Move the rest of the core files in chrome\browser to content\browser.
TBR=avi
Review URL: http://codereview.chromium.org/6538111
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@75711 0039d316-1c4b-4281-b951-d872f2087c98
diff --git a/content/DEPS b/content/DEPS
index bd39303..ffab3e2 100644
--- a/content/DEPS
+++ b/content/DEPS
@@ -13,6 +13,7 @@
"+net",
"+ppapi",
"+printing",
+ "+sandbox",
"+skia",
# Don't allow inclusion of these other libs we shouldn't be calling directly.
diff --git a/content/browser/gpu.sb b/content/browser/gpu.sb
new file mode 100644
index 0000000..346bcfa
--- /dev/null
+++ b/content/browser/gpu.sb
@@ -0,0 +1,18 @@
+;;
+;; Copyright (c) 2010 The Chromium Authors. All rights reserved.
+;; Use of this source code is governed by a BSD-style license that can be
+;; found in the LICENSE file.
+;;
+
+; *** The contents of chrome/common/common.sb are implicitly included here. ***
+
+; The GPU process opens a shared memory file to communicate with the renderer.
+; This is backed by a file in /var/folders.
+; TODO(thakis): Let the browser allocated the pipe and hand the handles to
+; renderer and GPU process and remove this: http://crbug.com/65344
+(allow file-read* file-write* (regex "^/(private/)?(tmp|var)(/|$)"))
+
+; Allow communication between the GPU process and the UI server.
+(allow mach-lookup (global-name "com.apple.tsm.uiserver"))
+
+(allow file-read-metadata (literal "/"))
diff --git a/content/browser/gpu_blacklist.cc b/content/browser/gpu_blacklist.cc
new file mode 100644
index 0000000..544a656
--- /dev/null
+++ b/content/browser/gpu_blacklist.cc
@@ -0,0 +1,577 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/gpu_blacklist.h"
+
+#include "base/json/json_reader.h"
+#include "base/logging.h"
+#include "base/string_number_conversions.h"
+#include "base/string_util.h"
+#include "base/stringprintf.h"
+#include "base/sys_info.h"
+#include "base/values.h"
+#include "base/version.h"
+#include "chrome/common/gpu_info.h"
+
+GpuBlacklist::VersionInfo::VersionInfo(const std::string& version_op,
+ const std::string& version_string,
+ const std::string& version_string2) {
+ op_ = StringToOp(version_op);
+ if (op_ == kUnknown || op_ == kAny)
+ return;
+ version_.reset(Version::GetVersionFromString(version_string));
+ if (version_.get() == NULL) {
+ op_ = kUnknown;
+ return;
+ }
+ if (op_ == kBetween) {
+ version2_.reset(Version::GetVersionFromString(version_string2));
+ if (version2_.get() == NULL)
+ op_ = kUnknown;
+ }
+}
+
+GpuBlacklist::VersionInfo::~VersionInfo() {
+}
+
+bool GpuBlacklist::VersionInfo::Contains(const Version& version) const {
+ if (op_ == kUnknown)
+ return false;
+ if (op_ == kAny)
+ return true;
+ if (op_ == kEQ) {
+ // Handles cases where 10.6 is considered as containing 10.6.*.
+ const std::vector<uint16>& components_reference = version_->components();
+ const std::vector<uint16>& components = version.components();
+ for (size_t i = 0; i < components_reference.size(); ++i) {
+ if (i >= components.size() && components_reference[i] != 0)
+ return false;
+ if (components[i] != components_reference[i])
+ return false;
+ }
+ return true;
+ }
+ int relation = version.CompareTo(*version_);
+ if (op_ == kEQ)
+ return (relation == 0);
+ else if (op_ == kLT)
+ return (relation < 0);
+ else if (op_ == kLE)
+ return (relation <= 0);
+ else if (op_ == kGT)
+ return (relation > 0);
+ else if (op_ == kGE)
+ return (relation >= 0);
+ // op_ == kBetween
+ if (relation < 0)
+ return false;
+ return version.CompareTo(*version2_) <= 0;
+}
+
+bool GpuBlacklist::VersionInfo::IsValid() const {
+ return op_ != kUnknown;
+}
+
+GpuBlacklist::VersionInfo::Op GpuBlacklist::VersionInfo::StringToOp(
+ const std::string& version_op) {
+ if (version_op == "=")
+ return kEQ;
+ else if (version_op == "<")
+ return kLT;
+ else if (version_op == "<=")
+ return kLE;
+ else if (version_op == ">")
+ return kGT;
+ else if (version_op == ">=")
+ return kGE;
+ else if (version_op == "any")
+ return kAny;
+ else if (version_op == "between")
+ return kBetween;
+ return kUnknown;
+}
+
+GpuBlacklist::OsInfo::OsInfo(const std::string& os,
+ const std::string& version_op,
+ const std::string& version_string,
+ const std::string& version_string2) {
+ type_ = StringToOsType(os);
+ if (type_ != kOsUnknown) {
+ version_info_.reset(
+ new VersionInfo(version_op, version_string, version_string2));
+ }
+}
+
+GpuBlacklist::OsInfo::~OsInfo() {}
+
+bool GpuBlacklist::OsInfo::Contains(OsType type,
+ const Version& version) const {
+ if (!IsValid())
+ return false;
+ if (type_ != type && type_ != kOsAny)
+ return false;
+ return version_info_->Contains(version);
+}
+
+bool GpuBlacklist::OsInfo::IsValid() const {
+ return type_ != kOsUnknown && version_info_->IsValid();
+}
+
+GpuBlacklist::OsType GpuBlacklist::OsInfo::type() const {
+ return type_;
+}
+
+GpuBlacklist::OsType GpuBlacklist::OsInfo::StringToOsType(
+ const std::string& os) {
+ if (os == "win")
+ return kOsWin;
+ else if (os == "macosx")
+ return kOsMacosx;
+ else if (os == "linux")
+ return kOsLinux;
+ else if (os == "any")
+ return kOsAny;
+ return kOsUnknown;
+}
+
+GpuBlacklist::StringInfo::StringInfo(const std::string& string_op,
+ const std::string& string_value) {
+ op_ = StringToOp(string_op);
+ value_ = StringToLowerASCII(string_value);
+}
+
+bool GpuBlacklist::StringInfo::Contains(const std::string& value) const {
+ std::string my_value = StringToLowerASCII(value);
+ switch (op_) {
+ case kContains:
+ return strstr(my_value.c_str(), value_.c_str()) != NULL;
+ case kBeginWith:
+ return StartsWithASCII(my_value, value_, false);
+ case kEndWith:
+ return EndsWith(my_value, value_, false);
+ case kEQ:
+ return value_ == my_value;
+ default:
+ return false;
+ }
+}
+
+bool GpuBlacklist::StringInfo::IsValid() const {
+ return op_ != kUnknown;
+}
+
+GpuBlacklist::StringInfo::Op GpuBlacklist::StringInfo::StringToOp(
+ const std::string& string_op) {
+ if (string_op == "=")
+ return kEQ;
+ else if (string_op == "contains")
+ return kContains;
+ else if (string_op == "beginwith")
+ return kBeginWith;
+ else if (string_op == "endwith")
+ return kEndWith;
+ return kUnknown;
+}
+
+GpuBlacklist::GpuBlacklistEntry*
+GpuBlacklist::GpuBlacklistEntry::GetGpuBlacklistEntryFromValue(
+ DictionaryValue* value) {
+ if (value == NULL)
+ return NULL;
+
+ GpuBlacklistEntry* entry = new GpuBlacklistEntry();
+
+ std::string id;
+ if (!value->GetString("id", &id) || !entry->SetId(id)) {
+ delete entry;
+ return NULL;
+ }
+
+ DictionaryValue* os_value = NULL;
+ if (value->GetDictionary("os", &os_value)) {
+ std::string os_type;
+ std::string os_version_op = "any";
+ std::string os_version_string;
+ std::string os_version_string2;
+ os_value->GetString("type", &os_type);
+ DictionaryValue* os_version_value = NULL;
+ if (os_value->GetDictionary("version", &os_version_value)) {
+ os_version_value->GetString("op", &os_version_op);
+ os_version_value->GetString("number", &os_version_string);
+ os_version_value->GetString("number2", &os_version_string2);
+ }
+ if (!entry->SetOsInfo(os_type, os_version_op, os_version_string,
+ os_version_string2)) {
+ delete entry;
+ return NULL;
+ }
+ }
+
+ std::string vendor_id;
+ if (value->GetString("vendor_id", &vendor_id)) {
+ if (!entry->SetVendorId(vendor_id)) {
+ delete entry;
+ return NULL;
+ }
+ }
+
+ std::string device_id;
+ if (value->GetString("device_id", &device_id)) {
+ if (!entry->SetDeviceId(device_id)) {
+ delete entry;
+ return NULL;
+ }
+ }
+
+ DictionaryValue* driver_vendor_value = NULL;
+ if (value->GetDictionary("driver_vendor", &driver_vendor_value)) {
+ std::string vendor_op;
+ std::string vendor_value;
+ driver_vendor_value->GetString("op", &vendor_op);
+ driver_vendor_value->GetString("value", &vendor_value);
+ if (!entry->SetDriverVendorInfo(vendor_op, vendor_value)) {
+ delete entry;
+ return NULL;
+ }
+ }
+
+ DictionaryValue* driver_version_value = NULL;
+ if (value->GetDictionary("driver_version", &driver_version_value)) {
+ std::string driver_version_op = "any";
+ std::string driver_version_string;
+ std::string driver_version_string2;
+ driver_version_value->GetString("op", &driver_version_op);
+ driver_version_value->GetString("number", &driver_version_string);
+ driver_version_value->GetString("number2", &driver_version_string2);
+ if (!entry->SetDriverVersionInfo(driver_version_op, driver_version_string,
+ driver_version_string2)) {
+ delete entry;
+ return NULL;
+ }
+ }
+
+ DictionaryValue* gl_renderer_value = NULL;
+ if (value->GetDictionary("gl_renderer", &gl_renderer_value)) {
+ std::string renderer_op;
+ std::string renderer_value;
+ gl_renderer_value->GetString("op", &renderer_op);
+ gl_renderer_value->GetString("value", &renderer_value);
+ if (!entry->SetGLRendererInfo(renderer_op, renderer_value)) {
+ delete entry;
+ return NULL;
+ }
+ }
+
+ ListValue* blacklist_value = NULL;
+ if (!value->GetList("blacklist", &blacklist_value)) {
+ delete entry;
+ return NULL;
+ }
+ std::vector<std::string> blacklist;
+ for (size_t i = 0; i < blacklist_value->GetSize(); ++i) {
+ std::string feature;
+ if (blacklist_value->GetString(i, &feature)) {
+ blacklist.push_back(feature);
+ } else {
+ delete entry;
+ return NULL;
+ }
+ }
+ if (!entry->SetBlacklistedFeatures(blacklist)) {
+ delete entry;
+ return NULL;
+ }
+
+ return entry;
+}
+
+GpuBlacklist::GpuBlacklistEntry::~GpuBlacklistEntry() {}
+
+GpuBlacklist::GpuBlacklistEntry::GpuBlacklistEntry()
+ : id_(0),
+ vendor_id_(0),
+ device_id_(0) {
+}
+
+bool GpuBlacklist::GpuBlacklistEntry::SetId(
+ const std::string& id_string) {
+ int my_id;
+ if (base::HexStringToInt(id_string, &my_id) && my_id != 0) {
+ id_ = static_cast<uint32>(my_id);
+ return true;
+ }
+ return false;
+}
+
+bool GpuBlacklist::GpuBlacklistEntry::SetOsInfo(
+ const std::string& os,
+ const std::string& version_op,
+ const std::string& version_string,
+ const std::string& version_string2) {
+ os_info_.reset(new OsInfo(os, version_op, version_string, version_string2));
+ return os_info_->IsValid();
+}
+
+bool GpuBlacklist::GpuBlacklistEntry::SetVendorId(
+ const std::string& vendor_id_string) {
+ vendor_id_ = 0;
+ return base::HexStringToInt(vendor_id_string,
+ reinterpret_cast<int*>(&vendor_id_));
+}
+
+bool GpuBlacklist::GpuBlacklistEntry::SetDeviceId(
+ const std::string& device_id_string) {
+ device_id_ = 0;
+ return base::HexStringToInt(device_id_string,
+ reinterpret_cast<int*>(&device_id_));
+}
+
+bool GpuBlacklist::GpuBlacklistEntry::SetDriverVendorInfo(
+ const std::string& vendor_op,
+ const std::string& vendor_value) {
+ driver_vendor_info_.reset(
+ new StringInfo(vendor_op, vendor_value));
+ return driver_vendor_info_->IsValid();
+}
+
+bool GpuBlacklist::GpuBlacklistEntry::SetDriverVersionInfo(
+ const std::string& version_op,
+ const std::string& version_string,
+ const std::string& version_string2) {
+ driver_version_info_.reset(
+ new VersionInfo(version_op, version_string, version_string2));
+ return driver_version_info_->IsValid();
+}
+
+bool GpuBlacklist::GpuBlacklistEntry::SetGLRendererInfo(
+ const std::string& renderer_op,
+ const std::string& renderer_value) {
+ gl_renderer_info_.reset(
+ new StringInfo(renderer_op, renderer_value));
+ return gl_renderer_info_->IsValid();
+}
+
+bool GpuBlacklist::GpuBlacklistEntry::SetBlacklistedFeatures(
+ const std::vector<std::string>& blacklisted_features) {
+ size_t size = blacklisted_features.size();
+ if (size == 0)
+ return false;
+ uint32 flags = 0;
+ for (size_t i = 0; i < size; ++i) {
+ GpuFeatureFlags::GpuFeatureType type =
+ GpuFeatureFlags::StringToGpuFeatureType(blacklisted_features[i]);
+ switch (type) {
+ case GpuFeatureFlags::kGpuFeatureAccelerated2dCanvas:
+ case GpuFeatureFlags::kGpuFeatureAcceleratedCompositing:
+ case GpuFeatureFlags::kGpuFeatureWebgl:
+ case GpuFeatureFlags::kGpuFeatureAll:
+ flags |= type;
+ break;
+ case GpuFeatureFlags::kGpuFeatureUnknown:
+ return false;
+ }
+ }
+ feature_flags_.reset(new GpuFeatureFlags());
+ feature_flags_->set_flags(flags);
+ return true;
+}
+
+bool GpuBlacklist::GpuBlacklistEntry::Contains(
+ OsType os_type, const Version& os_version, const GPUInfo& gpu_info) const {
+ DCHECK(os_type != kOsAny);
+ if (os_info_.get() != NULL && !os_info_->Contains(os_type, os_version))
+ return false;
+ if (vendor_id_ != 0 && vendor_id_ != gpu_info.vendor_id())
+ return false;
+ if (device_id_ != 0 && device_id_ != gpu_info.device_id())
+ return false;
+ if (driver_vendor_info_.get() != NULL &&
+ !driver_vendor_info_->Contains(gpu_info.driver_vendor()))
+ return false;
+ if (driver_version_info_.get() != NULL) {
+ scoped_ptr<Version> driver_version(
+ Version::GetVersionFromString(gpu_info.driver_version()));
+ if (driver_version.get() == NULL ||
+ !driver_version_info_->Contains(*driver_version))
+ return false;
+ }
+ if (gl_renderer_info_.get() != NULL &&
+ !gl_renderer_info_->Contains(gpu_info.gl_renderer()))
+ return false;
+ return true;
+}
+
+GpuBlacklist::OsType GpuBlacklist::GpuBlacklistEntry::GetOsType() const {
+ if (os_info_.get() == NULL)
+ return kOsAny;
+ return os_info_->type();
+}
+
+uint32 GpuBlacklist::GpuBlacklistEntry::id() const {
+ return id_;
+}
+
+GpuFeatureFlags GpuBlacklist::GpuBlacklistEntry::GetGpuFeatureFlags() const {
+ return *feature_flags_;
+}
+
+GpuBlacklist::GpuBlacklist()
+ : max_entry_id_(0) {
+}
+
+GpuBlacklist::~GpuBlacklist() {
+ Clear();
+}
+
+bool GpuBlacklist::LoadGpuBlacklist(const std::string& json_context,
+ bool current_os_only) {
+ std::vector<GpuBlacklistEntry*> entries;
+ scoped_ptr<Value> root;
+ root.reset(base::JSONReader::Read(json_context, false));
+ if (root.get() == NULL || !root->IsType(Value::TYPE_DICTIONARY))
+ return false;
+
+ DictionaryValue* root_dictionary = static_cast<DictionaryValue*>(root.get());
+ DCHECK(root_dictionary);
+ std::string version_string;
+ root_dictionary->GetString("version", &version_string);
+ version_.reset(Version::GetVersionFromString(version_string));
+ if (version_.get() == NULL)
+ return false;
+
+ ListValue* list = NULL;
+ root_dictionary->GetList("entries", &list);
+ if (list == NULL)
+ return false;
+
+ uint32 max_entry_id = 0;
+ for (size_t i = 0; i < list->GetSize(); ++i) {
+ DictionaryValue* list_item = NULL;
+ bool valid = list->GetDictionary(i, &list_item);
+ if (!valid)
+ break;
+ GpuBlacklistEntry* entry =
+ GpuBlacklistEntry::GetGpuBlacklistEntryFromValue(list_item);
+ if (entry == NULL)
+ break;
+ if (entry->id() > max_entry_id)
+ max_entry_id = entry->id();
+ entries.push_back(entry);
+ }
+
+ if (entries.size() < list->GetSize()) {
+ for (size_t i = 0; i < entries.size(); ++i)
+ delete entries[i];
+ return false;
+ }
+
+ Clear();
+ // Don't apply GPU blacklist for a non-registered OS.
+ OsType os_filter = GetOsType();
+ if (os_filter != kOsUnknown) {
+ for (size_t i = 0; i < entries.size(); ++i) {
+ OsType entry_os = entries[i]->GetOsType();
+ if (!current_os_only ||
+ entry_os == kOsAny || entry_os == os_filter)
+ blacklist_.push_back(entries[i]);
+ else
+ delete entries[i];
+ }
+ }
+ max_entry_id_ = max_entry_id;
+ return true;
+}
+
+GpuFeatureFlags GpuBlacklist::DetermineGpuFeatureFlags(
+ GpuBlacklist::OsType os,
+ Version* os_version,
+ const GPUInfo& gpu_info) {
+ active_entries_.clear();
+ GpuFeatureFlags flags;
+ // No need to go through blacklist entries if GPUInfo isn't available.
+ if (gpu_info.level() == GPUInfo::kUninitialized)
+ return flags;
+
+ if (os == kOsAny)
+ os = GetOsType();
+ scoped_ptr<Version> my_os_version;
+ if (os_version == NULL) {
+ std::string version_string;
+#if defined(OS_MACOSX)
+ // Seems like base::SysInfo::OperatingSystemVersion() returns the wrong
+ // version in MacOsx.
