[Chromoting] Add command line options for host permissions

Add 2 command line options, one each to query the current state of the Accessibility and Screen Recording permissions. MacOS-only. Change-Id: Ic5a6323f71509327b4af00c56db15e8beb2bba8b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1874504Reviewed-by: Jamie Walch <jamiewalch@chromium.org> Commit-Queue: Gary Kacmarcik <garykac@chromium.org> Auto-Submit: Gary Kacmarcik <garykac@chromium.org> Cr-Commit-Position: refs/heads/master@{#711938}

[Chromoting] Add command line options for host permissions
Add 2 command line options, one each to query the current state of the Accessibility and Screen Recording permissions. MacOS-only. Change-Id: Ic5a6323f71509327b4af00c56db15e8beb2bba8b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1874504Reviewed-by: Jamie Walch <jamiewalch@chromium.org> Commit-Queue: Gary Kacmarcik <garykac@chromium.org> Auto-Submit: Gary Kacmarcik <garykac@chromium.org> Cr-Commit-Position: refs/heads/master@{#711938}
18348e5b · Gary Kacmarcik · Commit Bot · 51715874 · 18348e5b · 18348e5b
Commit 18348e5b authored Nov 02, 2019 by Gary Kacmarcik Committed by Commit Bot Nov 02, 2019
3 changed files
--- a/remoting/host/mac/permission_utils.h
+++ b/remoting/host/mac/permission_utils.h
@@ -14,6 +14,14 @@ class SingleThreadTaskRunner;
 namespace remoting {
 namespace mac {

+// Return true if the current process has been granted permission to inject
+// input.
+bool CanInjectInput();
+
+// Return true if the current process has been granted permission to record
+// the screen.
+bool CanRecordScreen();
+
 // Prompts the user to add the current application to the set of trusted
 // Accessibility and Screen Recording applications.  The Accessibility
 // permission is required for input injection (10.14 and later) and Screen

--- a/remoting/host/mac/permission_utils.mm
+++ b/remoting/host/mac/permission_utils.mm
@@ -111,6 +111,12 @@ void ShowScreenRecordingPermissionDialog() {
 namespace remoting {
 namespace mac {

+bool CanInjectInput() {
+  if (!base::mac::IsAtLeastOS10_14())
+    return true;
+  return AXIsProcessTrusted();
+}
+
 // Heuristic to check screen capture permission. See http://crbug.com/993692
 // Copied from
 // chrome/browser/media/webrtc/system_media_capture_permissions_mac.mm
@@ -142,10 +148,7 @@ bool CanRecordScreen() {
 // affected version and the permission has not already been approved.
 void PromptUserForAccessibilityPermissionIfNeeded(
    scoped_refptr<base::SingleThreadTaskRunner> task_runner) {
-  if (!base::mac::IsAtLeastOS10_14())
-    return;
-
-  if (AXIsProcessTrusted())
+  if (CanInjectInput())
    return;

  LOG(WARNING) << "AXIsProcessTrusted returned false, requesting "
@@ -161,9 +164,6 @@ void PromptUserForAccessibilityPermissionIfNeeded(
 // been approved.
 void PromptUserForScreenRecordingPermissionIfNeeded(
    scoped_refptr<base::SingleThreadTaskRunner> task_runner) {
-  if (!base::mac::IsAtLeastOS10_15())
-    return;
-
  if (CanRecordScreen())
    return;


--- a/remoting/host/remoting_me2me_host.cc
+++ b/remoting/host/remoting_me2me_host.cc
@@ -189,6 +189,18 @@ const char kWindowIdSwitchName[] = "window-id";
 // Command line switch used to send a custom offline reason and exit.
 const char kReportOfflineReasonSwitchName[] = "report-offline-reason";

+#if defined(OS_MACOSX)
+
+// Command line switch to check for Accessibility permission.
+const char kCheckAccessibilityPermissionsSwitchName[] =
+    "check-accessibility-permission";
+
+// Command line switch to check for Screen Recording permission.
+const char kCheckScreenRecordingPermissionsSwitchName[] =
+    "check-screen-recording-permission";
+
+#endif  // defined(OS_MACOSX)
+
 // Maximum time to wait for clean shutdown to occur, before forcing termination
 // of the process.
 const int kShutdownTimeoutSeconds = 15;
@@ -455,7 +467,15 @@ class HostProcess : public ConfigWatcher::Delegate,
  ShutdownWatchdog* shutdown_watchdog_;

 #if defined(OS_MACOSX)
+  // A basic decktop capturer that captures a single screen in order to trigger
+  // the native OS permission check.
  std::unique_ptr<DesktopCapturerChecker> capture_checker_;
+
+  // When using the command line option to check the Accessibility or Screen
+  // Recording permission, these track the permission state and indicate that
+  // the host should exit immediately with the result.
+  bool checking_permission_state_ = false;
+  bool permission_granted_ = false;
 #endif  // defined(OS_MACOSX)

  DISALLOW_COPY_AND_ASSIGN(HostProcess);
@@ -474,8 +494,13 @@ HostProcess::HostProcess(std::unique_ptr<ChromotingHostContext> context,
  //     ->set_use_update_notifications(true);
  // And remove the same line from me2me_desktop_environment.cc.

-
  StartOnUiThread();
+
+#if defined(OS_MACOSX)
+  if (checking_permission_state_) {
+    *exit_code_out = (permission_granted_ ? EXIT_SUCCESS : EXIT_FAILURE);
+  }
+#endif
 }

 HostProcess::~HostProcess() {
@@ -494,6 +519,22 @@ HostProcess::~HostProcess() {
 }

 bool HostProcess::InitWithCommandLine(const base::CommandLine* cmd_line) {
+#if defined(OS_MACOSX)
+  // Ensure we are not running as root (i.e. at the login screen).
+  DCHECK_NE(getuid(), 0U);
+
+  if (cmd_line->HasSwitch(kCheckAccessibilityPermissionsSwitchName)) {
+    checking_permission_state_ = true;
+    permission_granted_ = mac::CanInjectInput();
+    return false;
+  }
+  if (cmd_line->HasSwitch(kCheckScreenRecordingPermissionsSwitchName)) {
+    checking_permission_state_ = true;
+    permission_granted_ = mac::CanRecordScreen();
+    return false;
+  }
+#endif  // defined(OS_MACOSX)
+
 #if defined(REMOTING_MULTI_PROCESS)
  // Mojo keeps the task runner passed to it alive forever, so an
  // AutoThreadTaskRunner should not be passed to it. Otherwise, the process may