| Index: extensions/browser/sandboxed_unpacker.h
|
| diff --git a/extensions/browser/sandboxed_unpacker.h b/extensions/browser/sandboxed_unpacker.h
|
| index 47d07b27a537f023e24ff64c5a57b71cf4dd3b10..9007a47cbc3ff41996e81aaba7b17748e4d0b150 100644
|
| --- a/extensions/browser/sandboxed_unpacker.h
|
| +++ b/extensions/browser/sandboxed_unpacker.h
|
| @@ -13,8 +13,7 @@
|
| #include "base/memory/ref_counted_delete_on_sequence.h"
|
| #include "base/memory/weak_ptr.h"
|
| #include "base/time/time.h"
|
| -#include "content/public/browser/browser_thread.h"
|
| -#include "content/public/browser/utility_process_host_client.h"
|
| +#include "content/public/browser/utility_process_mojo_client.h"
|
| #include "extensions/browser/crx_file_info.h"
|
| #include "extensions/browser/install/crx_install_error.h"
|
| #include "extensions/common/manifest.h"
|
| @@ -26,13 +25,13 @@ class DictionaryValue;
|
| class SequencedTaskRunner;
|
| }
|
|
|
| -namespace content {
|
| -class UtilityProcessHost;
|
| -}
|
| -
|
| namespace extensions {
|
| class Extension;
|
|
|
| +namespace mojom {
|
| +class ExtensionUnpacker;
|
| +}
|
| +
|
| class SandboxedUnpackerClient
|
| : public base::RefCountedDeleteOnSequence<SandboxedUnpackerClient> {
|
| public:
|
| @@ -63,32 +62,31 @@ class SandboxedUnpackerClient
|
| friend class base::RefCountedDeleteOnSequence<SandboxedUnpackerClient>;
|
| friend class base::DeleteHelper<SandboxedUnpackerClient>;
|
|
|
| - virtual ~SandboxedUnpackerClient() {}
|
| + virtual ~SandboxedUnpackerClient() = default;
|
| };
|
|
|
| // SandboxedUnpacker does work to optionally unpack and then validate/sanitize
|
| -// an extension, either starting from a crx file or an already unzipped
|
| -// directory (eg from differential update). This is done in a sandboxed
|
| -// subprocess to protect the browser process from parsing complex formats like
|
| -// JPEG or JSON from untrusted sources.
|
| -//
|
| -// Unpacking an extension using this class makes minor changes to its source,
|
| -// such as transcoding all images to PNG, parsing all message catalogs
|
| -// and rewriting the manifest JSON. As such, it should not be used when the
|
| -// output is not intended to be given back to the author.
|
| +// an extension, either starting from a crx file, or else an already unzipped
|
| +// directory (eg., from a differential update). This is done in a sandboxed
|
| +// subprocess to protect the browser process from parsing complex data formats
|
| +// like JPEG or JSON from untrusted sources.
|
| //
|
| +// Unpacking an extension using this class makes changes to its source, such as
|
| +// transcoding all images to PNG, parsing all message catalogs, and rewriting
|
| +// the manifest JSON. As such, it should not be used when the output is not
|
| +// intended to be given back to the author.
|
| //
|
| // Lifetime management:
|
| //
|
| // This class is ref-counted by each call it makes to itself on another thread,
|
| -// and by UtilityProcessHost.
|
| +// and by UtilityProcessMojoClient.
|
| //
|
| -// Additionally, we hold a reference to our own client so that it lives at least
|
| +// Additionally, we hold a reference to our own client so that the client lives
|
| // long enough to receive the result of unpacking.
|
| //
|
| +// NOTE: This class should only be used on the FILE thread.
|
| //
|
| -// NOTE: This class should only be used on the file thread.
