Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(255)

Side by Side Diff: extensions/renderer/object_backed_native_handler.cc

Issue 1843803002: [Extensions] Add an access check before executing native code in the renderer (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/renderer/object_backed_native_handler.h" 5 #include "extensions/renderer/object_backed_native_handler.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/memory/linked_ptr.h" 10 #include "base/memory/linked_ptr.h"
11 #include "content/public/child/worker_thread.h"
11 #include "extensions/renderer/console.h" 12 #include "extensions/renderer/console.h"
12 #include "extensions/renderer/module_system.h" 13 #include "extensions/renderer/module_system.h"
13 #include "extensions/renderer/script_context.h" 14 #include "extensions/renderer/script_context.h"
14 #include "extensions/renderer/script_context_set.h" 15 #include "extensions/renderer/script_context_set.h"
16 #include "extensions/renderer/v8_helpers.h"
15 #include "v8/include/v8.h" 17 #include "v8/include/v8.h"
16 18
17 namespace extensions { 19 namespace extensions {
18 20
19 namespace { 21 namespace {
20 // Key for the base::Bound routed function. 22 // Key for the base::Bound routed function.
21 const char* kHandlerFunction = "handler_function"; 23 const char* kHandlerFunction = "handler_function";
24 const char* kFeatureName = "feature_name";
22 } // namespace 25 } // namespace
23 26
24 ObjectBackedNativeHandler::ObjectBackedNativeHandler(ScriptContext* context) 27 ObjectBackedNativeHandler::ObjectBackedNativeHandler(ScriptContext* context)
25 : router_data_(context->isolate()), 28 : router_data_(context->isolate()),
26 context_(context), 29 context_(context),
27 object_template_(context->isolate(), 30 object_template_(context->isolate(),
28 v8::ObjectTemplate::New(context->isolate())) { 31 v8::ObjectTemplate::New(context->isolate())) {
29 } 32 }
30 33
31 ObjectBackedNativeHandler::~ObjectBackedNativeHandler() { 34 ObjectBackedNativeHandler::~ObjectBackedNativeHandler() {
32 } 35 }
33 36
34 v8::Local<v8::Object> ObjectBackedNativeHandler::NewInstance() { 37 v8::Local<v8::Object> ObjectBackedNativeHandler::NewInstance() {
35 return v8::Local<v8::ObjectTemplate>::New(GetIsolate(), object_template_) 38 return v8::Local<v8::ObjectTemplate>::New(GetIsolate(), object_template_)
36 ->NewInstance(); 39 ->NewInstance();
37 } 40 }
38 41
39 // static 42 // static
40 void ObjectBackedNativeHandler::Router( 43 void ObjectBackedNativeHandler::Router(
41 const v8::FunctionCallbackInfo<v8::Value>& args) { 44 const v8::FunctionCallbackInfo<v8::Value>& args) {
42 v8::Isolate* isolate = args.GetIsolate(); 45 v8::Isolate* isolate = args.GetIsolate();
43 v8::HandleScope handle_scope(isolate); 46 v8::HandleScope handle_scope(isolate);
44 v8::Local<v8::Object> data = args.Data().As<v8::Object>(); 47 v8::Local<v8::Object> data = args.Data().As<v8::Object>();
45 v8::Local<v8::Context> context = isolate->GetCurrentContext(); 48 v8::Local<v8::Context> context = isolate->GetCurrentContext();
46 49
47 v8::Local<v8::Value> handler_function_value; 50 v8::Local<v8::Value> handler_function_value;
51 v8::Local<v8::Value> feature_name_value;
48 // See comment in header file for why we do this. 52 // See comment in header file for why we do this.
49 if (!GetPrivate(context, data, kHandlerFunction, &handler_function_value) || 53 if (!GetPrivate(context, data, kHandlerFunction, &handler_function_value) ||
50 handler_function_value->IsUndefined()) { 54 handler_function_value->IsUndefined() ||
55 !GetPrivate(context, data, kFeatureName, &feature_name_value) ||
56 !feature_name_value->IsString()) {
51 ScriptContext* script_context = 57 ScriptContext* script_context =
52 ScriptContextSet::GetContextByV8Context(context); 58 ScriptContextSet::GetContextByV8Context(context);
53 console::Error(script_context ? script_context->GetRenderFrame() : nullptr, 59 console::Error(script_context ? script_context->GetRenderFrame() : nullptr,
54 "Extension view no longer exists"); 60 "Extension view no longer exists");
55 return; 61 return;
56 } 62 }
63
64 if (content::WorkerThread::GetCurrentId() == 0) {
jochen (gone - plz use gerrit) 2016/03/31 15:13:50 why is this check needed?
