Chromium Code Reviews Chromium Code Reviews
Issue 17094022:
PPAPI: Add permissions checking for PPB_NetworkProxy (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/renderer_host/pepper/pepper_network_proxy_host.h" | 5 #include "content/browser/renderer_host/pepper/pepper_network_proxy_host.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "content/browser/renderer_host/pepper/browser_ppapi_host_impl.h" | |
| 9 #include "content/browser/renderer_host/pepper/pepper_socket_utils.h" | |
| 8 #include "content/public/browser/browser_context.h" | 10 #include "content/public/browser/browser_context.h" |
| 9 #include "content/public/browser/browser_ppapi_host.h" | 11 #include "content/public/browser/browser_ppapi_host.h" |
| 10 #include "content/public/browser/browser_thread.h" | 12 #include "content/public/browser/browser_thread.h" |
| 11 #include "content/public/browser/render_process_host.h" | 13 #include "content/public/browser/render_process_host.h" |
| 14 #include "content/public/common/socket_permission_request.h" | |
| 12 #include "net/base/net_errors.h" | 15 #include "net/base/net_errors.h" |
| 13 #include "net/proxy/proxy_info.h" | 16 #include "net/proxy/proxy_info.h" |
| 14 #include "net/url_request/url_request_context.h" | 17 #include "net/url_request/url_request_context.h" |
| 15 #include "net/url_request/url_request_context_getter.h" | 18 #include "net/url_request/url_request_context_getter.h" |
| 16 #include "ppapi/c/pp_errors.h" | 19 #include "ppapi/c/pp_errors.h" |
| 17 #include "ppapi/host/dispatch_host_message.h" | 20 #include "ppapi/host/dispatch_host_message.h" |
| 18 #include "ppapi/host/ppapi_host.h" | 21 #include "ppapi/host/ppapi_host.h" |
| 19 #include "ppapi/proxy/ppapi_messages.h" | 22 #include "ppapi/proxy/ppapi_messages.h" |
| 20 | 23 |
| 21 namespace content { | 24 namespace content { |
| 22 | 25 |
| 23 namespace { | |
| 24 | |
| 25 scoped_refptr<net::URLRequestContextGetter> | |
| 26 GetURLRequestContextGetterOnUIThread(int render_process_id) { | |
| 27 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 28 | |
| 29 scoped_refptr<net::URLRequestContextGetter> context_getter; | |
| 30 RenderProcessHost* render_process_host = | |
| 31 RenderProcessHost::FromID(render_process_id); | |
| 32 if (render_process_host && render_process_host->GetBrowserContext()) { | |
| 33 context_getter = render_process_host->GetBrowserContext()-> | |
| 34 GetRequestContextForRenderProcess(render_process_id); | |
| 35 } | |
| 36 return context_getter; | |
| 37 } | |
| 38 | |
| 39 } // namespace | |
| 40 | |
| 41 PepperNetworkProxyHost::PepperNetworkProxyHost(BrowserPpapiHost* host, | 26 PepperNetworkProxyHost::PepperNetworkProxyHost(BrowserPpapiHost* host, |
| 42 PP_Instance instance, | 27 PP_Instance instance, |
| 43 PP_Resource resource) | 28 PP_Resource resource) |
| 44 : ResourceHost(host->GetPpapiHost(), instance, resource), | 29 : ResourceHost(host->GetPpapiHost(), instance, resource), |
| 45 proxy_service_(NULL), | 30 proxy_service_(NULL), |
| 46 waiting_for_proxy_service_(true), | 31 is_allowed_(false), |
| 32 waiting_for_ui_thread_data_(true), | |
| 47 weak_factory_(this) { | 33 weak_factory_(this) { |
| 48 int render_process_id(0), render_view_id_unused(0); | 34 int render_process_id(0), render_view_id(0); |
| 49 host->GetRenderViewIDsForInstance(instance, | 35 host->GetRenderViewIDsForInstance(instance, |
| 50 &render_process_id, | 36 &render_process_id, |
| 51 &render_view_id_unused); | 37 &render_view_id); |
| 38 // TODO(dmichael): Currently, BrowserPpapiHostImpl is the only class that | |
| 39 // inherits BrowserPpapiHost, so this is safe. Would it be better to just | |
| 40 // make external_plugin() virtual? | |
| 41 BrowserPpapiHostImpl* host_impl = | |
|
yzshen1
2013/06/21 18:06:24
You could directly pass in a BrowserPpapiHostImpl
dmichael (off chromium)
2013/06/21 20:25:45
Much better, thanks for noticing that!
