Convert utility process extension Unpacker IPC to mojo

extensions/browser/sandboxed_unpacker.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/browser/sandboxed_unpacker.h"
 
 #include <stddef.h>
 #include <stdint.h>
 
 #include <set>
 #include <tuple>
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/files/file_util.h"
 #include "base/json/json_string_value_serializer.h"
-#include "base/message_loop/message_loop.h"
 #include "base/metrics/histogram_macros.h"
-#include "base/numerics/safe_conversions.h"
 #include "base/path_service.h"
 #include "base/sequenced_task_runner.h"
-#include "base/strings/string_number_conversions.h"
 #include "base/strings/utf_string_conversions.h"
-#include "base/threading/sequenced_worker_pool.h"
 #include "build/build_config.h"
 #include "components/crx_file/crx_file.h"
 #include "content/public/browser/browser_thread.h"
-#include "content/public/browser/utility_process_host.h"
-#include "content/public/common/common_param_traits.h"
 #include "extensions/common/constants.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/extension_l10n_util.h"
 #include "extensions/common/extension_utility_messages.h"
+#include "extensions/common/extension_utility_types.h"
 #include "extensions/common/extensions_client.h"
 #include "extensions/common/file_util.h"
 #include "extensions/common/manifest_constants.h"
 #include "extensions/common/manifest_handlers/icons_handler.h"
 #include "extensions/common/switches.h"
 #include "grit/extensions_strings.h"
 #include "third_party/skia/include/core/SkBitmap.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "ui/gfx/codec/png_codec.h"
 
 using base::ASCIIToUTF16;
 using content::BrowserThread;
-using content::UtilityProcessHost;
 using crx_file::CrxFile;
 
 // The following macro makes histograms that record the length of paths
 // in this file much easier to read.
 // Windows has a short max path length. If the path length to a
 // file being unpacked from a CRX exceeds the max length, we might
 // fail to install. To see if this is happening, see how long the
 // path to the temp unpack directory is. See crbug.com/69693 .
 #define PATH_LENGTH_HISTOGRAM(name, path) \
   UMA_HISTOGRAM_CUSTOM_COUNTS(name, path.value().length(), 1, 500, 100)
@@ skipping 160 matching lines @@
 }
 
 SandboxedUnpacker::SandboxedUnpacker(
     Manifest::Location location,
     int creation_flags,
     const base::FilePath& extensions_dir,
     const scoped_refptr<base::SequencedTaskRunner>& unpacker_io_task_runner,
     SandboxedUnpackerClient* client)
     : client_(client),
       extensions_dir_(extensions_dir),
-      got_response_(false),
       location_(location),
       creation_flags_(creation_flags),
-      unpacker_io_task_runner_(unpacker_io_task_runner),
-      utility_wrapper_(new UtilityHostWrapper) {}
+      unpacker_io_task_runner_(unpacker_io_task_runner) {}
 
 bool SandboxedUnpacker::CreateTempDirectory() {
   CHECK(unpacker_io_task_runner_->RunsTasksOnCurrentThread());
 
   base::FilePath temp_dir;
   if (!FindWritableTempLocation(extensions_dir_, &temp_dir)) {
     ReportFailure(COULD_NOT_GET_TEMP_DIRECTORY,
                   l10n_util::GetStringFUTF16(
                       IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
                       ASCIIToUTF16("COULD_NOT_GET_TEMP_DIRECTORY")));
@@ skipping 64 matching lines @@
     LOG(ERROR) << "Could not get the normalized path of "
                << temp_crx_path.value();
     ReportFailure(COULD_NOT_GET_SANDBOX_FRIENDLY_PATH,
                   l10n_util::GetStringUTF16(IDS_EXTENSION_UNPACK_FAILED));
     return;
   }
   PATH_LENGTH_HISTOGRAM("Extensions.SandboxUnpackLinkFreeCrxPathLength",
                         link_free_crx_path);
 
   BrowserThread::PostTask(BrowserThread::IO, FROM_HERE,
-                          base::Bind(&SandboxedUnpacker::StartUnzipOnIOThread,
-                                     this, link_free_crx_path));
+                          base::Bind(&SandboxedUnpacker::UnzipOnIOThread, this,
+                                     link_free_crx_path));
 }
 
 void SandboxedUnpacker::StartWithDirectory(const std::string& extension_id,
                                            const std::string& public_key,
                                            const base::FilePath& directory) {
   extension_id_ = extension_id;
   public_key_ = public_key;
   if (!CreateTempDirectory())
     return;  // ReportFailure() already called.
 
