// Copyright (c) 2009 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "chrome_frame/chrome_launcher.h" #include "base/base_switches.h" #include "base/command_line.h" #include "base/file_util.h" #include "base/logging.h" #include "base/path_service.h" #include "chrome/common/chrome_constants.h" #include "chrome/common/chrome_switches.h" #include "chrome_frame/chrome_frame_automation.h" namespace chrome_launcher { const wchar_t kLauncherExeBaseName[] = L"chrome_launcher.exe"; // These are the switches we will allow (along with their values) in the // safe-for-Low-Integrity version of the Chrome command line. const char* kAllowedSwitches[] = { switches::kAutomationClientChannelID, switches::kChromeFrame, switches::kDisableMetrics, switches::kEnableRendererAccessibility, switches::kEnableExperimentalExtensionApis, switches::kNoErrorDialogs, switches::kNoFirstRun, switches::kUserDataDir, }; CommandLine* CreateLaunchCommandLine() { // TODO(joi) As optimization, could launch Chrome directly when running at // medium integrity. (Requires bringing in code to read SIDs, etc.) // The launcher EXE will be in the same directory as the npchrome_tab DLL, // so create a full path to it based on this assumption. Since our unit // tests also use this function, and live in the directory above, we test // existence of the file and try the path that includes the /servers/ // directory if needed. FilePath module_path; if (PathService::Get(base::FILE_MODULE, &module_path)) { FilePath current_dir = module_path.DirName(); FilePath same_dir_path = current_dir.Append(kLauncherExeBaseName); if (file_util::PathExists(same_dir_path)) { return new CommandLine(same_dir_path); } else { FilePath servers_path = current_dir.Append(L"servers").Append(kLauncherExeBaseName); DCHECK(file_util::PathExists(servers_path)) << "What module is this? It's not in 'servers' or main output dir."; return new CommandLine(servers_path); } } else { NOTREACHED(); return NULL; } } void SanitizeCommandLine(const CommandLine& original, CommandLine* sanitized) { int num_sanitized_switches = 0; for (int i = 0; i < arraysize(kAllowedSwitches); ++i) { const char* current_switch = kAllowedSwitches[i]; if (original.HasSwitch(current_switch)) { ++num_sanitized_switches; std::wstring switch_value = original.GetSwitchValue(current_switch); if (0 == switch_value.length()) { sanitized->AppendSwitch(current_switch); } else { sanitized->AppendSwitchWithValue(current_switch, switch_value); } } } if (num_sanitized_switches != original.GetSwitchCount()) { NOTREACHED(); LOG(ERROR) << "Original command line from Low Integrity had switches " << "that are not on our whitelist."; } } bool SanitizeAndLaunchChrome(const wchar_t* command_line) { std::wstring command_line_with_program(L"dummy.exe "); command_line_with_program += command_line; CommandLine original = CommandLine::FromString(command_line_with_program); CommandLine sanitized(GetChromeExecutablePath()); SanitizeCommandLine(original, &sanitized); return base::LaunchApp(sanitized.command_line_string(), false, false, NULL); } FilePath GetChromeExecutablePath() { FilePath cur_path; PathService::Get(base::DIR_MODULE, &cur_path); cur_path = cur_path.Append(chrome::kBrowserProcessExecutableName); // The installation model for Chrome places the DLLs in a versioned // sub-folder one down from the Chrome executable. If we fail to find // chrome.exe in the current path, try looking one up and launching that // instead. if (!file_util::PathExists(cur_path)) { PathService::Get(base::DIR_MODULE, &cur_path); cur_path = cur_path.DirName().Append(chrome::kBrowserProcessExecutableName); } return cur_path; } } // namespace chrome_launcher // Entrypoint that implements the logic of chrome_launcher.exe. int CALLBACK CfLaunchChrome() { if (chrome_launcher::SanitizeAndLaunchChrome(::GetCommandLine())) { return ERROR_SUCCESS; } else { return ERROR_OPEN_FAILED; } } // Compile-time check to see that the type CfLaunchChromeProc is correct. #ifndef NODEBUG namespace { chrome_launcher::CfLaunchChromeProc cf_launch_chrome = CfLaunchChrome; } // namespace #endif // NODEBUG