diff options
42 files changed, 324 insertions, 86 deletions
diff --git a/chrome/browser/nacl_host/DEPS b/chrome/browser/nacl_host/DEPS new file mode 100644 index 0000000..8d6c1c2 --- /dev/null +++ b/chrome/browser/nacl_host/DEPS @@ -0,0 +1,3 @@ +include_rules = [ + "+ppapi/shared_impl", +] diff --git a/chrome/browser/nacl_host/nacl_process_host.cc b/chrome/browser/nacl_host/nacl_process_host.cc index 748506c..3c982c7 100644 --- a/chrome/browser/nacl_host/nacl_process_host.cc +++ b/chrome/browser/nacl_host/nacl_process_host.cc @@ -131,8 +131,10 @@ bool NaClProcessHost::PluginListener::OnMessageReceived( return host_->OnUntrustedMessageForwarded(msg); } +// TODO(brettw) bug 153036 set the pepper permissions up for dev interfaces. NaClProcessHost::NaClProcessHost(const GURL& manifest_url, bool off_the_record) : manifest_url_(manifest_url), + permissions_(ppapi::PpapiPermissions::GetForCommandLine(0)), #if defined(OS_WIN) process_launched_by_broker_(false), #elif defined(OS_LINUX) @@ -758,6 +760,7 @@ void NaClProcessHost::OnPpapiChannelCreated( ipc_proxy_channel_->Send( new PpapiMsg_CreateNaClChannel( chrome_render_message_filter_->render_process_id(), + permissions_, chrome_render_message_filter_->off_the_record(), SerializedHandle(SerializedHandle::CHANNEL_HANDLE, IPC::InvalidPlatformFileForTransit()))); diff --git a/chrome/browser/nacl_host/nacl_process_host.h b/chrome/browser/nacl_host/nacl_process_host.h index 6cfc3be..065704e 100644 --- a/chrome/browser/nacl_host/nacl_process_host.h +++ b/chrome/browser/nacl_host/nacl_process_host.h @@ -18,6 +18,7 @@ #include "googleurl/src/gurl.h" #include "ipc/ipc_channel_handle.h" #include "net/base/tcp_listen_socket.h" +#include "ppapi/shared_impl/ppapi_permissions.h" class ChromeRenderMessageFilter; class CommandLine; @@ -144,6 +145,7 @@ class NaClProcessHost : public content::BrowserChildProcessHostDelegate { bool OnUntrustedMessageForwarded(const IPC::Message& msg); GURL manifest_url_; + ppapi::PpapiPermissions permissions_; #if defined(OS_WIN) // This field becomes true when the broker successfully launched diff --git a/chrome/chrome_tests.gypi b/chrome/chrome_tests.gypi index f1d905d..69302cc 100644 --- a/chrome/chrome_tests.gypi +++ b/chrome/chrome_tests.gypi @@ -62,6 +62,7 @@ '../media/media.gyp:media_test_support', '../net/net.gyp:net', '../net/net.gyp:net_test_support', + '../ppapi/ppapi_internal.gyp:ppapi_shared', '../skia/skia.gyp:skia', '../testing/gmock.gyp:gmock', '../testing/gtest.gyp:gtest', diff --git a/chrome/common/pepper_flash.cc b/chrome/common/pepper_flash.cc index a13b221..d443625 100644 --- a/chrome/common/pepper_flash.cc +++ b/chrome/common/pepper_flash.cc @@ -34,6 +34,7 @@ bool IsPepperFlashEnabledByDefault() { int32 kPepperFlashPermissions = ppapi::PERMISSION_DEV | ppapi::PERMISSION_PRIVATE | - ppapi::PERMISSION_BYPASS_USER_GESTURE; + ppapi::PERMISSION_BYPASS_USER_GESTURE | + ppapi::PERMISSION_FLASH; diff --git a/chrome/renderer/pepper/ppb_nacl_private_impl.cc b/chrome/renderer/pepper/ppb_nacl_private_impl.cc index 588cedd..dcaaf7f 100644 --- a/chrome/renderer/pepper/ppb_nacl_private_impl.cc +++ b/chrome/renderer/pepper/ppb_nacl_private_impl.cc @@ -161,10 +161,11 @@ class OutOfProcessProxy : public PluginDelegate::OutOfProcessProxy { PP_Module pp_module, PP_GetInterface_Func local_get_interface, const ppapi::Preferences& preferences, - SyncMessageStatusReceiver* status_receiver) { + SyncMessageStatusReceiver* status_receiver, + const ppapi::PpapiPermissions& permissions) { dispatcher_delegate_.reset(new ProxyChannelDelegate); dispatcher_.reset(new ppapi::proxy::HostDispatcher( - pp_module, local_get_interface, status_receiver)); + pp_module, local_get_interface, status_receiver, permissions)); if (!dispatcher_->InitHostWithChannel(dispatcher_delegate_.get(), channel_handle, @@ -229,12 +230,17 @@ PP_Bool StartPpapiProxy(PP_Instance instance) { scoped_refptr<PluginModule> nacl_plugin_module( plugin_module->CreateModuleForNaClInstance()); + // TODO(brettw) bug 153036 set NaCl permissions to allow dev interface + // usage when necessary. + ppapi::PpapiPermissions permissions; + if (out_of_process_proxy->Init( channel_handle, nacl_plugin_module->pp_module(), PluginModule::GetLocalGetInterfaceFunc(), ppapi::Preferences(render_view->GetWebkitPreferences()), - status_receiver.get())) { + status_receiver.get(), + permissions)) { nacl_plugin_module->InitAsProxiedNaCl( out_of_process_proxy.PassAs<PluginDelegate::OutOfProcessProxy>(), instance); diff --git a/chrome/test/ppapi/DEPS b/chrome/test/ppapi/DEPS new file mode 100644 index 0000000..8d6c1c2 --- /dev/null +++ b/chrome/test/ppapi/DEPS @@ -0,0 +1,3 @@ +include_rules = [ + "+ppapi/shared_impl", +] diff --git a/chrome/test/ppapi/ppapi_test.cc b/chrome/test/ppapi/ppapi_test.cc index 5e00f8b..6e8cf5c 100644 --- a/chrome/test/ppapi/ppapi_test.cc +++ b/chrome/test/ppapi/ppapi_test.cc @@ -36,6 +36,7 @@ #include "media/audio/audio_manager.h" #include "net/base/net_util.h" #include "net/test/test_server.h" +#include "ppapi/shared_impl/ppapi_switches.h" #include "ui/gl/gl_switches.h" #include "webkit/plugins/plugin_switches.h" diff --git a/content/browser/ppapi_plugin_process_host.cc b/content/browser/ppapi_plugin_process_host.cc index 8042744..bb27c8d 100644 --- a/content/browser/ppapi_plugin_process_host.cc +++ b/content/browser/ppapi_plugin_process_host.cc @@ -161,7 +161,9 @@ PpapiPluginProcessHost::PpapiPluginProcessHost( const