diff options
author | mpcomplete@chromium.org <mpcomplete@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-07-23 20:36:49 +0000 |
---|---|---|
committer | mpcomplete@chromium.org <mpcomplete@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-07-23 20:36:49 +0000 |
commit | 351355117f4cb4ee805961920a7c9d2ad0ae944c (patch) | |
tree | eaa3fce0cb3c27c349979f3b1d396cebd94b777d /chrome | |
parent | 77e82ef4ef098225b769b64d852f5c522b22f31d (diff) | |
download | chromium_src-351355117f4cb4ee805961920a7c9d2ad0ae944c.zip chromium_src-351355117f4cb4ee805961920a7c9d2ad0ae944c.tar.gz chromium_src-351355117f4cb4ee805961920a7c9d2ad0ae944c.tar.bz2 |
CPAPI (0.11) for gears drag drop.
Provide a method that allows the gears plugin to ask the browser
process to verify that its renderer has permission to access the
drop files. Update the copyright notices.
BUG=7995
Review URL: http://codereview.chromium.org/159074
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@21437 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
-rw-r--r-- | chrome/browser/child_process_security_policy.cc | 4 | ||||
-rw-r--r-- | chrome/browser/chrome_plugin_host.cc | 9 | ||||
-rw-r--r-- | chrome/browser/plugin_process_host.cc | 22 | ||||
-rw-r--r-- | chrome/browser/plugin_process_host.h | 4 | ||||
-rw-r--r-- | chrome/common/chrome_plugin_api.h | 12 | ||||
-rw-r--r-- | chrome/common/plugin_messages_internal.h | 9 | ||||
-rw-r--r-- | chrome/plugin/chrome_plugin_host.cc | 30 | ||||
-rw-r--r-- | chrome/plugin/webplugin_proxy.cc | 8 | ||||
-rw-r--r-- | chrome/plugin/webplugin_proxy.h | 5 |
9 files changed, 92 insertions, 11 deletions
diff --git a/chrome/browser/child_process_security_policy.cc b/chrome/browser/child_process_security_policy.cc index 20130e7..c1cb73e 100644 --- a/chrome/browser/child_process_security_policy.cc +++ b/chrome/browser/child_process_security_policy.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Copyright (c) 2009 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -292,7 +292,7 @@ bool ChildProcessSecurityPolicy::CanRequestURL(int renderer_id, const GURL& url) } bool ChildProcessSecurityPolicy::CanUploadFile(int renderer_id, - const FilePath& file) { + const FilePath& file) { AutoLock lock(lock_); SecurityStateMap::iterator state = security_state_.find(renderer_id); diff --git a/chrome/browser/chrome_plugin_host.cc b/chrome/browser/chrome_plugin_host.cc index 75a2fc3..4e61732 100644 --- a/chrome/browser/chrome_plugin_host.cc +++ b/chrome/browser/chrome_plugin_host.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Copyright (c) 2009 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -546,6 +546,12 @@ CPError STDCALL CPB_SetDropEffect( return CPERR_FAILURE; } +CPError STDCALL CPB_AllowFileDrop( + CPID id, CPBrowsingContext context, const char* file_drag_data) { + NOTREACHED() << "Should not be called in the browser process."; + return CPERR_FAILURE; +} + // // Functions related to network interception // @@ -789,6 +795,7 @@ CPBrowserFuncs* GetCPBrowserFuncsForBrowser() { browser_funcs.open_file_dialog = CPB_OpenFileDialog; browser_funcs.get_drag_data = CPB_GetDragData; browser_funcs.set_drop_effect = CPB_SetDropEffect; + browser_funcs.allow_file_drop = CPB_AllowFileDrop; request_funcs.size = sizeof(request_funcs); request_funcs.start_request = CPR_StartRequest; diff --git a/chrome/browser/plugin_process_host.cc b/chrome/browser/plugin_process_host.cc index f03b42f..ca2f502 100644 --- a/chrome/browser/plugin_process_host.cc +++ b/chrome/browser/plugin_process_host.