+ int32 version_major, version_minor, version_bugfix;
+ base::SysInfo::OperatingSystemVersionNumbers(
+ &version_major, &version_minor, &version_bugfix);
+ version_string = base::StringPrintf("%d.%d.%d",
+ version_major,
+ version_minor,
+ version_bugfix);
+#else
+ version_string = base::SysInfo::OperatingSystemVersion();
+ size_t pos = version_string.find_first_not_of("0123456789.");
+ if (pos != std::string::npos)
+ version_string = version_string.substr(0, pos);
+#endif
+ my_os_version.reset(Version::GetVersionFromString(version_string));
+ os_version = my_os_version.get();
+ }
+ DCHECK(os_version != NULL);
+
+ for (size_t i = 0; i < blacklist_.size(); ++i) {
+ if (blacklist_[i]->Contains(os, *os_version, gpu_info)) {
+ flags.Combine(blacklist_[i]->GetGpuFeatureFlags());
+ active_entries_.push_back(blacklist_[i]);
+ }
+ }
+ return flags;
+}
+
+void GpuBlacklist::GetGpuFeatureFlagEntries(
+ GpuFeatureFlags::GpuFeatureType feature,
+ std::vector<uint32>& entry_ids) const {
+ entry_ids.clear();
+ for (size_t i = 0; i < active_entries_.size(); ++i) {
+ if ((feature & active_entries_[i]->GetGpuFeatureFlags().flags()) != 0)
+ entry_ids.push_back(active_entries_[i]->id());
+ }
+}
+
+uint32 GpuBlacklist::max_entry_id() const {
+ return max_entry_id_;
+}
+
+bool GpuBlacklist::GetVersion(uint16* major, uint16* minor) const {
+ DCHECK(major && minor);
+ *major = 0;
+ *minor = 0;
+ if (version_.get() == NULL)
+ return false;
+ const std::vector<uint16>& components_reference = version_->components();
+ if (components_reference.size() != 2)
+ return false;
+ *major = components_reference[0];
+ *minor = components_reference[1];
+ return true;
+}
+
+GpuBlacklist::OsType GpuBlacklist::GetOsType() {
+#if defined(OS_WIN)
+ return kOsWin;
+#elif defined(OS_LINUX)
+ return kOsLinux;
+#elif defined(OS_MACOSX)
+ return kOsMacosx;
+#else
+ return kOsUnknown;
+#endif
+}
+
+void GpuBlacklist::Clear() {
+ for (size_t i = 0; i < blacklist_.size(); ++i)
+ delete blacklist_[i];
+ blacklist_.clear();
+ active_entries_.clear();
+}
+
diff --git a/content/browser/gpu_blacklist.h b/content/browser/gpu_blacklist.h
new file mode 100644
index 0000000..f732af9
--- /dev/null
+++ b/content/browser/gpu_blacklist.h
@@ -0,0 +1,227 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_BROWSER_GPU_BLACKLIST_H_
+#define CONTENT_BROWSER_GPU_BLACKLIST_H_
+#pragma once
+
+#include <string>
+#include <vector>
+
+#include "base/basictypes.h"
+#include "base/scoped_ptr.h"
+#include "chrome/common/gpu_feature_flags.h"
+
+class DictionaryValue;
+class GPUInfo;
+class Version;
+
+class GpuBlacklist {
+ public:
+ enum OsType {
+ kOsLinux,
+ kOsMacosx,
+ kOsWin,
+ kOsAny,
+ kOsUnknown
+ };
+
+ GpuBlacklist();
+ ~GpuBlacklist();
+
+ // Loads blacklist information from a json file.
+ // current_os_only==true indicates all blacklist entries that don't belong to
+ // the current OS are discarded; current_os_only==false should only be used
+ // for testing purpose.
+ // If failed, the current GpuBlacklist is un-touched.
+ bool LoadGpuBlacklist(const std::string& json_context,
+ bool current_os_only);
+
+ // Collects system information and combines them with gpu_info and blacklist
+ // information to determine gpu feature flags.
+ // If os is kOsAny, use the current OS; if os_version is null, use the
+ // current OS version.
+ GpuFeatureFlags DetermineGpuFeatureFlags(OsType os,
+ Version* os_version,
+ const GPUInfo& gpu_info);
+
+ // Collects the entries that set the "feature" flag from the last
+ // DetermineGpuFeatureFlags() call. This tells which entries are responsible
+ // for raising a certain flag, i.e, for blacklisting a certain feature.
+ // Examples of "feature":
+ // kGpuFeatureAll - any of the supported features;
+ // kGpuFeatureWebgl - a single feature;
+ // kGpuFeatureWebgl | kGpuFeatureAcceleratedCompositing - two features.
+ void GetGpuFeatureFlagEntries(GpuFeatureFlags::GpuFeatureType feature,
+ std::vector<uint32>& entry_ids) const;
+
+ // Return the largest entry id. This is used for histogramming.
+ uint32 max_entry_id() const;
+
+ // Collects the version of the current blacklist. Returns false and sets
+ // major and minor to 0 on failure.
+ bool GetVersion(uint16* major, uint16* monir) const;
+
+ private:
+ class VersionInfo {
+ public:
+ VersionInfo(const std::string& version_op,
+ const std::string& version_string,
+ const std::string& version_string2);
+ ~VersionInfo();
+
+ // Determines if a given version is included in the VersionInfo range.
+ bool Contains(const Version& version) const;
+
+ // Determines if the VersionInfo contains valid information.
+ bool IsValid() const;
+
+ private:
+ enum Op {
+ kBetween, // <= * <=
+ kEQ, // =
+ kLT, // <
+ kLE, // <=
+ kGT, // >
+ kGE, // >=
+ kAny,
+ kUnknown // Indicates VersionInfo data is invalid.
+ };
+
+ // Maps string to Op; returns kUnknown if it's not a valid Op.
+ static Op StringToOp(const std::string& version_op);
+
+ Op op_;
+ scoped_ptr<Version> version_;
+ scoped_ptr<Version> version2_;
+ };
+
+ class OsInfo {
+ public:
+ OsInfo(const std::string& os,
+ const std::string& version_op,
+ const std::string& version_string,
+ const std::string& version_string2);
+ ~OsInfo();
+
+ // Determines if a given os/version is included in the OsInfo set.
+ bool Contains(OsType type, const Version& version) const;
+
+ // Determines if the VersionInfo contains valid information.
+ bool IsValid() const;
+
+ OsType type() const;
+
+ // Maps string to OsType; returns kOsUnknown if it's not a valid os.
+ static OsType StringToOsType(const std::string& os);
+
+ private:
+ OsType type_;
+ scoped_ptr<VersionInfo> version_info_;
+ };
+
+ class StringInfo {
+ public:
+ StringInfo(const std::string& string_op, const std::string& string_value);
+
+ // Determines if a given string is included in the StringInfo.
+ bool Contains(const std::string& value) const;
+
+ // Determines if the StringInfo contains valid information.
+ bool IsValid() const;
+
+ private:
+ enum Op {
+ kContains,
+ kBeginWith,
+ kEndWith,
+ kEQ, // =
+ kUnknown // Indicates StringInfo data is invalid.
+ };
+
+ // Maps string to Op; returns kUnknown if it's not a valid Op.
+ static Op StringToOp(const std::string& string_op);
+
+ Op op_;
+ std::string value_;
+ };
+
+ class GpuBlacklistEntry {
+ public:
+ // Constructs GpuBlacklistEntry from DictionaryValue loaded from json.
+ static GpuBlacklistEntry* GetGpuBlacklistEntryFromValue(
+ DictionaryValue* value);
+
+ // Determines if a given os/gc/driver is included in the Entry set.
+ bool Contains(OsType os_type,
+ const Version& os_version,
+ const GPUInfo& gpu_info) const;
+
+ // Returns the OsType.
+ OsType GetOsType() const;
+
+ // Returns the entry's unique id. 0 is reserved.
+ uint32 id() const;
+
+ // Returns the GpuFeatureFlags.
+ GpuFeatureFlags GetGpuFeatureFlags() const;
+
+ ~GpuBlacklistEntry();
+
+ private:
+ GpuBlacklistEntry();
+
+ bool SetId(const std::string& id_string);
+
+ bool SetOsInfo(const std::string& os,
+ const std::string& version_op,
+ const std::string& version_string,
+ const std::string& version_string2);
+
+ bool SetVendorId(const std::string& vendor_id_string);
+
+ bool SetDeviceId(const std::string& device_id_string);
+
+ bool SetDriverVendorInfo(const std::string& vendor_op,
+ const std::string& vendor_value);
+
+ bool SetDriverVersionInfo(const std::string& version_op,
+ const std::string& version_string,
+ const std::string& version_string2);
+
+ bool SetGLRendererInfo(const std::string& renderer_op,
+ const std::string& renderer_value);
+
+ bool SetBlacklistedFeatures(
+ const std::vector<std::string>& blacklisted_features);
+
+ uint32 id_;
+ scoped_ptr<OsInfo> os_info_;
+ uint32 vendor_id_;
+ uint32 device_id_;
+ scoped_ptr<StringInfo> driver_vendor_info_;
+ scoped_ptr<VersionInfo> driver_version_info_;
+ scoped_ptr<StringInfo> gl_renderer_info_;
+ scoped_ptr<GpuFeatureFlags> feature_flags_;
+ };
+
+ // Gets the current OS type.
+ static OsType GetOsType();
+
+ void Clear();
+
+ scoped_ptr<Version> version_;
+ std::vector<GpuBlacklistEntry*> blacklist_;
+
+ // This records all the blacklist entries that are appliable to the current
+ // user machine. It is updated everytime DetermineGpuFeatureFlags() is
+ // called and is used later by GetGpuFeatureFlagEntries().
+ std::vector<GpuBlacklistEntry*> active_entries_;
+
+ uint32 max_entry_id_;
+
+ DISALLOW_COPY_AND_ASSIGN(GpuBlacklist);
+};
+
+#endif // CONTENT_BROWSER_GPU_BLACKLIST_H_
diff --git a/content/browser/gpu_blacklist_unittest.cc b/content/browser/gpu_blacklist_unittest.cc
new file mode 100644
index 0000000..e2b496d
--- /dev/null
+++ b/content/browser/gpu_blacklist_unittest.cc
@@ -0,0 +1,176 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <vector>
+
+#include "base/version.h"
+#include "chrome/common/gpu_info.h"
+#include "content/browser/gpu_blacklist.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+TEST(GpuBlacklistTest, BlacklistLogic) {
+ GPUInfo gpu_info;
+ gpu_info.SetVideoCardInfo(0x10de, // Vendor ID
+ 0x0640); // Device ID
+ gpu_info.SetDriverInfo("NVIDIA", // Driver vendor
+ "1.6.18"); // Driver Version
+ gpu_info.SetLevel(GPUInfo::kComplete);
+ scoped_ptr<Version> os_version(Version::GetVersionFromString("10.6.4"));
+
+ GpuBlacklist blacklist;
+
+ // Default blacklist settings: all feature are allowed.
+ GpuFeatureFlags flags = blacklist.DetermineGpuFeatureFlags(
+ GpuBlacklist::kOsMacosx, os_version.get(), gpu_info);
+ EXPECT_EQ(flags.flags(), 0u);
+
+ // Empty list: all features are allowed.
+ const std::string empty_list_json =
+ "{\n"
+ " \"name\": \"gpu blacklist\",\n"
+ " \"version\": \"2.5\",\n"
+ " \"entries\": [\n"
+ " ]\n"
+ "}";
+ EXPECT_TRUE(blacklist.LoadGpuBlacklist(empty_list_json, false));
+ uint16 major, minor;
+ EXPECT_TRUE(blacklist.GetVersion(&major, &minor));
+ EXPECT_EQ(major, 2u);
+ EXPECT_EQ(minor, 5u);
+ flags = blacklist.DetermineGpuFeatureFlags(
+ GpuBlacklist::kOsMacosx, os_version.get(), gpu_info);
+ EXPECT_EQ(flags.flags(), 0u);
+
+ // Blacklist accelerated_compositing with exact setting.
+ const std::string exact_list_json =
+ "{\n"
+ " \"name\": \"gpu blacklist\",\n"
+ " \"version\": \"0.1\",\n"
+ " \"entries\": [\n"
+ " {\n"
+ " \"id\": \"5\",\n"
+ " \"os\": {\n"
+ " \"type\": \"macosx\",\n"
+ " \"version\": {\n"
+ " \"op\": \"=\",\n"
+ " \"number\": \"10.6.4\"\n"
+ " }\n"
+ " },\n"
+ " \"vendor_id\": \"0x10de\",\n"
+ " \"device_id\": \"0x0640\",\n"
+ " \"driver_version\": {\n"
+ " \"op\": \"=\",\n"
+ " \"number\": \"1.6.18\"\n"
+ " },\n"
+ " \"blacklist\": [\n"
+ " \"accelerated_compositing\"\n"
+ " ]\n"
+ " }\n"
+ " ]\n"
+ "}";
+ EXPECT_TRUE(blacklist.LoadGpuBlacklist(exact_list_json, false));
+ flags = blacklist.DetermineGpuFeatureFlags(
+ GpuBlacklist::kOsMacosx, os_version.get(), gpu_info);
+ EXPECT_EQ(
+ flags.flags(),
+ static_cast<uint32>(GpuFeatureFlags::kGpuFeatureAcceleratedCompositing));
+
+ // Invalid json input should not change the current blacklist settings.
+ const std::string invalid_json = "invalid";
+ EXPECT_FALSE(blacklist.LoadGpuBlacklist(invalid_json, false));
+ flags = blacklist.DetermineGpuFeatureFlags(
+ GpuBlacklist::kOsMacosx, os_version.get(), gpu_info);
+ EXPECT_EQ(
+ flags.flags(),
+ static_cast<uint32>(GpuFeatureFlags::kGpuFeatureAcceleratedCompositing));
+ std::vector<uint32> entries;
+ blacklist.GetGpuFeatureFlagEntries(
+ GpuFeatureFlags::kGpuFeatureAcceleratedCompositing, entries);
+ EXPECT_EQ(entries.size(), 1u);
+ EXPECT_EQ(entries[0], 5u);
+ blacklist.GetGpuFeatureFlagEntries(
+ GpuFeatureFlags::kGpuFeatureAll, entries);
+ EXPECT_EQ(entries.size(), 1u);
+ EXPECT_EQ(entries[0], 5u);
+ EXPECT_EQ(blacklist.max_entry_id(), 5u);
+
+ // Blacklist a vendor on all OS.
+ const std::string vendor_json =
+ "{\n"
+ " \"name\": \"gpu blacklist\",\n"
+ " \"version\": \"0.1\",\n"
+ " \"entries\": [\n"
+ " {\n"
+ " \"id\": \"1\",\n"
+ " \"vendor_id\": \"0x10de\",\n"
+ " \"blacklist\": [\n"
+ " \"webgl\"\n"
+ " ]\n"
+ " }\n"
+ " ]\n"
+ "}";
+ // Blacklist entries won't be filtered to the current OS only upon loading.
+ EXPECT_TRUE(blacklist.LoadGpuBlacklist(vendor_json, false));
+ flags = blacklist.DetermineGpuFeatureFlags(
+ GpuBlacklist::kOsMacosx, os_version.get(), gpu_info);
+ EXPECT_EQ(flags.flags(),
+ static_cast<uint32>(GpuFeatureFlags::kGpuFeatureWebgl));
+ flags = blacklist.DetermineGpuFeatureFlags(
+ GpuBlacklist::kOsWin, os_version.get(), gpu_info);
+ EXPECT_EQ(flags.flags(),
+ static_cast<uint32>(GpuFeatureFlags::kGpuFeatureWebgl));
+ flags = blacklist.DetermineGpuFeatureFlags(
+ GpuBlacklist::kOsLinux, os_version.get(), gpu_info);
+ EXPECT_EQ(flags.flags(),
+ static_cast<uint32>(GpuFeatureFlags::kGpuFeatureWebgl));
+#if defined(OS_WIN) || defined(OS_LINUX) || defined(OS_MACOSX)
+ // Blacklist entries will be filtered to the current OS only upon loading.
+ EXPECT_TRUE(blacklist.LoadGpuBlacklist(vendor_json, true));
+ flags = blacklist.DetermineGpuFeatureFlags(
+ GpuBlacklist::kOsMacosx, os_version.get(), gpu_info);
+ EXPECT_EQ(flags.flags(),
+ static_cast<uint32>(GpuFeatureFlags::kGpuFeatureWebgl));
+ flags = blacklist.DetermineGpuFeatureFlags(
+ GpuBlacklist::kOsWin, os_version.get(), gpu_info);
+ EXPECT_EQ(flags.flags(),
+ static_cast<uint32>(GpuFeatureFlags::kGpuFeatureWebgl));
+ flags = blacklist.DetermineGpuFeatureFlags(
+ GpuBlacklist::kOsLinux, os_version.get(), gpu_info);
+ EXPECT_EQ(flags.flags(),
+ static_cast<uint32>(GpuFeatureFlags::kGpuFeatureWebgl));
+#endif
+
+
+ // Blacklist a vendor on Linux only.
+ const std::string vendor_linux_json =
+ "{\n"
+ " \"name\": \"gpu blacklist\",\n"
+ " \"version\": \"0.1\",\n"
+ " \"entries\": [\n"
+ " {\n"
+ " \"id\": \"1\",\n"
+ " \"os\": {\n"
+ " \"type\": \"linux\"\n"
+ " },\n"
+ " \"vendor_id\": \"0x10de\",\n"
+ " \"blacklist\": [\n"
+ " \"accelerated_2d_canvas\"\n"
+ " ]\n"
+ " }\n"
+ " ]\n"
+ "}";
+ EXPECT_TRUE(blacklist.LoadGpuBlacklist(vendor_linux_json, false));
+ flags = blacklist.DetermineGpuFeatureFlags(
+ GpuBlacklist::kOsMacosx, os_version.get(), gpu_info);
+ EXPECT_EQ(flags.flags(), 0u);
+ flags = blacklist.DetermineGpuFeatureFlags(
+ GpuBlacklist::kOsWin, os_version.get(), gpu_info);
+ EXPECT_EQ(flags.flags(), 0u);
+ flags = blacklist.DetermineGpuFeatureFlags(
+ GpuBlacklist::kOsLinux, os_version.get(), gpu_info);
+ EXPECT_EQ(
+ flags.flags(),
+ static_cast<uint32>(GpuFeatureFlags::kGpuFeatureAccelerated2dCanvas));
+}
+
diff --git a/content/browser/gpu_process_host.cc b/content/browser/gpu_process_host.cc
new file mode 100644
index 0000000..4ef366af
--- /dev/null
+++ b/content/browser/gpu_process_host.cc
@@ -0,0 +1,287 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/gpu_process_host.h"
+
+#include "app/app_switches.h"
+#include "base/metrics/histogram.h"
+#include "base/ref_counted.h"
+#include "base/string_piece.h"
+#include "base/threading/thread.h"
+#include "chrome/browser/gpu_process_host_ui_shim.h"
+#include "chrome/browser/tab_contents/render_view_host_delegate_helper.h"
+#include "chrome/common/chrome_switches.h"
+#include "chrome/common/gpu_feature_flags.h"
+#include "chrome/common/gpu_info.h"
+#include "chrome/common/gpu_messages.h"
+#include "chrome/common/render_messages.h"
+#include "chrome/gpu/gpu_thread.h"
+#include "content/browser/browser_thread.h"
+#include "content/browser/renderer_host/render_widget_host.h"
+#include "content/browser/renderer_host/render_widget_host_view.h"
+#include "ipc/ipc_channel_handle.h"
+#include "ipc/ipc_switches.h"
+#include "media/base/media_switches.h"
+
+#if defined(OS_LINUX)
+#include "ui/gfx/gtk_native_view_id_manager.h"
+#endif // defined(OS_LINUX)
+
+namespace {
+
+enum GPUProcessLifetimeEvent {
+ LAUNCHED,
+ DIED_FIRST_TIME,
+ DIED_SECOND_TIME,
+ DIED_THIRD_TIME,
+ DIED_FOURTH_TIME,
+ GPU_PROCESS_LIFETIME_EVENT_MAX
+ };
+
+class RouteOnUIThreadTask : public Task {
+ public:
+ RouteOnUIThreadTask(int host_id, const IPC::Message& msg)
+ : host_id_(host_id),
+ msg_(msg) {
+ }
+
+ private:
+ virtual void Run() {
+ GpuProcessHostUIShim* ui_shim = GpuProcessHostUIShim::FromID(host_id_);
+ if (ui_shim)
+ ui_shim->OnMessageReceived(msg_);
+ }
+
+ int host_id_;
+ IPC::Message msg_;
+};
+
+// A global map from GPU process host ID to GpuProcessHost.
+static IDMap<GpuProcessHost> g_hosts_by_id;
+
+// Number of times the gpu process has crashed in the current browser session.
+static int g_gpu_crash_count = 0;
+
+// Maximum number of times the gpu process is allowed to crash in a session.
+// Once this limit is reached, any request to launch the gpu process will fail.
+static const int kGpuMaxCrashCount = 3;
+
+} // anonymous namespace
+
+class GpuMainThread : public base::Thread {
+ public:
+ explicit GpuMainThread(const std::string& channel_id)
+ : base::Thread("CrGpuMain"),
+ channel_id_(channel_id) {
+ }
+
+ ~GpuMainThread() {
+ Stop();
+ }
+
+ protected:
+ virtual void Init() {
+ // Must be created on GPU thread.
+ gpu_thread_.reset(new GpuThread(channel_id_));
+ gpu_thread_->Init(base::Time::Now());
+ }
+
+ virtual void CleanUp() {
+ // Must be destroyed on GPU thread.