content::PepperPluginInfo& info, const FilePath& profile_data_directory, net::HostResolver* host_resolver) - : network_observer_(new PluginNetworkObserver(this)), + : permissions_( + ppapi::PpapiPermissions::GetForCommandLine(info.permissions)), + network_observer_(new PluginNetworkObserver(this)), profile_data_directory_(profile_data_directory), is_broker_(false) { process_.reset(new BrowserChildProcessHostImpl( @@ -170,8 +172,7 @@ PpapiPluginProcessHost::PpapiPluginProcessHost( filter_ = new PepperMessageFilter(PepperMessageFilter::PLUGIN, host_resolver); - ppapi::PpapiPermissions permissions(info.permissions); - host_impl_ = new content::BrowserPpapiHostImpl(this, permissions); + host_impl_ = new content::BrowserPpapiHostImpl(this, permissions_); file_filter_ = new PepperTrustedFileMessageFilter( process_->GetData().id, info.name, profile_data_directory); @@ -315,7 +316,7 @@ void PpapiPluginProcessHost::OnChannelConnected(int32 peer_pid) { // This will actually load the plugin. Errors will actually not be reported // back at this point. Instead, the plugin will fail to establish the // connections when we request them on behalf of the renderer(s). - Send(new PpapiMsg_LoadPlugin(plugin_path_)); + Send(new PpapiMsg_LoadPlugin(plugin_path_, permissions_)); // Process all pending channel requests from the renderers. for (size_t i = 0; i < pending_requests_.size(); i++) diff --git a/content/browser/ppapi_plugin_process_host.h b/content/browser/ppapi_plugin_process_host.h index 1aa0384..b19536e 100644 --- a/content/browser/ppapi_plugin_process_host.h +++ b/content/browser/ppapi_plugin_process_host.h @@ -18,6 +18,7 @@ #include "content/public/browser/browser_child_process_host_delegate.h" #include "content/public/browser/browser_child_process_host_iterator.h" #include "ipc/ipc_sender.h" +#include "ppapi/shared_impl/ppapi_permissions.h" class BrowserChildProcessHostImpl; @@ -138,6 +139,7 @@ class PpapiPluginProcessHost : public content::BrowserChildProcessHostDelegate, // Handles most requests from the plugin. May be NULL. scoped_refptr<PepperMessageFilter> filter_; + ppapi::PpapiPermissions permissions_; scoped_refptr<content::BrowserPpapiHostImpl> host_impl_; // Handles filesystem requests from flash plugins. May be NULL. diff --git a/content/browser/renderer_host/render_process_host_impl.cc b/content/browser/renderer_host/render_process_host_impl.cc index 5bcb7b2..8bc872e 100644 --- a/content/browser/renderer_host/render_process_host_impl.cc +++ b/content/browser/renderer_host/render_process_host_impl.cc @@ -114,6 +114,7 @@ #include "ipc/ipc_sync_channel.h" #include "media/base/media_switches.h" #include "net/url_request/url_request_context_getter.h" +#include "ppapi/shared_impl/ppapi_switches.h" #include "ui/base/ui_base_switches.h" #include "ui/gl/gl_switches.h" #include "webkit/fileapi/sandbox_mount_point_provider.h" diff --git a/content/common/pepper_plugin_registry.cc b/content/common/pepper_plugin_registry.cc index 259013b..010d160 100644 --- a/content/common/pepper_plugin_registry.cc +++ b/content/common/pepper_plugin_registry.cc @@ -71,9 +71,7 @@ void ComputePluginsFromCommandLine( } // Command-line plugins get full permissions. - plugin.permissions = ppapi::PERMISSION_DEV | - ppapi::PERMISSION_PRIVATE | - ppapi::PERMISSION_BYPASS_USER_GESTURE; + plugin.permissions = ppapi::PERMISSION_ALL_BITS; plugins->push_back(plugin); } diff --git a/content/ppapi_plugin/plugin_process_dispatcher.cc b/content/ppapi_plugin/plugin_process_dispatcher.cc index 869f94c..72b93de 100644 --- a/content/ppapi_plugin/plugin_process_dispatcher.cc +++ b/content/ppapi_plugin/plugin_process_dispatcher.cc @@ -17,8 +17,10 @@ const int kPluginReleaseTimeSeconds = 30; PluginProcessDispatcher::PluginProcessDispatcher( PP_GetInterface_Func get_interface, + const ppapi::PpapiPermissions& permissions, bool incognito) : ppapi::proxy::PluginDispatcher(get_interface, + permissions, incognito) { ChildProcess::current()->AddRefProcess(); } diff --git a/content/ppapi_plugin/plugin_process_dispatcher.h b/content/ppapi_plugin/plugin_process_dispatcher.h index b48f5b1..942cd09 100644 --- a/content/ppapi_plugin/plugin_process_dispatcher.h +++ b/content/ppapi_plugin/plugin_process_dispatcher.h @@ -14,6 +14,7 @@ class PluginProcessDispatcher : public ppapi::proxy::PluginDispatcher { public: PluginProcessDispatcher(PP_GetInterface_Func get_interface, + const ppapi::PpapiPermissions& permissions, bool incognito); virtual ~PluginProcessDispatcher(); diff --git a/content/ppapi_plugin/ppapi_thread.cc b/content/ppapi_plugin/ppapi_thread.cc index 7e1c3bc..4a6b03e 100644 --- a/content/ppapi_plugin/ppapi_thread.cc +++ b/content/ppapi_plugin/ppapi_thread.cc @@ -211,9 +211,14 @@ void PpapiThread::Unregister(uint32 plugin_dispatcher_id) { plugin_dispatchers_.erase(plugin_dispatcher_id); } -void PpapiThread::OnMsgLoadPlugin(const FilePath& path) { +void PpapiThread::OnMsgLoadPlugin(const FilePath& path, + const ppapi::PpapiPermissions& permissions) { SavePluginName(path); + // This must be set before calling into the plugin so it can get the + // interfaces it has permission for. + ppapi::proxy::InterfaceList::SetProcessGlobalPermissions(permissions); + std::string error; base::ScopedNativeLibrary library(base::LoadNativeLibrary(path, &error)); @@ -294,10 +299,11 @@ void PpapiThread::OnMsgLoadPlugin(const FilePath& path) { } library_.Reset(library.Release()); + + permissions_ = permissions; } -void