Convert utility process extension Unpacker IPC to mojo

extensions/browser/sandboxed_unpacker.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef EXTENSIONS_BROWSER_SANDBOXED_UNPACKER_H_
 #define EXTENSIONS_BROWSER_SANDBOXED_UNPACKER_H_
 
 #include <string>
 
 #include "base/files/file_path.h"
 #include "base/files/scoped_temp_dir.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted_delete_on_sequence.h"
 #include "base/memory/weak_ptr.h"
 #include "base/time/time.h"
-#include "content/public/browser/browser_thread.h"
-#include "content/public/browser/utility_process_host_client.h"
+#include "content/public/browser/utility_process_mojo_client.h"
 #include "extensions/browser/crx_file_info.h"
 #include "extensions/browser/install/crx_install_error.h"
 #include "extensions/common/manifest.h"
 
 class SkBitmap;
 
 namespace base {
 class DictionaryValue;
 class SequencedTaskRunner;
 }
 
-namespace content {
-class UtilityProcessHost;
-}
-
 namespace extensions {
 class Extension;
 
+namespace mojom {
+class ExtensionUnpacker;
+}
+
 class SandboxedUnpackerClient
     : public base::RefCountedDeleteOnSequence<SandboxedUnpackerClient> {
  public:
   // Initialize the ref-counted base to always delete on the UI thread. Note
   // the constructor call must also happen on the UI thread.
   SandboxedUnpackerClient();
 
   // temp_dir - A temporary directory containing the results of the extension
   // unpacking. The client is responsible for deleting this directory.
   //
@@ skipping 10 matching lines @@
                                const base::FilePath& extension_root,
                                const base::DictionaryValue* original_manifest,
                                const Extension* extension,
                                const SkBitmap& install_icon) = 0;
   virtual void OnUnpackFailure(const CrxInstallError& error) = 0;
 
  protected:
   friend class base::RefCountedDeleteOnSequence<SandboxedUnpackerClient>;
   friend class base::DeleteHelper<SandboxedUnpackerClient>;
 
-  virtual ~SandboxedUnpackerClient() {}
+  virtual ~SandboxedUnpackerClient() = default;
 };
 
 // SandboxedUnpacker does work to optionally unpack and then validate/sanitize
-// an extension, either starting from a crx file or an already unzipped
-// directory (eg from differential update). This is done in a sandboxed
-// subprocess to protect the browser process from parsing complex formats like
-// JPEG or JSON from untrusted sources.
+// an extension, either starting from a crx file, or else an already unzipped
+// directory (eg., from a differential update). This is done in a sandboxed
+// subprocess to protect the browser process from parsing complex data formats
+// like JPEG or JSON from untrusted sources.
 //
-// Unpacking an extension using this class makes minor changes to its source,
-// such as transcoding all images to PNG, parsing all message catalogs
-// and rewriting the manifest JSON. As such, it should not be used when the
-// output is not intended to be given back to the author.
-//
+// Unpacking an extension using this class makes changes to its source, such as
+// transcoding all images to PNG, parsing all message catalogs, and rewriting
+// the manifest JSON. As such, it should not be used when the output is not
+// intended to be given back to the author.
 //
 // Lifetime management:
 //
 // This class is ref-counted by each call it makes to itself on another thread,
-// and by UtilityProcessHost.
+// and by UtilityProcessMojoClient.
 //
-// Additionally, we hold a reference to our own client so that it lives at least
+// Additionally, we hold a reference to our own client so that the client lives
 // long enough to receive the result of unpacking.
 //
+// NOTE: This class should only be used on the FILE thread.
 //
-// NOTE: This class should only be used on the file thread.
-class SandboxedUnpacker : public content::UtilityProcessHostClient {
+class SandboxedUnpacker : public base::RefCountedThreadSafe<SandboxedUnpacker> {
  public:
   // Creates a SanboxedUnpacker that will do work to unpack an extension,
   // passing the |location| and |creation_flags| to Extension::Create. The
   // |extensions_dir| parameter should specify the directory under which we'll
   // create a subdirectory to write the unpacked extension contents.
   SandboxedUnpacker(
       Manifest::Location location,
       int creation_flags,
       const base::FilePath& extensions_dir,
       const scoped_refptr<base::SequencedTaskRunner>& unpacker_io_task_runner,
       SandboxedUnpackerClient* client);
 
   // Start processing the extension, either from a CRX file or already unzipped
   // in a directory. The client is called with the results. The directory form
   // requires the id and base64-encoded public key (for insertion into the
   // 'key' field of the manifest.json file).
   void StartWithCrx(const CRXFileInfo& crx_info);
   void StartWithDirectory(const std::string& extension_id,
                           const std::string& public_key_base64,
                           const base::FilePath& directory);
 
  private:
-  class ProcessHostClient;
+  friend class base::RefCountedThreadSafe<SandboxedUnpacker>;
 
