Add ppapi::PERMISSION_PDF and ppapi::PERMISSION_CROSS_ORIGIN_URL_LOADS
Create a PDF permission for APIs specific to the PDF plugin. Also remove PERMISSION_PRIVATE from PDF as it does not need most of those APIs. One exception is the PPB_URLLoader_Trusted API for which we move permission checking to happen inside ppb_url_loader.cc. Bug: 821266 Change-Id: I5f174d1fd2bff6fb7475956d9b9c772474648515 Reviewed-on: https://chromium-review.googlesource.com/967907 Reviewed-by: John Abd-El-Malek <jam@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Raymes Khoury <raymes@chromium.org> Cr-Commit-Position: refs/heads/master@{#546345}
This commit is contained in:
Raymes Khoury
committed by
Commit Bot
Commit Bot
parent
61c0d46610
commit
85d754a8d4
chrome
common
renderer
content/renderer/pepper
ppapi
@ -112,8 +112,8 @@ const char kPDFPluginExtension[] = "pdf";
|
||||
const char kPDFPluginDescription[] = "Portable Document Format";
|
||||
const char kPDFPluginOutOfProcessMimeType[] =
|
||||
"application/x-google-chrome-pdf";
|
||||
const uint32_t kPDFPluginPermissions =
|
||||
ppapi::PERMISSION_PRIVATE | ppapi::PERMISSION_DEV;
|
||||
const uint32_t kPDFPluginPermissions = ppapi::PERMISSION_PDF |
|
||||
ppapi::PERMISSION_DEV;
|
||||
#endif // BUILDFLAG(ENABLE_PDF)
|
||||
|
||||
content::PepperPluginInfo::GetInterfaceFunc g_pdf_get_interface;
|
||||
|
||||
@ -21,6 +21,7 @@
|
||||
const int32_t kPepperFlashPermissions =
|
||||
ppapi::PERMISSION_DEV | ppapi::PERMISSION_PRIVATE |
|
||||
ppapi::PERMISSION_BYPASS_USER_GESTURE | ppapi::PERMISSION_FLASH;
|
||||
|
||||
namespace {
|
||||
|
||||
// File name of the Pepper Flash component manifest on different platforms.
|
||||
|
||||
@ -119,6 +119,7 @@ bool IsSupportedPepperInterface(const char* name) {
|
||||
#include "ppapi/thunk/interfaces_ppb_private.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_private_flash.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_private_no_permissions.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_private_pdf.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_public_dev.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_public_dev_channel.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_public_stable.h"
|
||||
|
||||
@ -69,7 +69,7 @@ ChromeRendererPepperHostFactory::CreateResourceHost(
|
||||
if (host_->GetPpapiHost()->permissions().HasPermission(
|
||||
ppapi::PERMISSION_FLASH) ||
|
||||
host_->GetPpapiHost()->permissions().HasPermission(
|
||||
ppapi::PERMISSION_PRIVATE)) {
|
||||
ppapi::PERMISSION_PDF)) {
|
||||
switch (message.type()) {
|
||||
case PpapiHostMsg_FlashFontFile_Create::ID: {
|
||||
ppapi::proxy::SerializedFontDescription description;
|
||||
@ -88,7 +88,7 @@ ChromeRendererPepperHostFactory::CreateResourceHost(
|
||||
}
|
||||
|
||||
if (host_->GetPpapiHost()->permissions().HasPermission(
|
||||
ppapi::PERMISSION_PRIVATE)) {
|
||||
ppapi::PERMISSION_PDF)) {
|
||||
switch (message.type()) {
|
||||
case PpapiHostMsg_PDF_Create::ID: {
|
||||
return std::make_unique<pdf::PepperPDFHost>(host_, instance, resource);
|
||||
|
||||
@ -1571,7 +1571,7 @@ void PepperPluginInstanceImpl::StopFind() {
|
||||
}
|
||||
|
||||
bool PepperPluginInstanceImpl::LoadFindInterface() {
|
||||
if (!module_->permissions().HasPermission(ppapi::PERMISSION_PRIVATE))
|
||||
if (!module_->permissions().HasPermission(ppapi::PERMISSION_PDF))
|
||||
return false;
|
||||
if (!plugin_find_interface_) {
|
||||
plugin_find_interface_ = static_cast<const PPP_Find_Private*>(
|
||||
|
||||
@ -309,11 +309,13 @@ int32_t PepperURLLoaderHost::OnHostMsgClose(
|
||||
|
||||
int32_t PepperURLLoaderHost::OnHostMsgGrantUniversalAccess(
|
||||
ppapi::host::HostMessageContext* context) {
|
||||
// Only plugins with private permission can bypass same origin.
