6 files changed, 132 insertions, 6 deletions

diff --git a/chrome/app/chromium_strings.grd b/chrome/app/chromium_strings.grd
index 3563861..2f40467 100644
--- a/chrome/app/chromium_strings.grd
+++ b/chrome/app/chromium_strings.grd
@@ -1158,6 +1158,22 @@ Signing in anyway will merge Chromium information like bookmarks, history, and o
         ''' It also controls what page is shown when you start Chromium or search from the Omnibox. '''
       </message>
 
+      <!-- Windows firewall rule strings. -->
+      <if expr="is_win">
+        <message name="IDS_INBOUND_MDNS_RULE_NAME" desc="The name of the firewall rule allowing inbound mDNS traffic.">
+          Chromium (mDNS-In).
+        </message>
+        <message name="IDS_INBOUND_MDNS_RULE_NAME_CANARY" desc="The name of the firewall rule allowing inbound mDNS traffic for canary.">
+          Chromium (mDNS-In).
+        </message>
+        <message name="IDS_INBOUND_MDNS_RULE_DESCRIPTION" desc="The description of the firewall rule allowing inbound mDNS traffic.">
+          Inbound rule for Chromium to allow mDNS traffic.
+        </message>
+        <message name="IDS_INBOUND_MDNS_RULE_DESCRIPTION_CANARY" desc="The description of the firewall rule allowing inbound mDNS traffic canary.">
+          Inbound rule for Chromium to allow mDNS traffic.
+        </message>
+      </if>
+
       <!-- Update bubble -->
       <message name="IDS_REINSTALL_APP" desc="Text for the button the user clicks to reinstall the app.">
         Reinstall Chromium
diff --git a/chrome/app/google_chrome_strings.grd b/chrome/app/google_chrome_strings.grd
index df23aac..75740aed 100644
--- a/chrome/app/google_chrome_strings.grd
+++ b/chrome/app/google_chrome_strings.grd
@@ -1082,6 +1082,22 @@ Signing in anyway will merge Chrome information like bookmarks, history, and oth
         ''' It also controls what page is shown when you start Chrome or search from the Omnibox. '''
       </message>
 
+      <!-- Windows firewall rule strings. -->
+      <if expr="is_win">
+        <message name="IDS_INBOUND_MDNS_RULE_NAME" desc="The name of the firewall rule allowing inbound mDNS traffic.">
+          Google Chrome (mDNS-In).
+        </message>
+        <message name="IDS_INBOUND_MDNS_RULE_NAME_CANARY" desc="The name of the firewall rule allowing inbound mDNS traffic for canary.">
+          Google Chrome Canary (mDNS-In).
+        </message>
+        <message name="IDS_INBOUND_MDNS_RULE_DESCRIPTION" desc="The description of the firewall rule allowing inbound mDNS traffic.">
+          Inbound rule for Google Chrome to allow mDNS traffic.
+        </message>
+        <message name="IDS_INBOUND_MDNS_RULE_DESCRIPTION_CANARY" desc="The description of the firewall rule allowing inbound mDNS traffic canary.">
+          Inbound rule for Google Chrome Canary to allow mDNS traffic.
+        </message>
+      </if>
+
       <!-- Update bubble -->
       <message name="IDS_REINSTALL_APP" desc="Text for the button the user clicks to reinstall the app.">
         Reinstall Chrome
diff --git a/chrome/installer/setup/install_worker.cc b/chrome/installer/setup/install_worker.cc
index de2d127..4831d3d 100644
--- a/chrome/installer/setup/install_worker.cc
+++ b/chrome/installer/setup/install_worker.cc
@@ -36,6 +36,7 @@
 #include "chrome/installer/util/callback_work_item.h"
 #include "chrome/installer/util/conditional_work_item_list.h"
 #include "chrome/installer/util/create_reg_key_work_item.h"
+#include "chrome/installer/util/firewall_manager_win.h"
 #include "chrome/installer/util/google_update_constants.h"
 #include "chrome/installer/util/helper.h"
 #include "chrome/installer/util/install_util.h"
@@ -255,6 +256,54 @@ void AddInstallExtensionCommandWorkItem(const InstallerState& installer_state,
                                    work_item_list);
 }
 
