Remove Legacy NPAPI Flash Sandbox support

webkit/plugins/npapi/webplugin_delegate_impl_win.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "webkit/plugins/npapi/webplugin_delegate_impl.h"
 
 #include <map>
 #include <string>
 #include <vector>
 
@@ skipping 74 matching lines @@
     LAZY_INSTANCE_INITIALIZER;
 
 // Helper object for patching the RegEnumKeyExW API.
 base::LazyInstance<base::win::IATPatchFunction> g_iat_patch_reg_enum_key_ex_w =
     LAZY_INSTANCE_INITIALIZER;
 
 // Helper object for patching the GetProcAddress API.
 base::LazyInstance<base::win::IATPatchFunction> g_iat_patch_get_proc_address =
     LAZY_INSTANCE_INITIALIZER;
 
-// Helper object for patching the GetKeyState API.
-base::LazyInstance<base::win::IATPatchFunction> g_iat_patch_get_key_state =
-    LAZY_INSTANCE_INITIALIZER;
-
-// Saved key state globals and helper access functions.
-SHORT (WINAPI *g_iat_orig_get_key_state)(int vkey);
-typedef size_t SavedStateType;
-const size_t kBitsPerType = sizeof(SavedStateType) * 8;
-// Bit array of key state corresponding to virtual key index (0=up, 1=down).
-SavedStateType g_saved_key_state[256 / kBitsPerType];
-
-bool GetSavedKeyState(WPARAM vkey) {
-  CHECK_LT(vkey, kBitsPerType * sizeof(g_saved_key_state));
-  if (g_saved_key_state[vkey / kBitsPerType] & 1 << (vkey % kBitsPerType))
-    return true;
-  return false;
-}
-
-void SetSavedKeyState(WPARAM vkey) {
-  CHECK_LT(vkey, kBitsPerType * sizeof(g_saved_key_state));
-  // Cache the key state only for keys blocked by UIPI.
-  if (g_iat_orig_get_key_state(vkey) == 0)
-    g_saved_key_state[vkey / kBitsPerType] |= 1 << (vkey % kBitsPerType);
-}
-
-void UnsetSavedKeyState(WPARAM vkey) {
-  CHECK_LT(vkey, kBitsPerType * sizeof(g_saved_key_state));
-  g_saved_key_state[vkey / kBitsPerType] &= ~(1 << (vkey % kBitsPerType));
-}
-
-void ClearSavedKeyState() {
-  memset(g_saved_key_state, 0, sizeof(g_saved_key_state));
-}
-
-// Helper objects for patching VirtualQuery, VirtualProtect.
-base::LazyInstance<base::win::IATPatchFunction> g_iat_patch_virtual_protect =
-    LAZY_INSTANCE_INITIALIZER;
-BOOL (WINAPI *g_iat_orig_virtual_protect)(LPVOID address,
-                                          SIZE_T size,
-                                          DWORD new_protect,
-                                          PDWORD old_protect);
-
-base::LazyInstance<base::win::IATPatchFunction> g_iat_patch_virtual_free =
-    LAZY_INSTANCE_INITIALIZER;
-BOOL (WINAPI *g_iat_orig_virtual_free)(LPVOID address,
-                                       SIZE_T size,
-                                       DWORD free_type);
-
-const DWORD kExecPageMask = PAGE_EXECUTE_READ;
-static volatile intptr_t g_max_exec_mem_size;
-static scoped_ptr<base::Lock> g_exec_mem_lock;
-
-void UpdateExecMemSize(intptr_t size) {
-  base::AutoLock locked(*g_exec_mem_lock);
-
-  static intptr_t s_exec_mem_size = 0;
-
-  // Floor to zero since shutdown may unmap pages created before our hooks.
-  s_exec_mem_size = std::max(0, s_exec_mem_size + size);
-  if (s_exec_mem_size > g_max_exec_mem_size)
-    g_max_exec_mem_size = s_exec_mem_size;
-}
-
 // http://crbug.com/16114
 // Enforces providing a valid device context in NPWindow, so that NPP_SetWindow
 // is never called with NPNWindoTypeDrawable and NPWindow set to NULL.
 // Doing so allows removing NPP_SetWindow call during painting a windowless
 // plugin, which otherwise could trigger layout change while painting by
 // invoking NPN_Evaluate. Which would cause bad, bad crashes. Bad crashes.
 // TODO(dglazkov): If this approach doesn't produce regressions, move class to
 // webplugin_delegate_impl.h and implement for other platforms.
 class DrawableContextEnforcer {
  public:
@@ skipping 162 matching lines @@
     int code, WPARAM wParam, LPARAM lParam) {
   if (code == HC_ACTION) {
     MOUSEHOOKSTRUCT* hook_struct = reinterpret_cast<MOUSEHOOKSTRUCT*>(lParam);
     if (hook_struct)
       HandleCaptureForMessage(hook_struct->hwnd, wParam);
   }
 
