[refactor] More post-NSS WebCrypto cleanups (utility functions).
[chromium-blink-merge.git] / content / browser / ppapi_plugin_process_host.cc
blob3dd06594bbe1f06a1058c4d81f114f2f87d301fb
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "content/browser/ppapi_plugin_process_host.h"
7 #include <string>
9 #include "base/base_switches.h"
10 #include "base/command_line.h"
11 #include "base/files/file_path.h"
12 #include "base/metrics/field_trial.h"
13 #include "base/strings/utf_string_conversions.h"
14 #include "content/browser/browser_child_process_host_impl.h"
15 #include "content/browser/plugin_service_impl.h"
16 #include "content/browser/renderer_host/render_message_filter.h"
17 #include "content/common/child_process_host_impl.h"
18 #include "content/common/child_process_messages.h"
19 #include "content/common/content_switches_internal.h"
20 #include "content/public/browser/content_browser_client.h"
21 #include "content/public/common/content_constants.h"
22 #include "content/public/common/content_switches.h"
23 #include "content/public/common/pepper_plugin_info.h"
24 #include "content/public/common/process_type.h"
25 #include "content/public/common/sandbox_type.h"
26 #include "content/public/common/sandboxed_process_launcher_delegate.h"
27 #include "ipc/ipc_switches.h"
28 #include "net/base/network_change_notifier.h"
29 #include "ppapi/proxy/ppapi_messages.h"
30 #include "ui/base/ui_base_switches.h"
32 #if defined(OS_WIN)
33 #include "content/common/sandbox_win.h"
34 #include "sandbox/win/src/process_mitigations.h"
35 #include "sandbox/win/src/sandbox_policy.h"
36 #endif
38 namespace content {
40 // NOTE: changes to this class need to be reviewed by the security team.
41 class PpapiPluginSandboxedProcessLauncherDelegate
42 : public content::SandboxedProcessLauncherDelegate {
43 public:
44 PpapiPluginSandboxedProcessLauncherDelegate(bool is_broker,
45 const PepperPluginInfo& info,
46 ChildProcessHost* host)
47 : info_(info),
48 #if defined(OS_POSIX)
49 ipc_fd_(host->TakeClientFileDescriptor()),
50 #endif // OS_POSIX
51 is_broker_(is_broker) {}
53 ~PpapiPluginSandboxedProcessLauncherDelegate() override {}
55 #if defined(OS_WIN)
56 bool ShouldSandbox() override {
57 return !is_broker_;
60 void PreSpawnTarget(sandbox::TargetPolicy* policy, bool* success) override {
61 if (is_broker_)
62 return;
63 *success = false;
64 // The Pepper process is as locked-down as a renderer except that it can
65 // create the server side of Chrome pipes.
66 sandbox::ResultCode result;
67 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
68 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY,
69 L"\\\\.\\pipe\\chrome.*");
70 if (result != sandbox::SBOX_ALL_OK)
71 return;
72 #if !defined(NACL_WIN64)
73 for (const auto& mime_type : info_.mime_types) {
74 if (IsWin32kLockdownEnabledForMimeType(mime_type.mime_type)) {
75 if (!AddWin32kLockdownPolicy(policy))
76 return;
77 break;
80 #endif
81 const base::string16& sid =
82 GetContentClient()->browser()->GetAppContainerSidForSandboxType(
83 GetSandboxType());
84 if (!sid.empty())
85 AddAppContainerPolicy(policy, sid.c_str());
87 *success = true;
90 #elif defined(OS_POSIX)
91 bool ShouldUseZygote() override {
92 const base::CommandLine& browser_command_line =
93 *base::CommandLine::ForCurrentProcess();
94 base::CommandLine::StringType plugin_launcher = browser_command_line
95 .GetSwitchValueNative(switches::kPpapiPluginLauncher);
96 return !is_broker_ && plugin_launcher.empty();
98 base::ScopedFD TakeIpcFd() override { return ipc_fd_.Pass(); }
99 #endif // OS_WIN
101 SandboxType GetSandboxType() override {
102 return SANDBOX_TYPE_PPAPI;
105 private:
106 const PepperPluginInfo& info_;
107 #if defined(OS_POSIX)
108 base::ScopedFD ipc_fd_;
109 #endif // OS_POSIX
110 bool is_broker_;
112 DISALLOW_COPY_AND_ASSIGN(PpapiPluginSandboxedProcessLauncherDelegate);
115 class PpapiPluginProcessHost::PluginNetworkObserver
116 : public net::NetworkChangeNotifier::IPAddressObserver,
117 public net::NetworkChangeNotifier::ConnectionTypeObserver {
118 public:
119 explicit PluginNetworkObserver(PpapiPluginProcessHost* process_host)
120 : process_host_(process_host) {
121 net::NetworkChangeNotifier::AddIPAddressObserver(this);
122 net::NetworkChangeNotifier::AddConnectionTypeObserver(this);
125 ~PluginNetworkObserver() override {
126 net::NetworkChangeNotifier::RemoveConnectionTypeObserver(this);
127 net::NetworkChangeNotifier::RemoveIPAddressObserver(this);
130 // IPAddressObserver implementation.