+// A callback invoked by |work_item| that adds firewall rules for Chrome. Rules
+// are left in-place on rollback unless |remove_on_rollback| is true. This is
+// the case for new installs only. Updates and overinstalls leave the rule
+// in-place on rollback since a previous install of Chrome will be used in that
+// case.
+bool AddFirewallRulesCallback(bool system_level,
+                              BrowserDistribution* dist,
+                              const base::FilePath& chrome_path,
+                              bool remove_on_rollback,
+                              const CallbackWorkItem& work_item) {
+  // There is no work to do on rollback if this is not a new install.
+  if (work_item.IsRollback() || !remove_on_rollback)
+    return true;
+
+  scoped_ptr<FirewallManager> manager =
+      FirewallManager::Create(dist, chrome_path);
+  if (!manager) {
+    LOG(ERROR) << "Failed creating a FirewallManager. Continuing with install.";
+    return true;
+  }
+
+  if (work_item.IsRollback()) {
+    manager->RemoveFirewallRules();
+    return true;
+  }
+
+  // Adding the firewall rule is expected to fail for user-level installs on
+  // Vista+. Try anyway in case the installer is running elevated.
+  if (!manager->AddFirewallRules())
+    LOG(ERROR) << "Failed creating a firewall rules. Continuing with install.";
+
+  // Don't abort installation if the firewall rule couldn't be added.
+  return true;
+}
+
+// Adds work items to |list| to create firewall rules.
+void AddFirewallRulesWorkItems(const InstallerState& installer_state,
+                               BrowserDistribution* dist,
+                               bool is_new_install,
+                               WorkItemList* list) {
+  list->AddCallbackWorkItem(
+      base::Bind(&AddFirewallRulesCallback,
+                 installer_state.system_install(),
+                 dist,
+                 installer_state.target_path().Append(kChromeExe),
+                 is_new_install));
+}
+
 // Returns the basic CommandLine to setup.exe for a quick-enable operation on
 // the binaries. This will unconditionally include --multi-install as well as
 // --verbose-logging if the current installation was launched with
@@ -345,6 +394,7 @@ void AddProductSpecificWorkItems(const InstallationState& original_state,
                                  const InstallerState& installer_state,
                                  const base::FilePath& setup_path,
                                  const Version& new_version,
+                                 bool is_new_install,
                                  WorkItemList* list) {
   const Products& products = installer_state.products();
   for (Products::const_iterator it = products.begin(); it < products.end();
@@ -359,6 +409,8 @@ void AddProductSpecificWorkItems(const InstallationState& original_state,
                             list);
       AddInstallExtensionCommandWorkItem(installer_state, original_state,
                                          setup_path, new_version, p, list);
+      AddFirewallRulesWorkItems(
+          installer_state, p.distribution(), is_new_install, list);
     }
     if (p.is_chrome_binaries()) {
       AddQueryEULAAcceptanceWorkItems(
@@ -1164,8 +1216,12 @@ void AddInstallWorkItems(const InstallationState& original_state,
 
   // Add any remaining work items that involve special settings for
   // each product.
-  AddProductSpecificWorkItems(original_state, installer_state, setup_path,
-                              new_version, install_list);
+  AddProductSpecificWorkItems(original_state,
+                              installer_state,
+                              setup_path,
+                              new_version,
+                              current_version == NULL,
+                              install_list);
 
   // Copy over brand, usagestats, and other values.
   AddGoogleUpdateWorkItems(original_state, installer_state, install_list);
diff --git a/chrome/installer/setup/uninstall.cc b/chrome/installer/setup/uninstall.cc
index a51768f..9150214 100644
--- a/chrome/installer/setup/uninstall.cc
+++ b/chrome/installer/setup/uninstall.cc
@@ -35,6 +35,7 @@
 #include "chrome/installer/util/browser_distribution.h"
 #include "chrome/installer/util/channel_info.h"
 #include "chrome/installer/util/delete_after_reboot_helper.h"
+#include "chrome/installer/util/firewall_manager_win.h"
 #include "chrome/installer/util/google_update_constants.h"
 #include "chrome/installer/util/google_update_settings.h"
 #include "chrome/installer/util/helper.h"
@@ -1047,6 +1048,14 @@ const wchar_t kChromeExtProgId[] = L"ChromiumExt";
   }
 }
 
+void UninstallFirewallRules(BrowserDistribution* dist,
+                            const base::FilePath& chrome_exe) {
+  scoped_ptr<FirewallManager> manager =
+      FirewallManager::Create(dist, chrome_exe);
+  if (manager)
+    manager->RemoveFirewallRules();
+}
+
 InstallStatus UninstallProduct(const InstallationState& original_state,
                                const InstallerState& installer_state,
                                const base::FilePath& setup_exe,
@@ -1227,6 +1236,8 @@ InstallStatus UninstallProduct(const InstallationState& original_state,
 
