Convert utility process extension Unpacker IPC to mojo

extensions/browser/sandboxed_unpacker.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef EXTENSIONS_BROWSER_SANDBOXED_UNPACKER_H_
 #define EXTENSIONS_BROWSER_SANDBOXED_UNPACKER_H_
 
 #include <string>
 
 #include "base/files/file_path.h"
 #include "base/files/scoped_temp_dir.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted_delete_on_sequence.h"
 #include "base/memory/weak_ptr.h"
 #include "base/time/time.h"
 #include "content/public/browser/browser_thread.h"
-#include "content/public/browser/utility_process_host_client.h"
+#include "content/public/browser/utility_process_mojo_client.h"
 #include "extensions/browser/crx_file_info.h"
 #include "extensions/browser/install/crx_install_error.h"
+#include "extensions/common/extension_unpacker.mojom.h"
 #include "extensions/common/manifest.h"
 
 class SkBitmap;
 
 namespace base {
 class DictionaryValue;
 class SequencedTaskRunner;
 }
 
-namespace content {
-class UtilityProcessHost;
-}
-
 namespace extensions {
 class Extension;
 
 class SandboxedUnpackerClient
     : public base::RefCountedDeleteOnSequence<SandboxedUnpackerClient> {
  public:
   // Initialize the ref-counted base to always delete on the UI thread. Note
   // the constructor call must also happen on the UI thread.
   SandboxedUnpackerClient();
 
@@ skipping 13 matching lines @@
                                const base::FilePath& extension_root,
                                const base::DictionaryValue* original_manifest,
                                const Extension* extension,
                                const SkBitmap& install_icon) = 0;
   virtual void OnUnpackFailure(const CrxInstallError& error) = 0;
 
  protected:
   friend class base::RefCountedDeleteOnSequence<SandboxedUnpackerClient>;
   friend class base::DeleteHelper<SandboxedUnpackerClient>;
 
-  virtual ~SandboxedUnpackerClient() {}
+  virtual ~SandboxedUnpackerClient() = default;
 };
 
 // SandboxedUnpacker does work to optionally unpack and then validate/sanitize
 // an extension, either starting from a crx file or an already unzipped
 // directory (eg from differential update). This is done in a sandboxed
 // subprocess to protect the browser process from parsing complex formats like
 // JPEG or JSON from untrusted sources.
 //
 // Unpacking an extension using this class makes minor changes to its source,
 // such as transcoding all images to PNG, parsing all message catalogs
 // and rewriting the manifest JSON. As such, it should not be used when the
 // output is not intended to be given back to the author.
 //
 //
 // Lifetime management:
 //
-// This class is ref-counted by each call it makes to itself on another thread,
-// and by UtilityProcessHost.
+// This class is ref-counted by each call it makes to itself on another thread.
 //
 // Additionally, we hold a reference to our own client so that it lives at least
 // long enough to receive the result of unpacking.
 //
 //
 // NOTE: This class should only be used on the file thread.
-class SandboxedUnpacker : public content::UtilityProcessHostClient {
+class SandboxedUnpacker : public base::RefCountedThreadSafe<SandboxedUnpacker> {
  public:
   // Creates a SanboxedUnpacker that will do work to unpack an extension,
   // passing the |location| and |creation_flags| to Extension::Create. The
   // |extensions_dir| parameter should specify the directory under which we'll
   // create a subdirectory to write the unpacked extension contents.
   SandboxedUnpacker(
       Manifest::Location location,
       int creation_flags,
       const base::FilePath& extensions_dir,
       const scoped_refptr<base::SequencedTaskRunner>& unpacker_io_task_runner,
       SandboxedUnpackerClient* client);
 
   // Start processing the extension, either from a CRX file or already unzipped
   // in a directory. The client is called with the results. The directory form
   // requires the id and base64-encoded public key (for insertion into the
   // 'key' field of the manifest.json file).
   void StartWithCrx(const CRXFileInfo& crx_info);
   void StartWithDirectory(const std::string& extension_id,
                           const std::string& public_key_base64,
                           const base::FilePath& directory);
 
  private:
-  class ProcessHostClient;
+  friend class base::RefCountedThreadSafe<SandboxedUnpacker>;
 
   // Enumerate all the ways unpacking can fail.  Calls to ReportFailure()
   // take a failure reason as an argument, and put it in histogram
   // Extensions.SandboxUnpackFailureReason.
   enum FailureReason {
     // SandboxedUnpacker::CreateTempDirectory()
     COULD_NOT_GET_TEMP_DIRECTORY,
     COULD_NOT_CREATE_TEMP_DIRECTORY,
 
     // SandboxedUnpacker::Start()
     FAILED_TO_COPY_EXTENSION_FILE_TO_TEMP_DIRECTORY,
     COULD_NOT_GET_SANDBOX_FRIENDLY_PATH,
 
-    // SandboxedUnpacker::OnUnpackExtensionSucceeded()
+    // SandboxedUnpacker::UnpackExtensionSucceeded()

[Devlin, 2017/02/14 17:24:59]

What's the motivation for changing these names?  OnFoo seems like it's just as
accurate or more accurate.