+ gpu_thread_.reset();
+ }
+
+ private:
+ scoped_ptr<GpuThread> gpu_thread_;
+ std::string channel_id_;
+ DISALLOW_COPY_AND_ASSIGN(GpuMainThread);
+};
+
+// static
+GpuProcessHost* GpuProcessHost::Create(int host_id) {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+
+ GpuProcessHost* host = new GpuProcessHost(host_id);
+ if (!host->Init()) {
+ delete host;
+ return NULL;
+ }
+
+ return host;
+}
+
+// static
+GpuProcessHost* GpuProcessHost::FromID(int host_id) {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+
+ if (host_id == 0)
+ return NULL;
+
+ return g_hosts_by_id.Lookup(host_id);
+}
+
+GpuProcessHost::GpuProcessHost(int host_id)
+ : BrowserChildProcessHost(GPU_PROCESS, NULL),
+ host_id_(host_id) {
+ g_hosts_by_id.AddWithID(this, host_id_);
+}
+
+GpuProcessHost::~GpuProcessHost() {
+
+ DCHECK(CalledOnValidThread());
+
+ g_hosts_by_id.Remove(host_id_);
+
+ BrowserThread::PostTask(BrowserThread::UI,
+ FROM_HERE,
+ NewRunnableFunction(GpuProcessHostUIShim::Destroy,
+ host_id_));
+}
+
+bool GpuProcessHost::Init() {
+ if (!CreateChannel())
+ return false;
+
+ if (!CanLaunchGpuProcess())
+ return false;
+
+ if (!LaunchGpuProcess())
+ return false;
+
+ return Send(new GpuMsg_Initialize());
+}
+
+void GpuProcessHost::RouteOnUIThread(const IPC::Message& message) {
+ BrowserThread::PostTask(BrowserThread::UI,
+ FROM_HERE,
+ new RouteOnUIThreadTask(host_id_, message));
+}
+
+bool GpuProcessHost::Send(IPC::Message* msg) {
+ DCHECK(CalledOnValidThread());
+ return BrowserChildProcessHost::Send(msg);
+}
+
+bool GpuProcessHost::OnMessageReceived(const IPC::Message& message) {
+ DCHECK(CalledOnValidThread());
+ RouteOnUIThread(message);
+ return true;
+}
+
+bool GpuProcessHost::CanShutdown() {
+ return true;
+}
+
+namespace {
+
+void SendOutstandingRepliesDispatcher(int host_id) {
+ GpuProcessHostUIShim *ui_shim = GpuProcessHostUIShim::FromID(host_id);
+ DCHECK(ui_shim);
+ ui_shim->SendOutstandingReplies();
+}
+
+void SendOutstandingReplies(int host_id) {
+ BrowserThread::PostTask(
+ BrowserThread::UI, FROM_HERE,
+ NewRunnableFunction(&SendOutstandingRepliesDispatcher, host_id));
+}
+
+} // namespace
+
+void GpuProcessHost::OnChildDied() {
+ SendOutstandingReplies(host_id_);
+ // Located in OnChildDied because OnProcessCrashed suffers from a race
+ // condition on Linux.
+ UMA_HISTOGRAM_ENUMERATION("GPU.GPUProcessLifetimeEvents",
+ DIED_FIRST_TIME + g_gpu_crash_count,
+ GPU_PROCESS_LIFETIME_EVENT_MAX);
+ BrowserChildProcessHost::OnChildDied();
+}
+
+void GpuProcessHost::OnProcessCrashed(int exit_code) {
+ SendOutstandingReplies(host_id_);
+ if (++g_gpu_crash_count >= kGpuMaxCrashCount) {
+ // The gpu process is too unstable to use. Disable it for current session.
+ RenderViewHostDelegateHelper::set_gpu_enabled(false);
+ }
+ BrowserChildProcessHost::OnProcessCrashed(exit_code);
+}
+
+bool GpuProcessHost::CanLaunchGpuProcess() const {
+ return RenderViewHostDelegateHelper::gpu_enabled();
+}
+
+bool GpuProcessHost::LaunchGpuProcess() {
+ if (g_gpu_crash_count >= kGpuMaxCrashCount)
+ return false;
+
+ const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess();
+
+ // If the single-process switch is present, just launch the GPU service in a
+ // new thread in the browser process.
+ if (browser_command_line.HasSwitch(switches::kSingleProcess)) {
+ GpuMainThread* thread = new GpuMainThread(channel_id());
+
+ base::Thread::Options options;
+#if defined(OS_LINUX)
+ options.message_loop_type = MessageLoop::TYPE_IO;
+#else
+ options.message_loop_type = MessageLoop::TYPE_UI;
+#endif
+
+ if (!thread->StartWithOptions(options))
+ return false;
+
+ return true;
+ }
+
+ CommandLine::StringType gpu_launcher =
+ browser_command_line.GetSwitchValueNative(switches::kGpuLauncher);
+
+ FilePath exe_path = ChildProcessHost::GetChildPath(gpu_launcher.empty());
+ if (exe_path.empty())
+ return false;
+
+ CommandLine* cmd_line = new CommandLine(exe_path);
+ cmd_line->AppendSwitchASCII(switches::kProcessType, switches::kGpuProcess);
+ cmd_line->AppendSwitchASCII(switches::kProcessChannelID, channel_id());
+
+ SetCrashReporterCommandLine(cmd_line);
+
+ // Propagate relevant command line switches.
+ static const char* const kSwitchNames[] = {
+ switches::kUseGL,
+ switches::kDisableGpuVsync,
+ switches::kDisableGpuWatchdog,
+ switches::kDisableLogging,
+ switches::kEnableAcceleratedDecoding,
+ switches::kEnableLogging,
+#if defined(OS_MACOSX)
+ switches::kEnableSandboxLogging,
+#endif
+ switches::kGpuStartupDialog,
+ switches::kLoggingLevel,
+ switches::kNoGpuSandbox,
+ switches::kNoSandbox,
+ };
+ cmd_line->CopySwitchesFrom(browser_command_line, kSwitchNames,
+ arraysize(kSwitchNames));
+
+ // If specified, prepend a launcher program to the command line.
+ if (!gpu_launcher.empty())
+ cmd_line->PrependWrapper(gpu_launcher);
+
+ Launch(
+#if defined(OS_WIN)
+ FilePath(),
+#elif defined(OS_POSIX)
+ false, // Never use the zygote (GPU plugin can't be sandboxed).
+ base::environment_vector(),
+#endif
+ cmd_line);
+
+ UMA_HISTOGRAM_ENUMERATION("GPU.GPUProcessLifetimeEvents",
+ LAUNCHED, GPU_PROCESS_LIFETIME_EVENT_MAX);
+ return true;
+}
diff --git a/content/browser/gpu_process_host.h b/content/browser/gpu_process_host.h
new file mode 100644
index 0000000..9881bee
--- /dev/null
+++ b/content/browser/gpu_process_host.h
@@ -0,0 +1,54 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_BROWSER_GPU_PROCESS_HOST_H_
+#define CONTENT_BROWSER_GPU_PROCESS_HOST_H_
+#pragma once
+
+#include "base/threading/non_thread_safe.h"
+#include "content/browser/browser_child_process_host.h"
+
+namespace IPC {
+class Message;
+}
+
+class GpuProcessHost : public BrowserChildProcessHost,
+ public base::NonThreadSafe {
+ public:
+
+ // Create a GpuProcessHost with the given ID. The object can be found using
+ // FromID with the same id.
+ static GpuProcessHost* Create(int host_id);
+
+ // Get the GPU process host for the GPU process with the given ID. Returns
+ // null if the process no longer exists.
+ static GpuProcessHost* FromID(int host_id);
+
+ virtual bool Send(IPC::Message* msg);
+
+ // IPC::Channel::Listener implementation.
+ virtual bool OnMessageReceived(const IPC::Message& message);
+
+ private:
+ explicit GpuProcessHost(int host_id);
+ virtual ~GpuProcessHost();
+ bool Init();
+
+ // Post an IPC message to the UI shim's message handler on the UI thread.
+ void RouteOnUIThread(const IPC::Message& message);
+
+ virtual bool CanShutdown();
+ virtual void OnChildDied();
+ virtual void OnProcessCrashed(int exit_code);
+
+ bool CanLaunchGpuProcess() const;
+ bool LaunchGpuProcess();
+
+ // The serial number of the GpuProcessHost / GpuProcessHostUIShim pair.
+ int host_id_;
+
+ DISALLOW_COPY_AND_ASSIGN(GpuProcessHost);
+};
+
+#endif // CONTENT_BROWSER_GPU_PROCESS_HOST_H_
diff --git a/content/browser/host_zoom_map.cc b/content/browser/host_zoom_map.cc
new file mode 100644
index 0000000..0581036
--- /dev/null
+++ b/content/browser/host_zoom_map.cc
@@ -0,0 +1,260 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <cmath>
+
+#include "content/browser/host_zoom_map.h"
+
+#include "base/string_piece.h"
+#include "base/utf_string_conversions.h"
+#include "chrome/browser/browser_thread.h"
+#include "chrome/browser/prefs/pref_service.h"
+#include "chrome/browser/prefs/scoped_pref_update.h"
+#include "chrome/browser/profiles/profile.h"
+#include "chrome/common/notification_details.h"
+#include "chrome/common/notification_service.h"
+#include "chrome/common/notification_source.h"
+#include "chrome/common/notification_type.h"
+#include "chrome/common/pref_names.h"
+#include "content/browser/renderer_host/render_process_host.h"
+#include "content/browser/renderer_host/render_view_host.h"
+#include "googleurl/src/gurl.h"
+#include "net/base/net_util.h"
+#include "third_party/WebKit/Source/WebKit/chromium/public/WebView.h"
+
+using WebKit::WebView;
+
+HostZoomMap::HostZoomMap(Profile* profile)
+ : profile_(profile),
+ updating_preferences_(false) {
+ Load();
+ default_zoom_level_ =
+ profile_->GetPrefs()->GetDouble(prefs::kDefaultZoomLevel);
+ registrar_.Add(this, NotificationType::PROFILE_DESTROYED,
+ Source<Profile>(profile));
+ // Don't observe pref changes (e.g. from sync) in Incognito; once we create
+ // the incognito window it should have no further connection to the main
+ // profile/prefs.
+ if (!profile_->IsOffTheRecord()) {
+ pref_change_registrar_.Init(profile_->GetPrefs());
+ pref_change_registrar_.Add(prefs::kPerHostZoomLevels, this);
+ pref_change_registrar_.Add(prefs::kDefaultZoomLevel, this);
+ }
+
+ registrar_.Add(
+ this, NotificationType::RENDER_VIEW_HOST_WILL_CLOSE_RENDER_VIEW,
+ NotificationService::AllSources());
+}
+
+void HostZoomMap::Load() {
+ if (!profile_)
+ return;
+
+ base::AutoLock auto_lock(lock_);
+ host_zoom_levels_.clear();
+ const DictionaryValue* host_zoom_dictionary =
+ profile_->GetPrefs()->GetDictionary(prefs::kPerHostZoomLevels);
+ // Careful: The returned value could be NULL if the pref has never been set.
+ if (host_zoom_dictionary != NULL) {
+ for (DictionaryValue::key_iterator i(host_zoom_dictionary->begin_keys());
+ i != host_zoom_dictionary->end_keys(); ++i) {
+ const std::string& host(*i);
+ double zoom_level = 0;
+
+ bool success = host_zoom_dictionary->GetDoubleWithoutPathExpansion(
+ host, &zoom_level);
+ if (!success) {
+ // The data used to be stored as ints, so try that.
+ int int_zoom_level;
+ success = host_zoom_dictionary->GetIntegerWithoutPathExpansion(
+ host, &int_zoom_level);
+ if (success) {
+ zoom_level = static_cast<double>(int_zoom_level);
+ // Since the values were once stored as non-clamped, clamp now.
+ double zoom_factor = WebView::zoomLevelToZoomFactor(zoom_level);
+ if (zoom_factor < WebView::minTextSizeMultiplier) {
+ zoom_level =
+ WebView::zoomFactorToZoomLevel(WebView::minTextSizeMultiplier);
+ } else if (zoom_factor > WebView::maxTextSizeMultiplier) {
+ zoom_level =
+ WebView::zoomFactorToZoomLevel(WebView::maxTextSizeMultiplier);
+ }
+ }
+ }
+ DCHECK(success);
+ host_zoom_levels_[host] = zoom_level;
+ }
+ }
+}
+
+// static
+void HostZoomMap::RegisterUserPrefs(PrefService* prefs) {
+ prefs->RegisterDictionaryPref(prefs::kPerHostZoomLevels);
+}
+
+double HostZoomMap::GetZoomLevel(const GURL& url) const {
+ std::string host(net::GetHostOrSpecFromURL(url));
+ base::AutoLock auto_lock(lock_);
+ HostZoomLevels::const_iterator i(host_zoom_levels_.find(host));
+ return (i == host_zoom_levels_.end()) ? default_zoom_level_ : i->second;
+}
+
+void HostZoomMap::SetZoomLevel(const GURL& url, double level) {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+ if (!profile_)
+ return;
+
+ std::string host(net::GetHostOrSpecFromURL(url));
+
+ {
+ base::AutoLock auto_lock(lock_);
+ if (level == default_zoom_level_)
+ host_zoom_levels_.erase(host);
+ else
+ host_zoom_levels_[host] = level;
+ }
+
+ NotificationService::current()->Notify(NotificationType::ZOOM_LEVEL_CHANGED,
+ Source<Profile>(profile_),
+ NotificationService::NoDetails());
+
+ // If we're in incognito mode, don't persist changes to the prefs. We'll keep
+ // them in memory only so they will be forgotten on exiting incognito.
+ if (profile_->IsOffTheRecord())
+ return;
+
+ updating_preferences_ = true;
+ {
+ ScopedPrefUpdate update(profile_->GetPrefs(), prefs::kPerHostZoomLevels);
+ DictionaryValue* host_zoom_dictionary =
+ profile_->GetPrefs()->GetMutableDictionary(prefs::kPerHostZoomLevels);
+ if (level == default_zoom_level_) {
+ host_zoom_dictionary->RemoveWithoutPathExpansion(host, NULL);
+ } else {
+ host_zoom_dictionary->SetWithoutPathExpansion(
+ host, Value::CreateDoubleValue(level));
+ }
+ }
+ updating_preferences_ = false;
+}
+
+double HostZoomMap::GetTemporaryZoomLevel(int render_process_id,
+ int render_view_id) const {
+ base::AutoLock auto_lock(lock_);
+ for (size_t i = 0; i < temporary_zoom_levels_.size(); ++i) {
+ if (temporary_zoom_levels_[i].render_process_id == render_process_id &&
+ temporary_zoom_levels_[i].render_view_id == render_view_id) {
+ return temporary_zoom_levels_[i].zoom_level;
+ }
+ }
+ return 0;
+}
+
+void HostZoomMap::SetTemporaryZoomLevel(int render_process_id,
+ int render_view_id,
+ double level) {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+ if (!profile_)
+ return;
+
+ {
+ base::AutoLock auto_lock(lock_);
+ size_t i;
+ for (i = 0; i < temporary_zoom_levels_.size(); ++i) {
+ if (temporary_zoom_levels_[i].render_process_id == render_process_id &&
+ temporary_zoom_levels_[i].render_view_id == render_view_id) {
+ if (level) {
+ temporary_zoom_levels_[i].zoom_level = level;
+ } else {
+ temporary_zoom_levels_.erase(temporary_zoom_levels_.begin() + i);
+ }
+ break;
+ }
+ }
+
+ if (level && i == temporary_zoom_levels_.size()) {
+ TemporaryZoomLevel temp;
+ temp.render_process_id = render_process_id;
+ temp.render_view_id = render_view_id;
+ temp.zoom_level = level;
+ temporary_zoom_levels_.push_back(temp);
+ }
+ }
+
+ NotificationService::current()->Notify(NotificationType::ZOOM_LEVEL_CHANGED,
+ Source<Profile>(profile_),
+ NotificationService::NoDetails());
+}
+
+void HostZoomMap::ResetToDefaults() {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+ if (!profile_)
+ return;
+
+ {
+ base::AutoLock auto_lock(lock_);
+ host_zoom_levels_.clear();
+ }
+
+ updating_preferences_ = true;
+ profile_->GetPrefs()->ClearPref(prefs::kPerHostZoomLevels);
+ updating_preferences_ = false;
+}
+
+void HostZoomMap::Shutdown() {
+ if (!profile_)
+ return;
+
+ registrar_.RemoveAll();
+ if (!profile_->IsOffTheRecord())
+ pref_change_registrar_.RemoveAll();
+ profile_ = NULL;
+}
+
+void HostZoomMap::Observe(
+ NotificationType type,
+ const NotificationSource& source,
+ const NotificationDetails& details) {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+
+ switch (type.value) {
+ case NotificationType::PROFILE_DESTROYED:
+ // If the profile is going away, we need to stop using it.
+ Shutdown();
+ break;
+ case NotificationType::RENDER_VIEW_HOST_WILL_CLOSE_RENDER_VIEW: {
+ base::AutoLock auto_lock(lock_);
+ int render_view_id = Source<RenderViewHost>(source)->routing_id();
+ int render_process_id = Source<RenderViewHost>(source)->process()->id();
+
+ for (size_t i = 0; i < temporary_zoom_levels_.size(); ++i) {
+ if (temporary_zoom_levels_[i].render_process_id == render_process_id &&
+ temporary_zoom_levels_[i].render_view_id == render_view_id) {
+ temporary_zoom_levels_.erase(temporary_zoom_levels_.begin() + i);
+ break;
+ }
+ }
+ break;
+ }
+ case NotificationType::PREF_CHANGED: {
+ // If we are updating our own preference, don't reload.
+ if (!updating_preferences_) {
+ std::string* name = Details<std::string>(details).ptr();
+ if (prefs::kPerHostZoomLevels == *name)
+ Load();
+ else if (prefs::kDefaultZoomLevel == *name) {
+ default_zoom_level_ =
+ profile_->GetPrefs()->GetDouble(prefs::kDefaultZoomLevel);
+ }
+ }
+ break;
+ }
+ default:
+ NOTREACHED() << "Unexpected preference observed.";
+ }
+}
+
+HostZoomMap::~HostZoomMap() {
+ Shutdown();
+}
diff --git a/content/browser/host_zoom_map.h b/content/browser/host_zoom_map.h
new file mode 100644
index 0000000..4951995
--- /dev/null
+++ b/content/browser/host_zoom_map.h
@@ -0,0 +1,127 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Maps hostnames to custom zoom levels. Written on the UI thread and read on
+// any thread. One instance per profile.
+
+#ifndef CONTENT_BROWSER_HOST_ZOOM_MAP_H_
+#define CONTENT_BROWSER_HOST_ZOOM_MAP_H_
+#pragma once
+
+#include <map>
+#include <string>
+#include <vector>
+
+#include "base/basictypes.h"
+#include "base/ref_counted.h"
+#include "base/synchronization/lock.h"
+#include "chrome/browser/prefs/pref_change_registrar.h"
+#include "chrome/common/notification_observer.h"
+#include "chrome/common/notification_registrar.h"
+#include "content/browser/browser_thread.h"
+
+class GURL;
+class PrefService;
+class Profile;
+
+// HostZoomMap needs to be deleted on the UI thread because it listens
+// to notifications on there (and holds a NotificationRegistrar).
+class HostZoomMap :
+ public NotificationObserver,
+ public base::RefCountedThreadSafe<HostZoomMap,
+ BrowserThread::DeleteOnUIThread> {
+ public:
+ explicit HostZoomMap(Profile* profile);
+
+ static void RegisterUserPrefs(PrefService* prefs);
+
+ // Returns the zoom level for a given url. The zoom level is determined by
+ // the host portion of the URL, or (in the absence of a host) the complete
+ // spec of the URL. In most cases, there is no custom zoom level, and this
+ // returns the user's default zoom level. Otherwise, returns the saved zoom
+ // level, which may be positive (to zoom in) or negative (to zoom out).
+ //
+ // This may be called on any thread.
+ double GetZoomLevel(const GURL& url) const;
+
+ // Sets the zoom level for a given url to |level|. If the level matches the
+ // current default zoom level, the host is erased from the saved preferences;
+ // otherwise the new value is written out.
+ //
+ // This should only be called on the UI thread.
