Introduce new ppapi::PERMISSION_SOCKET.

Make pp:{TCP,UDP}Socket APIs require the new permission.
Grant it to all existing clients that need it for compatibility,
but do not grant it to the PDF plugin, which does not need this.

- Kill an else-after-return.
- Use make_unique<> in one place.
- Suppress include guard lint noise.
- Check CanCreateSocket() for TCP sockets, too.
- Prevent clang-format from moving indented includes to margin.

Bug: 948172
Change-Id: I9dbb9e06ec1f5e713250dfcc9414830a5aa8fc38
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1548593
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Mark Seaborn <mseaborn@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Chris Palmer <palmer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#647891}

chrome/common/ppapi_utils.cc

@@ -114,6 +114,7 @@ bool IsSupportedPepperInterface(const char* name) {
 #include "ppapi/thunk/interfaces_ppb_private_pdf.h"
 #include "ppapi/thunk/interfaces_ppb_public_dev.h"
 #include "ppapi/thunk/interfaces_ppb_public_dev_channel.h"
+#include "ppapi/thunk/interfaces_ppb_public_socket.h"
 #include "ppapi/thunk/interfaces_ppb_public_stable.h"
 
 #undef PROXIED_IFACE

content/browser/renderer_host/pepper/content_browser_pepper_host_factory.cc

@@ -110,25 +110,29 @@ ContentBrowserPepperHostFactory::CreateResourceHost(
       return std::unique_ptr<ppapi::host::ResourceHost>(new PepperFileRefHost(
           host_, instance, resource, file_system, internal_path));
     }
-    case PpapiHostMsg_TCPSocket_Create::ID: {
-      ppapi::TCPSocketVersion version;
-      if (!ppapi::UnpackMessage<PpapiHostMsg_TCPSocket_Create>(message,
-                                                               &version) ||
-          version == ppapi::TCP_SOCKET_VERSION_PRIVATE) {
-        return std::unique_ptr<ppapi::host::ResourceHost>();
-      }
+  }
 
-      return CreateNewTCPSocket(instance, resource, version);
-    }
-    case PpapiHostMsg_UDPSocket_Create::ID: {
-      if (CanCreateSocket()) {
+  // Socket interfaces.
+  if (GetPermissions().HasPermission(ppapi::PERMISSION_SOCKET)) {
+    switch (message.type()) {
+      case PpapiHostMsg_TCPSocket_Create::ID: {
+        ppapi::TCPSocketVersion version;
+        if (!ppapi::UnpackMessage<PpapiHostMsg_TCPSocket_Create>(message,
+                                                                 &version) ||
+            version == ppapi::TCP_SOCKET_VERSION_PRIVATE) {
+          return nullptr;
+        }
+        if (!CanCreateSocket())
+          return nullptr;
+        return CreateNewTCPSocket(instance, resource, version);
+      }
+      case PpapiHostMsg_UDPSocket_Create::ID: {
+        if (!CanCreateSocket())
+          return nullptr;
         scoped_refptr<ppapi::host::ResourceMessageFilter> udp_socket(
             new PepperUDPSocketMessageFilter(host_, instance, false));
-        return std::unique_ptr<ppapi::host::ResourceHost>(
-            new ppapi::host::MessageFilterHost(host_->GetPpapiHost(), instance,
-                                               resource, udp_socket));
-      } else {
-        return std::unique_ptr<ppapi::host::ResourceHost>();
+        return std::make_unique<ppapi::host::MessageFilterHost>(
+            host_->GetPpapiHost(), instance, resource, udp_socket);
       }
     }
   }

content/renderer/pepper/plugin_module.cc

@@ -402,6 +402,7 @@ const void* InternalGetInterface(const char* name) {
 #include "ppapi/thunk/interfaces_ppb_private_pdf.h"
 #include "ppapi/thunk/interfaces_ppb_public_dev.h"
 #include "ppapi/thunk/interfaces_ppb_public_dev_channel.h"
+#include "ppapi/thunk/interfaces_ppb_public_socket.h"
 #include "ppapi/thunk/interfaces_ppb_public_stable.h"
 
