Chromium Code Reviews Chromium Code Reviews
Issue 10984094:
Hook up PpapiPermissions in more places. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: ppapi/proxy/interface_list.h |
| diff --git a/ppapi/proxy/interface_list.h b/ppapi/proxy/interface_list.h |
| index 386323474faadf741b8a3b064be173ce9144ea53..35bde7f6b49473abf41b71b4a3faedb9f518a28f 100644 |
| --- a/ppapi/proxy/interface_list.h |
| +++ b/ppapi/proxy/interface_list.h |
| @@ -10,6 +10,8 @@ |
| #include "base/basictypes.h" |
| #include "ppapi/proxy/interface_proxy.h" |
| +#include "ppapi/proxy/ppapi_proxy_export.h" |
| +#include "ppapi/shared_impl/ppapi_permissions.h" |
| namespace ppapi { |
| namespace proxy { |
| @@ -21,6 +23,19 @@ class InterfaceList { |
| static InterfaceList* GetInstance(); |
| + // Sets the permissions that the interface list will use to compute |
| + // whether an interface is available to the current process. By default, |
| + // this will be "no permissions", which will give only access to public |
| + // stable interfaces via GetInterface. |
| + // |
| + // IMPORTANT: This is not a security boundary. Malicious plugins can bypass |
| + // this check since they run in the same address space as this code in the |
| + // plugin process. A real security check is required for all IPC messages. |
| + // This check just allows us to return NULL for interfaces you "shouldn't" be |
| + // using to keep honest plugins honest. |
| + static PPAPI_PROXY_EXPORT void SetProcessGlobalPermissions( |
| + const PpapiPermissions& permissions); |
| + |
| // Looks up the ID for the given interface name. Returns API_ID_NONE if |
| // the interface string is not found. |
| ApiID GetIDForPPBInterface(const std::string& name) const; |
| @@ -39,29 +54,41 @@ class InterfaceList { |
| struct InterfaceInfo { |
| InterfaceInfo() |
| : id(API_ID_NONE), |
| - iface(NULL) { |
| + iface(NULL), |
| + required_permission(PERMISSION_NONE) { |
| } |
| - InterfaceInfo(ApiID in_id, const void* in_interface) |
| + InterfaceInfo(ApiID in_id, const void* in_interface, Permission in_perm) |
| : id(in_id), |
| - iface(in_interface) { |
| + iface(in_interface), |
| + required_permission(in_perm) { |
| } |
| ApiID id; |
| const void* iface; |
| + |
| + // Permission required to return non-null for this interface. This will |
| + // be checked with the value set via SetProcessGlobalPermissionBits when |
| + // an interface is requested. |
| + Permission required_permission; |
| }; |
| typedef std::map<std::string, InterfaceInfo> NameToInterfaceInfoMap; |
| void AddProxy(ApiID id, InterfaceProxy::Factory factory); |
| - void AddPPB(const char* name, ApiID id, const void* iface); |
| + // Perms are the permission bits in ppapi::Permissions that are required to |
|
bbudge
2012/10/01 17:32:01
Not clear what 'Perms' refers to. How about:
// Th
|
| + // access the corresponding interface. |
| + void AddPPB(const char* name, ApiID id, const void* iface, |
| + Permission permission); |
| void AddPPP(const char* name, ApiID id, const void* iface); |
| // Old-style add functions. These should be removed when the rest of the |
| // proxies are converted over to using the new system. |
| - void AddPPB(const InterfaceProxy::Info* info); |
| + void AddPPB(const InterfaceProxy::Info* info, Permission perm); |
| void AddPPP(const InterfaceProxy::Info* info); |
| + PpapiPermissions permissions_; |
| + |
| NameToInterfaceInfoMap name_to_browser_info_; |
| NameToInterfaceInfoMap name_to_plugin_info_; |