+ void SetZoomLevel(const GURL& url, double level);
+
+ // Returns the temporary zoom level that's only valid for the lifetime of
+ // the given tab (i.e. isn't saved and doesn't affect other tabs) if it
+ // exists, the default zoom level otherwise.
+ //
+ // This may be called on any thread.
+ double GetTemporaryZoomLevel(int render_process_id,
+ int render_view_id) const;
+
+ // Sets the temporary zoom level that's only valid for the lifetime of this
+ // tab.
+ //
+ // This should only be called on the UI thread.
+ void SetTemporaryZoomLevel(int render_process_id,
+ int render_view_id,
+ double level);
+
+ // Resets all zoom levels.
+ //
+ // This should only be called on the UI thread.
+ void ResetToDefaults();
+
+ // NotificationObserver implementation.
+ virtual void Observe(NotificationType type,
+ const NotificationSource& source,
+ const NotificationDetails& details);
+
+ private:
+ friend struct BrowserThread::DeleteOnThread<BrowserThread::UI>;
+ friend class DeleteTask<HostZoomMap>;
+
+ typedef std::map<std::string, double> HostZoomLevels;
+
+ ~HostZoomMap();
+
+ // Reads the zoom levels from the preferences service.
+ void Load();
+
+ // Removes dependencies on the profile so we can live longer than
+ // the profile without crashing.
+ void Shutdown();
+
+ // The profile we're associated with.
+ Profile* profile_;
+
+ // Copy of the pref data, so that we can read it on the IO thread.
+ HostZoomLevels host_zoom_levels_;
+ double default_zoom_level_;
+
+ struct TemporaryZoomLevel {
+ int render_process_id;
+ int render_view_id;
+ double zoom_level;
+ };
+
+ // Don't expect more than a couple of tabs that are using a temporary zoom
+ // level, so vector is fine for now.
+ std::vector<TemporaryZoomLevel> temporary_zoom_levels_;
+
+ // Used around accesses to |host_zoom_levels_|, |default_zoom_level_| and
+ // |temporary_zoom_levels_| to guarantee thread safety.
+ mutable base::Lock lock_;
+
+ // Whether we are currently updating preferences, this is used to ignore
+ // notifications from the preference service that we triggered ourself.
+ bool updating_preferences_;
+
+ NotificationRegistrar registrar_;
+ PrefChangeRegistrar pref_change_registrar_;
+
+ DISALLOW_COPY_AND_ASSIGN(HostZoomMap);
+};
+
+#endif // CONTENT_BROWSER_HOST_ZOOM_MAP_H_
diff --git a/content/browser/host_zoom_map_unittest.cc b/content/browser/host_zoom_map_unittest.cc
new file mode 100644
index 0000000..82e0e58
--- /dev/null
+++ b/content/browser/host_zoom_map_unittest.cc
@@ -0,0 +1,132 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/message_loop.h"
+#include "base/ref_counted.h"
+#include "base/utf_string_conversions.h"
+#include "base/values.h"
+#include "chrome/browser/browser_thread.h"
+#include "chrome/browser/host_zoom_map.h"
+#include "chrome/browser/prefs/pref_service.h"
+#include "chrome/common/notification_details.h"
+#include "chrome/common/notification_observer_mock.h"
+#include "chrome/common/notification_source.h"
+#include "chrome/common/notification_type.h"
+#include "chrome/common/pref_names.h"
+#include "chrome/test/testing_profile.h"
+#include "googleurl/src/gurl.h"
+#include "testing/gmock/include/gmock/gmock.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+using testing::_;
+using testing::Pointee;
+using testing::Property;
+
+class HostZoomMapTest : public testing::Test {
+ public:
+ static const double kZoomLevel;
+ static const double kDefaultZoomLevel;
+ HostZoomMapTest()
+ : ui_thread_(BrowserThread::UI, &message_loop_),
+ prefs_(profile_.GetPrefs()),
+ per_host_zoom_levels_pref_(prefs::kPerHostZoomLevels),
+ url_("http://example.com/test"),
+ host_("example.com") {}
+
+ protected:
+ void SetPrefObserverExpectation() {
+ EXPECT_CALL(
+ pref_observer_,
+ Observe(NotificationType(NotificationType::PREF_CHANGED),
+ _,
+ Property(&Details<std::string>::ptr,
+ Pointee(per_host_zoom_levels_pref_))));
+ }
+
+ MessageLoopForUI message_loop_;
+ BrowserThread ui_thread_;
+ TestingProfile profile_;
+ PrefService* prefs_;
+ std::string per_host_zoom_levels_pref_; // For the observe matcher.
+ GURL url_;
+ std::string host_;
+ NotificationObserverMock pref_observer_;
+};
+const double HostZoomMapTest::kZoomLevel = 4;
+const double HostZoomMapTest::kDefaultZoomLevel = -2;
+
+TEST_F(HostZoomMapTest, LoadNoPrefs) {
+ scoped_refptr<HostZoomMap> map(new HostZoomMap(&profile_));
+ EXPECT_EQ(0, map->GetZoomLevel(url_));
+}
+
+TEST_F(HostZoomMapTest, Load) {
+ DictionaryValue* dict =
+ prefs_->GetMutableDictionary(prefs::kPerHostZoomLevels);
+ dict->SetWithoutPathExpansion(host_, Value::CreateDoubleValue(kZoomLevel));
+ scoped_refptr<HostZoomMap> map(new HostZoomMap(&profile_));
+ EXPECT_EQ(kZoomLevel, map->GetZoomLevel(url_));
+}
+
+TEST_F(HostZoomMapTest, SetZoomLevel) {
+ scoped_refptr<HostZoomMap> map(new HostZoomMap(&profile_));
+ PrefChangeRegistrar registrar;
+ registrar.Init(prefs_);
+ registrar.Add(prefs::kPerHostZoomLevels, &pref_observer_);
+ SetPrefObserverExpectation();
+ map->SetZoomLevel(url_, kZoomLevel);
+ EXPECT_EQ(kZoomLevel, map->GetZoomLevel(url_));
+ const DictionaryValue* dict =
+ prefs_->GetDictionary(prefs::kPerHostZoomLevels);
+ double zoom_level = 0;
+ EXPECT_TRUE(dict->GetDoubleWithoutPathExpansion(host_, &zoom_level));
+ EXPECT_EQ(kZoomLevel, zoom_level);
+
+ SetPrefObserverExpectation();
+ map->SetZoomLevel(url_, 0);
+ EXPECT_EQ(0, map->GetZoomLevel(url_));
+ EXPECT_FALSE(dict->HasKey(host_));
+}
+
+TEST_F(HostZoomMapTest, ResetToDefaults) {
+ scoped_refptr<HostZoomMap> map(new HostZoomMap(&profile_));
+ map->SetZoomLevel(url_, kZoomLevel);
+
+ PrefChangeRegistrar registrar;
+ registrar.Init(prefs_);
+ registrar.Add(prefs::kPerHostZoomLevels, &pref_observer_);
+ SetPrefObserverExpectation();
+ map->ResetToDefaults();
+ EXPECT_EQ(0, map->GetZoomLevel(url_));
+ DictionaryValue empty;
+ EXPECT_TRUE(
+ Value::Equals(&empty, prefs_->GetDictionary(prefs::kPerHostZoomLevels)));
+}
+
+TEST_F(HostZoomMapTest, ReloadOnPrefChange) {
+ scoped_refptr<HostZoomMap> map(new HostZoomMap(&profile_));
+ map->SetZoomLevel(url_, kZoomLevel);
+
+ DictionaryValue dict;
+ dict.SetWithoutPathExpansion(host_, Value::CreateDoubleValue(0));
+ prefs_->Set(prefs::kPerHostZoomLevels, dict);
+ EXPECT_EQ(0, map->GetZoomLevel(url_));
+}
+
+TEST_F(HostZoomMapTest, NoHost) {
+ scoped_refptr<HostZoomMap> map(new HostZoomMap(&profile_));
+ GURL file_url1_("file:///tmp/test.html");
+ GURL file_url2_("file:///tmp/other.html");
+ map->SetZoomLevel(file_url1_, kZoomLevel);
+
+ EXPECT_EQ(kZoomLevel, map->GetZoomLevel(file_url1_));
+ EXPECT_EQ(0, map->GetZoomLevel(file_url2_));
+}
+
+TEST_F(HostZoomMapTest, ChangeDefaultZoomLevel) {
+ FundamentalValue zoom_level(kDefaultZoomLevel);
+ prefs_->Set(prefs::kDefaultZoomLevel, zoom_level);
+ scoped_refptr<HostZoomMap> map(new HostZoomMap(&profile_));
+ EXPECT_EQ(kDefaultZoomLevel, map->GetZoomLevel(url_));
+}
diff --git a/content/browser/mime_registry_message_filter.cc b/content/browser/mime_registry_message_filter.cc
new file mode 100644
index 0000000..3268b84
--- /dev/null
+++ b/content/browser/mime_registry_message_filter.cc
@@ -0,0 +1,51 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/mime_registry_message_filter.h"
+
+#include "chrome/common/mime_registry_messages.h"
+#include "net/base/mime_util.h"
+
+MimeRegistryMessageFilter::MimeRegistryMessageFilter() {
+}
+
+MimeRegistryMessageFilter::~MimeRegistryMessageFilter() {
+}
+
+void MimeRegistryMessageFilter::OverrideThreadForMessage(
+ const IPC::Message& message,
+ BrowserThread::ID* thread) {
+ if (IPC_MESSAGE_CLASS(message) == MimeRegistryMsgStart)
+ *thread = BrowserThread::FILE;
+}
+
+bool MimeRegistryMessageFilter::OnMessageReceived(const IPC::Message& message,
+ bool* message_was_ok) {
+ bool handled = true;
+ IPC_BEGIN_MESSAGE_MAP_EX(MimeRegistryMessageFilter, message, *message_was_ok)
+ IPC_MESSAGE_HANDLER(MimeRegistryMsg_GetMimeTypeFromExtension,
+ OnGetMimeTypeFromExtension)
+ IPC_MESSAGE_HANDLER(MimeRegistryMsg_GetMimeTypeFromFile,
+ OnGetMimeTypeFromFile)
+ IPC_MESSAGE_HANDLER(MimeRegistryMsg_GetPreferredExtensionForMimeType,
+ OnGetPreferredExtensionForMimeType)
+ IPC_MESSAGE_UNHANDLED(handled = false)
+ IPC_END_MESSAGE_MAP()
+ return handled;
+}
+
+void MimeRegistryMessageFilter::OnGetMimeTypeFromExtension(
+ const FilePath::StringType& ext, std::string* mime_type) {
+ net::GetMimeTypeFromExtension(ext, mime_type);
+}
+
+void MimeRegistryMessageFilter::OnGetMimeTypeFromFile(
+ const FilePath& file_path, std::string* mime_type) {
+ net::GetMimeTypeFromFile(file_path, mime_type);
+}
+
+void MimeRegistryMessageFilter::OnGetPreferredExtensionForMimeType(
+ const std::string& mime_type, FilePath::StringType* extension) {
+ net::GetPreferredExtensionForMimeType(mime_type, extension);
+}
diff --git a/content/browser/mime_registry_message_filter.h b/content/browser/mime_registry_message_filter.h
new file mode 100644
index 0000000..87b5b24d
--- /dev/null
+++ b/content/browser/mime_registry_message_filter.h
@@ -0,0 +1,31 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_BROWSER_MIME_REGISTRY_MESSAGE_FILTER_H_
+#define CONTENT_BROWSER_MIME_REGISTRY_MESSAGE_FILTER_H_
+
+#include "base/file_path.h"
+#include "chrome/browser/browser_message_filter.h"
+
+class MimeRegistryMessageFilter : public BrowserMessageFilter {
+ public:
+ MimeRegistryMessageFilter();
+
+ virtual void OverrideThreadForMessage(const IPC::Message& message,
+ BrowserThread::ID* thread);
+ virtual bool OnMessageReceived(const IPC::Message& message,
+ bool* message_was_ok);
+
+ private:
+ ~MimeRegistryMessageFilter();
+
+ void OnGetMimeTypeFromExtension(const FilePath::StringType& ext,
+ std::string* mime_type);
+ void OnGetMimeTypeFromFile(const FilePath& file_path,
+ std::string* mime_type);
+ void OnGetPreferredExtensionForMimeType(const std::string& mime_type,
+ FilePath::StringType* extension);
+};
+
+#endif // CONTENT_BROWSER_MIME_REGISTRY_MESSAGE_FILTER_H_
diff --git a/content/browser/modal_html_dialog_delegate.cc b/content/browser/modal_html_dialog_delegate.cc
new file mode 100644
index 0000000..0f2ca4d
--- /dev/null
+++ b/content/browser/modal_html_dialog_delegate.cc
@@ -0,0 +1,77 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/modal_html_dialog_delegate.h"
+
+#include <string>
+
+#include "chrome/browser/browser_list.h"
+#include "chrome/common/notification_source.h"
+#include "content/browser/renderer_host/render_view_host.h"
+#include "content/browser/tab_contents/tab_contents.h"
+#include "ui/gfx/size.h"
+
+ModalHtmlDialogDelegate::ModalHtmlDialogDelegate(
+ const GURL& url, int width, int height, const std::string& json_arguments,
+ IPC::Message* sync_result, TabContents* contents)
+ : contents_(contents),
+ sync_response_(sync_result) {
+ // Listen for when the TabContents or its renderer dies.
+ registrar_.Add(this, NotificationType::TAB_CONTENTS_DISCONNECTED,
+ Source<TabContents>(contents_));
+
+ // This information is needed to show the dialog HTML content.
+ params_.url = url;
+ params_.height = height;
+ params_.width = width;
+ params_.json_input = json_arguments;
+}
+
+ModalHtmlDialogDelegate::~ModalHtmlDialogDelegate() {
+}
+
+void ModalHtmlDialogDelegate::Observe(NotificationType type,
+ const NotificationSource& source,
+ const NotificationDetails& details) {
+ DCHECK(type == NotificationType::TAB_CONTENTS_DISCONNECTED);
+ DCHECK(Source<TabContents>(source).ptr() == contents_);
+ registrar_.RemoveAll();
+ contents_ = NULL;
+}
+
+bool ModalHtmlDialogDelegate::IsDialogModal() const {
+ return true;
+}
+
+std::wstring ModalHtmlDialogDelegate::GetDialogTitle() const {
+ return L"Gears";
+}
+
+GURL ModalHtmlDialogDelegate::GetDialogContentURL() const {
+ return params_.url;
+}
+
+void ModalHtmlDialogDelegate::GetDialogSize(gfx::Size* size) const {
+ size->set_width(params_.width);
+ size->set_height(params_.height);
+}
+
+std::string ModalHtmlDialogDelegate::GetDialogArgs() const {
+ return params_.json_input;
+}
+
+void ModalHtmlDialogDelegate::OnDialogClosed(const std::string& json_retval) {
+ // Our TabContents may have died before this point.
+ if (contents_ && contents_->render_view_host()) {
+ contents_->render_view_host()->ModalHTMLDialogClosed(sync_response_,
+ json_retval);
+ }
+
+ // We are done with this request, so delete us.
+ delete this;
+}
+
+bool ModalHtmlDialogDelegate::ShouldShowDialogTitle() const {
+ return true;
+}
diff --git a/content/browser/modal_html_dialog_delegate.h b/content/browser/modal_html_dialog_delegate.h
new file mode 100644
index 0000000..642acd8
--- /dev/null
+++ b/content/browser/modal_html_dialog_delegate.h
@@ -0,0 +1,68 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_BROWSER_MODAL_HTML_DIALOG_DELEGATE_H_
+#define CONTENT_BROWSER_MODAL_HTML_DIALOG_DELEGATE_H_
+#pragma once
+
+#include <vector>
+
+#include "chrome/browser/webui/html_dialog_ui.h"
+#include "chrome/common/notification_observer.h"
+#include "chrome/common/notification_registrar.h"
+
+namespace gfx {
+class Size;
+}
+
+namespace IPC {
+class Message;
+}
+
+// This class can only be used on the UI thread.
+class ModalHtmlDialogDelegate
+ : public HtmlDialogUIDelegate,
+ public NotificationObserver {
+ public:
+ ModalHtmlDialogDelegate(const GURL& url,
+ int width, int height,
+ const std::string& json_arguments,
+ IPC::Message* sync_result,
+ TabContents* contents);
+ ~ModalHtmlDialogDelegate();
+
+ // Notification service callback.
+ virtual void Observe(NotificationType type,
+ const NotificationSource& source,
+ const NotificationDetails& details);
+
+ // HTMLDialogUIDelegate implementation:
+ virtual bool IsDialogModal() const;
+ virtual std::wstring GetDialogTitle() const;
+ virtual GURL GetDialogContentURL() const;
+ virtual void GetWebUIMessageHandlers(
+ std::vector<WebUIMessageHandler*>* handlers) const { }
+ virtual void GetDialogSize(gfx::Size* size) const;
+ virtual std::string GetDialogArgs() const;
+ virtual void OnDialogClosed(const std::string& json_retval);
+ virtual void OnCloseContents(TabContents* source, bool* out_close_dialog) { }
+ virtual bool ShouldShowDialogTitle() const;
+
+ private:
+ NotificationRegistrar registrar_;
+
+ // The TabContents that opened the dialog.
+ TabContents* contents_;
+
+ // The parameters needed to display a modal HTML dialog.
+ HtmlDialogUI::HtmlDialogParams params_;
+
+ // Once we get our reply in OnModalDialogResponse we'll need to respond to the
+ // plugin using this |sync_result| pointer so we store it between calls.
+ IPC::Message* sync_response_;
+
+ DISALLOW_COPY_AND_ASSIGN(ModalHtmlDialogDelegate);
+};
+
+#endif // CONTENT_BROWSER_MODAL_HTML_DIALOG_DELEGATE_H_
diff --git a/content/browser/plugin_process_host.cc b/content/browser/plugin_process_host.cc
new file mode 100644
index 0000000..215f653
--- /dev/null
+++ b/content/browser/plugin_process_host.cc
@@ -0,0 +1,478 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/plugin_process_host.h"
+
+#if defined(OS_WIN)
+#include <windows.h>
+#elif defined(OS_POSIX)
+#include <utility> // for pair<>
+#endif
+
+#include <vector>
+
+#include "app/app_switches.h"
+#include "base/command_line.h"
+#include "base/file_path.h"
+#include "base/file_util.h"
+#include "base/logging.h"
+#include "base/path_service.h"
+#include "base/string_util.h"
+#include "base/utf_string_conversions.h"
+#include "chrome/browser/chrome_plugin_browsing_context.h"
+#include "chrome/browser/net/url_request_tracking.h"
+#include "chrome/browser/plugin_download_helper.h"
+#include "chrome/browser/plugin_service.h"
+#include "chrome/browser/profiles/profile.h"
+#include "chrome/common/chrome_paths.h"
+#include "chrome/common/chrome_plugin_lib.h"
+#include "chrome/common/chrome_switches.h"
+#include "chrome/common/logging_chrome.h"
+#include "chrome/common/net/url_request_context_getter.h"
+#include "chrome/common/plugin_messages.h"
+#include "chrome/common/render_messages.h"
+#include "chrome/common/render_messages_params.h"
+#include "content/browser/browser_thread.h"
+#include "content/browser/child_process_security_policy.h"
+#include "content/browser/renderer_host/resource_dispatcher_host.h"
+#include "content/browser/renderer_host/resource_message_filter.h"
+#include "ipc/ipc_switches.h"
+#include "net/base/cookie_store.h"
+#include "net/base/io_buffer.h"
+#include "net/url_request/url_request.h"
+#include "net/url_request/url_request_context.h"
+#include "ui/base/ui_base_switches.h"
+#include "ui/gfx/native_widget_types.h"
+
+#if defined(USE_X11)
+#include "ui/gfx/gtk_native_view_id_manager.h"
+#endif
+
+#if defined(OS_MACOSX)
+#include "base/mac/mac_util.h"
+#include "chrome/common/plugin_carbon_interpose_constants_mac.h"
+#include "ui/gfx/rect.h"
+#endif
+
+static const char kDefaultPluginFinderURL[] =
+ "https://dl-ssl.google.com/edgedl/chrome/plugins/plugins2.xml";
+
+namespace {
+
+// Helper class that we pass to ResourceMessageFilter so that it can find the
+// right net::URLRequestContext for a request.
