diff options
| author | brettw@chromium.org <brettw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-07-13 04:28:40 +0000 |
|---|---|---|
| committer | brettw@chromium.org <brettw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-07-13 04:28:40 +0000 |
| commit | 24cddd42154b07c6559846b2159a88a3feabb5d5 (patch) | |
| tree | 96b150cab1ff6de13845f0e36c51735fed34be9e | |
| parent | 56a4bf839077e7dfd8cb178b8d8ad09f5215dead (diff) | |
| download | chromium_src-24cddd42154b07c6559846b2159a88a3feabb5d5.zip chromium_src-24cddd42154b07c6559846b2159a88a3feabb5d5.tar.gz chromium_src-24cddd42154b07c6559846b2159a88a3feabb5d5.tar.bz2 | |
Add permissions buts for Pepper plugins.
This patch doesn't actually hook anything up, but it plumbs them in for the laces we'll need it.
Review URL: https://chromiumcodereview.appspot.com/10735011
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146519 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/browser/component_updater/pepper_flash_component_installer.cc | 3 | ||||
| -rw-r--r-- | chrome/common/chrome_content_client.cc | 7 | ||||
| -rw-r--r-- | content/common/pepper_plugin_registry.cc | 9 | ||||
| -rw-r--r-- | content/content_common.gypi | 1 | ||||
| -rw-r--r-- | content/public/common/pepper_plugin_info.cc | 3 | ||||
| -rw-r--r-- | content/public/common/pepper_plugin_info.h | 3 | ||||
| -rw-r--r-- | content/renderer/pepper/pepper_in_process_resource_creation.cc | 15 | ||||
| -rw-r--r-- | content/renderer/pepper/pepper_in_process_resource_creation.h | 7 | ||||
| -rw-r--r-- | content/renderer/pepper/pepper_plugin_delegate_impl.cc | 14 | ||||
| -rw-r--r-- | ppapi/host/ppapi_host.cc | 7 | ||||
| -rw-r--r-- | ppapi/host/ppapi_host.h | 9 | ||||
| -rw-r--r-- | ppapi/ppapi_shared.gypi | 2 | ||||
| -rw-r--r-- | ppapi/shared_impl/ppapi_permissions.cc | 30 | ||||
| -rw-r--r-- | ppapi/shared_impl/ppapi_permissions.h | 45 | ||||
| -rw-r--r-- | webkit/plugins/ppapi/plugin_module.cc | 4 | ||||
| -rw-r--r-- | webkit/plugins/ppapi/plugin_module.h | 7 | ||||
| -rw-r--r-- | webkit/plugins/ppapi/ppapi_unittest.cc | 4 |
17 files changed, 152 insertions, 18 deletions
diff --git a/chrome/browser/component_updater/pepper_flash_component_installer.cc b/chrome/browser/component_updater/pepper_flash_component_installer.cc index 278017e..f6a8182 100644 --- a/chrome/browser/component_updater/pepper_flash_component_installer.cc +++ b/chrome/browser/component_updater/pepper_flash_component_installer.cc @@ -145,6 +145,9 @@ bool MakePepperFlashPluginInfo(const FilePath& flash_path, plugin_info->is_out_of_process = out_of_process; plugin_info->path = flash_path; plugin_info->name = kFlashPluginName; + plugin_info->permissions = ppapi::PERMISSION_DEV | + ppapi::PERMISSION_PRIVATE | + ppapi::PERMISSION_BYPASS_USER_GESTURE; // The description is like "Shockwave Flash 10.2 r154". plugin_info->description = StringPrintf("%s %d.%d r%d", diff --git a/chrome/common/chrome_content_client.cc b/chrome/common/chrome_content_client.cc index 6fea2f3..f8f753f 100644 --- a/chrome/common/chrome_content_client.cc +++ b/chrome/common/chrome_content_client.cc @@ -26,6 +26,7 @@ #include "content/public/common/pepper_plugin_info.h" #include "content/public/common/url_constants.h" #include "grit/common_resources.h" +#include "ppapi/shared_impl/ppapi_permissions.h" #include "remoting/client/plugin/pepper_entrypoints.h" #include "ui/base/l10n/l10n_util.h" #include "ui/base/layout.h" @@ -52,11 +53,15 @@ const char