|
| -class SandboxedUnpacker : public content::UtilityProcessHostClient {
|
| +class SandboxedUnpacker : public base::RefCountedThreadSafe<SandboxedUnpacker> {
|
| public:
|
| // Creates a SanboxedUnpacker that will do work to unpack an extension,
|
| // passing the |location| and |creation_flags| to Extension::Create. The
|
| @@ -111,7 +109,7 @@ class SandboxedUnpacker : public content::UtilityProcessHostClient {
|
| const base::FilePath& directory);
|
|
|
| private:
|
| - class ProcessHostClient;
|
| + friend class base::RefCountedThreadSafe<SandboxedUnpacker>;
|
|
|
| // Enumerate all the ways unpacking can fail. Calls to ReportFailure()
|
| // take a failure reason as an argument, and put it in histogram
|
| @@ -125,14 +123,14 @@ class SandboxedUnpacker : public content::UtilityProcessHostClient {
|
| FAILED_TO_COPY_EXTENSION_FILE_TO_TEMP_DIRECTORY,
|
| COULD_NOT_GET_SANDBOX_FRIENDLY_PATH,
|
|
|
| - // SandboxedUnpacker::OnUnpackExtensionSucceeded()
|
| + // SandboxedUnpacker::UnpackExtensionSucceeded()
|
| COULD_NOT_LOCALIZE_EXTENSION,
|
| INVALID_MANIFEST,
|
|
|
| - // SandboxedUnpacker::OnUnpackExtensionFailed()
|
| + // SandboxedUnpacker::UnpackExtensionFailed()
|
| UNPACKER_CLIENT_FAILED,
|
|
|
| - // SandboxedUnpacker::OnProcessCrashed()
|
| + // SandboxedUnpacker::UtilityProcessCrashed()
|
| UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL,
|
|
|
| // SandboxedUnpacker::ValidateSignature()
|
| @@ -174,45 +172,48 @@ class SandboxedUnpacker : public content::UtilityProcessHostClient {
|
|
|
| UNZIP_FAILED,
|
| DIRECTORY_MOVE_FAILED,
|
| - COULD_NOT_START_UTILITY_PROCESS,
|
|
|
| NUM_FAILURE_REASONS
|
| };
|
|
|
| - friend class ProcessHostClient;
|
| friend class SandboxedUnpackerTest;
|
|
|
| - ~SandboxedUnpacker() override;
|
| + ~SandboxedUnpacker();
|
|
|
| - // Set |temp_dir_| as a temporary directory to unpack the extension in.
|
| - // Return true on success.
|
| - virtual bool CreateTempDirectory();
|
| + // Create |temp_dir_| used to unzip or unpack the extension in.
|
| + bool CreateTempDirectory();
|
|
|
| - // Helper functions to simplify calls to ReportFailure.
|
| + // Helper functions to simplify calling ReportFailure.
|
| base::string16 FailureReasonToString16(FailureReason reason);
|
| void FailWithPackageError(FailureReason reason);
|
|
|
| // Validates the signature of the extension and extract the key to
|
| - // |public_key_|. Returns true if the signature validates, false otherwise.
|
| + // |public_key_|. True if the signature validates, false otherwise.
|
| bool ValidateSignature(const base::FilePath& crx_path,
|
| const std::string& expected_hash);
|
|
|
| - void StartUnzipOnIOThread(const base::FilePath& crx_path);
|
| - void StartUnpackOnIOThread(const base::FilePath& directory_path);
|
| + // Ensures the utility process is created.
|
| + void StartUtilityProcessIfNeeded();
|
|
|
| - // UtilityProcessHostClient
|
| - bool OnMessageReceived(const IPC::Message& message) override;
|
| - void OnProcessCrashed(int exit_code) override;
|
| + // Utility process crashed or failed while trying to install.
|
| + void UtilityProcessCrashed();
|
|
|
| - // IPC message handlers.
|
| - void OnUnzipToDirSucceeded(const base::FilePath& directory);
|
| - void OnUnzipToDirFailed(const std::string& error);
|
| - void OnUnpackExtensionSucceeded(const base::DictionaryValue& manifest);
|
| - void OnUnpackExtensionFailed(const base::string16& error_message);
|
| + // Unzips the extension into directory.
|
| + void Unzip(const base::FilePath& crx_path);
|
| + void UnzipDone(const base::FilePath& directory, bool success);
|
|
|
| - void ReportFailure(FailureReason reason, const base::string16& message);
|
| - void ReportSuccess(const base::DictionaryValue& original_manifest,
|
| + // Unpacks the extension in directory and returns the manifest.
|
| + void Unpack(const base::FilePath& directory);
|
| + void UnpackDone(const base::string16& error,
|
| + std::unique_ptr<base::DictionaryValue> manifest);
|
| + void UnpackExtensionSucceeded(
|
| + std::unique_ptr<base::DictionaryValue> manifest);
|
| + void UnpackExtensionFailed(const base::string16& error);
|
| +
|
| + // Reports unpack success or failure, or unzip failure.
|
| + void ReportSuccess(std::unique_ptr<base::DictionaryValue> original_manifest,
|
| const SkBitmap& install_icon);
|
| + void ReportFailure(FailureReason reason, const base::string16& error);
|
|
|
| // Overwrites original manifest with safe result from utility process.
|
| // Returns NULL on error. Caller owns the returned object.