+class PluginURLRequestContextOverride
+ : public ResourceMessageFilter::URLRequestContextOverride {
+ public:
+ PluginURLRequestContextOverride() {
+ }
+
+ virtual net::URLRequestContext* GetRequestContext(
+ const ViewHostMsg_Resource_Request& resource_request) {
+ return CPBrowsingContextManager::GetInstance()->ToURLRequestContext(
+ resource_request.request_context);
+ }
+
+ private:
+ virtual ~PluginURLRequestContextOverride() {}
+};
+
+} // namespace
+
+#if defined(OS_WIN)
+void PluginProcessHost::OnPluginWindowDestroyed(HWND window, HWND parent) {
+ // The window is destroyed at this point, we just care about its parent, which
+ // is the intermediate window we created.
+ std::set<HWND>::iterator window_index =
+ plugin_parent_windows_set_.find(parent);
+ if (window_index == plugin_parent_windows_set_.end())
+ return;
+
+ plugin_parent_windows_set_.erase(window_index);
+ PostMessage(parent, WM_CLOSE, 0, 0);
+}
+
+void PluginProcessHost::OnDownloadUrl(const std::string& url,
+ int source_pid,
+ gfx::NativeWindow caller_window) {
+ PluginDownloadUrlHelper* download_url_helper =
+ new PluginDownloadUrlHelper(url, source_pid, caller_window, NULL);
+ download_url_helper->InitiateDownload(
+ Profile::GetDefaultRequestContext()->GetURLRequestContext());
+}
+
+void PluginProcessHost::AddWindow(HWND window) {
+ plugin_parent_windows_set_.insert(window);
+}
+
+#endif // defined(OS_WIN)
+
+#if defined(TOOLKIT_USES_GTK)
+void PluginProcessHost::OnMapNativeViewId(gfx::NativeViewId id,
+ gfx::PluginWindowHandle* output) {
+ *output = 0;
+ GtkNativeViewManager::GetInstance()->GetXIDForId(output, id);
+}
+#endif // defined(TOOLKIT_USES_GTK)
+
+PluginProcessHost::PluginProcessHost()
+ : BrowserChildProcessHost(
+ PLUGIN_PROCESS,
+ PluginService::GetInstance()->resource_dispatcher_host(),
+ new PluginURLRequestContextOverride()),
+ ALLOW_THIS_IN_INITIALIZER_LIST(resolve_proxy_msg_helper_(this, NULL))
+#if defined(OS_MACOSX)
+ , plugin_cursor_visible_(true)
+#endif
+{
+}
+
+PluginProcessHost::~PluginProcessHost() {
+#if defined(OS_WIN)
+ // We erase HWNDs from the plugin_parent_windows_set_ when we receive a
+ // notification that the window is being destroyed. If we don't receive this
+ // notification and the PluginProcessHost instance is being destroyed, it
+ // means that the plugin process crashed. We paint a sad face in this case in
+ // the renderer process. To ensure that the sad face shows up, and we don't
+ // leak HWNDs, we should destroy existing plugin parent windows.
+ std::set<HWND>::iterator window_index;
+ for (window_index = plugin_parent_windows_set_.begin();
+ window_index != plugin_parent_windows_set_.end();
+ window_index++) {
+ PostMessage(*window_index, WM_CLOSE, 0, 0);
+ }
+#elif defined(OS_MACOSX)
+ // If the plugin process crashed but had fullscreen windows open at the time,
+ // make sure that the menu bar is visible.
+ std::set<uint32>::iterator window_index;
+ for (window_index = plugin_fullscreen_windows_set_.begin();
+ window_index != plugin_fullscreen_windows_set_.end();
+ window_index++) {
+ if (BrowserThread::CurrentlyOn(BrowserThread::UI)) {
+ base::mac::ReleaseFullScreen(base::mac::kFullScreenModeHideAll);
+ } else {
+ BrowserThread::PostTask(
+ BrowserThread::UI, FROM_HERE,
+ NewRunnableFunction(base::mac::ReleaseFullScreen,
+ base::mac::kFullScreenModeHideAll));
+ }
+ }
+ // If the plugin hid the cursor, reset that.
+ if (!plugin_cursor_visible_) {
+ if (BrowserThread::CurrentlyOn(BrowserThread::UI)) {
+ base::mac::SetCursorVisibility(true);
+ } else {
+ BrowserThread::PostTask(
+ BrowserThread::UI, FROM_HERE,
+ NewRunnableFunction(base::mac::SetCursorVisibility,
+ true));
+ }
+ }
+#endif
+ // Cancel all pending and sent requests.
+ CancelRequests();
+}
+
+bool PluginProcessHost::Init(const webkit::npapi::WebPluginInfo& info,
+ const std::string& locale) {
+ info_ = info;
+ set_name(UTF16ToWideHack(info_.name));
+ set_version(UTF16ToWideHack(info_.version));
+
+ if (!CreateChannel())
+ return false;
+
+ // Build command line for plugin. When we have a plugin launcher, we can't
+ // allow "self" on linux and we need the real file path.
+ const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess();
+ CommandLine::StringType plugin_launcher =
+ browser_command_line.GetSwitchValueNative(switches::kPluginLauncher);
+ FilePath exe_path = GetChildPath(plugin_launcher.empty());
+ if (exe_path.empty())
+ return false;
+
+ CommandLine* cmd_line = new CommandLine(exe_path);
+ // Put the process type and plugin path first so they're easier to see
+ // in process listings using native process management tools.
+ cmd_line->AppendSwitchASCII(switches::kProcessType, switches::kPluginProcess);
+ cmd_line->AppendSwitchPath(switches::kPluginPath, info.path);
+
+ if (logging::DialogsAreSuppressed())
+ cmd_line->AppendSwitch(switches::kNoErrorDialogs);
+
+ // Propagate the following switches to the plugin command line (along with
+ // any associated values) if present in the browser command line
+ static const char* const kSwitchNames[] = {
+ switches::kPluginStartupDialog,
+ switches::kNoSandbox,
+ switches::kSafePlugins,
+ switches::kTestSandbox,
+ switches::kUserAgent,
+ switches::kDisableBreakpad,
+ switches::kFullMemoryCrashReport,
+ switches::kEnableLogging,
+ switches::kDisableLogging,
+ switches::kLoggingLevel,
+ switches::kLogPluginMessages,
+ switches::kUserDataDir,
+ switches::kEnableDCHECK,
+ switches::kSilentDumpOnDCHECK,
+ switches::kMemoryProfiling,
+ switches::kUseLowFragHeapCrt,
+ switches::kEnableStatsTable,
+ switches::kEnableGPUPlugin,
+ switches::kUseGL,
+#if defined(OS_CHROMEOS)
+ switches::kLoginProfile,
+#endif
+ };
+
+ cmd_line->CopySwitchesFrom(browser_command_line, kSwitchNames,
+ arraysize(kSwitchNames));
+
+ // If specified, prepend a launcher program to the command line.
+ if (!plugin_launcher.empty())
+ cmd_line->PrependWrapper(plugin_launcher);
+
+ if (!locale.empty()) {
+ // Pass on the locale so the null plugin will use the right language in the
+ // prompt to install the desired plugin.
+ cmd_line->AppendSwitchASCII(switches::kLang, locale);
+ }
+
+ // Gears requires the data dir to be available on startup.
+ FilePath data_dir =
+ PluginService::GetInstance()->GetChromePluginDataDir();
+ DCHECK(!data_dir.empty());
+ cmd_line->AppendSwitchPath(switches::kPluginDataDir, data_dir);
+
+ cmd_line->AppendSwitchASCII(switches::kProcessChannelID, channel_id());
+
+ SetCrashReporterCommandLine(cmd_line);
+
+#if defined(OS_POSIX)
+ base::environment_vector env;
+#if defined(OS_MACOSX) && !defined(__LP64__)
+ // Add our interposing library for Carbon. This is stripped back out in
+ // plugin_main.cc, so changes here should be reflected there.
+ std::string interpose_list(plugin_interpose_strings::kInterposeLibraryPath);
+ const char* existing_list =
+ getenv(plugin_interpose_strings::kDYLDInsertLibrariesKey);
+ if (existing_list) {
+ interpose_list.insert(0, ":");
+ interpose_list.insert(0, existing_list);
+ }
+ env.push_back(std::pair<std::string, std::string>(
+ plugin_interpose_strings::kDYLDInsertLibrariesKey,
+ interpose_list));
+#endif
+#endif
+
+ Launch(
+#if defined(OS_WIN)
+ FilePath(),
+#elif defined(OS_POSIX)
+ false,
+ env,
+#endif
+ cmd_line);
+
+ return true;
+}
+
+void PluginProcessHost::ForceShutdown() {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+ Send(new PluginProcessMsg_NotifyRenderersOfPendingShutdown());
+ BrowserChildProcessHost::ForceShutdown();
+}
+
+void PluginProcessHost::OnProcessLaunched() {
+ FilePath gears_path;
+ if (PathService::Get(chrome::FILE_GEARS_PLUGIN, &gears_path)) {
+ FilePath::StringType gears_path_lc = StringToLowerASCII(gears_path.value());
+ FilePath::StringType plugin_path_lc =
+ StringToLowerASCII(info_.path.value());
+ if (plugin_path_lc == gears_path_lc) {
+ // Give Gears plugins "background" priority. See http://b/1280317.
+ SetProcessBackgrounded();
+ }
+ }
+}
+
+bool PluginProcessHost::OnMessageReceived(const IPC::Message& msg) {
+ bool handled = true;
+ IPC_BEGIN_MESSAGE_MAP(PluginProcessHost, msg)
+ IPC_MESSAGE_HANDLER(PluginProcessHostMsg_ChannelCreated, OnChannelCreated)
+ IPC_MESSAGE_HANDLER(PluginProcessHostMsg_GetPluginFinderUrl,
+ OnGetPluginFinderUrl)
+ IPC_MESSAGE_HANDLER(PluginProcessHostMsg_PluginMessage, OnPluginMessage)
+ IPC_MESSAGE_HANDLER(PluginProcessHostMsg_GetCookies, OnGetCookies)
+ IPC_MESSAGE_HANDLER(PluginProcessHostMsg_AccessFiles, OnAccessFiles)
+ IPC_MESSAGE_HANDLER_DELAY_REPLY(PluginProcessHostMsg_ResolveProxy,
+ OnResolveProxy)
+#if defined(OS_WIN)
+ IPC_MESSAGE_HANDLER(PluginProcessHostMsg_PluginWindowDestroyed,
+ OnPluginWindowDestroyed)
+ IPC_MESSAGE_HANDLER(PluginProcessHostMsg_DownloadUrl, OnDownloadUrl)
+#endif
+#if defined(TOOLKIT_USES_GTK)
+ IPC_MESSAGE_HANDLER(PluginProcessHostMsg_MapNativeViewId,
+ OnMapNativeViewId)
+#endif
+#if defined(OS_MACOSX)
+ IPC_MESSAGE_HANDLER(PluginProcessHostMsg_PluginSelectWindow,
+ OnPluginSelectWindow)
+ IPC_MESSAGE_HANDLER(PluginProcessHostMsg_PluginShowWindow,
+ OnPluginShowWindow)
+ IPC_MESSAGE_HANDLER(PluginProcessHostMsg_PluginHideWindow,
+ OnPluginHideWindow)
+ IPC_MESSAGE_HANDLER(PluginProcessHostMsg_PluginSetCursorVisibility,
+ OnPluginSetCursorVisibility)
+#endif
+ IPC_MESSAGE_UNHANDLED(handled = false)
+ IPC_END_MESSAGE_MAP()
+
+ DCHECK(handled);
+ return handled;
+}
+
+void PluginProcessHost::OnChannelConnected(int32 peer_pid) {
+ for (size_t i = 0; i < pending_requests_.size(); ++i) {
+ RequestPluginChannel(pending_requests_[i]);
+ }
+
+ pending_requests_.clear();
+}
+
+void PluginProcessHost::OnChannelError() {
+ CancelRequests();
+}
+
+bool PluginProcessHost::CanShutdown() {
+ return sent_requests_.empty();
+}
+
+void PluginProcessHost::CancelRequests() {
+ for (size_t i = 0; i < pending_requests_.size(); ++i)
+ pending_requests_[i]->OnError();
+ pending_requests_.clear();
+
+ while (!sent_requests_.empty()) {
+ sent_requests_.front()->OnError();
+ sent_requests_.pop();
+ }
+}
+
+void PluginProcessHost::OpenChannelToPlugin(Client* client) {
+ InstanceCreated();
+ client->SetPluginInfo(info_);
+ if (opening_channel()) {
+ // The channel is already in the process of being opened. Put
+ // this "open channel" request into a queue of requests that will
+ // be run once the channel is open.
+ pending_requests_.push_back(client);
+ return;
+ }
+
+ // We already have an open channel, send a request right away to plugin.
+ RequestPluginChannel(client);
+}
+
+void PluginProcessHost::OnGetCookies(uint32 request_context,
+ const GURL& url,
+ std::string* cookies) {
+ net::URLRequestContext* context = CPBrowsingContextManager::GetInstance()->
+ ToURLRequestContext(request_context);
+ // TODO(mpcomplete): remove fallback case when Gears support is prevalent.
+ if (!context)
+ context = Profile::GetDefaultRequestContext()->GetURLRequestContext();
+
+ // Note: We don't have a first_party_for_cookies check because plugins bypass
+ // third-party cookie blocking.
+ if (context && context->cookie_store()) {
+ *cookies = context->cookie_store()->GetCookies(url);
+ } else {
+ DLOG(ERROR) << "Could not serve plugin cookies request.";
+ cookies->clear();
+ }
+}
+
+void PluginProcessHost::OnAccessFiles(int renderer_id,
+ const std::vector<std::string>& files,
+ bool* allowed) {
+ ChildProcessSecurityPolicy* policy =
+ ChildProcessSecurityPolicy::GetInstance();
+
+ for (size_t i = 0; i < files.size(); ++i) {
+ const FilePath path = FilePath::FromWStringHack(UTF8ToWide(files[i]));
+ if (!policy->CanReadFile(renderer_id, path)) {
+ VLOG(1) << "Denied unauthorized request for file " << files[i];
+ *allowed = false;
+ return;
+ }
+ }
+
+ *allowed = true;
+}
+
+void PluginProcessHost::OnResolveProxy(const GURL& url,
+ IPC::Message* reply_msg) {
+ resolve_proxy_msg_helper_.Start(url, reply_msg);
+}
+
+void PluginProcessHost::OnResolveProxyCompleted(IPC::Message* reply_msg,
+ int result,
+ const std::string& proxy_list) {
+ PluginProcessHostMsg_ResolveProxy::WriteReplyParams(
+ reply_msg, result, proxy_list);
+ Send(reply_msg);
+}
+
+void PluginProcessHost::RequestPluginChannel(Client* client) {
+ // We can't send any sync messages from the browser because it might lead to
+ // a hang. However this async messages must be answered right away by the
+ // plugin process (i.e. unblocks a Send() call like a sync message) otherwise
+ // a deadlock can occur if the plugin creation request from the renderer is
+ // a result of a sync message by the plugin process.
+ PluginProcessMsg_CreateChannel* msg =
+ new PluginProcessMsg_CreateChannel(client->ID(),
+ client->OffTheRecord());
+ msg->set_unblock(true);
+ if (Send(msg)) {
+ sent_requests_.push(client);
+ } else {
+ client->OnError();
+ }
+}
+
+void PluginProcessHost::OnChannelCreated(
+ const IPC::ChannelHandle& channel_handle) {
+ Client* client = sent_requests_.front();
+
+ client->OnChannelOpened(channel_handle);
+ sent_requests_.pop();
+}
+
+void PluginProcessHost::OnGetPluginFinderUrl(std::string* plugin_finder_url) {
+ if (!plugin_finder_url) {
+ NOTREACHED();
+ return;
+ }
+
+ // TODO(iyengar) Add the plumbing to retrieve the default
+ // plugin finder URL.
+ *plugin_finder_url = kDefaultPluginFinderURL;
+}
+
+void PluginProcessHost::OnPluginMessage(
+ const std::vector<uint8>& data) {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+
+ ChromePluginLib *chrome_plugin = ChromePluginLib::Find(info_.path);
+ if (chrome_plugin) {
+ void *data_ptr = const_cast<void*>(reinterpret_cast<const void*>(&data[0]));
+ uint32 data_len = static_cast<uint32>(data.size());
+ chrome_plugin->functions().on_message(data_ptr, data_len);
+ }
+}
diff --git a/content/browser/plugin_process_host.h b/content/browser/plugin_process_host.h
new file mode 100644
index 0000000..ad44aae6
--- /dev/null
+++ b/content/browser/plugin_process_host.h
@@ -0,0 +1,177 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_BROWSER_PLUGIN_PROCESS_HOST_H_
+#define CONTENT_BROWSER_PLUGIN_PROCESS_HOST_H_
+#pragma once
+
+#include "build/build_config.h"
+
+#include <queue>
+#include <set>
+#include <string>
+#include <vector>
+
+#include "base/basictypes.h"
+#include "base/ref_counted.h"
+#include "chrome/browser/net/resolve_proxy_msg_helper.h"
+#include "content/browser/browser_child_process_host.h"
+#include "ui/gfx/native_widget_types.h"
+#include "webkit/plugins/npapi/webplugininfo.h"
+
+namespace gfx {
+class Rect;
+}
+
+namespace IPC {
+struct ChannelHandle;
+}
+
+class GURL;
+
+// Represents the browser side of the browser <--> plugin communication
+// channel. Different plugins run in their own process, but multiple instances
+// of the same plugin run in the same process. There will be one
+// PluginProcessHost per plugin process, matched with a corresponding
+// PluginProcess running in the plugin process. The browser is responsible for
+// starting the plugin process when a plugin is created that doesn't already
+// have a process. After that, most of the communication is directly between
+// the renderer and plugin processes.
+class PluginProcessHost : public BrowserChildProcessHost,
+ public ResolveProxyMsgHelper::Delegate {
+ public:
+ class Client {
+ public:
+ // Returns a opaque unique identifier for the process requesting
+ // the channel.
+ virtual int ID() = 0;
+ virtual bool OffTheRecord() = 0;
+ virtual void SetPluginInfo(const webkit::npapi::WebPluginInfo& info) = 0;
+ // The client should delete itself when one of these methods is called.
+ virtual void OnChannelOpened(const IPC::ChannelHandle& handle) = 0;
+ virtual void OnError() = 0;
+
+ protected:
+ virtual ~Client() {}
+ };
+
+ PluginProcessHost();
+ virtual ~PluginProcessHost();
+
+ // Initialize the new plugin process, returning true on success. This must
+ // be called before the object can be used.
+ bool Init(const webkit::npapi::WebPluginInfo& info, const std::string& locale);
+
+ // Force the plugin process to shutdown (cleanly).
+ virtual void ForceShutdown();
+
+ virtual bool OnMessageReceived(const IPC::Message& msg);
+ virtual void OnChannelConnected(int32 peer_pid);
+ virtual void OnChannelError();
+
+ // ResolveProxyMsgHelper::Delegate implementation:
+ virtual void OnResolveProxyCompleted(IPC::Message* reply_msg,
+ int result,
+ const std::string& proxy_list);
+
+ // Tells the plugin process to create a new channel for communication with a
+ // renderer. When the plugin process responds with the channel name,
+ // OnChannelOpened in the client is called.
+ void OpenChannelToPlugin(Client* client);
+
+ // This function is called on the IO thread once we receive a reply from the
+ // modal HTML dialog (in the form of a JSON string). This function forwards
+ // that reply back to the plugin that requested the dialog.
+ void OnModalDialogResponse(const std::string& json_retval,
+ IPC::Message* sync_result);
+
+#if defined(OS_MACOSX)
+ // This function is called on the IO thread when the browser becomes the
+ // active application.
+ void OnAppActivation();
+#endif
+
+ const webkit::npapi::WebPluginInfo& info() const { return info_; }
+
+#if defined(OS_WIN)
+ // Tracks plugin parent windows created on the browser UI thread.
+ void AddWindow(HWND window);
+#endif
+
+ private:
+ friend class PluginResolveProxyHelper;
+
+ // Sends a message to the plugin process to request creation of a new channel
+ // for the given mime type.
+ void RequestPluginChannel(Client* client);
+
+ virtual void OnProcessLaunched();
+
+ // Message handlers.