Devlin 2016/03/31 16:38:07 There probably should have been a TODO here to fig
65 ScriptContext* script_context =
66 ScriptContextSet::GetContextByV8Context(context);
67 v8::Local<v8::String> feature_name_string =
68 feature_name_value->ToString(context).ToLocalChecked();
69 std::string feature_name = *v8::String::Utf8Value(feature_name_string);
70 if (script_context &&
71 !feature_name.empty() &&
72 !script_context->GetAvailability(feature_name).is_available()) {
Devlin 2016/03/30 22:02:28 This check is kind of annoying - ideally we wouldn
73 return;
74 }
75 }
57 // This CHECK is *important*. Otherwise, we'll go around happily executing 76 // This CHECK is *important*. Otherwise, we'll go around happily executing
58 // something random. See crbug.com/548273. 77 // something random. See crbug.com/548273.
59 CHECK(handler_function_value->IsExternal()); 78 CHECK(handler_function_value->IsExternal());
60 static_cast<HandlerFunction*>( 79 static_cast<HandlerFunction*>(
61 handler_function_value.As<v8::External>()->Value())->Run(args); 80 handler_function_value.As<v8::External>()->Value())->Run(args);
62 } 81 }
63 82
64 void ObjectBackedNativeHandler::RouteFunction( 83 void ObjectBackedNativeHandler::RouteFunction(
65 const std::string& name, 84 const std::string& name,
66 const HandlerFunction& handler_function) { 85 const HandlerFunction& handler_function) {
86 RouteFunction(name, "", handler_function);
87 }
88
89 void ObjectBackedNativeHandler::RouteFunction(
90 const std::string& name,
91 const std::string& feature_name,
92 const HandlerFunction& handler_function) {
67 v8::Isolate* isolate = v8::Isolate::GetCurrent(); 93 v8::Isolate* isolate = v8::Isolate::GetCurrent();
68 v8::HandleScope handle_scope(isolate); 94 v8::HandleScope handle_scope(isolate);
69 v8::Context::Scope context_scope(context_->v8_context()); 95 v8::Context::Scope context_scope(context_->v8_context());
70 96
71 v8::Local<v8::Object> data = v8::Object::New(isolate); 97 v8::Local<v8::Object> data = v8::Object::New(isolate);
72 SetPrivate(data, kHandlerFunction, 98 SetPrivate(data, kHandlerFunction,
73 v8::External::New(isolate, new HandlerFunction(handler_function))); 99 v8::External::New(isolate, new HandlerFunction(handler_function)));
100 SetPrivate(data, kFeatureName,
101 v8_helpers::ToV8StringUnsafe(isolate, feature_name));
74 v8::Local<v8::FunctionTemplate> function_template = 102 v8::Local<v8::FunctionTemplate> function_template =
75 v8::FunctionTemplate::New(isolate, Router, data); 103 v8::FunctionTemplate::New(isolate, Router, data);
76 v8::Local<v8::ObjectTemplate>::New(isolate, object_template_) 104 v8::Local<v8::ObjectTemplate>::New(isolate, object_template_)
77 ->Set(isolate, name.c_str(), function_template); 105 ->Set(isolate, name.c_str(), function_template);
78 router_data_.Append(data); 106 router_data_.Append(data);
79 } 107 }
80 108
81 v8::Isolate* ObjectBackedNativeHandler::GetIsolate() const { 109 v8::Isolate* ObjectBackedNativeHandler::GetIsolate() const {
82 return context_->isolate(); 110 return context_->isolate();
83 } 111 }
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after
148 v8::Local<v8::Object> obj, 176 v8::Local<v8::Object> obj,
149 const char* key) { 177 const char* key) {
150 obj->DeletePrivate(context, 178 obj->DeletePrivate(context,
151 v8::Private::ForApi( 179 v8::Private::ForApi(
152 context->GetIsolate(), 180 context->GetIsolate(),
153 v8::String::NewFromUtf8(context->GetIsolate(), key))) 181 v8::String::NewFromUtf8(context->GetIsolate(), key)))
154 .FromJust(); 182 .FromJust();
155 } 183 }
156 184
157 } // namespace extensions 185 } // namespace extensions
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698