IPC outgoing message filters interpose yourself in a message stream. Minimally invasive baseline for building IPC tests to abuse browser along the lines of a compromised renderer.

Review URL: http://codereview.chromium.org/6711024

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@84076 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 3 insertions, 2 deletions

diff --git a/content/browser/renderer_host/browser_render_process_host.cc b/content/browser/renderer_host/browser_render_process_host.cc
index d422775..5e3354c 100644
--- a/content/browser/renderer_host/browser_render_process_host.cc
+++ b/content/browser/renderer_host/browser_render_process_host.cc
@@ -552,6 +552,7 @@ void BrowserRenderProcessHost::PropagateBrowserCommandLineToRenderer(
     switches::kEnableDCHECK,
     switches::kEnableExperimentalExtensionApis,
     switches::kEnableInBrowserThumbnailing,
+    switches::kEnableIPCFuzzing,
     switches::kEnableLogging,
     switches::kEnableNaCl,
     switches::kEnableOpenMax,
diff --git a/content/common/child_thread.h b/content/common/child_thread.h
index f2ac864..e1d34e8 100644
--- a/content/common/child_thread.h
+++ b/content/common/child_thread.h
@@ -42,6 +42,8 @@ class ChildThread : public IPC::Channel::Listener,
 
   IPC::Channel::Listener* ResolveRoute(int32 routing_id);
 
+  IPC::SyncChannel* channel() { return channel_.get(); }
+
   // Creates a ResourceLoaderBridge.
   // Tests can override this method if they want a custom loading behavior.
   virtual webkit_glue::ResourceLoaderBridge* CreateBridge(
@@ -84,8 +86,6 @@ class ChildThread : public IPC::Channel::Listener,
   virtual void OnSetIPCLoggingEnabled(bool enable);
 #endif
 
-  IPC::SyncChannel* channel() { return channel_.get(); }
-
   void set_on_channel_error_called(bool on_channel_error_called) {
     on_channel_error_called_ = on_channel_error_called;
   }