+ void OnChannelCreated(const IPC::ChannelHandle& channel_handle);
+ void OnGetPluginFinderUrl(std::string* plugin_finder_url);
+ void OnGetCookies(uint32 request_context, const GURL& url,
+ std::string* cookies);
+ void OnAccessFiles(int renderer_id, const std::vector<std::string>& files,
+ bool* allowed);
+ void OnResolveProxy(const GURL& url, IPC::Message* reply_msg);
+ void OnPluginMessage(const std::vector<uint8>& data);
+
+#if defined(OS_WIN)
+ void OnPluginWindowDestroyed(HWND window, HWND parent);
+ void OnDownloadUrl(const std::string& url, int source_child_unique_id,
+ gfx::NativeWindow caller_window);
+#endif
+
+#if defined(USE_X11)
+ void OnMapNativeViewId(gfx::NativeViewId id, gfx::PluginWindowHandle* output);
+#endif
+
+#if defined(OS_MACOSX)
+ void OnPluginSelectWindow(uint32 window_id, gfx::Rect window_rect,
+ bool modal);
+ void OnPluginShowWindow(uint32 window_id, gfx::Rect window_rect,
+ bool modal);
+ void OnPluginHideWindow(uint32 window_id, gfx::Rect window_rect);
+ void OnPluginSetCursorVisibility(bool visible);
+#endif
+
+ virtual bool CanShutdown();
+
+ void CancelRequests();
+
+ // These are channel requests that we are waiting to send to the
+ // plugin process once the channel is opened.
+ std::vector<Client*> pending_requests_;
+
+ // These are the channel requests that we have already sent to
+ // the plugin process, but haven't heard back about yet.
+ std::queue<Client*> sent_requests_;
+
+ // Information about the plugin.
+ webkit::npapi::WebPluginInfo info_;
+
+ // Helper class for handling PluginProcessHost_ResolveProxy messages (manages
+ // the requests to the proxy service).
+ ResolveProxyMsgHelper resolve_proxy_msg_helper_;
+
+#if defined(OS_WIN)
+ // Tracks plugin parent windows created on the UI thread.
+ std::set<HWND> plugin_parent_windows_set_;
+#endif
+#if defined(OS_MACOSX)
+ // Tracks plugin windows currently visible.
+ std::set<uint32> plugin_visible_windows_set_;
+ // Tracks full screen windows currently visible.
+ std::set<uint32> plugin_fullscreen_windows_set_;
+ // Tracks modal windows currently visible.
+ std::set<uint32> plugin_modal_windows_set_;
+ // Tracks the current visibility of the cursor.
+ bool plugin_cursor_visible_;
+#endif
+
+ DISALLOW_COPY_AND_ASSIGN(PluginProcessHost);
+};
+
+#endif // CONTENT_BROWSER_PLUGIN_PROCESS_HOST_H_
diff --git a/content/browser/plugin_process_host_mac.cc b/content/browser/plugin_process_host_mac.cc
new file mode 100644
index 0000000..b329f2b
--- /dev/null
+++ b/content/browser/plugin_process_host_mac.cc
@@ -0,0 +1,111 @@
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <Carbon/Carbon.h>
+
+#include "build/build_config.h"
+
+#include <vector>
+
+#include "base/logging.h"
+#include "base/mac/mac_util.h"
+#include "chrome/common/plugin_messages.h"
+#include "content/browser/browser_thread.h"
+#include "content/browser/plugin_process_host.h"
+#include "ui/gfx/rect.h"
+
+void PluginProcessHost::OnPluginSelectWindow(uint32 window_id,
+ gfx::Rect window_rect,
+ bool modal) {
+ plugin_visible_windows_set_.insert(window_id);
+ if (modal)
+ plugin_modal_windows_set_.insert(window_id);
+}
+
+void PluginProcessHost::OnPluginShowWindow(uint32 window_id,
+ gfx::Rect window_rect,
+ bool modal) {
+ plugin_visible_windows_set_.insert(window_id);
+ if (modal)
+ plugin_modal_windows_set_.insert(window_id);
+ CGRect window_bounds = {
+ { window_rect.x(), window_rect.y() },
+ { window_rect.width(), window_rect.height() }
+ };
+ CGRect main_display_bounds = CGDisplayBounds(CGMainDisplayID());
+ if (CGRectEqualToRect(window_bounds, main_display_bounds) &&
+ (plugin_fullscreen_windows_set_.find(window_id) ==
+ plugin_fullscreen_windows_set_.end())) {
+ plugin_fullscreen_windows_set_.insert(window_id);
+ // If the plugin has just shown a window that's the same dimensions as
+ // the main display, hide the menubar so that it has the whole screen.
+ // (but only if we haven't already seen this fullscreen window, since
+ // otherwise our refcounting can get skewed).
+ BrowserThread::PostTask(
+ BrowserThread::UI, FROM_HERE,
+ NewRunnableFunction(base::mac::RequestFullScreen,
+ base::mac::kFullScreenModeHideAll));
+ }
+}
+
+// Must be called on the UI thread.
+// If plugin_pid is -1, the browser will be the active process on return,
+// otherwise that process will be given focus back before this function returns.
+static void ReleasePluginFullScreen(pid_t plugin_pid) {
+ // Releasing full screen only works if we are the frontmost process; grab
+ // focus, but give it back to the plugin process if requested.
+ base::mac::ActivateProcess(base::GetCurrentProcId());
+ base::mac::ReleaseFullScreen(base::mac::kFullScreenModeHideAll);
+ if (plugin_pid != -1) {
+ base::mac::ActivateProcess(plugin_pid);
+ }
+}
+
+void PluginProcessHost::OnPluginHideWindow(uint32 window_id,
+ gfx::Rect window_rect) {
+ bool had_windows = !plugin_visible_windows_set_.empty();
+ plugin_visible_windows_set_.erase(window_id);
+ bool browser_needs_activation = had_windows &&
+ plugin_visible_windows_set_.empty();
+
+ plugin_modal_windows_set_.erase(window_id);
+ if (plugin_fullscreen_windows_set_.find(window_id) !=
+ plugin_fullscreen_windows_set_.end()) {
+ plugin_fullscreen_windows_set_.erase(window_id);
+ pid_t plugin_pid = browser_needs_activation ? -1 : handle();
+ browser_needs_activation = false;
+ BrowserThread::PostTask(
+ BrowserThread::UI, FROM_HERE,
+ NewRunnableFunction(ReleasePluginFullScreen, plugin_pid));
+ }
+
+ if (browser_needs_activation) {
+ BrowserThread::PostTask(
+ BrowserThread::UI, FROM_HERE,
+ NewRunnableFunction(base::mac::ActivateProcess,
+ base::GetCurrentProcId()));
+ }
+}
+
+void PluginProcessHost::OnAppActivation() {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+
+ // If our plugin process has any modal windows up, we need to bring it forward
+ // so that they act more like an in-process modal window would.
+ if (!plugin_modal_windows_set_.empty()) {
+ BrowserThread::PostTask(
+ BrowserThread::UI, FROM_HERE,
+ NewRunnableFunction(base::mac::ActivateProcess, handle()));
+ }
+}
+
+void PluginProcessHost::OnPluginSetCursorVisibility(bool visible) {
+ if (plugin_cursor_visible_ != visible) {
+ plugin_cursor_visible_ = visible;
+ BrowserThread::PostTask(
+ BrowserThread::UI, FROM_HERE,
+ NewRunnableFunction(base::mac::SetCursorVisibility,
+ visible));
+ }
+}
diff --git a/content/browser/plugin_service.cc b/content/browser/plugin_service.cc
new file mode 100644
index 0000000..756dbac
--- /dev/null
+++ b/content/browser/plugin_service.cc
@@ -0,0 +1,584 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/plugin_service.h"
+
+#include <vector>
+
+#include "base/command_line.h"
+#include "base/path_service.h"
+#include "base/string_util.h"
+#include "base/threading/thread.h"
+#include "base/utf_string_conversions.h"
+#include "base/values.h"
+#include "base/synchronization/waitable_event.h"
+#include "chrome/browser/browser_process.h"
+#include "chrome/browser/chrome_plugin_host.h"
+#include "chrome/browser/extensions/extension_service.h"
+#include "chrome/browser/plugin_updater.h"
+#include "chrome/browser/ppapi_plugin_process_host.h"
+#include "chrome/browser/profiles/profile.h"
+#include "chrome/common/chrome_plugin_lib.h"
+#include "chrome/common/chrome_paths.h"
+#include "chrome/common/chrome_switches.h"
+#include "chrome/common/default_plugin.h"
+#include "chrome/common/extensions/extension.h"
+#include "chrome/common/gpu_plugin.h"
+#include "chrome/common/logging_chrome.h"
+#include "chrome/common/notification_type.h"
+#include "chrome/common/notification_service.h"
+#include "chrome/common/pepper_plugin_registry.h"
+#include "chrome/common/plugin_messages.h"
+#include "chrome/common/render_messages.h"
+#include "content/browser/browser_thread.h"
+#include "content/browser/renderer_host/render_process_host.h"
+#include "content/browser/renderer_host/render_view_host.h"
+#include "webkit/plugins/npapi/plugin_constants_win.h"
+#include "webkit/plugins/npapi/plugin_list.h"
+#include "webkit/plugins/npapi/webplugininfo.h"
+
+#if defined(OS_CHROMEOS)
+#include "chrome/browser/chromeos/plugin_selection_policy.h"
+#endif
+
+#if defined(OS_MACOSX)
+static void NotifyPluginsOfActivation() {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+
+ for (BrowserChildProcessHost::Iterator iter(ChildProcessInfo::PLUGIN_PROCESS);
+ !iter.Done(); ++iter) {
+ PluginProcessHost* plugin = static_cast<PluginProcessHost*>(*iter);
+ plugin->OnAppActivation();
+ }
+}
+#endif
+
+static void PurgePluginListCache(bool reload_pages) {
+ for (RenderProcessHost::iterator it = RenderProcessHost::AllHostsIterator();
+ !it.IsAtEnd(); it.Advance()) {
+ it.GetCurrentValue()->Send(new ViewMsg_PurgePluginListCache(reload_pages));
+ }
+}
+
+#if defined(OS_LINUX)
+// Delegate class for monitoring directories.
+class PluginDirWatcherDelegate : public FilePathWatcher::Delegate {
+ virtual void OnFilePathChanged(const FilePath& path) {
+ VLOG(1) << "Watched path changed: " << path.value();
+ // Make the plugin list update itself
+ webkit::npapi::PluginList::Singleton()->RefreshPlugins();
+ }
+ virtual void OnError() {
+ // TODO(pastarmovj): Add some sensible error handling. Maybe silently
+ // stopping the watcher would be enough. Or possibly restart it.
+ NOTREACHED();
+ }
+};
+#endif
+
+// static
+bool PluginService::enable_chrome_plugins_ = true;
+
+// static
+void PluginService::InitGlobalInstance(Profile* profile) {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+
+ // We first group the plugins and then figure out which groups to disable.
+ PluginUpdater::GetInstance()->DisablePluginGroupsFromPrefs(profile);
+
+ // Have Chrome plugins write their data to the profile directory.
+ GetInstance()->SetChromePluginDataDir(profile->GetPath());
+}
+
+// static
+PluginService* PluginService::GetInstance() {
+ return Singleton<PluginService>::get();
+}
+
+// static
+void PluginService::EnableChromePlugins(bool enable) {
+ enable_chrome_plugins_ = enable;
+}
+
+PluginService::PluginService()
+ : main_message_loop_(MessageLoop::current()),
+ resource_dispatcher_host_(NULL),
+ ui_locale_(g_browser_process->GetApplicationLocale()) {
+ RegisterPepperPlugins();
+
+ // Have the NPAPI plugin list search for Chrome plugins as well.
+ ChromePluginLib::RegisterPluginsWithNPAPI();
+
+ // Load any specified on the command line as well.
+ const CommandLine* command_line = CommandLine::ForCurrentProcess();
+ FilePath path = command_line->GetSwitchValuePath(switches::kLoadPlugin);
+ if (!path.empty())
+ webkit::npapi::PluginList::Singleton()->AddExtraPluginPath(path);
+ path = command_line->GetSwitchValuePath(switches::kExtraPluginDir);
+ if (!path.empty())
+ webkit::npapi::PluginList::Singleton()->AddExtraPluginDir(path);
+
+ chrome::RegisterInternalDefaultPlugin();
+
+ // Register the internal Flash and PDF, if available.
+ if (!CommandLine::ForCurrentProcess()->HasSwitch(
+ switches::kDisableInternalFlash) &&
+ PathService::Get(chrome::FILE_FLASH_PLUGIN, &path)) {
+ webkit::npapi::PluginList::Singleton()->AddExtraPluginPath(path);
+ }
+
+#if defined(OS_CHROMEOS)
+ plugin_selection_policy_ = new chromeos::PluginSelectionPolicy;
+ plugin_selection_policy_->StartInit();
+#endif
+
+ chrome::RegisterInternalGPUPlugin();
+
+ // Start watching for changes in the plugin list. This means watching
+ // for changes in the Windows registry keys and on both Windows and POSIX
+ // watch for changes in the paths that are expected to contain plugins.
+#if defined(OS_WIN)
+ hkcu_key_.Create(
+ HKEY_CURRENT_USER, webkit::npapi::kRegistryMozillaPlugins, KEY_NOTIFY);
+ hklm_key_.Create(
+ HKEY_LOCAL_MACHINE, webkit::npapi::kRegistryMozillaPlugins, KEY_NOTIFY);
+ if (hkcu_key_.StartWatching() == ERROR_SUCCESS) {
+ hkcu_event_.reset(new base::WaitableEvent(hkcu_key_.watch_event()));
+ hkcu_watcher_.StartWatching(hkcu_event_.get(), this);
+ }
+
+ if (hklm_key_.StartWatching() == ERROR_SUCCESS) {
+ hklm_event_.reset(new base::WaitableEvent(hklm_key_.watch_event()));
+ hklm_watcher_.StartWatching(hklm_event_.get(), this);
+ }
+#elif defined(OS_POSIX) && !defined(OS_MACOSX)
+ // Also find plugins in a user-specific plugins dir,
+ // e.g. ~/.config/chromium/Plugins.
+ FilePath user_data_dir;
+ if (PathService::Get(chrome::DIR_USER_DATA, &user_data_dir)) {
+ webkit::npapi::PluginList::Singleton()->AddExtraPluginDir(
+ user_data_dir.Append("Plugins"));
+ }
+#endif
+// The FilePathWatcher produces too many false positives on MacOS (access time
+// updates?) which will lead to enforcing updates of the plugins way too often.
+// On ChromeOS the user can't install plugins anyway and on Windows all
+// important plugins register themselves in the registry so no need to do that.
+#if defined(OS_LINUX)
+ file_watcher_delegate_ = new PluginDirWatcherDelegate();
+ // Get the list of all paths for registering the FilePathWatchers
+ // that will track and if needed reload the list of plugins on runtime.
+ std::vector<FilePath> plugin_dirs;
+ webkit::npapi::PluginList::Singleton()->GetPluginDirectories(
+ &plugin_dirs);
+
+ for (size_t i = 0; i < plugin_dirs.size(); ++i) {
+ FilePathWatcher* watcher = new FilePathWatcher();
+ // FilePathWatcher can not handle non-absolute paths under windows.
+ // We don't watch for file changes in windows now but if this should ever
+ // be extended to Windows these lines might save some time of debugging.
+#if defined(OS_WIN)
+ if (!plugin_dirs[i].IsAbsolute())
+ continue;
+#endif
+ VLOG(1) << "Watching for changes in: " << plugin_dirs[i].value();
+ BrowserThread::PostTask(
+ BrowserThread::FILE, FROM_HERE,
+ NewRunnableFunction(
+ &PluginService::RegisterFilePathWatcher,
+ watcher, plugin_dirs[i], file_watcher_delegate_));
+ file_watchers_.push_back(watcher);
+ }
+#endif
+ registrar_.Add(this, NotificationType::EXTENSION_LOADED,
+ NotificationService::AllSources());
+ registrar_.Add(this, NotificationType::EXTENSION_UNLOADED,
+ NotificationService::AllSources());
+#if defined(OS_MACOSX)
+ // We need to know when the browser comes forward so we can bring modal plugin
+ // windows forward too.
+ registrar_.Add(this, NotificationType::APP_ACTIVATED,
+ NotificationService::AllSources());
+#endif
+ registrar_.Add(this, NotificationType::PLUGIN_ENABLE_STATUS_CHANGED,
+ NotificationService::AllSources());
+ registrar_.Add(this,
+ NotificationType::RENDERER_PROCESS_CLOSED,
+ NotificationService::AllSources());
+}
+
+PluginService::~PluginService() {
+#if defined(OS_WIN)
+ // Release the events since they're owned by RegKey, not WaitableEvent.
+ hkcu_watcher_.StopWatching();
+ hklm_watcher_.StopWatching();
+ if (hkcu_event_.get())
+ hkcu_event_->Release();
+ if (hklm_event_.get())
+ hklm_event_->Release();
+#endif
+}
+
+void PluginService::LoadChromePlugins(
+ ResourceDispatcherHost* resource_dispatcher_host) {
+ if (!enable_chrome_plugins_)
+ return;
+
+ resource_dispatcher_host_ = resource_dispatcher_host;
+ ChromePluginLib::LoadChromePlugins(GetCPBrowserFuncsForBrowser());
+}
+
+void PluginService::SetChromePluginDataDir(const FilePath& data_dir) {
+ chrome_plugin_data_dir_ = data_dir;
+}
+
+const FilePath& PluginService::GetChromePluginDataDir() {
+ return chrome_plugin_data_dir_;
+}
+
+const std::string& PluginService::GetUILocale() {
+ return ui_locale_;
+}
+
+PluginProcessHost* PluginService::FindNpapiPluginProcess(
+ const FilePath& plugin_path) {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+
+ for (BrowserChildProcessHost::Iterator iter(ChildProcessInfo::PLUGIN_PROCESS);
+ !iter.Done(); ++iter) {
+ PluginProcessHost* plugin = static_cast<PluginProcessHost*>(*iter);
+ if (plugin->info().path == plugin_path)
+ return plugin;
+ }
+
+ return NULL;
+}
+
+PpapiPluginProcessHost* PluginService::FindPpapiPluginProcess(
+ const FilePath& plugin_path) {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+
+ for (BrowserChildProcessHost::Iterator iter(
+ ChildProcessInfo::PPAPI_PLUGIN_PROCESS);
+ !iter.Done(); ++iter) {
+ PpapiPluginProcessHost* plugin =
+ static_cast<PpapiPluginProcessHost*>(*iter);
+ if (plugin->plugin_path() == plugin_path)
+ return plugin;
+ }
+
+ return NULL;
+}
+
+PluginProcessHost* PluginService::FindOrStartNpapiPluginProcess(
+ const FilePath& plugin_path) {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+
+ PluginProcessHost* plugin_host = FindNpapiPluginProcess(plugin_path);
+ if (plugin_host)
+ return plugin_host;
+
+ webkit::npapi::WebPluginInfo info;
+ if (!webkit::npapi::PluginList::Singleton()->GetPluginInfoByPath(
+ plugin_path, &info)) {
+ return NULL;
+ }
+
+ // This plugin isn't loaded by any plugin process, so create a new process.
+ scoped_ptr<PluginProcessHost> new_host(new PluginProcessHost());
+ if (!new_host->Init(info, ui_locale_)) {
+ NOTREACHED(); // Init is not expected to fail.
+ return NULL;
+ }
+ return new_host.release();
+}
+
+PpapiPluginProcessHost* PluginService::FindOrStartPpapiPluginProcess(
+ const FilePath& plugin_path) {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+
+ PpapiPluginProcessHost* plugin_host = FindPpapiPluginProcess(plugin_path);
+ if (plugin_host)
+ return plugin_host;
+
+ // Validate that the plugin is actually registered. There should generally
+ // be very few plugins so a brute-force search is fine.
+ PepperPluginInfo* info = NULL;
+ for (size_t i = 0; i < ppapi_plugins_.size(); i++) {
+ if (ppapi_plugins_[i].path == plugin_path) {
+ info = &ppapi_plugins_[i];
+ break;
+ }
+ }
+ if (!info)
+ return NULL;
+
+ // This plugin isn't loaded by any plugin process, so create a new process.
