diff options
author | ben <ben@chromium.org> | 2016-02-23 23:50:19 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-02-24 07:51:20 +0000 |
commit | a16b491f249de01d84114889f2ea3a8aea966413 (patch) | |
tree | bf275c5f7a0fb4704e170b4d2aa112bec1288313 /mojo/shell/standalone | |
parent | 3436fa2dc73318d3dbaf6a6784d0ddee9be0243d (diff) | |
download | chromium_src-a16b491f249de01d84114889f2ea3a8aea966413.zip chromium_src-a16b491f249de01d84114889f2ea3a8aea966413.tar.gz chromium_src-a16b491f249de01d84114889f2ea3a8aea966413.tar.bz2 |
Add a user id parameter to connections.
This is simply a uint32 that identifies the user running a particular instance. Note that the shell cares nothing about higher level semantic meaning/mapping of this identifier. That's for a user service to perform.
An application that connects to another specifies the user id they wish the target to be run as. This can either be a specific user, the root user, or "inherit" which means either their own identity or root, whichever is available in that order.
The application manager resolves "inherit" to the source identity or the root identity, and initializes & completes the connection.
When a target application is initialized, the shell tells it (via Initialize()) the identity it is run as.
When a target application receives an inbound connection, the shell tells it (via AcceptConnection) the identity of the caller. This allows a service run as root to service connections from other users, and create facades scoped to that user.
Long term, only specific applications will be able to pass anything other than "inherit" as the user id. (e.g. the login app and the profile creator app). This isn't done in this CL.
I need to add some tests for this, along with the rest of the shell stuff. TBD.
R=sky@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
Review URL: https://codereview.chromium.org/1719193003
Cr-Commit-Position: refs/heads/master@{#377239}
Diffstat (limited to 'mojo/shell/standalone')
-rw-r--r-- | mojo/shell/standalone/context.cc | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/mojo/shell/standalone/context.cc b/mojo/shell/standalone/context.cc index 2c49e73..a966020 100644 --- a/mojo/shell/standalone/context.cc +++ b/mojo/shell/standalone/context.cc @@ -155,9 +155,9 @@ void Context::Init(const base::FilePath& shell_file_root) { new TracingInterfaceProvider(&tracer_, GetProxy(&tracing_local_interfaces)); scoped_ptr<ConnectParams> params(new ConnectParams); - params->set_source(Identity(GURL("mojo:shell"), std::string(), - GetPermissiveCapabilityFilter())); + params->set_source(CreateShellIdentity()); params->set_target(Identity(GURL("mojo:tracing"), std::string(), + mojom::Shell::kUserInherit, GetPermissiveCapabilityFilter())); params->set_remote_interfaces(GetProxy(&tracing_remote_interfaces)); params->set_local_interfaces(std::move(tracing_local_interfaces)); @@ -227,8 +227,10 @@ void Context::Run(const GURL& url) { shell::mojom::InterfaceProviderPtr local_interfaces; scoped_ptr<ConnectParams> params(new ConnectParams); + params->set_source(CreateShellIdentity()); params->set_target( - Identity(url, std::string(), GetPermissiveCapabilityFilter())); + Identity(url, std::string(), mojom::Shell::kUserRoot, + GetPermissiveCapabilityFilter())); params->set_remote_interfaces(GetProxy(&remote_interfaces)); params->set_local_interfaces(std::move(local_interfaces)); application_manager_->Connect(std::move(params)); |