chromium/src
0
Fork 0
Code Activity

Add ppapi::PERMISSION_PDF and ppapi::PERMISSION_CROSS_ORIGIN_URL_LOADS

Browse Source 
Create a PDF permission for APIs specific to the PDF plugin. Also remove
PERMISSION_PRIVATE from PDF as it does not need most of those APIs. One
exception is the PPB_URLLoader_Trusted API for which we move permission
checking to happen inside ppb_url_loader.cc.

Bug: 821266
Change-Id: I5f174d1fd2bff6fb7475956d9b9c772474648515
Reviewed-on: https://chromium-review.googlesource.com/967907
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Raymes Khoury <raymes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#546345}
This commit is contained in:
Raymes Khoury
2018-03-28 00:57:24 +00:00
committed by Commit Bot
parent 61c0d46610
commit 85d754a8d4
18 changed files with 75 additions and 34 deletions

4
chrome/common/chrome_content_client.cc

@@ -112,8 +112,8 @@ const char kPDFPluginExtension[] = "pdf";
const char kPDFPluginDescription[] = "Portable Document Format"; const char kPDFPluginDescription[] = "Portable Document Format";
const char kPDFPluginOutOfProcessMimeType[] = const char kPDFPluginOutOfProcessMimeType[] =
"application/x-google-chrome-pdf"; "application/x-google-chrome-pdf";
const uint32_t kPDFPluginPermissions = const uint32_t kPDFPluginPermissions = ppapi::PERMISSION_PDF |
ppapi::PERMISSION_PRIVATE | ppapi::PERMISSION_DEV; ppapi::PERMISSION_DEV;
#endif // BUILDFLAG(ENABLE_PDF) #endif // BUILDFLAG(ENABLE_PDF)
content::PepperPluginInfo::GetInterfaceFunc g_pdf_get_interface; content::PepperPluginInfo::GetInterfaceFunc g_pdf_get_interface;

1
chrome/common/pepper_flash.cc

@@ -21,6 +21,7 @@
const int32_t kPepperFlashPermissions = const int32_t kPepperFlashPermissions =
ppapi::PERMISSION_DEV | ppapi::PERMISSION_PRIVATE | ppapi::PERMISSION_DEV | ppapi::PERMISSION_PRIVATE |
ppapi::PERMISSION_BYPASS_USER_GESTURE | ppapi::PERMISSION_FLASH; ppapi::PERMISSION_BYPASS_USER_GESTURE | ppapi::PERMISSION_FLASH;
namespace { namespace {
// File name of the Pepper Flash component manifest on different platforms. // File name of the Pepper Flash component manifest on different platforms.

1
chrome/common/ppapi_utils.cc

@@ -119,6 +119,7 @@ bool IsSupportedPepperInterface(const char* name) {
#include "ppapi/thunk/interfaces_ppb_private.h" #include "ppapi/thunk/interfaces_ppb_private.h"
#include "ppapi/thunk/interfaces_ppb_private_flash.h" #include "ppapi/thunk/interfaces_ppb_private_flash.h"
#include "ppapi/thunk/interfaces_ppb_private_no_permissions.h" #include "ppapi/thunk/interfaces_ppb_private_no_permissions.h"
#include "ppapi/thunk/interfaces_ppb_private_pdf.h"
#include "ppapi/thunk/interfaces_ppb_public_dev.h" #include "ppapi/thunk/interfaces_ppb_public_dev.h"
#include "ppapi/thunk/interfaces_ppb_public_dev_channel.h" #include "ppapi/thunk/interfaces_ppb_public_dev_channel.h"
#include "ppapi/thunk/interfaces_ppb_public_stable.h" #include "ppapi/thunk/interfaces_ppb_public_stable.h"

