Add flag to Java -> JavaScript to disable exposing inherited methods.

content/browser/renderer_host/java/java_bound_object.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/renderer_host/java/java_bound_object.h"
 
 #include "base/android/jni_android.h"
 #include "base/android/jni_string.h"
 #include "base/memory/singleton.h"
 #include "base/string_number_conversions.h"
@@ skipping 16 matching lines @@
 // http://jdk6.java.net/plugin2/liveconnect/#JS_JAVA_CONVERSIONS.
 
 // Note that in some cases, we differ from from the spec in order to maintain
 // existing behavior. These areas are marked LIVECONNECT_COMPLIANCE. We may
 // revisit this decision in the future.
 
 namespace {
 
 const char kJavaLangClass[] = "java/lang/Class";
 const char kJavaLangObject[] = "java/lang/Object";
+const char kJavaLangReflectMethod[] = "java/lang/reflect/Method";
 const char kGetClass[] = "getClass";
+const char kGetDeclaredMethods[] = "getDeclaredMethods";
 const char kGetMethods[] = "getMethods";
+const char kGetModifiers[] = "getModifiers";
+const char kReturningInteger[] = "()I";
 const char kReturningJavaLangClass[] = "()Ljava/lang/Class;";
 const char kReturningJavaLangReflectMethodArray[] =
     "()[Ljava/lang/reflect/Method;";
 
+// This constant represents the value at java.lang.reflect.Modifier.PUBLIC.
+const int kJavaPublicModifier = 1;
+
 // Our special NPObject type.  We extend an NPObject with a pointer to a
 // JavaBoundObject.  We also add static methods for each of the NPObject
 // callbacks, which are registered by our NPClass. These methods simply
 // delegate to the private implementation methods of JavaBoundObject.
 struct JavaNPObject : public NPObject {
   JavaBoundObject* bound_object;
 
   static const NPClass kNPClass;
 
   static NPObject* Allocate(NPP npp, NPClass* np_class);
@@ skipping 60 matching lines @@
   // that the property is undefined. Spec requires supporting this correctly.
   return false;
 }
 
 // Calls a Java method through JNI. If the Java method raises an uncaught
 // exception, it is cleared and this method returns false. Otherwise, this
 // method returns true and the Java method's return value is provided as an
 // NPVariant. Note that this method does not do any type coercion. The Java
 // return value is simply converted to the corresponding NPAPI type.
 bool CallJNIMethod(jobject object, const JavaType& return_type, jmethodID id,
-                   jvalue* parameters, NPVariant* result) {
+                   jvalue* parameters, NPVariant* result,
+                   bool allow_inherited_methods) {
   JNIEnv* env = AttachCurrentThread();
   switch (return_type.type) {
     case JavaType::TypeBoolean:
       BOOLEAN_TO_NPVARIANT(env->CallBooleanMethodA(object, id, parameters),
                            *result);
       break;
     case JavaType::TypeByte:
       INT32_TO_NPVARIANT(env->CallByteMethodA(object, id, parameters), *result);
       break;
     case JavaType::TypeChar:
@@ skipping 60 matching lines @@
       // first.
       jobject java_object = env->CallObjectMethodA(object, id, parameters);
       if (base::android::ClearException(env)) {
         return false;
       }
       ScopedJavaLocalRef<jobject> scoped_java_object(env, java_object);
       if (!scoped_java_object.obj()) {
         NULL_TO_NPVARIANT(*result);
         break;
       }
-      OBJECT_TO_NPVARIANT(JavaBoundObject::Create(scoped_java_object), *result);
+      OBJECT_TO_NPVARIANT(JavaBoundObject::Create(scoped_java_object,
+                                                  allow_inherited_methods),
+                          *result);
       break;
     }
   }
   return !base::android::ClearException(env);
 }
 
 jvalue CoerceJavaScriptNumberToJavaValue(const NPVariant& variant,
                                          const JavaType& target_type,
                                          bool coerce_to_string) {
   // See http://jdk6.java.net/plugin2/liveconnect/#JS_NUMBER_VALUES.
@@ skipping 495 matching lines @@
       return CoerceJavaScriptNullOrUndefinedToJavaValue(variant, target_type,
                                                         coerce_to_string);
   }
   NOTREACHED();
   return jvalue();
 }
 