131 void OnIPAddressChanged() override {
132 // TODO(brettw) bug 90246: This doesn't seem correct. The online/offline
133 // notification seems like it should be sufficient, but I don't see that
134 // when I unplug and replug my network cable. Sending this notification when
135 // "something" changes seems to make Flash reasonably happy, but seems
136 // wrong. We should really be able to provide the real online state in
137 // OnConnectionTypeChanged().
138 process_host_->Send(new PpapiMsg_SetNetworkState(true));
141 // ConnectionTypeObserver implementation.
142 void OnConnectionTypeChanged(
143 net::NetworkChangeNotifier::ConnectionType type) override {
144 process_host_->Send(new PpapiMsg_SetNetworkState(
145 type != net::NetworkChangeNotifier::CONNECTION_NONE));
148 private:
149 PpapiPluginProcessHost* const process_host_;
152 PpapiPluginProcessHost::~PpapiPluginProcessHost() {
153 DVLOG(1) << "PpapiPluginProcessHost" << (is_broker_ ? "[broker]" : "")
154 << "~PpapiPluginProcessHost()";
155 CancelRequests();
158 // static
159 PpapiPluginProcessHost* PpapiPluginProcessHost::CreatePluginHost(
160 const PepperPluginInfo& info,
161 const base::FilePath& profile_data_directory) {
162 PpapiPluginProcessHost* plugin_host = new PpapiPluginProcessHost(
163 info, profile_data_directory);
164 DCHECK(plugin_host);
165 if (plugin_host->Init(info))
166 return plugin_host;
168 NOTREACHED(); // Init is not expected to fail.
169 return NULL;
172 // static
173 PpapiPluginProcessHost* PpapiPluginProcessHost::CreateBrokerHost(
174 const PepperPluginInfo& info) {
175 PpapiPluginProcessHost* plugin_host =
176 new PpapiPluginProcessHost();
177 if (plugin_host->Init(info))
178 return plugin_host;
180 NOTREACHED(); // Init is not expected to fail.
181 return NULL;
184 // static
185 void PpapiPluginProcessHost::DidCreateOutOfProcessInstance(
186 int plugin_process_id,
187 int32 pp_instance,
188 const PepperRendererInstanceData& instance_data) {
189 for (PpapiPluginProcessHostIterator iter; !iter.Done(); ++iter) {
190 if (iter->process_.get() &&
191 iter->process_->GetData().id == plugin_process_id) {
192 // Found the plugin.
193 iter->host_impl_->AddInstance(pp_instance, instance_data);
194 return;
197 // We'll see this passed with a 0 process ID for the browser tag stuff that
198 // is currently in the process of being removed.
200 // TODO(brettw) When old browser tag impl is removed
201 // (PepperPluginDelegateImpl::CreateBrowserPluginModule passes a 0 plugin
202 // process ID) this should be converted to a NOTREACHED().
203 DCHECK(plugin_process_id == 0)
204 << "Renderer sent a bad plugin process host ID";
207 // static
208 void PpapiPluginProcessHost::DidDeleteOutOfProcessInstance(
209 int plugin_process_id,
210 int32 pp_instance) {
211 for (PpapiPluginProcessHostIterator iter; !iter.Done(); ++iter) {
212 if (iter->process_.get() &&
213 iter->process_->GetData().id == plugin_process_id) {
214 // Found the plugin.
