| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/frame_host/render_frame_host_impl.h" | 5 #include "content/browser/frame_host/render_frame_host_impl.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/containers/hash_tables.h" | 9 #include "base/containers/hash_tables.h" |
| 10 #include "base/lazy_instance.h" | 10 #include "base/lazy_instance.h" |
| 11 #include "base/metrics/histogram.h" | 11 #include "base/metrics/histogram.h" |
| 12 #include "base/process/kill.h" | 12 #include "base/process/kill.h" |
| 13 #include "base/time/time.h" | 13 #include "base/time/time.h" |
| 14 #include "content/browser/accessibility/accessibility_mode_helper.h" | 14 #include "content/browser/accessibility/accessibility_mode_helper.h" |
| 15 #include "content/browser/accessibility/ax_tree_id_registry.h" | 15 #include "content/browser/accessibility/ax_tree_id_registry.h" |
| 16 #include "content/browser/accessibility/browser_accessibility_manager.h" | 16 #include "content/browser/accessibility/browser_accessibility_manager.h" |
| 17 #include "content/browser/accessibility/browser_accessibility_state_impl.h" | 17 #include "content/browser/accessibility/browser_accessibility_state_impl.h" |
| 18 #include "content/browser/child_process_security_policy_impl.h" | 18 #include "content/browser/child_process_security_policy_impl.h" |
| 19 #include "content/browser/child_process_security_policy_impl.h" |
| 19 #include "content/browser/devtools/render_frame_devtools_agent_host.h" | 20 #include "content/browser/devtools/render_frame_devtools_agent_host.h" |
| 20 #include "content/browser/frame_host/cross_process_frame_connector.h" | 21 #include "content/browser/frame_host/cross_process_frame_connector.h" |
| 21 #include "content/browser/frame_host/cross_site_transferring_request.h" | 22 #include "content/browser/frame_host/cross_site_transferring_request.h" |
| 22 #include "content/browser/frame_host/frame_mojo_shell.h" | 23 #include "content/browser/frame_host/frame_mojo_shell.h" |
| 23 #include "content/browser/frame_host/frame_tree.h" | 24 #include "content/browser/frame_host/frame_tree.h" |
| 24 #include "content/browser/frame_host/frame_tree_node.h" | 25 #include "content/browser/frame_host/frame_tree_node.h" |
| 25 #include "content/browser/frame_host/navigation_handle_impl.h" | 26 #include "content/browser/frame_host/navigation_handle_impl.h" |
| 26 #include "content/browser/frame_host/navigation_request.h" | 27 #include "content/browser/frame_host/navigation_request.h" |
| 27 #include "content/browser/frame_host/navigator.h" | 28 #include "content/browser/frame_host/navigator.h" |
| 28 #include "content/browser/frame_host/navigator_impl.h" | 29 #include "content/browser/frame_host/navigator_impl.h" |
| 29 #include "content/browser/frame_host/render_frame_host_delegate.h" | 30 #include "content/browser/frame_host/render_frame_host_delegate.h" |
| 30 #include "content/browser/frame_host/render_frame_proxy_host.h" | 31 #include "content/browser/frame_host/render_frame_proxy_host.h" |
| 31 #include "content/browser/frame_host/render_widget_host_view_child_frame.h" | 32 #include "content/browser/frame_host/render_widget_host_view_child_frame.h" |
| 32 #include "content/browser/geolocation/geolocation_service_context.h" | 33 #include "content/browser/geolocation/geolocation_service_context.h" |
| 33 #include "content/browser/permissions/permission_service_context.h" | 34 #include "content/browser/permissions/permission_service_context.h" |
| 34 #include "content/browser/permissions/permission_service_impl.h" | 35 #include "content/browser/permissions/permission_service_impl.h" |
| 35 #include "content/browser/presentation/presentation_service_impl.h" | 36 #include "content/browser/presentation/presentation_service_impl.h" |