| |
| 42 static_cast<BrowserPpapiHostImpl*>(host); | |
| 52 BrowserThread::PostTaskAndReplyWithResult( | 43 BrowserThread::PostTaskAndReplyWithResult( |
| 53 BrowserThread::UI, FROM_HERE, | 44 BrowserThread::UI, FROM_HERE, |
| 54 base::Bind(&GetURLRequestContextGetterOnUIThread, render_process_id), | 45 base::Bind(&GetUIThreadDataOnUIThread, |
| 55 base::Bind(&PepperNetworkProxyHost::DidGetURLRequestContextGetter, | 46 render_process_id, |
| 47 render_view_id, | |
| 48 host_impl->external_plugin()), | |
| 49 base::Bind(&PepperNetworkProxyHost::DidGetUIThreadData, | |
| 56 weak_factory_.GetWeakPtr())); | 50 weak_factory_.GetWeakPtr())); |
| 57 } | 51 } |
| 58 | 52 |
| 59 PepperNetworkProxyHost::~PepperNetworkProxyHost() { | 53 PepperNetworkProxyHost::~PepperNetworkProxyHost() { |
| 60 while (!pending_requests_.empty()) { | 54 while (!pending_requests_.empty()) { |
| 61 // If the proxy_service_ is NULL, we shouldn't have any outstanding | 55 // If the proxy_service_ is NULL, we shouldn't have any outstanding |
| 62 // requests. | 56 // requests. |
| 63 DCHECK(proxy_service_); | 57 DCHECK(proxy_service_); |
| 64 net::ProxyService::PacRequest* request = pending_requests_.front(); | 58 net::ProxyService::PacRequest* request = pending_requests_.front(); |
| 65 proxy_service_->CancelPacRequest(request); | 59 proxy_service_->CancelPacRequest(request); |
| 66 pending_requests_.pop(); | 60 pending_requests_.pop(); |
| 67 } | 61 } |
| 68 } | 62 } |
| 69 | 63 |
| 70 void PepperNetworkProxyHost::DidGetURLRequestContextGetter( | 64 PepperNetworkProxyHost::UIThreadData::UIThreadData() |
| 71 scoped_refptr<net::URLRequestContextGetter> context_getter) { | 65 : is_allowed(false) { |
| 72 if (context_getter->GetURLRequestContext()) | 66 } |
| 73 proxy_service_ = context_getter->GetURLRequestContext()->proxy_service(); | 67 |
| 74 waiting_for_proxy_service_ = false; | 68 // static |
| 69 PepperNetworkProxyHost::UIThreadData | |
| 70 PepperNetworkProxyHost::GetUIThreadDataOnUIThread(int render_process_id, | |
| 71 int render_view_id, | |
| 72 bool is_external_plugin) { | |
| 73 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 74 PepperNetworkProxyHost::UIThreadData result; | |
| 75 RenderProcessHost* render_process_host = | |
| 76 RenderProcessHost::FromID(render_process_id); | |
| 77 if (render_process_host && render_process_host->GetBrowserContext()) { | |
| 78 result.context_getter = render_process_host->GetBrowserContext()-> | |
| 79 GetRequestContextForRenderProcess(render_process_id); | |
| 80 } | |
| 81 | |
| 82 RenderViewHost* render_view_host = | |
| 83 RenderViewHost::FromID(render_process_id, render_view_id); | |
| 84 if (render_view_host) { | |
| 85 SocketPermissionRequest request( | |
| 86 content::SocketPermissionRequest::RESOLVE_PROXY, std::string(), 0); | |
| 87 result.is_allowed = pepper_socket_utils::CanUseSocketAPIs( | |
| 88 is_external_plugin, | |
| 89 false /* is_private_api */, | |
| 90 request, | |
| 91 render_view_host); | |
| 92 } | |
| 93 return result; | |
| 94 } | |
| 95 | |
| 96 void PepperNetworkProxyHost::DidGetUIThreadData( | |
| 97 const UIThreadData& ui_thread_data) { | |
