Chromium Code Reviews Chromium Code Reviews
Issue 1181893003:
Kill bad apps. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/guest_view/app_view/app_view_guest.h" | 5 #include "extensions/browser/guest_view/app_view/app_view_guest.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "components/guest_view/browser/guest_view_manager.h" | 8 #include "components/guest_view/browser/guest_view_manager.h" |
| 9 #include "content/public/browser/render_view_host.h" | 9 #include "content/public/browser/render_process_host.h" |
| 10 #include "content/public/common/renderer_preferences.h" | 10 #include "content/public/common/renderer_preferences.h" |
| 11 #include "extensions/browser/api/app_runtime/app_runtime_api.h" | 11 #include "extensions/browser/api/app_runtime/app_runtime_api.h" |
| 12 #include "extensions/browser/api/extensions_api_client.h" | 12 #include "extensions/browser/api/extensions_api_client.h" |
| 13 #include "extensions/browser/app_window/app_delegate.h" | 13 #include "extensions/browser/app_window/app_delegate.h" |
| 14 #include "extensions/browser/bad_message.h" | |
| 14 #include "extensions/browser/event_router.h" | 15 #include "extensions/browser/event_router.h" |
| 15 #include "extensions/browser/extension_host.h" | 16 #include "extensions/browser/extension_host.h" |
| 16 #include "extensions/browser/extension_registry.h" | 17 #include "extensions/browser/extension_registry.h" |
| 17 #include "extensions/browser/guest_view/app_view/app_view_constants.h" | 18 #include "extensions/browser/guest_view/app_view/app_view_constants.h" |
| 18 #include "extensions/browser/lazy_background_task_queue.h" | 19 #include "extensions/browser/lazy_background_task_queue.h" |
| 19 #include "extensions/browser/process_manager.h" | 20 #include "extensions/browser/process_manager.h" |
| 20 #include "extensions/browser/view_type_utils.h" | 21 #include "extensions/browser/view_type_utils.h" |
| 21 #include "extensions/common/api/app_runtime.h" | 22 #include "extensions/common/api/app_runtime.h" |
| 22 #include "extensions/common/extension_messages.h" | 23 #include "extensions/common/extension_messages.h" |
| 23 #include "extensions/strings/grit/extensions_strings.h" | 24 #include "extensions/strings/grit/extensions_strings.h" |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 56 } // namespace | 57 } // namespace |
| 57 | 58 |
| 58 // static. | 59 // static. |
| 59 const char AppViewGuest::Type[] = "appview"; | 60 const char AppViewGuest::Type[] = "appview"; |
| 60 | 61 |
| 61 // static. | 62 // static. |
| 62 bool AppViewGuest::CompletePendingRequest( | 63 bool AppViewGuest::CompletePendingRequest( |
| 63 content::BrowserContext* browser_context, | 64 content::BrowserContext* browser_context, |
| 64 const GURL& url, | 65 const GURL& url, |
| 65 int guest_instance_id, | 66 int guest_instance_id, |
| 66 const std::string& guest_extension_id) { | 67 const std::string& guest_extension_id, |
| 68 content::RenderProcessHost* guest_render_process_host) { | |
| 67 PendingResponseMap* response_map = pending_response_map.Pointer(); | 69 PendingResponseMap* response_map = pending_response_map.Pointer(); |
| 68 PendingResponseMap::iterator it = response_map->find(guest_instance_id); | 70 PendingResponseMap::iterator it = response_map->find(guest_instance_id); |
| 71 // Kill the requesting process if it is not the real guest. | |
| 69 if (it == response_map->end()) { | 72 if (it == response_map->end()) { |
| 70 // TODO(fsamuel): An app is sending invalid responses. We should probably | 73 // The requester used an invalid |guest_instance_id|. |
| 71 // kill it. | 74 bad_message::ReceivedBadMessage(guest_render_process_host, |
| 75 bad_message::AVG_BAD_INST_ID); | |
| 72 return false; | 76 return false; |
| 73 } | 77 } |
| 74 | 78 |
| 75 linked_ptr<ResponseInfo> response_info = it->second; | 79 linked_ptr<ResponseInfo> response_info = it->second; |
| 76 if (!response_info->app_view_guest || | 80 if (!response_info->app_view_guest || |
| 77 (response_info->guest_extension->id() != guest_extension_id)) { | 81 (response_info->guest_extension->id() != guest_extension_id)) { |
| 78 // TODO(fsamuel): An app is trying to respond to an <appview> that didn't | 82 // The app is trying to communicate with an <appview> not assigned to it, or |
| 79 // initiate communication with it. We should kill the app here. | 83 // the <appview> is already dead "nullptr". |
| 84 bad_message::BadMessageReason reason = !response_info->app_view_guest | |
| 85 ? bad_message::AVG_NULL_AVG | |
| 86 : bad_message::AVG_BAD_EXT_ID; | |
| 87 bad_message::ReceivedBadMessage(guest_render_process_host, reason); | |
| 80 return false; | 88 return false; |
| 81 } | 89 } |
| 82 | 90 |
| 83 response_info->app_view_guest->CompleteCreateWebContents( | 91 response_info->app_view_guest->CompleteCreateWebContents( |
| 84 url, response_info->guest_extension.get(), response_info->callback); | 92 url, response_info->guest_extension.get(), response_info->callback); |
| 85 | 93 |
| 86 response_map->erase(guest_instance_id); | 94 response_map->erase(guest_instance_id); |
| 87 return true; | 95 return true; |
| 88 } | 96 } |
| 89 | 97 |
| (...skipping 173 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 263 embed_request->SetString(appview::kEmbedderID, owner_host()); | 271 embed_request->SetString(appview::kEmbedderID, owner_host()); |
| 264 embed_request->Set(appview::kData, data.release()); | 272 embed_request->Set(appview::kData, data.release()); |
| 265 AppRuntimeEventRouter::DispatchOnEmbedRequestedEvent( | 273 AppRuntimeEventRouter::DispatchOnEmbedRequestedEvent( |
| 266 browser_context(), embed_request.Pass(), extension_host->extension()); | 274 browser_context(), embed_request.Pass(), extension_host->extension()); |
| 267 } | 275 } |
| 268 | 276 |
| 269 void AppViewGuest::SetAppDelegateForTest(AppDelegate* delegate) { | 277 void AppViewGuest::SetAppDelegateForTest(AppDelegate* delegate) { |
| 270 app_delegate_.reset(delegate); | 278 app_delegate_.reset(delegate); |
| 271 } | 279 } |
| 272 | 280 |
| 281 std::vector<int> AppViewGuest::GetAllRegisteredInstanceIdsForTesting() { | |
| 282 std::vector<int> instances; | |
| 283 for (auto it = pending_response_map.Get().begin(); | |
|
Devlin
2015/07/06 20:18:08
nit:
for (const auto& key_value : pending_response
EhsanK
2015/07/06 21:09:59
Done.
| |
| 284 it != pending_response_map.Get().end(); ++it) { | |
| 285 instances.push_back(it->first); | |
| 286 } | |
| 287 return instances; | |
| 288 } | |
| 289 | |
| 273 } // namespace extensions | 290 } // namespace extensions |
| OLD | NEW |