   return CallNextHookEx(NULL, code, wParam, lParam);
 }
 
-// In addition to the key state we maintain, we also mask in the original
-// return value. This is done because system keys (e.g. tab, enter, shift)
-// and toggles (e.g. capslock, numlock) don't ever seem to be blocked.
-SHORT WINAPI WebPluginDelegateImpl::GetKeyStatePatch(int vkey) {
-  if (GetSavedKeyState(vkey))
-    return g_iat_orig_get_key_state(vkey) | 0x8000;
-  return g_iat_orig_get_key_state(vkey);
-}
-
-// We need to track RX memory usage in plugins to prevent JIT spraying attacks.
-// This is done by hooking VirtualProtect and VirtualFree.
-BOOL WINAPI WebPluginDelegateImpl::VirtualProtectPatch(LPVOID address,
-                                                       SIZE_T size,
-                                                       DWORD new_protect,
-                                                       PDWORD old_protect) {
-  if (g_iat_orig_virtual_protect(address, size, new_protect, old_protect)) {
-    bool is_exec = new_protect == kExecPageMask;
-    bool was_exec = *old_protect == kExecPageMask;
-    if (is_exec && !was_exec) {
-      UpdateExecMemSize(static_cast<intptr_t>(size));
-    } else if (!is_exec && was_exec) {
-      UpdateExecMemSize(-(static_cast<intptr_t>(size)));
-    }
-
-    return TRUE;
-  }
-
-  return FALSE;
-}
-
-BOOL WINAPI WebPluginDelegateImpl::VirtualFreePatch(LPVOID address,
-                                                    SIZE_T size,
-                                                    DWORD free_type) {
-  MEMORY_BASIC_INFORMATION mem_info;
-  if (::VirtualQuery(address, &mem_info, sizeof(mem_info))) {
-    size_t exec_size = 0;
-    void* base_address = mem_info.AllocationBase;
-    do {
-      if (mem_info.Protect == kExecPageMask)
-        exec_size += mem_info.RegionSize;
-      BYTE* next = reinterpret_cast<BYTE*>(mem_info.BaseAddress) +
-          mem_info.RegionSize;
-      if (!::VirtualQuery(next, &mem_info, sizeof(mem_info)))
-        break;
-    } while (base_address == mem_info.AllocationBase);
-
-    if (exec_size)
-      UpdateExecMemSize(-(static_cast<intptr_t>(exec_size)));
-  }
-
-  return g_iat_orig_virtual_free(address, size, free_type);
-}
-
 WebPluginDelegateImpl::WebPluginDelegateImpl(
     gfx::PluginWindowHandle containing_view,
     PluginInstance* instance)
     : parent_(containing_view),
       instance_(instance),
       quirks_(0),
       plugin_(NULL),
       windowless_(false),
       windowed_handle_(NULL),
       windowed_did_set_window_(false),
       plugin_wnd_proc_(NULL),
       last_message_(0),
       is_calling_wndproc(false),
       dummy_window_for_activation_(NULL),
-      parent_proxy_window_(NULL),
       handle_event_message_filter_hook_(NULL),
       handle_event_pump_messages_event_(NULL),
       user_gesture_message_posted_(false),
       ALLOW_THIS_IN_INITIALIZER_LIST(user_gesture_msg_factory_(this)),
       handle_event_depth_(0),
       mouse_hook_(NULL),
       first_set_window_call_(true),
       plugin_has_focus_(false),
       has_webkit_focus_(false),
       containing_view_has_focus_(true),
       creation_succeeded_(false) {
   memset(&window_, 0, sizeof(window_));
 
   const WebPluginInfo& plugin_info = instance_->plugin_lib()->plugin_info();
   std::wstring filename =
       StringToLowerASCII(plugin_info.path.BaseName().value());
 
