3 files changed, 52 insertions, 0 deletions

diff --git a/chrome/browser/nacl_host/nacl_process_host.cc b/chrome/browser/nacl_host/nacl_process_host.cc
index 4bf5b40..a804c8c 100644
--- a/chrome/browser/nacl_host/nacl_process_host.cc
+++ b/chrome/browser/nacl_host/nacl_process_host.cc
@@ -50,6 +50,7 @@
 #include "base/threading/thread.h"
 #include "base/process_util.h"
 #include "chrome/browser/nacl_host/nacl_broker_service_win.h"
+#include "content/public/common/sandbox_init.h"
 #include "native_client/src/trusted/service_runtime/win/debug_exception_handler.h"
 #endif
 
@@ -918,6 +919,9 @@ bool NaClProcessHost::SendStart() {
   const ChildProcessData& data = process_->GetData();
 #if defined(OS_WIN)
   // Copy the process handle into the renderer process.
+  // TODO(mseaborn): Remove this.  The renderer process uses this
+  // handle with NaCl's handle_pass module, but we are replacing
+  // handle_pass with Chrome's BrokerDuplicateHandle() function.
   if (!DuplicateHandle(base::GetCurrentProcessHandle(),
                        data.handle,
                        chrome_render_message_filter_->peer_handle(),
@@ -928,6 +932,17 @@ bool NaClProcessHost::SendStart() {
     DLOG(ERROR) << "DuplicateHandle() failed";
     return false;
   }
+  // If we are on 64-bit Windows, the NaCl process's sandbox is
+  // managed by a different process from the renderer's sandbox.  We
+  // need to inform the renderer's sandbox about the NaCl process so
+  // that the renderer can send handles to the NaCl process using
+  // BrokerDuplicateHandle().
+  if (RunningOnWOW64()) {
+    if (!content::BrokerAddTargetPeer(data.handle)) {
+      DLOG(ERROR) << "Failed to add NaCl process PID";
+      return false;
+    }
+  }
 #else
   // We use pid as process handle on Posix
   nacl_process_handle = data.handle;
diff --git a/chrome/nacl/nacl_listener.cc b/chrome/nacl/nacl_listener.cc
index d0e0a8a..b82ca0f 100644
--- a/chrome/nacl/nacl_listener.cc
+++ b/chrome/nacl/nacl_listener.cc
@@ -26,6 +26,8 @@
 #if defined(OS_WIN)
 #include <fcntl.h>
 #include <io.h>
+
+#include "content/public/common/sandbox_init.h"
 #endif
 
 namespace {
@@ -67,6 +69,19 @@ int CreateMemoryObject(size_t size, int executable) {
   return content::MakeSharedMemorySegmentViaIPC(size, executable);
 }
 
+#elif defined(OS_WIN)
+
+// We wrap the function to convert the bool return value to an int.
+int BrokerDuplicateHandle(NaClHandle source_handle,
+                          uint32_t process_id,
+                          NaClHandle* target_handle,
+                          uint32_t desired_access,
+                          uint32_t options) {
+  return content::BrokerDuplicateHandle(source_handle, process_id,
+                                        target_handle, desired_access,
+                                        options);
+}
+
 #endif
 
 // Use an env var because command line args are eaten by nacl_helper.
@@ -203,6 +218,9 @@ void NaClListener::OnStartSelLdr(std::vector<nacl::FileDescriptor> handles,
   args->imc_bootstrap_handle = nacl::ToNativeHandle(handles[0]);
   args->enable_exception_handling = enable_exception_handling;
   args->enable_debug_stub = debug_enabled_;
+#if defined(OS_WIN)
+  args->broker_duplicate_handle_func = BrokerDuplicateHandle;
+#endif
   NaClChromeMainStart(args);
   NOTREACHED();
 }
diff --git a/chrome/renderer/chrome_ppapi_interfaces.cc b/chrome/renderer/chrome_ppapi_interfaces.cc
index 321f86b..2430391 100644
--- a/chrome/renderer/chrome_ppapi_interfaces.cc
+++ b/chrome/renderer/chrome_ppapi_interfaces.cc
@@ -23,6 +23,10 @@
 #include "ppapi/native_client/src/trusted/plugin/nacl_entry_points.h"
 #endif
 
+#if defined(OS_WIN)
+#include "content/public/common/sandbox_init.h"
+#endif
+
 using content::RenderThread;
 
 namespace chrome {
@@ -78,11 +82,26 @@ void EnableBackgroundSelLdrLaunch() {
       RenderThread::Get()->GetSyncMessageFilter();
 }
 
+int BrokerDuplicateHandle(void* source_handle,
+                          unsigned int process_id,
+                          void** target_handle,
+                          unsigned int desired_access,
+                          unsigned int options) {
+#if defined(OS_WIN)
+  return content::BrokerDuplicateHandle(source_handle, process_id,
+                                        target_handle, desired_access,
+                                        options);
+#else
+  return 0;
+#endif
+}
+
 const PPB_NaCl_Private ppb_nacl = {
   &LaunchSelLdr,
   &UrandomFD,
   &Are3DInterfacesDisabled,
   &EnableBackgroundSelLdrLaunch,
+  &BrokerDuplicateHandle,
 };
 
 class PPB_NaCl_Impl {