(
&PluginReverseInterface::StreamAsFile_MainThreadContinuation,
open_cont);
if (!plugin_->StreamAsFile(mapped_url,
- permit_extension_url,
stream_cc.pp_completion_callback())) {
NaClLog(4,
"OpenManifestEntry_MainThreadContinuation: StreamAsFile failed\n");
diff --git a/ppapi/native_client/tests/ppapi_browser/extension_mime_handler/manifest.json b/ppapi/native_client/tests/ppapi_browser/extension_mime_handler/manifest.json
index 9f818b4..e3952eb 100644
--- a/ppapi/native_client/tests/ppapi_browser/extension_mime_handler/manifest.json
+++ b/ppapi/native_client/tests/ppapi_browser/extension_mime_handler/manifest.json
@@ -7,6 +7,10 @@
"experimental",
"nativeclient"
],
+ "web_accessible_resources": [ "ppapi_extension_mime_handler.nmf",
+ "ppapi_extension_mime_handler_x86-32.nexe",
+ "ppapi_extension_mime_handler_x86-64.nexe",
+ "ppapi_extension_mime_handler_arm.nexe" ],
"nacl_modules": [{
"path": "ppapi_extension_mime_handler.nmf",
"mime_type": "foo/bar"
generated by cgit v1.1 at 2025-02-14 14:24:18 +0000