   extension_root_ = temp_dir_.GetPath().AppendASCII(kTempExtensionName);
 
   if (!base::Move(directory, extension_root_)) {
     LOG(ERROR) << "Could not move " << directory.value() << " to "
                << extension_root_.value();
     ReportFailure(
         DIRECTORY_MOVE_FAILED,
         l10n_util::GetStringFUTF16(IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
                                    ASCIIToUTF16("DIRECTORY_MOVE_FAILED")));
     return;
   }
 
-  BrowserThread::PostTask(BrowserThread::IO, FROM_HERE,
-                          base::Bind(&SandboxedUnpacker::StartUnpackOnIOThread,
-                                     this, extension_root_));
+  BrowserThread::PostTask(
+      BrowserThread::IO, FROM_HERE,
+      base::Bind(&SandboxedUnpacker::UnpackOnIOThread, this, extension_root_));
 }
 
 SandboxedUnpacker::~SandboxedUnpacker() {
   // To avoid blocking shutdown, don't delete temporary directory here if it
   // hasn't been cleaned up or passed on to another owner yet.
   temp_dir_.Take();
 }
 
-bool SandboxedUnpacker::OnMessageReceived(const IPC::Message& message) {
-  bool handled = true;
-  IPC_BEGIN_MESSAGE_MAP(SandboxedUnpacker, message)
-    IPC_MESSAGE_HANDLER(ExtensionUtilityHostMsg_UnzipToDir_Succeeded,
-                        OnUnzipToDirSucceeded)
-    IPC_MESSAGE_HANDLER(ExtensionUtilityHostMsg_UnzipToDir_Failed,
-                        OnUnzipToDirFailed)
-    IPC_MESSAGE_HANDLER(ExtensionUtilityHostMsg_UnpackExtension_Succeeded,
-                        OnUnpackExtensionSucceeded)
-    IPC_MESSAGE_HANDLER(ExtensionUtilityHostMsg_UnpackExtension_Failed,
-                        OnUnpackExtensionFailed)
-    IPC_MESSAGE_UNHANDLED(handled = false)
-  IPC_END_MESSAGE_MAP()
-  return handled;
+void SandboxedUnpacker::StartUtilityProcess(const base::FilePath& dir) {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+  DCHECK(!dir.empty());
+
+  if (utility_process_mojo_client_)

[Devlin, 2017/02/14 17:24:59]

Should this happen?  It looks like we're clearing the client after each
operation.

[Noel Gordon, 2017/02/15 17:28:08]

Yes it will happen.  We clear it on failures [1], but barring those, we clear it
only in SandboxedUnpacker::UnpackDone.

SandboxedUnpacker::StartWithCrx
  calls unzip, _then_ unpack.

SandboxedUnpacker::StartWithDirectory
  calls unpack only.

So an unpack call, UnpackOnIOThread, has to start the utility process if we
don't yet have one.

Note in diff-left, old code at @903 the "if (!utility_host_) {", and the line
here @347 diff-right matches that.

[1] It is reset on failures: note this blocks the mojo client from calling back
from that point on.

+    return;
+
+  utility_process_mojo_client_ = base::MakeUnique<
+      content::UtilityProcessMojoClient<extensions::mojom::ExtensionUnpacker>>(
+      l10n_util::GetStringUTF16(IDS_UTILITY_PROCESS_EXTENSION_UNPACKER_NAME));
+  utility_process_mojo_client_->set_error_callback(
+      base::Bind(&SandboxedUnpacker::UtilityProcessCrashed, this));
+  utility_process_mojo_client_->set_exposed_directory(dir);
+
+  utility_process_mojo_client_->Start();
 }
 
-void SandboxedUnpacker::OnProcessCrashed(int exit_code) {
-  // Don't report crashes if they happen after we got a response.
-  if (got_response_)
-    return;
+void SandboxedUnpacker::UtilityProcessCrashed() {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
 
