Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(367)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/renderer_host/pepper/pepper_message_filter.cc

Issue 10993078: Use extensions socket permission for TCP/UDP socket APIs in Pepper (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/chrome_content_browser_client.cc ('K') | « content/browser/renderer_host/pepper/pepper_message_filter.h ('k') | content/browser/renderer_host/pepper/pepper_udp_socket.h » ('j') | content/public/browser/content_browser_client.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/renderer_host/pepper/pepper_message_filter.cc
diff --git a/content/browser/renderer_host/pepper/pepper_message_filter.cc b/content/browser/renderer_host/pepper/pepper_message_filter.cc
index 0355a7c35e26ad572e8857c1d5d228dd82e1f935..9c672beae98b578ad9837fc8db5413c6983351c9 100644
--- a/content/browser/renderer_host/pepper/pepper_message_filter.cc
+++ b/content/browser/renderer_host/pepper/pepper_message_filter.cc
@@ -44,6 +44,7 @@
#include "ppapi/shared_impl/api_id.h"
#include "ppapi/shared_impl/private/net_address_private_impl.h"
#include "ppapi/shared_impl/private/ppb_host_resolver_shared.h"
+#include "ppapi/cpp/private/net_address_private.h"
ygorshenin1 2012/09/28 14:43:34 nit: sort, please.
Dmitry Polukhin 2012/10/01 11:00:24 Done.
#ifdef OS_WIN
#include <windows.h>
@@ -121,8 +122,8 @@ void PepperMessageFilter::OverrideThreadForMessage(
if (message.type() == PpapiHostMsg_PPBTCPSocket_Connect::ID ||
message.type() == PpapiHostMsg_PPBTCPSocket_ConnectWithNetAddress::ID ||
message.type() == PpapiHostMsg_PPBUDPSocket_Bind::ID ||
- message.type() == PpapiHostMsg_PPBTCPServerSocket_Listen::ID ||
- message.type() == PpapiHostMsg_PPBHostResolver_Resolve::ID) {
+ message.type() == PpapiHostMsg_PPBUDPSocket_SendTo::ID ||
+ message.type() == PpapiHostMsg_PPBTCPServerSocket_Listen::ID) {
ygorshenin1 2012/09/28 14:43:34 nit: message ID's could be sorted here, for better
Dmitry Polukhin 2012/10/01 11:00:24 Done.
*thread = BrowserThread::UI;
} else if (message.type() == PepperMsg_GetDeviceID::ID) {
*thread = BrowserThread::FILE;
@@ -286,9 +287,13 @@ void PepperMessageFilter::OnTCPConnect(int32 routing_id,
const std::string& host,
uint16_t port) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+ content::ContentBrowserClient::SocketPermissionParam params(
+ content::ContentBrowserClient::SocketPermissionParam::TCP_CONNECT,
+ host, port);
+ bool allowed = CanUseSocketAPIs(routing_id, params);
BrowserThread::PostTask(BrowserThread::IO, FROM_HERE,
base::Bind(&PepperMessageFilter::DoTCPConnect, this,
- CanUseSocketAPIs(routing_id), routing_id, socket_id, host, port));
+ allowed, routing_id, socket_id, host, port));
}
void PepperMessageFilter::DoTCPConnect(bool allowed,
@@ -314,9 +319,12 @@ void PepperMessageFilter::OnTCPConnectWithNetAddress(
uint32 socket_id,
const PP_NetAddress_Private& net_addr) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+ bool allowed = CanUseSocketAPIs(routing_id, CreateSocketPermissionParam(
+ content::ContentBrowserClient::SocketPermissionParam::TCP_CONNECT,
+ net_addr));
BrowserThread::PostTask(BrowserThread::IO, FROM_HERE,
base::Bind(&PepperMessageFilter::DoTCPConnectWithNetAddress, this,
- CanUseSocketAPIs(routing_id), routing_id, socket_id, net_addr));
+ allowed, routing_id, socket_id, net_addr));
}
void PepperMessageFilter::DoTCPConnectWithNetAddress(
@@ -432,9 +440,12 @@ void PepperMessageFilter::OnUDPBind(int32 routing_id,
uint32 socket_id,
const PP_NetAddress_Private& addr) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+ bool allowed = CanUseSocketAPIs(routing_id, CreateSocketPermissionParam(
+ content::ContentBrowserClient::SocketPermissionParam::UDP_BIND,
+ addr));
BrowserThread::PostTask(BrowserThread::IO, FROM_HERE,
base::Bind(&PepperMessageFilter::DoUDPBind, this,
- CanUseSocketAPIs(routing_id), routing_id, socket_id, addr));
+ allowed, routing_id, socket_id, addr));
}
void PepperMessageFilter::DoUDPBind(bool allowed,
@@ -464,16 +475,36 @@ void PepperMessageFilter::OnUDPRecvFrom(uint32 socket_id, int32_t num_bytes) {
iter->second->RecvFrom(num_bytes);
}
-void PepperMessageFilter::OnUDPSendTo(uint32 socket_id,
+void PepperMessageFilter::OnUDPSendTo(int32 routing_id,
+ uint32 socket_id,
const std::string& data,
const PP_NetAddress_Private& addr) {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+ bool allowed = CanUseSocketAPIs(routing_id, CreateSocketPermissionParam(
+ content::ContentBrowserClient::SocketPermissionParam::UDP_SEND_TO,
+ addr));
+ BrowserThread::PostTask(BrowserThread::IO, FROM_HERE,
+ base::Bind(&PepperMessageFilter::DoUDPSendTo, this,
+ allowed, routing_id, socket_id, data, addr));
+
+}
+
+void PepperMessageFilter::DoUDPSendTo(bool allowed,
+ int32 routing_id,
+ uint32 socket_id,
+ const std::string& data,
+ const PP_NetAddress_Private& addr) {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
UDPSocketMap::iterator iter = udp_sockets_.find(socket_id);
if (iter == udp_sockets_.end()) {
NOTREACHED();
return;
}
- iter->second->SendTo(data, addr);
+ if (routing_id == iter->second->routing_id() && allowed)
ygorshenin1 2012/09/28 14:43:34 nit: delete single space before "allowed".
