Remote Assistance on Chrome OS Part III - NativeMessageHost

chrome/browser/extensions/api/messaging/message_service.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/api/messaging/message_service.h"
 
 #include "base/atomic_sequence_num.h"
 #include "base/bind.h"
 #include "base/callback.h"
 #include "base/json/json_writer.h"
 #include "base/lazy_instance.h"
 #include "base/metrics/histogram.h"
+#include "base/prefs/pref_service.h"
 #include "base/stl_util.h"
 #include "base/values.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/extensions/api/messaging/extension_message_port.h"
 #include "chrome/browser/extensions/api/messaging/incognito_connectability.h"
 #include "chrome/browser/extensions/api/messaging/native_message_port.h"
 #include "chrome/browser/extensions/api/tabs/tabs_constants.h"
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/extensions/extension_tab_util.h"
 #include "chrome/browser/extensions/extension_util.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/tab_contents/tab_util.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/render_widget_host.h"
 #include "content/public/browser/render_widget_host_view.h"
 #include "content/public/browser/site_instance.h"
 #include "content/public/browser/web_contents.h"
 #include "extensions/browser/extension_host.h"
 #include "extensions/browser/extension_system.h"
 #include "extensions/browser/extensions_browser_client.h"
 #include "extensions/browser/lazy_background_task_queue.h"
+#include "extensions/browser/pref_names.h"
 #include "extensions/browser/process_manager.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/manifest_constants.h"
 #include "extensions/common/manifest_handlers/background_info.h"
 #include "extensions/common/manifest_handlers/externally_connectable.h"
 #include "extensions/common/manifest_handlers/incognito_info.h"
 #include "extensions/common/permissions/permissions_data.h"
 #include "net/base/completion_callback.h"
 #include "url/gurl.h"
 
 using content::BrowserContext;
 using content::SiteInstance;
 using content::WebContents;
 
 // Since we have 2 ports for every channel, we just index channels by half the
 // port ID.
 #define GET_CHANNEL_ID(port_id) ((port_id) / 2)
 #define GET_CHANNEL_OPENER_ID(channel_id) ((channel_id) * 2)
 #define GET_CHANNEL_RECEIVERS_ID(channel_id) ((channel_id) * 2 + 1)
 
 // Port1 is always even, port2 is always odd.
 #define IS_OPENER_PORT_ID(port_id) (((port_id) & 1) == 0)
 
 // Change even to odd and vice versa, to get the other side of a given channel.
 #define GET_OPPOSITE_PORT_ID(source_port_id) ((source_port_id) ^ 1)
 
 namespace extensions {
 
+namespace {
+
+enum PolicyPermission {
+  DISALLOW,           // The host is not allowed.
+  ALLOW_SYSTEM_ONLY,  // Allowed only when installed on system level.
+  ALLOW_ALL,          // Allowed when installed on system or user level.
+};
+
+PolicyPermission IsNativeMessagingHostAllowed(
+    const PrefService* pref_service,
+    const std::string& native_host_name) {
+  PolicyPermission allow_result = ALLOW_ALL;
+  if (pref_service->IsManagedPreference(
+          pref_names::kNativeMessagingUserLevelHosts)) {
+    if (!pref_service->GetBoolean(pref_names::kNativeMessagingUserLevelHosts))
+      allow_result = ALLOW_SYSTEM_ONLY;
+  }
+
+  // All native messaging hosts are allowed if there is no blacklist.
+  if (!pref_service->IsManagedPreference(pref_names::kNativeMessagingBlacklist))
+    return allow_result;
+  const base::ListValue* blacklist =
+      pref_service->GetList(pref_names::kNativeMessagingBlacklist);
+  if (!blacklist)
+    return allow_result;
+
+  // Check if the name or the wildcard is in the blacklist.
+  base::StringValue name_value(native_host_name);
+  base::StringValue wildcard_value("*");
+  if (blacklist->Find(name_value) == blacklist->end() &&
+      blacklist->Find(wildcard_value) == blacklist->end()) {
+    return allow_result;
+  }
+
+  // The native messaging host is blacklisted. Check the whitelist.
+  if (pref_service->IsManagedPreference(
+          pref_names::kNativeMessagingWhitelist)) {
+    const base::ListValue* whitelist =
+        pref_service->GetList(pref_names::kNativeMessagingWhitelist);
+    if (whitelist && whitelist->Find(name_value) != whitelist->end())
+      return allow_result;
+  }
+
+  return DISALLOW;
+}
+
+}  // namespace
+
 const char kReceivingEndDoesntExistError[] =
     "Could not establish connection. Receiving end does not exist.";
 #if defined(OS_WIN) || defined(OS_MACOSX) || defined(OS_LINUX)
 const char kMissingPermissionError[] =
     "Access to native messaging requires nativeMessaging permission.";
 const char kProhibitedByPoliciesError[] =
     "Access to the native messaging host was disabled by the system "
     "administrator.";
 #endif
 