-  // Utility process crashed while trying to install.
+  utility_process_mojo_client_.reset();
+
   ReportFailure(
       UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL,
       l10n_util::GetStringFUTF16(
           IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
           ASCIIToUTF16("UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL")) +
           ASCIIToUTF16(". ") +
           l10n_util::GetStringUTF16(IDS_EXTENSION_INSTALL_PROCESS_CRASHED));
 }
 
-void SandboxedUnpacker::StartUnzipOnIOThread(const base::FilePath& crx_path) {
-  if (!utility_wrapper_->StartIfNeeded(temp_dir_.GetPath(), this,
-                                       unpacker_io_task_runner_)) {
-    ReportFailure(
-        COULD_NOT_START_UTILITY_PROCESS,
-        l10n_util::GetStringFUTF16(
-            IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
-            FailureReasonToString16(COULD_NOT_START_UTILITY_PROCESS)));
-    return;
-  }
+void SandboxedUnpacker::UnzipOnIOThread(const base::FilePath& crx_path) {
+  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+
+  StartUtilityProcess(temp_dir_.GetPath());
+
   DCHECK(crx_path.DirName() == temp_dir_.GetPath());
   base::FilePath unzipped_dir =
       crx_path.DirName().AppendASCII(kTempExtensionName);
-  utility_wrapper_->host()->Send(
-      new ExtensionUtilityMsg_UnzipToDir(crx_path, unzipped_dir));
+
+  utility_process_mojo_client_->service()->Unzip(
+      crx_path, unzipped_dir,
+      base::Bind(&SandboxedUnpacker::UnzipDone, this, unzipped_dir));
 }
 
-void SandboxedUnpacker::StartUnpackOnIOThread(
-    const base::FilePath& directory_path) {
-  if (!utility_wrapper_->StartIfNeeded(temp_dir_.GetPath(), this,
-                                       unpacker_io_task_runner_)) {
-    ReportFailure(
-        COULD_NOT_START_UTILITY_PROCESS,
-        l10n_util::GetStringFUTF16(
-            IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
-            FailureReasonToString16(COULD_NOT_START_UTILITY_PROCESS)));
+void SandboxedUnpacker::UnzipDone(const base::FilePath& directory,
+                                  bool success) {
+  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+
+  if (!success) {
+    utility_process_mojo_client_.reset();
+    ReportFailure(UNZIP_FAILED,
+                  l10n_util::GetStringUTF16(IDS_EXTENSION_PACKAGE_UNZIP_ERROR));
     return;
   }
-  DCHECK(directory_path.DirName() == temp_dir_.GetPath());
-  utility_wrapper_->host()->Send(new ExtensionUtilityMsg_UnpackExtension(
-      directory_path, extension_id_, location_, creation_flags_));
+
+  BrowserThread::PostTask(
+      BrowserThread::IO, FROM_HERE,
+      base::Bind(&SandboxedUnpacker::UnpackOnIOThread, this, directory));
 }
 
-void SandboxedUnpacker::OnUnzipToDirSucceeded(const base::FilePath& directory) {
-  BrowserThread::PostTask(
-      BrowserThread::IO, FROM_HERE,
-      base::Bind(&SandboxedUnpacker::StartUnpackOnIOThread, this, directory));
+void SandboxedUnpacker::UnpackOnIOThread(const base::FilePath& directory) {
+  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+
+  StartUtilityProcess(temp_dir_.GetPath());
+
+  DCHECK(directory.DirName() == temp_dir_.GetPath());
+
+  utility_process_mojo_client_->service()->Unpack(
+      directory, extension_id_, location_, creation_flags_,
+      base::Bind(&SandboxedUnpacker::UnpackDone, this));
 }
 
-void SandboxedUnpacker::OnUnzipToDirFailed(const std::string& error) {
-  got_response_ = true;
-  utility_wrapper_ = nullptr;
-  ReportFailure(UNZIP_FAILED,
-                l10n_util::GetStringUTF16(IDS_EXTENSION_PACKAGE_UNZIP_ERROR));
+void SandboxedUnpacker::UnpackDone(
+    const base::string16& error,
+    std::unique_ptr<base::DictionaryValue> manifest) {
+  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+
+  utility_process_mojo_client_.reset();
+
+  if (!error.empty()) {
+    unpacker_io_task_runner_->PostTask(
+        FROM_HERE,
+        base::Bind(&SandboxedUnpacker::UnpackExtensionFailed, this, error));
+    return;
+  }
+
+  unpacker_io_task_runner_->PostTask(
+      FROM_HERE, base::Bind(&SandboxedUnpacker::UnpackExtensionSucceeded, this,
+                            base::Passed(&manifest)));
 }
 