   if (instance_->mime_type() == kFlashPluginSwfMimeType ||
       filename == kFlashPlugin) {
     // Flash only requests windowless plugins if we return a Mozilla user
     // agent.
     instance_->set_use_mozilla_user_agent();
     quirks_ |= PLUGIN_QUIRK_THROTTLE_WM_USER_PLUS_ONE;
     quirks_ |= PLUGIN_QUIRK_PATCH_SETCURSOR;
     quirks_ |= PLUGIN_QUIRK_ALWAYS_NOTIFY_SUCCESS;
     quirks_ |= PLUGIN_QUIRK_HANDLE_MOUSE_CAPTURE;
-    if (filename == kBuiltinFlashPlugin &&
-        base::win::GetVersion() >= base::win::VERSION_VISTA) {
-      quirks_ |= PLUGIN_QUIRK_REPARENT_IN_BROWSER |
-                 PLUGIN_QUIRK_PATCH_GETKEYSTATE |
-                 PLUGIN_QUIRK_PATCH_VM_API;
-    }
     quirks_ |= PLUGIN_QUIRK_EMULATE_IME;
   } else if (filename == kAcrobatReaderPlugin) {
     // Check for the version number above or equal 9.
     int major_version = GetPluginMajorVersion(plugin_info);
     if (major_version >= 9) {
       quirks_ |= PLUGIN_QUIRK_DIE_AFTER_UNLOAD;
       // 9.2 needs this.
       quirks_ |= PLUGIN_QUIRK_SETWINDOW_TWICE;
     }
     quirks_ |= PLUGIN_QUIRK_BLOCK_NONSTANDARD_GETURL_REQUESTS;
@@ skipping 36 matching lines @@
   } else if (plugin_info.name.find(L"DivX Web Player") !=
              std::wstring::npos) {
     // The divx plugin sets its size on the first NPP_SetWindow call and never
     // updates its size. We should call the underlying NPP_SetWindow only when
     // we have the correct size.
     quirks_ |= PLUGIN_QUIRK_IGNORE_FIRST_SETWINDOW_CALL;
   }
 }
 
 WebPluginDelegateImpl::~WebPluginDelegateImpl() {
-  if (::IsWindow(dummy_window_for_activation_)) {
-    // Sandboxed Flash stacks two dummy windows to prevent UIPI failures
-    if (::IsWindow(parent_proxy_window_))
-      ::DestroyWindow(parent_proxy_window_);
-    else
-      ::DestroyWindow(dummy_window_for_activation_);
-  }
+  if (::IsWindow(dummy_window_for_activation_))
+    ::DestroyWindow(dummy_window_for_activation_);
 
   DestroyInstance();
 
   if (!windowless_)
     WindowedDestroyWindow();
 
   if (handle_event_pump_messages_event_) {
     CloseHandle(handle_event_pump_messages_event_);
   }
 }
@@ skipping 69 matching lines @@
   // and use them to retrieve IME data. We add a patch to this function so we
   // can dispatch these IMM32 calls to the WebPluginIMEWin class, which emulates
   // IMM32 functions for Flash.
   if (!g_iat_patch_get_proc_address.Pointer()->is_patched() &&
       (quirks_ & PLUGIN_QUIRK_EMULATE_IME)) {
     g_iat_patch_get_proc_address.Pointer()->Patch(
         GetPluginPath().value().c_str(), "kernel32.dll", "GetProcAddress",
         GetProcAddressPatch);
   }
 
-  // Under UIPI the key state does not get forwarded properly to the child
-  // plugin window. So, instead we track the key state manually and intercept
-  // GetKeyState.
-  if ((quirks_ & PLUGIN_QUIRK_PATCH_GETKEYSTATE) &&
-      !g_iat_patch_get_key_state.Pointer()->is_patched()) {
-    g_iat_orig_get_key_state = ::GetKeyState;
-    g_iat_patch_get_key_state.Pointer()->Patch(
-        L"gcswf32.dll", "user32.dll", "GetKeyState",
-        WebPluginDelegateImpl::GetKeyStatePatch);
-  }
-
-  // Hook the VM calls so we can track the amount of executable memory being
-  // allocated by Flash (and potentially other plugins).
-  if (quirks_ & PLUGIN_QUIRK_PATCH_VM_API) {
-    if (!g_exec_mem_lock.get())
-      g_exec_mem_lock.reset(new base::Lock());
-
-    if (!g_iat_patch_virtual_protect.Pointer()->is_patched()) {
-      g_iat_orig_virtual_protect = ::VirtualProtect;
-      g_iat_patch_virtual_protect.Pointer()->Patch(
-          L"gcswf32.dll", "kernel32.dll", "VirtualProtect",
-          WebPluginDelegateImpl::VirtualProtectPatch);
-    }
-    if (!g_iat_patch_virtual_free.Pointer()->is_patched()) {
-      g_iat_orig_virtual_free = ::VirtualFree;
-      g_iat_patch_virtual_free.Pointer()->Patch(
-          L"gcswf32.dll", "kernel32.dll", "VirtualFree",
-          WebPluginDelegateImpl::VirtualFreePatch);
-    }
-  }
-
   return true;
 }
 
 void WebPluginDelegateImpl::PlatformDestroyInstance() {
   if (!instance_->plugin_lib())
     return;
 