| 98 is_allowed_ = ui_thread_data.is_allowed; | |
| 99 if (ui_thread_data.context_getter && | |
| 100 ui_thread_data.context_getter->GetURLRequestContext()) { | |
| 101 proxy_service_ = | |
| 102 ui_thread_data.context_getter->GetURLRequestContext()->proxy_service(); | |
| 103 } | |
| 104 waiting_for_ui_thread_data_ = false; | |
| 75 if (!proxy_service_) { | 105 if (!proxy_service_) { |
| 76 DLOG_IF(WARNING, proxy_service_) | 106 DLOG_IF(WARNING, proxy_service_) |
| 77 << "Failed to find a ProxyService for Pepper plugin."; | 107 << "Failed to find a ProxyService for Pepper plugin."; |
| 78 } | 108 } |
| 79 TryToSendUnsentRequests(); | 109 TryToSendUnsentRequests(); |
| 80 } | 110 } |
| 81 | 111 |
| 82 int32_t PepperNetworkProxyHost::OnResourceMessageReceived( | 112 int32_t PepperNetworkProxyHost::OnResourceMessageReceived( |
| 83 const IPC::Message& msg, | 113 const IPC::Message& msg, |
| 84 ppapi::host::HostMessageContext* context) { | 114 ppapi::host::HostMessageContext* context) { |
| 85 IPC_BEGIN_MESSAGE_MAP(PepperNetworkProxyHost, msg) | 115 IPC_BEGIN_MESSAGE_MAP(PepperNetworkProxyHost, msg) |
| 86 PPAPI_DISPATCH_HOST_RESOURCE_CALL( | 116 PPAPI_DISPATCH_HOST_RESOURCE_CALL( |
| 87 PpapiHostMsg_NetworkProxy_GetProxyForURL, OnMsgGetProxyForURL) | 117 PpapiHostMsg_NetworkProxy_GetProxyForURL, OnMsgGetProxyForURL) |
| 88 IPC_END_MESSAGE_MAP() | 118 IPC_END_MESSAGE_MAP() |
| 89 return PP_ERROR_FAILED; | 119 return PP_ERROR_FAILED; |
| 90 } | 120 } |
| 91 | 121 |
| 92 int32_t PepperNetworkProxyHost::OnMsgGetProxyForURL( | 122 int32_t PepperNetworkProxyHost::OnMsgGetProxyForURL( |
| 93 ppapi::host::HostMessageContext* context, | 123 ppapi::host::HostMessageContext* context, |
| 94 const std::string& url) { | 124 const std::string& url) { |
| 95 GURL gurl(url); | 125 GURL gurl(url); |
| 96 if (gurl.is_valid()) { | 126 if (gurl.is_valid()) { |
| 97 UnsentRequest request = { gurl, context->MakeReplyMessageContext() }; | 127 UnsentRequest request = { gurl, context->MakeReplyMessageContext() }; |
| 98 unsent_requests_.push(request); | 128 unsent_requests_.push(request); |
| 99 TryToSendUnsentRequests(); | 129 TryToSendUnsentRequests(); |
| 100 } else { | 130 } else { |
| 101 SendFailureReply(PP_ERROR_BADARGUMENT, context->MakeReplyMessageContext()); | 131 SendFailureReply(PP_ERROR_BADARGUMENT, |
| 132 context->MakeReplyMessageContext()); | |
| 102 } | 133 } |
| 103 return PP_OK_COMPLETIONPENDING; | 134 return PP_OK_COMPLETIONPENDING; |
| 104 } | 135 } |
| 105 | 136 |
| 106 void PepperNetworkProxyHost::TryToSendUnsentRequests() { | 137 void PepperNetworkProxyHost::TryToSendUnsentRequests() { |
| 107 if (waiting_for_proxy_service_) | 138 if (waiting_for_ui_thread_data_) |
| 108 return; | 139 return; |
| 109 | 140 |
| 110 while (!unsent_requests_.empty()) { | 141 while (!unsent_requests_.empty()) { |
| 111 const UnsentRequest& request = unsent_requests_.front(); | 142 const UnsentRequest& request = unsent_requests_.front(); |
| 112 if (!proxy_service_) { | 143 if (!proxy_service_) { |
| 113 SendFailureReply(PP_ERROR_FAILED, request.reply_context); | 144 SendFailureReply(PP_ERROR_FAILED, request.reply_context); |