|
||||
if (!host()->permissions().HasPermission(ppapi::PERMISSION_PRIVATE))
|
||||
return PP_ERROR_FAILED;
|
||||
has_universal_access_ = true;
|
||||
return PP_OK;
|
||||
// Only plugins with permission can bypass same origin.
|
||||
if (host()->permissions().HasPermission(ppapi::PERMISSION_PDF) ||
|
||||
host()->permissions().HasPermission(ppapi::PERMISSION_FLASH)) {
|
||||
has_universal_access_ = true;
|
||||
return PP_OK;
|
||||
}
|
||||
return PP_ERROR_FAILED;
|
||||
}
|
||||
|
||||
void PepperURLLoaderHost::SendUpdateToPlugin(
|
||||
|
||||
@ -406,6 +406,7 @@ const void* InternalGetInterface(const char* name) {
|
||||
#include "ppapi/thunk/interfaces_ppb_private.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_private_flash.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_private_no_permissions.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_private_pdf.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_public_dev.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_public_dev_channel.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_public_stable.h"
|
||||
|
||||
@ -11,6 +11,12 @@ label Chrome {
|
||||
M14 = 0.3
|
||||
};
|
||||
|
||||
/**
|
||||
* NOTE: Permission checks for functions added to this file must be done in
|
||||
* pepper_url_loader.cc.
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* Callback that indicates the status of the download and upload for the
|
||||
* given URLLoader resource.
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
* found in the LICENSE file.
|
||||
*/
|
||||
|
||||
/* From trusted/ppb_url_loader_trusted.idl modified Wed Oct 5 14:06:02 2011. */
|
||||
/* From trusted/ppb_url_loader_trusted.idl modified Mon Mar 19 13:26:48 2018. */
|
||||
|
||||
#ifndef PPAPI_C_TRUSTED_PPB_URL_LOADER_TRUSTED_H_
|
||||
#define PPAPI_C_TRUSTED_PPB_URL_LOADER_TRUSTED_H_
|
||||
@ -25,6 +25,11 @@
|
||||
* @addtogroup Typedefs
|
||||
* @{
|
||||
*/
|
||||
/**
|
||||
* NOTE: Permission checks for functions added to this file must be done in
|
||||
* pepper_url_loader.cc.
|
||||
*
|
||||
*/
|
||||
/**
|
||||
* Callback that indicates the status of the download and upload for the
|
||||
* given URLLoader resource.
|
||||
|
||||
@ -203,12 +203,16 @@ InterfaceList::InterfaceList() {
|
||||
Permission current_required_permission = PERMISSION_PRIVATE;
|
||||
#include "ppapi/thunk/interfaces_ppb_private.h"
|
||||
}
|
||||
{
|
||||
#if !defined(OS_NACL)
|
||||
{
|
||||
Permission current_required_permission = PERMISSION_FLASH;
|
||||
#include "ppapi/thunk/interfaces_ppb_private_flash.h"
|
||||
#endif // !defined(OS_NACL)
|
||||
}
|
||||
{
|
||||
Permission current_required_permission = PERMISSION_PDF;
|
||||
#include "ppapi/thunk/interfaces_ppb_private_pdf.h"
|
||||
}
|
||||
#endif // !defined(OS_NACL)
|
||||
{
|
||||
Permission current_required_permission = PERMISSION_DEV_CHANNEL;
|
||||
#include "ppapi/thunk/interfaces_ppb_public_dev_channel.h"
|
||||
@ -267,12 +271,11 @@ InterfaceList::InterfaceList() {
|
||||
// TODO(brettw) remove these.
|
||||
AddProxy(API_ID_PPB_INSTANCE_PRIVATE, &ProxyFactory<PPB_Instance_Proxy>);
|
||||
AddPPB(PPB_INSTANCE_PRIVATE_INTERFACE_0_1,
|
||||
thunk::GetPPB_Instance_Private_0_1_Thunk(),
|
||||
PERMISSION_PRIVATE);
|
||||
thunk::GetPPB_Instance_Private_0_1_Thunk(), PERMISSION_PRIVATE);
|
||||
|
||||
AddProxy(API_ID_PPB_VAR_DEPRECATED, &ProxyFactory<PPB_Var_Deprecated_Proxy>);
|
||||
AddPPB(PPB_VAR_DEPRECATED_INTERFACE,
|
||||
PPB_Var_Deprecated_Proxy::GetProxyInterface(), PERMISSION_DEV);
|
||||
PPB_Var_Deprecated_Proxy::GetProxyInterface(), PERMISSION_FLASH);
|
||||
|
||||
// TODO(tomfinegan): Figure out where to put these once we refactor things
|
||||
// to load the PPP interface struct from the PPB interface.