|
| @@ -227,83 +228,49 @@ class SandboxedUnpacker : public content::UtilityProcessHostClient {
|
| // Cleans up temp directory artifacts.
|
| void Cleanup();
|
|
|
| - // This is a helper class to make it easier to keep track of the lifecycle of
|
| - // a UtilityProcessHost, including automatic begin and end of batch mode.
|
| - class UtilityHostWrapper : public base::RefCountedThreadSafe<
|
| - UtilityHostWrapper,
|
| - content::BrowserThread::DeleteOnIOThread> {
|
| - public:
|
| - UtilityHostWrapper();
|
| -
|
| - // Start up the utility process if it is not already started, putting it
|
| - // into batch mode and giving it access to |exposed_dir|. This should only
|
| - // be called on the IO thread. Returns false if there was an error starting
|
| - // the utility process or putting it into batch mode.
|
| - bool StartIfNeeded(
|
| - const base::FilePath& exposed_dir,
|
| - const scoped_refptr<UtilityProcessHostClient>& client,
|
| - const scoped_refptr<base::SequencedTaskRunner>& client_task_runner);
|
| -
|
| - // This should only be called on the IO thread.
|
| - content::UtilityProcessHost* host() const;
|
| -
|
| - private:
|
| - friend struct content::BrowserThread::DeleteOnThread<
|
| - content::BrowserThread::IO>;
|
| - friend class base::DeleteHelper<UtilityHostWrapper>;
|
| - ~UtilityHostWrapper();
|
| -
|
| - // Should only be used on the IO thread.
|
| - base::WeakPtr<content::UtilityProcessHost> utility_host_;
|
| -
|
| - DISALLOW_COPY_AND_ASSIGN(UtilityHostWrapper);
|
| - };
|
| -
|
| - // If we unpacked a crx file, we hold on to the path for use in various
|
| - // histograms.
|
| + // If we unpacked a CRX file, we hold on to the path name for use
|
| + // in various histograms.
|
| base::FilePath crx_path_for_histograms_;
|
|
|
| - // Our client.
|
| + // Our unpacker client.
|
| scoped_refptr<SandboxedUnpackerClient> client_;
|
|
|
| // The Extensions directory inside the profile.
|
| base::FilePath extensions_dir_;
|
|
|
| - // A temporary directory to use for unpacking.
|
| + // Temporary directory to use for unpacking.
|
| base::ScopedTempDir temp_dir_;
|
|
|
| - // The root directory of the unpacked extension. This is a child of temp_dir_.
|
| + // Root directory of the unpacked extension (a child of temp_dir_).
|
| base::FilePath extension_root_;
|
|
|
| // Represents the extension we're unpacking.
|
| scoped_refptr<Extension> extension_;
|
|
|
| - // Whether we've received a response from the utility process yet.
|
| - bool got_response_;
|
| -
|
| // The public key that was extracted from the CRX header.
|
| std::string public_key_;
|
|
|
| - // The extension's ID. This will be calculated from the public key in the crx
|
| - // header.
|
| + // The extension's ID. This will be calculated from the public key
|
| + // in the CRX header.
|
| std::string extension_id_;
|
|
|
| - // If we unpacked a .crx file, the time at which unpacking started. Used to
|
| - // compute the time unpacking takes.
|
| + // If we unpacked a CRX file, the time at which unpacking started.
|
| + // Used to compute the time unpacking takes.
|
| base::TimeTicks crx_unpack_start_time_;
|
|
|
| // Location to use for the unpacked extension.
|
| Manifest::Location location_;
|
|
|
| - // Creation flags to use for the extension. These flags will be used
|
| - // when calling Extenion::Create() by the crx installer.
|
| + // Creation flags to use for the extension. These flags will be used
|
| + // when calling Extenion::Create() by the CRX installer.
|
| int creation_flags_;
|
|
|
| - // Sequenced task runner where file I/O operations will be performed at.
|
| + // Sequenced task runner where file I/O operations will be performed.
|
| scoped_refptr<base::SequencedTaskRunner> unpacker_io_task_runner_;
|
|
|
| - // Used for sending tasks to the utility process.
|
| - scoped_refptr<UtilityHostWrapper> utility_wrapper_;
|
| + // Utility client used for sending tasks to the utility process.
|
| + std::unique_ptr<content::UtilityProcessMojoClient<mojom::ExtensionUnpacker>>
|
| + utility_process_mojo_client_;
|
|
|
| DISALLOW_COPY_AND_ASSIGN(SandboxedUnpacker);
|
| };
|
|
|
Chromium Code Reviews
Issue 2697463002:
Convert utility process extension Unpacker IPC to mojo (Closed)