 #undef PROXIED_IFACE

ppapi/PRESUBMIT.py

@@ -167,7 +167,8 @@ def CheckHistogramXml(input_api, output_api):
                      'ppapi/thunk/interfaces_ppb_private_no_permissions.h',
                      'ppapi/thunk/interfaces_ppb_public_dev_channel.h',
                      'ppapi/thunk/interfaces_ppb_public_dev.h',
-                     'ppapi/thunk/interfaces_ppb_public_stable.h')
+                     'ppapi/thunk/interfaces_ppb_public_stable.h',
+                     'ppapi/thunk/interfaces_ppb_public_socket.h')
   HISTOGRAM_XML_FILE = 'tools/metrics/histograms/enums.xml'
   interface_changes = []
   has_histogram_xml_change = False

ppapi/proxy/interface_list.cc

@@ -180,6 +180,7 @@ InterfaceList::InterfaceList() {
              INTERFACE_THUNK_NAME(iface_struct)(), \
              current_required_permission);
 
+  // clang-format off
   {
     Permission current_required_permission = PERMISSION_NONE;
     #include "ppapi/thunk/interfaces_ppb_private_no_permissions.h"
@@ -207,9 +208,14 @@ InterfaceList::InterfaceList() {
     Permission current_required_permission = PERMISSION_DEV_CHANNEL;
     #include "ppapi/thunk/interfaces_ppb_public_dev_channel.h"
   }
+  {
+    Permission current_required_permission = PERMISSION_SOCKET;
+    #include "ppapi/thunk/interfaces_ppb_public_socket.h"
+  }
+  // clang-format on
 
-  #undef PROXIED_API
-  #undef PROXIED_IFACE
+#undef PROXIED_API
+#undef PROXIED_IFACE
 
   // Manually add some special proxies. Some of these don't have interfaces
   // that they support, so aren't covered by the macros above, but have proxies

ppapi/shared_impl/ppapi_permissions.h

@@ -40,19 +40,22 @@ enum Permission {
   // PDF-related interfaces.
   PERMISSION_PDF = 1 << 6,
 
+  // Socket APIs. Formerly part of public APIs.
+  PERMISSION_SOCKET = 1 << 7,
+
   // NOTE: If you add stuff be sure to update PERMISSION_ALL_BITS.
 
   // Meta permission for for initializing plugins with permissions that have
-  // historically been part of public APIs but will be covered by finer-grained
-  // permissions in the future.
-  PERMISSION_DEFAULT = PERMISSION_NONE,
+  // historically been part of public APIs but are now covered by finer-grained
+  // permissions.
+  PERMISSION_DEFAULT = PERMISSION_SOCKET,
 
   // Meta permission for initializing plugins registered on the command line
   // that get all permissions.
   PERMISSION_ALL_BITS = PERMISSION_DEV | PERMISSION_PRIVATE |
                         PERMISSION_BYPASS_USER_GESTURE | PERMISSION_TESTING |
                         PERMISSION_FLASH | PERMISSION_DEV_CHANNEL |
-                        PERMISSION_PDF
+                        PERMISSION_PDF | PERMISSION_SOCKET,
 };
 
 class PPAPI_SHARED_EXPORT PpapiPermissions {

ppapi/thunk/BUILD.gn

@@ -19,6 +19,7 @@ source_set("thunk") {
     "interfaces_ppb_private_no_permissions.h",
     "interfaces_ppb_public_dev.h",
     "interfaces_ppb_public_dev_channel.h",
+    "interfaces_ppb_public_socket.h",
     "interfaces_ppb_public_stable.h",
     "interfaces_preamble.h",
     "ppapi_thunk_export.h",

