chrome/browser/ui/android/context_menu_helper.cc - Issue 2945903002: Rendering the image in the sandbox for security

Side by Side Diff: chrome/browser/ui/android/context_menu_helper.cc

Issue 2945903002: Rendering the image in the sandbox for security (Closed)

Patch Set: Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« chrome/android/java/src/org/chromium/chrome/browser/contextmenu/TabularContextMenuUi.java ('K') | « chrome/browser/ui/android/context_menu_helper.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/ui/android/context_menu_helper.h"	5 #include "chrome/browser/ui/android/context_menu_helper.h"

6	6

7 #include <stdint.h>	7 #include <stdint.h>

8	8

9 #include <vector>	9 #include <vector>

10	10

11 #include "base/android/callback_android.h"	11 #include "base/android/callback_android.h"

12 #include "base/android/jni_string.h"	12 #include "base/android/jni_string.h"

13 #include "base/bind_helpers.h"	13 #include "base/bind_helpers.h"

14 #include "base/callback.h"	14 #include "base/callback.h"

15 #include "chrome/browser/android/download/download_controller_base.h"	15 #include "chrome/browser/android/download/download_controller_base.h"

	16 #include "chrome/browser/image_decoder.h"

16 #include "chrome/browser/ui/tab_contents/core_tab_helper.h"	17 #include "chrome/browser/ui/tab_contents/core_tab_helper.h"

17 #include "chrome/common/thumbnail_capturer.mojom.h"	18 #include "chrome/common/thumbnail_capturer.mojom.h"

18 #include "components/data_reduction_proxy/core/common/data_reduction_proxy_heade rs.h"	19 #include "components/data_reduction_proxy/core/common/data_reduction_proxy_heade rs.h"

19 #include "content/public/browser/android/content_view_core.h"	20 #include "content/public/browser/android/content_view_core.h"

20 #include "content/public/browser/render_frame_host.h"	21 #include "content/public/browser/render_frame_host.h"

21 #include "content/public/browser/render_process_host.h"	22 #include "content/public/browser/render_process_host.h"

22 #include "content/public/common/context_menu_params.h"	23 #include "content/public/common/context_menu_params.h"

23 #include "jni/ContextMenuHelper_jni.h"	24 #include "jni/ContextMenuHelper_jni.h"

24 #include "jni/ContextMenuParams_jni.h"	25 #include "jni/ContextMenuParams_jni.h"

	26 #include "services/data_decoder/public/cpp/decode_image.h"
	Ted C 2017/06/21 00:18:02 why do you need this? why do you need this? Daniel Park 2017/06/22 00:54:09 Done. Show quoted text On 2017/06/21 00:18:02, Ted C wrote: > why do you need this? Done.
25 #include "services/service_manager/public/cpp/interface_provider.h"	27 #include "services/service_manager/public/cpp/interface_provider.h"

26 #include "third_party/WebKit/public/web/WebContextMenuData.h"	28 #include "third_party/WebKit/public/web/WebContextMenuData.h"

	29 #include "ui/gfx/android/java_bitmap.h"

27 #include "ui/gfx/geometry/point.h"	30 #include "ui/gfx/geometry/point.h"

28 #include "ui/gfx/geometry/size.h"	31 #include "ui/gfx/geometry/size.h"

29	32

30 using base::android::ConvertJavaStringToUTF8;	33 using base::android::ConvertJavaStringToUTF8;

31 using base::android::ConvertUTF8ToJavaString;	34 using base::android::ConvertUTF8ToJavaString;

32 using base::android::ConvertUTF16ToJavaString;	35 using base::android::ConvertUTF16ToJavaString;

33 using base::android::JavaParamRef;	36 using base::android::JavaParamRef;

34	37

35 DEFINE_WEB_CONTENTS_USER_DATA_KEY(ContextMenuHelper);	38 DEFINE_WEB_CONTENTS_USER_DATA_KEY(ContextMenuHelper);

36	39

37 const char kDataReductionProxyPassthroughHeader[] =	40 const char kDataReductionProxyPassthroughHeader[] =

38 "Chrome-Proxy-Accept-Transform: identity\r\n";	41 "Chrome-Proxy-Accept-Transform: identity\r\n";