| 36 #include "content/browser/renderer_host/input/input_router.h" | 37 #include "content/browser/renderer_host/input/input_router.h" |
| 37 #include "content/browser/renderer_host/input/timeout_monitor.h" | 38 #include "content/browser/renderer_host/input/timeout_monitor.h" |
| 38 #include "content/browser/renderer_host/render_process_host_impl.h" | 39 #include "content/browser/renderer_host/render_process_host_impl.h" |
| 39 #include "content/browser/renderer_host/render_view_host_delegate.h" | 40 #include "content/browser/renderer_host/render_view_host_delegate.h" |
| 40 #include "content/browser/renderer_host/render_view_host_delegate_view.h" | 41 #include "content/browser/renderer_host/render_view_host_delegate_view.h" |
| 41 #include "content/browser/renderer_host/render_view_host_impl.h" | 42 #include "content/browser/renderer_host/render_view_host_impl.h" |
| 42 #include "content/browser/renderer_host/render_widget_host_delegate.h" | 43 #include "content/browser/renderer_host/render_widget_host_delegate.h" |
| 43 #include "content/browser/renderer_host/render_widget_host_impl.h" | 44 #include "content/browser/renderer_host/render_widget_host_impl.h" |
| 44 #include "content/browser/renderer_host/render_widget_host_view_base.h" | 45 #include "content/browser/renderer_host/render_widget_host_view_base.h" |
| 45 #include "content/browser/wake_lock/wake_lock_service_context.h" | 46 #include "content/browser/wake_lock/wake_lock_service_context.h" |
| 47 #include "content/browser/webui/web_ui_controller_factory_registry.h" |
| 46 #include "content/common/accessibility_messages.h" | 48 #include "content/common/accessibility_messages.h" |
| 47 #include "content/common/frame_messages.h" | 49 #include "content/common/frame_messages.h" |
| 48 #include "content/common/input_messages.h" | 50 #include "content/common/input_messages.h" |
| 49 #include "content/common/inter_process_time_ticks_converter.h" | 51 #include "content/common/inter_process_time_ticks_converter.h" |
| 50 #include "content/common/navigation_params.h" | 52 #include "content/common/navigation_params.h" |
| 51 #include "content/common/render_frame_setup.mojom.h" | 53 #include "content/common/render_frame_setup.mojom.h" |
| 52 #include "content/common/site_isolation_policy.h" | 54 #include "content/common/site_isolation_policy.h" |
| 53 #include "content/common/swapped_out_messages.h" | 55 #include "content/common/swapped_out_messages.h" |
| 54 #include "content/public/browser/ax_event_notification_details.h" | 56 #include "content/public/browser/ax_event_notification_details.h" |
| 55 #include "content/public/browser/browser_accessibility_state.h" | 57 #include "content/public/browser/browser_accessibility_state.h" |
| (...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 188 render_frame_created_(false), | 190 render_frame_created_(false), |
| 189 navigations_suspended_(false), | 191 navigations_suspended_(false), |
| 190 is_waiting_for_beforeunload_ack_(false), | 192 is_waiting_for_beforeunload_ack_(false), |
| 191 unload_ack_is_for_navigation_(false), | 193 unload_ack_is_for_navigation_(false), |
| 192 is_loading_(false), | 194 is_loading_(false), |
| 193 pending_commit_(false), | 195 pending_commit_(false), |
| 194 nav_entry_id_(0), | 196 nav_entry_id_(0), |
| 195 accessibility_reset_token_(0), | 197 accessibility_reset_token_(0), |
| 196 accessibility_reset_count_(0), | 198 accessibility_reset_count_(0), |
| 197 no_create_browser_accessibility_manager_for_testing_(false), | 199 no_create_browser_accessibility_manager_for_testing_(false), |
| 200 web_ui_type_(WebUI::kNoWebUI), |
| 201 pending_web_ui_type_(WebUI::kNoWebUI), |
