1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/nacl_host/nacl_browser_delegate_impl.h"
6
7 #include "base/path_service.h"
8 #include "base/strings/string_split.h"
9 #include "base/strings/string_util.h"
10 #include "chrome/browser/browser_process.h"
11 #include "chrome/browser/component_updater/pnacl/pnacl_component_installer.h"
12 #include "chrome/browser/extensions/extension_service.h"
13 #include "chrome/browser/nacl_host/nacl_infobar_delegate.h"
14 #include "chrome/browser/profiles/profile.h"
15 #include "chrome/browser/profiles/profile_manager.h"
16 #include "chrome/browser/renderer_host/pepper/chrome_browser_pepper_host_factory.h"
17 #include "chrome/common/chrome_paths.h"
18 #include "chrome/common/chrome_paths_internal.h"
19 #include "chrome/common/chrome_version_info.h"
20 #include "chrome/common/logging_chrome.h"
21 #include "chrome/common/pepper_permission_util.h"
22 #include "content/public/browser/browser_thread.h"
23 #include "content/public/browser/render_frame_host.h"
24 #include "content/public/browser/site_instance.h"
25 #include "extensions/browser/extension_system.h"
26 #include "extensions/browser/info_map.h"
27 #include "extensions/browser/process_manager.h"
28 #include "extensions/common/constants.h"
29 #include "extensions/common/extension.h"
30 #include "extensions/common/manifest_handlers/shared_module_info.h"
31 #include "extensions/common/url_pattern.h"
32 #include "ppapi/c/private/ppb_nacl_private.h"
33
34 using extensions::SharedModuleInfo;
35
36 namespace {
37
38 // These are temporarily needed for testing non-sfi mode on ChromeOS without
39 // passing command-line arguments to Chrome.
40 const char* const kAllowedNonSfiOrigins[] = {
41 "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F", // see http://crbug.com/355141
42 "4EB74897CB187C7633357C2FE832E0AD6A44883A" // see http://crbug.com/355141
43 };
44
45 // Handles an extension's NaCl process transitioning in or out of idle state by
46 // relaying the state to the extension's process manager.
47 //
48 // A NaCl instance, when active (making PPAPI calls or receiving callbacks),
49 // sends keepalive IPCs to the browser process BrowserPpapiHost at a throttled
50 // rate. The content::BrowserPpapiHost passes context information up to the
51 // chrome level NaClProcessHost where we use the instance's context to find the
52 // associated extension process manager.
53 //
54 // There is a 1:many relationship for extension:nacl-embeds, but only a
55 // 1:1 relationship for NaClProcessHost:PP_Instance. The content layer doesn't
56 // rely on this knowledge because it routes messages for ppapi non-nacl
57 // instances as well, though they won't have callbacks set. Here the 1:1
58 // assumption is made and DCHECKed.
OnKeepaliveOnUIThread(const content::BrowserPpapiHost::OnKeepaliveInstanceData & instance_data,const base::FilePath & profile_data_directory)59 void OnKeepaliveOnUIThread(
60 const content::BrowserPpapiHost::OnKeepaliveInstanceData& instance_data,
61 const base::FilePath& profile_data_directory) {
62 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
63
64 // Only one instance will exist for NaCl embeds, even when more than one
65 // embed of the same plugin exists on the same page.
66 DCHECK(instance_data.size() == 1);
67 if (instance_data.size() < 1)
68 return;
69
70 content::RenderFrameHost* render_frame_host =
71 content::RenderFrameHost::FromID(
72 instance_data[0].render_process_id, instance_data[0].render_frame_id);
73 if (!render_frame_host)
74 return;
75
76 content::SiteInstance* site_instance = render_frame_host->GetSiteInstance();
77 if (!site_instance)
78 return;
79
80 extensions::ExtensionSystem* extension_system =
81 extensions::ExtensionSystem::Get(site_instance->GetBrowserContext());
82 if (!extension_system)
83 return;
84
85 const ExtensionService* extension_service =
86 extension_system->extension_service();
87 if (!extension_service)
88 return;
89
90 const extensions::Extension* extension = extension_service->GetExtensionById(
91 instance_data[0].document_url.host(), false);
92 if (!extension)
93 return;
94
95 extensions::ProcessManager* pm = extension_system->process_manager();
96 if (!pm)
97 return;
98
99 pm->KeepaliveImpulse(extension);
100 }
101
102 // Calls OnKeepaliveOnUIThread on UI thread.
