Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(363)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1244233002: Allow trusted brokers to restrict connections for spawned applications to whitelisted applications … (Closed)

Created:
5 years, 5 months ago by Ben Goodger (Google)
Modified:
5 years, 4 months ago
Reviewers:
xhwang, jam, sky, yzshen1
CC:
chromium-reviews, qsr+mojo_chromium.org, viettrungluu+watch_chromium.org, yzshen+watch_chromium.org, abarth-chromium, Aaron Boodman, darin (slow to review), ben+mojo_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Allow trusted brokers to restrict connections for spawned applications to whitelisted applications and interfaces. Currently, filters are not inherited when a restricted application starts a new application. If I did that immediately there is an opportunity for races if a restricted app starts a trusted app before the trusted broker can. I need to think through that in more detail. For now, any filters must be explicitly specified with every call to ConnectToApplication. I'm not handling content handlers properly yet in this round. TBD. http://crbug.com/510210 Committed: https://crrev.com/2dd70fcff791aa32b77360c9c8ed413d791e5b47 Cr-Commit-Position: refs/heads/master@{#340352}

Patch Set 1 #

Patch Set 2 : . #

Patch Set 3 : . #

Patch Set 4 : . #

Patch Set 5 : . #

Patch Set 6 : . #

Patch Set 7 : . #

Total comments: 16

Patch Set 8 : . #

Patch Set 9 : . #

Total comments: 6

Patch Set 10 : . #

Patch Set 11 : . #

Patch Set 12 : . #

Total comments: 2

Patch Set 13 : . #

Patch Set 14 : . #

Patch Set 15 : . #

Patch Set 16 : . #

Patch Set 17 : . #

Patch Set 18 : . #

Patch Set 19 : . #

Patch Set 20 : . #

Total comments: 7

Patch Set 21 : . #

Patch Set 22 : . #

Total comments: 2
Unified diffs Side-by-side diffs Delta from patch set Stats (+780 lines, -148 lines) Patch
M components/html_viewer/devtools_agent_impl.cc View 1 2 3 4 5 1 chunk +4 lines, -2 lines 0 comments Download
M components/html_viewer/media_factory.cc View 1 2 3 4 5 1 chunk +1 line, -1 line 0 comments Download
M components/resource_provider/public/cpp/resource_loader.cc View 1 2 3 4 5 1 chunk +1 line, -0 lines 0 comments Download
M content/browser/frame_host/frame_mojo_shell.h View 1 2 3 4 5 6 7 8 9 1 chunk +2 lines, -1 line 0 comments Download
M content/browser/frame_host/frame_mojo_shell.cc View 1 2 3 4 5 6 7 8 9 1 chunk +3 lines, -2 lines 0 comments Download
M content/browser/mojo/mojo_app_connection_impl.cc View 1 2 3 4 5 6 7 8 9 1 chunk +2 lines, -1 line 0 comments Download
M content/browser/mojo/mojo_shell_context.h View 1 2 3 4 5 6 7 8 9 2 chunks +4 lines, -2 lines 0 comments Download
M content/browser/mojo/mojo_shell_context.cc View 1 2 3 4 5 6 7 8 9 3 chunks +13 lines, -8 lines 0 comments Download
M mandoline/ui/aura/surface_binding.cc View 1 2 3 4 5 2 chunks +2 lines, -0 lines 0 comments Download
M mojo/application/public/cpp/application_connection.h View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 3 chunks +12 lines, -3 lines 0 comments Download
M mojo/application/public/cpp/application_impl.h View 1 2 3 4 5 6 7 2 chunks +6 lines, -1 line 0 comments Download
M mojo/application/public/cpp/lib/application_impl.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 4 chunks +26 lines, -4 lines 0 comments Download
M mojo/application/public/cpp/lib/application_test_base.cc View 1 chunk +1 line, -0 lines 0 comments Download
M mojo/application/public/cpp/lib/service_registry.h View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 3 chunks +11 lines, -2 lines 0 comments Download
M mojo/application/public/cpp/lib/service_registry.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 1 chunk +24 lines, -6 lines 0 comments Download
M mojo/application/public/interfaces/application.mojom View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 1 chunk +12 lines, -3 lines 0 comments Download
M mojo/application/public/interfaces/shell.mojom View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 2 chunks +34 lines, -12 lines 0 comments Download
M mojo/mojo_shell.gyp View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 2 chunks +2 lines, -0 lines 0 comments Download
M mojo/runner/context.cc View 1 2 3 4 5 6 7 3 chunks +6 lines, -6 lines 0 comments Download
M mojo/runner/native_runner_unittest.cc View 1 2 3 4 5 6 7 1 chunk +2 lines, -2 lines 0 comments Download
M mojo/runner/shell_test_base.cc View 1 2 3 4 5 6 7 1 chunk +2 lines, -2 lines 0 comments Download
M mojo/shell/BUILD.gn View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 2 chunks +2 lines, -0 lines 0 comments Download
M mojo/shell/application_instance.h View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 4 chunks +55 lines, -8 lines 0 comments Download
M mojo/shell/application_instance.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 5 chunks +65 lines, -16 lines 2 comments Download
M mojo/shell/application_manager.h View 1 2 3 4 5 6 4 chunks +23 lines, -15 lines 0 comments Download
M mojo/shell/application_manager.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 9 chunks +63 lines, -46 lines 0 comments Download
M mojo/shell/application_manager_unittest.cc View 1 2 3 4 5 6 7 2 chunks +3 lines, -3 lines 0 comments Download
A mojo/shell/capability_filter_unittest.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 1 chunk +374 lines, -0 lines 0 comments Download
A mojo/shell/capability_filter_unittest.mojom View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 1 chunk +21 lines, -0 lines 0 comments Download
M mojo/shell/content_handler_connection.cc View 1 2 3 4 5 6 7 1 chunk +4 lines, -2 lines 0 comments Download

Messages

Total messages: 33 (9 generated)
Ben Goodger (Google)
OK this is a first cut. See the new unit test.
5 years, 5 months ago (2015-07-22 05:22:11 UTC) #2
sky
https://codereview.chromium.org/1244233002/diff/120001/mojo/application/public/cpp/application_impl.h File mojo/application/public/cpp/application_impl.h (right): https://codereview.chromium.org/1244233002/diff/120001/mojo/application/public/cpp/application_impl.h#newcode86 mojo/application/public/cpp/application_impl.h:86: CapabilityFilterPtr filter = nullptr); Style guide says no default ...
5 years, 5 months ago (2015-07-22 15:57:45 UTC) #3
yzshen1
https://codereview.chromium.org/1244233002/diff/120001/mojo/application/public/cpp/lib/service_registry.cc File mojo/application/public/cpp/lib/service_registry.cc (right): https://codereview.chromium.org/1244233002/diff/120001/mojo/application/public/cpp/lib/service_registry.cc#newcode42 mojo/application/public/cpp/lib/service_registry.cc:42: if (allowed_interfaces_.empty() || Please see my comment in the ...
5 years, 5 months ago (2015-07-22 17:53:58 UTC) #4
Ben Goodger (Google)
On 2015/07/22 17:53:58, yzshen1 wrote: > https://codereview.chromium.org/1244233002/diff/120001/mojo/application/public/cpp/lib/service_registry.cc > File mojo/application/public/cpp/lib/service_registry.cc (right): > > https://codereview.chromium.org/1244233002/diff/120001/mojo/application/public/cpp/lib/service_registry.cc#newcode42 > ...
5 years, 5 months ago (2015-07-22 18:00:10 UTC) #5
jam
please reference bug lgtm https://codereview.chromium.org/1244233002/diff/160001/mojo/shell/application_instance.h File mojo/shell/application_instance.h (right): https://codereview.chromium.org/1244233002/diff/160001/mojo/shell/application_instance.h#newcode51 mojo/shell/application_instance.h:51: using AllowedInterfaces = std::set <std::string> ...
5 years, 5 months ago (2015-07-22 19:47:40 UTC) #6
Ben Goodger (Google)
OK, I think I got everything here, including the wildcards (and some new tests). I'd ...
5 years, 5 months ago (2015-07-22 21:56:28 UTC) #7
yzshen1
https://codereview.chromium.org/1244233002/diff/160001/mojo/shell/application_instance.h File mojo/shell/application_instance.h (right): https://codereview.chromium.org/1244233002/diff/160001/mojo/shell/application_instance.h#newcode26 mojo/shell/application_instance.h:26: struct TypeConverter <std::set<E>, Array<T>> { Please consider share this ...
5 years, 5 months ago (2015-07-22 22:26:47 UTC) #8
yzshen1
Hi, Ben. I looked at mojo/application/public/cpp/BUILD.gn and it is already depending on //mojo/common: https://code.google.com/p/chromium/codesearch#chromium/src/mojo/application/public/cpp/BUILD.gn&l=49 So ...
5 years, 5 months ago (2015-07-22 23:46:21 UTC) #9
Ben Goodger (Google)
On 2015/07/22 23:46:21, yzshen1 wrote: > Hi, Ben. > > I looked at mojo/application/public/cpp/BUILD.gn and ...
5 years, 5 months ago (2015-07-23 05:44:26 UTC) #10
Ben Goodger (Google)
OK I redid the tests. PTAL.
5 years, 5 months ago (2015-07-24 03:28:04 UTC) #11
yzshen1
LGTM https://codereview.chromium.org/1244233002/diff/380001/mojo/shell/application_instance.cc File mojo/shell/application_instance.cc (right): https://codereview.chromium.org/1244233002/diff/380001/mojo/shell/application_instance.cc#newcode56 mojo/shell/application_instance.cc:56: CapabilityFilterPtr filter) { (I probably have missed something ...
5 years, 5 months ago (2015-07-24 08:02:09 UTC) #12
sky
https://codereview.chromium.org/1244233002/diff/380001/mojo/application/public/cpp/application_connection.h File mojo/application/public/cpp/application_connection.h (right): https://codereview.chromium.org/1244233002/diff/380001/mojo/application/public/cpp/application_connection.h#newcode107 mojo/application/public/cpp/application_connection.h:107: virtual void SetConnectionErrorHandler(const Closure& handler) = 0; Do you ...
