Index: content/browser/renderer_host/pepper/pepper_message_filter.cc |
diff --git a/content/browser/renderer_host/pepper/pepper_message_filter.cc b/content/browser/renderer_host/pepper/pepper_message_filter.cc |
index f6a2e16d568f1925143e8ad6efede3a257ce887e..939b07fb38051049b1e546be1fa9151b371e455c 100644 |
--- a/content/browser/renderer_host/pepper/pepper_message_filter.cc |
+++ b/content/browser/renderer_host/pepper/pepper_message_filter.cc |
@@ -117,11 +117,11 @@ PepperMessageFilter::PepperMessageFilter(ProcessType type, |
void PepperMessageFilter::OverrideThreadForMessage( |
const IPC::Message& message, |
BrowserThread::ID* thread) { |
- if (message.type() == PpapiHostMsg_PPBTCPSocket_Connect::ID || |
+ if (message.type() == PpapiHostMsg_PPBTCPServerSocket_Listen::ID || |
+ message.type() == PpapiHostMsg_PPBTCPSocket_Connect::ID || |
message.type() == PpapiHostMsg_PPBTCPSocket_ConnectWithNetAddress::ID || |
message.type() == PpapiHostMsg_PPBUDPSocket_Bind::ID || |
- message.type() == PpapiHostMsg_PPBTCPServerSocket_Listen::ID || |
- message.type() == PpapiHostMsg_PPBHostResolver_Resolve::ID) { |
+ message.type() == PpapiHostMsg_PPBUDPSocket_SendTo::ID) { |
*thread = BrowserThread::UI; |
} else if (message.type() == PepperMsg_GetDeviceID::ID) { |
*thread = BrowserThread::FILE; |
@@ -285,9 +285,12 @@ void PepperMessageFilter::OnTCPConnect(int32 routing_id, |
const std::string& host, |
uint16_t port) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
+ content::SocketPermissionRequest params( |
+ content::SocketPermissionRequest::TCP_CONNECT, host, port); |
+ bool allowed = CanUseSocketAPIs(routing_id, params); |
BrowserThread::PostTask(BrowserThread::IO, FROM_HERE, |
base::Bind(&PepperMessageFilter::DoTCPConnect, this, |
- CanUseSocketAPIs(routing_id), routing_id, socket_id, host, port)); |
+ allowed, routing_id, socket_id, host, port)); |
} |
void PepperMessageFilter::DoTCPConnect(bool allowed, |
@@ -313,9 +316,11 @@ void PepperMessageFilter::OnTCPConnectWithNetAddress( |
uint32 socket_id, |
const PP_NetAddress_Private& net_addr) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
+ bool allowed = CanUseSocketAPIs(routing_id, CreateSocketPermissionRequest( |
+ content::SocketPermissionRequest::TCP_CONNECT, net_addr)); |
BrowserThread::PostTask(BrowserThread::IO, FROM_HERE, |
base::Bind(&PepperMessageFilter::DoTCPConnectWithNetAddress, this, |
- CanUseSocketAPIs(routing_id), routing_id, socket_id, net_addr)); |
+ allowed, routing_id, socket_id, net_addr)); |
} |
void PepperMessageFilter::DoTCPConnectWithNetAddress( |
@@ -431,9 +436,11 @@ void PepperMessageFilter::OnUDPBind(int32 routing_id, |
uint32 socket_id, |
const PP_NetAddress_Private& addr) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
+ bool allowed = CanUseSocketAPIs(routing_id, CreateSocketPermissionRequest( |
+ content::SocketPermissionRequest::UDP_BIND, addr)); |
BrowserThread::PostTask(BrowserThread::IO, FROM_HERE, |
base::Bind(&PepperMessageFilter::DoUDPBind, this, |
- CanUseSocketAPIs(routing_id), routing_id, socket_id, addr)); |
+ allowed, routing_id, socket_id, addr)); |
} |
void PepperMessageFilter::DoUDPBind(bool allowed, |
@@ -463,16 +470,35 @@ void PepperMessageFilter::OnUDPRecvFrom(uint32 socket_id, int32_t num_bytes) { |
iter->second->RecvFrom(num_bytes); |
} |
-void PepperMessageFilter::OnUDPSendTo(uint32 socket_id, |
+void PepperMessageFilter::OnUDPSendTo(int32 routing_id, |
+ uint32 socket_id, |
const std::string& data, |
const PP_NetAddress_Private& addr) { |
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
+ bool allowed = CanUseSocketAPIs(routing_id, CreateSocketPermissionRequest( |
+ content::SocketPermissionRequest::UDP_SEND_TO, addr)); |
+ BrowserThread::PostTask(BrowserThread::IO, FROM_HERE, |
