Report unpermitted interface requests as bad messages

In practice this will result in the browser shooting any renderer which asks for an interface it's not allowed to have. This also adds a browser manifest overlay for chromecast. BUG=None R=ben@chromium.org Review-Url: https://codereview.chromium.org/2374253007 Cr-Commit-Position: refs/heads/master@{#422377}
Denger-Network · Oct 3, 2016 · 9759715 · 9759715
1 parent c333ca7
commit 9759715
Show file tree

Hide file tree

Showing 9 changed files with 72 additions and 4 deletions.
diff --git a/chromecast/BUILD.gn b/chromecast/BUILD.gn
@@ -321,6 +321,7 @@ repack("cast_shell_pak") {
     "$root_gen_dir/blink/public/resources/blink_image_resources_100_percent.pak",
     "$root_gen_dir/blink/public/resources/blink_resources.pak",
     "$root_gen_dir/chromecast/app/shell_resources.pak",
+    "$root_gen_dir/chromecast/browser/cast_browser_resources.pak",
     "$root_gen_dir/content/app/resources/content_resources_100_percent.pak",
     "$root_gen_dir/content/app/strings/content_strings_en-US.pak",
     "$root_gen_dir/content/content_resources.pak",
@@ -335,6 +336,7 @@ repack("cast_shell_pak") {
 
   deps = [
     "//chromecast/app:resources",
+    "//chromecast/browser:resources",
     "//content:resources",
     "//content/app/resources",
     "//content/app/strings",

diff --git a/chromecast/browser/BUILD.gn b/chromecast/browser/BUILD.gn
@@ -2,9 +2,10 @@
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
+import("//build/config/ui.gni")
 import("//chromecast/chromecast.gni")
 import("//testing/test.gni")
-import("//build/config/ui.gni")
+import("//tools/grit/grit_rule.gni")
 
 if (is_android) {
   import("//build/config/android/rules.gni")
@@ -85,6 +86,7 @@ source_set("browser") {
     "//chromecast/base",
     "//chromecast/base:cast_sys_info",
     "//chromecast/base:cast_version",
+    "//chromecast/browser:resources",
     "//chromecast/common",
     "//chromecast/common/media",
     "//chromecast/graphics",
@@ -140,6 +142,20 @@ source_set("browser") {
   }
 }
 
+grit("resources") {
+  visibility = [
+    ":browser",
+    "//chromecast:cast_shell_pak",
+  ]
+  source = "cast_browser_resources.grd"
+  use_qualified_include = true
+  output_dir = "$root_gen_dir/chromecast/browser"
+  outputs = [
+    "grit/cast_browser_resources.h",
+    "cast_browser_resources.pak",
+  ]
+}
+
 source_set("test_support") {
   testonly = true
 

diff --git a/chromecast/browser/cast_browser_resources.grd b/chromecast/browser/cast_browser_resources.grd
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<grit current_release="1" latest_public_release="0" output_all_resource_defines="false">
+  <outputs>
+    <output filename="grit/cast_browser_resources.h" type="rc_header">
+      <emit emit_type='prepend'></emit>
+    </output>
+    <output filename="cast_browser_resources.pak" type="data_package" />
+  </outputs>
+  <release seq="1">
+    <includes>
+      <include name="IDR_CAST_CONTENT_BROWSER_MANIFEST_OVERLAY" file="cast_content_browser_manifest_overlay.json" type="BINDATA" />
+    </includes>
+  </release>
+</grit>
diff --git a/chromecast/browser/cast_content_browser_client.cc b/chromecast/browser/cast_content_browser_client.cc
@@ -13,6 +13,7 @@
 #include "base/command_line.h"
 #include "base/files/scoped_file.h"
 #include "base/i18n/rtl.h"
+#include "base/json/json_reader.h"
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
 #include "base/path_service.h"
@@ -30,6 +31,7 @@
 #include "chromecast/browser/cast_quota_permission_context.h"
 #include "chromecast/browser/cast_resource_dispatcher_host_delegate.h"
 #include "chromecast/browser/devtools/cast_devtools_delegate.h"
+#include "chromecast/browser/grit/cast_browser_resources.h"
 #include "chromecast/browser/media/media_caps_impl.h"
 #include "chromecast/browser/service/cast_service_simple.h"
 #include "chromecast/browser/url_request_context_factory.h"
@@ -48,11 +50,13 @@
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/content_descriptors.h"
 #include "content/public/common/content_switches.h"
+#include "content/public/common/service_names.h"
 #include "content/public/common/url_constants.h"
 #include "content/public/common/web_preferences.h"
 #include "net/ssl/ssl_cert_request_info.h"
 #include "net/url_request/url_request_context_getter.h"
 #include "services/shell/public/cpp/interface_registry.h"
+#include "ui/base/resource/resource_bundle.h"
 #include "ui/display/display.h"
 #include "ui/display/screen.h"
 #include "ui/gl/gl_switches.h"
@@ -431,6 +435,18 @@ void CastContentBrowserClient::RegisterInProcessMojoApplications(
 #endif
 }
 