[Noel Gordon, 2017/02/15 17:28:08]

Short discussion about that in connection with a browser message filter
conversion example here:
https://www.chromium.org/developers/design-documents/mojo/mojo-migration-guide

TLDR: OnFoo-ness is the old message system.  Mojo is more orientated around
procedure calls (local or remote).  If I added a string copy service to mojo
say, I'd maybe name its API strcpy() rather than OnStrCpy.  We take out the
On's, but retain the postfix about which thread it runs on, if any.

     COULD_NOT_LOCALIZE_EXTENSION,
     INVALID_MANIFEST,
 
-    // SandboxedUnpacker::OnUnpackExtensionFailed()
+    // SandboxedUnpacker::UnpackExtensionFailed()
     UNPACKER_CLIENT_FAILED,
 
-    // SandboxedUnpacker::OnProcessCrashed()
+    // SandboxedUnpacker::UtilityProcessFailed()
     UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL,
 
     // SandboxedUnpacker::ValidateSignature()
     CRX_FILE_NOT_READABLE,
     CRX_HEADER_INVALID,
     CRX_MAGIC_NUMBER_INVALID,
     CRX_VERSION_NUMBER_INVALID,
     CRX_EXCESSIVELY_LARGE_KEY_OR_SIGNATURE,
     CRX_ZERO_KEY_LENGTH,
     CRX_ZERO_SIGNATURE_LENGTH,
@@ skipping 21 matching lines @@
     INVALID_CATALOG_DATA,
     INVALID_PATH_FOR_CATALOG,
     ERROR_SERIALIZING_CATALOG,
     ERROR_SAVING_CATALOG,
 
     // SandboxedUnpacker::ValidateSignature()
     CRX_HASH_VERIFICATION_FAILED,
 
     UNZIP_FAILED,
     DIRECTORY_MOVE_FAILED,
-    COULD_NOT_START_UTILITY_PROCESS,
 
     NUM_FAILURE_REASONS
   };
 
-  friend class ProcessHostClient;
   friend class SandboxedUnpackerTest;
 
-  ~SandboxedUnpacker() override;
+  ~SandboxedUnpacker();
 
   // Set |temp_dir_| as a temporary directory to unpack the extension in.
   // Return true on success.
-  virtual bool CreateTempDirectory();
+  bool CreateTempDirectory();
 
   // Helper functions to simplify calls to ReportFailure.
   base::string16 FailureReasonToString16(FailureReason reason);
   void FailWithPackageError(FailureReason reason);
 
   // Validates the signature of the extension and extract the key to
   // |public_key_|. Returns true if the signature validates, false otherwise.
   bool ValidateSignature(const base::FilePath& crx_path,
                          const std::string& expected_hash);
 
-  void StartUnzipOnIOThread(const base::FilePath& crx_path);
-  void StartUnpackOnIOThread(const base::FilePath& directory_path);
+  // Ensures the utility process is created.
+  void StartUtilityProcess(const base::FilePath& directory);
 
-  // UtilityProcessHostClient
-  bool OnMessageReceived(const IPC::Message& message) override;
-  void OnProcessCrashed(int exit_code) override;
+  // Utility process crashed or failed while trying to install.
+  void UtilityProcessCrashed();
 
-  // IPC message handlers.
-  void OnUnzipToDirSucceeded(const base::FilePath& directory);
-  void OnUnzipToDirFailed(const std::string& error);
-  void OnUnpackExtensionSucceeded(const base::DictionaryValue& manifest);
-  void OnUnpackExtensionFailed(const base::string16& error_message);
+  void UnzipOnIOThread(const base::FilePath& crx_path);
+  void UnzipDone(const base::FilePath& directory, bool success);
 