   // Enumerate all the ways unpacking can fail.  Calls to ReportFailure()
   // take a failure reason as an argument, and put it in histogram
   // Extensions.SandboxUnpackFailureReason.
   enum FailureReason {
     // SandboxedUnpacker::CreateTempDirectory()
     COULD_NOT_GET_TEMP_DIRECTORY,
     COULD_NOT_CREATE_TEMP_DIRECTORY,
 
     // SandboxedUnpacker::Start()
     FAILED_TO_COPY_EXTENSION_FILE_TO_TEMP_DIRECTORY,
     COULD_NOT_GET_SANDBOX_FRIENDLY_PATH,
 
-    // SandboxedUnpacker::OnUnpackExtensionSucceeded()
+    // SandboxedUnpacker::UnpackExtensionSucceeded()
     COULD_NOT_LOCALIZE_EXTENSION,
     INVALID_MANIFEST,
 
-    // SandboxedUnpacker::OnUnpackExtensionFailed()
+    // SandboxedUnpacker::UnpackExtensionFailed()
     UNPACKER_CLIENT_FAILED,
 
-    // SandboxedUnpacker::OnProcessCrashed()
+    // SandboxedUnpacker::UtilityProcessCrashed()
     UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL,
 
     // SandboxedUnpacker::ValidateSignature()
     CRX_FILE_NOT_READABLE,
     CRX_HEADER_INVALID,
     CRX_MAGIC_NUMBER_INVALID,
     CRX_VERSION_NUMBER_INVALID,
     CRX_EXCESSIVELY_LARGE_KEY_OR_SIGNATURE,
     CRX_ZERO_KEY_LENGTH,
     CRX_ZERO_SIGNATURE_LENGTH,
@@ skipping 21 matching lines @@
     INVALID_CATALOG_DATA,
     INVALID_PATH_FOR_CATALOG,
     ERROR_SERIALIZING_CATALOG,
     ERROR_SAVING_CATALOG,
 
     // SandboxedUnpacker::ValidateSignature()
     CRX_HASH_VERIFICATION_FAILED,
 
     UNZIP_FAILED,
     DIRECTORY_MOVE_FAILED,
-    COULD_NOT_START_UTILITY_PROCESS,
 
     NUM_FAILURE_REASONS
   };
 
-  friend class ProcessHostClient;
   friend class SandboxedUnpackerTest;
 
-  ~SandboxedUnpacker() override;
+  ~SandboxedUnpacker();
 
-  // Set |temp_dir_| as a temporary directory to unpack the extension in.
-  // Return true on success.
-  virtual bool CreateTempDirectory();
+  // Create |temp_dir_| used to unzip or unpack the extension in.
+  bool CreateTempDirectory();
 
-  // Helper functions to simplify calls to ReportFailure.
+  // Helper functions to simplify calling ReportFailure.
   base::string16 FailureReasonToString16(FailureReason reason);
   void FailWithPackageError(FailureReason reason);
 
   // Validates the signature of the extension and extract the key to
-  // |public_key_|. Returns true if the signature validates, false otherwise.
+  // |public_key_|. True if the signature validates, false otherwise.
   bool ValidateSignature(const base::FilePath& crx_path,
                          const std::string& expected_hash);
 
-  void StartUnzipOnIOThread(const base::FilePath& crx_path);
-  void StartUnpackOnIOThread(const base::FilePath& directory_path);
+  // Ensures the utility process is created.
+  void StartUtilityProcessIfNeeded();
 
-  // UtilityProcessHostClient
-  bool OnMessageReceived(const IPC::Message& message) override;
-  void OnProcessCrashed(int exit_code) override;
+  // Utility process crashed or failed while trying to install.
+  void UtilityProcessCrashed();
 
-  // IPC message handlers.
-  void OnUnzipToDirSucceeded(const base::FilePath& directory);
-  void OnUnzipToDirFailed(const std::string& error);
-  void OnUnpackExtensionSucceeded(const base::DictionaryValue& manifest);
-  void OnUnpackExtensionFailed(const base::string16& error_message);
+  // Unzips the extension into directory.
+  void Unzip(const base::FilePath& crx_path);
+  void UnzipDone(const base::FilePath& directory, bool success);
 
-  void ReportFailure(FailureReason reason, const base::string16& message);
-  void ReportSuccess(const base::DictionaryValue& original_manifest,
+  // Unpacks the extension in directory and returns the manifest.
+  void Unpack(const base::FilePath& directory);
+  void UnpackDone(const base::string16& error,
+                  std::unique_ptr<base::DictionaryValue> manifest);
+  void UnpackExtensionSucceeded(
+      std::unique_ptr<base::DictionaryValue> manifest);
+  void UnpackExtensionFailed(const base::string16& error);
+
+  // Reports unpack success or failure, or unzip failure.
+  void ReportSuccess(std::unique_ptr<base::DictionaryValue> original_manifest,
                      const SkBitmap& install_icon);
+  void ReportFailure(FailureReason reason, const base::string16& error);
 
