Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / win8 / delegate_execute / command_execute_impl.cc
blobcce0b35c32b2aafbdcc0e5686a02cd42a8ef10ed
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 // Implementation of the CommandExecuteImpl class which implements the
5 // IExecuteCommand and related interfaces for handling ShellExecute based
6 // launches of the Chrome browser.
8 #include "win8/delegate_execute/command_execute_impl.h"
10 #include <shlguid.h>
12 #include "base/files/file_util.h"
13 #include "base/path_service.h"
14 #include "base/process/launch.h"
15 #include "base/strings/utf_string_conversions.h"
16 #include "base/win/registry.h"
17 #include "base/win/scoped_co_mem.h"
18 #include "base/win/scoped_handle.h"
19 #include "base/win/scoped_process_information.h"
20 #include "base/win/win_util.h"
21 #include "base/win/windows_version.h"
22 #include "chrome/common/chrome_constants.h"
23 #include "chrome/common/chrome_paths.h"
24 #include "chrome/common/chrome_switches.h"
25 #include "chrome/installer/util/browser_distribution.h"
26 #include "chrome/installer/util/install_util.h"
27 #include "chrome/installer/util/shell_util.h"
28 #include "chrome/installer/util/util_constants.h"
29 #include "ui/base/clipboard/clipboard_util_win.h"
30 #include "ui/base/ui_base_switches.h"
31 #include "ui/gfx/win/dpi.h"
32 #include "ui/gfx/win/metro_mode.h"
33 #include "win8/delegate_execute/chrome_util.h"
34 #include "win8/delegate_execute/delegate_execute_util.h"
35 #include "win8/viewer/metro_viewer_constants.h"
37 namespace {
38 // Helper function to retrieve the url from IShellItem interface passed in.
39 // Returns S_OK on success.
40 HRESULT GetUrlFromShellItem(IShellItem* shell_item, base::string16* url) {
41 DCHECK(shell_item);
42 DCHECK(url);
43 // First attempt to get the url from the underlying IDataObject if any. This
44 // ensures that we get the full url, i.e. including the anchor.
45 // If we fail to get the underlying IDataObject we retrieve the url via the
46 // IShellItem::GetDisplayName function.
47 CComPtr<IDataObject> object;
48 HRESULT hr = shell_item->BindToHandler(NULL,
49 BHID_DataObject,
50 IID_IDataObject,
51 reinterpret_cast<void**>(&object));
52 if (SUCCEEDED(hr)) {
53 DCHECK(object);
54 if (ui::ClipboardUtil::GetPlainText(object, url))
55 return S_OK;
58 base::win::ScopedCoMem<wchar_t> name;
59 hr = shell_item->GetDisplayName(SIGDN_URL, &name);
60 if (hr != S_OK) {
61 AtlTrace("Failed to get display name\n");
62 return hr;
65 *url = static_cast<const wchar_t*>(name);
66 AtlTrace("Retrieved url from display name %ls\n", url->c_str());
67 return S_OK;
70 bool LaunchChromeBrowserProcess() {
71 base::FilePath delegate_exe_path;
72 if (!PathService::Get(base::FILE_EXE, &delegate_exe_path))
73 return false;
75 // First try and go up a level to find chrome.exe.
76 base::FilePath chrome_exe_path =
77 delegate_exe_path.DirName()
78 .DirName()
79 .Append(chrome::kBrowserProcessExecutableName);
80 if (!base::PathExists(chrome_exe_path)) {
81 // Try looking in the current directory if we couldn't find it one up in
82 // order to support developer installs.
83 chrome_exe_path =
84 delegate_exe_path.DirName()
85 .Append(chrome::kBrowserProcessExecutableName);
88 if (!base::PathExists(chrome_exe_path)) {
89 AtlTrace("Could not locate chrome.exe at: %ls\n",
90 chrome_exe_path.value().c_str());
91 return false;
94 base::CommandLine cl(chrome_exe_path);
96 // Prevent a Chrome window from showing up on the desktop.
97 cl.AppendSwitch(switches::kSilentLaunch);
99 // Tell Chrome to connect to the Metro viewer process.
