Chromium Code Reviews Chromium Code Reviews
Issue 1181893003:
Kill bad apps. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/guest_view/app_view/app_view_guest.h" | 5 #include "extensions/browser/guest_view/app_view/app_view_guest.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "components/guest_view/browser/guest_view_manager.h" | 8 #include "components/guest_view/browser/guest_view_manager.h" |
| 9 #include "content/public/browser/render_view_host.h" | 9 #include "content/public/browser/render_process_host.h" |
| 10 #include "content/public/browser/user_metrics.h" | |
| 10 #include "content/public/common/renderer_preferences.h" | 11 #include "content/public/common/renderer_preferences.h" |
| 11 #include "extensions/browser/api/app_runtime/app_runtime_api.h" | 12 #include "extensions/browser/api/app_runtime/app_runtime_api.h" |
| 12 #include "extensions/browser/api/extensions_api_client.h" | 13 #include "extensions/browser/api/extensions_api_client.h" |
| 13 #include "extensions/browser/app_window/app_delegate.h" | 14 #include "extensions/browser/app_window/app_delegate.h" |
| 15 #include "extensions/browser/bad_message.h" | |
| 14 #include "extensions/browser/event_router.h" | 16 #include "extensions/browser/event_router.h" |
| 15 #include "extensions/browser/extension_host.h" | 17 #include "extensions/browser/extension_host.h" |
| 16 #include "extensions/browser/extension_registry.h" | 18 #include "extensions/browser/extension_registry.h" |
| 17 #include "extensions/browser/guest_view/app_view/app_view_constants.h" | 19 #include "extensions/browser/guest_view/app_view/app_view_constants.h" |
| 18 #include "extensions/browser/lazy_background_task_queue.h" | 20 #include "extensions/browser/lazy_background_task_queue.h" |
| 19 #include "extensions/browser/process_manager.h" | 21 #include "extensions/browser/process_manager.h" |
| 20 #include "extensions/browser/view_type_utils.h" | 22 #include "extensions/browser/view_type_utils.h" |
| 21 #include "extensions/common/api/app_runtime.h" | 23 #include "extensions/common/api/app_runtime.h" |
| 22 #include "extensions/common/extension_messages.h" | 24 #include "extensions/common/extension_messages.h" |
| 23 #include "extensions/strings/grit/extensions_strings.h" | 25 #include "extensions/strings/grit/extensions_strings.h" |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 56 } // namespace | 58 } // namespace |
| 57 | 59 |
| 58 // static. | 60 // static. |
| 59 const char AppViewGuest::Type[] = "appview"; | 61 const char AppViewGuest::Type[] = "appview"; |
| 60 | 62 |
| 61 // static. | 63 // static. |
| 62 bool AppViewGuest::CompletePendingRequest( | 64 bool AppViewGuest::CompletePendingRequest( |
| 63 content::BrowserContext* browser_context, | 65 content::BrowserContext* browser_context, |
| 64 const GURL& url, | 66 const GURL& url, |
| 65 int guest_instance_id, | 67 int guest_instance_id, |
| 66 const std::string& guest_extension_id) { | 68 const std::string& guest_extension_id, |
| 69 int guest_render_process_host_id) { | |
|
Devlin
2015/06/30 19:54:10
It seems odd to pass this as an int, when all you'
EhsanK
2015/07/02 19:15:13
Noted. Modified everything accordingly.
| |
| 67 PendingResponseMap* response_map = pending_response_map.Pointer(); | 70 PendingResponseMap* response_map = pending_response_map.Pointer(); |
| 68 PendingResponseMap::iterator it = response_map->find(guest_instance_id); | 71 PendingResponseMap::iterator it = response_map->find(guest_instance_id); |
| 72 // Kill the requesting process if it is not the real guest. | |
| 69 if (it == response_map->end()) { | 73 if (it == response_map->end()) { |
| 70 // TODO(fsamuel): An app is sending invalid responses. We should probably | 74 // The requester used an invalid |guest_instance_id|. |
| 71 // kill it. | 75 bad_message::ReceivedBadMessage( |
| 76 content::RenderProcessHost::FromID(guest_render_process_host_id), | |
| 77 bad_message::AVG_BAD_INST_ID); | |
| 72 return false; | 78 return false; |
| 73 } | 79 } |
| 74 | 80 |
| 75 linked_ptr<ResponseInfo> response_info = it->second; | 81 linked_ptr<ResponseInfo> response_info = it->second; |
| 76 if (!response_info->app_view_guest || | 82 if (!response_info->app_view_guest || |
| 77 (response_info->guest_extension->id() != guest_extension_id)) { | 83 (response_info->guest_extension->id() != guest_extension_id)) { |
| 78 // TODO(fsamuel): An app is trying to respond to an <appview> that didn't | 84 // The app is trying to communicate with an <appview> not assigned to it, or |
| 79 // initiate communication with it. We should kill the app here. | 85 // the <appview> is already dead "nullptr". |
| 86 bad_message::BadMessageReason reason = !response_info->app_view_guest | |
| 87 ? bad_message::AVG_NULL_AVG | |
| 88 : bad_message::AVG_BAD_EXT_ID; | |
| 89 bad_message::ReceivedBadMessage( | |
| 90 content::RenderProcessHost::FromID(guest_render_process_host_id), | |
| 91 reason); | |
| 80 return false; | 92 return false; |
| 81 } | 93 } |
| 82 | 94 |
| 83 response_info->app_view_guest->CompleteCreateWebContents( | 95 response_info->app_view_guest->CompleteCreateWebContents( |
| 84 url, response_info->guest_extension.get(), response_info->callback); | 96 url, response_info->guest_extension.get(), response_info->callback); |
| 85 | 97 |
| 86 response_map->erase(guest_instance_id); | 98 response_map->erase(guest_instance_id); |
| 87 return true; | 99 return true; |
| 88 } | 100 } |
| 89 | 101 |
| (...skipping 173 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 263 embed_request->SetString(appview::kEmbedderID, owner_host()); | 275 embed_request->SetString(appview::kEmbedderID, owner_host()); |
| 264 embed_request->Set(appview::kData, data.release()); | 276 embed_request->Set(appview::kData, data.release()); |
| 265 AppRuntimeEventRouter::DispatchOnEmbedRequestedEvent( | 277 AppRuntimeEventRouter::DispatchOnEmbedRequestedEvent( |
| 266 browser_context(), embed_request.Pass(), extension_host->extension()); | 278 browser_context(), embed_request.Pass(), extension_host->extension()); |
| 267 } | 279 } |
| 268 | 280 |
| 269 void AppViewGuest::SetAppDelegateForTest(AppDelegate* delegate) { | 281 void AppViewGuest::SetAppDelegateForTest(AppDelegate* delegate) { |
| 270 app_delegate_.reset(delegate); | 282 app_delegate_.reset(delegate); |
| 271 } | 283 } |
| 272 | 284 |
| 285 std::vector<int> AppViewGuest::GetAllRegisteredInstanceIdsForTesting() { | |
| 286 std::vector<int> instances; | |
| 287 for (auto it = pending_response_map.Get().begin(); | |
| 288 it != pending_response_map.Get().end(); ++it) { | |
| 289 instances.push_back(it->first); | |
| 290 } | |
| 291 return instances; | |
| 292 } | |
| 293 | |
| 273 } // namespace extensions | 294 } // namespace extensions |
| OLD | NEW |