   // Overwrites original manifest with safe result from utility process.
   // Returns NULL on error. Caller owns the returned object.
   base::DictionaryValue* RewriteManifestFile(
       const base::DictionaryValue& manifest);
 
   // Overwrites original files with safe results from utility process.
   // Reports error and returns false if it fails.
   bool RewriteImageFiles(SkBitmap* install_icon);
   bool RewriteCatalogFiles();
 
   // Cleans up temp directory artifacts.
   void Cleanup();
 
-  // This is a helper class to make it easier to keep track of the lifecycle of
-  // a UtilityProcessHost, including automatic begin and end of batch mode.
-  class UtilityHostWrapper : public base::RefCountedThreadSafe<
-                                 UtilityHostWrapper,
-                                 content::BrowserThread::DeleteOnIOThread> {
-   public:
-    UtilityHostWrapper();
-
-    // Start up the utility process if it is not already started, putting it
-    // into batch mode and giving it access to |exposed_dir|. This should only
-    // be called on the IO thread. Returns false if there was an error starting
-    // the utility process or putting it into batch mode.
-    bool StartIfNeeded(
-        const base::FilePath& exposed_dir,
-        const scoped_refptr<UtilityProcessHostClient>& client,
-        const scoped_refptr<base::SequencedTaskRunner>& client_task_runner);
-
-    // This should only be called on the IO thread.
-    content::UtilityProcessHost* host() const;
-
-   private:
-    friend struct content::BrowserThread::DeleteOnThread<
-        content::BrowserThread::IO>;
-    friend class base::DeleteHelper<UtilityHostWrapper>;
-    ~UtilityHostWrapper();
-
-    // Should only be used on the IO thread.
-    base::WeakPtr<content::UtilityProcessHost> utility_host_;
-
-    DISALLOW_COPY_AND_ASSIGN(UtilityHostWrapper);
-  };
-
-  // If we unpacked a crx file, we hold on to the path for use in various
-  // histograms.
+  // If we unpacked a CRX file, we hold on to the path name for use
+  // in various histograms.
   base::FilePath crx_path_for_histograms_;
 
-  // Our client.
+  // Our unpacker client.
   scoped_refptr<SandboxedUnpackerClient> client_;
 
   // The Extensions directory inside the profile.
   base::FilePath extensions_dir_;
 
-  // A temporary directory to use for unpacking.
+  // Temporary directory to use for unpacking.
   base::ScopedTempDir temp_dir_;
 
-  // The root directory of the unpacked extension. This is a child of temp_dir_.
+  // Root directory of the unpacked extension (a child of temp_dir_).
   base::FilePath extension_root_;
 
   // Represents the extension we're unpacking.
   scoped_refptr<Extension> extension_;
 
-  // Whether we've received a response from the utility process yet.
-  bool got_response_;
-
   // The public key that was extracted from the CRX header.
   std::string public_key_;
 
-  // The extension's ID. This will be calculated from the public key in the crx
-  // header.
+  // The extension's ID. This will be calculated from the public key
+  // in the CRX header.
   std::string extension_id_;
 
-  // If we unpacked a .crx file, the time at which unpacking started. Used to
-  // compute the time unpacking takes.
+  // If we unpacked a CRX file, the time at which unpacking started.
+  // Used to compute the time unpacking takes.
   base::TimeTicks crx_unpack_start_time_;
 
   // Location to use for the unpacked extension.
   Manifest::Location location_;
 
-  // Creation flags to use for the extension.  These flags will be used
-  // when calling Extenion::Create() by the crx installer.
+  // Creation flags to use for the extension. These flags will be used
+  // when calling Extenion::Create() by the CRX installer.
   int creation_flags_;
 
-  // Sequenced task runner where file I/O operations will be performed at.
+  // Sequenced task runner where file I/O operations will be performed.
   scoped_refptr<base::SequencedTaskRunner> unpacker_io_task_runner_;
 
-  // Used for sending tasks to the utility process.
-  scoped_refptr<UtilityHostWrapper> utility_wrapper_;
+  // Utility client used for sending tasks to the utility process.
+  std::unique_ptr<content::UtilityProcessMojoClient<mojom::ExtensionUnpacker>>
+      utility_process_mojo_client_;
 
   DISALLOW_COPY_AND_ASSIGN(SandboxedUnpacker);
 };
 
 }  // namespace extensions
 
 #endif  // EXTENSIONS_BROWSER_SANDBOXED_UNPACKER_H_