diff options
Diffstat (limited to 'components')
| -rw-r--r-- | components/nacl/browser/nacl_process_host.cc | 18 | ||||
| -rw-r--r-- | components/nacl/common/nacl_types.h | 6 | ||||
| -rw-r--r-- | components/nacl/loader/nacl_listener.cc | 14 |
3 files changed, 23 insertions, 15 deletions
diff --git a/components/nacl/browser/nacl_process_host.cc b/components/nacl/browser/nacl_process_host.cc index 1ee56f5..6ef4986 100644 --- a/components/nacl/browser/nacl_process_host.cc +++ b/components/nacl/browser/nacl_process_host.cc @@ -798,16 +798,18 @@ bool NaClProcessHost::StartNaClExecution() { NaClBrowser* nacl_browser = NaClBrowser::GetInstance(); NaClStartParams params; - params.validation_cache_enabled = nacl_browser->ValidationCacheIsEnabled(); - params.validation_cache_key = nacl_browser->GetValidationCacheKey(); - params.version = NaClBrowser::GetDelegate()->GetVersionString(); - params.enable_exception_handling = enable_exception_handling_; - params.enable_debug_stub = enable_debug_stub_ && - NaClBrowser::GetDelegate()->URLMatchesDebugPatterns(manifest_url_); // Enable PPAPI proxy channel creation only for renderer processes. params.enable_ipc_proxy = enable_ppapi_proxy(); - params.uses_irt = uses_irt_ && !uses_nonsfi_mode_; - params.enable_dyncode_syscalls = enable_dyncode_syscalls_; + if (!uses_nonsfi_mode_) { + params.validation_cache_enabled = nacl_browser->ValidationCacheIsEnabled(); + params.validation_cache_key = nacl_browser->GetValidationCacheKey(); + params.version = NaClBrowser::GetDelegate()->GetVersionString(); + params.enable_exception_handling = enable_exception_handling_; + params.enable_debug_stub = enable_debug_stub_ && + NaClBrowser::GetDelegate()->URLMatchesDebugPatterns(manifest_url_); + params.uses_irt = uses_irt_; + params.enable_dyncode_syscalls = enable_dyncode_syscalls_; + } const ChildProcessData& data = process_->GetData(); if (!ShareHandleToSelLdr(data.handle, diff --git a/components/nacl/common/nacl_types.h b/components/nacl/common/nacl_types.h index 04a9848..a4759b1 100644 --- a/components/nacl/common/nacl_types.h +++ b/components/nacl/common/nacl_types.h @@ -38,9 +38,6 @@ inline int ToNativeHandle(const FileDescriptor& desc) { // Parameters sent to the NaCl process when we start it. -// -// If you change this, you will also need to update the IPC serialization in -// nacl_messages.h. struct NaClStartParams { NaClStartParams(); ~NaClStartParams(); @@ -60,6 +57,9 @@ struct NaClStartParams { bool enable_ipc_proxy; bool uses_irt; bool enable_dyncode_syscalls; + // NOTE: Any new fields added here must also be added to the IPC + // serialization in nacl_messages.h and (for POD fields) the constructor + // in nacl_types.cc. }; // Parameters sent to the browser process to have it launch a NaCl process. diff --git a/components/nacl/loader/nacl_listener.cc b/components/nacl/loader/nacl_listener.cc index f49e3f3..e7b8f4c 100644 --- a/components/nacl/loader/nacl_listener.cc +++ b/components/nacl/loader/nacl_listener.cc @@ -375,10 +375,16 @@ void NaClListener::OnStart(const nacl::NaClStartParams& params) { #if defined(OS_LINUX) if (uses_nonsfi_mode_) { - if (params.uses_irt) { - LOG(ERROR) << "IRT must not be used for non-SFI NaCl."; - return; - } + // Ensure that the validation cache key (used as an extra input to the + // validation cache's hashing) isn't exposed accidentally. + CHECK(!params.validation_cache_enabled); + CHECK(params.validation_cache_key.size() == 0); + CHECK(params.version.size() == 0); + // Ensure that a debug stub FD isn't passed through accidentally. + CHECK(!params.enable_debug_stub); + CHECK(params.debug_stub_server_bound_socket.fd == -1); + + CHECK(!params.uses_irt); CHECK(handles.size() == 1); int imc_bootstrap_handle = nacl::ToNativeHandle(handles[0]); nacl::nonsfi::MainStart(imc_bootstrap_handle); |