+std::unique_ptr<base::Value>
+CastContentBrowserClient::GetServiceManifestOverlay(
+    const std::string& service_name) {
+  ResourceBundle& rb = ResourceBundle::GetSharedInstance();
+  if (service_name != content::kBrowserMojoApplicationName)
+    return nullptr;
+  base::StringPiece manifest_contents =
+      rb.GetRawDataResourceForScale(IDR_CAST_CONTENT_BROWSER_MANIFEST_OVERLAY,
+                                    ui::ScaleFactor::SCALE_FACTOR_NONE);
+  return base::JSONReader::Read(manifest_contents);
+}
+
 #if defined(OS_ANDROID)
 
 void CastContentBrowserClient::GetAdditionalMappedFilesForChildProcess(

diff --git a/chromecast/browser/cast_content_browser_client.h b/chromecast/browser/cast_content_browser_client.h
@@ -153,6 +153,8 @@ class CastContentBrowserClient : public content::ContentBrowserClient {
       content::RenderProcessHost* render_process_host) override;
   void RegisterInProcessMojoApplications(
       StaticMojoApplicationMap* apps) override;
+  std::unique_ptr<base::Value> GetServiceManifestOverlay(
+      const std::string& service_name) override;
 #if defined(OS_ANDROID)
   void GetAdditionalMappedFilesForChildProcess(
       const base::CommandLine& command_line,

diff --git a/chromecast/browser/cast_content_browser_manifest_overlay.json b/chromecast/browser/cast_content_browser_manifest_overlay.json
@@ -0,0 +1,9 @@
+{
+  "capabilities": {
+    "provided": {
+      "renderer": [
+        "chromecast::media::mojom::MediaCaps"
+      ]
+    }
+  }
+}
diff --git a/content/browser/renderer_host/render_process_host_impl.cc b/content/browser/renderer_host/render_process_host_impl.cc
@@ -2995,6 +2995,7 @@ void RenderProcessHostImpl::OnMojoError(
     task_runner->PostTask(FROM_HERE,
                           base::Bind(&RenderProcessHostImpl::OnMojoError,
                                      process, task_runner, error));
+    return;
   }
   if (!process)
     return;

diff --git a/services/shell/public/cpp/lib/interface_registry.cc b/services/shell/public/cpp/lib/interface_registry.cc
@@ -4,6 +4,9 @@
 
 #include "services/shell/public/cpp/interface_registry.h"
 
+#include <sstream>
+
+#include "mojo/public/cpp/bindings/message.h"
 #include "services/shell/public/cpp/connection.h"
 
 namespace shell {
@@ -90,9 +93,11 @@ void InterfaceRegistry::GetInterface(const std::string& interface_name,
                                 interface_name,
                                 std::move(handle));
   } else if (!CanBindRequestForInterface(interface_name)) {
-    LOG(ERROR) << "Capability spec prevented service: "
-               << remote_identity_.name()
-               << " from binding interface: " << interface_name;
+    std::stringstream ss;
+    ss << "Capability spec prevented service " << remote_identity_.name()
+       << " from binding interface: " << interface_name;
+    LOG(ERROR) << ss.str();
+    mojo::ReportBadMessage(ss.str());
   } else if (!default_binder_.is_null()) {
     default_binder_.Run(interface_name, std::move(handle));
   } else {

diff --git a/tools/gritsettings/resource_ids b/tools/gritsettings/resource_ids
@@ -289,6 +289,9 @@
   "blimp/engine/app/blimp_browser_resources.grd": {
     "includes": [30680],
   },
+  "chromecast/browser/cast_browser_resources.grd": {
+    "includes": [30690],
+  },
 
   # Resource ids starting at 31000 are reserved for projects built on Chromium.
 }