PpapiThread::OnMsgCreateChannel(int renderer_id, - bool incognito) { +void PpapiThread::OnMsgCreateChannel(int renderer_id, bool incognito) { IPC::ChannelHandle channel_handle; if (!library_.is_valid() || // Plugin couldn't be loaded. !SetupRendererChannel(renderer_id, incognito, &channel_handle)) { @@ -358,7 +364,9 @@ bool PpapiThread::SetupRendererChannel(int renderer_id, dispatcher = broker_dispatcher; } else { PluginProcessDispatcher* plugin_dispatcher = - new PluginProcessDispatcher(get_plugin_interface_, incognito); + new PluginProcessDispatcher(get_plugin_interface_, + permissions_, + incognito); init_result = plugin_dispatcher->InitPluginWithChannel(this, plugin_handle, false); diff --git a/content/ppapi_plugin/ppapi_thread.h b/content/ppapi_plugin/ppapi_thread.h index 0329809..8c6185a 100644 --- a/content/ppapi_plugin/ppapi_thread.h +++ b/content/ppapi_plugin/ppapi_thread.h @@ -67,7 +67,8 @@ class PpapiThread : public ChildThread, virtual void SetActiveURL(const std::string& url) OVERRIDE; // Message handlers. - void OnMsgLoadPlugin(const FilePath& path); + void OnMsgLoadPlugin(const FilePath& path, + const ppapi::PpapiPermissions& permissions); void OnMsgCreateChannel(int renderer_id, bool incognito); void OnMsgResourceReply( @@ -90,6 +91,8 @@ class PpapiThread : public ChildThread, base::ScopedNativeLibrary library_; + ppapi::PpapiPermissions permissions_; + // Global state tracking for the proxy. ppapi::proxy::PluginGlobals plugin_globals_; diff --git a/content/renderer/browser_plugin/old/guest_to_embedder_channel.cc b/content/renderer/browser_plugin/old/guest_to_embedder_channel.cc index b3f35c9..d5ff345 100644 --- a/content/renderer/browser_plugin/old/guest_to_embedder_channel.cc +++ b/content/renderer/browser_plugin/old/guest_to_embedder_channel.cc @@ -28,7 +28,7 @@ namespace old { GuestToEmbedderChannel::GuestToEmbedderChannel( const std::string& embedder_channel_name, const IPC::ChannelHandle& embedder_channel_handle) - : Dispatcher(NULL), + : Dispatcher(NULL, ppapi::PpapiPermissions()), embedder_channel_name_(embedder_channel_name), embedder_channel_handle_(embedder_channel_handle) { SetSerializationRules(new BrowserPluginVarSerializationRules()); diff --git a/content/renderer/pepper/pepper_plugin_delegate_impl.cc b/content/renderer/pepper/pepper_plugin_delegate_impl.cc index f7c724f..694eefd 100644 --- a/content/renderer/pepper/pepper_plugin_delegate_impl.cc +++ b/content/renderer/pepper/pepper_plugin_delegate_impl.cc @@ -133,7 +133,7 @@ class HostDispatcherWrapper dispatcher_delegate_.reset(new PepperProxyChannelDelegateImpl); dispatcher_.reset(new ppapi::proxy::HostDispatcher( - module_->pp_module(), local_get_interface, filter)); + module_->pp_module(), local_get_interface, filter, permissions_)); if (!dispatcher_->InitHostWithChannel(dispatcher_delegate_.get(), channel_handle, @@ -369,7 +369,9 @@ PepperPluginDelegateImpl::CreatePepperPluginModule( // In-process plugin not preloaded, it probably couldn't be initialized. return scoped_refptr<webkit::ppapi::PluginModule>(); } - ppapi::PpapiPermissions permissions(info->permissions); + + ppapi::PpapiPermissions permissions = + ppapi::PpapiPermissions::GetForCommandLine(info->permissions); // Out of process: have the browser start the plugin process for us. IPC::ChannelHandle channel_handle; diff --git a/ppapi/ppapi_shared.gypi b/ppapi/ppapi_shared.gypi index 25d0228..e43870c 100644 --- a/ppapi/ppapi_shared.gypi +++ b/ppapi/ppapi_shared.gypi @@ -40,6 +40,8 @@ 'shared_impl/ppapi_permissions.h', 'shared_impl/ppapi_preferences.cc', 'shared_impl/ppapi_preferences.h', + 'shared_impl/ppapi_switches.cc', + 'shared_impl/ppapi_switches.h', 'shared_impl/ppb_audio_config_shared.cc', 'shared_impl/ppb_audio_config_shared.h', 'shared_impl/ppb_audio_input_shared.cc', diff --git a/ppapi/proxy/dispatcher.cc b/ppapi/proxy/dispatcher.cc index 3ef2c27..3b18932 100644 --- a/ppapi/proxy/dispatcher.cc +++ b/ppapi/proxy/dispatcher.cc @@ -17,9 +17,10 @@ namespace ppapi { namespace proxy { -Dispatcher::Dispatcher(PP_GetInterface_Func local_get_interface) - : disallow_trusted_interfaces_(false), // TODO(brettw) make this settable. - local_get_interface_(local_get_interface) { +Dispatcher::Dispatcher(PP_GetInterface_Func local_get_interface, + const PpapiPermissions& permissions) + : local_get_interface_(local_get_interface), + permissions_(permissions) { } Dispatcher::~Dispatcher() { diff --git a/ppapi/proxy/dispatcher.h b/ppapi/proxy/dispatcher.h index 3bd8598..7bb2c7e 100644 --- a/ppapi/proxy/dispatcher.h +++ b/ppapi/proxy/dispatcher.h @@ -83,8 +83,11 @@ class PPAPI_PROXY_EXPORT Dispatcher : public ProxyChannel { return local_get_interface_; } + const PpapiPermissions& permissions() const { return permissions_; } + protected: - explicit Dispatcher(PP_GetInterface_Func local_get_interface); + explicit Dispatcher(PP_GetInterface_Func local_get_interface, + const PpapiPermissions& permissions); // Setter for the derived classes to set the appropriate var serialization. // Takes one reference of the given pointer, which must be on the heap. @@ -94,10 +97,6 @@ class PPAPI_PROXY_EXPORT Dispatcher : public ProxyChannel { // default implementation does nothing, derived classes can override. virtual void OnInvalidMessageReceived(); - bool disallow_trusted_interfaces() const { - return disallow_trusted_interfaces_; - } - protected: std::vector<IPC::Listener*> filters_; @@ -114,6 +113,8 @@ class PPAPI_PROXY_EXPORT