215 iter->host_impl_->DeleteInstance(pp_instance);
216 return;
219 // Note: It's possible that the plugin process has already been deleted by
220 // the time this message is received. For example, it could have crashed.
221 // That's OK, we can just ignore this message.
224 // static
225 void PpapiPluginProcessHost::OnPluginInstanceThrottleStateChange(
226 int plugin_process_id,
227 int32 pp_instance,
228 bool is_throttled) {
229 for (PpapiPluginProcessHostIterator iter; !iter.Done(); ++iter) {
230 if (iter->process_.get() &&
231 iter->process_->GetData().id == plugin_process_id) {
232 // Found the plugin.
233 iter->host_impl_->OnThrottleStateChanged(pp_instance, is_throttled);
234 return;
237 // Note: It's possible that the plugin process has already been deleted by
238 // the time this message is received. For example, it could have crashed.
239 // That's OK, we can just ignore this message.
242 // static
243 void PpapiPluginProcessHost::FindByName(
244 const base::string16& name,
245 std::vector<PpapiPluginProcessHost*>* hosts) {
246 for (PpapiPluginProcessHostIterator iter; !iter.Done(); ++iter) {
247 if (iter->process_.get() && iter->process_->GetData().name == name)
248 hosts->push_back(*iter);
252 bool PpapiPluginProcessHost::Send(IPC::Message* message) {
253 return process_->Send(message);
256 void PpapiPluginProcessHost::OpenChannelToPlugin(Client* client) {
257 if (process_->GetHost()->IsChannelOpening()) {
258 // The channel is already in the process of being opened. Put
259 // this "open channel" request into a queue of requests that will
260 // be run once the channel is open.
261 pending_requests_.push_back(client);
262 return;
265 // We already have an open channel, send a request right away to plugin.
266 RequestPluginChannel(client);
269 PpapiPluginProcessHost::PpapiPluginProcessHost(
270 const PepperPluginInfo& info,
271 const base::FilePath& profile_data_directory)
272 : profile_data_directory_(profile_data_directory),
273 is_broker_(false) {
274 uint32 base_permissions = info.permissions;
276 // We don't have to do any whitelisting for APIs in this process host, so
277 // don't bother passing a browser context or document url here.
278 if (GetContentClient()->browser()->IsPluginAllowedToUseDevChannelAPIs(
279 NULL, GURL()))
280 base_permissions |= ppapi::PERMISSION_DEV_CHANNEL;
281 permissions_ = ppapi::PpapiPermissions::GetForCommandLine(base_permissions);
283 process_.reset(new BrowserChildProcessHostImpl(
284 PROCESS_TYPE_PPAPI_PLUGIN, this));
286 host_impl_.reset(new BrowserPpapiHostImpl(this, permissions_, info.name,
287 info.path, profile_data_directory,
288 false /* in_process */,
289 false /* external_plugin */));
291 filter_ = new PepperMessageFilter();
292 process_->AddFilter(filter_.get());
293 process_->GetHost()->AddFilter(host_impl_->message_filter().get());
295 GetContentClient()->browser()->DidCreatePpapiPlugin(host_impl_.get());
297 // Only request network status updates if the plugin has dev permissions.
298 if (permissions_.HasPermission(ppapi::PERMISSION_DEV))
299 network_observer_.reset(new PluginNetworkObserver(this));
302 PpapiPluginProcessHost::PpapiPluginProcessHost()
303 : is_broker_(true) {
304 process_.reset(new BrowserChildProcessHostImpl(
305 PROCESS_TYPE_PPAPI_BROKER, this));
307 ppapi::PpapiPermissions permissions; // No permissions.
308 // The plugin name, path and profile data directory shouldn't be needed for
309 // the broker.
