Pass CapabilityFilter via CreateInstanceForHandle

http://crbug.com/555392 Review URL: https://codereview.chromium.org/1465793005 Cr-Commit-Position: refs/heads/master@{#361255}

Pass CapabilityFilter via CreateInstanceForHandle
http://crbug.com/555392 Review URL: https://codereview.chromium.org/1465793005 Cr-Commit-Position: refs/heads/master@{#361255}
6fbb4139 · ben · Commit bot · 53588a7c · 6fbb4139 · 6fbb4139
Commit 6fbb4139 authored Nov 23, 2015 by ben Committed by Commit bot Nov 24, 2015
12 changed files
--- a/content/browser/mojo/mojo_shell_client_host.cc
+++ b/content/browser/mojo/mojo_shell_client_host.cc
@@ -4,14 +4,15 @@

 #include "base/strings/stringprintf.h"
 #include "base/thread_task_runner_handle.h"
+#include "components/mus/public/interfaces/gpu.mojom.h"
 #include "content/browser/mojo/mojo_shell_client_host.h"
 #include "content/common/mojo/mojo_messages.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/common/mojo_shell_connection.h"
 #include "ipc/ipc_sender.h"
 #include "mojo/application/public/cpp/application_impl.h"
+#include "mojo/application/public/interfaces/application_manager.mojom.h"
 #include "mojo/converters/network/network_type_converters.h"
-#include "mojo/shell/application_manager.mojom.h"
 #include "third_party/mojo/src/mojo/edk/embedder/embedder.h"
 #include "third_party/mojo/src/mojo/edk/embedder/platform_channel_pair.h"
 #include "third_party/mojo/src/mojo/edk/embedder/scoped_platform_handle.h"
@@ -82,8 +83,15 @@ void RegisterChildWithExternalShell(int child_process_id,
  //             http://crbug.com/555393
  std::string url =
      base::StringPrintf("exe:chrome_renderer%d", child_process_id);
+
+  mojo::CapabilityFilterPtr filter(mojo::CapabilityFilter::New());
+  mojo::Array<mojo::String> window_manager_interfaces;
+  window_manager_interfaces.push_back(mus::mojom::Gpu::Name_);
+  filter->filter.insert("mojo:mus", window_manager_interfaces.Pass());
  application_manager->CreateInstanceForHandle(
-      mojo::ScopedHandle(mojo::Handle(handle.release().value())), url);
+      mojo::ScopedHandle(mojo::Handle(handle.release().value())),
+      url,
+      filter.Pass());

  // Send the other end to the child via Chrome IPC.
  base::PlatformFile client_file = PlatformFileFromScopedPlatformHandle(

--- a/mojo/application/public/interfaces/BUILD.gn
+++ b/mojo/application/public/interfaces/BUILD.gn
@@ -8,6 +8,7 @@ import("//mojo/public/tools/bindings/mojom.gni")
 mojom("interfaces") {
  sources = [
    "application.mojom",
+    "application_manager.mojom",
    "content_handler.mojom",
    "service_provider.mojom",
    "shell.mojom",

--- a/mojo/shell/application_manager.mojom
+++ b/mojo/shell/application_manager.mojom
@@ -4,17 +4,15 @@

 module mojo.shell.mojom;

+import "mojo/application/public/interfaces/shell.mojom";
+
 interface ApplicationManager {
  // Instructs the ApplicationManager to create an instance for an existing
  // process at the other end of |channel|, and perform applicable
  // initialization. This assumes the target process will bind the other end of
  // channel to an implementation of ChildController and bind an Application
  // request there.
-  // TODO(beng): we should probably have an Identity mojom struct.
-  // TODO(beng): for this to be used in production, it's going to have to take
-  //             a fully qualified Identity complete with CapabilityFilter,
-  //             otherwise child processes registered with the shell will be
-  //             able to request any application/service.
-  //             http://crbug.com/555392
-  CreateInstanceForHandle(handle channel, string url);
+  CreateInstanceForHandle(handle channel,
+                          string url,
+                          mojo.CapabilityFilter filter);
 };
--- a/mojo/mojo_base.gyp
+++ b/mojo/mojo_base.gyp
@@ -205,6 +205,7 @@
      'variables': {
        'mojom_files': [
          'application/public/interfaces/application.mojom',
+          'application/public/interfaces/application_manager.mojom',
          'application/public/interfaces/content_handler.mojom',
          'application/public/interfaces/service_provider.mojom',
          'application/public/interfaces/shell.mojom',

