ppapi: PPB_VpnProvider: Bind VpnService to the PPAPI Resource Host

extensions/browser/api/vpn_provider/vpn_service.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/browser/api/vpn_provider/vpn_service.h"
 
 #include <stdint.h>
 #include <utility>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/guid.h"
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/single_thread_task_runner.h"
 #include "base/stl_util.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/threading/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "chromeos/dbus/shill_third_party_vpn_driver_client.h"
 #include "chromeos/dbus/shill_third_party_vpn_observer.h"
 #include "chromeos/network/network_configuration_handler.h"
 #include "chromeos/network/network_profile.h"
 #include "chromeos/network/network_profile_handler.h"
 #include "chromeos/network/network_state.h"
 #include "chromeos/network/network_state_handler.h"
 #include "chromeos/network/network_type_pattern.h"
+#include "content/public/browser/pepper_vpn_provider_resource_host_proxy.h"
+#include "content/public/browser/vpn_service_proxy.h"
 #include "crypto/sha2.h"
 #include "extensions/browser/event_router.h"
 #include "extensions/browser/extension_registry.h"
 #include "third_party/cros_system_api/dbus/service_constants.h"
 
 namespace chromeos {
 
 namespace {
 
 namespace api_vpn = extensions::api::vpn_provider;
@@ skipping 15 matching lines @@
 
   const std::string& extension_id() const { return extension_id_; }
   const std::string& configuration_name() const { return configuration_name_; }
   const std::string& key() const { return key_; }
   const std::string& service_path() const { return service_path_; }
   void set_service_path(const std::string& service_path) {
     service_path_ = service_path;
   }
   const std::string& object_path() const { return object_path_; }
 
+  void set_nacl_bound(

[emaxx, 2016/06/21 23:47:48]

Is there a situation possible in which nacl_bound==true along with NULL
pepper_vpn_provider_proxy would be passed here?
If not, then it would be clearer to rid of the boolean variable and member.

[adrian.belgun, 2016/06/22 08:23:46]

Done. Removed superfluous nacl_bound. 
It was a remnant from the old logic, without pepper_vpn_provider_proxy.

+      bool nacl_bound,
+      std::unique_ptr<content::PepperVpnProviderResourceHostProxy>
+          pepper_vpn_provider_proxy) {
+    nacl_bound_ = nacl_bound;
+    pepper_vpn_provider_proxy_ = std::move(pepper_vpn_provider_proxy);
+  }
+
   // ShillThirdPartyVpnObserver:
   void OnPacketReceived(const std::vector<char>& data) override;
   void OnPlatformMessage(uint32_t message) override;
 
  private:
   const std::string extension_id_;
   const std::string configuration_name_;
   const std::string key_;
   const std::string object_path_;
 
+  bool nacl_bound_;
+  std::unique_ptr<content::PepperVpnProviderResourceHostProxy>
+      pepper_vpn_provider_proxy_;
+
   std::string service_path_;
 
   base::WeakPtr<VpnService> vpn_service_;
 
   DISALLOW_COPY_AND_ASSIGN(VpnConfiguration);
 };
 
 VpnService::VpnConfiguration::VpnConfiguration(
     const std::string& extension_id,
     const std::string& configuration_name,
     const std::string& key,
     base::WeakPtr<VpnService> vpn_service)
     : extension_id_(extension_id),
       configuration_name_(configuration_name),
       key_(key),
       object_path_(shill::kObjectPathBase + key_),
-      vpn_service_(vpn_service) {
-}
+      nacl_bound_(false),
+      vpn_service_(vpn_service) {}
 
 VpnService::VpnConfiguration::~VpnConfiguration() {
 }
 
 void VpnService::VpnConfiguration::OnPacketReceived(
     const std::vector<char>& data) {
   if (!vpn_service_) {
     return;
   }
-  std::unique_ptr<base::ListValue> event_args =
-      api_vpn::OnPacketReceived::Create(data);
-  vpn_service_->SendSignalToExtension(
-      extension_id_, extensions::events::VPN_PROVIDER_ON_PACKET_RECEIVED,
-      api_vpn::OnPacketReceived::kEventName, std::move(event_args));
+  // If the configuration was added via a PPAPI plugin

[emaxx, 2016/06/21 23:47:47]

nit: This comment looks unfinished, and describes only the the first branch of
the condition.

[adrian.belgun, 2016/06/22 08:23:46]

Done.

+  if (nacl_bound_) {
+    if (pepper_vpn_provider_proxy_)
+      pepper_vpn_provider_proxy_->SendOnPacketReceived(data);
+  } else {
+    std::unique_ptr<base::ListValue> event_args =
+        api_vpn::OnPacketReceived::Create(data);
+    vpn_service_->SendSignalToExtension(
+        extension_id_, extensions::events::VPN_PROVIDER_ON_PACKET_RECEIVED,
+        api_vpn::OnPacketReceived::kEventName, std::move(event_args));
+  }
 }
 
 void VpnService::VpnConfiguration::OnPlatformMessage(uint32_t message) {
   if (!vpn_service_) {
     return;
   }
   DCHECK_GE(api_vpn::PLATFORM_MESSAGE_LAST, message);
 
   api_vpn::PlatformMessage platform_message =
       static_cast<api_vpn::PlatformMessage>(message);
 
   if (platform_message == api_vpn::PLATFORM_MESSAGE_CONNECTED) {
     vpn_service_->SetActiveConfiguration(this);
   } else if (platform_message == api_vpn::PLATFORM_MESSAGE_DISCONNECTED ||
              platform_message == api_vpn::PLATFORM_MESSAGE_ERROR) {
     vpn_service_->SetActiveConfiguration(nullptr);
+
+    // Disconnect NaCl-bound configuration
+    if (nacl_bound_) {
+      nacl_bound_ = false;
+      if (pepper_vpn_provider_proxy_)
+        pepper_vpn_provider_proxy_->SendOnUnbind();
+      pepper_vpn_provider_proxy_.reset();
+    }
   }
 