kPDFPluginExtension[] = "pdf"; const char kPDFPluginDescription[] = "Portable Document Format"; const char kPDFPluginPrintPreviewMimeType [] = "application/x-google-chrome-print-preview-pdf"; +const uint32 kPDFPluginPermissions = ppapi::PERMISSION_PRIVATE | + ppapi::PERMISSION_DEV; const char kNaClPluginName[] = "Native Client"; const char kNaClPluginMimeType[] = "application/x-nacl"; const char kNaClPluginExtension[] = "nexe"; const char kNaClPluginDescription[] = "Native Client Executable"; +const uint32 kNaClPluginPermissions = ppapi::PERMISSION_PRIVATE | + ppapi::PERMISSION_DEV; const char kNaClOldPluginName[] = "Chrome NaCl"; @@ -107,6 +112,7 @@ void ComputeBuiltInPlugins(std::vector<content::PepperPluginInfo>* plugins) { kPDFPluginDescription); pdf.mime_types.push_back(pdf_mime_type); pdf.mime_types.push_back(print_preview_pdf_mime_type); + pdf.permissions = kPDFPluginPermissions; plugins->push_back(pdf); skip_pdf_file_check = true; @@ -127,6 +133,7 @@ void ComputeBuiltInPlugins(std::vector<content::PepperPluginInfo>* plugins) { kNaClPluginExtension, kNaClPluginDescription); nacl.mime_types.push_back(nacl_mime_type); + nacl.permissions = kNaClPluginPermissions; plugins->push_back(nacl); skip_nacl_file_check = true; diff --git a/content/common/pepper_plugin_registry.cc b/content/common/pepper_plugin_registry.cc index ed1c8d9..e054999 100644 --- a/content/common/pepper_plugin_registry.cc +++ b/content/common/pepper_plugin_registry.cc @@ -12,6 +12,7 @@ #include "base/utf_string_conversions.h" #include "content/public/common/content_client.h" #include "content/public/common/content_switches.h" +#include "ppapi/shared_impl/ppapi_permissions.h" #include "webkit/plugins/npapi/plugin_list.h" namespace { @@ -69,6 +70,11 @@ void ComputePluginsFromCommandLine( plugin.mime_types.push_back(mime_type); } + // Command-line plugins get full permissions. + plugin.permissions = ppapi::PERMISSION_DEV | + ppapi::PERMISSION_PRIVATE | + ppapi::PERMISSION_BYPASS_USER_GESTURE; + plugins->push_back(plugin); } } @@ -217,7 +223,8 @@ PepperPluginRegistry::PepperPluginRegistry() { continue; // Out of process plugins need no special pre-initialization. scoped_refptr<webkit::ppapi::PluginModule> module = - new webkit::ppapi::PluginModule(current.name, current.path, this); + new webkit::ppapi::PluginModule(current.name, current.path, this, + ppapi::PpapiPermissions(current.permissions)); AddLiveModule(current.path, module); if (current.is_internal) { if (!module->InitAsInternalPlugin(current.internal_entry_points)) { diff --git a/content/content_common.gypi b/content/content_common.gypi index 2dbfa9b..5cf8736 100644 --- a/content/content_common.gypi +++ b/content/content_common.gypi @@ -11,6 +11,7 @@ '../ipc/ipc.gyp:ipc', '../media/media.gyp:media', '../net/net.gyp:net', + '../ppapi/ppapi_internal.gyp:ppapi_shared', '../skia/skia.gyp:skia', '../third_party/icu/icu.gyp:icuuc', '../third_party/npapi/npapi.gyp:npapi', diff --git a/content/public/common/pepper_plugin_info.cc b/content/public/common/pepper_plugin_info.cc index 54150da..f03da5c 100644 --- a/content/public/common/pepper_plugin_info.cc +++ b/content/public/common/pepper_plugin_info.cc @@ -9,7 +9,8 @@ namespace content { PepperPluginInfo::PepperPluginInfo() : is_internal(false), is_out_of_process(false), - is_sandboxed(true) { + is_sandboxed(true), + permissions(0) { } PepperPluginInfo::~PepperPluginInfo() { diff --git a/content/public/common/pepper_plugin_info.h