Enforce Capability Filter provided in manifest

mojo/shell/application_manager.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "mojo/shell/application_manager.h"
 
 #include <stdint.h>
 
 #include <utility>
 
@@ skipping 283 matching lines @@
 void ApplicationManager::OnShellClientFactoryLost(const Identity& which) {
   // Remove the mapping.
   auto it = shell_client_factories_.find(which);
   DCHECK(it != shell_client_factories_.end());
   shell_client_factories_.erase(it);
 }
 
 void ApplicationManager::OnGotResolvedURL(
     scoped_ptr<ConnectParams> params,
     const String& resolved_url,
-    const String& qualifier,
+    const String& resolved_qualifier,
     mojom::CapabilityFilterPtr base_filter,
     const String& file_url) {
   // It's possible that when this manifest request was issued, another one was
   // already in-progress and completed by the time this one did, and so the
   // requested application may already be running.
   if (ConnectToExistingInstance(&params))
     return;
 
-  Identity source = params->source(), target = params->target();
+  Identity source = params->source();
+  CapabilityFilter filter = params->target().filter();
+  // TODO(beng): this clobbers the filter passed via Connect().
+  if (!base_filter.is_null())
+    filter = base_filter->filter.To<CapabilityFilter>();
+  Identity target(params->target().url(), params->target().qualifier(), filter);
+
   mojom::ShellClientRequest request;
-  ApplicationInstance* instance = CreateInstance(params->target(), &request);
+  ApplicationInstance* instance = CreateInstance(target, &request);
   instance->ConnectToClient(std::move(params));
 
   if (LoadWithLoader(target, &request))
     return;
 
   CHECK(!file_url.is_null() && !base_filter.is_null());
 
   GURL resolved_gurl = resolved_url.To<GURL>();
   if (target.url().spec() != resolved_url) {
-    // TODO(beng): this clobbers the CapabilityFilter passed via Connect().
-    CapabilityFilter capability_filter = GetPermissiveCapabilityFilter();
-    if (!base_filter.is_null())
-      capability_filter = base_filter->filter.To<CapabilityFilter>();
-
+    // In cases where a package alias is resolved, we have to use the qualifier
+    // from the original request rather than for the package itself, which will
+    // always be the same.
     CreateShellClient(source,
-                      Identity(resolved_gurl, qualifier, capability_filter),
+                      Identity(resolved_gurl, target.qualifier(), filter),
                       target.url(), std::move(request));
   } else {
     bool start_sandboxed = false;
     base::FilePath path = util::UrlToFilePath(file_url.To<GURL>());
     scoped_ptr<NativeRunner> runner = native_runner_factory_->Create(path);
     runner->Start(path, start_sandboxed, std::move(request),
                   base::Bind(&ApplicationManager::ApplicationPIDAvailable,
                              weak_ptr_factory_.GetWeakPtr(), instance->id()),
                   base::Bind(&ApplicationManager::CleanupRunner,
                              weak_ptr_factory_.GetWeakPtr(), runner.get()));
@@ skipping 35 matching lines @@
   info->qualifier = instance->identity().qualifier();
   if (instance->identity().url().spec() == "mojo://shell/")
     info->pid = base::Process::Current().Pid();
   else
     info->pid = instance->pid();
   return info;
 }
 
 }  // namespace shell
 }  // namespace mojo