@@ skipping 290 matching lines @@
   }
 
   if (!has_permission) {
     DispatchOnDisconnect(source, receiver_port_id, kMissingPermissionError);
     return;
   }
 
   PrefService* pref_service = profile->GetPrefs();
 
   // Verify that the host is not blocked by policies.
-  NativeMessageProcessHost::PolicyPermission policy_permission =
-      NativeMessageProcessHost::IsHostAllowed(pref_service, native_app_name);
-  if (policy_permission == NativeMessageProcessHost::DISALLOW) {
+  PolicyPermission policy_permission =
+      IsNativeMessagingHostAllowed(pref_service, native_app_name);
+  if (policy_permission == DISALLOW) {
     DispatchOnDisconnect(source, receiver_port_id, kProhibitedByPoliciesError);
     return;
   }
 
   scoped_ptr<MessageChannel> channel(new MessageChannel());
   channel->opener.reset(new ExtensionMessagePort(source, MSG_ROUTING_CONTROL,
                                                  source_extension_id));
 
   // Get handle of the native view and pass it to the native messaging host.
   gfx::NativeView native_view =
       content::RenderWidgetHost::FromID(source_process_id, source_routing_id)->
           GetView()->GetNativeView();
 
-  scoped_ptr<NativeMessageProcessHost> native_process =
-      NativeMessageProcessHost::Create(
-          native_view,
-          base::WeakPtr<NativeMessageProcessHost::Client>(
-              weak_factory_.GetWeakPtr()),
-          source_extension_id, native_app_name, receiver_port_id,
-          policy_permission == NativeMessageProcessHost::ALLOW_ALL);
+  scoped_ptr<NativeMessageHost> native_host = NativeMessageHost::Create(
+      native_view,
+      source_extension_id,
+      native_app_name,
+      policy_permission == ALLOW_ALL);
 
   // Abandon the channel.
-  if (!native_process.get()) {
+  if (!native_host.get()) {
     LOG(ERROR) << "Failed to create native process.";
     DispatchOnDisconnect(
         source, receiver_port_id, kReceivingEndDoesntExistError);
     return;
   }
-  channel->receiver.reset(new NativeMessagePort(native_process.release()));
+  channel->receiver.reset(new NativeMessagePort(
+      weak_factory_.GetWeakPtr(), receiver_port_id, native_host.Pass()));
 
   // Keep the opener alive until the channel is closed.
   channel->opener->IncrementLazyKeepaliveCount();
 
   AddChannel(channel.release(), receiver_port_id);
 #else  // !(defined(OS_WIN) || defined(OS_MACOSX) || defined(OS_LINUX))
   const char kNativeMessagingNotSupportedError[] =
       "Native Messaging is not supported on this platform.";
   DispatchOnDisconnect(
       source, receiver_port_id, kNativeMessagingNotSupportedError);
@@ skipping 139 matching lines @@
   if (iter == channels_.end()) {
     // If this channel is pending, queue up the PostMessage to run once
     // the channel opens.
     EnqueuePendingMessage(source_port_id, channel_id, message);
     return;
   }
 
   DispatchMessage(source_port_id, iter->second, message);
 }
 
-void MessageService::PostMessageFromNativeProcess(int port_id,
-                                                  const std::string& message) {
-  PostMessage(port_id, Message(message, false /* user_gesture */));
-}
-
 void MessageService::Observe(int type,
                              const content::NotificationSource& source,
                              const content::NotificationDetails& details) {
   switch (type) {
     case content::NOTIFICATION_RENDERER_PROCESS_TERMINATED:
     case content::NOTIFICATION_RENDERER_PROCESS_CLOSED: {
       content::RenderProcessHost* renderer =
           content::Source<content::RenderProcessHost>(source).ptr();
       OnProcessClosed(renderer);
       break;
@@ skipping 175 matching lines @@
 }
 
 void MessageService::DispatchOnDisconnect(content::RenderProcessHost* source,
                                           int port_id,
                                           const std::string& error_message) {
   ExtensionMessagePort port(source, MSG_ROUTING_CONTROL, "");
   port.DispatchOnDisconnect(GET_OPPOSITE_PORT_ID(port_id), error_message);
 }
 
 }  // namespace extensions