100 cl.AppendSwitch(switches::kViewerConnect);
102 base::LaunchOptions launch_options;
103 launch_options.start_hidden = true;
105 return base::LaunchProcess(cl, launch_options).IsValid();
108 } // namespace
110 bool CommandExecuteImpl::path_provider_initialized_ = false;
112 // CommandExecuteImpl is responsible for activating chrome in Windows 8. The
113 // flow is complicated and this tries to highlight the important events.
114 // The current approach is to have a single instance of chrome either
115 // running in desktop or metro mode. If there is no current instance then
116 // the desktop shortcut launches desktop chrome and the metro tile or search
117 // charm launches metro chrome.
118 // If chrome is running then focus/activation is given to the existing one
119 // regardless of what launch point the user used.
121 // The general flow for activation is as follows:
123 // 1- User interacts with launch point (icon, tile, search, shellexec, etc)
124 // 2- Windows finds the appid for launch item and resolves it to chrome
125 // 3- Windows activates CommandExecuteImpl inside a surrogate process
126 // 4- Windows calls the following sequence of entry points:
127 // CommandExecuteImpl::SetShowWindow
128 // CommandExecuteImpl::SetPosition
129 // CommandExecuteImpl::SetDirectory
130 // CommandExecuteImpl::SetParameter
131 // CommandExecuteImpl::SetNoShowUI
132 // CommandExecuteImpl::SetSelection
133 // CommandExecuteImpl::Initialize
134 // Up to this point the code basically just gathers values passed in, like
135 // the launch scheme (or url) and the activation verb.
136 // 5- Windows calls CommandExecuteImpl::Getvalue()
137 // Here we need to return AHE_IMMERSIVE or AHE_DESKTOP. That depends on:
138 // a) if run in high-integrity return AHE_DESKTOP.
139 // b) else we return what GetLaunchMode() tells us, which is:
140 // i) if chrome is not the default browser, return AHE_DESKTOP
141 // ii) if the command line --force-xxx is present return that
142 // iii) if the registry 'launch_mode' exists return that
143 // iv) else return AHE_DESKTOP
144 // 6- If we returned AHE_IMMERSIVE in step 5 windows might not call us back
145 // and simply activate chrome in metro by itself, however in some cases
146 // it might proceed at step 7.
147 // As far as we know if we return AHE_DESKTOP then step 7 always happens.
148 // 7- Windows calls CommandExecuteImpl::Execute()
149 // Here we call GetLaunchMode() which returns the cached answer
150 // computed at step 5c. which can be:
151 // a) ECHUIM_DESKTOP then we call LaunchDesktopChrome() that calls
152 // ::CreateProcess and we exit at this point even on failure.
153 // b) else we call one of the IApplicationActivationManager activation
154 // functions depending on the parameters passed in step 4.
155 // c) If the activation returns E_APPLICATION_NOT_REGISTERED, then we fall
156 // back to launching chrome on the desktop via LaunchDestopChrome(). Note
157 // that this case can lead to strange behavior, because at this point we
158 // have pre-launched the browser with:
159 // --silent-launch --connect-to-metro-viewer.
160 // E_APPLICATION_NOT_REGISTERED is always returned if Chrome is not the
161 // default browser (this case will have already been checked for by
162 // GetLaunchMode() and AHE_DESKTOP returned), but we don't know if it can
163 // be returned for other reasons.
165 // Note that if a command line --force-xxx is present we write that launch mode
166 // in the registry so next time the logic reaches 5c-ii it will use the same
167 // mode again.
169 CommandExecuteImpl::CommandExecuteImpl()
170 : parameters_(base::CommandLine::NO_PROGRAM),
171 launch_scheme_(INTERNET_SCHEME_DEFAULT),
172 integrity_level_(base::INTEGRITY_UNKNOWN) {
173 memset(&start_info_, 0, sizeof(start_info_));
174 start_info_.cb = sizeof(start_info_);
176 // We need to query the user data dir of chrome so we need chrome's
177 // path provider. We can be created multiple times in a single instance
178 // however so make sure we do this only once.