4
chrome/renderer/pepper/chrome_renderer_pepper_host_factory.cc

@@ -69,7 +69,7 @@ ChromeRendererPepperHostFactory::CreateResourceHost(
if (host_->GetPpapiHost()->permissions().HasPermission( if (host_->GetPpapiHost()->permissions().HasPermission(
ppapi::PERMISSION_FLASH) || ppapi::PERMISSION_FLASH) ||
host_->GetPpapiHost()->permissions().HasPermission( host_->GetPpapiHost()->permissions().HasPermission(
ppapi::PERMISSION_PRIVATE)) { ppapi::PERMISSION_PDF)) {
switch (message.type()) { switch (message.type()) {
case PpapiHostMsg_FlashFontFile_Create::ID: { case PpapiHostMsg_FlashFontFile_Create::ID: {
ppapi::proxy::SerializedFontDescription description; ppapi::proxy::SerializedFontDescription description;
@@ -88,7 +88,7 @@ ChromeRendererPepperHostFactory::CreateResourceHost(
} }
if (host_->GetPpapiHost()->permissions().HasPermission( if (host_->GetPpapiHost()->permissions().HasPermission(
ppapi::PERMISSION_PRIVATE)) { ppapi::PERMISSION_PDF)) {
switch (message.type()) { switch (message.type()) {
case PpapiHostMsg_PDF_Create::ID: { case PpapiHostMsg_PDF_Create::ID: {
return std::make_unique<pdf::PepperPDFHost>(host_, instance, resource); return std::make_unique<pdf::PepperPDFHost>(host_, instance, resource);

2
content/renderer/pepper/pepper_plugin_instance_impl.cc

@@ -1571,7 +1571,7 @@ void PepperPluginInstanceImpl::StopFind() {
} }
bool PepperPluginInstanceImpl::LoadFindInterface() { bool PepperPluginInstanceImpl::LoadFindInterface() {
if (!module_->permissions().HasPermission(ppapi::PERMISSION_PRIVATE)) if (!module_->permissions().HasPermission(ppapi::PERMISSION_PDF))
return false; return false;
if (!plugin_find_interface_) { if (!plugin_find_interface_) {
plugin_find_interface_ = static_cast<const PPP_Find_Private*>( plugin_find_interface_ = static_cast<const PPP_Find_Private*>(

12
content/renderer/pepper/pepper_url_loader_host.cc

@@ -309,11 +309,13 @@ int32_t PepperURLLoaderHost::OnHostMsgClose(
int32_t PepperURLLoaderHost::OnHostMsgGrantUniversalAccess( int32_t PepperURLLoaderHost::OnHostMsgGrantUniversalAccess(
ppapi::host::HostMessageContext* context) { ppapi::host::HostMessageContext* context) {
// Only plugins with private permission can bypass same origin. // Only plugins with permission can bypass same origin.
if (!host()->permissions().HasPermission(ppapi::PERMISSION_PRIVATE)) if (host()->permissions().HasPermission(ppapi::PERMISSION_PDF) ||
return PP_ERROR_FAILED; host()->permissions().HasPermission(ppapi::PERMISSION_FLASH)) {
has_universal_access_ = true; has_universal_access_ = true;
return PP_OK; return PP_OK;
}
return PP_ERROR_FAILED;
} }
void PepperURLLoaderHost::SendUpdateToPlugin( void PepperURLLoaderHost::SendUpdateToPlugin(

1
content/renderer/pepper/plugin_module.cc

@@ -406,6 +406,7 @@ const void* InternalGetInterface(const char* name) {
#include "ppapi/thunk/interfaces_ppb_private.h" #include "ppapi/thunk/interfaces_ppb_private.h"
#include "ppapi/thunk/interfaces_ppb_private_flash.h" #include "ppapi/thunk/interfaces_ppb_private_flash.h"
#include "ppapi/thunk/interfaces_ppb_private_no_permissions.h" #include "ppapi/thunk/interfaces_ppb_private_no_permissions.h"
#include "ppapi/thunk/interfaces_ppb_private_pdf.h"
#include "ppapi/thunk/interfaces_ppb_public_dev.h" #include "ppapi/thunk/interfaces_ppb_public_dev.h"
#include "ppapi/thunk/interfaces_ppb_public_dev_channel.h" #include "ppapi/thunk/interfaces_ppb_public_dev_channel.h"
#include "ppapi/thunk/interfaces_ppb_public_stable.h" #include "ppapi/thunk/interfaces_ppb_public_stable.h"