39	42

40 namespace {	43 namespace {

41	44

42 void OnRetrieveImage(chrome::mojom::ThumbnailCapturerPtr thumbnail_capturer,	45 class ContextMenuHelperImageRequest : public ImageDecoder::ImageRequest {

43 const base::android::JavaRef<jobject>& jcallback,	46 public:

44 const std::vector<uint8_t>& thumbnail_data,	47 static void Create(const base::android::JavaRef<jobject>& jcallback,

45 const gfx::Size& original_size) {	48 const std::vector<uint8_t>& thumbnail_data) {

	49 new ContextMenuHelperImageRequest(jcallback, thumbnail_data);

	50 }

	51

	52 protected:

	53 void OnImageDecoded(const SkBitmap& decoded_image) override {

	54 base::android::RunCallbackAndroid(jcallback_,

	55 gfx::ConvertToJavaBitmap(&decoded_image));

	56 delete this;
	gone 2017/06/20 00:32:39 Still need to figure out the right way to deal wit Still need to figure out the right way to deal with this memory management, but I'm not the right guy. Might be worth asking Ted or someone else familiar with native memory _stuff_. dominickn@ is a solid choice. Daniel Park 2017/06/21 00:01:23 Acknowledged. Show quoted text On 2017/06/20 00:32:39, dfalcantara wrote: > Still need to figure out the right way to deal with this memory management, but > I'm not the right guy. Might be worth asking Ted or someone else familiar with > native memory _stuff_. dominickn@ is a solid choice. Acknowledged. dominickn 2017/06/21 00:12:49 This is fine. There's only one way to create this This is fine. There's only one way to create this object (static factory constructor), and it owns itself. Perhaps just add a comment above ::Create: // This object owns itself. It will be deleted when image decoding finishes or fails. Ted C 2017/06/21 00:18:02 The main thing is to look at who owns this request Show quoted text On 2017/06/20 00:32:39, dfalcantara wrote: > Still need to figure out the right way to deal with this memory management, but > I'm not the right guy. Might be worth asking Ted or someone else familiar with > native memory _stuff_. dominickn@ is a solid choice. The main thing is to look at who owns this request. Passing to the decoder does not take ownership (it uses a std::map of pointers and erase does not clear the pointer reference, so we're good there). In general, this looks OK to me.
	57 }

	58

	59 void OnDecodeImageFailed() override {

	60 base::android::ScopedJavaLocalRef<jobject> j_bitmap;

	61 base::android::RunCallbackAndroid(jcallback_, j_bitmap);

	62 delete this;

	63 }

	64

	65 private:

	66 ContextMenuHelperImageRequest(

	67 const base::android::JavaRef<jobject>& jcallback,

	68 const std::vector<uint8_t>& thumbnail_data)

	69 : jcallback_(jcallback) {

	70 ImageDecoder::Start(this, thumbnail_data);
	Ted C 2017/06/21 00:18:02 I wouldn't start this in the constructor. I would I wouldn't start this in the constructor. I would actually suggest renaming your static function above to Start as well, then that would create a new object and call ImageDecoder::Start with it. In general, I try not to have constructor's "do" anything. Daniel Park 2017/06/22 00:54:09 Done. Show quoted text On 2017/06/21 00:18:02, Ted C wrote: > I wouldn't start this in the constructor. I would actually suggest renaming > your static function above to Start as well, then that would create a new object > and call ImageDecoder::Start with it. > > In general, I try not to have constructor's "do" anything. Done.
	71 }

	72

	73 const base::android::ScopedJavaGlobalRef<jobject> jcallback_;

	74

	75 DISALLOW_IMPLICIT_CONSTRUCTORS(ContextMenuHelperImageRequest);

	76 };

	77

	78 void OnRetrieveImageForShare(

	79 chrome::mojom::ThumbnailCapturerPtr thumbnail_capturer,

	80 const base::android::JavaRef<jobject>& jcallback,

	81 const std::vector<uint8_t>& thumbnail_data,

	82 const gfx::Size& original_size) {

46 base::android::RunCallbackAndroid(jcallback, thumbnail_data);	83 base::android::RunCallbackAndroid(jcallback, thumbnail_data);