310 host_impl_.reset(new BrowserPpapiHostImpl(this, permissions,
311 std::string(), base::FilePath(),
312 base::FilePath(),
313 false /* in_process */,
314 false /* external_plugin */));
317 bool PpapiPluginProcessHost::Init(const PepperPluginInfo& info) {
318 plugin_path_ = info.path;
319 if (info.name.empty()) {
320 process_->SetName(plugin_path_.BaseName().LossyDisplayName());
321 } else {
322 process_->SetName(base::UTF8ToUTF16(info.name));
325 std::string channel_id = process_->GetHost()->CreateChannel();
326 if (channel_id.empty()) {
327 VLOG(1) << "Could not create pepper host channel.";
328 return false;
331 const base::CommandLine& browser_command_line =
332 *base::CommandLine::ForCurrentProcess();
333 base::CommandLine::StringType plugin_launcher =
334 browser_command_line.GetSwitchValueNative(switches::kPpapiPluginLauncher);
336 #if defined(OS_LINUX)
337 int flags = plugin_launcher.empty() ? ChildProcessHost::CHILD_ALLOW_SELF :
338 ChildProcessHost::CHILD_NORMAL;
339 #else
340 int flags = ChildProcessHost::CHILD_NORMAL;
341 #endif
342 base::FilePath exe_path = ChildProcessHost::GetChildPath(flags);
343 if (exe_path.empty()) {
344 VLOG(1) << "Pepper plugin exe path is empty.";
345 return false;
348 base::CommandLine* cmd_line = new base::CommandLine(exe_path);
349 cmd_line->AppendSwitchASCII(switches::kProcessType,
350 is_broker_ ? switches::kPpapiBrokerProcess
351 : switches::kPpapiPluginProcess);
352 cmd_line->AppendSwitchASCII(switches::kProcessChannelID, channel_id);
354 // These switches are forwarded to both plugin and broker pocesses.
355 static const char* kCommonForwardSwitches[] = {
356 switches::kVModule
358 cmd_line->CopySwitchesFrom(browser_command_line, kCommonForwardSwitches,
359 arraysize(kCommonForwardSwitches));
361 if (!is_broker_) {
362 static const char* kPluginForwardSwitches[] = {
363 switches::kDisableSeccompFilterSandbox,
364 #if defined(OS_MACOSX)
365 switches::kEnableSandboxLogging,
366 #endif
367 switches::kNoSandbox,
368 switches::kPpapiStartupDialog,
370 cmd_line->CopySwitchesFrom(browser_command_line, kPluginForwardSwitches,
371 arraysize(kPluginForwardSwitches));
373 // Copy any flash args over and introduce field trials if necessary.
374 // TODO(vtl): Stop passing flash args in the command line, or windows is
375 // going to explode.
376 std::string field_trial =
377 base::FieldTrialList::FindFullName(kFlashHwVideoDecodeFieldTrialName);
378 std::string existing_args =
379 browser_command_line.GetSwitchValueASCII(switches::kPpapiFlashArgs);
380 if (field_trial == kFlashHwVideoDecodeFieldTrialEnabledName) {
381 // Arguments passed to Flash are comma delimited.
382 if (!existing_args.empty())
383 existing_args.append(",");
384 existing_args.append("enable_hw_video_decode=1");
385 #if defined(OS_MACOSX)
386 // TODO(ihf): Remove this once Flash newer than 15.0.0.223 is released.
387 existing_args.append(",enable_hw_video_decode_mac=1");
388 #endif
390 cmd_line->AppendSwitchASCII(switches::kPpapiFlashArgs, existing_args);
393 std::string locale = GetContentClient()->browser()->GetApplicationLocale();
394 if (!locale.empty()) {
395 // Pass on the locale so the plugin will know what language we're using.
396 cmd_line->AppendSwitchASCII(switches::kLang, locale);
399 if (!plugin_launcher.empty())
400 cmd_line->PrependWrapper(plugin_launcher);
402 // On posix, never use the zygote for the broker. Also, only use the zygote if
403 // we are not using a plugin launcher - having a plugin launcher means we need
404 // to use another process instead of just forking the zygote.
405 process_->Launch(
406 new PpapiPluginSandboxedProcessLauncherDelegate(is_broker_,
407 info,
408 process_->GetHost()),
409 cmd_line,
410 true);
411 return true;
414 void PpapiPluginProcessHost::RequestPluginChannel(Client* client) {
415 base::ProcessHandle process_handle;
416 int renderer_child_id;
417 client->GetPpapiChannelInfo(&process_handle, &renderer_child_id);
419 base::ProcessId process_id = (process_handle == base::kNullProcessHandle) ?
