Chromium Code Reviews Chromium Code Reviews
Issue 1244233002:
Allow trusted brokers to restrict connections for spawned applications to whitelisted applications … (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 module mojo; | 5 module mojo; |
| 6 | 6 |
| 7 import "mojo/application/public/interfaces/service_provider.mojom"; | 7 import "mojo/application/public/interfaces/service_provider.mojom"; |
| 8 import "network/public/interfaces/url_loader.mojom"; | 8 import "network/public/interfaces/url_loader.mojom"; |
| 9 | 9 |
| 10 struct CapabilityFilter { | |
| 11 map<string, array<string>> filter; | |
| 12 }; | |
| 13 | |
| 10 // An interface through which a Mojo application may communicate with the Mojo | 14 // An interface through which a Mojo application may communicate with the Mojo |
| 11 // system and request connections to other applications. | 15 // system and request connections to other applications. |
| 12 interface Shell { | 16 interface Shell { |
| 13 // Establishes a connection with another application (located at | 17 // Establishes a connection with another application ("target application") |
| 14 // |request->url|) through which the calling application and the other | 18 // (located at |request->url|) through which the calling application and the |
| 15 // application may request services from one another. |application_url| is a | 19 // target application may request services from one another. |
| 16 // URLRequest in case this is called for an HTTP navigation, in which case | 20 // |application_url| is a URLRequest in case this is called for an HTTP |
| 17 // HTTP specific information like POST data, referrer header etc... needed. | 21 // navigation, in which case HTTP specific information like POST data, |
| 22 // referrer header etc... needed. | |
| 18 // | 23 // |
| 19 // If the calling application would like to request services from the other | 24 // If the calling application would like to request services from the target |
| 20 // application, it should pass a valid interface request in the |services| | 25 // application, it should pass a valid interface request in the |services| |
| 21 // parameter (i.e. one containing a valid message pipe endpoint). If the other | 26 // parameter (i.e. one containing a valid message pipe endpoint). If the |
| 22 // application does not wish to offer services, it may either not bind an | 27 // target application does not wish to offer services, it may either not bind |
| 23 // implementation to the interface request, or else bind an implementation | 28 // an implementation to the interface request, or else bind an implementation |
| 24 // that will reject some or all service requests. | 29 // that will reject some or all service requests. |
| 25 // | 30 // |
| 26 // If the calling application would like to offer services to the other | 31 // If the calling application would like to offer services to the target |
| 27 // application, it should pass a bound interface through the | 32 // application, it should pass a bound interface through the |
| 28 // |exposed_services| parameter. The other application may then request | 33 // |exposed_services| parameter. The target application may then request |
| 29 // services through that interface. | 34 // services through that interface. |
| 30 // | 35 // |
| 31 // At least one of |services| or |exposed_services| should be valid/bound in | 36 // At least one of |services| or |exposed_services| should be valid/bound in |
| 32 // the call. | 37 // the call. |
| 33 // | 38 // |
| 34 // If the |application_url| does not contain a domain, but is of the form | 39 // If the |application_url| does not contain a domain, but is of the form |
| 35 // "mojo:{service}", it is up to the Mojo shell to select an appropriate | 40 // "mojo:{service}", it is up to the Mojo shell to select an appropriate |
| 36 // application for the service. Currently, the shell does this based on the | 41 // application for the service. Currently, the shell does this based on the |
| 37 // value of its --origin flag. | 42 // value of its --origin flag. |
| 43 // | |
| 44 // |filter| is a whitelist of application URLs that the target application | |
| 45 // is permitted to connect to, and for each permitted application a | |
| 46 // corresponding set of services to be exposed to the target application. | |
|
sky
2015/07/22 15:57:45
Should 'to be exposed' be 'that may be exposed'? S
| |
| 47 // The purpose of this parameter is to limit the target application's | |
| 48 // visibility of the full set of applications and services available to | |
| 49 // trusted applications. If this value is null, no filtering is specified | |
| 50 // and the target application can connect to all applications and services. | |
| 38 ConnectToApplication(URLRequest application_url, | 51 ConnectToApplication(URLRequest application_url, |
| 39 ServiceProvider&? services, | 52 ServiceProvider&? services, |
| 40 ServiceProvider? exposed_services); | 53 ServiceProvider? exposed_services, |
| 54 CapabilityFilter? filter); | |
| 41 | 55 |
| 42 // When there are no more instantiated services in an application, it should | 56 // When there are no more instantiated services in an application, it should |
| 43 // start its shutdown process by calling this method. Additionally, it should | 57 // start its shutdown process by calling this method. Additionally, it should |
| 44 // keep track of any new service requests that come in. The shell will then | 58 // keep track of any new service requests that come in. The shell will then |
| 45 // call Application::OnQuitRequested and start queueing new service requests. | 59 // call Application::OnQuitRequested and start queueing new service requests. |
| 46 // If the application didn't get any new service requests in the meantime, it | 60 // If the application didn't get any new service requests in the meantime, it |
| 47 // should call the callback with a true value. Otherwise it should call it | 61 // should call the callback with a true value. Otherwise it should call it |
| 48 // with false. | 62 // with false. |
| 49 QuitApplication(); | 63 QuitApplication(); |
| 50 }; | 64 }; |
| OLD | NEW |
