Ppapi and Nacl vs trusted plugin

[Sabin Flo]

Hi,

I am trying for the past few days to understand the work flow and the processes that are connected to Nacl/trusted plugins development. I got concepts but I didn't get the whole picture. 

Here is what I got so far:

1. Pepper Api is the api for developing plugins for the Chrome browser.

2. Nacl is a plugin developed with this api that extends the security features through a new sandbox model and enhances performance.

3. The trusted plugins are the ones that are developed and released with the browser(?). They can be in the renderer process or outside of it they're one process.

The most of the information is from here: http://www.chromium.org/developers/design-documents/pepper-plugin-implementation.

I don't understand the resource abstraction and the Interface abstraction( looked over the chromium multi process architecture, but it still makes no sense to me ).

Where does the implementation go ? I see that the resource takes care of the implementation, also the resource inherits the api. Where does the interface fall in ?

How do I access the implementation? if the implementation is inside a plugin can it be accessed through the api by the browser or another plugin. 

So let's say that I want to develop an extensible system file(fuse like). And have every new file system id handled by it's own plugin. The question that arise in my mind are the following:

1. If I want to develop architecture aware NACL fs plugin( leverage instructions set optimizations) then I need to convince google people to accept new instructions?

2. If I want to develop a trusted plugin then I have to go through the dev/stable process?

3. How do I export these to the browser and other plugins. Where do I keep the context ?

4. Let's say that I want to adhere to a certain api template. How do I do this ? An well written api should suffice ?

Any help( links, "hey stupid, you got it wrong.." remarks, etc.) will be greatly appreciated.

Thanks!

[Ben Smith]

Hi Sabin,

On Wednesday, February 18, 2015 at 2:27:07 AM UTC-8, Sabin Flo wrote:

Hi,

I am trying for the past few days to understand the work flow and the processes that are connected to Nacl/trusted plugins development. I got concepts but I didn't get the whole picture. 

Here is what I got so far:

1. Pepper Api is the api for developing plugins for the Chrome browser.

2. Nacl is a plugin developed with this api that extends the security features through a new sandbox model and enhances performance.

3. The trusted plugins are the ones that are developed and released with the browser(?). They can be in the renderer process or outside of it they're one process.

The most of the information is from here: http://www.chromium.org/developers/design-documents/pepper-plugin-implementation.

This document is primarily meant for Chromium developers who are going to add a new Pepper API. If you just want to use Pepper in NaCl, this is a better resource: https://developer.chrome.com/native-client/c-api

 

I don't understand the resource abstraction and the Interface abstraction( looked over the chromium multi process architecture, but it still makes no sense to me ).

Where does the implementation go ? I see that the resource takes care of the implementation, also the resource inherits the api. Where does the interface fall in ?

Here's the basic idea: When you create a Native Client module, it uses the Pepper API to communicate with Chrome. Sometimes the "implementation" of an interface is in your module and sometimes the implementation is in Chrome.

For example, when your module wants to draw 2D graphics, it uses the Graphics2D interface to ask Chrome to do the work. These are Browser interfaces and all begin with PPB (Pepper Browser).

In the opposite direction, when Chrome wants to let you know that the mouse moved, it uses the InputEvent interface to notify the module. These are Plugin interfaces and all begin with PPP (Pepper Plugin)

 

How do I access the implementation? if the implementation is inside a plugin can it be accessed through the api by the browser or another plugin. 

What do you mean by "access"? If you're looking for the source, it is in the Chromium repository, and I believe the link you shared should be accurate.

 

So let's say that I want to develop an extensible system file(fuse like). And have every new file system id handled by it's own plugin. The question that arise in my mind are the following:

As far as I know, this is not possible without significant modifications to Chrome and Blink.

 

1. If I want to develop architecture aware NACL fs plugin( leverage instructions set optimizations) then I need to convince google people to accept new instructions?

What instructions do you think you need? NaCl supports many instructions already, and soon will support AVX as well.

 

2. If I want to develop a trusted plugin then I have to go through the dev/stable process?

You can develop a trusted plugin, but it is not particularly useful aside for testing/debugging. It cannot be distributed through the Chrome Web Store, and can only be loaded via a command-line switch.

 

3. How do I export these to the browser and other plugins. Where do I keep the context ?

4. Let's say that I want to adhere to a certain api template. How do I do this ? An well written api should suffice ?

I don't understand. Are you trying to create a new Pepper API or use an existing API in a trusted plugin?

 

Any help( links, "hey stupid, you got it wrong.." remarks, etc.) will be greatly appreciated.

Thanks!

-Ben 

[Sabin Flo]

 Hi,

Thanks for the reply, Ben!

Here's the basic idea: When you create a Native Client module, it uses the Pepper API to communicate with Chrome. Sometimes the "implementation" of an interface is in your module and sometimes the implementation is in Chrome.
For example, when your module wants to draw 2D graphics, it uses the Graphics2D interface to ask Chrome to do the work. These are Browser interfaces and all begin with PPB (Pepper Browser).
In the opposite direction, when Chrome wants to let you know that the mouse moved, it uses the InputEvent interface to notify the module. These are Plugin interfaces and all begin with PPP (Pepper Plugin)

This paragraph should be used as an example in any getting started document. :)

How do I access the implementation? if the implementation is inside a plugin can it be accessed through the api by the browser or another plugin. 

What do you mean by "access"? If you're looking for the source, it is in the Chromium repository, and I believe the link you shared should be accurate.

What I meant here is how does a plugin use the functionality provided by another plugin. Is the plugin functionality exclusively for the browser and tied to the "Instance" context ?

Let's take as an example a video codec. I have several provided by the browser(vp8, h264..), but I want to provide another with a plugin. By looking at the examples from the sources(chromium browser) I can see that the plugins can use the builtin, hw accelerated ones, but can I provide another that could be accessible to other plugins? From my current perspective this "access" should be done through the browser PPBs and routed into a plugin.

So let's say that I want to develop an extensible system file(fuse like). And have every new file system id handled by it's own plugin. The question that arise in my mind are the following:

As far as I know, this is not possible without significant modifications to Chrome and Blink.

Ok. So this would be hard because I would have to develop the "Resource" from the browser that manages the "mounted" filesystems and redirects PPB api calls to specific ones. Say PPB_Open( filesystem, file ) -> chrome/blink backend->find filesystem->map to plugin instance->PPP_Open( instance,file ) ->Present result backwards ? ( a lot of SRPC communication )

What instructions do you think you need? NaCl supports many instructions already, and soon will support AVX as well.

 

Cryptographic instructions.

I don't understand. Are you trying to create a new Pepper API or use an existing API in a trusted plugin?

 

 I am trying to define a new Pepper Api(PPP) and implement the interface in a plugin.

Sabin