5 years, 5 months ago (2015-07-24 15:36:55 UTC) #13
Ben Goodger (Google)
Scott, updated PTAL https://codereview.chromium.org/1244233002/diff/380001/mojo/shell/application_instance.cc File mojo/shell/application_instance.cc (right): https://codereview.chromium.org/1244233002/diff/380001/mojo/shell/application_instance.cc#newcode56 mojo/shell/application_instance.cc:56: CapabilityFilterPtr filter) { On 2015/07/24 08:02:09, ...
5 years, 5 months ago (2015-07-24 17:29:30 UTC) #14
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1244233002/400001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1244233002/400001
5 years, 5 months ago (2015-07-24 17:32:16 UTC) #17
commit-bot: I haz the power
Try jobs failed on following builders: linux_chromium_rel_ng on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/90151)
5 years, 5 months ago (2015-07-24 18:03:49 UTC) #19
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1244233002/400001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1244233002/400001
5 years, 5 months ago (2015-07-24 19:34:12 UTC) #21
commit-bot: I haz the power
Try jobs failed on following builders: linux_chromium_gn_rel on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_gn_rel/builds/113675)
5 years, 5 months ago (2015-07-24 20:31:07 UTC) #23
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1244233002/420001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1244233002/420001
5 years, 5 months ago (2015-07-24 20:41:52 UTC) #26
commit-bot: I haz the power
Committed patchset #22 (id:420001)
5 years, 5 months ago (2015-07-24 22:22:18 UTC) #27
commit-bot: I haz the power
Patchset 22 (id:??) landed as https://crrev.com/2dd70fcff791aa32b77360c9c8ed413d791e5b47 Cr-Commit-Position: refs/heads/master@{#340352}
5 years, 5 months ago (2015-07-24 22:23:19 UTC) #28
xhwang
https://codereview.chromium.org/1244233002/diff/420001/mojo/shell/application_instance.cc File mojo/shell/application_instance.cc (right): https://codereview.chromium.org/1244233002/diff/420001/mojo/shell/application_instance.cc#newcode147 mojo/shell/application_instance.cc:147: manager->ConnectToApplication(this, url.Pass(), std::string(), It seems we are using |this| ...
5 years, 5 months ago (2015-07-25 07:57:36 UTC) #30
Ben Goodger (Google)
https://codereview.chromium.org/1244233002/diff/420001/mojo/shell/application_instance.cc File mojo/shell/application_instance.cc (right): https://codereview.chromium.org/1244233002/diff/420001/mojo/shell/application_instance.cc#newcode147 mojo/shell/application_instance.cc:147: manager->ConnectToApplication(this, url.Pass(), std::string(), Hrm. Yes my code seems wrong. ...
5 years, 4 months ago (2015-07-27 17:47:47 UTC) #31
Ben Goodger (Google)
On 2015/07/27 17:47:47, Ben Goodger (Google) wrote: > https://codereview.chromium.org/1244233002/diff/420001/mojo/shell/application_instance.cc > File mojo/shell/application_instance.cc (right): > > ...
5 years, 4 months ago (2015-07-27 19:11:03 UTC) #32
xhwang
5 years, 4 months ago (2015-07-27 19:26:14 UTC) #33
Message was sent while issue was closed. 
On 2015/07/27 19:11:03, Ben Goodger (Google) wrote:
> On 2015/07/27 17:47:47, Ben Goodger (Google) wrote:
> >
>
https://codereview.chromium.org/1244233002/diff/420001/mojo/shell/application...
> > File mojo/shell/application_instance.cc (right):
> > 
> >
>
https://codereview.chromium.org/1244233002/diff/420001/mojo/shell/application...
> > mojo/shell/application_instance.cc:147: manager->ConnectToApplication(this,
> > url.Pass(), std::string(),
> > Hrm. Yes my code seems wrong. Seems more correct though to store the
> originator
> > in the ctor and pass it here. We would have to track the lifetime of the
> > originator.
> 
> See: https://codereview.chromium.org/1257133003/

Thanks!

Powered by Google App Engine
This is Rietveld 408576698