   // Unpatch if this is the last plugin instance.
   if (instance_->plugin_lib()->instance_count() != 1)
     return;
 
-  // Pass back the stats for max executable memory.
-  if (quirks_ & PLUGIN_QUIRK_PATCH_VM_API) {
-    plugin_->ReportExecutableMemory(g_max_exec_mem_size);
-    g_max_exec_mem_size = 0;
-  }
-
   if (g_iat_patch_set_cursor.Pointer()->is_patched())
     g_iat_patch_set_cursor.Pointer()->Unpatch();
 
   if (g_iat_patch_track_popup_menu.Pointer()->is_patched())
     g_iat_patch_track_popup_menu.Pointer()->Unpatch();
 
   if (g_iat_patch_reg_enum_key_ex_w.Pointer()->is_patched())
     g_iat_patch_reg_enum_key_ex_w.Pointer()->Unpatch();
 
   if (mouse_hook_) {
     UnhookWindowsHookEx(mouse_hook_);
     mouse_hook_ = NULL;
   }
 }
 
 void WebPluginDelegateImpl::Paint(WebKit::WebCanvas* canvas,
                                   const gfx::Rect& rect) {
   if (windowless_ && skia::SupportsPlatformPaint(canvas)) {
     skia::ScopedPlatformPaint scoped_platform_paint(canvas);
     HDC hdc = scoped_platform_paint.GetPlatformSurface();
     WindowlessPaint(hdc, rect);
   }
 }
 
 bool WebPluginDelegateImpl::WindowedCreatePlugin() {
   DCHECK(!windowed_handle_);
 
   RegisterNativeWindowClass();
 
-  // UIPI requires reparenting in the (medium-integrity) browser process.
-  bool reparent_in_browser = (quirks_ & PLUGIN_QUIRK_REPARENT_IN_BROWSER) != 0;
-
   // The window will be sized and shown later.
   windowed_handle_ = CreateWindowEx(
       WS_EX_LEFT | WS_EX_LTRREADING | WS_EX_RIGHTSCROLLBAR,
       kNativeWindowClassName,
       0,
       WS_POPUP | WS_CLIPCHILDREN | WS_CLIPSIBLINGS,
       0,
       0,
       0,
       0,
-      reparent_in_browser ? NULL : parent_,
+      parent_,
       0,
       GetModuleHandle(NULL),
       0);
   if (windowed_handle_ == 0)
     return false;
 
-  if (reparent_in_browser) {
-    plugin_->ReparentPluginWindow(windowed_handle_, parent_);
-  } else if (IsWindow(parent_)) {
+  if (IsWindow(parent_)) {
     // This is a tricky workaround for Issue 2673 in chromium "Flash: IME not
     // available". To use IMEs in this window, we have to make Windows attach
     // IMEs to this window (i.e. load IME DLLs, attach them to this process,
     // and add their message hooks to this window). Windows attaches IMEs while
     // this process creates a top-level window. On the other hand, to layout
     // this window correctly in the given parent window (RenderWidgetHostHWND),
     // this window should be a child window of the parent window.
     // To satisfy both of the above conditions, this code once creates a
     // top-level window and change it to a child window of the parent window.
     SetWindowLongPtr(windowed_handle_, GWL_STYLE,
@@ skipping 201 matching lines @@
     DCHECK(old_flash_proc);
     g_window_handle_proc_map.Get()[window] = old_flash_proc;
   }
 
   return TRUE;
 }
 
 bool WebPluginDelegateImpl::CreateDummyWindowForActivation() {
   DCHECK(!dummy_window_for_activation_);
 
-  // Built-in Flash runs with UIPI, but in windowless mode Flash sometimes
-  // tries to attach windows to the parent (which fails under UIPI). To make
-  // it work we add an extra dummy parent in the low-integrity process.
-  if (quirks_ & PLUGIN_QUIRK_REPARENT_IN_BROWSER) {
-    parent_proxy_window_ = CreateWindowEx(
-      0,
-      L"Static",
-      kDummyActivationWindowName,
-      WS_POPUP,
-      0,
-      0,
-      0,
-      0,
-      0,
-      0,
-      GetModuleHandle(NULL),
-      0);
-
-    if (parent_proxy_window_ == 0)
-      return false;
-    plugin_->ReparentPluginWindow(parent_proxy_window_, parent_);
-  }
-
   dummy_window_for_activation_ = CreateWindowEx(
     0,
     L"Static",
     kDummyActivationWindowName,
     WS_CHILD,
     0,
     0,
     0,
     0,
-    parent_proxy_window_ ? parent_proxy_window_ : parent_,
+    parent_,
     0,
     GetModuleHandle(NULL),
     0);
 
   if (dummy_window_for_activation_ == 0)
     return false;
 
