Implement Connector::ApplySpec() & use to enforce navigation:frame

services/service_manager/service_manager.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "services/service_manager/service_manager.h"
 
 #include <stdint.h>
 
 #include <utility>
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/guid.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
 #include "base/process/process.h"
 #include "base/process/process_handle.h"
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
 #include "base/trace_event/trace_event.h"
 #include "mojo/public/cpp/bindings/associated_binding.h"
 #include "mojo/public/cpp/bindings/binding.h"
 #include "mojo/public/cpp/bindings/binding_set.h"
+#include "mojo/public/cpp/bindings/strong_binding.h"
 #include "services/catalog/public/interfaces/constants.mojom.h"
 #include "services/service_manager/connect_util.h"
 #include "services/service_manager/public/cpp/connector.h"
 #include "services/service_manager/public/cpp/interface_registry.h"
 #include "services/service_manager/public/cpp/service.h"
 #include "services/service_manager/public/cpp/service_context.h"
 #include "services/service_manager/public/interfaces/connector.mojom.h"
 #include "services/service_manager/public/interfaces/constants.mojom.h"
 #include "services/service_manager/public/interfaces/service.mojom.h"
 #include "services/service_manager/public/interfaces/service_control.mojom.h"
@@ skipping 35 matching lines @@
 }
 
 bool HasCapability(const InterfaceProviderSpec& spec,
                    const std::string& capability) {
   auto it = spec.requires.find(service_manager::mojom::kServiceName);
   if (it == spec.requires.end())
     return false;
   return it->second.find(capability) != it->second.end();
 }
 
+bool AllowsInterface(const Identity& source,
+                     const InterfaceProviderSpec& source_spec,
+                     const Identity& target,
+                     const InterfaceProviderSpec& target_spec,
+                     const std::string& interface_name) {
+  InterfaceSet exposed =
+      GetInterfacesToExpose(source_spec, target, target_spec);
+  bool allowed = (exposed.size() == 1 && exposed.count("*") == 1) ||
+                 exposed.count(interface_name) > 0;
+  if (!allowed) {
+    std::stringstream ss;
+    ss << "Connection InterfaceProviderSpec prevented service: "
+       << source.name() << " from binding interface: " << interface_name
+       << " exposed by: " << target.name();
+    LOG(ERROR) << ss.str();
+  }
+  return allowed;
+}
+
 // Encapsulates a connection to an instance of a service, tracked by the
 // Service Manager.
 class ServiceManager::Instance
     : public mojom::Connector,
       public mojom::PIDReceiver,
       public Service,
       public mojom::ServiceManager,
       public mojom::ServiceControl {
  public:
   Instance(service_manager::ServiceManager* service_manager,
@@ skipping 48 matching lines @@
     std::unique_ptr<ConnectParams> params(std::move(*in_params));
     InterfaceProviderSpecMap source_specs;
     InterfaceProviderSpec source_connection_spec;
     Instance* source =
         service_manager_->GetExistingInstance(params->source());
     if (source) {
       source_specs = source->interface_provider_specs_;
       source_connection_spec = source->GetConnectionSpec();
     }
 
-    InterfaceSet exposed = GetInterfacesToExpose(source_connection_spec,
-                                                 identity_,
-                                                 GetConnectionSpec());
-    bool allowed = (exposed.size() == 1 && exposed.count("*") == 1) ||
-        exposed.count(params->interface_name()) > 0;
-    if (!allowed) {
-      std::stringstream ss;
-      ss << "Connection InterfaceProviderSpec prevented service: "
-         << params->source().name() << " from binding interface: "
-         << params->interface_name() << " exposed by: " << identity_.name();
-      LOG(ERROR) << ss.str();
+    if (!AllowsInterface(params->source(), source_connection_spec, identity_,
+                         GetConnectionSpec(), params->interface_name())) {
       params->set_response_data(mojom::ConnectResult::ACCESS_DENIED, identity_);
       return false;
     }
 
     params->set_response_data(mojom::ConnectResult::SUCCEEDED, identity_);
 
     pending_service_connections_++;
     service_->OnBindInterface(
         ServiceInfo(params->source(), source_specs),
         params->interface_name(),
@@ skipping 39 matching lines @@
 
   mojom::RunningServiceInfoPtr CreateRunningServiceInfo() const {
     mojom::RunningServiceInfoPtr info(mojom::RunningServiceInfo::New());
     info->id = id_;
     info->identity = identity_;
     info->pid = pid_;
     return info;
   }
 
   const InterfaceProviderSpec& GetConnectionSpec() const {
-    auto it = interface_provider_specs_.find(
-        mojom::kServiceManager_ConnectorSpec);
+    return GetSpecNamed(mojom::kServiceManager_ConnectorSpec);
+  }
+  bool HasSpecNamed(const std::string& spec) const {

[Ken Rockot(use gerrit already), 2017/04/26 04:32:48]

nits: GetSpec and HasSpec? And vertical whitespace between methods.