Dispatcher : public ProxyChannel { scoped_refptr<VarSerializationRules> serialization_rules_; + PpapiPermissions permissions_; + DISALLOW_COPY_AND_ASSIGN(Dispatcher); }; diff --git a/ppapi/proxy/host_dispatcher.cc b/ppapi/proxy/host_dispatcher.cc index 0170edb..835fd62 100644 --- a/ppapi/proxy/host_dispatcher.cc +++ b/ppapi/proxy/host_dispatcher.cc @@ -61,8 +61,9 @@ class BoolRestorer { HostDispatcher::HostDispatcher(PP_Module module, PP_GetInterface_Func local_get_interface, - SyncMessageStatusReceiver* sync_status) - : Dispatcher(local_get_interface), + SyncMessageStatusReceiver* sync_status, + const PpapiPermissions& permissions) + : Dispatcher(local_get_interface, permissions), sync_status_(sync_status), pp_module_(module), ppb_proxy_(NULL), diff --git a/ppapi/proxy/host_dispatcher.h b/ppapi/proxy/host_dispatcher.h index da64467..98a7ad5 100644 --- a/ppapi/proxy/host_dispatcher.h +++ b/ppapi/proxy/host_dispatcher.h @@ -50,7 +50,8 @@ class PPAPI_PROXY_EXPORT HostDispatcher : public Dispatcher { // You must call InitHostWithChannel after the constructor. HostDispatcher(PP_Module module, PP_GetInterface_Func local_get_interface, - SyncMessageStatusReceiver* sync_status); + SyncMessageStatusReceiver* sync_status, + const PpapiPermissions& permissions); ~HostDispatcher(); // You must call this function before anything else. Returns true on success. diff --git a/ppapi/proxy/interface_list.cc b/ppapi/proxy/interface_list.cc index 99b846f..5d94635 100644 --- a/ppapi/proxy/interface_list.cc +++ b/ppapi/proxy/interface_list.cc @@ -4,6 +4,7 @@ #include "ppapi/proxy/interface_list.h" +#include "base/lazy_instance.h" #include "base/memory/singleton.h" #include "ppapi/c/dev/ppb_audio_input_dev.h" #include "ppapi/c/dev/ppb_buffer_dev.h" @@ -157,6 +158,8 @@ InterfaceProxy* ProxyFactory(Dispatcher* dispatcher) { return new ProxyClass(dispatcher); } +base::LazyInstance<PpapiPermissions> g_process_global_permissions; + } // namespace InterfaceList::InterfaceList() { @@ -168,19 +171,34 @@ InterfaceList::InterfaceList() { AddProxy(PROXY_API_ID(api_name), &PROXY_FACTORY_NAME(api_name)); // Register each proxied interface by calling AddPPB for each supported - // interface. + // interface. Set current_required_permission to the appropriate value for + // the value you want expanded by this macro. #define PROXIED_IFACE(api_name, iface_str, iface_struct) \ AddPPB(iface_str, PROXY_API_ID(api_name), \ - INTERFACE_THUNK_NAME(iface_struct)()); + INTERFACE_THUNK_NAME(iface_struct)(), \ + current_required_permission); + + { + Permission current_required_permission = PERMISSION_NONE; + #include "ppapi/thunk/interfaces_ppb_public_stable.h" + } - #include "ppapi/thunk/interfaces_ppb_public_stable.h" #if !defined(OS_NACL) - #include "ppapi/thunk/interfaces_ppb_public_dev.h" - #include "ppapi/thunk/interfaces_ppb_private.h" + { + Permission current_required_permission = PERMISSION_DEV; + #include "ppapi/thunk/interfaces_ppb_public_dev.h" + } + { + Permission current_required_permission = PERMISSION_PRIVATE; + #include "ppapi/thunk/interfaces_ppb_private.h" + } #endif #if !defined(OS_NACL) - #include "ppapi/thunk/interfaces_ppb_private_flash.h" + { + Permission current_required_permission = PERMISSION_FLASH; + #include "ppapi/thunk/interfaces_ppb_private_flash.h" + } #endif #undef PROXIED_API @@ -193,44 +211,48 @@ InterfaceList::InterfaceList() { AddProxy(API_ID_RESOURCE_CREATION, &ResourceCreationProxy::Create); AddProxy(API_ID_PPP_CLASS, &PPP_Class_Proxy::Create); AddPPB(PPB_CORE_INTERFACE_1_0, API_ID_PPB_CORE, - PPB_Core_Proxy::GetPPB_Core_Interface()); + PPB_Core_Proxy::GetPPB_Core_Interface(), PERMISSION_NONE); AddPPB(PPB_MESSAGELOOP_DEV_INTERFACE_0_1, API_ID_NONE, - PPB_MessageLoop_Proxy::GetInterface()); + PPB_MessageLoop_Proxy::GetInterface(), PERMISSION_DEV); AddPPB(PPB_OPENGLES2_INTERFACE_1_0, API_ID_NONE, - PPB_OpenGLES2_Shared::GetInterface()); + PPB_OpenGLES2_Shared::GetInterface(), PERMISSION_NONE); AddPPB(PPB_OPENGLES2_INSTANCEDARRAYS_INTERFACE_1_0, API_ID_NONE, - PPB_OpenGLES2_Shared::GetInstancedArraysInterface()); + PPB_OpenGLES2_Shared::GetInstancedArraysInterface(), PERMISSION_NONE); AddPPB(PPB_OPENGLES2_FRAMEBUFFERBLIT_INTERFACE_1_0, API_ID_NONE, - PPB_OpenGLES2_Shared::GetFramebufferBlitInterface()); + PPB_OpenGLES2_Shared::GetFramebufferBlitInterface(), PERMISSION_NONE); AddPPB(PPB_OPENGLES2_FRAMEBUFFERMULTISAMPLE_INTERFACE_1_0, API_ID_NONE, - PPB_OpenGLES2_Shared::GetFramebufferMultisampleInterface()); + PPB_OpenGLES2_Shared::GetFramebufferMultisampleInterface(), + PERMISSION_NONE); AddPPB(PPB_OPENGLES2_CHROMIUMENABLEFEATURE_INTERFACE_1_0, API_ID_NONE, - PPB_OpenGLES2_Shared::GetChromiumEnableFeatureInterface()); + PPB_OpenGLES2_Shared::GetChromiumEnableFeatureInterface(), + PERMISSION_NONE); AddPPB(PPB_OPENGLES2_CHROMIUMMAPSUB_INTERFACE_1_0, API_ID_NONE, - PPB_OpenGLES2_Shared::GetChromiumMapSubInterface()); + PPB_OpenGLES2_Shared::GetChromiumMapSubInterface(), PERMISSION_NONE); AddPPB(PPB_OPENGLES2_CHROMIUMMAPSUB_DEV_INTERFACE_1_0, API_ID_NONE, - PPB_OpenGLES2_Shared::GetChromiumMapSubInterface()); + PPB_OpenGLES2_Shared::GetChromiumMapSubInterface(), PERMISSION_NONE); AddPPB(PPB_OPENGLES2_QUERY_INTERFACE_1_0, API_ID_NONE, - PPB_OpenGLES2_Shared::GetQueryInterface()); + PPB_OpenGLES2_Shared::GetQueryInterface(), PERMISSION_NONE); #if !defined(OS_NACL) AddPPB(PPB_FLASH_PRINT_INTERFACE_1_0, API_ID_PPB_FLASH, - PPB_Flash_Proxy::GetFlashPrintInterface()); + PPB_Flash_Proxy::GetFlashPrintInterface(), + PERMISSION_FLASH); #endif