| 145 } else if (!is_allowed_) { | |
| 146 SendFailureReply(PP_ERROR_NOACCESS, request.reply_context); | |
| 114 } else { | 147 } else { |
| 115 // Everything looks valid, so try to resolve the proxy. | 148 // Everything looks valid, so try to resolve the proxy. |
| 116 net::ProxyInfo* proxy_info = new net::ProxyInfo; | 149 net::ProxyInfo* proxy_info = new net::ProxyInfo; |
| 117 net::ProxyService::PacRequest* pending_request = NULL; | 150 net::ProxyService::PacRequest* pending_request = NULL; |
| 118 base::Callback<void (int)> callback = | 151 base::Callback<void (int)> callback = |
| 119 base::Bind(&PepperNetworkProxyHost::OnResolveProxyCompleted, | 152 base::Bind(&PepperNetworkProxyHost::OnResolveProxyCompleted, |
| 120 weak_factory_.GetWeakPtr(), | 153 weak_factory_.GetWeakPtr(), |
| 121 request.reply_context, | 154 request.reply_context, |
| 122 base::Owned(proxy_info)); | 155 base::Owned(proxy_info)); |
| 123 int result = proxy_service_->ResolveProxy(request.url, | 156 int result = proxy_service_->ResolveProxy(request.url, |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 135 } | 168 } |
| 136 } | 169 } |
| 137 | 170 |
| 138 void PepperNetworkProxyHost::OnResolveProxyCompleted( | 171 void PepperNetworkProxyHost::OnResolveProxyCompleted( |
| 139 ppapi::host::ReplyMessageContext context, | 172 ppapi::host::ReplyMessageContext context, |
| 140 net::ProxyInfo* proxy_info, | 173 net::ProxyInfo* proxy_info, |
| 141 int result) { | 174 int result) { |
| 142 pending_requests_.pop(); | 175 pending_requests_.pop(); |
| 143 | 176 |
| 144 if (result != net::OK) { | 177 if (result != net::OK) { |
| 145 // TODO(dmichael): Add appropriate error codes to yzshen's conversion | 178 // Currently, the only proxy-specific error we could get is |
| 146 // function, and call that function here. | 179 // MANDATORY_PROXY_CONFIGURATION_FAILED. There's really no action a plugin |
| 180 // can take in this case, so there's no need to distinguish it from other | |
| 181 // failures. | |
| 147 context.params.set_result(PP_ERROR_FAILED); | 182 context.params.set_result(PP_ERROR_FAILED); |
| 148 } | 183 } |
| 149 host()->SendReply(context, | 184 host()->SendReply(context, |
| 150 PpapiPluginMsg_NetworkProxy_GetProxyForURLReply( | 185 PpapiPluginMsg_NetworkProxy_GetProxyForURLReply( |
| 151 proxy_info->ToPacString())); | 186 proxy_info->ToPacString())); |
| 152 } | 187 } |
| 153 | 188 |
| 154 void PepperNetworkProxyHost::SendFailureReply( | 189 void PepperNetworkProxyHost::SendFailureReply( |
| 155 int32_t error, | 190 int32_t error, |
| 156 ppapi::host::ReplyMessageContext context) { | 191 ppapi::host::ReplyMessageContext context) { |
| 157 context.params.set_result(error); | 192 context.params.set_result(error); |
| 158 host()->SendReply(context, | 193 host()->SendReply(context, |
| 159 PpapiPluginMsg_NetworkProxy_GetProxyForURLReply( | 194 PpapiPluginMsg_NetworkProxy_GetProxyForURLReply( |
| 160 std::string())); | 195 std::string())); |
| 161 } | 196 } |
| 162 | 197 |
| 163 } // namespace content | 198 } // namespace content |
| OLD | NEW |