+ iter->second->SendTo(data, addr);
+ else
+ iter->second->SendSendToACKError();
}
void PepperMessageFilter::OnUDPClose(uint32 socket_id) {
@@ -495,10 +526,13 @@ void PepperMessageFilter::OnTCPServerListen(int32 routing_id,
const PP_NetAddress_Private& addr,
int32_t backlog) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+ bool allowed = CanUseSocketAPIs(routing_id, CreateSocketPermissionParam(
+ content::ContentBrowserClient::SocketPermissionParam::TCP_LISTEN,
+ addr));
BrowserThread::PostTask(BrowserThread::IO, FROM_HERE,
base::Bind(&PepperMessageFilter::DoTCPServerListen,
this,
- CanUseSocketAPIs(routing_id),
+ allowed,
routing_id,
plugin_dispatcher_id,
socket_resource,
@@ -553,33 +587,7 @@ void PepperMessageFilter::OnHostResolverResolve(
uint32 host_resolver_id,
const ppapi::HostPortPair& host_port,
const PP_HostResolver_Private_Hint& hint) {
- DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
- BrowserThread::PostTask(
- BrowserThread::IO, FROM_HERE,
- base::Bind(&PepperMessageFilter::DoHostResolverResolve, this,
- CanUseSocketAPIs(routing_id),
- routing_id,
- plugin_dispatcher_id,
- host_resolver_id,
- host_port,
- hint));
-}
-
-void PepperMessageFilter::DoHostResolverResolve(
- bool allowed,
- int32 routing_id,
- uint32 plugin_dispatcher_id,
- uint32 host_resolver_id,
- const ppapi::HostPortPair& host_port,
- const PP_HostResolver_Private_Hint& hint) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
- if (!allowed) {
- SendHostResolverResolveACKError(routing_id,
- plugin_dispatcher_id,
- host_resolver_id);
- return;
- }
-
net::HostResolver::RequestInfo request_info(
net::HostPortPair(host_port.host, host_port.port));
@@ -811,7 +819,8 @@ uint32 PepperMessageFilter::GenerateSocketID() {
return socket_id;
}
-bool PepperMessageFilter::CanUseSocketAPIs(int32 render_id) {
+bool PepperMessageFilter::CanUseSocketAPIs(int32 render_id,
+ const content::ContentBrowserClient::SocketPermissionParam& params) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
if (process_type_ == PLUGIN) {
// Always allow socket APIs for out-process plugins.
@@ -829,15 +838,27 @@ bool PepperMessageFilter::CanUseSocketAPIs(int32 render_id) {
if (!content::GetContentClient()->browser()->AllowPepperSocketAPI(
site_instance->GetBrowserContext(),
- site_instance->GetSite())) {
+ site_instance->GetSite(),
+ params)) {
LOG(ERROR) << "Host " << site_instance->GetSite().host()
- << " cannot use socket API";
+ << " cannot use socket API or destination is not allowed";
return false;
}
return true;
}
+content::ContentBrowserClient::SocketPermissionParam
+PepperMessageFilter::CreateSocketPermissionParam(
+ content::ContentBrowserClient::SocketPermissionParam::OperationType type,
+ const PP_NetAddress_Private& net_addr) {
+ std::string host = NetAddressPrivateImpl::DescribeNetAddress(net_addr, false);
+ int port = 0;
+ std::vector<unsigned char> address;
+ NetAddressPrivateImpl::NetAddressToIPEndPoint(net_addr, &address, &port);
+ return content::ContentBrowserClient::SocketPermissionParam(type, host, port);
+}
+
void PepperMessageFilter::GetAndSendNetworkList() {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
« chrome/browser/chrome_content_browser_client.cc ('K') | « content/browser/renderer_host/pepper/pepper_message_filter.h ('k') | content/browser/renderer_host/pepper/pepper_udp_socket.h » ('j') | content/public/browser/content_browser_client.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698