Make Flash work properly when started in low-integrity mode so that UIPI restrictions take effect. The change works by adding a new IPC from from plugin to browser, which tells the browser to reparent plugin windows when needed (since UIPI blacks parenting from the low-integrity plugin process).

See UIPI for reference: http://en.wikipedia.org/wiki/User_Interface_Privilege_Isolation BUG=82870 Review URL: http://codereview.chromium.org/7054068 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@88081 0039d316-1c4b-4281-b951-d872f2087c98
author: jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-06-07 01:42:04 +0000
committer: jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-06-07 01:42:04 +0000
commit: e4486d3200c9a53e4659debd67d4d267987b15dd (patch)
tree: bd3f48992a02ade8a15303b357ed91cd85e6837f /webkit/plugins/npapi/webplugin_delegate_impl_win.cc
parent: 311e4cc1f29a90bb5d9e36f7364d2e4fd1113fb7 (diff)
download: chromium_src-e4486d3200c9a53e4659debd67d4d267987b15dd.zip
chromium_src-e4486d3200c9a53e4659debd67d4d267987b15dd.tar.gz
chromium_src-e4486d3200c9a53e4659debd67d4d267987b15dd.tar.bz2
1 files changed, 40 insertions, 4 deletions
diff --git a/webkit/plugins/npapi/webplugin_delegate_impl_win.cc b/webkit/plugins/npapi/webplugin_delegate_impl_win.cc
index 4e92036..4f3b806 100644
--- a/webkit/plugins/npapi/webplugin_delegate_impl_win.cc
+++ b/webkit/plugins/npapi/webplugin_delegate_impl_win.cc
@@ -271,6 +271,7 @@ WebPluginDelegateImpl::WebPluginDelegateImpl(
       last_message_(0),
       is_calling_wndproc(false),
       dummy_window_for_activation_(NULL),
+      parent_proxy_window_(NULL),
       handle_event_message_filter_hook_(NULL),
       handle_event_pump_messages_event_(NULL),
       user_gesture_message_posted_(false),
@@ -298,6 +299,8 @@ WebPluginDelegateImpl::WebPluginDelegateImpl(
     quirks_ |= PLUGIN_QUIRK_PATCH_SETCURSOR;
     quirks_ |= PLUGIN_QUIRK_ALWAYS_NOTIFY_SUCCESS;
     quirks_ |= PLUGIN_QUIRK_HANDLE_MOUSE_CAPTURE;
+    if (filename == kBuiltinFlashPlugin)
+      quirks_ |= PLUGIN_QUIRK_REPARENT_IN_BROWSER;
   } else if (filename == kAcrobatReaderPlugin) {
     // Check for the version number above or equal 9.
     int major_version = GetPluginMajorVersion(plugin_info);
@@ -354,7 +357,11 @@ WebPluginDelegateImpl::WebPluginDelegateImpl(
 
 WebPluginDelegateImpl::~WebPluginDelegateImpl() {
   if (::IsWindow(dummy_window_for_activation_)) {
-    ::DestroyWindow(dummy_window_for_activation_);
+    // Sandboxed Flash stacks two dummy windows to prevent UIPI failures
+    if (::IsWindow(parent_proxy_window_))
+      ::DestroyWindow(parent_proxy_window_);
+    else
+      ::DestroyWindow(dummy_window_for_activation_);
   }
 
   DestroyInstance();
@@ -482,6 +489,9 @@ bool WebPluginDelegateImpl::WindowedCreatePlugin() {
 
   RegisterNativeWindowClass();
 
+  // UIPI requires reparenting in the (medium-integrity) browser process.
+  bool reparent_in_browser = (quirks_ & PLUGIN_QUIRK_REPARENT_IN_BROWSER) != 0;
+
   // The window will be sized and shown later.
   windowed_handle_ = CreateWindowEx(
       WS_EX_LEFT | WS_EX_LTRREADING | WS_EX_RIGHTSCROLLBAR,
@@ -492,14 +502,16 @@ bool WebPluginDelegateImpl::WindowedCreatePlugin() {
       0,
       0,
       0,
-      parent_,
+      reparent_in_browser ? NULL : parent_,
       0,
       GetModuleHandle(NULL),
       0);
   if (windowed_handle_ == 0)
     return false;
 
-  if (IsWindow(parent_)) {
+  if (reparent_in_browser) {
+    plugin_->ReparentPluginWindow(windowed_handle_, parent_);
+  } else if (IsWindow(parent_)) {
     // This is a tricky workaround for Issue 2673 in chromium "Flash: IME not
     // available". To use IMEs in this window, we have to make Windows attach
     // IMEs to this window (i.e. load IME DLLs, attach them to this process,
@@ -705,6 +717,30 @@ BOOL CALLBACK EnumFlashWindows(HWND window, LPARAM arg) {
 
 bool WebPluginDelegateImpl::CreateDummyWindowForActivation() {
   DCHECK(!dummy_window_for_activation_);
+
+  // Built-in Flash runs with UIPI, but in windowless mode Flash sometimes
+  // tries to attach windows to the parent (which fails under UIPI). To make
+  // it work we add an extra dummy parent in the low-integrity process.
+  if (quirks_ & PLUGIN_QUIRK_REPARENT_IN_BROWSER) {
+    parent_proxy_window_ = CreateWindowEx(
+      0,
+      L"Static",
+      kDummyActivationWindowName,
+      WS_POPUP,
+      0,
+      0,
+      0,
+      0,
+      0,
+      0,
+      GetModuleHandle(NULL),
+      0);
+
+    if (parent_proxy_window_ == 0)
+      return false;
+    plugin_->ReparentPluginWindow(parent_proxy_window_, parent_);
+  }
+
   dummy_window_for_activation_ = CreateWindowEx(
     0,
     L"Static",
@@ -714,7 +750,7 @@ bool WebPluginDelegateImpl::CreateDummyWindowForActivation() {
     0,
     0,
     0,
-    parent_,
+    parent_proxy_window_ ? parent_proxy_window_ : parent_,
     0,
     GetModuleHandle(NULL),
     0);
author	jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-06-07 01:42:04 +0000
committer	jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-06-07 01:42:04 +0000
commit	e4486d3200c9a53e4659debd67d4d267987b15dd (patch)
tree	bd3f48992a02ade8a15303b357ed91cd85e6837f /webkit/plugins/npapi/webplugin_delegate_impl_win.cc
parent	311e4cc1f29a90bb5d9e36f7364d2e4fd1113fb7 (diff)
download	chromium_src-e4486d3200c9a53e4659debd67d4d267987b15dd.zip chromium_src-e4486d3200c9a53e4659debd67d4d267987b15dd.tar.gz chromium_src-e4486d3200c9a53e4659debd67d4d267987b15dd.tar.bz2