420 0 : base::GetProcId(process_handle);
422 // We can't send any sync messages from the browser because it might lead to
423 // a hang. See the similar code in PluginProcessHost for more description.
424 PpapiMsg_CreateChannel* msg = new PpapiMsg_CreateChannel(
425 process_id, renderer_child_id, client->OffTheRecord());
426 msg->set_unblock(true);
427 if (Send(msg)) {
428 sent_requests_.push(client);
429 } else {
430 client->OnPpapiChannelOpened(IPC::ChannelHandle(), base::kNullProcessId, 0);
434 void PpapiPluginProcessHost::OnProcessLaunched() {
435 VLOG(2) << "ppapi plugin process launched.";
436 host_impl_->set_plugin_process(process_->GetProcess().Duplicate());
439 void PpapiPluginProcessHost::OnProcessCrashed(int exit_code) {
440 VLOG(1) << "ppapi plugin process crashed.";
441 PluginServiceImpl::GetInstance()->RegisterPluginCrash(plugin_path_);
444 bool PpapiPluginProcessHost::OnMessageReceived(const IPC::Message& msg) {
445 bool handled = true;
446 IPC_BEGIN_MESSAGE_MAP(PpapiPluginProcessHost, msg)
447 IPC_MESSAGE_HANDLER(PpapiHostMsg_ChannelCreated,
448 OnRendererPluginChannelCreated)
449 IPC_MESSAGE_UNHANDLED(handled = false)
450 IPC_END_MESSAGE_MAP()
451 DCHECK(handled);
452 return handled;
455 // Called when the browser <--> plugin channel has been established.
456 void PpapiPluginProcessHost::OnChannelConnected(int32 peer_pid) {
457 // This will actually load the plugin. Errors will actually not be reported
458 // back at this point. Instead, the plugin will fail to establish the
459 // connections when we request them on behalf of the renderer(s).
460 Send(new PpapiMsg_LoadPlugin(plugin_path_, permissions_));
462 // Process all pending channel requests from the renderers.
463 for (size_t i = 0; i < pending_requests_.size(); i++)
464 RequestPluginChannel(pending_requests_[i]);
465 pending_requests_.clear();
468 // Called when the browser <--> plugin channel has an error. This normally
469 // means the plugin has crashed.
470 void PpapiPluginProcessHost::OnChannelError() {
471 VLOG(1) << "PpapiPluginProcessHost" << (is_broker_ ? "[broker]" : "")
472 << "::OnChannelError()";
473 // We don't need to notify the renderers that were communicating with the
474 // plugin since they have their own channels which will go into the error
475 // state at the same time. Instead, we just need to notify any renderers
476 // that have requested a connection but have not yet received one.
477 CancelRequests();
480 void PpapiPluginProcessHost::CancelRequests() {
481 DVLOG(1) << "PpapiPluginProcessHost" << (is_broker_ ? "[broker]" : "")
482 << "CancelRequests()";
483 for (size_t i = 0; i < pending_requests_.size(); i++) {
484 pending_requests_[i]->OnPpapiChannelOpened(IPC::ChannelHandle(),
485 base::kNullProcessId, 0);
487 pending_requests_.clear();
489 while (!sent_requests_.empty()) {
490 sent_requests_.front()->OnPpapiChannelOpened(IPC::ChannelHandle(),
491 base::kNullProcessId, 0);
492 sent_requests_.pop();
496 // Called when a new plugin <--> renderer channel has been created.
497 void PpapiPluginProcessHost::OnRendererPluginChannelCreated(
498 const IPC::ChannelHandle& channel_handle) {
499 if (sent_requests_.empty())
500 return;
502 // All requests should be processed FIFO, so the next item in the
503 // sent_requests_ queue should be the one that the plugin just created.
504 Client* client = sent_requests_.front();
505 sent_requests_.pop();
507 const ChildProcessData& data = process_->GetData();
508 client->OnPpapiChannelOpened(channel_handle, base::GetProcId(data.handle),
509 data.id);
512 } // namespace content