 }  // namespace
 
 
-NPObject* JavaBoundObject::Create(const JavaRef<jobject>& object) {
+NPObject* JavaBoundObject::Create(const JavaRef<jobject>& object,
+                                  bool allow_inherited_methods) {
   // The first argument (a plugin's instance handle) is passed through to the
   // allocate function directly, and we don't use it, so it's ok to be 0.
   // The object is created with a ref count of one.
   NPObject* np_object = WebBindings::createObject(0, const_cast<NPClass*>(
       &JavaNPObject::kNPClass));
   // The NPObject takes ownership of the JavaBoundObject.
   reinterpret_cast<JavaNPObject*>(np_object)->bound_object =
-      new JavaBoundObject(object);
+      new JavaBoundObject(object, allow_inherited_methods);
   return np_object;
 }
 
-JavaBoundObject::JavaBoundObject(const JavaRef<jobject>& object)
-    : java_object_(object) {
+JavaBoundObject::JavaBoundObject(const JavaRef<jobject>& object,
+                                 bool allow_inherited_methods)
+    : java_object_(object),
+      are_methods_set_up_(false),
+      allow_inherited_methods_(allow_inherited_methods) {
   // We don't do anything with our Java object when first created. We do it all
   // lazily when a method is first invoked.
 }
 
 JavaBoundObject::~JavaBoundObject() {
 }
 
 jobject JavaBoundObject::GetJavaObject(NPObject* object) {
   DCHECK_EQ(&JavaNPObject::kNPClass, object->_class);
   JavaBoundObject* jbo = reinterpret_cast<JavaNPObject*>(object)->bound_object;
@@ skipping 32 matching lines @@
   // Coerce
   std::vector<jvalue> parameters(arg_count);
   for (size_t i = 0; i < arg_count; ++i) {
     parameters[i] = CoerceJavaScriptValueToJavaValue(args[i],
                                                      method->parameter_type(i),
                                                      true);
   }
 
   // Call
   bool ok = CallJNIMethod(java_object_.obj(), method->return_type(),
-                          method->id(), &parameters[0], result);
+                          method->id(), &parameters[0], result,
+                          allow_inherited_methods_);
 
   // Now that we're done with the jvalue, release any local references created
   // by CoerceJavaScriptValueToJavaValue().
   JNIEnv* env = AttachCurrentThread();
   for (size_t i = 0; i < arg_count; ++i) {
     ReleaseJavaValueIfRequired(env, &parameters[i], method->parameter_type(i));
   }
 
   return ok;
 }
 
 void JavaBoundObject::EnsureMethodsAreSetUp() const {
-  if (!methods_.empty()) {
+  if (are_methods_set_up_)
     return;
-  }
+  are_methods_set_up_ = true;
 
   JNIEnv* env = AttachCurrentThread();
   ScopedJavaLocalRef<jclass> clazz(env, static_cast<jclass>(
       env->CallObjectMethod(java_object_.obj(),  GetMethodIDFromClassName(
           env,
           kJavaLangObject,
           kGetClass,
           kReturningJavaLangClass))));
+
+  const char* get_method = allow_inherited_methods_ ?
+      kGetMethods : kGetDeclaredMethods;
+
   ScopedJavaLocalRef<jobjectArray> methods(env, static_cast<jobjectArray>(
       env->CallObjectMethod(clazz.obj(), GetMethodIDFromClassName(
           env,
           kJavaLangClass,
-          kGetMethods,
+          get_method,
           kReturningJavaLangReflectMethodArray))));
+
   size_t num_methods = env->GetArrayLength(methods.obj());
-  DCHECK(num_methods) << "Java objects always have public methods";
+  if (num_methods <= 0)
+    return;
+
   for (size_t i = 0; i < num_methods; ++i) {
     ScopedJavaLocalRef<jobject> java_method(
         env,
         env->GetObjectArrayElement(methods.obj(), i));
-    JavaMethod* method = new JavaMethod(java_method);
-    methods_.insert(std::make_pair(method->name(), method));
+
+    bool is_method_allowed = true;
+    if (!allow_inherited_methods_) {
+      jint modifiers = env->CallIntMethod(java_method.obj(),
+                                          GetMethodIDFromClassName(
+                                              env,
+                                              kJavaLangReflectMethod,
+                                              kGetModifiers,
+                                              kReturningInteger));

[joth, 2012/07/18 17:28:39]

after the fact -- just noticed this is non-standard indenting. We only indent 4
when indenting from left margin, not when doing this quirking open-paren
alignment indent thing.

(easiest way out would have been to grab the method ID as a prior statement)

+      is_method_allowed &= (modifiers & kJavaPublicModifier);
+    }
+
+    if (is_method_allowed) {
+      JavaMethod* method = new JavaMethod(java_method);
+      methods_.insert(std::make_pair(method->name(), method));
+    }
   }
 }