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Copyright (c) 2009 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -27,6 +27,7 @@ #include "base/scoped_ptr.h" #include "base/thread.h" #include "chrome/browser/browser_process.h" +#include "chrome/browser/child_process_security_policy.h" #include "chrome/browser/chrome_plugin_browsing_context.h" #include "chrome/browser/chrome_thread.h" #include "chrome/browser/plugin_service.h" @@ -439,6 +440,7 @@ void PluginProcessHost::OnMessageReceived(const IPC::Message& msg) { OnGetPluginFinderUrl) IPC_MESSAGE_HANDLER(PluginProcessHostMsg_PluginMessage, OnPluginMessage) IPC_MESSAGE_HANDLER(PluginProcessHostMsg_GetCookies, OnGetCookies) + IPC_MESSAGE_HANDLER(PluginProcessHostMsg_AccessFiles, OnAccessFiles) IPC_MESSAGE_HANDLER_DELAY_REPLY(PluginProcessHostMsg_ResolveProxy, OnResolveProxy) #if defined(OS_WIN) @@ -507,6 +509,24 @@ void PluginProcessHost::OnGetCookies(uint32 request_context, *cookies = context->cookie_store()->GetCookies(url); } +void PluginProcessHost::OnAccessFiles(int process_id, + const std::vector<std::string>& files, + bool* allowed) { + ChildProcessSecurityPolicy* policy = + ChildProcessSecurityPolicy::GetInstance(); + + for (size_t i = 0; i < files.size(); ++i) { + const FilePath path = FilePath::FromWStringHack(UTF8ToWide(files[i])); + if (!policy->CanUploadFile(process_id, path)) { + LOG(INFO) << "Denied unauthorized request for file " << files[i]; + *allowed = false; + return; + } + } + + *allowed = true; +} + void PluginProcessHost::OnResolveProxy(const GURL& url, IPC::Message* reply_msg) { resolve_proxy_msg_helper_.Start(url, reply_msg); diff --git a/chrome/browser/plugin_process_host.h b/chrome/browser/plugin_process_host.h index 8c3a948..22e9249 100644 --- a/chrome/browser/plugin_process_host.h +++ b/chrome/browser/plugin_process_host.h @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Copyright (c) 2009 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -101,6 +101,8 @@ class PluginProcessHost : public ChildProcessHost, void OnGetPluginFinderUrl(std::string* plugin_finder_url); void OnGetCookies(uint32 request_context, const GURL& url, std::string* cookies); + void OnAccessFiles(int process_id, const std::vector<std::string>& files, + bool* allowed); void OnResolveProxy(const GURL& url, IPC::Message* reply_msg); void OnPluginMessage(const std::vector<uint8>& data); diff --git a/chrome/common/chrome_plugin_api.h b/chrome/common/chrome_plugin_api.h index c10985a..d30357c 100644 --- a/chrome/common/chrome_plugin_api.h +++ b/chrome/common/chrome_plugin_api.h @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Copyright (c) 2009 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. // @@ -30,7 +30,7 @@ extern "C" { // The current version of the API, used by the 'version' field of CPPluginFuncs // and CPBrowserFuncs. #define CP_MAJOR_VERSION 0 -#define CP_MINOR_VERSION 10 +#define CP_MINOR_VERSION 11 #define CP_VERSION ((CP_MAJOR_VERSION << 8) | (CP_MINOR_VERSION)) #define CP_GET_MAJOR_VERSION(version) ((version & 0xff00) >> 8) @@ -445,6 +445,13 @@ typedef CPError (STDCALL *CPB_GetDragDataFunc)( typedef CPError (STDCALL *CPB_SetDropEffectFunc)( CPID id, CPBrowsingContext context, struct NPObject* event, int effect); +// For drag type "Files", the drag data returned by CPB_GetDragDataFunc() is a +// backspace delimited list of file paths. Use this routine to pass that data +// to the browser process to verify that the renderer has permission to access +// the files. Returns CPERR_SUCCESS if access is allowed. +typedef CPError (STDCALL *CPB_AllowFileDropFunc)( + CPID id, CPBrowsingContext context, const char* file_drag_data); + // Function table for issuing requests using via the other side's network stack. // For the plugin, this functions deal with issuing requests through the // browser. For the browser, these functions deal with allowing the plugin to @@ -521,6 +528,7 @@ typedef struct _CPBrowserFuncs { CPB_OpenFileDialogFunc open_file_dialog; CPB_GetDragDataFunc get_drag_data; CPB_SetDropEffectFunc set_drop_effect; + CPB_AllowFileDropFunc allow_file_drop; } CPBrowserFuncs; diff --git a/chrome/common/plugin_messages_internal.h