diff options
Diffstat (limited to 'content')
| -rw-r--r-- | content/browser/ppapi_plugin_process_host.cc | 8 | ||||
| -rw-r--r-- | content/browser/ppapi_plugin_process_host.h | 17 | ||||
| -rw-r--r-- | content/browser/renderer_host/pepper/browser_ppapi_host_impl.cc | 45 | ||||
| -rw-r--r-- | content/browser/renderer_host/pepper/browser_ppapi_host_impl.h | 28 | ||||
| -rw-r--r-- | content/browser/renderer_host/render_message_filter.cc | 10 | ||||
| -rw-r--r-- | content/browser/renderer_host/render_message_filter.h | 10 | ||||
| -rw-r--r-- | content/common/pepper_renderer_instance_data.cc | 28 | ||||
| -rw-r--r-- | content/common/pepper_renderer_instance_data.h | 31 | ||||
| -rw-r--r-- | content/common/view_messages.h | 30 | ||||
| -rw-r--r-- | content/content_common.gypi | 2 | ||||
| -rw-r--r-- | content/public/browser/browser_ppapi_host.h | 6 | ||||
| -rw-r--r-- | content/renderer/pepper/pepper_plugin_delegate_impl.cc | 9 |
12 files changed, 161 insertions, 63 deletions
diff --git a/content/browser/ppapi_plugin_process_host.cc b/content/browser/ppapi_plugin_process_host.cc index db9f23d..1d7b5b5 100644 --- a/content/browser/ppapi_plugin_process_host.cc +++ b/content/browser/ppapi_plugin_process_host.cc @@ -101,14 +101,12 @@ PpapiPluginProcessHost* PpapiPluginProcessHost::CreateBrokerHost( void PpapiPluginProcessHost::DidCreateOutOfProcessInstance( int plugin_process_id, int32 pp_instance, - int render_process_id, - int render_view_id) { + const PepperRendererInstanceData& instance_data) { for (PpapiPluginProcessHostIterator iter; !iter.Done(); ++iter) { if (iter->process_.get() && iter->process_->GetData().id == plugin_process_id) { // Found the plugin. - iter->host_impl_->AddInstanceForView(pp_instance, - render_process_id, render_view_id); + iter->host_impl_->AddInstance(pp_instance, instance_data); return; } } @@ -130,7 +128,7 @@ void PpapiPluginProcessHost::DidDeleteOutOfProcessInstance( if (iter->process_.get() && iter->process_->GetData().id == plugin_process_id) { // Found the plugin. - iter->host_impl_->DeleteInstanceForView(pp_instance); + iter->host_impl_->DeleteInstance(pp_instance); return; } } diff --git a/content/browser/ppapi_plugin_process_host.h b/content/browser/ppapi_plugin_process_host.h index 9dc3481..6b50856 100644 --- a/content/browser/ppapi_plugin_process_host.h +++ b/content/browser/ppapi_plugin_process_host.h @@ -78,14 +78,15 @@ class PpapiPluginProcessHost : public BrowserChildProcessHostDelegate, static PpapiPluginProcessHost* CreateBrokerHost( const PepperPluginInfo& info); - // Notification that a PP_Instance has been created for the given - // RenderView/Process pair for the given plugin. This is necessary so that - // when the plugin calls us with a PP_Instance we can find the RenderView - // associated with it without trusting the plugin. - static void DidCreateOutOfProcessInstance(int plugin_process_id, - int32 pp_instance, - int render_process_id, - int render_view_id); + // Notification that a PP_Instance has been created and the associated + // renderer related data including the RenderView/Process pair for the given + // plugin. This is necessary so that when the plugin calls us with a + // PP_Instance we can find the RenderView associated with it without trusting + // the plugin. + static void DidCreateOutOfProcessInstance( + int plugin_process_id, + int32 pp_instance, + const PepperRendererInstanceData& instance_data); // The opposite of DIdCreate... above. static void DidDeleteOutOfProcessInstance(int plugin_process_id, diff --git a/content/browser/renderer_host/pepper/browser_ppapi_host_impl.cc b/content/browser/renderer_host/pepper/browser_ppapi_host_impl.cc index 2b79f3b..d039c70 100644 --- a/content/browser/renderer_host/pepper/browser_ppapi_host_impl.cc +++ b/content/browser/renderer_host/pepper/browser_ppapi_host_impl.cc @@ -6,6 +6,7 @@ #include "content/browser/renderer_host/pepper/pepper_message_filter.h" #include "content/browser/trace_message_filter.h" +#include "content/common/pepper_renderer_instance_data.h" #include "content/public/browser/browser_thread.h" #include "content/public/browser/render_view_host.h" #include "ipc/ipc_message_macros.h" @@ -73,22 +74,22 @@ base::ProcessHandle BrowserPpapiHostImpl::GetPluginProcessHandle() const { } bool BrowserPpapiHostImpl::IsValidInstance(PP_Instance instance) const { - return instance_to_view_.find(instance) != instance_to_view_.end(); + return instance_map_.find(instance) != instance_map_.end(); } bool BrowserPpapiHostImpl::GetRenderViewIDsForInstance( PP_Instance instance, int* render_process_id, int* render_view_id) const { - InstanceToViewMap::const_iterator found = instance_to_view_.find(instance); - if (found == instance_to_view_.end()) { + InstanceMap::const_iterator found = instance_map_.find(instance); + if (found == instance_map_.end()) { *render_process_id = 0; *render_view_id = 0; return false; } - *render_process_id = found->second.process_id; - *render_view_id = found->second.view_id; + *render_process_id = found->second.render_process_id; + *render_view_id = found->second.render_view_id; return true; } @@ -100,24 +101,34 @@ const FilePath& BrowserPpapiHostImpl::GetProfileDataDirectory() { return profile_data_directory_; } -void BrowserPpapiHostImpl::AddInstanceForView(PP_Instance instance, - int render_process_id, - int render_view_id) { - DCHECK(instance_to_view_.find(instance) == instance_to_view_.end()); +GURL BrowserPpapiHostImpl::GetDocumentURLForInstance(PP_Instance instance) { + InstanceMap::const_iterator found = instance_map_.find(instance); + if (found == instance_map_.end()) + return GURL(); + return found->second.document_url; +} + +GURL BrowserPpapiHostImpl::GetPluginURLForInstance(PP_Instance instance) { + InstanceMap::const_iterator found = instance_map_.find(instance); + if (found == instance_map_.end()) + return GURL(); + return found->second.plugin_url; +} - RenderViewIDs ids; - ids.process_id = render_process_id; - ids.view_id = render_view_id; - instance_to_view_[instance] = ids; +void BrowserPpapiHostImpl::AddInstance( + PP_Instance instance, + const PepperRendererInstanceData& instance_data) { + DCHECK(instance_map_.find(instance) == instance_map_.end()); + instance_map_[instance] = instance_data; } -void BrowserPpapiHostImpl::DeleteInstanceForView(PP_Instance instance) { - InstanceToViewMap::iterator found = instance_to_view_.find(instance); - if (found == instance_to_view_.end()) { +void BrowserPpapiHostImpl::DeleteInstance(PP_Instance instance) { + InstanceMap::iterator found = instance_map_.find(instance); + if (found == instance_map_.end()) { NOTREACHED(); return; } - instance_to_view_.erase(found); + instance_map_.erase(found); } bool BrowserPpapiHostImpl::HostMessageFilter::OnMessageReceived( diff --git a/content/browser/renderer_host/pepper/browser_ppapi_host_impl.h b/content/browser/renderer_host/pepper/browser_ppapi_host_impl.h index 888bb7c..ce3560e 100644 --- a/content/browser/renderer_host/pepper/browser_ppapi_host_impl.h +++ b/content/browser/renderer_host/pepper/browser_ppapi_host_impl.h @@ -19,6 +19,8 @@ namespace content { +struct PepperRendererInstanceData; + class CONTENT_EXPORT BrowserPpapiHostImpl : public BrowserPpapiHost { public: // The creator is responsible for calling set_plugin_process_handle as soon @@ -39,18 +41,19 @@ class CONTENT_EXPORT BrowserPpapiHostImpl : public BrowserPpapiHost { int* render_view_id) const OVERRIDE; virtual const std::string& GetPluginName() OVERRIDE; virtual const FilePath& GetProfileDataDirectory() OVERRIDE; + virtual GURL GetDocumentURLForInstance(PP_Instance instance) OVERRIDE; + virtual GURL GetPluginURLForInstance(PP_Instance instance) OVERRIDE; void set_plugin_process_handle(base::ProcessHandle handle) { plugin_process_handle_ = handle; } // These two functions are notifications that an instance has been created - // or destroyed. They allow us to maintain a mapping of PP_Instance to view - // IDs in the browser process. - void AddInstanceForView(PP_Instance instance, - int render_process_id, - int render_view_id); - void DeleteInstanceForView(PP_Instance instance); + // or destroyed. They allow us to maintain a mapping of