179 if (!path_provider_initialized_) {
180 chrome::RegisterPathProvider();
181 path_provider_initialized_ = true;
185 CommandExecuteImpl::~CommandExecuteImpl() {
188 // CommandExecuteImpl
189 STDMETHODIMP CommandExecuteImpl::SetKeyState(DWORD key_state) {
190 return S_OK;
193 STDMETHODIMP CommandExecuteImpl::SetParameters(LPCWSTR params) {
194 parameters_ = delegate_execute::CommandLineFromParameters(params);
195 return S_OK;
198 STDMETHODIMP CommandExecuteImpl::SetPosition(POINT pt) {
199 return S_OK;
202 STDMETHODIMP CommandExecuteImpl::SetShowWindow(int show) {
203 start_info_.wShowWindow = show;
204 start_info_.dwFlags |= STARTF_USESHOWWINDOW;
205 return S_OK;
208 STDMETHODIMP CommandExecuteImpl::SetNoShowUI(BOOL no_show_ui) {
209 return S_OK;
212 STDMETHODIMP CommandExecuteImpl::SetDirectory(LPCWSTR directory) {
213 return S_OK;
216 STDMETHODIMP CommandExecuteImpl::GetValue(enum AHE_TYPE* pahe) {
217 if (!GetLaunchScheme(&display_name_, &launch_scheme_)) {
218 AtlTrace("Failed to get scheme, E_FAIL\n");
219 return E_FAIL;
222 EC_HOST_UI_MODE mode = GetLaunchMode();
223 *pahe = (mode == ECHUIM_DESKTOP) ? AHE_DESKTOP : AHE_IMMERSIVE;
225 // If we're going to return AHE_IMMERSIVE, then both the browser process and
226 // the metro viewer need to launch and connect before the user can start
227 // browsing. However we must not launch the metro viewer until we get a
228 // call to CommandExecuteImpl::Execute(). If we wait until then to launch
229 // the browser process as well, it will appear laggy while they connect to
230 // each other, so we pre-launch the browser process now.
231 if (*pahe == AHE_IMMERSIVE && verb_ != win8::kMetroViewerConnectVerb) {
232 LaunchChromeBrowserProcess();
234 return S_OK;
237 STDMETHODIMP CommandExecuteImpl::Execute() {
238 AtlTrace("In %hs\n", __FUNCTION__);
240 if (integrity_level_ == base::HIGH_INTEGRITY)
241 return LaunchDesktopChrome();
243 EC_HOST_UI_MODE mode = GetLaunchMode();
244 if (mode == ECHUIM_DESKTOP)
245 return LaunchDesktopChrome();
247 HRESULT hr = E_FAIL;
248 CComPtr<IApplicationActivationManager> activation_manager;
249 hr = activation_manager.CoCreateInstance(CLSID_ApplicationActivationManager);
250 if (!activation_manager) {
251 AtlTrace("Failed to get the activation manager, error 0x%x\n", hr);
252 return S_OK;
255 BrowserDistribution* distribution = BrowserDistribution::GetDistribution();
256 bool is_per_user_install = InstallUtil::IsPerUserInstall(chrome_exe_);
257 base::string16 app_id = ShellUtil::GetBrowserModelId(
258 distribution, is_per_user_install);
260 DWORD pid = 0;
261 if (launch_scheme_ == INTERNET_SCHEME_FILE &&
262 display_name_.find(installer::kChromeExe) != base::string16::npos) {
263 AtlTrace("Activating for file\n");
264 hr = activation_manager->ActivateApplication(app_id.c_str(),
265 verb_.c_str(),
266 AO_NONE,
267 &pid);
268 } else {
269 AtlTrace("Activating for protocol\n");
270 hr = activation_manager->ActivateForProtocol(app_id.c_str(),
271 item_array_,
272 &pid);
274 if (hr == E_APPLICATION_NOT_REGISTERED) {
275 AtlTrace("Metro chrome is not registered, launching in desktop\n");
276 return LaunchDesktopChrome();
278 AtlTrace("Metro Chrome launch, pid=%d, returned 0x%x\n", pid, hr);
279 return S_OK;
282 STDMETHODIMP CommandExecuteImpl::Initialize(LPCWSTR name,
283 IPropertyBag* bag) {
284 if (!FindChromeExe(&chrome_exe_))
285 return E_FAIL;
286 delegate_execute::UpdateChromeIfNeeded(chrome_exe_);
288 if (name) {
289 AtlTrace("Verb is %S\n", name);
290 verb_ = name;
293 integrity_level_ = base::GetCurrentProcessIntegrityLevel();
294 return S_OK;
297 STDMETHODIMP CommandExecuteImpl::SetSelection(IShellItemArray* item_array) {
298 item_array_ = item_array;
299 return S_OK;
302 STDMETHODIMP CommandExecuteImpl::GetSelection(REFIID riid, void** selection) {
303 return S_OK;
306 STDMETHODIMP CommandExecuteImpl::AllowForegroundTransfer(void* reserved) {
307 return S_OK;
310 // Returns false if chrome.exe cannot be found.