-  void ReportFailure(FailureReason reason, const base::string16& message);
-  void ReportSuccess(const base::DictionaryValue& original_manifest,
+  void UnpackOnIOThread(const base::FilePath& directory);
+  void UnpackDone(const base::string16& error,
+                  std::unique_ptr<base::DictionaryValue> manifest);
+  void UnpackExtensionSucceeded(
+      std::unique_ptr<base::DictionaryValue> manifest);
+  void UnpackExtensionFailed(const base::string16& error);
+
+  void ReportSuccess(std::unique_ptr<base::DictionaryValue> original_manifest,
                      const SkBitmap& install_icon);
+  void ReportFailure(FailureReason reason, const base::string16& error);
 
   // Overwrites original manifest with safe result from utility process.
   // Returns NULL on error. Caller owns the returned object.
   base::DictionaryValue* RewriteManifestFile(
       const base::DictionaryValue& manifest);
 
   // Overwrites original files with safe results from utility process.
   // Reports error and returns false if it fails.
   bool RewriteImageFiles(SkBitmap* install_icon);
   bool RewriteCatalogFiles();
 
   // Cleans up temp directory artifacts.
   void Cleanup();
 
-  // This is a helper class to make it easier to keep track of the lifecycle of
-  // a UtilityProcessHost, including automatic begin and end of batch mode.
-  class UtilityHostWrapper : public base::RefCountedThreadSafe<
-                                 UtilityHostWrapper,
-                                 content::BrowserThread::DeleteOnIOThread> {
-   public:
-    UtilityHostWrapper();
-
-    // Start up the utility process if it is not already started, putting it
-    // into batch mode and giving it access to |exposed_dir|. This should only
-    // be called on the IO thread. Returns false if there was an error starting
-    // the utility process or putting it into batch mode.
-    bool StartIfNeeded(
-        const base::FilePath& exposed_dir,
-        const scoped_refptr<UtilityProcessHostClient>& client,
-        const scoped_refptr<base::SequencedTaskRunner>& client_task_runner);
-
-    // This should only be called on the IO thread.
-    content::UtilityProcessHost* host() const;
-
-   private:
-    friend struct content::BrowserThread::DeleteOnThread<
-        content::BrowserThread::IO>;
-    friend class base::DeleteHelper<UtilityHostWrapper>;
-    ~UtilityHostWrapper();
-
-    // Should only be used on the IO thread.
-    base::WeakPtr<content::UtilityProcessHost> utility_host_;
-
-    DISALLOW_COPY_AND_ASSIGN(UtilityHostWrapper);
-  };
-
   // If we unpacked a crx file, we hold on to the path for use in various
   // histograms.
   base::FilePath crx_path_for_histograms_;
 
   // Our client.
   scoped_refptr<SandboxedUnpackerClient> client_;
 
   // The Extensions directory inside the profile.
   base::FilePath extensions_dir_;
 
   // A temporary directory to use for unpacking.
   base::ScopedTempDir temp_dir_;
 
   // The root directory of the unpacked extension. This is a child of temp_dir_.
   base::FilePath extension_root_;
 
   // Represents the extension we're unpacking.
   scoped_refptr<Extension> extension_;
 
-  // Whether we've received a response from the utility process yet.
-  bool got_response_;
-
   // The public key that was extracted from the CRX header.
   std::string public_key_;
 
   // The extension's ID. This will be calculated from the public key in the crx
   // header.
   std::string extension_id_;
 
   // If we unpacked a .crx file, the time at which unpacking started. Used to
   // compute the time unpacking takes.
   base::TimeTicks crx_unpack_start_time_;
 
   // Location to use for the unpacked extension.
   Manifest::Location location_;
 
   // Creation flags to use for the extension.  These flags will be used
   // when calling Extenion::Create() by the crx installer.
   int creation_flags_;
 
-  // Sequenced task runner where file I/O operations will be performed at.
+  // Sequenced task runner where file I/O operations will be performed.
   scoped_refptr<base::SequencedTaskRunner> unpacker_io_task_runner_;
 
-  // Used for sending tasks to the utility process.
-  scoped_refptr<UtilityHostWrapper> utility_wrapper_;
+  // Utility client used for sending tasks to the utility process.
+  std::unique_ptr<
+      content::UtilityProcessMojoClient<extensions::mojom::ExtensionUnpacker>>
+      utility_process_mojo_client_;
 
   DISALLOW_COPY_AND_ASSIGN(SandboxedUnpacker);
 };
 
 }  // namespace extensions
 
 #endif  // EXTENSIONS_BROWSER_SANDBOXED_UNPACKER_H_