-void SandboxedUnpacker::OnUnpackExtensionSucceeded(
-    const base::DictionaryValue& manifest) {
+void SandboxedUnpacker::UnpackExtensionSucceeded(
+    std::unique_ptr<base::DictionaryValue> manifest) {
   CHECK(unpacker_io_task_runner_->RunsTasksOnCurrentThread());
-  got_response_ = true;
-  utility_wrapper_ = nullptr;
 
   std::unique_ptr<base::DictionaryValue> final_manifest(
-      RewriteManifestFile(manifest));
+      RewriteManifestFile(*manifest.get()));

[Devlin, 2017/02/14 17:24:59]

*foo.get() is redundant.  Prefer just *foo.

[Noel Gordon, 2017/02/15 17:28:08]

Done.

   if (!final_manifest)
     return;
 
   // Create an extension object that refers to the temporary location the
   // extension was unpacked to. We use this until the extension is finally
   // installed. For example, the install UI shows images from inside the
   // extension.
 
   // Localize manifest now, so confirm UI gets correct extension name.
 
@@ skipping 19 matching lines @@
     return;
   }
 
   SkBitmap install_icon;
   if (!RewriteImageFiles(&install_icon))
     return;
 
   if (!RewriteCatalogFiles())
     return;
 
-  ReportSuccess(manifest, install_icon);
+  ReportSuccess(std::move(manifest), install_icon);
 }
 
-void SandboxedUnpacker::OnUnpackExtensionFailed(const base::string16& error) {
+void SandboxedUnpacker::UnpackExtensionFailed(const base::string16& error) {
   CHECK(unpacker_io_task_runner_->RunsTasksOnCurrentThread());
-  got_response_ = true;
-  utility_wrapper_ = nullptr;
+
   ReportFailure(
       UNPACKER_CLIENT_FAILED,
       l10n_util::GetStringFUTF16(IDS_EXTENSION_PACKAGE_ERROR_MESSAGE, error));
 }
 
 base::string16 SandboxedUnpacker::FailureReasonToString16(
     FailureReason reason) {
   switch (reason) {
     case COULD_NOT_GET_TEMP_DIRECTORY:
       return ASCIIToUTF16("COULD_NOT_GET_TEMP_DIRECTORY");
@@ skipping 68 matching lines @@
     case ERROR_SAVING_CATALOG:
       return ASCIIToUTF16("ERROR_SAVING_CATALOG");
 
     case CRX_HASH_VERIFICATION_FAILED:
       return ASCIIToUTF16("CRX_HASH_VERIFICATION_FAILED");
 
     case UNZIP_FAILED:
       return ASCIIToUTF16("UNZIP_FAILED");
     case DIRECTORY_MOVE_FAILED:
       return ASCIIToUTF16("DIRECTORY_MOVE_FAILED");
-    case COULD_NOT_START_UTILITY_PROCESS:
-      return ASCIIToUTF16("COULD_NOT_START_UTILITY_PROCESS");
 
     case NUM_FAILURE_REASONS:
       NOTREACHED();
       return base::string16();
   }
+
   NOTREACHED();
   return base::string16();
 }
 
 void SandboxedUnpacker::FailWithPackageError(FailureReason reason) {
   ReportFailure(reason,
                 l10n_util::GetStringFUTF16(IDS_EXTENSION_PACKAGE_ERROR_CODE,
                                            FailureReasonToString16(reason)));
 }
 
@@ skipping 49 matching lines @@
       CHECK(!expected_hash.empty());
       UMA_HISTOGRAM_BOOLEAN("Extensions.SandboxUnpackHashCheck", false);
       FailWithPackageError(CRX_HASH_VERIFICATION_FAILED);
       break;
   }
   return false;
 }
 
 void SandboxedUnpacker::ReportFailure(FailureReason reason,
                                       const base::string16& error) {
-  utility_wrapper_ = nullptr;
   UMA_HISTOGRAM_ENUMERATION("Extensions.SandboxUnpackFailureReason", reason,
                             NUM_FAILURE_REASONS);
   if (!crx_unpack_start_time_.is_null())
     UMA_HISTOGRAM_TIMES("Extensions.SandboxUnpackFailureTime",
                         base::TimeTicks::Now() - crx_unpack_start_time_);
   Cleanup();
 