+    auto it = interface_provider_specs_.find(spec);
+    return it != interface_provider_specs_.end();
+  }
+  const InterfaceProviderSpec& GetSpecNamed(const std::string& spec) const {
+    auto it = interface_provider_specs_.find(spec);
     return it != interface_provider_specs_.end() ? it->second : empty_spec_;
   }
+
   const Identity& identity() const { return identity_; }
   void set_identity(const Identity& identity) { identity_ = identity; }
   uint32_t id() const { return id_; }
 
   // Service:
   void OnBindInterface(const ServiceInfo& source_info,
                        const std::string& interface_name,
                        mojo::ScopedMessagePipeHandle interface_pipe) override {
     Instance* source =
         service_manager_->GetExistingInstance(source_info.identity);
     DCHECK(source);
     if (interface_name == mojom::ServiceManager::Name_ &&
         HasCapability(source->GetConnectionSpec(),
                       kCapability_ServiceManager)) {
       mojom::ServiceManagerRequest request =
           mojo::MakeRequest<mojom::ServiceManager>(std::move(interface_pipe));
       service_manager_bindings_.AddBinding(this, std::move(request));
     }
   }
 
  private:
-   enum class State {
+  enum class State {
     // The service was not started yet.
     IDLE,
 
     // The service was started but the service manager hasn't received the
     // initial response from it yet.
     STARTING,
 
     // The service was started successfully.
     STARTED
   };
 
+  class InterfaceProviderImpl : public mojom::InterfaceProvider {
+   public:
+    InterfaceProviderImpl(const std::string& spec,
+                          const Identity& source_identity,
+                          const Identity& target_identity,
+                          service_manager::ServiceManager* service_manager,
+                          mojom::InterfaceProviderPtr target)
+        : spec_(spec),
+          source_identity_(source_identity),
+          target_identity_(target_identity),
+          service_manager_(service_manager),
+          target_(std::move(target)) {}
+    ~InterfaceProviderImpl() override {}
+
+   private:
+    // mojom::InterfaceProvider:
+    void GetInterface(const std::string& interface_name,
+                      mojo::ScopedMessagePipeHandle interface_pipe) override {
+      Instance* source =
+          service_manager_->GetExistingInstance(source_identity_);
+      Instance* target =
+          service_manager_->GetExistingInstance(target_identity_);
+      if (!source || !target)
+        return;
+      if (!ValidateSpec(source) || !ValidateSpec(target))
+        return;
+
+      if (AllowsInterface(source_identity_, source->GetSpecNamed(spec_),
+                          target_identity_, target->GetSpecNamed(spec_),
+                          interface_name)) {
+        target_->GetInterface(interface_name, std::move(interface_pipe));
+      }
+    }
+
+    bool ValidateSpec(Instance* instance) const {
+      if (!instance->HasSpecNamed(spec_)) {
+        LOG(ERROR) << "Instance for: " << instance->identity().name()
+                   << " did not have spec named: " << spec_;
+        return false;
+      }
+      return true;
+    }
+
+    const std::string spec_;
+    const Identity source_identity_;
+    const Identity target_identity_;
+    service_manager::ServiceManager* service_manager_;

[Ken Rockot(use gerrit already), 2017/04/26 04:32:48]

nit: this could be const too (service_manager::ServiceManager* const
service_manager_)

+
+    mojom::InterfaceProviderPtr target_;
+
+    DISALLOW_COPY_AND_ASSIGN(InterfaceProviderImpl);
+  };
+
   // mojom::Connector implementation:
-   void BindInterface(const service_manager::Identity& in_target,
-                      const std::string& interface_name,
-                      mojo::ScopedMessagePipeHandle interface_pipe,
-                      const BindInterfaceCallback& callback) override {
-     Identity target = in_target;
-     mojom::ConnectResult result =
-         ValidateConnectParams(&target, nullptr, nullptr);
-     if (!Succeeded(result)) {
-       callback.Run(result, Identity());
-       return;
-     }
+  void BindInterface(const service_manager::Identity& in_target,
+                     const std::string& interface_name,
+                     mojo::ScopedMessagePipeHandle interface_pipe,
+                     const BindInterfaceCallback& callback) override {
+    Identity target = in_target;
+    mojom::ConnectResult result =
+        ValidateConnectParams(&target, nullptr, nullptr);
+    if (!Succeeded(result)) {
+      callback.Run(result, Identity());
+      return;
+    }
 
-     std::unique_ptr<ConnectParams> params(new ConnectParams);
-     params->set_source(identity_);
-     params->set_target(target);
-     params->set_interface_request_info(interface_name,
-                                        std::move(interface_pipe));
-     params->set_start_service_callback(callback);
-     service_manager_->Connect(std::move(params), weak_factory_.GetWeakPtr());
-   }
+    std::unique_ptr<ConnectParams> params(new ConnectParams);
+    params->set_source(identity_);
+    params->set_target(target);
+    params->set_interface_request_info(interface_name,
+                                       std::move(interface_pipe));
+    params->set_start_service_callback(callback);
+    service_manager_->Connect(std::move(params), weak_factory_.GetWeakPtr());
+  }
 