PP_Instance to data + // associated with the instance including view IDs in the browser process. + void AddInstance(PP_Instance instance, + const PepperRendererInstanceData& instance_data); + void DeleteInstance(PP_Instance instance); scoped_refptr<IPC::ChannelProxy::MessageFilter> message_filter() { return message_filter_; @@ -59,12 +62,6 @@ class CONTENT_EXPORT BrowserPpapiHostImpl : public BrowserPpapiHost { private: friend class BrowserPpapiHostTest; - struct RenderViewIDs { - int process_id; - int view_id; - }; - typedef std::map<PP_Instance, RenderViewIDs> InstanceToViewMap; - // Implementing MessageFilter on BrowserPpapiHostImpl makes it ref-counted, // preventing us from returning these to embedders without holding a // reference. To avoid that, define a message filter object. @@ -88,9 +85,10 @@ class CONTENT_EXPORT BrowserPpapiHostImpl : public BrowserPpapiHost { std::string plugin_name_; FilePath profile_data_directory_; - // Tracks all PP_Instances in this plugin and maps them to - // RenderProcess/RenderView IDs. - InstanceToViewMap instance_to_view_; + // Tracks all PP_Instances in this plugin and associated renderer-related + // data. + typedef std::map<PP_Instance, PepperRendererInstanceData> InstanceMap; + InstanceMap instance_map_; scoped_refptr<HostMessageFilter> message_filter_; diff --git a/content/browser/renderer_host/render_message_filter.cc b/content/browser/renderer_host/render_message_filter.cc index 9bcd74e..0823310 100644 --- a/content/browser/renderer_host/render_message_filter.cc +++ b/content/browser/renderer_host/render_message_filter.cc @@ -711,7 +711,7 @@ void RenderMessageFilter::OnOpenChannelToPepperPlugin( void RenderMessageFilter::OnDidCreateOutOfProcessPepperInstance( int plugin_child_id, int32 pp_instance, - int render_view_id, + PepperRendererInstanceData instance_data, bool is_external) { // It's important that we supply the render process ID ourselves based on the // channel the message arrived on. We use the @@ -719,16 +719,18 @@ void RenderMessageFilter::OnDidCreateOutOfProcessPepperInstance( // mapping to decide how to handle messages received from the (untrusted) // plugin, so an exploited renderer must not be able to insert fake mappings // that may allow it access to other render processes. + DCHECK(instance_data.render_process_id == 0); + instance_data.render_process_id = render_process_id_; if (is_external) { // We provide the BrowserPpapiHost to the embedder, so it's safe to cast. BrowserPpapiHostImpl* host = static_cast<BrowserPpapiHostImpl*>( GetContentClient()->browser()->GetExternalBrowserPpapiHost( plugin_child_id)); if (host) - host->AddInstanceForView(pp_instance, render_process_id_, render_view_id); + host->AddInstance(pp_instance, instance_data); } else { PpapiPluginProcessHost::DidCreateOutOfProcessInstance( - plugin_child_id, pp_instance, render_process_id_, render_view_id); + plugin_child_id, pp_instance, instance_data); } } @@ -742,7 +744,7 @@ void RenderMessageFilter::OnDidDeleteOutOfProcessPepperInstance( GetContentClient()->browser()->GetExternalBrowserPpapiHost( plugin_child_id)); if (host) - host->DeleteInstanceForView(pp_instance); + host->DeleteInstance(pp_instance); } else { PpapiPluginProcessHost::DidDeleteOutOfProcessInstance( plugin_child_id, pp_instance); diff --git a/content/browser/renderer_host/render_message_filter.h b/content/browser/renderer_host/render_message_filter.h index 2494aa1..fdc933f 100644 --- a/content/browser/renderer_host/render_message_filter.h +++ b/content/browser/renderer_host/render_message_filter.h @@ -19,6 +19,7 @@ #include "base/shared_memory.h" #include "base/string16.h" #include "build/build_config.h" +#include "content/common/pepper_renderer_instance_data.h" #include "content/public/browser/browser_message_filter.h" #include "content/public/common/three_d_api_types.h" #include "media/base/channel_layout.h" @@ -167,10 +168,11 @@ class RenderMessageFilter : public BrowserMessageFilter { IPC::Message* reply_msg); void OnOpenChannelToPepperPlugin(const FilePath& path, IPC::Message* reply_msg); - void