OnKeepalive(const content::BrowserPpapiHost::OnKeepaliveInstanceData & instance_data,const base::FilePath & profile_data_directory)103 void OnKeepalive(
104 const content::BrowserPpapiHost::OnKeepaliveInstanceData& instance_data,
105 const base::FilePath& profile_data_directory) {
106 DCHECK(!content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
107 content::BrowserThread::PostTask(content::BrowserThread::UI, FROM_HERE,
108 base::Bind(&OnKeepaliveOnUIThread,
109 instance_data,
110 profile_data_directory));
111 }
112
113 } // namespace
114
NaClBrowserDelegateImpl(ProfileManager * profile_manager)115 NaClBrowserDelegateImpl::NaClBrowserDelegateImpl(
116 ProfileManager* profile_manager)
117 : profile_manager_(profile_manager), inverse_debug_patterns_(false) {
118 DCHECK(profile_manager_);
119 for (size_t i = 0; i < arraysize(kAllowedNonSfiOrigins); ++i) {
120 allowed_nonsfi_origins_.insert(kAllowedNonSfiOrigins[i]);
121 }
122 }
123
~NaClBrowserDelegateImpl()124 NaClBrowserDelegateImpl::~NaClBrowserDelegateImpl() {
125 }
126
ShowMissingArchInfobar(int render_process_id,int render_view_id)127 void NaClBrowserDelegateImpl::ShowMissingArchInfobar(int render_process_id,
128 int render_view_id) {
129 content::BrowserThread::PostTask(
130 content::BrowserThread::UI, FROM_HERE,
131 base::Bind(&NaClInfoBarDelegate::Create, render_process_id,
132 render_view_id));
133 }
134
DialogsAreSuppressed()135 bool NaClBrowserDelegateImpl::DialogsAreSuppressed() {
136 return logging::DialogsAreSuppressed();
137 }
138
GetCacheDirectory(base::FilePath * cache_dir)139 bool NaClBrowserDelegateImpl::GetCacheDirectory(base::FilePath* cache_dir) {
140 base::FilePath user_data_dir;
141 if (!PathService::Get(chrome::DIR_USER_DATA, &user_data_dir))
142 return false;
143 chrome::GetUserCacheDirectory(user_data_dir, cache_dir);
144 return true;
145 }
146
GetPluginDirectory(base::FilePath * plugin_dir)147 bool NaClBrowserDelegateImpl::GetPluginDirectory(base::FilePath* plugin_dir) {
148 return PathService::Get(chrome::DIR_INTERNAL_PLUGINS, plugin_dir);
149 }
150
GetPnaclDirectory(base::FilePath * pnacl_dir)151 bool NaClBrowserDelegateImpl::GetPnaclDirectory(base::FilePath* pnacl_dir) {
152 return PathService::Get(chrome::DIR_PNACL_COMPONENT, pnacl_dir);
153 }
154
GetUserDirectory(base::FilePath * user_dir)155 bool NaClBrowserDelegateImpl::GetUserDirectory(base::FilePath* user_dir) {
156 return PathService::Get(chrome::DIR_USER_DATA, user_dir);
157 }
158
GetVersionString() const159 std::string NaClBrowserDelegateImpl::GetVersionString() const {
160 return chrome::VersionInfo().CreateVersionString();
161 }
162
CreatePpapiHostFactory(content::BrowserPpapiHost * ppapi_host)163 ppapi::host::HostFactory* NaClBrowserDelegateImpl::CreatePpapiHostFactory(
164 content::BrowserPpapiHost* ppapi_host) {
165 return new chrome::ChromeBrowserPepperHostFactory(ppapi_host);
166 }
167
SetDebugPatterns(std::string debug_patterns)168 void NaClBrowserDelegateImpl::SetDebugPatterns(std::string debug_patterns) {
169 if (!debug_patterns.empty() && debug_patterns[0] == '!') {
170 inverse_debug_patterns_ = true;
171 debug_patterns.erase(0, 1);
172 }
173 if (debug_patterns.empty()) {
174 return;
175 }
176 std::vector<std::string> patterns;
177 base::SplitString(debug_patterns, ',', &patterns);
178 for (std::vector<std::string>::iterator iter = patterns.begin();
179 iter != patterns.end(); ++iter) {
180 // Allow chrome:// schema, which is used to filter out the internal
181 // PNaCl translator. Also allow chrome-extension:// schema (which
182 // can have NaCl modules). The default is to disallow these schema
183 // since they can be dangerous in the context of chrome extension
184 // permissions, but they are okay here, for NaCl GDB avoidance.
185 URLPattern pattern(URLPattern::SCHEME_ALL);
186 if (pattern.Parse(*iter) == URLPattern::PARSE_SUCCESS) {
187 // If URL pattern has scheme equal to *, Parse method resets valid
188 // schemes mask to http and https only, so we need to reset it after
189 // Parse to re-include chrome-extension and chrome schema.