AddPPB(PPB_VAR_ARRAY_BUFFER_INTERFACE_1_0, API_ID_NONE, - PPB_Var_Shared::GetVarArrayBufferInterface1_0()); + PPB_Var_Shared::GetVarArrayBufferInterface1_0(), + PERMISSION_DEV); AddPPB(PPB_VAR_INTERFACE_1_1, API_ID_NONE, - PPB_Var_Shared::GetVarInterface1_1()); + PPB_Var_Shared::GetVarInterface1_1(), PERMISSION_NONE); AddPPB(PPB_VAR_INTERFACE_1_0, API_ID_NONE, - PPB_Var_Shared::GetVarInterface1_0()); + PPB_Var_Shared::GetVarInterface1_0(), PERMISSION_NONE); #if !defined(OS_NACL) // PPB (browser) interfaces. // Do not add more stuff here, they should be added to interface_list*.h // TODO(brettw) remove these. - AddPPB(PPB_Instance_Proxy::GetInfoPrivate()); - AddPPB(PPB_PDF_Proxy::GetInfo()); - AddPPB(PPB_URLLoader_Proxy::GetTrustedInfo()); - AddPPB(PPB_Var_Deprecated_Proxy::GetInfo()); + AddPPB(PPB_Instance_Proxy::GetInfoPrivate(), PERMISSION_PRIVATE); + AddPPB(PPB_PDF_Proxy::GetInfo(), PERMISSION_PRIVATE); + AddPPB(PPB_URLLoader_Proxy::GetTrustedInfo(), PERMISSION_PRIVATE); + AddPPB(PPB_Var_Deprecated_Proxy::GetInfo(), PERMISSION_DEV); // TODO(tomfinegan): Figure out where to put these once we refactor things // to load the PPP interface struct from the PPB interface. @@ -240,7 +262,7 @@ InterfaceList::InterfaceList() { API_ID_PPP_CONTENT_DECRYPTOR_PRIVATE, PPP_ContentDecryptor_Private_Proxy::GetProxyInterface()); #endif - AddPPB(PPB_Testing_Proxy::GetInfo()); + AddPPB(PPB_Testing_Proxy::GetInfo(), PERMISSION_TESTING); // PPP (plugin) interfaces. // TODO(brettw) move these to interface_list*.h @@ -276,6 +298,12 @@ InterfaceList* InterfaceList::GetInstance() { return Singleton<InterfaceList>::get(); } +// static +void InterfaceList::SetProcessGlobalPermissions( + const PpapiPermissions& permissions) { + g_process_global_permissions.Get() = permissions; +} + ApiID InterfaceList::GetIDForPPBInterface(const std::string& name) const { NameToInterfaceInfoMap::const_iterator found = name_to_browser_info_.find(name); @@ -305,7 +333,11 @@ const void* InterfaceList::GetInterfaceForPPB(const std::string& name) const { name_to_browser_info_.find(name); if (found == name_to_browser_info_.end()) return NULL; - return found->second.iface; + + if (g_process_global_permissions.Get().HasPermission( + found->second.required_permission)) + return found->second.iface; + return NULL; } const void* InterfaceList::GetInterfaceForPPP(const std::string& name) const { @@ -334,21 +366,22 @@ void InterfaceList::AddProxy(ApiID id, void InterfaceList::AddPPB(const char* name, ApiID id, - const void* iface) { + const void* iface, + Permission perm) { DCHECK(name_to_browser_info_.find(name) == name_to_browser_info_.end()); - name_to_browser_info_[name] = InterfaceInfo(id, iface); + name_to_browser_info_[name] = InterfaceInfo(id, iface, perm); } void InterfaceList::AddPPP(const char* name, ApiID id, const void* iface) { DCHECK(name_to_plugin_info_.find(name) == name_to_plugin_info_.end()); - name_to_plugin_info_[name] = InterfaceInfo(id, iface); + name_to_plugin_info_[name] = InterfaceInfo(id, iface, PERMISSION_NONE); } -void InterfaceList::AddPPB(const InterfaceProxy::Info* info) { +void InterfaceList::AddPPB(const InterfaceProxy::Info* info, Permission perm) { AddProxy(info->id, info->create_proxy); - AddPPB(info->name, info->id, info->interface_ptr); + AddPPB(info->name, info->id, info->interface_ptr, perm); } void InterfaceList::AddPPP(const InterfaceProxy::Info* info) { diff --git a/ppapi/proxy/interface_list.h b/ppapi/proxy/interface_list.h index 3863234..9ef91dc 100644 --- a/ppapi/proxy/interface_list.h +++ b/ppapi/proxy/interface_list.h @@ -10,6 +10,8 @@ #include "base/basictypes.h" #include "ppapi/proxy/interface_proxy.h" +#include "ppapi/proxy/ppapi_proxy_export.h" +#include "ppapi/shared_impl/ppapi_permissions.h" namespace ppapi { namespace proxy { @@ -21,6 +23,19 @@ class InterfaceList { static InterfaceList* GetInstance(); + // Sets the permissions that the interface list will use to compute + // whether an interface is available to the current process. By default, + // this will be "no permissions", which will give only access to public + // stable interfaces via GetInterface. + // + // IMPORTANT: This is not a security boundary. Malicious plugins can bypass + // this check since they run in the same address space as this code in the + // plugin process. A real security check is required for all IPC messages. + // This check just allows us to return NULL for interfaces you "shouldn't" be + // using to keep honest plugins honest. + static PPAPI_PROXY_EXPORT void SetProcessGlobalPermissions( + const PpapiPermissions& permissions); + // Looks up the ID for the given interface name. Returns API_ID_NONE if // the interface string is not found. ApiID GetIDForPPBInterface(const std::string& name) const; @@ -39,29 +54,42 @@ class InterfaceList { struct InterfaceInfo { InterfaceInfo() : id(API_ID_NONE), - iface(NULL) { + iface(NULL), + required_permission(PERMISSION_NONE) { } - InterfaceInfo(ApiID in_id, const void* in_interface) + InterfaceInfo(ApiID in_id, const void* in_interface, Permission in_perm) : id(in_id), - iface(in_interface) { + iface(in_interface), + required_permission(in_perm) { } ApiID id; const void* iface; + + // Permission required to return non-null for this interface. This will + // be checked with the value set via SetProcessGlobalPermissionBits when + // an