311 // static
312 bool CommandExecuteImpl::FindChromeExe(base::FilePath* chrome_exe) {
313 // Look for chrome.exe one folder above delegate_execute.exe (as expected in
314 // Chrome installs). Failing that, look for it alonside delegate_execute.exe.
315 base::FilePath dir_exe;
316 if (!PathService::Get(base::DIR_EXE, &dir_exe)) {
317 AtlTrace("Failed to get current exe path\n");
318 return false;
321 *chrome_exe = dir_exe.DirName().Append(chrome::kBrowserProcessExecutableName);
322 if (!base::PathExists(*chrome_exe)) {
323 *chrome_exe = dir_exe.Append(chrome::kBrowserProcessExecutableName);
324 if (!base::PathExists(*chrome_exe)) {
325 AtlTrace("Failed to find chrome exe file\n");
326 return false;
329 return true;
332 bool CommandExecuteImpl::GetLaunchScheme(
333 base::string16* display_name, INTERNET_SCHEME* scheme) {
334 if (!item_array_)
335 return false;
337 ATLASSERT(display_name);
338 ATLASSERT(scheme);
340 DWORD count = 0;
341 item_array_->GetCount(&count);
343 if (count != 1) {
344 AtlTrace("Cannot handle %d elements in the IShellItemArray\n", count);
345 return false;
348 CComPtr<IEnumShellItems> items;
349 item_array_->EnumItems(&items);
350 CComPtr<IShellItem> shell_item;
351 HRESULT hr = items->Next(1, &shell_item, &count);
352 if (hr != S_OK) {
353 AtlTrace("Failed to read element from the IShellItemsArray\n");
354 return false;
357 hr = GetUrlFromShellItem(shell_item, display_name);
358 if (FAILED(hr)) {
359 AtlTrace("Failed to get url. Error 0x%x\n", hr);
360 return false;
363 wchar_t scheme_name[16];
364 URL_COMPONENTS components = {0};
365 components.lpszScheme = scheme_name;
366 components.dwSchemeLength = sizeof(scheme_name)/sizeof(scheme_name[0]);
368 components.dwStructSize = sizeof(components);
369 if (!InternetCrackUrlW(display_name->c_str(), 0, 0, &components)) {
370 AtlTrace("Failed to crack url %ls\n", display_name->c_str());
371 return false;
374 AtlTrace("Launch scheme is [%ls] (%d)\n", scheme_name, components.nScheme);
375 *scheme = components.nScheme;
376 return true;
379 HRESULT CommandExecuteImpl::LaunchDesktopChrome() {
380 base::string16 display_name = display_name_;
382 switch (launch_scheme_) {
383 case INTERNET_SCHEME_FILE:
384 // If anything other than chrome.exe is passed in the display name we
385 // should honor it. For e.g. If the user clicks on a html file when
386 // chrome is the default we should treat it as a parameter to be passed
387 // to chrome.
388 if (display_name.find(installer::kChromeExe) != base::string16::npos)
389 display_name.clear();
390 break;
392 default:
393 break;
396 base::CommandLine chrome(delegate_execute::MakeChromeCommandLine(
397 chrome_exe_, parameters_, display_name));
398 base::string16 command_line(chrome.GetCommandLineString());
400 AtlTrace("Formatted command line is %ls\n", command_line.c_str());
402 PROCESS_INFORMATION temp_process_info = {};
403 BOOL ret = CreateProcess(chrome_exe_.value().c_str(),
404 &command_line[0],
405 NULL, NULL, FALSE, 0, NULL, NULL, &start_info_,
406 &temp_process_info);
407 if (ret) {
408 base::win::ScopedProcessInformation proc_info(temp_process_info);
409 AtlTrace("Process id is %d\n", proc_info.process_id());
410 AllowSetForegroundWindow(proc_info.process_id());
411 } else {
412 AtlTrace("Process launch failed, error %d\n", ::GetLastError());
415 return S_OK;
418 EC_HOST_UI_MODE CommandExecuteImpl::GetLaunchMode() {
419 // See the header file for an explanation of the mode selection logic.
