Add explicit capability class enforcement.

Extracted from https://codereview.chromium.org/1910043002/ to help reduce an issue.

TBR=sky@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1918333002

Cr-Commit-Position: refs/heads/master@{#389842}

services/shell/shell.cc

@@ -38,6 +38,7 @@ const char kCapabilityClass_UserID[] = "shell:user_id";
 const char kCapabilityClass_ClientProcess[] = "shell:client_process";
 const char kCapabilityClass_InstanceName[] = "shell:instance_name";
 const char kCapabilityClass_AllUsers[] = "shell:all_users";
+const char kCapabilityClass_ExplicitClass[] = "shell:explicit_class";
 
 void EmptyResolverCallback(mojom::ResolveResultPtr result) {}
 
@@ -158,6 +159,14 @@ class Shell::Instance : public mojom::Connector,
           source->capability_spec_, identity_, capability_spec_);
       source_id = source->id();
     }
+
+    // The target has specified that sources must request one of its provided
+    // classes instead of specifying a wild-card for interfaces.
+    if (HasClass(capability_spec_, kCapabilityClass_ExplicitClass) &&
+        (request.interfaces.count("*") != 0)) {
+      request.interfaces = Interfaces();
+    }
+
     shell_client_->AcceptConnection(
         mojom::Identity::From(params->source()), source_id,
         params->TakeRemoteInterfaces(), params->TakeLocalInterfaces(),

services/shell/tests/connect/connect_test_app_a_manifest.json

@@ -2,5 +2,9 @@
   "manifest_version": 1,
   "name": "mojo:connect_test_a",
   "display_name": "Connect Test A",
-  "capabilities": { }
+  "capabilities": {
+    "required": {
+      "mojo:connect_test_class_app": { "classes":  [ "class" ] }
+    }
+  }
 }

services/shell/tests/connect/connect_test_class_app.cc

@@ -37,7 +37,6 @@ class ConnectTestClassApp
     identity_ = identity;
   }
   bool AcceptConnection(Connection* connection) override {
-    CHECK(connection->HasCapabilityClass("class"));
     connection->AddInterface<test::mojom::ConnectTestService>(this);
     connection->AddInterface<test::mojom::ClassInterface>(this);
     inbound_connections_.insert(connection);

services/shell/tests/connect/connect_test_class_app_manifest.json

@@ -4,7 +4,10 @@
   "display_name": "Connect Test Class App",
   "capabilities": {
     "provided": {
-      "class": ["shell::test::mojom::ClassInterface"]
+      "class": [ "shell::test::mojom::ClassInterface" ]
+    },
+    "required": {
+      "mojo:shell": { "classes":  [ "shell:explicit_class" ] }
     }
   }
 }

services/shell/tests/connect/connect_unittest.cc

@@ -307,6 +307,19 @@ TEST_F(ConnectTest, CapabilityClasses) {
   EXPECT_EQ("CLASS APP", string2);
 }
 
+TEST_F(ConnectTest, ConnectWithoutExplicitClassBlocked) {
+  // We not be able to bind a ClassInterfacePtr since the connect_unittest app
+  // does not explicitly request the "class" capability from
+  // connect_test_class_app. This test will hang if it is bound.
+  std::unique_ptr<Connection> connection =
+      connector()->Connect(kTestClassAppName);
+  test::mojom::ClassInterfacePtr class_interface;
+  connection->GetInterface(&class_interface);
+  base::RunLoop loop;
+  class_interface.set_connection_error_handler(base::Bind(&QuitLoop, &loop));
+  loop.Run();
+}
+
 TEST_F(ConnectTest, ConnectAsDifferentUser_Allowed) {
   std::unique_ptr<Connection> connection = connector()->Connect(kTestAppName);
   test::mojom::UserIdTestPtr user_id_test;

services/shell/tests/connect/connect_unittests_manifest.json

@@ -5,6 +5,9 @@
   "capabilities": {
     "required": {
       "mojo:connect_test_package": { "interfaces": [ "*" ] },
+      "mojo:connect_test_class_app": {
+        "interfaces":  [ "*" ]
+      },
       "mojo:connect_test_app": {
         "interfaces": [
           "shell::test::mojom::ConnectTestService",