interface is requested. + Permission required_permission; }; typedef std::map<std::string, InterfaceInfo> NameToInterfaceInfoMap; void AddProxy(ApiID id, InterfaceProxy::Factory factory); - void AddPPB(const char* name, ApiID id, const void* iface); + // Permissions is the type of permission required to access the corresponding + // interface. Currently this must be just one unique permission (rather than + // a bitfield). + void AddPPB(const char* name, ApiID id, const void* iface, + Permission permission); void AddPPP(const char* name, ApiID id, const void* iface); // Old-style add functions. These should be removed when the rest of the // proxies are converted over to using the new system. - void AddPPB(const InterfaceProxy::Info* info); + void AddPPB(const InterfaceProxy::Info* info, Permission perm); void AddPPP(const InterfaceProxy::Info* info); + PpapiPermissions permissions_; + NameToInterfaceInfoMap name_to_browser_info_; NameToInterfaceInfoMap name_to_plugin_info_; diff --git a/ppapi/proxy/plugin_dispatcher.cc b/ppapi/proxy/plugin_dispatcher.cc index 8dbca8d..51a8ff2 100644 --- a/ppapi/proxy/plugin_dispatcher.cc +++ b/ppapi/proxy/plugin_dispatcher.cc @@ -60,8 +60,9 @@ InstanceData::~InstanceData() { } PluginDispatcher::PluginDispatcher(PP_GetInterface_Func get_interface, + const PpapiPermissions& permissions, bool incognito) - : Dispatcher(get_interface), + : Dispatcher(get_interface, permissions), plugin_delegate_(NULL), received_preferences_(false), plugin_dispatcher_id_(0), diff --git a/ppapi/proxy/plugin_dispatcher.h b/ppapi/proxy/plugin_dispatcher.h index 66b5e2d..fe2999c 100644 --- a/ppapi/proxy/plugin_dispatcher.h +++ b/ppapi/proxy/plugin_dispatcher.h @@ -83,8 +83,18 @@ class PPAPI_PROXY_EXPORT PluginDispatcher // will be automatically called when requested by the renderer side. The // module ID will be set upon receipt of the InitializeModule message. // + // Note about permissions: On the plugin side, the dispatcher and the plugin + // run in the same address space (including in nacl). This means that the + // permissions here are subject to malicious modification and bypass, and + // an exploited or malicious plugin could send any IPC messages and just + // bypass the permissions. All permissions must be checked "for realz" in the + // host process when receiving messages. We check them on the plugin side + // primarily to keep honest plugins honest, especially with respect to + // dev interfaces that they "shouldn't" be using. + // // You must call InitPluginWithChannel after the constructor. PluginDispatcher(PP_GetInterface_Func get_interface, + const PpapiPermissions& permissions, bool incognito); virtual ~PluginDispatcher(); diff --git a/ppapi/proxy/plugin_main_nacl.cc b/ppapi/proxy/plugin_main_nacl.cc index aae60b0..1b5ff55 100644 --- a/ppapi/proxy/plugin_main_nacl.cc +++ b/ppapi/proxy/plugin_main_nacl.cc @@ -76,6 +76,7 @@ class PpapiDispatcher : public ProxyChannel, private: void OnMsgCreateNaClChannel(int renderer_id, + const ppapi::PpapiPermissions& permissions, bool incognito, SerializedHandle handle); void OnPluginDispatcherMessageReceived(const IPC::Message& msg); @@ -182,11 +183,18 @@ bool PpapiDispatcher::OnMessageReceived(const IPC::Message& msg) { return true; } -void PpapiDispatcher::OnMsgCreateNaClChannel(int renderer_id, - bool incognito, - SerializedHandle handle) { +void PpapiDispatcher::OnMsgCreateNaClChannel( + int renderer_id, + const ppapi::PpapiPermissions& permissions, + bool incognito, + SerializedHandle handle) { + // Tell the process-global GetInterface which interfaces it can return to the + // plugin. + ppapi::proxy::InterfaceList::SetProcessGlobalPermissions( + permissions); + PluginDispatcher* dispatcher = - new PluginDispatcher(::PPP_GetInterface, incognito); + new PluginDispatcher(::PPP_GetInterface, permissions, incognito); // The channel handle's true name is not revealed here. IPC::ChannelHandle channel_handle("nacl", handle.descriptor()); if (!dispatcher->InitPluginWithChannel(this, channel_handle, false)) { diff --git a/ppapi/proxy/ppapi_messages.h b/ppapi/proxy/ppapi_messages.h index bd24ab2..ba99e8c 100644 --- a/ppapi/proxy/ppapi_messages.h +++ b/ppapi/proxy/ppapi_messages.h @@ -259,7 +259,9 @@ IPC_STRUCT_TRAITS_END() // These are from the browser to the plugin. // Loads the given plugin. -IPC_MESSAGE_CONTROL1(PpapiMsg_LoadPlugin, FilePath /* path */) +IPC_MESSAGE_CONTROL2(PpapiMsg_LoadPlugin, + FilePath /* path */, + ppapi::PpapiPermissions /* permissions */) // Creates a channel to talk to a renderer. The plugin will respond with // PpapiHostMsg_ChannelCreated. @@ -270,8 +272,9 @@ IPC_MESSAGE_CONTROL2(PpapiMsg_CreateChannel, // Creates a channel to talk to a renderer. This message is only used by the // NaCl IPC proxy. It is intercepted by NaClIPCAdapter, which creates the // actual channel and rewrites the message for the untrusted side. -IPC_MESSAGE_CONTROL3(PpapiMsg_CreateNaClChannel, +IPC_MESSAGE_CONTROL4(PpapiMsg_CreateNaClChannel, int /* renderer_id */, + ppapi::PpapiPermissions /* permissions */, bool /* incognito */, ppapi::proxy::SerializedHandle /* channel_handle */) diff --git a/ppapi/proxy/ppapi_param_traits.cc b/ppapi/proxy/ppapi_param_traits.cc index 2858eaf..1c1ddbe 100644 --- a/ppapi/proxy/ppapi_param_traits.cc +++ b/ppapi/proxy/ppapi_param_traits.cc @@ -312,6 +312,29 @@ void ParamTraits< std::vector<ppapi::PPB_FileRef_CreateInfo> >::Log( std::string* l) { } +// ppapi::PpapiPermissions ----------------------------------------------------- + +void ParamTraits<ppapi::PpapiPermissions>::Write(Message* m, + const param_type& p) { + ParamTraits<uint32_t>::Write(m, p.GetBits()); +} + +// static +bool ParamTraits<ppapi::PpapiPermissions>::Read(const Message* m, + PickleIterator* iter, + param_type* r) { + uint32_t bits; + if (!ParamTraits<uint32_t>::Read(m, iter, &bits)) + return false; + *r = ppapi::PpapiPermissions(bits); + return true; +} + +// static +void ParamTraits<ppapi::PpapiPermissions>::Log(const param_type& p, + std::string* l) { +} + // SerializedHandle ------------------------------------------------------------ // static diff --git a/ppapi/proxy/ppapi_param_traits.h b/ppapi/proxy/ppapi_param_traits.h index 70600d3..13f7351 100644 --- a/ppapi/proxy/ppapi_param_traits.h +++ b/ppapi/proxy/ppapi_param_traits.h @@ -14,6 +14,7 @@ #include "ppapi/c/pp_rect.h" #include "ppapi/c/pp_var.h" #include "ppapi/proxy/ppapi_proxy_export.h" +#include "ppapi/shared_impl/ppapi_permissions.h" #include "ppapi/shared_impl/ppb_file_ref_shared.h" struct PP_FileInfo; @@ -156,6 +157,14 @@ struct PPAPI_PROXY_EXPORT ParamTraits< std::vector< static void Log(const param_type& p, std::string* l); }; +template<> +struct PPAPI_PROXY_EXPORT ParamTraits<ppapi::PpapiPermissions> { + typedef ppapi::PpapiPermissions param_type; + static void Write(Message* m, const param_type& p); + static bool Read(const Message* m, PickleIterator* iter, param_type* r); + static void Log(const param_type& p, std::string* l); +}; + #if !defined(OS_NACL) && !defined(NACL_WIN64) template<> struct PPAPI_PROXY_EXPORT ParamTraits<ppapi::proxy::SerializedFlashMenu> { diff --git a/ppapi/proxy/ppapi_proxy_test.cc b/ppapi/proxy/ppapi_proxy_test.cc index be75083..bf139bb 100644 --- a/ppapi/proxy/ppapi_proxy_test.cc +++ b/ppapi/proxy/ppapi_proxy_test.cc @@ -169,6 +169,7 @@ void PluginProxyTestHarness::SetUpHarness() { plugin_dispatcher_.reset(new PluginDispatcher( &MockGetInterface, + PpapiPermissions(), false)); plugin_dispatcher_->InitWithTestSink(&sink()); plugin_dispatcher_->DidCreateInstance(pp_instance()); @@ -195,6 +196,7 @@ void PluginProxyTestHarness::SetUpHarnessWithChannel( plugin_dispatcher_.reset(new PluginDispatcher( &MockGetInterface, + PpapiPermissions(), false)); plugin_dispatcher_->InitPluginWithChannel(&plugin_delegate_mock_, channel_handle, @@ -314,7 +316,8 @@ void HostProxyTestHarness::SetUpHarness() { host_dispatcher_.reset(new HostDispatcher( pp_module(), &MockGetInterface, - status_receiver_.release())); + status_receiver_.release(), + PpapiPermissions())); host_dispatcher_->InitWithTestSink(&sink()); HostDispatcher::SetForInstance(pp_instance(), host_dispatcher_.get()); } @@ -333,7 +336,8 @@ void HostProxyTestHarness::SetUpHarnessWithChannel( host_dispatcher_.reset(new HostDispatcher( pp_module(), &MockGetInterface, - status_receiver_.release())); + status_receiver_.release(), + PpapiPermissions())); ppapi::Preferences preferences; host_dispatcher_->InitHostWithChannel(&delegate_mock_, channel_handle, is_client, preferences); diff --git a/ppapi/proxy/ppb_flash_menu_proxy.cc b/ppapi/proxy/ppb_flash_menu_proxy.cc index 1c919a6..9cc8d63 100644 --- a/ppapi/proxy/ppb_flash_menu_proxy.cc +++ b/ppapi/proxy/ppb_flash_menu_proxy.cc @@ -102,6 +102,9 @@ PP_Resource PPB_Flash_Menu_Proxy::CreateProxyResource( } bool PPB_Flash_Menu_Proxy::OnMessageReceived(const IPC::Message& msg) { + if (!dispatcher()->permissions().HasPermission(PERMISSION_FLASH)) + return false; + bool handled = true; IPC_BEGIN_MESSAGE_MAP(PPB_Flash_Menu_Proxy, msg) IPC_MESSAGE_HANDLER(PpapiHostMsg_PPBFlashMenu_Create, diff --git a/ppapi/proxy/ppb_flash_message_loop_proxy.cc b/ppapi/proxy/ppb_flash_message_loop_proxy.cc index 2124e5a..c4d4ce1 100644 --- a/ppapi/proxy/ppb_flash_message_loop_proxy.cc +++ b/ppapi/proxy/ppb_flash_message_loop_proxy.cc @@ -96,6 +96,9 @@ PP_Resource PPB_Flash_MessageLoop_Proxy::CreateProxyResource( } bool PPB_Flash_MessageLoop_Proxy::OnMessageReceived(const IPC::Message& msg) { + if (!dispatcher()->permissions().HasPermission(PERMISSION_FLASH)) + return false; + bool handled = true; IPC_BEGIN_MESSAGE_MAP(PPB_Flash_MessageLoop_Proxy, msg) IPC_MESSAGE_HANDLER(PpapiHostMsg_PPBFlashMessageLoop_Create, diff --git a/ppapi/proxy/ppb_flash_proxy.cc b/ppapi/proxy/ppb_flash_proxy.cc index a8767f7..c45318c 100644 --- a/ppapi/proxy/ppb_flash_proxy.cc +++ b/ppapi/proxy/ppb_flash_proxy.cc @@ -88,6 +88,9 @@ const PPB_Flash_Print_1_0* PPB_Flash_Proxy::GetFlashPrintInterface() { } bool PPB_Flash_Proxy::OnMessageReceived(const IPC::Message& msg) { + if (!dispatcher()->permissions().HasPermission(PERMISSION_FLASH)) + return false; + // Prevent the dispatcher from going away during a call to Navigate. // This must happen OUTSIDE of OnMsgNavigate since the handling code use // the dispatcher upon return of the function (sending the reply message). diff --git a/ppapi/shared_impl/ppapi_permissions.cc b/ppapi/shared_impl/ppapi_permissions.cc index d92f6ba..7b833238 100644 --- a/ppapi/shared_impl/ppapi_permissions.cc +++ b/ppapi/shared_impl/ppapi_permissions.cc @@ -4,7 +4,9 @@ #include "ppapi/shared_impl/ppapi_permissions.h" +#include "base/command_line.h" #include "base/logging.h" +#include "ppapi/shared_impl/ppapi_switches.h" namespace ppapi { @@ -19,10 +21,22 @@ PpapiPermissions::~PpapiPermissions() { // static PpapiPermissions PpapiPermissions::AllPermissions() { - return