     UninstallActiveSetupEntries(installer_state, product);
 
+    UninstallFirewallRules(browser_dist, base::FilePath(chrome_exe));
+
     // Notify the shell that associations have changed since Chrome was likely
     // unregistered.
     SHChangeNotify(SHCNE_ASSOCCHANGED, SHCNF_IDLIST, NULL, NULL);
diff --git a/chrome/installer/util/firewall_manager_win.cc b/chrome/installer/util/firewall_manager_win.cc
index 2249331..54142ff 100644
--- a/chrome/installer/util/firewall_manager_win.cc
+++ b/chrome/installer/util/firewall_manager_win.cc
@@ -8,12 +8,18 @@
 #include "base/strings/string16.h"
 #include "chrome/installer/util/advanced_firewall_manager_win.h"
 #include "chrome/installer/util/browser_distribution.h"
+#include "chrome/installer/util/install_util.h"
+#include "chrome/installer/util/l10n_string_util.h"
 #include "chrome/installer/util/legacy_firewall_manager_win.h"
 
+#include "installer_util_strings.h"  // NOLINT
+
 namespace installer {
 
 namespace {
 
+const uint16 kDefaultMdnsPort = 5353;
+
 class FirewallManagerAdvancedImpl : public FirewallManager {
  public:
   FirewallManagerAdvancedImpl() {}
@@ -29,8 +35,8 @@ class FirewallManagerAdvancedImpl : public FirewallManager {
   };
 
   virtual bool AddFirewallRules() OVERRIDE {
-    // Nothing yet.
-    return true;
+    return manager_.AddUDPRule(GetMdnsRuleName(), GetMdnsRuleDescription(),
+                               kDefaultMdnsPort);
   }
 
   virtual void RemoveFirewallRules() OVERRIDE {
@@ -38,6 +44,22 @@ class FirewallManagerAdvancedImpl : public FirewallManager {
   }
 
  private:
+  static base::string16 GetMdnsRuleName() {
+#if defined(GOOGLE_CHROME_BUILD)
+    if (InstallUtil::IsChromeSxSProcess())
+      return GetLocalizedString(IDS_INBOUND_MDNS_RULE_NAME_CANARY_BASE);
+#endif
+    return GetLocalizedString(IDS_INBOUND_MDNS_RULE_NAME_BASE);
+  }
+
+  static base::string16 GetMdnsRuleDescription() {
+#if defined(GOOGLE_CHROME_BUILD)
+    if (InstallUtil::IsChromeSxSProcess())
+      return GetLocalizedString(IDS_INBOUND_MDNS_RULE_DESCRIPTION_CANARY_BASE);
+#endif
+      return GetLocalizedString(IDS_INBOUND_MDNS_RULE_DESCRIPTION_BASE);
+  }
+
   AdvancedFirewallManager manager_;
   DISALLOW_COPY_AND_ASSIGN(FirewallManagerAdvancedImpl);
 };
@@ -58,8 +80,9 @@ class FirewallManagerLegacyImpl : public FirewallManager {
   };
 
   virtual bool AddFirewallRules() OVERRIDE {
-    // Nothing yet.
-    return true;
+    // Change nothing if rule is set.
+    return manager_.GetAllowIncomingConnection(NULL) ||
+        manager_.SetAllowIncomingConnection(true);
   }
 
   virtual void RemoveFirewallRules() OVERRIDE {
diff --git a/chrome/installer/util/prebuild/create_string_rc.py b/chrome/installer/util/prebuild/create_string_rc.py
index edd0fa7..596d5cb 100755
--- a/chrome/installer/util/prebuild/create_string_rc.py
+++ b/chrome/installer/util/prebuild/create_string_rc.py
@@ -78,6 +78,10 @@ STRING_IDS = [
   'IDS_APP_LIST_SHORTCUT_NAME_CANARY',
   'IDS_APP_SHORTCUTS_SUBDIR_NAME',
   'IDS_APP_SHORTCUTS_SUBDIR_NAME_CANARY',
+  'IDS_INBOUND_MDNS_RULE_NAME',
+  'IDS_INBOUND_MDNS_RULE_NAME_CANARY',
+  'IDS_INBOUND_MDNS_RULE_DESCRIPTION',
+  'IDS_INBOUND_MDNS_RULE_DESCRIPTION_CANARY',
 ]
 
 # The ID of the first resource string.