6
ppapi/api/trusted/ppb_url_loader_trusted.idl

@@ -11,6 +11,12 @@ label Chrome {
M14 = 0.3 M14 = 0.3
}; };
/**
* NOTE: Permission checks for functions added to this file must be done in
* pepper_url_loader.cc.
*
*/
/** /**
* Callback that indicates the status of the download and upload for the * Callback that indicates the status of the download and upload for the
* given URLLoader resource. * given URLLoader resource.

7
ppapi/c/trusted/ppb_url_loader_trusted.h

@@ -3,7 +3,7 @@
* found in the LICENSE file. * found in the LICENSE file.
*/ */
/* From trusted/ppb_url_loader_trusted.idl modified Wed Oct 5 14:06:02 2011. */ /* From trusted/ppb_url_loader_trusted.idl modified Mon Mar 19 13:26:48 2018. */
#ifndef PPAPI_C_TRUSTED_PPB_URL_LOADER_TRUSTED_H_ #ifndef PPAPI_C_TRUSTED_PPB_URL_LOADER_TRUSTED_H_
#define PPAPI_C_TRUSTED_PPB_URL_LOADER_TRUSTED_H_ #define PPAPI_C_TRUSTED_PPB_URL_LOADER_TRUSTED_H_
@@ -25,6 +25,11 @@
* @addtogroup Typedefs * @addtogroup Typedefs
* @{ * @{
*/ */
/**
* NOTE: Permission checks for functions added to this file must be done in
* pepper_url_loader.cc.
*
*/
/** /**
* Callback that indicates the status of the download and upload for the * Callback that indicates the status of the download and upload for the
* given URLLoader resource. * given URLLoader resource.

13
ppapi/proxy/interface_list.cc

@@ -203,12 +203,16 @@ InterfaceList::InterfaceList() {
Permission current_required_permission = PERMISSION_PRIVATE; Permission current_required_permission = PERMISSION_PRIVATE;
#include "ppapi/thunk/interfaces_ppb_private.h" #include "ppapi/thunk/interfaces_ppb_private.h"
} }
{
#if !defined(OS_NACL) #if !defined(OS_NACL)
{
Permission current_required_permission = PERMISSION_FLASH; Permission current_required_permission = PERMISSION_FLASH;
#include "ppapi/thunk/interfaces_ppb_private_flash.h" #include "ppapi/thunk/interfaces_ppb_private_flash.h"
#endif // !defined(OS_NACL)
} }
{
Permission current_required_permission = PERMISSION_PDF;
#include "ppapi/thunk/interfaces_ppb_private_pdf.h"
}
#endif // !defined(OS_NACL)
{ {
Permission current_required_permission = PERMISSION_DEV_CHANNEL; Permission current_required_permission = PERMISSION_DEV_CHANNEL;
#include "ppapi/thunk/interfaces_ppb_public_dev_channel.h" #include "ppapi/thunk/interfaces_ppb_public_dev_channel.h"
@@ -267,12 +271,11 @@ InterfaceList::InterfaceList() {
// TODO(brettw) remove these. // TODO(brettw) remove these.
AddProxy(API_ID_PPB_INSTANCE_PRIVATE, &ProxyFactory<PPB_Instance_Proxy>); AddProxy(API_ID_PPB_INSTANCE_PRIVATE, &ProxyFactory<PPB_Instance_Proxy>);
AddPPB(PPB_INSTANCE_PRIVATE_INTERFACE_0_1, AddPPB(PPB_INSTANCE_PRIVATE_INTERFACE_0_1,
thunk::GetPPB_Instance_Private_0_1_Thunk(), thunk::GetPPB_Instance_Private_0_1_Thunk(), PERMISSION_PRIVATE);
PERMISSION_PRIVATE);
AddProxy(API_ID_PPB_VAR_DEPRECATED, &ProxyFactory<PPB_Var_Deprecated_Proxy>); AddProxy(API_ID_PPB_VAR_DEPRECATED, &ProxyFactory<PPB_Var_Deprecated_Proxy>);
AddPPB(PPB_VAR_DEPRECATED_INTERFACE, AddPPB(PPB_VAR_DEPRECATED_INTERFACE,
PPB_Var_Deprecated_Proxy::GetProxyInterface(), PERMISSION_DEV); PPB_Var_Deprecated_Proxy::GetProxyInterface(), PERMISSION_FLASH);
// TODO(tomfinegan): Figure out where to put these once we refactor things // TODO(tomfinegan): Figure out where to put these once we refactor things
// to load the PPP interface struct from the PPB interface. // to load the PPP interface struct from the PPB interface.