190 pattern.SetValidSchemes(URLPattern::SCHEME_ALL);
191 debug_patterns_.push_back(pattern);
192 }
193 }
194 }
195
URLMatchesDebugPatterns(const GURL & manifest_url)196 bool NaClBrowserDelegateImpl::URLMatchesDebugPatterns(
197 const GURL& manifest_url) {
198 // Empty patterns are forbidden so we ignore them.
199 if (debug_patterns_.empty()) {
200 return true;
201 }
202 bool matches = false;
203 for (std::vector<URLPattern>::iterator iter = debug_patterns_.begin();
204 iter != debug_patterns_.end(); ++iter) {
205 if (iter->MatchesURL(manifest_url)) {
206 matches = true;
207 break;
208 }
209 }
210 if (inverse_debug_patterns_) {
211 return !matches;
212 } else {
213 return matches;
214 }
215 }
216
217 // This function is security sensitive. Be sure to check with a security
218 // person before you modify it.
MapUrlToLocalFilePath(const GURL & file_url,bool use_blocking_api,const base::FilePath & profile_directory,base::FilePath * file_path)219 bool NaClBrowserDelegateImpl::MapUrlToLocalFilePath(
220 const GURL& file_url,
221 bool use_blocking_api,
222 const base::FilePath& profile_directory,
223 base::FilePath* file_path) {
224 scoped_refptr<extensions::InfoMap> extension_info_map =
225 GetExtensionInfoMap(profile_directory);
226 // Check that the URL is recognized by the extension system.
227 const extensions::Extension* extension =
228 extension_info_map->extensions().GetExtensionOrAppByURL(file_url);
229 if (!extension)
230 return false;
231
232 // This is a short-cut which avoids calling a blocking file operation
233 // (GetFilePath()), so that this can be called on the IO thread. It only
234 // handles a subset of the urls.
235 if (!use_blocking_api) {
236 if (file_url.SchemeIs(extensions::kExtensionScheme)) {
237 std::string path = file_url.path();
238 base::TrimString(path, "/", &path); // Remove first slash
239 *file_path = extension->path().AppendASCII(path);
240 return true;
241 }
242 return false;
243 }
244
245 std::string path = file_url.path();
246 extensions::ExtensionResource resource;
247
248 if (SharedModuleInfo::IsImportedPath(path)) {
249 // Check if this is a valid path that is imported for this extension.
250 std::string new_extension_id;
251 std::string new_relative_path;
252 SharedModuleInfo::ParseImportedPath(path, &new_extension_id,
253 &new_relative_path);
254 const extensions::Extension* new_extension =
255 extension_info_map->extensions().GetByID(new_extension_id);
256 if (!new_extension)
257 return false;
258
259 if (!SharedModuleInfo::ImportsExtensionById(extension, new_extension_id) ||
260 !SharedModuleInfo::IsExportAllowed(new_extension, new_relative_path)) {
261 return false;
262 }
263
264 resource = new_extension->GetResource(new_relative_path);
265 } else {
266 // Check that the URL references a resource in the extension.
267 resource = extension->GetResource(path);
268 }
269
270 if (resource.empty())
271 return false;
272
273 // GetFilePath is a blocking function call.
274 const base::FilePath resource_file_path = resource.GetFilePath();
275 if (resource_file_path.empty())
276 return false;
277
278 *file_path = resource_file_path;
279 return true;
280 }
281
282 content::BrowserPpapiHost::OnKeepaliveCallback
GetOnKeepaliveCallback()283 NaClBrowserDelegateImpl::GetOnKeepaliveCallback() {
284 return base::Bind(&OnKeepalive);
285 }
286
IsNonSfiModeAllowed(const base::FilePath & profile_directory,const GURL & manifest_url)287 bool NaClBrowserDelegateImpl::IsNonSfiModeAllowed(
288 const base::FilePath& profile_directory,
289 const GURL& manifest_url) {
290 const extensions::ExtensionSet* extension_set =
291 &GetExtensionInfoMap(profile_directory)->extensions();
292 return chrome::IsExtensionOrSharedModuleWhitelisted(
293 manifest_url, extension_set, allowed_nonsfi_origins_);
294 }
295
GetExtensionInfoMap(const base::FilePath & profile_directory)296 scoped_refptr<extensions::InfoMap> NaClBrowserDelegateImpl::GetExtensionInfoMap(
297 const base::FilePath& profile_directory) {
298 // Get the profile associated with the renderer.
299 Profile* profile = profile_manager_->GetProfileByPath(profile_directory);
300 DCHECK(profile);
301 scoped_refptr<extensions::InfoMap> extension_info_map =
302 extensions::ExtensionSystem::Get(profile)->info_map();
303 DCHECK(extension_info_map);
304 return extension_info_map;
305 }
306