   CrxInstallError error_info(reason == CRX_HASH_VERIFICATION_FAILED
                                  ? CrxInstallError::ERROR_HASH_MISMATCH
                                  : CrxInstallError::ERROR_OTHER,
                              error);
 
   client_->OnUnpackFailure(error_info);
 }
 
 void SandboxedUnpacker::ReportSuccess(
-    const base::DictionaryValue& original_manifest,
+    std::unique_ptr<base::DictionaryValue> original_manifest,
     const SkBitmap& install_icon) {
-  utility_wrapper_ = nullptr;
   UMA_HISTOGRAM_COUNTS("Extensions.SandboxUnpackSuccess", 1);
 
   if (!crx_unpack_start_time_.is_null())
     RecordSuccessfulUnpackTimeHistograms(
         crx_path_for_histograms_,
         base::TimeTicks::Now() - crx_unpack_start_time_);
   DCHECK(!temp_dir_.GetPath().empty());
 
   // Client takes ownership of temporary directory and extension.
   client_->OnUnpackSuccess(temp_dir_.Take(), extension_root_,
-                           &original_manifest, extension_.get(), install_icon);
+                           original_manifest.get(), extension_.get(),

[Noel Gordon, 2017/02/15 17:28:08]

Perhaps client_->OnUnpackSuccess could take ownership the original_manifest. 
Quick look at it suggest it makes a deep copy of the original_manifest.get(). 
Dunno enough about extensions myself to say if that extra copy matters or not.

+                           install_icon);
   extension_ = NULL;
 }
 
 base::DictionaryValue* SandboxedUnpacker::RewriteManifestFile(
     const base::DictionaryValue& manifest) {
   // Add the public key extracted earlier to the parsed manifest and overwrite
   // the original manifest. We do this to ensure the manifest doesn't contain an
   // exploitable bug that could be used to compromise the browser.
   DCHECK(!public_key_.empty());
   std::unique_ptr<base::DictionaryValue> final_manifest(manifest.DeepCopy());
@@ skipping 199 matching lines @@
 }
 
 void SandboxedUnpacker::Cleanup() {
   DCHECK(unpacker_io_task_runner_->RunsTasksOnCurrentThread());
   if (!temp_dir_.Delete()) {
     LOG(WARNING) << "Can not delete temp directory at "
                  << temp_dir_.GetPath().value();
   }
 }
 
-SandboxedUnpacker::UtilityHostWrapper::UtilityHostWrapper() {}
-
-bool SandboxedUnpacker::UtilityHostWrapper::StartIfNeeded(
-    const base::FilePath& exposed_dir,
-    const scoped_refptr<UtilityProcessHostClient>& client,
-    const scoped_refptr<base::SequencedTaskRunner>& client_task_runner) {
-  DCHECK_CURRENTLY_ON(BrowserThread::IO);
-  if (!utility_host_) {
-    utility_host_ =
-        UtilityProcessHost::Create(client, client_task_runner)->AsWeakPtr();
-    utility_host_->SetName(
-        l10n_util::GetStringUTF16(IDS_UTILITY_PROCESS_EXTENSION_UNPACKER_NAME));
-
-    // Grant the subprocess access to our temp dir so it can write out files.
-    DCHECK(!exposed_dir.empty());
-    utility_host_->SetExposedDir(exposed_dir);
-    if (!utility_host_->StartBatchMode()) {
-      utility_host_.reset();
-      return false;
-    }
-  }
-  return true;
-}
-
-content::UtilityProcessHost* SandboxedUnpacker::UtilityHostWrapper::host()
-    const {
-  DCHECK_CURRENTLY_ON(BrowserThread::IO);
-  return utility_host_.get();
-}
-
-SandboxedUnpacker::UtilityHostWrapper::~UtilityHostWrapper() {
-  DCHECK_CURRENTLY_ON(BrowserThread::IO);
-  if (utility_host_) {
-    utility_host_->EndBatchMode();
-    utility_host_.reset();
-  }
-}
-
 }  // namespace extensions