Index: content/browser/renderer_host/pepper/pepper_message_filter.cc |
diff --git a/content/browser/renderer_host/pepper/pepper_message_filter.cc b/content/browser/renderer_host/pepper/pepper_message_filter.cc |
index 0355a7c35e26ad572e8857c1d5d228dd82e1f935..9c672beae98b578ad9837fc8db5413c6983351c9 100644 |
--- a/content/browser/renderer_host/pepper/pepper_message_filter.cc |
+++ b/content/browser/renderer_host/pepper/pepper_message_filter.cc |
@@ -44,6 +44,7 @@ |
#include "ppapi/shared_impl/api_id.h" |
#include "ppapi/shared_impl/private/net_address_private_impl.h" |
#include "ppapi/shared_impl/private/ppb_host_resolver_shared.h" |
+#include "ppapi/cpp/private/net_address_private.h" |
ygorshenin1
2012/09/28 14:43:34
nit: sort, please.
Dmitry Polukhin
2012/10/01 11:00:24
Done.
|
#ifdef OS_WIN |
#include <windows.h> |
@@ -121,8 +122,8 @@ void PepperMessageFilter::OverrideThreadForMessage( |
if (message.type() == PpapiHostMsg_PPBTCPSocket_Connect::ID || |
message.type() == PpapiHostMsg_PPBTCPSocket_ConnectWithNetAddress::ID || |
message.type() == PpapiHostMsg_PPBUDPSocket_Bind::ID || |
- message.type() == PpapiHostMsg_PPBTCPServerSocket_Listen::ID || |
- message.type() == PpapiHostMsg_PPBHostResolver_Resolve::ID) { |
+ message.type() == PpapiHostMsg_PPBUDPSocket_SendTo::ID || |
+ message.type() == PpapiHostMsg_PPBTCPServerSocket_Listen::ID) { |
ygorshenin1
2012/09/28 14:43:34
nit: message ID's could be sorted here, for better
Dmitry Polukhin
2012/10/01 11:00:24
Done.
|
*thread = BrowserThread::UI; |
} else if (message.type() == PepperMsg_GetDeviceID::ID) { |
*thread = BrowserThread::FILE; |
@@ -286,9 +287,13 @@ void PepperMessageFilter::OnTCPConnect(int32 routing_id, |
const std::string& host, |
uint16_t port) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
+ content::ContentBrowserClient::SocketPermissionParam params( |
+ content::ContentBrowserClient::SocketPermissionParam::TCP_CONNECT, |
+ host, port); |
+ bool allowed = CanUseSocketAPIs(routing_id, params); |
BrowserThread::PostTask(BrowserThread::IO, FROM_HERE, |
base::Bind(&PepperMessageFilter::DoTCPConnect, this, |
- CanUseSocketAPIs(routing_id), routing_id, socket_id, host, port)); |
+ allowed, routing_id, socket_id, host, port)); |
} |
void PepperMessageFilter::DoTCPConnect(bool allowed, |
@@ -314,9 +319,12 @@ void PepperMessageFilter::OnTCPConnectWithNetAddress( |
uint32 socket_id, |
const PP_NetAddress_Private& net_addr) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
+ bool allowed = CanUseSocketAPIs(routing_id, CreateSocketPermissionParam( |
+ content::ContentBrowserClient::SocketPermissionParam::TCP_CONNECT, |
+ net_addr)); |
BrowserThread::PostTask(BrowserThread::IO, FROM_HERE, |
base::Bind(&PepperMessageFilter::DoTCPConnectWithNetAddress, this, |
- CanUseSocketAPIs(routing_id), routing_id, socket_id, net_addr)); |
+ allowed, routing_id, socket_id, net_addr)); |
} |
void PepperMessageFilter::DoTCPConnectWithNetAddress( |
@@ -432,9 +440,12 @@ void PepperMessageFilter::OnUDPBind(int32 routing_id, |
uint32 socket_id, |
const PP_NetAddress_Private& addr) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
+ bool allowed = CanUseSocketAPIs(routing_id, CreateSocketPermissionParam( |
+ content::ContentBrowserClient::SocketPermissionParam::UDP_BIND, |
+ addr)); |
BrowserThread::PostTask(BrowserThread::IO, FROM_HERE, |
base::Bind(&PepperMessageFilter::DoUDPBind, this, |
- CanUseSocketAPIs(routing_id), routing_id, socket_id, addr)); |
+ allowed, routing_id, socket_id, addr)); |
} |
void PepperMessageFilter::DoUDPBind(bool allowed, |
@@ -464,16 +475,36 @@ void PepperMessageFilter::OnUDPRecvFrom(uint32 socket_id, int32_t num_bytes) { |
iter->second->RecvFrom(num_bytes); |
} |
-void PepperMessageFilter::OnUDPSendTo(uint32 socket_id, |
+void PepperMessageFilter::OnUDPSendTo(int32 routing_id, |
+ uint32 socket_id, |
const std::string& data, |
const PP_NetAddress_Private& addr) { |
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
+ bool allowed = CanUseSocketAPIs(routing_id, CreateSocketPermissionParam( |
+ content::ContentBrowserClient::SocketPermissionParam::UDP_SEND_TO, |
+ addr)); |
+ BrowserThread::PostTask(BrowserThread::IO, FROM_HERE, |
+ base::Bind(&PepperMessageFilter::DoUDPSendTo, this, |
+ allowed, routing_id, socket_id, data, addr)); |
+ |
+} |
+ |
+void PepperMessageFilter::DoUDPSendTo(bool allowed, |
+ int32 routing_id, |
+ uint32 socket_id, |
+ const std::string& data, |
+ const PP_NetAddress_Private& addr) { |
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
UDPSocketMap::iterator iter = udp_sockets_.find(socket_id); |
if (iter == udp_sockets_.end()) { |
NOTREACHED(); |
return; |
} |
- iter->second->SendTo(data, addr); |
+ if (routing_id == iter->second->routing_id() && allowed) |
ygorshenin1
2012/09/28 14:43:34
nit: delete single space before "allowed".