+ scoped_ptr<PpapiPluginProcessHost> new_host(new PpapiPluginProcessHost);
+ if (!new_host->Init(plugin_path)) {
+ NOTREACHED(); // Init is not expected to fail.
+ return NULL;
+ }
+ return new_host.release();
+}
+
+void PluginService::OpenChannelToNpapiPlugin(
+ int render_process_id,
+ int render_view_id,
+ const GURL& url,
+ const std::string& mime_type,
+ PluginProcessHost::Client* client) {
+ // The PluginList::GetFirstAllowedPluginInfo may need to load the
+ // plugins. Don't do it on the IO thread.
+ BrowserThread::PostTask(
+ BrowserThread::FILE, FROM_HERE,
+ NewRunnableMethod(
+ this, &PluginService::GetAllowedPluginForOpenChannelToPlugin,
+ render_process_id, render_view_id, url, mime_type, client));
+}
+
+void PluginService::OpenChannelToPpapiPlugin(
+ const FilePath& path,
+ PpapiPluginProcessHost::Client* client) {
+ PpapiPluginProcessHost* plugin_host = FindOrStartPpapiPluginProcess(path);
+ if (plugin_host)
+ plugin_host->OpenChannelToPlugin(client);
+ else // Send error.
+ client->OnChannelOpened(base::kNullProcessHandle, IPC::ChannelHandle());
+}
+
+void PluginService::GetAllowedPluginForOpenChannelToPlugin(
+ int render_process_id,
+ int render_view_id,
+ const GURL& url,
+ const std::string& mime_type,
+ PluginProcessHost::Client* client) {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE));
+ webkit::npapi::WebPluginInfo info;
+ bool found = GetFirstAllowedPluginInfo(
+ render_process_id, render_view_id, url, mime_type, &info, NULL);
+ FilePath plugin_path;
+ if (found && webkit::npapi::IsPluginEnabled(info))
+ plugin_path = FilePath(info.path);
+
+ // Now we jump back to the IO thread to finish opening the channel.
+ BrowserThread::PostTask(
+ BrowserThread::IO, FROM_HERE,
+ NewRunnableMethod(
+ this, &PluginService::FinishOpenChannelToPlugin,
+ plugin_path, client));
+}
+
+void PluginService::FinishOpenChannelToPlugin(
+ const FilePath& plugin_path,
+ PluginProcessHost::Client* client) {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+
+ PluginProcessHost* plugin_host = FindOrStartNpapiPluginProcess(plugin_path);
+ if (plugin_host)
+ plugin_host->OpenChannelToPlugin(client);
+ else
+ client->OnError();
+}
+
+bool PluginService::GetFirstAllowedPluginInfo(
+ int render_process_id,
+ int render_view_id,
+ const GURL& url,
+ const std::string& mime_type,
+ webkit::npapi::WebPluginInfo* info,
+ std::string* actual_mime_type) {
+ // GetPluginInfoArray may need to load the plugins, so we need to be
+ // on the FILE thread.
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE));
+ bool allow_wildcard = true;
+#if defined(OS_CHROMEOS)
+ std::vector<webkit::npapi::WebPluginInfo> info_array;
+ std::vector<std::string> actual_mime_types;
+ webkit::npapi::PluginList::Singleton()->GetPluginInfoArray(
+ url, mime_type, allow_wildcard, &info_array, &actual_mime_types);
+
+ // Now we filter by the plugin selection policy.
+ int allowed_index = plugin_selection_policy_->FindFirstAllowed(url,
+ info_array);
+ if (!info_array.empty() && allowed_index >= 0) {
+ *info = info_array[allowed_index];
+ if (actual_mime_type)
+ *actual_mime_type = actual_mime_types[allowed_index];
+ return true;
+ }
+ return false;
+#else
+ {
+ base::AutoLock auto_lock(overridden_plugins_lock_);
+ for (size_t i = 0; i < overridden_plugins_.size(); ++i) {
+ if (overridden_plugins_[i].render_process_id == render_process_id &&
+ overridden_plugins_[i].render_view_id == render_view_id &&
+ overridden_plugins_[i].url == url) {
+ if (actual_mime_type)
+ *actual_mime_type = mime_type;
+ *info = overridden_plugins_[i].plugin;
+ return true;
+ }
+ }
+ }
+ return webkit::npapi::PluginList::Singleton()->GetPluginInfo(
+ url, mime_type, allow_wildcard, info, actual_mime_type);
+#endif
+}
+
+void PluginService::OnWaitableEventSignaled(
+ base::WaitableEvent* waitable_event) {
+#if defined(OS_WIN)
+ if (waitable_event == hkcu_event_.get()) {
+ hkcu_key_.StartWatching();
+ } else {
+ hklm_key_.StartWatching();
+ }
+
+ webkit::npapi::PluginList::Singleton()->RefreshPlugins();
+ PurgePluginListCache(true);
+#else
+ // This event should only get signaled on a Windows machine.
+ NOTREACHED();
+#endif // defined(OS_WIN)
+}
+
+static void ForceShutdownPlugin(const FilePath& plugin_path) {
+ PluginProcessHost* plugin =
+ PluginService::GetInstance()->FindNpapiPluginProcess(plugin_path);
+ if (plugin)
+ plugin->ForceShutdown();
+}
+
+void PluginService::Observe(NotificationType type,
+ const NotificationSource& source,
+ const NotificationDetails& details) {
+ switch (type.value) {
+ case NotificationType::EXTENSION_LOADED: {
+ const Extension* extension = Details<const Extension>(details).ptr();
+ bool plugins_changed = false;
+ for (size_t i = 0; i < extension->plugins().size(); ++i) {
+ const Extension::PluginInfo& plugin = extension->plugins()[i];
+ webkit::npapi::PluginList::Singleton()->RefreshPlugins();
+ webkit::npapi::PluginList::Singleton()->AddExtraPluginPath(plugin.path);
+ plugins_changed = true;
+ if (!plugin.is_public)
+ private_plugins_[plugin.path] = extension->url();
+ }
+ if (plugins_changed)
+ PurgePluginListCache(false);
+ break;
+ }
+
+ case NotificationType::EXTENSION_UNLOADED: {
+ const Extension* extension =
+ Details<UnloadedExtensionInfo>(details)->extension;
+ bool plugins_changed = false;
+ for (size_t i = 0; i < extension->plugins().size(); ++i) {
+ const Extension::PluginInfo& plugin = extension->plugins()[i];
+ BrowserThread::PostTask(BrowserThread::IO, FROM_HERE,
+ NewRunnableFunction(&ForceShutdownPlugin,
+ plugin.path));
+ webkit::npapi::PluginList::Singleton()->RefreshPlugins();
+ webkit::npapi::PluginList::Singleton()->RemoveExtraPluginPath(
+ plugin.path);
+ plugins_changed = true;
+ if (!plugin.is_public)
+ private_plugins_.erase(plugin.path);
+ }
+ if (plugins_changed)
+ PurgePluginListCache(false);
+ break;
+ }
+
+#if defined(OS_MACOSX)
+ case NotificationType::APP_ACTIVATED: {
+ BrowserThread::PostTask(BrowserThread::IO, FROM_HERE,
+ NewRunnableFunction(&NotifyPluginsOfActivation));
+ break;
+ }
+#endif
+
+ case NotificationType::PLUGIN_ENABLE_STATUS_CHANGED: {
+ webkit::npapi::PluginList::Singleton()->RefreshPlugins();
+ PurgePluginListCache(false);
+ break;
+ }
+ case NotificationType::RENDERER_PROCESS_CLOSED: {
+ int render_process_id = Source<RenderProcessHost>(source).ptr()->id();
+
+ base::AutoLock auto_lock(overridden_plugins_lock_);
+ for (size_t i = 0; i < overridden_plugins_.size(); ++i) {
+ if (overridden_plugins_[i].render_process_id == render_process_id) {
+ overridden_plugins_.erase(overridden_plugins_.begin() + i);
+ break;
+ }
+ }
+ break;
+ }
+ default:
+ NOTREACHED();
+ }
+}
+
+bool PluginService::PrivatePluginAllowedForURL(const FilePath& plugin_path,
+ const GURL& url) {
+ if (url.is_empty())
+ return true; // Caller wants all plugins.
+
+ PrivatePluginMap::iterator it = private_plugins_.find(plugin_path);
+ if (it == private_plugins_.end())
+ return true; // This plugin is not private, so it's allowed everywhere.
+
+ // We do a dumb compare of scheme and host, rather than using the domain
+ // service, since we only care about this for extensions.
+ const GURL& required_url = it->second;
+ return (url.scheme() == required_url.scheme() &&
+ url.host() == required_url.host());
+}
+
+void PluginService::OverridePluginForTab(OverriddenPlugin plugin) {
+ base::AutoLock auto_lock(overridden_plugins_lock_);
+ overridden_plugins_.push_back(plugin);
+}
+
+void PluginService::RegisterPepperPlugins() {
+ PepperPluginRegistry::ComputeList(&ppapi_plugins_);
+ for (size_t i = 0; i < ppapi_plugins_.size(); ++i) {
+ webkit::npapi::WebPluginInfo info;
+ info.path = ppapi_plugins_[i].path;
+ info.name = ppapi_plugins_[i].name.empty() ?
+ ppapi_plugins_[i].path.BaseName().LossyDisplayName() :
+ ASCIIToUTF16(ppapi_plugins_[i].name);
+ info.desc = ASCIIToUTF16(ppapi_plugins_[i].description);
+ info.version = ASCIIToUTF16(ppapi_plugins_[i].version);
+ info.enabled = webkit::npapi::WebPluginInfo::USER_ENABLED_POLICY_UNMANAGED;
+
+ // TODO(evan): Pepper shouldn't require us to parse strings to get
+ // the list of mime types out.
+ if (!webkit::npapi::PluginList::ParseMimeTypes(
+ JoinString(ppapi_plugins_[i].mime_types, '|'),
+ ppapi_plugins_[i].file_extensions,
+ ASCIIToUTF16(ppapi_plugins_[i].type_descriptions),
+ &info.mime_types)) {
+ LOG(ERROR) << "Error parsing mime types for "
+ << ppapi_plugins_[i].path.LossyDisplayName();
+ return;
+ }
+
+ webkit::npapi::PluginList::Singleton()->RegisterInternalPlugin(info);
+ }
+}
+
+#if defined(OS_LINUX)
+// static
+void PluginService::RegisterFilePathWatcher(
+ FilePathWatcher *watcher,
+ const FilePath& path,
+ FilePathWatcher::Delegate* delegate) {
+ bool result = watcher->Watch(path, delegate);
+ DCHECK(result);
+}
+#endif
diff --git a/content/browser/plugin_service.h b/content/browser/plugin_service.h
new file mode 100644
index 0000000..f9bc49cd
--- /dev/null
+++ b/content/browser/plugin_service.h
@@ -0,0 +1,232 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// This class responds to requests from renderers for the list of plugins, and
+// also a proxy object for plugin instances.
+
+#ifndef CONTENT_BROWSER_PLUGIN_SERVICE_H_
+#define CONTENT_BROWSER_PLUGIN_SERVICE_H_
+#pragma once
+
+#include <string>
+
+#include "base/basictypes.h"
+#include "base/file_path.h"
+#include "base/hash_tables.h"
+#include "base/scoped_vector.h"
+#include "base/singleton.h"
+#include "base/synchronization/lock.h"
+#include "base/synchronization/waitable_event_watcher.h"
+#include "build/build_config.h"
+#include "chrome/common/notification_observer.h"
+#include "chrome/common/notification_registrar.h"
+#include "content/browser/plugin_process_host.h"
+#include "content/browser/ppapi_plugin_process_host.h"
+#include "googleurl/src/gurl.h"
+#include "ipc/ipc_channel_handle.h"
+#include "webkit/plugins/npapi/webplugininfo.h"
+
+#if defined(OS_WIN)
+#include "base/scoped_ptr.h"
+#include "base/win/registry.h"
+#endif
+
+#if defined(OS_LINUX)
+#include "chrome/browser/file_path_watcher/file_path_watcher.h"
+#endif
+
+#if defined(OS_CHROMEOS)
+namespace chromeos {
+class PluginSelectionPolicy;
+}
+#endif
+
+namespace IPC {
+class Message;
+}
+
+class MessageLoop;
+struct PepperPluginInfo;
+class PluginDirWatcherDelegate;
+class Profile;
+class ResourceDispatcherHost;
+
+namespace net {
+class URLRequestContext;
+} // namespace net
+
+// This must be created on the main thread but it's only called on the IO/file
+// thread.
+class PluginService
+ : public base::WaitableEventWatcher::Delegate,
+ public NotificationObserver {
+ public:
+ struct OverriddenPlugin {
+ int render_process_id;
+ int render_view_id;
+ GURL url;
+ webkit::npapi::WebPluginInfo plugin;
+ };
+
+ // Initializes the global instance; should be called on startup from the main
+ // thread.
+ static void InitGlobalInstance(Profile* profile);
+
+ // Returns the PluginService singleton.
+ static PluginService* GetInstance();
+
+ // Load all the plugins that should be loaded for the lifetime of the browser
+ // (ie, with the LoadOnStartup flag set).
+ void LoadChromePlugins(ResourceDispatcherHost* resource_dispatcher_host);
+
+ // Sets/gets the data directory that Chrome plugins should use to store
+ // persistent data.
+ void SetChromePluginDataDir(const FilePath& data_dir);
+ const FilePath& GetChromePluginDataDir();
+
+ // Gets the browser's UI locale.
+ const std::string& GetUILocale();
+
+ // Returns the plugin process host corresponding to the plugin process that
+ // has been started by this service. Returns NULL if no process has been
+ // started.
+ PluginProcessHost* FindNpapiPluginProcess(const FilePath& plugin_path);
+ PpapiPluginProcessHost* FindPpapiPluginProcess(const FilePath& plugin_path);
+
+ // Returns the plugin process host corresponding to the plugin process that
+ // has been started by this service. This will start a process to host the
+ // 'plugin_path' if needed. If the process fails to start, the return value
+ // is NULL. Must be called on the IO thread.
+ PluginProcessHost* FindOrStartNpapiPluginProcess(
+ const FilePath& plugin_path);
+ PpapiPluginProcessHost* FindOrStartPpapiPluginProcess(
+ const FilePath& plugin_path);
+
+ // Opens a channel to a plugin process for the given mime type, starting
+ // a new plugin process if necessary. This must be called on the IO thread
+ // or else a deadlock can occur.
+ void OpenChannelToNpapiPlugin(int render_process_id,
+ int render_view_id,
+ const GURL& url,
+ const std::string& mime_type,
+ PluginProcessHost::Client* client);
+ void OpenChannelToPpapiPlugin(const FilePath& path,
+ PpapiPluginProcessHost::Client* client);
+
+ // Gets the first allowed plugin in the list of plugins that matches
+ // the given url and mime type. Must be called on the FILE thread.
+ bool GetFirstAllowedPluginInfo(int render_process_id,
+ int render_view_id,
+ const GURL& url,
+ const std::string& mime_type,
+ webkit::npapi::WebPluginInfo* info,
+ std::string* actual_mime_type);
+
+ // Returns true if the given plugin is allowed to be used by a page with
+ // the given URL.
+ bool PrivatePluginAllowedForURL(const FilePath& plugin_path, const GURL& url);
+
+ // Safe to be called from any thread.
+ void OverridePluginForTab(OverriddenPlugin plugin);
+
+ // The UI thread's message loop
+ MessageLoop* main_message_loop() { return main_message_loop_; }
+
+ ResourceDispatcherHost* resource_dispatcher_host() const {
+ return resource_dispatcher_host_;
+ }
+
+ static void EnableChromePlugins(bool enable);
+
+ private:
+ friend struct DefaultSingletonTraits<PluginService>;
+
+ // Creates the PluginService object, but doesn't actually build the plugin
+ // list yet. It's generated lazily.
+ PluginService();
+ ~PluginService();
+
+ // base::WaitableEventWatcher::Delegate implementation.
+ virtual void OnWaitableEventSignaled(base::WaitableEvent* waitable_event);
+
+ // NotificationObserver implementation
+ virtual void Observe(NotificationType type, const NotificationSource& source,
+ const NotificationDetails& details);
+
+ void RegisterPepperPlugins();
+
+ // Helper so we can do the plugin lookup on the FILE thread.
+ void GetAllowedPluginForOpenChannelToPlugin(
+ int render_process_id,
+ int render_view_id,
+ const GURL& url,
+ const std::string& mime_type,
+ PluginProcessHost::Client* client);
+
+ // Helper so we can finish opening the channel after looking up the
+ // plugin.
+ void FinishOpenChannelToPlugin(
+ const FilePath& plugin_path,
+ PluginProcessHost::Client* client);
+
+#if defined(OS_LINUX)
+ // Registers a new FilePathWatcher for a given path.
+ static void RegisterFilePathWatcher(
+ FilePathWatcher* watcher,
+ const FilePath& path,
+ FilePathWatcher::Delegate* delegate);
+#endif
+
+ // The main thread's message loop.
+ MessageLoop* main_message_loop_;
+
+ // The IO thread's resource dispatcher host.
+ ResourceDispatcherHost* resource_dispatcher_host_;
+
+ // The data directory that Chrome plugins should use to store persistent data.
+ FilePath chrome_plugin_data_dir_;
+
+ // The browser's UI locale.
+ const std::string ui_locale_;
+
+ // Map of plugin paths to the origin they are restricted to. Used for
+ // extension-only plugins.
+ typedef base::hash_map<FilePath, GURL> PrivatePluginMap;
+ PrivatePluginMap private_plugins_;
+
+ NotificationRegistrar registrar_;
+
+#if defined(OS_CHROMEOS)
+ scoped_refptr<chromeos::PluginSelectionPolicy> plugin_selection_policy_;
+#endif
+
+#if defined(OS_WIN)
+ // Registry keys for getting notifications when new plugins are installed.
+ base::win::RegKey hkcu_key_;
+ base::win::RegKey hklm_key_;
+ scoped_ptr<base::WaitableEvent> hkcu_event_;
+ scoped_ptr<base::WaitableEvent> hklm_event_;
+ base::WaitableEventWatcher hkcu_watcher_;
+ base::WaitableEventWatcher hklm_watcher_;
+#endif
+
+#if defined(OS_LINUX)
+ ScopedVector<FilePathWatcher> file_watchers_;
+ scoped_refptr<PluginDirWatcherDelegate> file_watcher_delegate_;
+#endif
+
+ std::vector<PepperPluginInfo> ppapi_plugins_;
+
+ // Set to true if chrome plugins are enabled. Defaults to true.
+ static bool enable_chrome_plugins_;
+
+ std::vector<OverriddenPlugin> overridden_plugins_;
+ base::Lock overridden_plugins_lock_;
+
+ DISALLOW_COPY_AND_ASSIGN(PluginService);
+};
+
+DISABLE_RUNNABLE_METHOD_REFCOUNT(PluginService);
+
+#endif // CONTENT_BROWSER_PLUGIN_SERVICE_H_
diff --git a/content/browser/plugin_service_browsertest.cc b/content/browser/plugin_service_browsertest.cc
new file mode 100644
index 0000000..2a0edb5
--- /dev/null
+++ b/content/browser/plugin_service_browsertest.cc
@@ -0,0 +1,107 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/plugin_service.h"
+
+#include "base/auto_reset.h"
+#include "base/command_line.h"
+#include "chrome/test/in_process_browser_test.h"
+#include "chrome/test/testing_profile.h"
+#include "content/browser/browser_thread.h"
+#include "testing/gtest/include/gtest/gtest.h"
+#include "testing/gmock/include/gmock/gmock.h"
+#include "webkit/plugins/npapi/plugin_list.h"
+
+namespace {
+
+// We have to mock the Client class up in order to be able to test the
+// OpenChannelToPlugin function. The only really needed function of this mockup
+// is SetPluginInfo, which gets called in
+// PluginService::FinishOpenChannelToPlugin.