+ base::Bind(&PepperMessageFilter::DoUDPSendTo, this, |
+ allowed, routing_id, socket_id, data, addr)); |
+ |
+} |
+ |
+void PepperMessageFilter::DoUDPSendTo(bool allowed, |
+ int32 routing_id, |
+ uint32 socket_id, |
+ const std::string& data, |
+ const PP_NetAddress_Private& addr) { |
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
UDPSocketMap::iterator iter = udp_sockets_.find(socket_id); |
if (iter == udp_sockets_.end()) { |
NOTREACHED(); |
return; |
} |
- iter->second->SendTo(data, addr); |
+ if (routing_id == iter->second->routing_id() && allowed) |
+ iter->second->SendTo(data, addr); |
+ else |
+ iter->second->SendSendToACKError(); |
} |
void PepperMessageFilter::OnUDPClose(uint32 socket_id) { |
@@ -494,10 +520,12 @@ void PepperMessageFilter::OnTCPServerListen(int32 routing_id, |
const PP_NetAddress_Private& addr, |
int32_t backlog) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
+ bool allowed = CanUseSocketAPIs(routing_id, CreateSocketPermissionRequest( |
+ content::SocketPermissionRequest::TCP_LISTEN, addr)); |
BrowserThread::PostTask(BrowserThread::IO, FROM_HERE, |
base::Bind(&PepperMessageFilter::DoTCPServerListen, |
this, |
- CanUseSocketAPIs(routing_id), |
+ allowed, |
routing_id, |
plugin_dispatcher_id, |
socket_resource, |
@@ -552,33 +580,7 @@ void PepperMessageFilter::OnHostResolverResolve( |
uint32 host_resolver_id, |
const ppapi::HostPortPair& host_port, |
const PP_HostResolver_Private_Hint& hint) { |
- DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
- BrowserThread::PostTask( |
- BrowserThread::IO, FROM_HERE, |
- base::Bind(&PepperMessageFilter::DoHostResolverResolve, this, |
- CanUseSocketAPIs(routing_id), |
- routing_id, |
- plugin_dispatcher_id, |
- host_resolver_id, |
- host_port, |
- hint)); |
-} |
- |
-void PepperMessageFilter::DoHostResolverResolve( |
- bool allowed, |
- int32 routing_id, |
- uint32 plugin_dispatcher_id, |
- uint32 host_resolver_id, |
- const ppapi::HostPortPair& host_port, |
- const PP_HostResolver_Private_Hint& hint) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
- if (!allowed) { |
- SendHostResolverResolveACKError(routing_id, |
- plugin_dispatcher_id, |
- host_resolver_id); |
- return; |
- } |
- |
net::HostResolver::RequestInfo request_info( |
net::HostPortPair(host_port.host, host_port.port)); |
@@ -809,7 +811,8 @@ uint32 PepperMessageFilter::GenerateSocketID() { |
return socket_id; |
} |
-bool PepperMessageFilter::CanUseSocketAPIs(int32 render_id) { |
+bool PepperMessageFilter::CanUseSocketAPIs(int32 render_id, |
+ const content::SocketPermissionRequest& params) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
if (process_type_ == PLUGIN) { |
// Always allow socket APIs for out-process plugins. |
@@ -827,15 +830,27 @@ bool PepperMessageFilter::CanUseSocketAPIs(int32 render_id) { |
if (!GetContentClient()->browser()->AllowPepperSocketAPI( |
site_instance->GetBrowserContext(), |
- site_instance->GetSiteURL())) { |
+ site_instance->GetSiteURL(), |
+ params)) { |
LOG(ERROR) << "Host " << site_instance->GetSiteURL().host() |
- << " cannot use socket API"; |
+ << " cannot use socket API or destination is not allowed"; |
return false; |
} |
return true; |
} |
+content::SocketPermissionRequest |
+PepperMessageFilter::CreateSocketPermissionRequest( |
+ content::SocketPermissionRequest::OperationType type, |
+ const PP_NetAddress_Private& net_addr) { |
+ std::string host = NetAddressPrivateImpl::DescribeNetAddress(net_addr, false); |
+ int port = 0; |
+ std::vector<unsigned char> address; |
+ NetAddressPrivateImpl::NetAddressToIPEndPoint(net_addr, &address, &port); |
+ return content::SocketPermissionRequest(type, host, port); |
+} |
+ |
void PepperMessageFilter::GetAndSendNetworkList() { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |