Portable native client Permission denied when resolving host

Question

I am writing a small application to test and understand PNaCl.

The aim of the application is to resolve an host name a the ip of an host using HostResolver class from PNaCl framework. The code seems to work properly but I am getting an access denied error (return value -7) because I haven't asked the permission to access the socket layer (I guess) to the user. The problem is that I have no idea how to do so. I trie to write a manifest file, but nothing happened.

Note : this application must run on the open Web and it must not require any installation process. I don't want to write a Chrome app.

I haven't found any clue online so I would appreciate your help.

hello_tuttorial.cc:

#include <stdio.h>
#include <string.h>
#include <sstream>


#include "ppapi/cpp/instance.h"
#include "ppapi/cpp/module.h"
#include "ppapi/cpp/var.h"
#include "ppapi/cpp/tcp_socket.h"
#include "ppapi/cpp/host_resolver.h"
#include "ppapi/cpp/module.h"
#include "ppapi/cpp/tcp_socket.h"
#include "ppapi/c/pp_errors.h"
#include "ppapi/utility/completion_callback_factory.h"


namespace {
  // exptected string from the browser 
  const char * const kHelloString = "hello"; 
  // the sting sent from the nacl module to the browser
  const char * const kReplyString ="hello from the PNaCl"; 
} 


class HelloTutorialInstance : public pp::Instance {

  pp::CompletionCallbackFactory<HelloTutorialInstance> callback_factory_;
  pp::TCPSocket tcp_socket_;
  pp::HostResolver resolver_;

 public:
  explicit HelloTutorialInstance(PP_Instance instance) : pp::Instance(instance),
      callback_factory_(this)
      {}

  virtual ~HelloTutorialInstance() {}

  virtual void HandleMessage(const pp::Var& var_message) { 
    if (!var_message.is_string())
      return; 

    std::string message = var_message.AsString(); 
    pp::Var var_reply; 

    test_socket_support(); 

     if( message == kHelloString){
      var_reply = pp::Var("So far so good"); 
      PostMessage(var_reply); 
    }

  }

 private:

 void test_socket_support(){

  if (!pp::TCPSocket::IsAvailable()) {
      PostMessage("TCPSocket not available");
      return;
    }

  tcp_socket_ = pp::TCPSocket(this);

  if (tcp_socket_.is_null()) {
      PostMessage("Error creating TCPSocket.");
      return;
   }

  if (!pp::HostResolver::IsAvailable()) {
    PostMessage("HostResolver not available");
    return;
  }

  resolver_ = pp::HostResolver(this);
  if (resolver_.is_null()) {
    PostMessage("Error creating HostResolver.");
    return;
  }


  int port = 80;
  pp::CompletionCallback callback = \
      callback_factory_.NewCallback(&HelloTutorialInstance::OnResolveCompletion);
  PP_HostResolver_Hint hint = { PP_NETADDRESS_FAMILY_UNSPECIFIED, 0 };
  resolver_.Resolve("http://www.google.com", port, hint, callback);
  PostMessage("Resolving ...");

  }

 void OnResolveCompletion(int32_t result) {
  if (result != PP_OK) {
    char str[100] = {0}; 
    sprintf(str, "Resolved failed %d", result);
    PostMessage(str);

    if( result == PP_ERROR_NOACCESS )
        PostMessage("Access denied");
    return;
  }

  pp::NetAddress addr = resolver_.GetNetAddress(0);
  PostMessage(std::string("Resolved: ") +
              addr.DescribeAsString(true).AsString());

  }
}; 

class HelloTutorialModule : public pp::Module {
 public:
  HelloTutorialModule() : pp::Module() {}
  virtual ~HelloTutorialModule() {}

  virtual pp::Instance* CreateInstance(PP_Instance instance) {
    return new HelloTutorialInstance(instance);
  }
};

namespace pp {
  Module* CreateModule() {
  return new HelloTutorialModule();
  }
}  // namespace pp

Manifest.json :

{
  "name": "hello_tutorial",
  "version": "31.0.1650.57",
  "manifest_version": 2,
  "description": "socket Example",
  "offline_enabled": true,
  "permissions": [
    {
        "socket": [
            "tcp-listen:*:*", 
            "tcp-connect", 
            "resolve-host", 
            "udp-bind:*:*", 
            "udp-send-to:*:*"
        ]
    }
]
}

index.html:

<div id="listener">
  <script type="text/javascript">
    var listener = document.getElementById('listener');
    listener.addEventListener('load', moduleDidLoad, true);
    listener.addEventListener('message', handleMessage, true);
  </script>

  <embed id="hello_tutorial"
         width=0 height=0
         src="hello_tutorial.nmf"
         type="application/x-pnacl" />
</div>

OutPut:

Resolving ... 
So far so good
Resolved failed -7 
Access denied 

Answer 1

pp::HostResolver and other raw socket interfaces can only be used by Chrome Apps, not on the open web. See here.

Also, if you do decide to make a Chrome App, see the documentation here. You can't just add a manifest.json file, you also have to specify a background script that will launch your App.

Answer 2

Only packaged apps from the chrome store can use the sockets API.

You can access sockets for development by setting the '--allow-nacl-socket-api=foo' flag when you start Chrome. Replace 'foo' with the host name that you're loading your app from. 'localhost' if you're loading from your local machine. Note that you should not enable the 'allow-nacl-socket-api' option on 'about:flags'. This overrides the command line option but does not include a list of authorized hosts, so the result is that no host has permission to use the sockets API.