Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1085)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: services/shell/shell.cc

Issue 1918333002: Add explicit capability class enforcement. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | services/shell/tests/connect/connect_test_app_a_manifest.json » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "services/shell/shell.h" 5 #include "services/shell/shell.h"
6 6
7 #include <stdint.h> 7 #include <stdint.h>
8 8
9 #include <utility> 9 #include <utility>
10 10
(...skipping 20 matching lines...) Expand all
31 namespace shell { 31 namespace shell {
32 32
33 namespace { 33 namespace {
34 34
35 const char kCatalogName[] = "mojo:catalog"; 35 const char kCatalogName[] = "mojo:catalog";
36 const char kShellName[] = "mojo:shell"; 36 const char kShellName[] = "mojo:shell";
37 const char kCapabilityClass_UserID[] = "shell:user_id"; 37 const char kCapabilityClass_UserID[] = "shell:user_id";
38 const char kCapabilityClass_ClientProcess[] = "shell:client_process"; 38 const char kCapabilityClass_ClientProcess[] = "shell:client_process";
39 const char kCapabilityClass_InstanceName[] = "shell:instance_name"; 39 const char kCapabilityClass_InstanceName[] = "shell:instance_name";
40 const char kCapabilityClass_AllUsers[] = "shell:all_users"; 40 const char kCapabilityClass_AllUsers[] = "shell:all_users";
41 const char kCapabilityClass_ExplicitClass[] = "shell:explicit_class";
41 42
42 void EmptyResolverCallback(mojom::ResolveResultPtr result) {} 43 void EmptyResolverCallback(mojom::ResolveResultPtr result) {}
43 44
44 } // namespace 45 } // namespace
45 46
46 Identity CreateShellIdentity() { 47 Identity CreateShellIdentity() {
47 return Identity(kShellName, mojom::kRootUserID); 48 return Identity(kShellName, mojom::kRootUserID);
48 } 49 }
49 50
50 Identity CreateCatalogIdentity() { 51 Identity CreateCatalogIdentity() {
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after
151 identity_.user_id(), id_); 152 identity_.user_id(), id_);
152 uint32_t source_id = mojom::kInvalidInstanceID; 153 uint32_t source_id = mojom::kInvalidInstanceID;
153 CapabilityRequest request; 154 CapabilityRequest request;
154 request.interfaces.insert("*"); 155 request.interfaces.insert("*");
155 Instance* source = shell_->GetExistingInstance(params->source()); 156 Instance* source = shell_->GetExistingInstance(params->source());
156 if (source) { 157 if (source) {
157 request = GenerateCapabilityRequestForConnection( 158 request = GenerateCapabilityRequestForConnection(
158 source->capability_spec_, identity_, capability_spec_); 159 source->capability_spec_, identity_, capability_spec_);
159 source_id = source->id(); 160 source_id = source->id();
160 } 161 }
162
163 // The target has specified that sources must request one of its provided
164 // classes instead of specifying a wild-card for interfaces.
165 if (HasClass(capability_spec_, kCapabilityClass_ExplicitClass) &&
166 (request.interfaces.count("*") != 0)) {
167 request.interfaces = Interfaces();
168 }
169
161 shell_client_->AcceptConnection( 170 shell_client_->AcceptConnection(
162 mojom::Identity::From(params->source()), source_id, 171 mojom::Identity::From(params->source()), source_id,
163 params->TakeRemoteInterfaces(), params->TakeLocalInterfaces(), 172 params->TakeRemoteInterfaces(), params->TakeLocalInterfaces(),
164 mojom::CapabilityRequest::From(request), params->target().name()); 173 mojom::CapabilityRequest::From(request), params->target().name());
165 } 174 }
166 175
167 void StartWithClient(mojom::ShellClientPtr client) { 176 void StartWithClient(mojom::ShellClientPtr client) {
168 CHECK(!shell_client_); 177 CHECK(!shell_client_);
169 shell_client_ = std::move(client); 178 shell_client_ = std::move(client);
170 shell_client_.set_connection_error_handler( 179 shell_client_.set_connection_error_handler(
(...skipping 580 matching lines...) Expand 10 before | Expand all | Expand 10 after
751 void Shell::CleanupRunner(NativeRunner* runner) { 760 void Shell::CleanupRunner(NativeRunner* runner) {
752 for (auto it = native_runners_.begin(); it != native_runners_.end(); ++it) { 761 for (auto it = native_runners_.begin(); it != native_runners_.end(); ++it) {
753 if (it->get() == runner) { 762 if (it->get() == runner) {
754 native_runners_.erase(it); 763 native_runners_.erase(it);
755 return; 764 return;
756 } 765 }
757 } 766 }
758 } 767 }
759 768
760 } // namespace shell 769 } // namespace shell
OLDNEW
« no previous file with comments | « no previous file | services/shell/tests/connect/connect_test_app_a_manifest.json » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698