|
+ iter->second->SendTo(data, addr); |
+ else |
+ iter->second->SendSendToACKError(); |
} |
void PepperMessageFilter::OnUDPClose(uint32 socket_id) { |
@@ -495,10 +526,13 @@ void PepperMessageFilter::OnTCPServerListen(int32 routing_id, |
const PP_NetAddress_Private& addr, |
int32_t backlog) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
+ bool allowed = CanUseSocketAPIs(routing_id, CreateSocketPermissionParam( |
+ content::ContentBrowserClient::SocketPermissionParam::TCP_LISTEN, |
+ addr)); |
BrowserThread::PostTask(BrowserThread::IO, FROM_HERE, |
base::Bind(&PepperMessageFilter::DoTCPServerListen, |
this, |
- CanUseSocketAPIs(routing_id), |
+ allowed, |
routing_id, |
plugin_dispatcher_id, |
socket_resource, |
@@ -553,33 +587,7 @@ void PepperMessageFilter::OnHostResolverResolve( |
uint32 host_resolver_id, |
const ppapi::HostPortPair& host_port, |
const PP_HostResolver_Private_Hint& hint) { |
- DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
- BrowserThread::PostTask( |
- BrowserThread::IO, FROM_HERE, |
- base::Bind(&PepperMessageFilter::DoHostResolverResolve, this, |
- CanUseSocketAPIs(routing_id), |
- routing_id, |
- plugin_dispatcher_id, |
- host_resolver_id, |
- host_port, |
- hint)); |
-} |
- |
-void PepperMessageFilter::DoHostResolverResolve( |
- bool allowed, |
- int32 routing_id, |
- uint32 plugin_dispatcher_id, |
- uint32 host_resolver_id, |
- const ppapi::HostPortPair& host_port, |
- const PP_HostResolver_Private_Hint& hint) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
- if (!allowed) { |
- SendHostResolverResolveACKError(routing_id, |
- plugin_dispatcher_id, |
- host_resolver_id); |
- return; |
- } |
- |
net::HostResolver::RequestInfo request_info( |
net::HostPortPair(host_port.host, host_port.port)); |
@@ -811,7 +819,8 @@ uint32 PepperMessageFilter::GenerateSocketID() { |
return socket_id; |
} |
-bool PepperMessageFilter::CanUseSocketAPIs(int32 render_id) { |
+bool PepperMessageFilter::CanUseSocketAPIs(int32 render_id, |
+ const content::ContentBrowserClient::SocketPermissionParam& params) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
if (process_type_ == PLUGIN) { |
// Always allow socket APIs for out-process plugins. |
@@ -829,15 +838,27 @@ bool PepperMessageFilter::CanUseSocketAPIs(int32 render_id) { |
if (!content::GetContentClient()->browser()->AllowPepperSocketAPI( |
site_instance->GetBrowserContext(), |
- site_instance->GetSite())) { |
+ site_instance->GetSite(), |
+ params)) { |
LOG(ERROR) << "Host " << site_instance->GetSite().host() |
- << " cannot use socket API"; |
+ << " cannot use socket API or destination is not allowed"; |
return false; |
} |
return true; |
} |
+content::ContentBrowserClient::SocketPermissionParam |
+PepperMessageFilter::CreateSocketPermissionParam( |
+ content::ContentBrowserClient::SocketPermissionParam::OperationType type, |
+ const PP_NetAddress_Private& net_addr) { |
+ std::string host = NetAddressPrivateImpl::DescribeNetAddress(net_addr, false); |
+ int port = 0; |
+ std::vector<unsigned char> address; |
+ NetAddressPrivateImpl::NetAddressToIPEndPoint(net_addr, &address, &port); |
+ return content::ContentBrowserClient::SocketPermissionParam(type, host, port); |
+} |
+ |
void PepperMessageFilter::GetAndSendNetworkList() { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |