content/browser/renderer_host/pepper/pepper_socket_utils.cc - Issue 1213203004: Make the Pepper TCP open the firewall on Cros.

Side by Side Diff: content/browser/renderer_host/pepper/pepper_socket_utils.cc

Issue 1213203004: Make the Pepper TCP open the firewall on Cros. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « content/browser/renderer_host/pepper/pepper_socket_utils.h ('k') | content/browser/renderer_host/pepper/pepper_tcp_server_socket_message_filter.h » ('j') | content/browser/renderer_host/pepper/pepper_tcp_server_socket_message_filter.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/browser/renderer_host/pepper/pepper_socket_utils.h"	5 #include "content/browser/renderer_host/pepper/pepper_socket_utils.h"

6	6

7 #include <string>	7 #include <string>

8 #include <vector>	8 #include <vector>

9	9

10 #include "base/logging.h"	10 #include "base/logging.h"

11 #include "base/memory/ref_counted.h"	11 #include "base/memory/ref_counted.h"

12 #include "base/strings/string_util.h"	12 #include "base/strings/string_util.h"

13 #include "content/public/browser/browser_thread.h"	13 #include "content/public/browser/browser_thread.h"

14 #include "content/public/browser/content_browser_client.h"	14 #include "content/public/browser/content_browser_client.h"

15 #include "content/public/browser/render_frame_host.h"	15 #include "content/public/browser/render_frame_host.h"

16 #include "content/public/browser/site_instance.h"	16 #include "content/public/browser/site_instance.h"

17 #include "content/public/common/content_client.h"	17 #include "content/public/common/content_client.h"

	18 #include "net/base/ip_endpoint.h"

18 #include "net/cert/x509_certificate.h"	19 #include "net/cert/x509_certificate.h"

19 #include "ppapi/c/private/ppb_net_address_private.h"	20 #include "ppapi/c/private/ppb_net_address_private.h"

20 #include "ppapi/shared_impl/private/net_address_private_impl.h"	21 #include "ppapi/shared_impl/private/net_address_private_impl.h"

21 #include "ppapi/shared_impl/private/ppb_x509_certificate_private_shared.h"	22 #include "ppapi/shared_impl/private/ppb_x509_certificate_private_shared.h"

22	23

	24 #if defined(OS_CHROMEOS)

	25 #include "chromeos/network/firewall_hole.h"

	26 #endif // defined(OS_CHROMEOS)

	27

23 namespace content {	28 namespace content {

24 namespace pepper_socket_utils {	29 namespace pepper_socket_utils {

25	30

26 SocketPermissionRequest CreateSocketPermissionRequest(	31 SocketPermissionRequest CreateSocketPermissionRequest(

27 SocketPermissionRequest::OperationType type,	32 SocketPermissionRequest::OperationType type,

28 const PP_NetAddress_Private& net_addr) {	33 const PP_NetAddress_Private& net_addr) {

29 std::string host =	34 std::string host =

30 ppapi::NetAddressPrivateImpl::DescribeNetAddress(net_addr, false);	35 ppapi::NetAddressPrivateImpl::DescribeNetAddress(net_addr, false);

31 uint16 port = 0;	36 uint16 port = 0;

32 std::vector<unsigned char> address;	37 std::vector<unsigned char> address;

33 ppapi::NetAddressPrivateImpl::NetAddressToIPEndPoint(	38 ppapi::NetAddressPrivateImpl::NetAddressToIPEndPoint(

34 net_addr, &address, &port);	39 net_addr, &address, &port);

35 return SocketPermissionRequest(type, host, port);	40 return SocketPermissionRequest(type, host, port);

36 }	41 }

37	42

38 bool CanUseSocketAPIs(bool external_plugin,	43 bool CanUseSocketAPIs(bool external_plugin,

39 bool private_api,	44 bool private_api,

40 const SocketPermissionRequest* params,	45 const SocketPermissionRequest* params,

41 int render_process_id,	46 int render_process_id,

42 int render_frame_id) {	47 int render_frame_id) {

43 DCHECK_CURRENTLY_ON(BrowserThread::UI);	48 DCHECK_CURRENTLY_ON(BrowserThread::UI);

44 if (!external_plugin) {	49 if (!external_plugin) {

45 // Always allow socket APIs for out-process plugins (other than external	50 // Always allow socket APIs for out-process plugins (other than external

46 // plugins instantiated by the embeeder through	51 // plugins instantiated by the embedder through

47 // BrowserPpapiHost::CreateExternalPluginProcess).	52 // BrowserPpapiHost::CreateExternalPluginProcess).

48 return true;	53 return true;

49 }	54 }

50	55

51 RenderFrameHost* render_frame_host =	56 RenderFrameHost* render_frame_host =

52 RenderFrameHost::FromID(render_process_id, render_frame_id);	57 RenderFrameHost::FromID(render_process_id, render_frame_id);

53 if (!render_frame_host)	58 if (!render_frame_host)

54 return false;	59 return false;

55 SiteInstance* site_instance = render_frame_host->GetSiteInstance();	60 SiteInstance* site_instance = render_frame_host->GetSiteInstance();

56 if (!site_instance)	61 if (!site_instance)

(...skipping 64 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
121 bool GetCertificateFields(const char* der,	126 bool GetCertificateFields(const char* der,

122 uint32_t length,	127 uint32_t length,

123 ppapi::PPB_X509Certificate_Fields* fields) {	128 ppapi::PPB_X509Certificate_Fields* fields) {

124 scoped_refptr<net::X509Certificate> cert =	129 scoped_refptr<net::X509Certificate> cert =

125 net::X509Certificate::CreateFromBytes(der, length);	130 net::X509Certificate::CreateFromBytes(der, length);

126 if (!cert.get())	131 if (!cert.get())

127 return false;	132 return false;

128 return GetCertificateFields(*cert.get(), fields);	133 return GetCertificateFields(*cert.get(), fields);

129 }	134 }

130	135

	136 #if defined(OS_CHROMEOS)

	137 namespace {
	bbudge 2015/07/09 19:55:17 nit: Blank line here. nit: Blank line here. avallee 2015/07/13 18:29:10 Done. Show quoted text On 2015/07/09 19:55:17, bbudge wrote: > nit: Blank line here. Done.
	138 const unsigned char kIPv4Empty[] = {0, 0, 0, 0};

	139 const unsigned char kIPv6Empty[] =

	140 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

	141 const unsigned char kIPv6Loopback[] =

	142 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1};
	bbudge 2015/07/09 19:55:17 nit: insert blank line nit: insert blank line avallee 2015/07/13 18:29:09 Done. Show quoted text On 2015/07/09 19:55:17, bbudge wrote: > nit: insert blank line Done.
	143 bool isLoopbackAddress(const net::IPAddressNumber& address) {

	144 if (address.size() == net::kIPv4AddressSize && address[0] == 0x7f) {
	bbudge 2015/07/09 19:55:17 This would be a little easier to reason about if y This would be a little easier to reason about if you simplify the 'if' conditions: if (address.size() == net::kIPv4AddressSize) { return address[0] == 0x7f; } else if (address.size() == net::kIPv6AddressSize) { return std::equal(&kIPv6Loopback[0], &kIPv6Loopback[net::kIPv6AddressSize], address.begin()); } ... Also, don't you need to check the other bytes of the address for the ipv4 case? avallee 2015/07/13 18:29:10 Done. Show quoted text On 2015/07/09 19:55:17, bbudge wrote: > This would be a little easier to reason about if you simplify the 'if' > conditions: > > if (address.size() == net::kIPv4AddressSize) { > return address[0] == 0x7f; > } else if (address.size() == net::kIPv6AddressSize) { > return std::equal(&kIPv6Loopback[0], > &kIPv6Loopback[net::kIPv6AddressSize], > address.begin()); > } > ... > Done. Show quoted text > Also, don't you need to check the other bytes of the address for the ipv4 case? Nope the whole /8 netblock is loopback per RFC3330, page 2.
	145 // All of 127.0.0.0/8 is loopback in ipv4.

	146 return true;

	147 } else if (address.size() == net::kIPv6AddressSize &&

	148 std::equal(&kIPv6Loopback[0],

	149 &kIPv6Loopback[net::kIPv6AddressSize],

	150 address.begin())) {

	151 // ::1 is the only loopback address in ipv6.

	152 return true;

	153 }

	154 return false;

	155 }

	156

	157 std::string addressToFirewallString(const net::IPAddressNumber& address) {

	158 if (address.empty()) {

	159 return std::string();

	160 }

	161 if (address.size() == net::kIPv4AddressSize &&

	162 std::equal(&kIPv4Empty[0], &kIPv4Empty[net::kIPv4AddressSize],

	163 address.begin())) {

	164 return std::string();

	165 }

	166 if (address.size() == net::kIPv6AddressSize &&

	167 std::equal(&kIPv6Empty[0], &kIPv6Empty[net::kIPv6AddressSize],

	168 address.begin())) {

	169 return std::string();

	170 }

	171

	172 return net::IPAddressToString(address);

	173 }
	bbudge 2015/07/09 19:55:16 nit: insert blank line nit: insert blank line avallee 2015/07/13 18:29:10 Done. Show quoted text On 2015/07/09 19:55:16, bbudge wrote: > nit: insert blank line Done.
	174 } // namespace

	175

	176 void OpenFirewallHole(const net::IPEndPoint& address,

	177 chromeos::FirewallHole::PortType type,

	178 FirewallHoleOpenCallback callback) {

	179 if (isLoopbackAddress(address.address())) {

	180 callback.Run(nullptr);

	181 return;

	182 }

	183 std::string address_string = addressToFirewallString(address.address());

	184

	185 chromeos::FirewallHole::Open(type, address.port(), address_string, callback);

	186 }

	187

	188 void OpenTCPFirewallHole(const net::IPEndPoint& address,

	189 FirewallHoleOpenCallback callback) {

	190 OpenFirewallHole(address, chromeos::FirewallHole::PortType::TCP, callback);

	191 }

	192

	193 void OpenUDPFirewallHole(const net::IPEndPoint& address,

	194 FirewallHoleOpenCallback callback) {

	195 OpenFirewallHole(address, chromeos::FirewallHole::PortType::UDP, callback);

	196 }

	197 #endif // defined(OS_CHROMEOS)

	198

131 } // namespace pepper_socket_utils	199 } // namespace pepper_socket_utils

132 } // namespace content	200 } // namespace content

OLD	NEW