| 202 should_reuse_web_ui_(false), |
| 198 weak_ptr_factory_(this) { | 203 weak_ptr_factory_(this) { |
| 199 bool is_swapped_out = !!(flags & CREATE_RF_SWAPPED_OUT); | 204 bool is_swapped_out = !!(flags & CREATE_RF_SWAPPED_OUT); |
| 200 bool hidden = !!(flags & CREATE_RF_HIDDEN); | 205 bool hidden = !!(flags & CREATE_RF_HIDDEN); |
| 201 frame_tree_->AddRenderViewHostRef(render_view_host_); | 206 frame_tree_->AddRenderViewHostRef(render_view_host_); |
| 202 GetProcess()->AddRoute(routing_id_, this); | 207 GetProcess()->AddRoute(routing_id_, this); |
| 203 g_routing_id_frame_map.Get().insert(std::make_pair( | 208 g_routing_id_frame_map.Get().insert(std::make_pair( |
| 204 RenderFrameHostID(GetProcess()->GetID(), routing_id_), | 209 RenderFrameHostID(GetProcess()->GetID(), routing_id_), |
| 205 this)); | 210 this)); |
| 206 | 211 |
| 207 if (is_swapped_out) { | 212 if (is_swapped_out) { |
| (...skipping 25 matching lines...) Expand all Loading... |
| 233 render_widget_host_ = new RenderWidgetHostImpl(rwh_delegate, GetProcess(), | 238 render_widget_host_ = new RenderWidgetHostImpl(rwh_delegate, GetProcess(), |
| 234 widget_routing_id, hidden); | 239 widget_routing_id, hidden); |
| 235 render_widget_host_->set_owned_by_render_frame_host(true); | 240 render_widget_host_->set_owned_by_render_frame_host(true); |
| 236 } else { | 241 } else { |
| 237 DCHECK(!render_widget_host_->owned_by_render_frame_host()); | 242 DCHECK(!render_widget_host_->owned_by_render_frame_host()); |
| 238 } | 243 } |
| 239 } | 244 } |
| 240 } | 245 } |
| 241 | 246 |
| 242 RenderFrameHostImpl::~RenderFrameHostImpl() { | 247 RenderFrameHostImpl::~RenderFrameHostImpl() { |
| 248 // Release the WebUI instances before all else as the WebUI may accesses the |
| 249 // RenderFrameHost during cleanup. |
| 250 ClearAllWebUI(); |
| 251 |
| 243 GetProcess()->RemoveRoute(routing_id_); | 252 GetProcess()->RemoveRoute(routing_id_); |
| 244 g_routing_id_frame_map.Get().erase( | 253 g_routing_id_frame_map.Get().erase( |
| 245 RenderFrameHostID(GetProcess()->GetID(), routing_id_)); | 254 RenderFrameHostID(GetProcess()->GetID(), routing_id_)); |
| 246 | 255 |
| 247 if (delegate_ && render_frame_created_) | 256 if (delegate_ && render_frame_created_) |
| 248 delegate_->RenderFrameDeleted(this); | 257 delegate_->RenderFrameDeleted(this); |
| 249 | 258 |
| 250 // If this was swapped out, it already decremented the active frame count of | 259 // If this was swapped out, it already decremented the active frame count of |
| 251 // the SiteInstance it belongs to. | 260 // the SiteInstance it belongs to. |
| 252 if (IsRFHStateActive(rfh_state_)) | 261 if (IsRFHStateActive(rfh_state_)) |
| (...skipping 977 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1230 } | 1239 } |
| 1231 | 1240 |
| 1232 void RenderFrameHostImpl::OnSwappedOut() { | 1241 void RenderFrameHostImpl::OnSwappedOut() { |
| 1233 // Ignore spurious swap out ack. | 1242 // Ignore spurious swap out ack. |
| 1234 if (rfh_state_ != STATE_PENDING_SWAP_OUT) | 1243 if (rfh_state_ != STATE_PENDING_SWAP_OUT) |
| 1235 return; | 1244 return; |
| 1236 | 1245 |
| 1237 TRACE_EVENT_ASYNC_END0("navigation", "RenderFrameHostImpl::SwapOut", this); | 1246 TRACE_EVENT_ASYNC_END0("navigation", "RenderFrameHostImpl::SwapOut", this); |
| 1238 swapout_event_monitor_timeout_->Stop(); | 1247 swapout_event_monitor_timeout_->Stop(); |
| 1239 | 1248 |
| 1249 ClearAllWebUI(); |
| 1240 | 1250 |
| 1241 // If this is a main frame RFH that's about to be deleted, update its RVH's | 1251 // If this is a main frame RFH that's about to be deleted, update its RVH's |
| 1242 // swapped-out state here, since SetState won't be called once this RFH is | 1252 // swapped-out state here, since SetState won't be called once this RFH is |