b/chrome/common/plugin_messages_internal.h index 8631973..18152d9 100644 --- a/chrome/common/plugin_messages_internal.h +++ b/chrome/common/plugin_messages_internal.h @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Copyright (c) 2009 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -73,6 +73,13 @@ IPC_BEGIN_MESSAGES(PluginProcessHost) GURL /* url */, std::string /* cookies */) + // Used by the plugin process to verify that its renderer |process_id| has + // permission to access the given |files|. + IPC_SYNC_MESSAGE_CONTROL2_1(PluginProcessHostMsg_AccessFiles, + int /* process_id */, + std::vector<std::string> /* files */, + bool /* allowed */) + // Get the list of proxies to use for |url|, as a semicolon delimited list // of "<TYPE> <HOST>:<PORT>" | "DIRECT". See also ViewHostMsg_ResolveProxy // which does the same thing. diff --git a/chrome/plugin/chrome_plugin_host.cc b/chrome/plugin/chrome_plugin_host.cc index a81d7d3..81a128a 100644 --- a/chrome/plugin/chrome_plugin_host.cc +++ b/chrome/plugin/chrome_plugin_host.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Copyright (c) 2009 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -351,6 +351,33 @@ CPError STDCALL CPB_SetDropEffect( return CPERR_FAILURE; } +CPError STDCALL CPB_AllowFileDrop( + CPID id, CPBrowsingContext context, const char* file_drag_data) { + CHECK(ChromePluginLib::IsPluginThread()); + + WebPluginProxy* webplugin = WebPluginProxy::FromCPBrowsingContext(context); + if (!webplugin || !file_drag_data) + return CPERR_INVALID_PARAMETER; + + const int pid = webplugin->GetRendererProcessId(); + if (!pid) + return CPERR_FAILURE; + + static const char kDelimiter('\b'); + std::vector<std::string> files; + SplitStringDontTrim(file_drag_data, kDelimiter, &files); + + bool allowed = false; + if (!PluginThread::current()->Send( + new PluginProcessHostMsg_AccessFiles(pid, files, &allowed))) { + return CPERR_FAILURE; + } + + if (allowed) + return CPERR_SUCCESS; + return CPERR_FAILURE; +} + CPError STDCALL CPB_GetCommandLineArguments( CPID id, CPBrowsingContext context, const char* url, char** arguments) { CHECK(ChromePluginLib::IsPluginThread()); @@ -636,6 +663,7 @@ CPBrowserFuncs* GetCPBrowserFuncsForPlugin() { browser_funcs.open_file_dialog = CPB_OpenFileDialog; browser_funcs.get_drag_data = CPB_GetDragData; browser_funcs.set_drop_effect = CPB_SetDropEffect; + browser_funcs.allow_file_drop = CPB_AllowFileDrop; browser_funcs.request_funcs = &request_funcs; browser_funcs.response_funcs = &response_funcs; diff --git a/chrome/plugin/webplugin_proxy.cc b/chrome/plugin/webplugin_proxy.cc index 1356c61..67919e8 100644 --- a/chrome/plugin/webplugin_proxy.cc +++ b/chrome/plugin/webplugin_proxy.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Copyright (c) 2009 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -247,6 +247,12 @@ WebPluginResourceClient* WebPluginProxy::GetResourceClient(int id) { return iterator->second; } +int WebPluginProxy::GetRendererProcessId() { + if (channel_.get()) + return channel_->peer_pid(); + return 0; +} + void WebPluginProxy::DidPaint() { // If we have an accumulated damaged rect, then check to see if we need to // send out another InvalidateRect message. diff --git a/chrome/plugin/webplugin_proxy.h b/chrome/plugin/webplugin_proxy.h index 1b1468e..9454d28 100644 --- a/chrome/plugin/webplugin_proxy.h +++ b/chrome/plugin/webplugin_proxy.h @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Copyright (c) 2009 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -88,6 +88,9 @@ class WebPluginProxy : public WebPlugin { // object with that id exists. WebPluginResourceClient* GetResourceClient(int id); + // Returns the process id of the renderer that contains this plugin. + int GetRendererProcessId(); + // For windowless plugins, paints the given rectangle into the local buffer. void Paint(const gfx::Rect& rect); |