Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(18)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/browser/process_map.h

Issue 426593007: Refactor guest view availability to be API not permission based. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: MostLikelyContextType Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « extensions/browser/extension_function_dispatcher.cc ('k') | extensions/browser/process_map.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/browser/process_map.h
diff --git a/extensions/browser/process_map.h b/extensions/browser/process_map.h
index d7ae8b39e61c4c3325cf6b1546af823ed19f9df5..731bf4f802b6fce085e89f02f4a50f9607c67ebd 100644
--- a/extensions/browser/process_map.h
+++ b/extensions/browser/process_map.h
@@ -95,24 +95,36 @@ class ProcessMap : public KeyedService {
std::set<std::string> GetExtensionsInProcess(int process_id) const;
- // Guesses the most permissive context type for the process with ID
- // |process_id|. Context types are renderer (JavaScript) concepts but the
- // browser can do a decent job in guessing what the process hosts.
+ // Gets the most likely context type for the process with ID |process_id|
+ // which hosts Extension |extension|, if any (may be NULL). Context types are
+ // renderer (JavaScript) concepts but the browser can do a decent job in
+ // guessing what the process hosts.
//
+ // |extension| is the funky part - unfortunately we need to trust the
+ // caller of this method to be correct that indeed the context does feature
+ // an extension. This matters for iframes, where an extension could be
+ // hosted in another extension's process (privilege level needs to be
+ // downgraded) or in a web page's process (privilege level needs to be
+ // upgraded).
+ //
+ // The latter of these is slightly problematic from a security perspective;
+ // if a web page renderer gets owned it could try to pretend it's an
+ // extension and get access to some unprivileged APIs. Luckly, when OOP
+ // iframes lauch, it won't be an issue.
+ //
+ // Anyhow, the expected behaviour is:
// - For hosted app processes, this will be blessed_web_page.
// - For other extension processes, this will be blessed_extension.
// - For WebUI processes, this will be a webui.
- // - For anything else we have the choice of unblessed_extension or
+ // - For any other extension we have the choice of unblessed_extension or
// content_script. Since content scripts are more common, guess that.
// We *could* in theory track which web processes have extension frames
// in them, and those would be unblessed_extension, but we don't at the
// moment, and once OOP iframes exist then there won't even be such a
// thing as an unblessed_extension context.
- //
- // |extension| isn't used to upgrade the process trust level, but rather used
- // as a tiebreaker if a process is found to contain multiple extensions.
- Feature::Context GuessContextType(const Extension* extension,
- int process_id) const;
+ // - For anything else, web_page.
+ Feature::Context GetMostLikelyContextType(const Extension* extension,
+ int process_id) const;
private:
struct Item;
« no previous file with comments | « extensions/browser/extension_function_dispatcher.cc ('k') | extensions/browser/process_map.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698