Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(141)

Unified Diff: mojo/shell/application_instance.h

Issue 1244233002: Allow trusted brokers to restrict connections for spawned applications to whitelisted applications … (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: . Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: mojo/shell/application_instance.h
diff --git a/mojo/shell/application_instance.h b/mojo/shell/application_instance.h
index 5340298dc05f355640b4989f622c3b070e02028c..40d103798232b242d08118eec711cd7d5c72f3d8 100644
--- a/mojo/shell/application_instance.h
+++ b/mojo/shell/application_instance.h
@@ -5,6 +5,8 @@
#ifndef MOJO_SHELL_APPLICATION_INSTANCE_H_
#define MOJO_SHELL_APPLICATION_INSTANCE_H_
+#include <set>
+
#include "base/callback.h"
#include "mojo/application/public/interfaces/application.mojom.h"
#include "mojo/application/public/interfaces/shell.mojom.h"
@@ -13,31 +15,65 @@
#include "url/gurl.h"
namespace mojo {
+
+// TODO(beng): upstream this into mojo repo, array.h so it can be shared with
+// application_impl.cc.
+// A |TypeConverter| that will create an |std::set<E>| containing a copy of
+// the contents of an |Array<T>|, using |TypeConverter<E, T>| to copy each
+// element. If the input array is null, the output set will be empty.
+template <typename E, typename T>
+struct TypeConverter <std::set<E>, Array<T>> {
+ static std::set<E> Convert(const Array<T>& input) {
+ std::set<E> result;
+ if (!input.is_null()) {
+ for (size_t i = 0; i < input.size(); ++i)
+ result.insert(TypeConverter<E, T>::Convert(input[i]));
+ }
+ return result;
+ }
+};
+
+template <typename T, typename E>
+struct TypeConverter <Array<T>, std::set<E>> {
+ static Array<T> Convert(const std::set<E>& input) {
+ Array<T> result(0u);
+ for (auto i : input)
+ result.push_back(TypeConverter<T, E>::Convert(i));
+ return result.Pass();
+ }
+};
+
namespace shell {
class ApplicationManager;
// Encapsulates a connection to an instance of an application, tracked by the
// shell's ApplicationManager.
-// TODO(beng): Currently this provides a default implementation of the Shell
-// interface. This should be moved into a separate class RootShell
-// which is instantiated when no other Shell implementation is
-// provided via ConnectToApplication().
class ApplicationInstance : public Shell {
public:
+ using AllowedInterfaces = std::set<std::string>;
+ using CapabilityFilter = std::map<std::string, AllowedInterfaces>;
+
ApplicationInstance(ApplicationPtr application,
ApplicationManager* manager,
const Identity& resolved_identity,
+ const CapabilityFilter& filter,
const base::Closure& on_application_end);
~ApplicationInstance() override;
void InitializeApplication();
- void ConnectToClient(const GURL& requested_url,
+ void ConnectToClient(ApplicationInstance* originator,
+ const GURL& requested_url,
const GURL& requestor_url,
InterfaceRequest<ServiceProvider> services,
- ServiceProviderPtr exposed_services);
+ ServiceProviderPtr exposed_services,
+ CapabilityFilterPtr filter);
+
+ // Returns the set of interfaces this application instance is allowed to see
+ // from an instance with |identity|.
+ AllowedInterfaces GetAllowedInterfaces(const Identity& identity) const;
Application* application() { return application_.get(); }
const Identity& identity() const { return identity_; }
@@ -45,11 +81,18 @@ class ApplicationInstance : public Shell {
private:
// Shell implementation:
- void ConnectToApplication(mojo::URLRequestPtr app_request,
+ void ConnectToApplication(URLRequestPtr app_request,
InterfaceRequest<ServiceProvider> services,
- ServiceProviderPtr exposed_services) override;
+ ServiceProviderPtr exposed_services,
+ CapabilityFilterPtr filter) override;
void QuitApplication() override;
+ void CallAcceptConnection(ApplicationInstance* originator,
+ const GURL& url,
+ InterfaceRequest<ServiceProvider> services,
+ ServiceProviderPtr exposed_services,
+ const GURL& requested_url);
+
void OnConnectionError();
void OnQuitRequestedResult(bool can_quit);
@@ -57,14 +100,18 @@ class ApplicationInstance : public Shell {
struct QueuedClientRequest {
QueuedClientRequest();
~QueuedClientRequest();
+ ApplicationInstance* originator;
GURL requested_url;
GURL requestor_url;
InterfaceRequest<ServiceProvider> services;
ServiceProviderPtr exposed_services;
+ CapabilityFilterPtr filter;
};
ApplicationManager* const manager_;
const Identity identity_;
+ const CapabilityFilter filter_;
+ const bool allow_any_application_;
base::Closure on_application_end_;
ApplicationPtr application_;
Binding<Shell> binding_;

Powered by Google App Engine
This is Rietveld 408576698