8
ppapi/proxy/ppb_instance_proxy.cc

@@ -1003,7 +1003,7 @@ void PPB_Instance_Proxy::OnHostMsgGetDefaultCharSet(
void PPB_Instance_Proxy::OnHostMsgSetPluginToHandleFindRequests( void PPB_Instance_Proxy::OnHostMsgSetPluginToHandleFindRequests(
PP_Instance instance) { PP_Instance instance) {
if (!dispatcher()->permissions().HasPermission(PERMISSION_PRIVATE)) if (!dispatcher()->permissions().HasPermission(PERMISSION_PDF))
return; return;
EnterInstanceNoLock enter(instance); EnterInstanceNoLock enter(instance);
if (enter.succeeded()) if (enter.succeeded())
@@ -1014,7 +1014,7 @@ void PPB_Instance_Proxy::OnHostMsgNumberOfFindResultsChanged(
PP_Instance instance, PP_Instance instance,
int32_t total, int32_t total,
PP_Bool final_result) { PP_Bool final_result) {
if (!dispatcher()->permissions().HasPermission(PERMISSION_PRIVATE)) if (!dispatcher()->permissions().HasPermission(PERMISSION_PDF))
return; return;
EnterInstanceNoLock enter(instance); EnterInstanceNoLock enter(instance);
if (enter.succeeded()) { if (enter.succeeded()) {
@@ -1026,7 +1026,7 @@ void PPB_Instance_Proxy::OnHostMsgNumberOfFindResultsChanged(
void PPB_Instance_Proxy::OnHostMsgSelectFindResultChanged( void PPB_Instance_Proxy::OnHostMsgSelectFindResultChanged(
PP_Instance instance, PP_Instance instance,
int32_t index) { int32_t index) {
if (!dispatcher()->permissions().HasPermission(PERMISSION_PRIVATE)) if (!dispatcher()->permissions().HasPermission(PERMISSION_PDF))
return; return;
EnterInstanceNoLock enter(instance); EnterInstanceNoLock enter(instance);
if (enter.succeeded()) if (enter.succeeded())
@@ -1036,7 +1036,7 @@ void PPB_Instance_Proxy::OnHostMsgSelectFindResultChanged(
void PPB_Instance_Proxy::OnHostMsgSetTickmarks( void PPB_Instance_Proxy::OnHostMsgSetTickmarks(
PP_Instance instance, PP_Instance instance,
const std::vector<PP_Rect>& tickmarks) { const std::vector<PP_Rect>& tickmarks) {
if (!dispatcher()->permissions().HasPermission(PERMISSION_PRIVATE)) if (!dispatcher()->permissions().HasPermission(PERMISSION_PDF))
return; return;
const PP_Rect* array = tickmarks.empty() ? NULL : &tickmarks[0]; const PP_Rect* array = tickmarks.empty() ? NULL : &tickmarks[0];
EnterInstanceNoLock enter(instance); EnterInstanceNoLock enter(instance);

