Launches a privileged utility process.

chrome/utility/chrome_content_utility_client.h

Index: chrome/utility/chrome_content_utility_client.h
diff --git a/chrome/utility/chrome_content_utility_client.h b/chrome/utility/chrome_content_utility_client.h
index 4f8187ef044ffb62faa76e2c42726f3c1aa69211..895202fec6fd5c7855f141256286755f965e2036 100644
--- a/chrome/utility/chrome_content_utility_client.h
+++ b/chrome/utility/chrome_content_utility_client.h
@@ -40,6 +40,13 @@ class ChromeContentUtilityClient : public content::ContentUtilityClient {
 
   static void PreSandboxStartup();
 
+  // Adds a message handler to the utility client.  This will take ownership of
+  // the handler.
+  void AddHandler(UtilityMessageHandler* handler);

[jam, 2014/01/30 21:41:03]

hmm, these two methods are only added for a unittest. given how simple the
functionality is that we're testing, are you sure we need to test this?

[Drew Haven, 2014/01/31 20:00:12]

Since this has security implications, I feel like we'd like to have tests.  For
the other test with the UAC I'll remove it, but I'd like to leave this one. 
Perhaps I should change the functions to make the names more test-oriented or
reduce the access (e.g. protected).

[jam, 2014/02/01 01:09:10]

I understand the need to test. Perhaps there are other ways.

It seems that ChromeContentUtilityClientTest.MessageWhitelistAccept can be added
later when we actually have a whitelisted IPC. Then the test can use an existing
IPC used for production.

ChromeContentUtilityClientTest.MessageWhitelistReject doesn't need to add a
handler? i.e. it can check the return code of OnMessageReceived

ChromeContentUtilityClientTest.NoWhitelistUnelevated is checking that current
behavior of utility process works. It seems you can check the return code of
OnMessageReceived here as well. Also note that this is already tested through
other unittests which use the utility process code.

[Drew Haven, 2014/02/04 21:25:54]

Okay, that generally sounds good.  Once we start adding new IPCs that should
only be run when elevated then we can test that they are properly whitelisted in
their tests and we don't really need these generic tests and extra methods.

I'll pull out all these tests.  In my next CL when I actually use this feature,
I'll test there.

+
+  // Adds a message type to the whitelist.
+  void AddWhitelistMessageType(int message_type);
+
  private:
   // IPC message handlers.
   void OnUnpackExtension(const base::FilePath& extension_path,
@@ -106,6 +113,11 @@ class ChromeContentUtilityClient : public content::ContentUtilityClient {
   typedef ScopedVector<UtilityMessageHandler> Handlers;
   Handlers handlers_;
 
+  // Flag to enable whitelisting.
+  bool filter_messages_;
+  // A list of message_ids to filter.
+  std::set<int> message_id_whitelist_;
+
   DISALLOW_COPY_AND_ASSIGN(ChromeContentUtilityClient);
 };