|
||||
|
||||
@ -1003,7 +1003,7 @@ void PPB_Instance_Proxy::OnHostMsgGetDefaultCharSet(
|
||||
|
||||
void PPB_Instance_Proxy::OnHostMsgSetPluginToHandleFindRequests(
|
||||
PP_Instance instance) {
|
||||
if (!dispatcher()->permissions().HasPermission(PERMISSION_PRIVATE))
|
||||
if (!dispatcher()->permissions().HasPermission(PERMISSION_PDF))
|
||||
return;
|
||||
EnterInstanceNoLock enter(instance);
|
||||
if (enter.succeeded())
|
||||
@ -1014,7 +1014,7 @@ void PPB_Instance_Proxy::OnHostMsgNumberOfFindResultsChanged(
|
||||
PP_Instance instance,
|
||||
int32_t total,
|
||||
PP_Bool final_result) {
|
||||
if (!dispatcher()->permissions().HasPermission(PERMISSION_PRIVATE))
|
||||
if (!dispatcher()->permissions().HasPermission(PERMISSION_PDF))
|
||||
return;
|
||||
EnterInstanceNoLock enter(instance);
|
||||
if (enter.succeeded()) {
|
||||
@ -1026,7 +1026,7 @@ void PPB_Instance_Proxy::OnHostMsgNumberOfFindResultsChanged(
|
||||
void PPB_Instance_Proxy::OnHostMsgSelectFindResultChanged(
|
||||
PP_Instance instance,
|
||||
int32_t index) {
|
||||
if (!dispatcher()->permissions().HasPermission(PERMISSION_PRIVATE))
|
||||
if (!dispatcher()->permissions().HasPermission(PERMISSION_PDF))
|
||||
return;
|
||||
EnterInstanceNoLock enter(instance);
|
||||
if (enter.succeeded())
|
||||
@ -1036,7 +1036,7 @@ void PPB_Instance_Proxy::OnHostMsgSelectFindResultChanged(
|
||||
void PPB_Instance_Proxy::OnHostMsgSetTickmarks(
|
||||
PP_Instance instance,
|
||||
const std::vector<PP_Rect>& tickmarks) {
|
||||
if (!dispatcher()->permissions().HasPermission(PERMISSION_PRIVATE))
|
||||
if (!dispatcher()->permissions().HasPermission(PERMISSION_PDF))
|
||||
return;
|
||||
const PP_Rect* array = tickmarks.empty() ? NULL : &tickmarks[0];
|
||||
EnterInstanceNoLock enter(instance);
|
||||
|
||||
@ -317,7 +317,7 @@ const PPB_Var_Deprecated* PPB_Var_Deprecated_Proxy::GetProxyInterface() {
|
||||
}
|
||||
|
||||
bool PPB_Var_Deprecated_Proxy::OnMessageReceived(const IPC::Message& msg) {
|
||||
if (!dispatcher()->permissions().HasPermission(PERMISSION_DEV))
|
||||
if (!dispatcher()->permissions().HasPermission(PERMISSION_FLASH))
|
||||
return false;
|
||||
|
||||
// Prevent the dispatcher from going away during a call to Call or other
|
||||
|
||||
@ -36,7 +36,7 @@ ObjectProxy* ToObjectProxy(void* data) {
|
||||
ObjectProxy* obj = reinterpret_cast<ObjectProxy*>(data);
|
||||
if (!obj || !obj->dispatcher)
|
||||
return NULL;
|
||||
if (!obj->dispatcher->permissions().HasPermission(PERMISSION_DEV))
|
||||
if (!obj->dispatcher->permissions().HasPermission(PERMISSION_FLASH))
|
||||
return NULL;
|
||||
return obj;
|
||||
}
|
||||
|
||||
@ -37,15 +37,17 @@ enum Permission {
|
||||
// Chrome.
|
||||
PERMISSION_DEV_CHANNEL = 1 << 5,
|
||||
|
||||
// PDF-related interfaces.
|
||||
PERMISSION_PDF = 1 << 6,
|
||||
|
||||
// NOTE: If you add stuff be sure to update PERMISSION_ALL_BITS.
|
||||
|
||||
// Meta permission for initializing plugins registered on the command line
|
||||
// that get all permissions.
|
||||
PERMISSION_ALL_BITS = PERMISSION_DEV | PERMISSION_PRIVATE |
|
||||
PERMISSION_BYPASS_USER_GESTURE |
|
||||
PERMISSION_TESTING |
|
||||
PERMISSION_FLASH |
|
||||
PERMISSION_DEV_CHANNEL
|
||||
PERMISSION_BYPASS_USER_GESTURE | PERMISSION_TESTING |
|
||||
PERMISSION_FLASH | PERMISSION_DEV_CHANNEL |
|
||||
PERMISSION_PDF
|
||||
};
|
||||
|
||||
class PPAPI_SHARED_EXPORT PpapiPermissions {
|
||||
|
||||
@ -5,6 +5,8 @@
|
||||
// Please see inteface_ppb_public_stable for the documentation on the format of
|
||||
// this file.