   // Flash creates background windows which use excessive CPU in our
   // environment; we wrap these windows and throttle them so that they don't
   // get out of hand.
@@ skipping 170 matching lines @@
   // Flash may flood the message queue with WM_USER+1 message causing 100% CPU
   // usage.  See https://bugzilla.mozilla.org/show_bug.cgi?id=132759.  We
   // prevent this by throttling the messages.
   if (message == WM_USER + 1 &&
       delegate->GetQuirks() & PLUGIN_QUIRK_THROTTLE_WM_USER_PLUS_ONE) {
     WebPluginDelegateImpl::ThrottleMessage(delegate->plugin_wnd_proc_, hwnd,
                                            message, wparam, lparam);
     return FALSE;
   }
 
-  // Track the keystate to work around a UIPI issue.
-  if (delegate->GetQuirks() & PLUGIN_QUIRK_PATCH_GETKEYSTATE) {
-    switch (message) {
-      case WM_KEYDOWN:
-        SetSavedKeyState(wparam);
-        break;
-
-      case WM_KEYUP:
-        UnsetSavedKeyState(wparam);
-        break;
-
-      // Clear out the saved keystate whenever the Flash thread loses focus.
-      case WM_KILLFOCUS:
-      case WM_SETFOCUS:
-        if (::GetCurrentThreadId() != ::GetWindowThreadProcessId(
-            reinterpret_cast<HWND>(wparam), NULL)) {
-          ClearSavedKeyState();
-        }
-        break;
-
-      default:
-        break;
-    }
-  }
-
   LRESULT result;
   uint32 old_message = delegate->last_message_;
   delegate->last_message_ = message;
 
   static UINT custom_msg = RegisterWindowMessage(kPaintMessageName);
   if (message == custom_msg) {
     // Get the invalid rect which is in screen coordinates and convert to
     // window coordinates.
     gfx::Rect invalid_rect;
     invalid_rect.set_x(wparam >> 16);
@@ skipping 146 matching lines @@
 }
 
 bool WebPluginDelegateImpl::PlatformSetPluginHasFocus(bool focused) {
   DCHECK(instance()->windowless());
 
   NPEvent focus_event;
   focus_event.event = focused ? WM_SETFOCUS : WM_KILLFOCUS;
   focus_event.wParam = 0;
   focus_event.lParam = 0;
 
-  if (GetQuirks() & PLUGIN_QUIRK_PATCH_GETKEYSTATE)
-    ClearSavedKeyState();
-
   instance()->NPP_HandleEvent(&focus_event);
   return true;
 }
 
 static bool NPEventFromWebMouseEvent(const WebMouseEvent& event,
                                      NPEvent* np_event) {
   np_event->lParam = static_cast<uint32>(MAKELPARAM(event.windowX,
                                                    event.windowY));
   np_event->wParam = 0;
 
@@ skipping 99 matching lines @@
 
 bool WebPluginDelegateImpl::PlatformHandleInputEvent(
     const WebInputEvent& event, WebCursorInfo* cursor_info) {
   DCHECK(cursor_info != NULL);
 
   NPEvent np_event;
   if (!NPEventFromWebInputEvent(event, &np_event)) {
     return false;
   }
 
-  if (GetQuirks() & PLUGIN_QUIRK_PATCH_GETKEYSTATE) {
-    if (np_event.event == WM_KEYDOWN)
-      SetSavedKeyState(np_event.wParam);
-    else if (np_event.event == WM_KEYUP)
-      UnsetSavedKeyState(np_event.wParam);
-  }
-
   // Allow this plug-in to access this IME emulator through IMM32 API while the
   // plug-in is processing this event.
   if (GetQuirks() & PLUGIN_QUIRK_EMULATE_IME) {
     if (!plugin_ime_.get())
       plugin_ime_.reset(new WebPluginIMEWin);
   }
   WebPluginIMEWin::ScopedLock lock(plugin_ime_.get());
 
   HWND last_focus_window = NULL;
 
@@ skipping 230 matching lines @@
       ::ReleaseCapture();
       break;
 
     default:
       break;
   }
 }
 
 }  // namespace npapi
 }  // namespace webkit