2
ppapi/proxy/ppb_var_deprecated_proxy.cc

@@ -317,7 +317,7 @@ const PPB_Var_Deprecated* PPB_Var_Deprecated_Proxy::GetProxyInterface() {
} }
bool PPB_Var_Deprecated_Proxy::OnMessageReceived(const IPC::Message& msg) { bool PPB_Var_Deprecated_Proxy::OnMessageReceived(const IPC::Message& msg) {
if (!dispatcher()->permissions().HasPermission(PERMISSION_DEV)) if (!dispatcher()->permissions().HasPermission(PERMISSION_FLASH))
return false; return false;
// Prevent the dispatcher from going away during a call to Call or other // Prevent the dispatcher from going away during a call to Call or other

2
ppapi/proxy/ppp_class_proxy.cc

@@ -36,7 +36,7 @@ ObjectProxy* ToObjectProxy(void* data) {
ObjectProxy* obj = reinterpret_cast<ObjectProxy*>(data); ObjectProxy* obj = reinterpret_cast<ObjectProxy*>(data);
if (!obj || !obj->dispatcher) if (!obj || !obj->dispatcher)
return NULL; return NULL;
if (!obj->dispatcher->permissions().HasPermission(PERMISSION_DEV)) if (!obj->dispatcher->permissions().HasPermission(PERMISSION_FLASH))
return NULL; return NULL;
return obj; return obj;
} }

10
ppapi/shared_impl/ppapi_permissions.h

@@ -37,15 +37,17 @@ enum Permission {
// Chrome. // Chrome.
PERMISSION_DEV_CHANNEL = 1 << 5, PERMISSION_DEV_CHANNEL = 1 << 5,
// PDF-related interfaces.
PERMISSION_PDF = 1 << 6,
// NOTE: If you add stuff be sure to update PERMISSION_ALL_BITS. // NOTE: If you add stuff be sure to update PERMISSION_ALL_BITS.
// Meta permission for initializing plugins registered on the command line // Meta permission for initializing plugins registered on the command line
// that get all permissions. // that get all permissions.
PERMISSION_ALL_BITS = PERMISSION_DEV | PERMISSION_PRIVATE | PERMISSION_ALL_BITS = PERMISSION_DEV | PERMISSION_PRIVATE |
PERMISSION_BYPASS_USER_GESTURE | PERMISSION_BYPASS_USER_GESTURE | PERMISSION_TESTING |
PERMISSION_TESTING | PERMISSION_FLASH | PERMISSION_DEV_CHANNEL |
PERMISSION_FLASH | PERMISSION_PDF
PERMISSION_DEV_CHANNEL
}; };
class PPAPI_SHARED_EXPORT PpapiPermissions { class PPAPI_SHARED_EXPORT PpapiPermissions {

8
ppapi/thunk/interfaces_ppb_private.h

@@ -5,6 +5,8 @@
// Please see inteface_ppb_public_stable for the documentation on the format of // Please see inteface_ppb_public_stable for the documentation on the format of
// this file. // this file.
// no-include-guard-because-multiply-included
#include "ppapi/thunk/interfaces_preamble.h" #include "ppapi/thunk/interfaces_preamble.h"
// See interfaces_ppb_private_no_permissions.h for other private interfaces. // See interfaces_ppb_private_no_permissions.h for other private interfaces.
@@ -33,20 +35,14 @@ PROXIED_IFACE(PPB_FILECHOOSER_TRUSTED_INTERFACE_0_6,
PPB_FileChooserTrusted_0_6) PPB_FileChooserTrusted_0_6)
PROXIED_IFACE(PPB_FILEREFPRIVATE_INTERFACE_0_1, PROXIED_IFACE(PPB_FILEREFPRIVATE_INTERFACE_0_1,
PPB_FileRefPrivate_0_1) PPB_FileRefPrivate_0_1)
PROXIED_IFACE(PPB_FIND_PRIVATE_INTERFACE_0_3,
PPB_Find_Private_0_3)
PROXIED_IFACE(PPB_FLASHFULLSCREEN_INTERFACE_0_1, PROXIED_IFACE(PPB_FLASHFULLSCREEN_INTERFACE_0_1,
PPB_FlashFullscreen_0_1) PPB_FlashFullscreen_0_1)
PROXIED_IFACE(PPB_FLASHFULLSCREEN_INTERFACE_1_0, PROXIED_IFACE(PPB_FLASHFULLSCREEN_INTERFACE_1_0,
PPB_FlashFullscreen_0_1) PPB_FlashFullscreen_0_1)
PROXIED_IFACE(PPB_OUTPUTPROTECTION_PRIVATE_INTERFACE_0_1, PROXIED_IFACE(PPB_OUTPUTPROTECTION_PRIVATE_INTERFACE_0_1,
PPB_OutputProtection_Private_0_1) PPB_OutputProtection_Private_0_1)
PROXIED_IFACE(PPB_PDF_INTERFACE,
PPB_PDF)
PROXIED_IFACE(PPB_PLATFORMVERIFICATION_PRIVATE_INTERFACE_0_3, PROXIED_IFACE(PPB_PLATFORMVERIFICATION_PRIVATE_INTERFACE_0_3,
PPB_PlatformVerification_Private_0_3) PPB_PlatformVerification_Private_0_3)
PROXIED_IFACE(PPB_URLLOADERTRUSTED_INTERFACE_0_3,
PPB_URLLoaderTrusted_0_3)
#endif // !defined(OS_NACL) #endif // !defined(OS_NACL)
#include "ppapi/thunk/interfaces_postamble.h" #include "ppapi/thunk/interfaces_postamble.h"