|
||||
|
||||
// no-include-guard-because-multiply-included
|
||||
|
||||
#include "ppapi/thunk/interfaces_preamble.h"
|
||||
|
||||
// See interfaces_ppb_private_no_permissions.h for other private interfaces.
|
||||
@ -33,20 +35,14 @@ PROXIED_IFACE(PPB_FILECHOOSER_TRUSTED_INTERFACE_0_6,
|
||||
PPB_FileChooserTrusted_0_6)
|
||||
PROXIED_IFACE(PPB_FILEREFPRIVATE_INTERFACE_0_1,
|
||||
PPB_FileRefPrivate_0_1)
|
||||
PROXIED_IFACE(PPB_FIND_PRIVATE_INTERFACE_0_3,
|
||||
PPB_Find_Private_0_3)
|
||||
PROXIED_IFACE(PPB_FLASHFULLSCREEN_INTERFACE_0_1,
|
||||
PPB_FlashFullscreen_0_1)
|
||||
PROXIED_IFACE(PPB_FLASHFULLSCREEN_INTERFACE_1_0,
|
||||
PPB_FlashFullscreen_0_1)
|
||||
PROXIED_IFACE(PPB_OUTPUTPROTECTION_PRIVATE_INTERFACE_0_1,
|
||||
PPB_OutputProtection_Private_0_1)
|
||||
PROXIED_IFACE(PPB_PDF_INTERFACE,
|
||||
PPB_PDF)
|
||||
PROXIED_IFACE(PPB_PLATFORMVERIFICATION_PRIVATE_INTERFACE_0_3,
|
||||
PPB_PlatformVerification_Private_0_3)
|
||||
PROXIED_IFACE(PPB_URLLOADERTRUSTED_INTERFACE_0_3,
|
||||
PPB_URLLoaderTrusted_0_3)
|
||||
#endif // !defined(OS_NACL)
|
||||
|
||||
#include "ppapi/thunk/interfaces_postamble.h"
|
||||
|
||||
@ -56,4 +56,8 @@ PROXIED_IFACE(PPB_VIDEOSOURCE_PRIVATE_INTERFACE_0_1,
|
||||
PROXIED_IFACE(PPB_UMA_PRIVATE_INTERFACE_0_3,
|
||||
PPB_UMA_Private_0_3)
|
||||
|
||||
// This has permission checks done in pepper_url_loader_host.cc
|
||||
PROXIED_IFACE(PPB_URLLOADERTRUSTED_INTERFACE_0_3,
|
||||
PPB_URLLoaderTrusted_0_3)
|
||||
|
||||
#include "ppapi/thunk/interfaces_postamble.h"
|
||||
|
||||
19
ppapi/thunk/interfaces_ppb_private_pdf.h
Normal file
19
ppapi/thunk/interfaces_ppb_private_pdf.h
Normal file
@ -0,0 +1,19 @@
|
||||
// Copyright 2018 The Chromium Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style license that can be
|
||||
// found in the LICENSE file.
|
||||
|
||||
// Please see inteface_ppb_public_stable for the documentation on the format of
|
||||
// this file.
|
||||
|
||||
// no-include-guard-because-multiply-included
|
||||
|
||||
#include "ppapi/thunk/interfaces_preamble.h"
|
||||
|
||||
// See interfaces_ppb_private_no_permissions.h for other private interfaces.
|
||||
|
||||
#if !defined(OS_NACL)
|
||||
PROXIED_IFACE(PPB_PDF_INTERFACE, PPB_PDF)
|
||||
PROXIED_IFACE(PPB_FIND_PRIVATE_INTERFACE_0_3, PPB_Find_Private_0_3)
|
||||
#endif // !defined(OS_NACL)
|
||||
|
||||
#include "ppapi/thunk/interfaces_postamble.h"
|
||||
@ -19,11 +19,12 @@
|
||||
} }
|
||||
|
||||
#include "ppapi/thunk/interfaces_ppb_private.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_private_no_permissions.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_private_flash.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_public_stable.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_private_no_permissions.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_private_pdf.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_public_dev.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_public_dev_channel.h"
|
||||
#include "ppapi/thunk/interfaces_ppb_public_stable.h"
|
||||
|
||||
#undef PROXIED_IFACE
|
||||
|
||||
|
||||
Reference in New Issue
Block a user