b/content/public/common/pepper_plugin_info.h index d21f5e4..207295d 100644 --- a/content/public/common/pepper_plugin_info.h +++ b/content/public/common/pepper_plugin_info.h @@ -43,6 +43,9 @@ struct CONTENT_EXPORT PepperPluginInfo { // When is_internal is set, this contains the function pointers to the // entry points for the internal plugins. webkit::ppapi::PluginModule::EntryPoints internal_entry_points; + + // Permission bits from ppapi::Permission. + uint32 permissions; }; } // namespace content diff --git a/content/renderer/pepper/pepper_in_process_resource_creation.cc b/content/renderer/pepper/pepper_in_process_resource_creation.cc index 39ef3c4..3371f75 100644 --- a/content/renderer/pepper/pepper_in_process_resource_creation.cc +++ b/content/renderer/pepper/pepper_in_process_resource_creation.cc @@ -13,6 +13,7 @@ #include "ppapi/host/ppapi_host.h" #include "ppapi/proxy/ppapi_messages.h" #include "ppapi/shared_impl/ppapi_globals.h" +#include "ppapi/shared_impl/ppapi_permissions.h" #include "ppapi/shared_impl/resource_tracker.h" // Note that the code in the creation functions in this file should generally @@ -25,7 +26,8 @@ class PepperInProcessResourceCreation::PluginToHostRouter : public IPC::Sender { public: PluginToHostRouter(RenderViewImpl* render_view, - IPC::Sender* host_to_plugin_sender); + IPC::Sender* host_to_plugin_sender, + const ppapi::PpapiPermissions& perms); virtual ~PluginToHostRouter() {} // Sender implementation. @@ -44,10 +46,11 @@ class PepperInProcessResourceCreation::PluginToHostRouter PepperInProcessResourceCreation::PluginToHostRouter::PluginToHostRouter( RenderViewImpl* render_view, - IPC::Sender* host_to_plugin_sender) + IPC::Sender* host_to_plugin_sender, + const ppapi::PpapiPermissions& perms) : weak_factory_(ALLOW_THIS_IN_INITIALIZER_LIST(this)), factory_(render_view), - host_(host_to_plugin_sender, &factory_) { + host_(host_to_plugin_sender, &factory_, perms) { } bool PepperInProcessResourceCreation::PluginToHostRouter::Send( @@ -130,11 +133,13 @@ void PepperInProcessResourceCreation::HostToPluginRouter::OnMsgResourceReply( PepperInProcessResourceCreation::PepperInProcessResourceCreation( RenderViewImpl* render_view, - webkit::ppapi::PluginInstance* instance) + webkit::ppapi::PluginInstance* instance, + const ppapi::PpapiPermissions& perms) : ResourceCreationImpl(instance), host_to_plugin_router_(new HostToPluginRouter), plugin_to_host_router_( - new PluginToHostRouter(render_view, host_to_plugin_router_.get())) { + new PluginToHostRouter(render_view, host_to_plugin_router_.get(), + perms)) { } PepperInProcessResourceCreation::~PepperInProcessResourceCreation() { diff --git a/content/renderer/pepper/pepper_in_process_resource_creation.h b/content/renderer/pepper/pepper_in_process_resource_creation.h index b67a472..0f01b81 100644 --- a/content/renderer/pepper/pepper_in_process_resource_creation.h +++ b/content/renderer/pepper/pepper_in_process_resource_creation.h @@ -11,6 +11,10 @@ class RenderViewImpl; +namespace ppapi { +class PpapiPermissions; +} + namespace content { // This class provides creation functions for the new resources with IPC @@ -34,7 +38,8 @@ class PepperInProcessResourceCreation : public webkit::ppapi::ResourceCreationImpl { public: PepperInProcessResourceCreation(RenderViewImpl* render_view, - webkit::ppapi::PluginInstance* instance); + webkit::ppapi::PluginInstance* instance, + const ppapi::PpapiPermissions& perms); virtual ~PepperInProcessResourceCreation(); private: diff --git a/content/renderer/pepper/pepper_plugin_delegate_impl.cc b/content/renderer/pepper/pepper_plugin_delegate_impl.cc index 28b5577..ec8057d 100644 --- a/content/renderer/pepper/pepper_plugin_delegate_impl.cc +++ b/content/renderer/pepper/pepper_plugin_delegate_impl.cc @@ -68,6 +68,7 @@ #include "ppapi/proxy/ppapi_messages.h" #include "ppapi/shared_impl/file_path.h" #include "ppapi/shared_impl/platform_file.h" +#include "ppapi/shared_impl/ppapi_permissions.h" #include "ppapi/shared_impl/ppapi_preferences.h" #include "ppapi/shared_impl/ppb_device_ref_shared.h" #include "ppapi/thunk/enter.h" @@ -300,6 +301,7 @@ PepperPluginDelegateImpl::CreatePepperPluginModule( // In-process plugin not preloaded, it probably couldn't be initialized. return scoped_refptr<webkit::ppapi::PluginModule>(); } + ppapi::PpapiPermissions permissions(info->permissions); // Out of process: have the browser start the plugin process for us. IPC::ChannelHandle channel_handle; @@ -318,8 +320,10 @@ PepperPluginDelegateImpl::CreatePepperPluginModule( // Create a new HostDispatcher for the proxying, and hook it to a new // PluginModule. Note that AddLiveModule must be called before any early // returns since the module's destructor will remove itself. - module = new webkit::ppapi::PluginModule(info->name, path, - PepperPluginRegistry::GetInstance()); + module = new webkit::ppapi::PluginModule( + info->name, path, + PepperPluginRegistry::GetInstance(), + permissions); PepperPluginRegistry::GetInstance()->AddLiveModule(path, module); scoped_ptr<HostDispatcherWrapper> dispatcher(new HostDispatcherWrapper); if (!dispatcher->Init( @@ -353,7 +357,8 @@ scoped_refptr<webkit::ppapi::PluginModule> // PluginModule. module = new webkit::ppapi::PluginModule(kBrowserPluginName, path, - registry); + registry, + ppapi::PpapiPermissions()); RenderThreadImpl::current()->browser_plugin_registry()->AddModule( guest_process_id, module); scoped_ptr<HostDispatcherWrapper> dispatcher(new HostDispatcherWrapper); @@ -666,7 +671,8 @@ scoped_ptr< ::ppapi::thunk::ResourceCreationAPI> PepperPluginDelegateImpl::CreateResourceCreationAPI( webkit::ppapi::PluginInstance* instance) { return scoped_ptr< ::ppapi::thunk::ResourceCreationAPI>( - new PepperInProcessResourceCreation(render_view_, instance)); + new PepperInProcessResourceCreation(render_view_, instance, + instance->module()->permissions())); } SkBitmap* PepperPluginDelegateImpl::GetSadPluginBitmap() { diff --git a/ppapi/host/ppapi_host.cc b/ppapi/host/ppapi_host.cc index 038f4e7..8754501 100644 --- a/ppapi/host/ppapi_host.cc +++ b/ppapi/host/ppapi_host.cc @@ -24,9 +24,12 @@ const size_t kMaxResourcesPerPlugin = 1 << 14; } // namespace -PpapiHost::PpapiHost(IPC::Sender* sender, HostFactory* host_factory) +PpapiHost::PpapiHost(IPC::Sender* sender, + HostFactory* host_factory, + const PpapiPermissions& perms) : sender_(sender), - host_factory_(host_factory) { + host_factory_(host_factory), + permissions_(perms) { } PpapiHost::~PpapiHost() { diff --git a/ppapi/host/ppapi_host.h b/ppapi/host/ppapi_host.h index eb195b8..7a20c1f 100644 --- a/ppapi/host/ppapi_host.h +++ b/ppapi/host/ppapi_host.h @@ -14,6 +14,7 @@ #include "ppapi/c/pp_instance.h" #include "ppapi/c/pp_resource.h" #include "ppapi/host/ppapi_host_export.h" +#include "ppapi/shared_impl/ppapi_permissions.h" namespace ppapi { @@ -35,9 +36,13 @@ class PPAPI_HOST_EXPORT PpapiHost : public IPC::Sender, public IPC::Listener { // The sender is the channel to the plugin for outgoing messages. The factory // will be used to receive resource creation messages from the plugin. Both // pointers are owned by the caller and must outlive this class. - PpapiHost(IPC::Sender* sender, HostFactory* host_factory); + PpapiHost(IPC::Sender* sender, + HostFactory* host_factory, + const PpapiPermissions& perms); virtual ~PpapiHost(); + const PpapiPermissions& permissions() const { return permissions_; } + // Sender implementation. Forwards to the sender_. virtual bool Send(IPC::Message* msg) OVERRIDE; @@ -66,6 +71,8 @@ class PPAPI_HOST_EXPORT PpapiHost : public IPC::Sender, public IPC::Listener { // Non-owning pointer. HostFactory* host_factory_; + PpapiPermissions permissions_; + typedef std::map<PP_Resource, linked_ptr<ResourceHost> > ResourceMap; ResourceMap resources_; diff --git a/ppapi/ppapi_shared.gypi b/ppapi/ppapi_shared.gypi index 6a360ca..27dbd09 100644 --- a/ppapi/ppapi_shared.gypi +++ b/ppapi/ppapi_shared.gypi @@ -35,6 +35,8 @@ 'shared_impl/platform_file.h', 'shared_impl/ppapi_globals.cc', 'shared_impl/ppapi_globals.h', + 'shared_impl/ppapi_permissions.cc', + 'shared_impl/ppapi_permissions.h', 'shared_impl/ppapi_preferences.cc', 'shared_impl/ppapi_preferences.h', 'shared_impl/ppb_audio_config_shared.cc', diff --git a/ppapi/shared_impl/ppapi_permissions.cc b/ppapi/shared_impl/ppapi_permissions.cc new file mode 100644 index 0000000..bcfdd96 --- /dev/null +++ b/ppapi/shared_impl/ppapi_permissions.cc @@ -0,0 +1,30 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "ppapi/shared_impl/ppapi_permissions.h"
+
+#include "base/logging.h"
+
+namespace ppapi {
+
+PpapiPermissions::PpapiPermissions() : permissions_(0) {
+}
+
+PpapiPermissions::PpapiPermissions(uint32 perms) : permissions_(perms) {
+}
+
+PpapiPermissions::~PpapiPermissions() {
+}
+
+bool PpapiPermissions::HasPermission(Permission perm) const {
+ // Check that "perm" is a power of two to make sure the caller didn't set
+ // more than one permission bit. We may want to change how permissions are
+ // represented in the future so don't want callers making assumptions about
+ // bits.
+ uint32 perm_int = static_cast<uint32>(perm);
+ DCHECK((perm_int & (perm_int - 1)) == 0);
+ return !!(permissions_ & perm_int);
+}
+
+} // namespace ppapi
diff --git a/ppapi/shared_impl/ppapi_permissions.h b/ppapi/shared_impl/ppapi_permissions.h new file mode 100644 index 0000000..3caa65d --- /dev/null +++ b/ppapi/shared_impl/ppapi_permissions.h @@ -0,0 +1,45 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef PPAPI_SHARED_IMPL_PPAPI_PERMISSIONS_H_
+#define PPAPI_SHARED_IMPL_PPAPI_PERMISSIONS_H_
+
+#include "base/basictypes.h"
+#include "ppapi/shared_impl/ppapi_shared_export.h"
+
+namespace ppapi {
+
+enum Permission {
+ // Allows access to dev interfaces.
+ PERMISSION_DEV = 1 << 0,
+
+ // Allows access to Browser-internal interfaces.
+ PERMISSION_PRIVATE = 1 << 2,
+
+ // Allows ability to bypass user-gesture checks for showing things like
+ // file select dialogs.
+ PERMISSION_BYPASS_USER_GESTURE = 1 << 3
+};
+
+class PPAPI_SHARED_EXPORT PpapiPermissions {
+ public:
+ // Initializes the permissions struct with no permissions.
+ PpapiPermissions();
+
+ // Initializes with the given permissions bits set.
+ explicit PpapiPermissions(uint32 perms);
+
+ ~PpapiPermissions();
+
+ bool HasPermission(Permission perm) const;
+
+ private:
+ uint32 permissions_;
+
+ // Note: Copy & assign supported.