4
ppapi/thunk/interfaces_ppb_private_no_permissions.h

@@ -56,4 +56,8 @@ PROXIED_IFACE(PPB_VIDEOSOURCE_PRIVATE_INTERFACE_0_1,
PROXIED_IFACE(PPB_UMA_PRIVATE_INTERFACE_0_3, PROXIED_IFACE(PPB_UMA_PRIVATE_INTERFACE_0_3,
PPB_UMA_Private_0_3) PPB_UMA_Private_0_3)
// This has permission checks done in pepper_url_loader_host.cc
PROXIED_IFACE(PPB_URLLOADERTRUSTED_INTERFACE_0_3,
PPB_URLLoaderTrusted_0_3)
#include "ppapi/thunk/interfaces_postamble.h" #include "ppapi/thunk/interfaces_postamble.h"

19
ppapi/thunk/interfaces_ppb_private_pdf.h Normal file

@@ -0,0 +1,19 @@
// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Please see inteface_ppb_public_stable for the documentation on the format of
// this file.
// no-include-guard-because-multiply-included
#include "ppapi/thunk/interfaces_preamble.h"
// See interfaces_ppb_private_no_permissions.h for other private interfaces.
#if !defined(OS_NACL)
PROXIED_IFACE(PPB_PDF_INTERFACE, PPB_PDF)
PROXIED_IFACE(PPB_FIND_PRIVATE_INTERFACE_0_3, PPB_Find_Private_0_3)
#endif // !defined(OS_NACL)
#include "ppapi/thunk/interfaces_postamble.h"

5
ppapi/thunk/thunk.h

@@ -19,11 +19,12 @@
} } } }
#include "ppapi/thunk/interfaces_ppb_private.h" #include "ppapi/thunk/interfaces_ppb_private.h"
#include "ppapi/thunk/interfaces_ppb_private_no_permissions.h"
#include "ppapi/thunk/interfaces_ppb_private_flash.h" #include "ppapi/thunk/interfaces_ppb_private_flash.h"
#include "ppapi/thunk/interfaces_ppb_public_stable.h" #include "ppapi/thunk/interfaces_ppb_private_no_permissions.h"
#include "ppapi/thunk/interfaces_ppb_private_pdf.h"
#include "ppapi/thunk/interfaces_ppb_public_dev.h" #include "ppapi/thunk/interfaces_ppb_public_dev.h"
#include "ppapi/thunk/interfaces_ppb_public_dev_channel.h" #include "ppapi/thunk/interfaces_ppb_public_dev_channel.h"
#include "ppapi/thunk/interfaces_ppb_public_stable.h"
#undef PROXIED_IFACE #undef PROXIED_IFACE