47 }	84 }

48	85

	86 void OnRetrieveImageForContextMenu(

	87 chrome::mojom::ThumbnailCapturerPtr thumbnail_capturer,

	88 const base::android::JavaRef<jobject>& jcallback,

	89 const std::vector<uint8_t>& thumbnail_data,

	90 const gfx::Size& original_size) {

	91 ContextMenuHelperImageRequest::Create(jcallback, thumbnail_data);

	92 }

	93

49 } // namespace	94 } // namespace

50	95

51 ContextMenuHelper::ContextMenuHelper(content::WebContents* web_contents)	96 ContextMenuHelper::ContextMenuHelper(content::WebContents* web_contents)

52 : web_contents_(web_contents) {	97 : web_contents_(web_contents) {

53 JNIEnv* env = base::android::AttachCurrentThread();	98 JNIEnv* env = base::android::AttachCurrentThread();

54 java_obj_.Reset(	99 java_obj_.Reset(

55 env,	100 env,

56 Java_ContextMenuHelper_create(env, reinterpret_cast<long>(this)).obj());	101 Java_ContextMenuHelper_create(env, reinterpret_cast<long>(this)).obj());

57 DCHECK(!java_obj_.is_null());	102 DCHECK(!java_obj_.is_null());

58 }	103 }

(...skipping 95 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
154 const JavaParamRef<jobject>& obj) {	199 const JavaParamRef<jobject>& obj) {

155 content::RenderFrameHost* render_frame_host =	200 content::RenderFrameHost* render_frame_host =

156 content::RenderFrameHost::FromID(render_process_id_, render_frame_id_);	201 content::RenderFrameHost::FromID(render_process_id_, render_frame_id_);

157 if (!render_frame_host)	202 if (!render_frame_host)

158 return;	203 return;

159	204

160 CoreTabHelper::FromWebContents(web_contents_)->SearchByImageInNewTab(	205 CoreTabHelper::FromWebContents(web_contents_)->SearchByImageInNewTab(

161 render_frame_host, context_menu_params_.src_url);	206 render_frame_host, context_menu_params_.src_url);

162 }	207 }

163	208

164 void ContextMenuHelper::RetrieveImage(JNIEnv* env,	209 void ContextMenuHelper::RetrieveImageForShare(

165 const JavaParamRef<jobject>& obj,	210 JNIEnv* env,

166 const JavaParamRef<jobject>& jcallback,	211 const JavaParamRef<jobject>& obj,

167 jint max_dimen_px) {	212 const JavaParamRef<jobject>& jcallback,

	213 jint max_dimen_px) {

168 content::RenderFrameHost* render_frame_host =	214 content::RenderFrameHost* render_frame_host =

169 content::RenderFrameHost::FromID(render_process_id_, render_frame_id_);	215 content::RenderFrameHost::FromID(render_process_id_, render_frame_id_);

170 if (!render_frame_host)	216 if (!render_frame_host)

	217 return;

	218

	219 chrome::mojom::ThumbnailCapturerPtr thumbnail_capturer;

	220 render_frame_host->GetRemoteInterfaces()->GetInterface(&thumbnail_capturer);

	221 // Bind the InterfacePtr into the callback so that it's kept alive until
	gone 2017/06/20 00:32:39 InterfacePtr? You're not using one. InterfacePtr? You're not using one. Daniel Park 2017/06/21 00:01:24 Done. Show quoted text On 2017/06/20 00:32:39, dfalcantara wrote: > InterfacePtr? You're not using one. Done. Ted C 2017/06/21 00:18:02 The InterfacePtr is hidden behind the auto* Show quoted text On 2017/06/20 00:32:39, dfalcantara wrote: > InterfacePtr? You're not using one. The InterfacePtr is hidden behind the auto*
	222 // there's either a connection error or a response.

	223 auto* thumbnail_capturer_proxy = thumbnail_capturer.get();

	224 thumbnail_capturer_proxy->RequestThumbnailForContextNode(

	225 0, gfx::Size(max_dimen_px, max_dimen_px),

	226 base::Bind(&OnRetrieveImageForShare, base::Passed(&thumbnail_capturer),

	227 base::android::ScopedJavaGlobalRef<jobject>(env, jcallback)));