+};
+
+} // namespace ppapi
+
+#endif // PPAPI_SHARED_IMPL_PPAPI_PERMISSIONS_H_
diff --git a/webkit/plugins/ppapi/plugin_module.cc b/webkit/plugins/ppapi/plugin_module.cc index 5ce0bf2..0efcbf7 100644 --- a/webkit/plugins/ppapi/plugin_module.cc +++ b/webkit/plugins/ppapi/plugin_module.cc @@ -407,7 +407,8 @@ PluginModule::EntryPoints::EntryPoints() PluginModule::PluginModule(const std::string& name, const FilePath& path, - PluginDelegate::ModuleLifetime* lifetime_delegate) + PluginDelegate::ModuleLifetime* lifetime_delegate, + const ::ppapi::PpapiPermissions& perms) : lifetime_delegate_(lifetime_delegate), callback_tracker_(new ::ppapi::CallbackTracker), is_in_destructor_(false), @@ -416,6 +417,7 @@ PluginModule::PluginModule(const std::string& name, library_(NULL), name_(name), path_(path), + permissions_(perms), reserve_instance_id_(NULL), nacl_ipc_proxy_(false) { // Ensure the globals object is created. diff --git a/webkit/plugins/ppapi/plugin_module.h b/webkit/plugins/ppapi/plugin_module.h index d9d78ba..827546f 100644 --- a/webkit/plugins/ppapi/plugin_module.h +++ b/webkit/plugins/ppapi/plugin_module.h @@ -21,6 +21,7 @@ #include "ppapi/c/pp_module.h" #include "ppapi/c/ppb.h" #include "ppapi/c/ppb_core.h" +#include "ppapi/shared_impl/ppapi_permissions.h" #include "webkit/plugins/ppapi/plugin_delegate.h" #include "webkit/plugins/webkit_plugins_export.h" @@ -70,7 +71,8 @@ class WEBKIT_PLUGINS_EXPORT PluginModule : // tracks which modules are alive. PluginModule(const std::string& name, const FilePath& path, - PluginDelegate::ModuleLifetime* lifetime_delegate); + PluginDelegate::ModuleLifetime* lifetime_delegate, + const ::ppapi::PpapiPermissions& perms); ~PluginModule(); @@ -105,6 +107,7 @@ class WEBKIT_PLUGINS_EXPORT PluginModule : const std::string& name() const { return name_; } const FilePath& path() const { return path_; } + const ::ppapi::PpapiPermissions permissions() const { return permissions_; } PluginInstance* CreateInstance(PluginDelegate* delegate); @@ -197,6 +200,8 @@ class WEBKIT_PLUGINS_EXPORT PluginModule : const std::string name_; const FilePath path_; + ::ppapi::PpapiPermissions permissions_; + // Non-owning pointers to all instances associated with this module. When // there are no more instances, this object should be deleted. PluginInstanceSet instances_; diff --git a/webkit/plugins/ppapi/ppapi_unittest.cc b/webkit/plugins/ppapi/ppapi_unittest.cc index 8b3fec50..14c42e8 100644 --- a/webkit/plugins/ppapi/ppapi_unittest.cc +++ b/webkit/plugins/ppapi/ppapi_unittest.cc @@ -6,6 +6,7 @@ #include "ppapi/c/pp_var.h" #include "ppapi/c/ppp_instance.h" +#include "ppapi/shared_impl/ppapi_permissions.h" #include "webkit/plugins/ppapi/mock_plugin_delegate.h" #include "webkit/plugins/ppapi/plugin_module.h" #include "webkit/plugins/ppapi/ppapi_interface_factory.h" @@ -75,7 +76,8 @@ void PpapiUnittest::SetUp() { delegate_.reset(NewPluginDelegate()); // Initialize the mock module. - module_ = new PluginModule("Mock plugin", FilePath(), this); + module_ = new PluginModule("Mock plugin", FilePath(), this, + ::ppapi::PpapiPermissions()); PluginModule::EntryPoints entry_points; entry_points.get_interface = &MockGetInterface; entry_points.initialize_module = &MockInitializeModule; |