   // TODO(kaliamoorthi): Update the lower layers to get the error message and
   // pass in the error instead of std::string().
   std::unique_ptr<base::ListValue> event_args =
       api_vpn::OnPlatformMessage::Create(configuration_name_, platform_message,
                                          std::string());
 
   vpn_service_->SendSignalToExtension(
       extension_id_, extensions::events::VPN_PROVIDER_ON_PLATFORM_MESSAGE,
       api_vpn::OnPlatformMessage::kEventName, std::move(event_args));
 }
 
+class VpnService::VpnServiceProxyImpl : public content::VpnServiceProxy {
+ public:
+  VpnServiceProxyImpl(base::WeakPtr<VpnService> vpn_service);
+  ~VpnServiceProxyImpl() override;
+
+  void Bind(const std::string& extension_id,
+            const std::string& configuration_id,
+            const std::string& configuration_name,
+            const SuccessCallback& success,
+            const FailureCallback& failure,
+            std::unique_ptr<content::PepperVpnProviderResourceHostProxy>
+                pepper_vpn_provider_proxy) override;
+  void SendPacket(const std::string& extension_id,
+                  const std::vector<char>& data,
+                  const SuccessCallback& success,
+                  const FailureCallback& failure) override;
+
+ private:
+  base::WeakPtr<VpnService> vpn_service_;
+
+  DISALLOW_COPY_AND_ASSIGN(VpnServiceProxyImpl);
+};
+
+VpnService::VpnServiceProxyImpl::VpnServiceProxyImpl(
+    base::WeakPtr<VpnService> vpn_service)
+    : vpn_service_(vpn_service) {}
+
+VpnService::VpnServiceProxyImpl::~VpnServiceProxyImpl() {}

[emaxx, 2016/06/21 23:47:47]

nit: Is this necessary?

[adrian.belgun, 2016/06/22 08:23:46]

Removed it. Technically not necessary, but added it to be consistent with the
above VpnConfiguration.

+
+void VpnService::VpnServiceProxyImpl::Bind(
+    const std::string& extension_id,
+    const std::string& configuration_id,
+    const std::string& configuration_name,
+    const SuccessCallback& success,
+    const FailureCallback& failure,
+    std::unique_ptr<content::PepperVpnProviderResourceHostProxy>
+        pepper_vpn_provider_proxy) {
+  if (!vpn_service_) {
+    NOTREACHED();
+    return;
+  }
+
+  vpn_service_->Bind(extension_id, configuration_id, configuration_name,
+                     success, failure, std::move(pepper_vpn_provider_proxy));
+}
+
+void VpnService::VpnServiceProxyImpl::SendPacket(
+    const std::string& extension_id,
+    const std::vector<char>& data,
+    const SuccessCallback& success,
+    const FailureCallback& failure) {
+  if (!vpn_service_) {
+    NOTREACHED();
+    return;
+  }
+
+  vpn_service_->SendPacket(extension_id, data, success, failure);
+}
+
 VpnService::VpnService(
     content::BrowserContext* browser_context,
     const std::string& userid_hash,
     extensions::ExtensionRegistry* extension_registry,
     extensions::EventRouter* event_router,
     ShillThirdPartyVpnDriverClient* shill_client,
     NetworkConfigurationHandler* network_configuration_handler,
     NetworkProfileHandler* network_profile_handler,
     NetworkStateHandler* network_state_handler)
     : browser_context_(browser_context),
@@ skipping 422 matching lines @@
   }
   delete configuration;
 }
 
 bool VpnService::DoesActiveConfigurationExistAndIsAccessAuthorized(
     const std::string& extension_id) {
   return active_configuration_ &&
          active_configuration_->extension_id() == extension_id;
 }
 
+void VpnService::Bind(
+    const std::string& extension_id,
+    const std::string& configuration_id,
+    const std::string& configuration_name,
+    const SuccessCallback& success,
+    const FailureCallback& failure,
+    std::unique_ptr<content::PepperVpnProviderResourceHostProxy>
+        pepper_vpn_provider_proxy) {
+  // The ID is the configuration name for now. This may change in the future.
+  const std::string key = GetKey(extension_id, configuration_id);
+  if (!ContainsKey(key_to_configuration_map_, key)) {
+    failure.Run(std::string(), std::string("Unauthorized access 1."));
+    return;
+  }
+
+  VpnConfiguration* configuration = key_to_configuration_map_[key];
+  if (active_configuration_ != configuration) {
+    failure.Run(std::string(), std::string("Unauthorized access 2."));
+    return;
+  }
+
+  if (configuration->extension_id() != extension_id ||
+      configuration->configuration_name() != configuration_name) {
+    failure.Run(std::string(), std::string("Unauthorized access 3."));

[emaxx, 2016/06/21 23:47:47]

Could you please make the error messages more informative?

[adrian.belgun, 2016/06/22 08:23:46]

Done.

+    return;
+  }
+
+  const std::string service_path = configuration->service_path();
+  if (service_path.empty()) {
+    failure.Run(std::string(), std::string("Pending create."));
+    return;
+  }
+
+  // Connection authorized. All packets will be routed through NaCl.
+  configuration->set_nacl_bound(true, std::move(pepper_vpn_provider_proxy));
+
+  success.Run();
+}
+
+std::unique_ptr<content::VpnServiceProxy> VpnService::GetVpnServiceProxy() {
+  return base::WrapUnique(new VpnServiceProxyImpl(weak_factory_.GetWeakPtr()));
+}
+
 }  // namespace chromeos