	228 }

	229

	230 void ContextMenuHelper::RetrieveImageForContextMenu(
	Ted C 2017/06/21 00:18:02 In general, I think we should be able to create a In general, I think we should be able to create a helper function to combine the bulk of this and above functions. The function pointers are really the only difference I see here. Talking with dtrainor@ and I think we could do something like: using ImageRetrieveCallback = base::Callback<void( chrome::mojom::ThumbnailCapturerPtr, const base::android::JavaRef<jobject>&, const std::vector<uint8_t>&, const gfx::Size&)>; void ContextMenuHelper::RetrieveImageForShare( JNIEnv* env, const JavaParamRef<jobject>& obj, const JavaParamRef<jobject>& jcallback, jint max_dimen_px) { RetrieveImageInternal(base::Bind(&OnRetrieveImageForShare), jcallback, max_dimen_px); } void ContextMenuHelper::RetrieveImageInternal( const ImageRetrieveCallback& retrieve_callback, jcallback, max_dimen_px) { ... .. . thumbnail_capturer_proxy->RequestThumbnailForContextNode( 0, gfx::Size(max_dimen_px, max_dimen_px), base::Bind(retrieve_callback, base::Passed(....))); } Daniel Park 2017/06/22 00:54:09 Done. Show quoted text On 2017/06/21 00:18:02, Ted C wrote: > In general, I think we should be able to create a helper function to combine the > bulk of this and above functions. The function pointers are really the only > difference I see here. > > Talking with dtrainor@ and I think we could do something like: > > using ImageRetrieveCallback = base::Callback<void( > chrome::mojom::ThumbnailCapturerPtr, > const base::android::JavaRef<jobject>&, > const std::vector<uint8_t>&, > const gfx::Size&)>; > > void ContextMenuHelper::RetrieveImageForShare( > JNIEnv* env, > const JavaParamRef<jobject>& obj, > const JavaParamRef<jobject>& jcallback, > jint max_dimen_px) { > RetrieveImageInternal(base::Bind(&OnRetrieveImageForShare), jcallback, > max_dimen_px); > } > > void ContextMenuHelper::RetrieveImageInternal( > const ImageRetrieveCallback& retrieve_callback, jcallback, max_dimen_px) { > ... > .. > . > thumbnail_capturer_proxy->RequestThumbnailForContextNode( > 0, gfx::Size(max_dimen_px, max_dimen_px), > base::Bind(retrieve_callback, base::Passed(....))); > > } > Done.
	231 JNIEnv* env,

	232 const JavaParamRef<jobject>& obj,

	233 const JavaParamRef<jobject>& jcallback,

	234 jint max_dimen_px) {

	235 content::RenderFrameHost* render_frame_host =

	236 content::RenderFrameHost::FromID(render_process_id_, render_frame_id_);

	237 if (!render_frame_host)

171 return;	238 return;

172	239

173 chrome::mojom::ThumbnailCapturerPtr thumbnail_capturer;	240 chrome::mojom::ThumbnailCapturerPtr thumbnail_capturer;

174 render_frame_host->GetRemoteInterfaces()->GetInterface(&thumbnail_capturer);	241 render_frame_host->GetRemoteInterfaces()->GetInterface(&thumbnail_capturer);

175 // Bind the InterfacePtr into the callback so that it's kept alive until	242 // Bind the InterfacePtr into the callback so that it's kept alive until

176 // there's either a connection error or a response.	243 // there's either a connection error or a response.

177 auto* thumbnail_capturer_proxy = thumbnail_capturer.get();	244 auto* thumbnail_capturer_proxy = thumbnail_capturer.get();

178 thumbnail_capturer_proxy->RequestThumbnailForContextNode(	245 thumbnail_capturer_proxy->RequestThumbnailForContextNode(

179 0, gfx::Size(max_dimen_px, max_dimen_px),	246 0, gfx::Size(max_dimen_px, max_dimen_px),

180 base::Bind(&OnRetrieveImage, base::Passed(&thumbnail_capturer),	247 base::Bind(&OnRetrieveImageForContextMenu,

	248 base::Passed(&thumbnail_capturer),

181 base::android::ScopedJavaGlobalRef<jobject>(env, jcallback)));	249 base::android::ScopedJavaGlobalRef<jobject>(env, jcallback)));

182 }	250 }

183	251

184 bool RegisterContextMenuHelper(JNIEnv* env) {	252 bool RegisterContextMenuHelper(JNIEnv* env) {

185 return RegisterNativesImpl(env);	253 return RegisterNativesImpl(env);

186 }	254 }

OLD	NEW