OnDidCreateOutOfProcessPepperInstance(int plugin_child_id, - int32 pp_instance, - int render_view_id, - bool is_external); + void OnDidCreateOutOfProcessPepperInstance( + int plugin_child_id, + int32 pp_instance, + PepperRendererInstanceData instance_data, + bool is_external); void OnDidDeleteOutOfProcessPepperInstance(int plugin_child_id, int32 pp_instance, bool is_external); diff --git a/content/common/pepper_renderer_instance_data.cc b/content/common/pepper_renderer_instance_data.cc new file mode 100644 index 0000000..73b67a7 --- /dev/null +++ b/content/common/pepper_renderer_instance_data.cc @@ -0,0 +1,28 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "content/common/pepper_renderer_instance_data.h" + +namespace content { + +PepperRendererInstanceData::PepperRendererInstanceData() + : render_process_id(0), + render_view_id(0) { +} + +PepperRendererInstanceData::PepperRendererInstanceData( + int render_process, + int render_view, + const GURL& document, + const GURL& plugin) + : render_process_id(render_process), + render_view_id(render_view), + document_url(document), + plugin_url(plugin) { +} + +PepperRendererInstanceData::~PepperRendererInstanceData() { +} + +} // namespace content diff --git a/content/common/pepper_renderer_instance_data.h b/content/common/pepper_renderer_instance_data.h new file mode 100644 index 0000000..b912792 --- /dev/null +++ b/content/common/pepper_renderer_instance_data.h @@ -0,0 +1,31 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_COMMON_PEPPER_RENDERER_INSTANCE_DATA_H_ +#define CONTENT_COMMON_PEPPER_RENDERER_INSTANCE_DATA_H_ + +#include "googleurl/src/gurl.h" + +namespace content { + +// This struct contains data which is associated with a particular plugin +// instance and is related to the renderer in which the plugin instance lives. +// This data is transferred to the browser process from the renderer when the +// instance is created and is stored in the BrowserPpapiHost. +struct PepperRendererInstanceData { + PepperRendererInstanceData(); + PepperRendererInstanceData(int render_process, + int render_view, + const GURL& document, + const GURL& plugin); + ~PepperRendererInstanceData(); + int render_process_id; + int render_view_id; + GURL document_url; + GURL plugin_url; +}; + +} // namespace content + +#endif // CONTENT_COMMON_PEPPER_RENDERER_INSTANCE_DATA_H_ diff --git a/content/common/view_messages.h b/content/common/view_messages.h index 2727d49..5956f0d 100644 --- a/content/common/view_messages.h +++ b/content/common/view_messages.h @@ -12,6 +12,7 @@ #include "content/common/content_param_traits.h" #include "content/common/edit_command.h" #include "content/common/navigation_gesture.h" +#include "content/common/pepper_renderer_instance_data.h" #include "content/common/view_message_enums.h" #include "content/port/common/input_event_ack_state.h" #include "content/public/common/common_param_traits.h" @@ -327,6 +328,13 @@ IPC_STRUCT_TRAITS_BEGIN(content::FrameNavigateParams) IPC_STRUCT_TRAITS_MEMBER(socket_address) IPC_STRUCT_TRAITS_END() +IPC_STRUCT_TRAITS_BEGIN(content::PepperRendererInstanceData) + IPC_STRUCT_TRAITS_MEMBER(render_process_id) + IPC_STRUCT_TRAITS_MEMBER(render_view_id) + IPC_STRUCT_TRAITS_MEMBER(document_url) + IPC_STRUCT_TRAITS_MEMBER(plugin_url) +IPC_STRUCT_TRAITS_END() + IPC_STRUCT_TRAITS_BEGIN(content::RendererPreferences) IPC_STRUCT_TRAITS_MEMBER(can_accept_load_drops) IPC_STRUCT_TRAITS_MEMBER(should_antialias_text) @@ -1953,21 +1961,25 @@ IPC_SYNC_MESSAGE_CONTROL1_2(ViewHostMsg_OpenChannelToPepperPlugin, int /* plugin_child_id */) // Notification that a plugin has created a new plugin instance. The parameters -// indicate the plugin process ID that we're creating the instance for, and the -// routing ID of the render view that the plugin instance is associated with. -// This allows us to create a mapping in the browser process for what objects a -// given PP_Instance is associated with. +// indicate: +// -The plugin process ID that we're creating the instance for. +// -The instance ID of the instance being created. +// -A PepperRendererInstanceData