--- a/mojo/mojo_shell.gyp
+++ b/mojo/mojo_shell.gyp
@@ -47,7 +47,6 @@
      '<(DEPTH)/mojo/mojo_base.gyp:mojo_common_lib',
      '<(DEPTH)/mojo/mojo_base.gyp:mojo_environment_chromium',
      '<(DEPTH)/mojo/mojo_base.gyp:mojo_url_type_converters',
-      '<(DEPTH)/mojo/mojo_shell.gyp:mojo_shell_interfaces',
      '<(DEPTH)/url/url.gyp:url_lib',
    ],
  }, {
@@ -123,16 +122,5 @@
    'includes': [
      '../third_party/mojo/mojom_bindings_generator_explicit.gypi',
    ],
-  }, {
-    'target_name': 'mojo_shell_interfaces',
-    'type': 'none',
-    'variables': {
-      'mojom_files': [
-        'shell/application_manager.mojom',
-      ],
-    },
-    'includes': [
-      '../third_party/mojo/mojom_bindings_generator_explicit.gypi',
-    ],
  }],
 }
--- a/mojo/shell/BUILD.gn
+++ b/mojo/shell/BUILD.gn
@@ -50,7 +50,6 @@ source_set("shell") {
    "//url",
  ]
  deps = [
-    ":interfaces",
    "//base/third_party/dynamic_annotations",
    "//crypto:crypto",
    "//mojo/application/public/cpp:sources",
@@ -115,12 +114,6 @@ mojom("test_bindings") {
  ]
 }

-mojom("interfaces") {
-  sources = [
-    "application_manager.mojom",
-  ]
-}
-
 mojo_native_application("apptests") {
  output_name = "mojo_shell_apptests"
  testonly = true
@@ -157,11 +150,11 @@ executable("application_manager_apptest_driver") {
    "//base",
    "//base:base_static",
    "//mojo/application/public/cpp",
+    "//mojo/application/public/interfaces",
    "//mojo/common:common_base",
    "//mojo/converters/network",
    "//mojo/runner:init",
    "//mojo/runner/child:test_native_main",
-    "//mojo/shell:interfaces",
    "//third_party/mojo/src/mojo/edk/system",
  ]
 }

--- a/mojo/shell/application_manager.cc
+++ b/mojo/shell/application_manager.cc
@@ -117,14 +117,16 @@ ApplicationInstance* ApplicationManager::GetApplicationInstance(
 }

 void ApplicationManager::CreateInstanceForHandle(ScopedHandle channel,
-                                                 const GURL& url) {
+                                                 const GURL& url,
+                                                 CapabilityFilterPtr filter) {
  // Instances created by others are considered unique, and thus have no
  // identity. As such they cannot be connected to by anyone else, and so we
  // never call ConnectToClient().
  // TODO(beng): GetPermissiveCapabilityFilter() here obviously cannot make it
  //             to production. See note in application_manager.mojom.
  //             http://crbug.com/555392
-  Identity target_id(url, std::string(), GetPermissiveCapabilityFilter());
+  CapabilityFilter local_filter = filter->filter.To<CapabilityFilter>();
+  Identity target_id(url, std::string(), local_filter);
  InterfaceRequest<Application> application_request =
      CreateInstance(target_id, base::Closure(), nullptr);
  NativeRunner* runner =

--- a/mojo/shell/application_manager.h
+++ b/mojo/shell/application_manager.h
@@ -92,7 +92,9 @@ class ApplicationManager {

  ApplicationInstance* GetApplicationInstance(const Identity& identity) const;

-  void CreateInstanceForHandle(ScopedHandle channel, const GURL& url);
+  void CreateInstanceForHandle(ScopedHandle channel,
+                               const GURL& url,
+                               CapabilityFilterPtr filter);

 private:
  using IdentityToInstanceMap = std::map<Identity, ApplicationInstance*>;