ppapi/thunk/interfaces_ppb_public_socket.h

@@ -0,0 +1,18 @@
+// Copyright (c) 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// no-include-guard-because-multiply-included
+// NOLINT(build/header_guard)
+
+#include "ppapi/thunk/interfaces_preamble.h"
+
+// See interfaces_ppp_public_stable.h for documentation on these macros.
+PROXIED_IFACE(PPB_TCPSOCKET_INTERFACE_1_0, PPB_TCPSocket_1_0)
+PROXIED_IFACE(PPB_TCPSOCKET_INTERFACE_1_1, PPB_TCPSocket_1_1)
+PROXIED_IFACE(PPB_TCPSOCKET_INTERFACE_1_2, PPB_TCPSocket_1_2)
+PROXIED_IFACE(PPB_UDPSOCKET_INTERFACE_1_0, PPB_UDPSocket_1_0)
+PROXIED_IFACE(PPB_UDPSOCKET_INTERFACE_1_1, PPB_UDPSocket_1_1)
+PROXIED_IFACE(PPB_UDPSOCKET_INTERFACE_1_2, PPB_UDPSocket_1_2)
+
+#include "ppapi/thunk/interfaces_postamble.h"

ppapi/thunk/interfaces_ppb_public_stable.h

@@ -2,6 +2,9 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+// no-include-guard-because-multiply-included
+// NOLINT(build/header_guard)
+
 #include "ppapi/thunk/interfaces_preamble.h"
 
 // This file contains lists of interfaces. It's intended to be included by
@@ -86,14 +89,8 @@ PROXIED_IFACE(PPB_NETADDRESS_INTERFACE_1_0, PPB_NetAddress_1_0)
 PROXIED_IFACE(PPB_NETWORKLIST_INTERFACE_1_0, PPB_NetworkList_1_0)
 PROXIED_IFACE(PPB_NETWORKMONITOR_INTERFACE_1_0, PPB_NetworkMonitor_1_0)
 PROXIED_IFACE(PPB_NETWORKPROXY_INTERFACE_1_0, PPB_NetworkProxy_1_0)
-PROXIED_IFACE(PPB_TCPSOCKET_INTERFACE_1_0, PPB_TCPSocket_1_0)
-PROXIED_IFACE(PPB_TCPSOCKET_INTERFACE_1_1, PPB_TCPSocket_1_1)
-PROXIED_IFACE(PPB_TCPSOCKET_INTERFACE_1_2, PPB_TCPSocket_1_2)
 PROXIED_IFACE(PPB_TEXTINPUTCONTROLLER_INTERFACE_1_0,
               PPB_TextInputController_1_0)
-PROXIED_IFACE(PPB_UDPSOCKET_INTERFACE_1_0, PPB_UDPSocket_1_0)
-PROXIED_IFACE(PPB_UDPSOCKET_INTERFACE_1_1, PPB_UDPSocket_1_1)
-PROXIED_IFACE(PPB_UDPSOCKET_INTERFACE_1_2, PPB_UDPSocket_1_2)
 PROXIED_IFACE(PPB_URLLOADER_INTERFACE_1_0, PPB_URLLoader_1_0)
 PROXIED_IFACE(PPB_URLREQUESTINFO_INTERFACE_1_0, PPB_URLRequestInfo_1_0)
 PROXIED_IFACE(PPB_URLRESPONSEINFO_INTERFACE_1_0, PPB_URLResponseInfo_1_0)

ppapi/thunk/thunk.h

@@ -24,8 +24,8 @@
 #include "ppapi/thunk/interfaces_ppb_private_pdf.h"
 #include "ppapi/thunk/interfaces_ppb_public_dev.h"
 #include "ppapi/thunk/interfaces_ppb_public_dev_channel.h"
+#include "ppapi/thunk/interfaces_ppb_public_socket.h"
 #include "ppapi/thunk/interfaces_ppb_public_stable.h"
-
 #undef PROXIED_IFACE
 
 namespace ppapi {