struct which contains properties from the +// renderer which are associated with the plugin instance. This includes the +// routing ID of the associated render view and the URL of plugin. +// -Whether the plugin we're creating an instance for is external or internal. // // This message must be sync even though it returns no parameters to avoid // a race condition with the plugin process. The plugin process sends messages // to the browser that assume the browser knows about the instance. We need to // make sure that the browser actually knows about the instance before we tell // the plugin to run. -IPC_SYNC_MESSAGE_CONTROL4_0(ViewHostMsg_DidCreateOutOfProcessPepperInstance, - int /* plugin_child_id */, - int32 /* pp_instance */, - int /* view_routing_id */, - bool /* is_external */) +IPC_SYNC_MESSAGE_CONTROL4_0( + ViewHostMsg_DidCreateOutOfProcessPepperInstance, + int /* plugin_child_id */, + int32 /* pp_instance */, + content::PepperRendererInstanceData /* creation_data */, + bool /* is_external */) // Notification that a plugin has destroyed an instance. This is the opposite of // the "DidCreate" message above. diff --git a/content/content_common.gypi b/content/content_common.gypi index 3f74f0b..64fc871 100644 --- a/content/content_common.gypi +++ b/content/content_common.gypi @@ -321,6 +321,8 @@ 'common/pepper_messages.h', 'common/pepper_plugin_registry.cc', 'common/pepper_plugin_registry.h', + 'common/pepper_renderer_instance_data.cc', + 'common/pepper_renderer_instance_data.h', 'common/plugin_carbon_interpose_constants_mac.cc', 'common/plugin_carbon_interpose_constants_mac.h', 'common/plugin_messages.h', diff --git a/content/public/browser/browser_ppapi_host.h b/content/public/browser/browser_ppapi_host.h index f5aa11c..08c5f07 100644 --- a/content/public/browser/browser_ppapi_host.h +++ b/content/public/browser/browser_ppapi_host.h @@ -10,6 +10,7 @@ #include "content/common/content_export.h" #include "content/public/browser/browser_thread.h" #include "content/public/browser/render_view_host.h" +#include "googleurl/src/gurl.h" #include "ppapi/c/pp_instance.h" namespace IPC { @@ -72,11 +73,16 @@ class CONTENT_EXPORT BrowserPpapiHost { virtual bool GetRenderViewIDsForInstance(PP_Instance instance, int* render_process_id, int* render_view_id) const = 0; + // Returns the name of the plugin. virtual const std::string& GetPluginName() = 0; // Returns the user's profile data directory. virtual const FilePath& GetProfileDataDirectory() = 0; + + // Get the Document/Plugin URLs for the given PP_Instance. + virtual GURL GetDocumentURLForInstance(PP_Instance instance) = 0; + virtual GURL GetPluginURLForInstance(PP_Instance instance) = 0; }; } // namespace content diff --git a/content/renderer/pepper/pepper_plugin_delegate_impl.cc b/content/renderer/pepper/pepper_plugin_delegate_impl.cc index eba8ee3..8bb4767 100644 --- a/content/renderer/pepper/pepper_plugin_delegate_impl.cc +++ b/content/renderer/pepper/pepper_plugin_delegate_impl.cc @@ -73,6 +73,7 @@ #include "ppapi/thunk/ppb_tcp_server_socket_private_api.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebCursorInfo.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebDocument.h" +#include "third_party/WebKit/Source/WebKit/chromium/public/WebElement.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebFrame.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebInputEvent.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebPluginContainer.h" @@ -161,10 +162,16 @@ class HostDispatcherWrapper // isn't true for browser tag support. if (host) { RenderView* render_view = host->GetRenderViewForInstance(instance); + webkit::ppapi::PluginInstance* plugin_instance = + host->GetPluginInstance(instance); render_view->Send(new ViewHostMsg_DidCreateOutOfProcessPepperInstance( plugin_child_id_, instance, - render_view->GetRoutingID(), + PepperRendererInstanceData( + 0, // The render process id will be supplied in the browser. + render_view->GetRoutingID(), + plugin_instance->container()->element().document().url(), + plugin_instance->plugin_url()), is_external_)); } } |