--- a/mojo/shell/application_manager_apptest_driver.cc
+++ b/mojo/shell/application_manager_apptest_driver.cc
@@ -17,11 +17,11 @@
 #include "mojo/application/public/cpp/application_delegate.h"
 #include "mojo/application/public/cpp/application_impl.h"
 #include "mojo/application/public/cpp/interface_factory.h"
+#include "mojo/application/public/interfaces/application_manager.mojom.h"
 #include "mojo/common/weak_binding_set.h"
 #include "mojo/converters/network/network_type_converters.h"
 #include "mojo/runner/child/test_native_main.h"
 #include "mojo/runner/init.h"
-#include "mojo/shell/application_manager.mojom.h"
 #include "mojo/shell/application_manager_apptests.mojom.h"
 #include "third_party/mojo/src/mojo/edk/embedder/embedder.h"
 #include "third_party/mojo/src/mojo/edk/embedder/platform_channel_pair.h"
@@ -79,9 +79,15 @@ class TargetApplicationDelegate : public mojo::ApplicationDelegate,
                   weak_factory_.GetWeakPtr()),
        base::ThreadTaskRunnerHandle::Get()));

+    mojo::CapabilityFilterPtr filter(mojo::CapabilityFilter::New());
+    mojo::Array<mojo::String> test_interfaces;
+    test_interfaces.push_back(
+        mojo::shell::test::mojom::CreateInstanceForHandleTest::Name_);
+    filter->filter.insert("mojo:mojo_shell_apptests", test_interfaces.Pass());
    application_manager->CreateInstanceForHandle(
        mojo::ScopedHandle(mojo::Handle(handle.release().value())),
-        "exe:application_manager_apptest_target");
+        "exe:application_manager_apptest_target",
+        filter.Pass());
    // Put the other end on the command line used to launch the target.
    platform_channel_pair.PrepareToPassClientHandleToChildProcess(
        &child_command_line, &handle_passing_info);

--- a/mojo/shell/application_manager_apptest_target.cc
+++ b/mojo/shell/application_manager_apptest_target.cc
@@ -7,7 +7,6 @@
 #include "mojo/application/public/cpp/application_connection.h"
 #include "mojo/application/public/cpp/application_delegate.h"
 #include "mojo/application/public/cpp/application_impl.h"
-#include "mojo/converters/network/network_type_converters.h"
 #include "mojo/runner/child/test_native_main.h"
 #include "mojo/runner/init.h"
 #include "mojo/shell/application_manager_apptests.mojom.h"
@@ -25,9 +24,7 @@ class TargetApplicationDelegate : public mojo::ApplicationDelegate {
  // mojo::ApplicationDelegate:
  void Initialize(mojo::ApplicationImpl* app) override {
    CreateInstanceForHandleTestPtr service;
-    mojo::ApplicationImpl::ConnectParams params(
-        std::string("mojo:mojo_shell_apptests"));
-    app->ConnectToService(&params, &service);
+    app->ConnectToService("mojo:mojo_shell_apptests", &service);
    service->Ping("From Target");
  }
  bool ConfigureIncomingConnection(

--- a/mojo/shell/shell_application_delegate.cc
+++ b/mojo/shell/shell_application_delegate.cc
@@ -28,9 +28,11 @@ void ShellApplicationDelegate::Create(
  bindings_.AddBinding(this, request.Pass());
 }

-void ShellApplicationDelegate::CreateInstanceForHandle(ScopedHandle channel,
-                                                       const String& url) {
-  manager_->CreateInstanceForHandle(channel.Pass(), GURL(url));
+void ShellApplicationDelegate::CreateInstanceForHandle(
+    ScopedHandle channel,
+    const String& url,
+    CapabilityFilterPtr filter) {
+  manager_->CreateInstanceForHandle(channel.Pass(), GURL(url), filter.Pass());
 }

 }  // namespace shell

--- a/mojo/shell/shell_application_delegate.h
+++ b/mojo/shell/shell_application_delegate.h
@@ -9,8 +9,8 @@

 #include "base/macros.h"
 #include "mojo/application/public/cpp/interface_factory.h"
+#include "mojo/application/public/interfaces/application_manager.mojom.h"
 #include "mojo/common/weak_binding_set.h"
-#include "mojo/shell/application_manager.mojom.h"

 namespace mojo {
 namespace shell {
@@ -36,7 +36,8 @@ class ShellApplicationDelegate

  // Overridden from mojom::ApplicationManager:
  void CreateInstanceForHandle(ScopedHandle channel,
-                               const String& url) override;
+                               const String& url,
+                               CapabilityFilterPtr filter) override;

  mojo::shell::ApplicationManager* manager_;