chrome/utility/chrome_content_utility_client.cc - Issue 2615423002: Convert utility process ParseMediaMetadata IPC to mojo

Side by Side Diff: chrome/utility/chrome_content_utility_client.cc

Issue 2615423002: Convert utility process ParseMediaMetadata IPC to mojo (Closed)

Patch Set: More review comments. Created 3 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« chrome/common/extensions/media_parser_struct_traits.h ('K') | « chrome/common/extensions/typemaps.gni ('k') | chrome/utility/extensions/extensions_handler.h » ('j') | chrome/utility/extensions/extensions_handler.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/utility/chrome_content_utility_client.h"	5 #include "chrome/utility/chrome_content_utility_client.h"

6	6

7 #include <stddef.h>	7 #include <stddef.h>

8 #include <utility>	8 #include <utility>

9	9

10 #include "base/command_line.h"	10 #include "base/command_line.h"

(...skipping 97 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
108 std::unique_ptr<service_manager::Service> CreateImageDecoderService() {	108 std::unique_ptr<service_manager::Service> CreateImageDecoderService() {

109 content::UtilityThread::Get()->EnsureBlinkInitialized();	109 content::UtilityThread::Get()->EnsureBlinkInitialized();

110 return image_decoder::ImageDecoderService::Create();	110 return image_decoder::ImageDecoderService::Create();

111 }	111 }

112	112

113 } // namespace	113 } // namespace

114	114

115 ChromeContentUtilityClient::ChromeContentUtilityClient()	115 ChromeContentUtilityClient::ChromeContentUtilityClient()

116 : filter_messages_(false) {	116 : filter_messages_(false) {

117 #if BUILDFLAG(ENABLE_EXTENSIONS)	117 #if BUILDFLAG(ENABLE_EXTENSIONS)

118 handlers_.push_back(new extensions::ExtensionsHandler(this));	118 handlers_.push_back(new extensions::ExtensionsHandler());

119 handlers_.push_back(new image_writer::ImageWriterHandler());	119 handlers_.push_back(new image_writer::ImageWriterHandler());

120 #endif	120 #endif

121	121

122 #if BUILDFLAG(ENABLE_PRINT_PREVIEW) \|\| \	122 #if BUILDFLAG(ENABLE_PRINT_PREVIEW) \|\| \

123 (BUILDFLAG(ENABLE_BASIC_PRINTING) && defined(OS_WIN))	123 (BUILDFLAG(ENABLE_BASIC_PRINTING) && defined(OS_WIN))

124 handlers_.push_back(new printing::PrintingHandler());	124 handlers_.push_back(new printing::PrintingHandler());

125 #endif	125 #endif

126	126

127 #if defined(OS_WIN)	127 #if defined(OS_WIN)

128 handlers_.push_back(new IPCShellHandler());	128 handlers_.push_back(new IPCShellHandler());

(...skipping 56 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
185 // for loop was using iterators explicitly, as originally done).	185 // for loop was using iterators explicitly, as originally done).

186 if (handler->OnMessageReceived(message))	186 if (handler->OnMessageReceived(message))

187 return true;	187 return true;

188 }	188 }

189	189

190 return false;	190 return false;

191 }	191 }

192	192

193 void ChromeContentUtilityClient::ExposeInterfacesToBrowser(	193 void ChromeContentUtilityClient::ExposeInterfacesToBrowser(

194 service_manager::InterfaceRegistry* registry) {	194 service_manager::InterfaceRegistry* registry) {

195 // When the utility process is running with elevated privileges, we need to	195 const bool running_elevated =

196 // filter messages so that only a whitelist of IPCs can run. In Mojo, there's	196 base::CommandLine::ForCurrentProcess()->HasSwitch(

197 // no way of filtering individual messages. Instead, we can avoid adding	197 switches::kUtilityProcessRunningElevated);

198 // non-whitelisted Mojo services to the service_manager::InterfaceRegistry.	198 #if BUILDFLAG(ENABLE_EXTENSIONS)

199 // TODO(amistry): Use a whitelist once the whistlisted IPCs have been	199 ChromeContentUtilityClient* utility_client = this;

200 // converted to Mojo.	200 extensions::ExtensionsHandler::ExposeInterfacesToBrowser(

201 if (filter_messages_)	201 registry, utility_client, running_elevated);

	202 #endif

	203 // If our process runs with elevated privileges, only add elevated

	204 // Mojo services to the interface registry.