420 static bool launch_mode_determined = false;
421 static EC_HOST_UI_MODE launch_mode = ECHUIM_DESKTOP;
423 const char* modes[] = { "Desktop", "Immersive", "SysLauncher", "??" };
425 if (launch_mode_determined)
426 return launch_mode;
428 if (integrity_level_ == base::HIGH_INTEGRITY) {
429 // Metro mode apps don't work in high integrity mode.
430 AtlTrace("High integrity: launching in desktop mode\n");
431 launch_mode = ECHUIM_DESKTOP;
432 launch_mode_determined = true;
433 return launch_mode;
436 base::FilePath chrome_exe;
437 if (!FindChromeExe(&chrome_exe) ||
438 ShellUtil::GetChromeDefaultStateFromPath(chrome_exe) !=
439 ShellUtil::IS_DEFAULT) {
440 AtlTrace("Chrome is not default: launching in desktop mode\n");
441 launch_mode = ECHUIM_DESKTOP;
442 launch_mode_determined = true;
443 return launch_mode;
446 if (GetAsyncKeyState(VK_SHIFT) && GetAsyncKeyState(VK_F11)) {
447 AtlTrace("Hotkey: launching in immersive mode\n");
448 launch_mode = ECHUIM_IMMERSIVE;
449 launch_mode_determined = true;
450 return launch_mode;
453 // From here on, if we can, we will write the outcome
454 // of this function to the registry.
455 if (parameters_.HasSwitch(switches::kForceImmersive)) {
456 launch_mode = ECHUIM_IMMERSIVE;
457 launch_mode_determined = true;
458 parameters_ = base::CommandLine(base::CommandLine::NO_PROGRAM);
459 } else if (parameters_.HasSwitch(switches::kForceDesktop)) {
460 launch_mode = ECHUIM_DESKTOP;
461 launch_mode_determined = true;
462 parameters_ = base::CommandLine(base::CommandLine::NO_PROGRAM);
465 base::win::RegKey reg_key;
466 LONG key_result = reg_key.Create(HKEY_CURRENT_USER,
467 chrome::kMetroRegistryPath,
468 KEY_ALL_ACCESS);
469 if (key_result != ERROR_SUCCESS) {
470 AtlTrace("Failed to open HKCU %ls key, error 0x%x\n",
471 chrome::kMetroRegistryPath,
472 key_result);
473 if (!launch_mode_determined) {
474 // If we cannot open the key and we don't know the
475 // launch mode we default to desktop mode.
476 launch_mode = ECHUIM_DESKTOP;
477 launch_mode_determined = true;
479 return launch_mode;
482 if (launch_mode_determined) {
483 AtlTrace("Launch mode forced by cmdline to %s\n", modes[launch_mode]);
484 reg_key.WriteValue(chrome::kLaunchModeValue,
485 static_cast<DWORD>(launch_mode));
486 return launch_mode;
489 if (!gfx::win::ShouldUseMetroMode()) {
490 launch_mode = ECHUIM_DESKTOP;
491 launch_mode_determined = true;
492 return launch_mode;
495 // Use the previous mode if available. Else launch in desktop mode.
496 DWORD reg_value;
497 if (reg_key.ReadValueDW(chrome::kLaunchModeValue,
498 &reg_value) != ERROR_SUCCESS) {
499 launch_mode = ECHUIM_DESKTOP;
500 AtlTrace("Can't read registry, defaulting to %s\n", modes[launch_mode]);
501 } else if (reg_value >= ECHUIM_SYSTEM_LAUNCHER) {
502 AtlTrace("Invalid registry launch mode value %u\n", reg_value);
503 launch_mode = ECHUIM_DESKTOP;
504 } else {
505 launch_mode = static_cast<EC_HOST_UI_MODE>(reg_value);
506 AtlTrace("Launch mode forced by registry to %s\n", modes[launch_mode]);
509 launch_mode_determined = true;
510 return launch_mode;