-   void StartService(const Identity& in_target,
-                     const StartServiceCallback& callback) override {
-     Identity target = in_target;
-     mojom::ConnectResult result =
-         ValidateConnectParams(&target, nullptr, nullptr);
-     if (!Succeeded(result)) {
-       callback.Run(result, Identity());
-       return;
-     }
+  void StartService(const Identity& in_target,
+                    const StartServiceCallback& callback) override {
+    Identity target = in_target;
+    mojom::ConnectResult result =
+        ValidateConnectParams(&target, nullptr, nullptr);
+    if (!Succeeded(result)) {
+      callback.Run(result, Identity());
+      return;
+    }
 
-     std::unique_ptr<ConnectParams> params(new ConnectParams);
-     params->set_source(identity_);
-     params->set_target(target);
-     params->set_start_service_callback(callback);
-     service_manager_->Connect(std::move(params), weak_factory_.GetWeakPtr());
-   }
+    std::unique_ptr<ConnectParams> params(new ConnectParams);
+    params->set_source(identity_);
+    params->set_target(target);
+    params->set_start_service_callback(callback);
+    service_manager_->Connect(std::move(params), weak_factory_.GetWeakPtr());
+  }
 
-   void StartServiceWithProcess(
-       const Identity& in_target,
-       mojo::ScopedMessagePipeHandle service_handle,
-       mojom::PIDReceiverRequest pid_receiver_request,
-       const StartServiceWithProcessCallback& callback) override {
-     Identity target = in_target;
-     mojom::ConnectResult result =
-         ValidateConnectParams(&target, nullptr, nullptr);
-     if (!Succeeded(result)) {
-       callback.Run(result, Identity());
-       return;
-     }
+  void StartServiceWithProcess(
+      const Identity& in_target,
+      mojo::ScopedMessagePipeHandle service_handle,
+      mojom::PIDReceiverRequest pid_receiver_request,
+      const StartServiceWithProcessCallback& callback) override {
+    Identity target = in_target;
+    mojom::ConnectResult result =
+        ValidateConnectParams(&target, nullptr, nullptr);
+    if (!Succeeded(result)) {
+      callback.Run(result, Identity());
+      return;
+    }
 
-     std::unique_ptr<ConnectParams> params(new ConnectParams);
-     params->set_source(identity_);
-     params->set_target(target);
+    std::unique_ptr<ConnectParams> params(new ConnectParams);
+    params->set_source(identity_);
+    params->set_target(target);
 
-     mojom::ServicePtr service;
-     service.Bind(mojom::ServicePtrInfo(std::move(service_handle), 0));
-     params->set_client_process_info(std::move(service),
-                                     std::move(pid_receiver_request));
-     params->set_start_service_callback(callback);
-     service_manager_->Connect(std::move(params), weak_factory_.GetWeakPtr());
+    mojom::ServicePtr service;
+    service.Bind(mojom::ServicePtrInfo(std::move(service_handle), 0));
+    params->set_client_process_info(std::move(service),
+                                    std::move(pid_receiver_request));
+    params->set_start_service_callback(callback);
+    service_manager_->Connect(std::move(params), weak_factory_.GetWeakPtr());
   }
 
   void Clone(mojom::ConnectorRequest request) override {
     connectors_.AddBinding(this, std::move(request));
   }
 
+  void ApplySpec(const std::string& spec,
+                 const Identity& source,
+                 mojom::InterfaceProviderRequest source_request,
+                 mojom::InterfaceProviderPtr target) override {
+    mojo::MakeStrongBinding(

[Ken Rockot(use gerrit already), 2017/04/26 04:32:48]

It's not safe to use StrongBinding here if you're going to hold a raw pointer to
ServiceManager. How about just having InterfaceProviderImpl own its own Binding,
and let Instance own all its active InterfaceProviderImpls?

+        base::MakeUnique<InterfaceProviderImpl>(
+            spec, source, identity_, service_manager_, std::move(target)),
+        std::move(source_request));
+  }
+
   // mojom::PIDReceiver:
   void SetPID(uint32_t pid) override {
     PIDAvailable(pid);
   }
 
   // mojom::ServiceManager implementation:
   void AddListener(mojom::ServiceManagerListenerPtr listener) override {
     // TODO(beng): this should only track the instances matching this user, and
     // root.
     service_manager_->AddListener(std::move(listener));
@@ skipping 667 matching lines @@
                             instance->identity());
   if (params->HasInterfaceRequestInfo())
     instance->CallOnBindInterface(&params);
 }
 
 base::WeakPtr<ServiceManager> ServiceManager::GetWeakPtr() {
   return weak_ptr_factory_.GetWeakPtr();
 }
 
 }  // namespace service_manager