| 1243 // deleted below. https://crbug.com/505887 | 1253 // deleted below. https://crbug.com/505887 |
| 1244 if (frame_tree_node_->IsMainFrame() && | 1254 if (frame_tree_node_->IsMainFrame() && |
| 1245 frame_tree_node_->render_manager()->IsPendingDeletion(this)) { | 1255 frame_tree_node_->render_manager()->IsPendingDeletion(this)) { |
| 1246 render_view_host_->set_is_active(false); | 1256 render_view_host_->set_is_active(false); |
| 1247 render_view_host_->set_is_swapped_out(true); | 1257 render_view_host_->set_is_swapped_out(true); |
| 1248 } | 1258 } |
| 1249 | 1259 |
| (...skipping 816 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2066 bool RenderFrameHostImpl::IsFocused() { | 2076 bool RenderFrameHostImpl::IsFocused() { |
| 2067 // TODO(mlamouri,kenrb): call GetRenderWidgetHost() directly when it stops | 2077 // TODO(mlamouri,kenrb): call GetRenderWidgetHost() directly when it stops |
| 2068 // returning nullptr in some cases. See https://crbug.com/455245. | 2078 // returning nullptr in some cases. See https://crbug.com/455245. |
| 2069 return RenderWidgetHostImpl::From( | 2079 return RenderWidgetHostImpl::From( |
| 2070 GetView()->GetRenderWidgetHost())->is_focused() && | 2080 GetView()->GetRenderWidgetHost())->is_focused() && |
| 2071 frame_tree_->GetFocusedFrame() && | 2081 frame_tree_->GetFocusedFrame() && |
| 2072 (frame_tree_->GetFocusedFrame() == frame_tree_node() || | 2082 (frame_tree_->GetFocusedFrame() == frame_tree_node() || |
| 2073 frame_tree_->GetFocusedFrame()->IsDescendantOf(frame_tree_node())); | 2083 frame_tree_->GetFocusedFrame()->IsDescendantOf(frame_tree_node())); |
| 2074 } | 2084 } |
| 2075 | 2085 |
| 2086 bool RenderFrameHostImpl::UpdatePendingWebUI(const GURL& dest_url, |
| 2087 int entry_bindings) { |
| 2088 WebUI::TypeID new_web_ui_type = |
| 2089 WebUIControllerFactoryRegistry::GetInstance()->GetWebUIType( |
| 2090 GetSiteInstance()->GetBrowserContext(), dest_url); |
| 2091 |
| 2092 // If the required WebUI matches the pending WebUI or if it matches the |
| 2093 // to-be-reused active WebUI, then leave everything as is. |
| 2094 if (new_web_ui_type == pending_web_ui_type_ || |
| 2095 (should_reuse_web_ui_ && new_web_ui_type == web_ui_type_)) { |
| 2096 return false; |
| 2097 } |
| 2098 |
| 2099 // Reset the pending WebUI as from this point it will certainly not be reused. |
| 2100 ClearPendingWebUI(); |
| 2101 |
| 2102 // If this navigation is not to a WebUI, skip directly to bindings work. |
| 2103 if (new_web_ui_type != WebUI::kNoWebUI) { |
| 2104 if (new_web_ui_type == web_ui_type_) { |
| 2105 // The active WebUI should be reused when dest_url requires a WebUI and |
| 2106 // its type matches the current. |
| 2107 DCHECK(web_ui_); |
| 2108 should_reuse_web_ui_ = true; |
| 2109 } else { |
| 2110 // Otherwise create a new pending WebUI. |
| 2111 pending_web_ui_ = delegate_->CreateWebUIForRenderFrameHost(dest_url); |
| 2112 DCHECK(pending_web_ui_); |
| 2113 pending_web_ui_type_ = new_web_ui_type; |
| 2114 |
| 2115 // If we have assigned (zero or more) bindings to the NavigationEntry in |
| 2116 // the past, make sure we're not granting it different bindings than it |
| 2117 // had before. If so, note it and don't give it any bindings, to avoid a |
| 2118 // potential privilege escalation. |
| 2119 if (entry_bindings != NavigationEntryImpl::kInvalidBindings && |
| 2120 pending_web_ui_->GetBindings() != entry_bindings) { |
| 2121 RecordAction( |
| 2122 base::UserMetricsAction("ProcessSwapBindingsMismatch_RVHM")); |
| 2123 ClearPendingWebUI(); |
| 2124 } |
| 2125 } |
| 2126 } |
| 2127 DCHECK_EQ(!pending_web_ui_, pending_web_ui_type_ == WebUI::kNoWebUI); |