	205 if (running_elevated)
	dcheng 2017/01/11 09:09:59 Since this was changed, I wonder why we don't filt Since this was changed, I wonder why we don't filter messages if kMessageWhitelistSize == 0 and the process is elevated. Is this a bug? Or do we assume that we never start up a elevated utility process that's filtering all messages? Noel Gordon 2017/01/12 14:11:20 Great question. Looks like a potential bug to me. Show quoted text On 2017/01/11 09:09:59, dcheng wrote: > Since this was changed, I wonder why we don't filter messages if > kMessageWhitelistSize == 0 and the process is elevated. Is this a bug? Great question. Looks like a potential bug to me. kMessageWhitelistSize == 0 and elevated looks to be possible by building chrome without the EXTENSIONS build flag (that would make kMessageWhitelistSize = 0). Dunno if we do that, but an elevated utility process in that case would expose non-elevated IPC, and (prior to my change) non-elevated mojos too. Noel Gordon 2017/01/12 23:19:04 https://cs.chromium.org/search/?q=ElevatePrivilege Show quoted text On 2017/01/12 14:11:20, noel gordon wrote: > On 2017/01/11 09:09:59, dcheng wrote: > > Since this was changed, I wonder why we don't filter messages if > > kMessageWhitelistSize == 0 and the process is elevated. Is this a bug? > > Great question. Looks like a potential bug to me. kMessageWhitelistSize == 0 > and elevated looks to be possible by building chrome without the EXTENSIONS > build flag (that would make kMessageWhitelistSize = 0). Dunno if we do that, > but an elevated utility process in that case would expose non-elevated IPC, and > (prior to my change) non-elevated mojos too. https://cs.chromium.org/search/?q=ElevatePrivileges&sq=package:chromium tells me that utility process elevation is only used on WIN, and that its two users are in the EXTENSIONS system. Each of them have IPC whitelist entries installed in the utility process. So no bug here: an elevated utility process always has a whitelist to filter on. dcheng 2017/01/13 09:21:04 OK. I hope we can clean up the filter_messages_ th Show quoted text On 2017/01/12 23:19:04, noel gordon wrote: > On 2017/01/12 14:11:20, noel gordon wrote: > > On 2017/01/11 09:09:59, dcheng wrote: > > > Since this was changed, I wonder why we don't filter messages if > > > kMessageWhitelistSize == 0 and the process is elevated. Is this a bug? > > > > Great question. Looks like a potential bug to me. kMessageWhitelistSize == 0 > > and elevated looks to be possible by building chrome without the EXTENSIONS > > build flag (that would make kMessageWhitelistSize = 0). Dunno if we do that, > > but an elevated utility process in that case would expose non-elevated IPC, > and > > (prior to my change) non-elevated mojos too. > > https://cs.chromium.org/search/?q=ElevatePrivileges&sq=package:chromium tells me > that utility process elevation is only used on WIN, and that its two users are > in the EXTENSIONS system. Each of them have IPC whitelist entries installed in > the utility process. So no bug here: an elevated utility process always has a > whitelist to filter on. OK. I hope we can clean up the filter_messages_ thing once this is all Mojo.
202 return;	206 return;

203	207

204 #if !defined(OS_ANDROID)	208 #if !defined(OS_ANDROID)

205 registry->AddInterface<net::interfaces::ProxyResolverFactory>(	209 registry->AddInterface<net::interfaces::ProxyResolverFactory>(

206 base::Bind(CreateProxyResolverFactory));	210 base::Bind(CreateProxyResolverFactory));

207 registry->AddInterface(base::Bind(CreateResourceUsageReporter));	211 registry->AddInterface(base::Bind(CreateResourceUsageReporter));

208 registry->AddInterface(base::Bind(&ProfileImportHandler::Create));	212 registry->AddInterface(base::Bind(&ProfileImportHandler::Create));

209 #endif	213 #endif

210 registry->AddInterface(	214 registry->AddInterface(

211 base::Bind(&safe_json::SafeJsonParserMojoImpl::Create));	215 base::Bind(&safe_json::SafeJsonParserMojoImpl::Create));

(...skipping 96 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
308 safe_browsing::zip_analyzer::Results results;	312 safe_browsing::zip_analyzer::Results results;

309 safe_browsing::dmg::AnalyzeDMGFile(	313 safe_browsing::dmg::AnalyzeDMGFile(

310 IPC::PlatformFileForTransitToFile(dmg_file), &results);	314 IPC::PlatformFileForTransitToFile(dmg_file), &results);

311 Send(new ChromeUtilityHostMsg_AnalyzeDmgFileForDownloadProtection_Finished(	315 Send(new ChromeUtilityHostMsg_AnalyzeDmgFileForDownloadProtection_Finished(

312 results));	316 results));

313 ReleaseProcessIfNeeded();	317 ReleaseProcessIfNeeded();

314 }	318 }

315 #endif // defined(OS_MACOSX)	319 #endif // defined(OS_MACOSX)

316	320

317 #endif // defined(FULL_SAFE_BROWSING)	321 #endif // defined(FULL_SAFE_BROWSING)

OLD	NEW