PpapiPermissions( - PERMISSION_DEV | - PERMISSION_PRIVATE | - PERMISSION_BYPASS_USER_GESTURE); + return PpapiPermissions(PERMISSION_ALL_BITS); +} + +// static +PpapiPermissions PpapiPermissions::GetForCommandLine(uint32 base_perms) { + uint32 additional_permissions = 0; + +#if !defined(OS_NACL) + // Testing permissions. The testing flag implies all permissions since the + // test plugin needs to test all interfaces. + if (CommandLine::ForCurrentProcess()->HasSwitch( + switches::kEnablePepperTesting)) + additional_permissions |= ppapi::PERMISSION_ALL_BITS; +#endif + + return PpapiPermissions(base_perms | additional_permissions); } bool PpapiPermissions::HasPermission(Permission perm) const { @@ -31,6 +45,8 @@ bool PpapiPermissions::HasPermission(Permission perm) const { // represented in the future so don't want callers making assumptions about // bits. uint32 perm_int = static_cast<uint32>(perm); + if (!perm_int) + return true; // You always have "no permission". DCHECK((perm_int & (perm_int - 1)) == 0); return !!(permissions_ & perm_int); } diff --git a/ppapi/shared_impl/ppapi_permissions.h b/ppapi/shared_impl/ppapi_permissions.h index 8456fb7..fb82cfc 100644 --- a/ppapi/shared_impl/ppapi_permissions.h +++ b/ppapi/shared_impl/ppapi_permissions.h @@ -11,17 +11,34 @@ namespace ppapi { enum Permission { + // Placeholder/uninitialized permission. + PERMISSION_NONE = 0, + // Allows access to dev interfaces. PERMISSION_DEV = 1 << 0, // Allows access to Browser-internal interfaces. - PERMISSION_PRIVATE = 1 << 2, + PERMISSION_PRIVATE = 1 << 1, // Allows ability to bypass user-gesture checks for showing things like // file select dialogs. - PERMISSION_BYPASS_USER_GESTURE = 1 << 3, + PERMISSION_BYPASS_USER_GESTURE = 1 << 2, + + // Testing-only interfaces. + PERMISSION_TESTING = 1 << 3, + + // Flash-related interfaces. + PERMISSION_FLASH = 1 << 4, - // NOTE: If you add stuff be sure to update AllPermissions(). + // NOTE: If you add stuff be sure to update PERMISSION_ALL_BITS. + + // Meta permission for initializing plugins registered on the command line + // that get all permissions. + PERMISSION_ALL_BITS = PERMISSION_DEV | + PERMISSION_PRIVATE | + PERMISSION_BYPASS_USER_GESTURE | + PERMISSION_TESTING | + PERMISSION_FLASH }; class PPAPI_SHARED_EXPORT PpapiPermissions { @@ -38,8 +55,16 @@ class PPAPI_SHARED_EXPORT PpapiPermissions { // and manually registered plugins. static PpapiPermissions AllPermissions(); + // Returns the effective permissions given the "base" permissions granted + // to the given plugin and the current command line flags, which may enable + // more features. + static PpapiPermissions GetForCommandLine(uint32 base_perms); + bool HasPermission(Permission perm) const; + // Returns the internal permission bits. Use for serialization only. + uint32 GetBits() const { return permissions_; } + private: uint32 permissions_; diff --git a/ppapi/shared_impl/ppapi_switches.cc b/ppapi/shared_impl/ppapi_switches.cc new file mode 100644 index 0000000..84ba250 --- /dev/null +++ b/ppapi/shared_impl/ppapi_switches.cc @@ -0,0 +1,12 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "ppapi/shared_impl/ppapi_switches.h" + +namespace switches { + +// Enables the testing interface for PPAPI. +const char kEnablePepperTesting[] = "enable-pepper-testing"; + +} // namespace switches diff --git a/ppapi/shared_impl/ppapi_switches.h b/ppapi/shared_impl/ppapi_switches.h new file mode 100644 index 0000000..a5c8e9d --- /dev/null +++ b/ppapi/shared_impl/ppapi_switches.h @@ -0,0 +1,16 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef PPAPI_SHARED_IMPL_PPAPI_SWITCHES_H_ +#define PPAPI_SHARED_IMPL_PPAPI_SWITCHES_H_ + +#include "ppapi/shared_impl/ppapi_shared_export.h" + +namespace switches { + +PPAPI_SHARED_EXPORT extern const char kEnablePepperTesting[]; + +} // namespace switches + +#endif // PPAPI_SHARED_IMPL_PPAPI_SWITCHES_H_ diff --git a/webkit/plugins/plugin_switches.cc b/webkit/plugins/plugin_switches.cc index 6bae5f6..3497c71 100644 --- a/webkit/plugins/plugin_switches.cc +++ b/webkit/plugins/plugin_switches.cc @@ -6,9 +6,6 @@ namespace switches { -// Enables the testing interface for PPAPI. -const char kEnablePepperTesting[] = "enable-pepper-testing"; - // Dumps extra logging about plugin loading to the log file. const char kDebugPluginLoading[] = "debug-plugin-loading"; diff --git a/webkit/plugins/plugin_switches.h b/webkit/plugins/plugin_switches.h index 0d97616..52644f1 100644 --- a/webkit/plugins/plugin_switches.h +++ b/webkit/plugins/plugin_switches.h @@ -12,7 +12,6 @@ namespace switches { WEBKIT_PLUGINS_EXPORT extern const char kDebugPluginLoading[]; WEBKIT_PLUGINS_EXPORT extern const char kDisablePepper3dForUntrustedUse[]; -WEBKIT_PLUGINS_EXPORT extern const char kEnablePepperTesting[]; WEBKIT_PLUGINS_EXPORT extern const char kPpapiFlashArgs[]; #if defined(OS_WIN) diff --git a/webkit/plugins/ppapi/plugin_module.cc b/webkit/plugins/ppapi/plugin_module.cc index cdf8f69..f7f0a1e 100644 --- a/webkit/plugins/ppapi/plugin_module.cc +++ b/webkit/plugins/ppapi/plugin_module.cc @@ -99,6 +99,7 @@ #include "ppapi/c/trusted/ppb_image_data_trusted.h" #include "ppapi/c/trusted/ppb_url_loader_trusted.h" #include "ppapi/shared_impl/callback_tracker.h" +#include "ppapi/shared_impl/ppapi_switches.h" #include "ppapi/shared_impl/ppb_input_event_shared.h" #include "ppapi/shared_impl/ppb_opengles2_shared.h" #include "ppapi/shared_impl/ppb_var_shared.h" |