| 2128 |
| 2129 // Either grant or check the RenderViewHost with/for proper bindings. |
| 2130 if (pending_web_ui_ && !render_view_host_->GetProcess()->IsForGuestsOnly()) { |
| 2131 // If a WebUI was created for the URL and the RenderView is not in a guest |
| 2132 // process, then enable missing bindings with the RenderViewHost. |
| 2133 int new_bindings = pending_web_ui_->GetBindings(); |
| 2134 if ((render_view_host_->GetEnabledBindings() & new_bindings) != |
| 2135 new_bindings) { |
| 2136 render_view_host_->AllowBindings(new_bindings); |
| 2137 } |
| 2138 } else if (render_view_host_->is_active()) { |
| 2139 // If the ongoing navigation is not to a WebUI or the RenderView is in a |
| 2140 // guest process, ensure that we don't create an unprivileged RenderView in |
| 2141 // a WebUI-enabled process unless it's swapped out. |
| 2142 bool url_acceptable_for_webui = |
| 2143 WebUIControllerFactoryRegistry::GetInstance()->IsURLAcceptableForWebUI( |
| 2144 GetSiteInstance()->GetBrowserContext(), dest_url); |
| 2145 if (!url_acceptable_for_webui) { |
| 2146 CHECK(!ChildProcessSecurityPolicyImpl::GetInstance()->HasWebUIBindings( |
| 2147 GetProcess()->GetID())); |
| 2148 } |
| 2149 } |
| 2150 return true; |
| 2151 } |
| 2152 |
| 2153 void RenderFrameHostImpl::CommitPendingWebUI() { |
| 2154 if (should_reuse_web_ui_) { |
| 2155 should_reuse_web_ui_ = false; |
| 2156 } else { |
| 2157 web_ui_ = pending_web_ui_.Pass(); |
| 2158 web_ui_type_ = pending_web_ui_type_; |
| 2159 pending_web_ui_type_ = WebUI::kNoWebUI; |
| 2160 } |
| 2161 DCHECK(!pending_web_ui_ && pending_web_ui_type_ == WebUI::kNoWebUI && |
| 2162 !should_reuse_web_ui_); |
| 2163 } |
| 2164 |
| 2165 void RenderFrameHostImpl::ClearPendingWebUI() { |
| 2166 pending_web_ui_.reset(); |
| 2167 pending_web_ui_type_ = WebUI::kNoWebUI; |
| 2168 should_reuse_web_ui_ = false; |
| 2169 } |
| 2170 |
| 2171 void RenderFrameHostImpl::ClearAllWebUI() { |
| 2172 ClearPendingWebUI(); |
| 2173 web_ui_type_ = WebUI::kNoWebUI; |
| 2174 web_ui_.reset(); |
| 2175 } |
| 2176 |
| 2076 const image_downloader::ImageDownloaderPtr& | 2177 const image_downloader::ImageDownloaderPtr& |
| 2077 RenderFrameHostImpl::GetMojoImageDownloader() { | 2178 RenderFrameHostImpl::GetMojoImageDownloader() { |
| 2078 if (!mojo_image_downloader_.get() && GetServiceRegistry()) { | 2179 if (!mojo_image_downloader_.get() && GetServiceRegistry()) { |
| 2079 GetServiceRegistry()->ConnectToRemoteService( | 2180 GetServiceRegistry()->ConnectToRemoteService( |
| 2080 mojo::GetProxy(&mojo_image_downloader_)); | 2181 mojo::GetProxy(&mojo_image_downloader_)); |
| 2081 } | 2182 } |
| 2082 return mojo_image_downloader_; | 2183 return mojo_image_downloader_; |
| 2083 } | 2184 } |
| 2084 | 2185 |
| 2085 bool RenderFrameHostImpl::IsSameSiteInstance( | 2186 bool RenderFrameHostImpl::IsSameSiteInstance( |
| (...skipping 292 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2378 *dst = src; | 2479 *dst = src; |
| 2379 | 2480 |
| 2380 if (src.routing_id != -1) | 2481 if (src.routing_id != -1) |
| 2381 dst->tree_id = RoutingIDToAXTreeID(src.routing_id); | 2482 dst->tree_id = RoutingIDToAXTreeID(src.routing_id); |
| 2382 | 2483 |
| 2383 if (src.parent_routing_id != -1) | 2484 if (src.parent_routing_id != -1) |
| 2384 dst->parent_tree_id = RoutingIDToAXTreeID(src.parent_routing_id); | 2485 dst->parent_tree_id = RoutingIDToAXTreeID(src.parent_routing_id); |
| 2385 } | 2486 } |
| 2386 | 2487 |
| 2387 } // namespace content | 2488 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1426403006:
Reland #1 of: Move WebUI ownership from the RenderFrameHostManager to the RenderFrameHost. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master