Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1514)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: mojo/application/public/interfaces/shell.mojom

Issue 1244233002: Allow trusted brokers to restrict connections for spawned applications to whitelisted applications … (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: . Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« mojo/application/public/cpp/lib/service_registry.cc ('K') | « mojo/application/public/interfaces/application.mojom ('k') | mojo/mojo_shell.gyp » ('j') | mojo/runner/context.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: mojo/application/public/interfaces/shell.mojom
diff --git a/mojo/application/public/interfaces/shell.mojom b/mojo/application/public/interfaces/shell.mojom
index 3e3cd373a1843989ee040efff85a063d517a91a0..64ccf4afd3579001d6b4c67d508f3338a70de297 100644
--- a/mojo/application/public/interfaces/shell.mojom
+++ b/mojo/application/public/interfaces/shell.mojom
@@ -7,25 +7,30 @@ module mojo;
import "mojo/application/public/interfaces/service_provider.mojom";
import "network/public/interfaces/url_loader.mojom";
+struct CapabilityFilter {
+ map<string, array<string>> filter;
+};
+
// An interface through which a Mojo application may communicate with the Mojo
// system and request connections to other applications.
interface Shell {
- // Establishes a connection with another application (located at
- // |request->url|) through which the calling application and the other
- // application may request services from one another. |application_url| is a
- // URLRequest in case this is called for an HTTP navigation, in which case
- // HTTP specific information like POST data, referrer header etc... needed.
+ // Establishes a connection with another application ("target application")
+ // (located at |request->url|) through which the calling application and the
+ // target application may request services from one another.
+ // |application_url| is a URLRequest in case this is called for an HTTP
+ // navigation, in which case HTTP specific information like POST data,
+ // referrer header etc... needed.
//
- // If the calling application would like to request services from the other
+ // If the calling application would like to request services from the target
// application, it should pass a valid interface request in the |services|
- // parameter (i.e. one containing a valid message pipe endpoint). If the other
- // application does not wish to offer services, it may either not bind an
- // implementation to the interface request, or else bind an implementation
+ // parameter (i.e. one containing a valid message pipe endpoint). If the
+ // target application does not wish to offer services, it may either not bind
+ // an implementation to the interface request, or else bind an implementation
// that will reject some or all service requests.
//
- // If the calling application would like to offer services to the other
+ // If the calling application would like to offer services to the target
// application, it should pass a bound interface through the
- // |exposed_services| parameter. The other application may then request
+ // |exposed_services| parameter. The target application may then request
// services through that interface.
//
// At least one of |services| or |exposed_services| should be valid/bound in
@@ -35,9 +40,18 @@ interface Shell {
// "mojo:{service}", it is up to the Mojo shell to select an appropriate
// application for the service. Currently, the shell does this based on the
// value of its --origin flag.
+ //
+ // |filter| is a whitelist of application URLs that the target application
+ // is permitted to connect to, and for each permitted application a
+ // corresponding set of services to be exposed to the target application.
sky 2015/07/22 15:57:45 Should 'to be exposed' be 'that may be exposed'? S
+ // The purpose of this parameter is to limit the target application's
+ // visibility of the full set of applications and services available to
+ // trusted applications. If this value is null, no filtering is specified
+ // and the target application can connect to all applications and services.
ConnectToApplication(URLRequest application_url,
ServiceProvider&? services,
- ServiceProvider? exposed_services);
+ ServiceProvider? exposed_services,
+ CapabilityFilter? filter);
// When there are no more instantiated services in an application, it should
// start its shutdown process by calling this method. Additionally, it should
« mojo/application/public/cpp/lib/service_registry.cc ('K') | « mojo/application/public/interfaces/application.mojom ('k') | mojo/mojo_shell.gyp » ('j') | mojo/runner/context.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698