+class MockPluginProcessHostClient : public PluginProcessHost::Client {
+ public:
+ MockPluginProcessHostClient() {}
+ virtual ~MockPluginProcessHostClient() {}
+
+ MOCK_METHOD0(ID, int());
+ MOCK_METHOD0(OffTheRecord, bool());
+ MOCK_METHOD1(SetPluginInfo, void(const webkit::npapi::WebPluginInfo& info));
+ MOCK_METHOD1(OnChannelOpened, void(const IPC::ChannelHandle& handle));
+ MOCK_METHOD0(OnError, void());
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(MockPluginProcessHostClient);
+};
+
+class PluginServiceTest : public testing::Test {
+ public:
+ PluginServiceTest()
+ : message_loop_(MessageLoop::TYPE_IO),
+ ui_thread_(BrowserThread::UI, &message_loop_),
+ file_thread_(BrowserThread::FILE, &message_loop_),
+ io_thread_(BrowserThread::IO, &message_loop_) {}
+
+ virtual ~PluginServiceTest() {}
+
+ virtual void SetUp() {
+ profile_.reset(new TestingProfile());
+
+ PluginService::InitGlobalInstance(profile_.get());
+ plugin_service_ = PluginService::GetInstance();
+ ASSERT_TRUE(plugin_service_);
+ }
+
+ protected:
+ MessageLoop message_loop_;
+ PluginService* plugin_service_;
+
+ private:
+ BrowserThread ui_thread_;
+ BrowserThread file_thread_;
+ BrowserThread io_thread_;
+ scoped_ptr<TestingProfile> profile_;
+
+ DISALLOW_COPY_AND_ASSIGN(PluginServiceTest);
+};
+
+// These tests need to be implemented as in process tests because on mac os the
+// plugin loading mechanism checks whether plugin paths are in the bundle path
+// and the test fails this check when run outside of the browser process.
+IN_PROC_BROWSER_TEST_F(PluginServiceTest, StartAndFindPluginProcess) {
+ // Try to load the default plugin and if this is successful consecutive
+ // calls to FindPluginProcess should return non-zero values.
+ PluginProcessHost* default_plugin_process_host =
+ plugin_service_->FindOrStartNpapiPluginProcess(
+ FilePath(webkit::npapi::kDefaultPluginLibraryName));
+
+ EXPECT_EQ(default_plugin_process_host,
+ plugin_service_->FindNpapiPluginProcess(
+ FilePath(webkit::npapi::kDefaultPluginLibraryName)));
+}
+
+IN_PROC_BROWSER_TEST_F(PluginServiceTest, OpenChannelToPlugin) {
+ MockPluginProcessHostClient mock_client;
+ EXPECT_CALL(mock_client, SetPluginInfo(testing::_)).Times(1);
+ plugin_service_->OpenChannelToNpapiPlugin(0, 0, GURL("http://google.com/"),
+ "audio/mp3", &mock_client);
+ message_loop_.RunAllPending();
+}
+
+IN_PROC_BROWSER_TEST_F(PluginServiceTest, GetFirstAllowedPluginInfo) {
+ // on ChromeOS the plugin policy gets loaded on the FILE thread and the
+ // GetFirstAllowedPluginInfo will fail if we don't allow it to finish.
+ message_loop_.RunAllPending();
+ // We should always get a positive response no matter whether we really have
+ // a plugin to support that particular mime type because the Default plugin
+ // supports all mime types.
+ webkit::npapi::WebPluginInfo plugin_info;
+ std::string plugin_mime_type;
+ plugin_service_->GetFirstAllowedPluginInfo(0, 0, GURL("http://google.com/"),
+ "application/pdf",
+ &plugin_info,
+ &plugin_mime_type);
+ EXPECT_EQ("application/pdf", plugin_mime_type);
+}
+
+} // namespace
diff --git a/content/browser/plugin_service_unittest.cc b/content/browser/plugin_service_unittest.cc
new file mode 100644
index 0000000..0fbde87
--- /dev/null
+++ b/content/browser/plugin_service_unittest.cc
@@ -0,0 +1,62 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/plugin_service.h"
+
+#include "base/auto_reset.h"
+#include "base/command_line.h"
+#include "chrome/test/testing_profile.h"
+#include "content/browser/browser_thread.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace {
+
+class PluginServiceTest : public testing::Test {
+ public:
+ PluginServiceTest()
+ : message_loop_(MessageLoop::TYPE_IO),
+ ui_thread_(BrowserThread::UI, &message_loop_),
+ file_thread_(BrowserThread::FILE, &message_loop_),
+ io_thread_(BrowserThread::IO, &message_loop_) {}
+
+ virtual ~PluginServiceTest() {}
+
+ virtual void SetUp() {
+ profile_.reset(new TestingProfile());
+
+ PluginService::InitGlobalInstance(profile_.get());
+ plugin_service_ = PluginService::GetInstance();
+ ASSERT_TRUE(plugin_service_);
+ }
+
+ protected:
+ MessageLoop message_loop_;
+ PluginService* plugin_service_;
+
+ private:
+ BrowserThread ui_thread_;
+ BrowserThread file_thread_;
+ BrowserThread io_thread_;
+ scoped_ptr<TestingProfile> profile_;
+
+ DISALLOW_COPY_AND_ASSIGN(PluginServiceTest);
+};
+
+TEST_F(PluginServiceTest, SetGetChromePluginDataDir) {
+ // Check that after setting the same plugin dir we just read it is set
+ // correctly.
+ FilePath plugin_data_dir = plugin_service_->GetChromePluginDataDir();
+ FilePath new_plugin_data_dir(FILE_PATH_LITERAL("/a/bogus/dir"));
+ plugin_service_->SetChromePluginDataDir(new_plugin_data_dir);
+ EXPECT_EQ(new_plugin_data_dir, plugin_service_->GetChromePluginDataDir());
+ plugin_service_->SetChromePluginDataDir(plugin_data_dir);
+ EXPECT_EQ(plugin_data_dir, plugin_service_->GetChromePluginDataDir());
+}
+
+TEST_F(PluginServiceTest, GetUILocale) {
+ // Check for a non-empty locale string.
+ EXPECT_NE("", plugin_service_->GetUILocale());
+}
+
+} // namespace
diff --git a/content/browser/ppapi_plugin_process_host.cc b/content/browser/ppapi_plugin_process_host.cc
new file mode 100644
index 0000000..def01b7d
--- /dev/null
+++ b/content/browser/ppapi_plugin_process_host.cc
@@ -0,0 +1,174 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/ppapi_plugin_process_host.h"
+
+#include "base/command_line.h"
+#include "base/file_path.h"
+#include "base/process_util.h"
+#include "chrome/common/chrome_switches.h"
+#include "chrome/common/render_messages.h"
+#include "content/browser/plugin_service.h"
+#include "content/browser/renderer_host/render_message_filter.h"
+#include "ipc/ipc_switches.h"
+#include "ppapi/proxy/ppapi_messages.h"
+
+PpapiPluginProcessHost::PpapiPluginProcessHost()
+ : BrowserChildProcessHost(
+ ChildProcessInfo::PPAPI_PLUGIN_PROCESS,
+ PluginService::GetInstance()->resource_dispatcher_host()) {
+}
+
+PpapiPluginProcessHost::~PpapiPluginProcessHost() {
+ CancelRequests();
+}
+
+bool PpapiPluginProcessHost::Init(const FilePath& path) {
+ plugin_path_ = path;
+
+ if (!CreateChannel())
+ return false;
+
+ const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess();
+ CommandLine::StringType plugin_launcher =
+ browser_command_line.GetSwitchValueNative(switches::kPpapiPluginLauncher);
+
+ FilePath exe_path = ChildProcessHost::GetChildPath(plugin_launcher.empty());
+ if (exe_path.empty())
+ return false;
+
+ CommandLine* cmd_line = new CommandLine(exe_path);
+ cmd_line->AppendSwitchASCII(switches::kProcessType,
+ switches::kPpapiPluginProcess);
+ cmd_line->AppendSwitchASCII(switches::kProcessChannelID, channel_id());
+
+ if (!plugin_launcher.empty())
+ cmd_line->PrependWrapper(plugin_launcher);
+
+ // On posix, having a plugin launcher means we need to use another process
+ // instead of just forking the zygote.
+ Launch(
+#if defined(OS_WIN)
+ FilePath(),
+#elif defined(OS_POSIX)
+ plugin_launcher.empty(),
+ base::environment_vector(),
+#endif
+ cmd_line);
+ return true;
+}
+
+void PpapiPluginProcessHost::OpenChannelToPlugin(Client* client) {
+ if (opening_channel()) {
+ // The channel is already in the process of being opened. Put
+ // this "open channel" request into a queue of requests that will
+ // be run once the channel is open.
+ pending_requests_.push_back(client);
+ return;
+ }
+
+ // We already have an open channel, send a request right away to plugin.
+ RequestPluginChannel(client);
+}
+
+void PpapiPluginProcessHost::RequestPluginChannel(Client* client) {
+ base::ProcessHandle process_handle;
+ int renderer_id;
+ client->GetChannelInfo(&process_handle, &renderer_id);
+
+ // We can't send any sync messages from the browser because it might lead to
+ // a hang. See the similar code in PluginProcessHost for more description.
+ PpapiMsg_CreateChannel* msg = new PpapiMsg_CreateChannel(process_handle,
+ renderer_id);
+ msg->set_unblock(true);
+ if (Send(msg))
+ sent_requests_.push(client);
+ else
+ client->OnChannelOpened(base::kNullProcessHandle, IPC::ChannelHandle());
+}
+
+bool PpapiPluginProcessHost::CanShutdown() {
+ return true;
+}
+
+void PpapiPluginProcessHost::OnProcessLaunched() {
+}
+
+bool PpapiPluginProcessHost::OnMessageReceived(const IPC::Message& msg) {
+ bool handled = true;
+ IPC_BEGIN_MESSAGE_MAP(PpapiPluginProcessHost, msg)
+ IPC_MESSAGE_HANDLER(PpapiHostMsg_ChannelCreated,
+ OnRendererPluginChannelCreated)
+ IPC_MESSAGE_UNHANDLED(handled = false)
+ IPC_END_MESSAGE_MAP()
+ DCHECK(handled);
+ return handled;
+}
+
+// Called when the browser <--> plugin channel has been established.
+void PpapiPluginProcessHost::OnChannelConnected(int32 peer_pid) {
+ // This will actually load the plugin. Errors will actually not be reported
+ // back at this point. Instead, the plugin will fail to establish the
+ // connections when we request them on behalf of the renderer(s).
+ Send(new PpapiMsg_LoadPlugin(plugin_path_));
+
+ // Process all pending channel requests from the renderers.
+ for (size_t i = 0; i < pending_requests_.size(); i++)
+ RequestPluginChannel(pending_requests_[i]);
+ pending_requests_.clear();
+}
+
+// Called when the browser <--> plugin channel has an error. This normally
+// means the plugin has crashed.
+void PpapiPluginProcessHost::OnChannelError() {
+ // We don't need to notify the renderers that were communicating with the
+ // plugin since they have their own channels which will go into the error
+ // state at the same time. Instead, we just need to notify any renderers
+ // that have requested a connection but have not yet received one.
+ CancelRequests();
+}
+
+void PpapiPluginProcessHost::CancelRequests() {
+ for (size_t i = 0; i < pending_requests_.size(); i++) {
+ pending_requests_[i]->OnChannelOpened(base::kNullProcessHandle,
+ IPC::ChannelHandle());
+ }
+ pending_requests_.clear();
+
+ while (!sent_requests_.empty()) {
+ sent_requests_.front()->OnChannelOpened(base::kNullProcessHandle,
+ IPC::ChannelHandle());
+ sent_requests_.pop();
+ }
+}
+
+// Called when a new plugin <--> renderer channel has been created.
+void PpapiPluginProcessHost::OnRendererPluginChannelCreated(
+ const IPC::ChannelHandle& channel_handle) {
+ if (sent_requests_.empty())
+ return;
+
+ // All requests should be processed FIFO, so the next item in the
+ // sent_requests_ queue should be the one that the plugin just created.
+ Client* client = sent_requests_.front();
+ sent_requests_.pop();
+
+ // Prepare the handle to send to the renderer.
+ base::ProcessHandle plugin_process = GetChildProcessHandle();
+#if defined(OS_WIN)
+ base::ProcessHandle renderer_process;
+ int renderer_id;
+ client->GetChannelInfo(&renderer_process, &renderer_id);
+
+ base::ProcessHandle renderers_plugin_handle = NULL;
+ ::DuplicateHandle(::GetCurrentProcess(), plugin_process,
+ renderer_process, &renderers_plugin_handle,
+ 0, FALSE, DUPLICATE_SAME_ACCESS);
+#elif defined(OS_POSIX)
+ // Don't need to duplicate anything on POSIX since it's just a PID.
+ base::ProcessHandle renderers_plugin_handle = plugin_process;
+#endif
+
+ client->OnChannelOpened(renderers_plugin_handle, channel_handle);
+}
diff --git a/content/browser/ppapi_plugin_process_host.h b/content/browser/ppapi_plugin_process_host.h
new file mode 100644
index 0000000..baeaf3b
--- /dev/null
+++ b/content/browser/ppapi_plugin_process_host.h
@@ -0,0 +1,78 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_BROWSER_PPAPI_PLUGIN_PROCESS_HOST_H_
+#define CONTENT_BROWSER_PPAPI_PLUGIN_PROCESS_HOST_H_
+#pragma once
+
+#include <queue>
+
+#include "base/basictypes.h"
+#include "base/file_path.h"
+#include "content/browser/browser_child_process_host.h"
+
+class PpapiPluginProcessHost : public BrowserChildProcessHost {
+ public:
+ class Client {
+ public:
+ // Gets the information about the renderer that's requesting the channel.
+ virtual void GetChannelInfo(base::ProcessHandle* renderer_handle,
+ int* renderer_id) = 0;
+
+ // Called when the channel is asynchronously opened to the plugin or on
+ // error. On error, the parameters should be:
+ // base::kNullProcessHandle
+ // IPC::ChannelHandle()
+ virtual void OnChannelOpened(base::ProcessHandle plugin_process_handle,
+ const IPC::ChannelHandle& channel_handle) = 0;
+ };
+
+ // You must call init before doing anything else.
+ explicit PpapiPluginProcessHost();
+ virtual ~PpapiPluginProcessHost();
+
+ // Actually launches the process with the given plugin path. Returns true
+ // on success (the process was spawned).
+ bool Init(const FilePath& path);
+
+ // Opens a new channel to the plugin. The client will be notified when the
+ // channel is ready or if there's an error.
+ void OpenChannelToPlugin(Client* client);
+
+ const FilePath& plugin_path() const { return plugin_path_; }
+
+ // The client pointer must remain valid until its callback is issued.
+
+ private:
+
+ void RequestPluginChannel(Client* client);
+
+ virtual bool CanShutdown();
+ virtual void OnProcessLaunched();
+
+ virtual bool OnMessageReceived(const IPC::Message& msg);
+ virtual void OnChannelConnected(int32 peer_pid);
+ virtual void OnChannelError();
+
+ void CancelRequests();
+
+ // IPC message handlers.
+ void OnRendererPluginChannelCreated(const IPC::ChannelHandle& handle);
+
+ // Channel requests that we are waiting to send to the plugin process once
+ // the channel is opened.
+ std::vector<Client*> pending_requests_;
+
+ // Channel requests that we have already sent to the plugin process, but
+ // haven't heard back about yet.
+ std::queue<Client*> sent_requests_;
+
+ // Path to the plugin library.
+ FilePath plugin_path_;
+
+ DISALLOW_COPY_AND_ASSIGN(PpapiPluginProcessHost);
+};
+
+#endif // CONTENT_BROWSER_PPAPI_PLUGIN_PROCESS_HOST_H_
+
diff --git a/content/browser/worker.sb b/content/browser/worker.sb
new file mode 100644
index 0000000..c984670
--- /dev/null
+++ b/content/browser/worker.sb
@@ -0,0 +1,12 @@
+;;
+;; Copyright (c) 2009 The Chromium Authors. All rights reserved.
+;; Use of this source code is governed by a BSD-style license that can be
+;; found in the LICENSE file.
+;;
+; This is the Sandbox configuration file used for safeguarding the worker
+; process which is used to run web workers in a sandboxed environment.
+;
+; This is the most restrictive sandbox profile and only enables just enough
+; to allow basic use of Cocoa.
+
+; *** The contents of chrome/common/common.sb are implicitly included here. ***
\ No newline at end of file
diff --git a/content/browser/zygote_host_linux.cc b/content/browser/zygote_host_linux.cc
new file mode 100644
index 0000000..3b6f1fb
--- /dev/null
+++ b/content/browser/zygote_host_linux.cc
@@ -0,0 +1,362 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/zygote_host_linux.h"
+
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "base/command_line.h"
+#include "base/eintr_wrapper.h"
+#include "base/environment.h"
+#include "base/linux_util.h"
+#include "base/logging.h"
+#include "base/path_service.h"
+#include "base/pickle.h"
+#include "base/process_util.h"
+#include "base/string_number_conversions.h"
+#include "base/string_util.h"
+#include "base/scoped_ptr.h"
+#include "base/utf_string_conversions.h"
+#include "chrome/common/chrome_constants.h"
+#include "chrome/common/chrome_switches.h"
+#include "chrome/common/process_watcher.h"
+#include "chrome/common/result_codes.h"
+#include "chrome/common/unix_domain_socket_posix.h"
+#include "content/browser/renderer_host/render_sandbox_host_linux.h"
+#include "sandbox/linux/suid/suid_unsafe_environment_variables.h"
+
+static void SaveSUIDUnsafeEnvironmentVariables() {
+ // The ELF loader will clear many environment variables so we save them to
+ // different names here so that the SUID sandbox can resolve them for the
+ // renderer.
+
+ for (unsigned i = 0; kSUIDUnsafeEnvironmentVariables[i]; ++i) {
+ const char* const envvar = kSUIDUnsafeEnvironmentVariables[i];
+ char* const saved_envvar = SandboxSavedEnvironmentVariable(envvar);
+ if (!saved_envvar)
+ continue;
+
+ scoped_ptr<base::Environment> env(base::Environment::Create());
+ std::string value;
+ if (env->GetVar(envvar, &value))
+ env->SetVar(saved_envvar, value);
+ else
+ env->UnSetVar(saved_envvar);
+
+ free(saved_envvar);
+ }
+}
+
+ZygoteHost::ZygoteHost()
+ : control_fd_(-1),
+ pid_(-1),
+ init_(false),
+ using_suid_sandbox_(false),
+ have_read_sandbox_status_word_(false),
+ sandbox_status_(0) {
+}
+
+ZygoteHost::~ZygoteHost() {
+ if (init_)
+ close(control_fd_);
+}
+
+// static
+ZygoteHost* ZygoteHost::GetInstance() {
+ return Singleton<ZygoteHost>::get();
+}
+
+void ZygoteHost::Init(const std::string& sandbox_cmd) {
+ DCHECK(!init_);
+ init_ = true;
+
+ FilePath chrome_path;
+ CHECK(PathService::Get(base::FILE_EXE, &chrome_path));
+ CommandLine cmd_line(chrome_path);
+
+ cmd_line.AppendSwitchASCII(switches::kProcessType, switches::kZygoteProcess);
+
+ int fds[2];
+ CHECK(socketpair(PF_UNIX, SOCK_SEQPACKET, 0, fds) == 0);
+ base::file_handle_mapping_vector fds_to_map;
+ fds_to_map.push_back(std::make_pair(fds[1], 3));
+
+ const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess();
+ if (browser_command_line.HasSwitch(switches::kZygoteCmdPrefix)) {
+ cmd_line.PrependWrapper(
+ browser_command_line.GetSwitchValueNative(switches::kZygoteCmdPrefix));
+ }
+ // Append any switches from the browser process that need to be forwarded on
+ // to the zygote/renderers.
+ // Should this list be obtained from browser_render_process_host.cc?
+ static const char* kForwardSwitches[] = {
+ switches::kAllowSandboxDebugging,
+ switches::kLoggingLevel,
+ switches::kEnableLogging, // Support, e.g., --enable-logging=stderr.
+ switches::kV,
+ switches::kVModule,
+ switches::kUserDataDir, // Make logs go to the right file.
+ // Load (in-process) Pepper plugins in-process in the zygote pre-sandbox.
+ switches::kRegisterPepperPlugins,
+ switches::kDisableSeccompSandbox,
+ switches::kEnableSeccompSandbox,
+ };
+ cmd_line.CopySwitchesFrom(browser_command_line, kForwardSwitches,
+ arraysize(kForwardSwitches));
+
+ sandbox_binary_ = sandbox_cmd.c_str();
+ struct stat st;
+
+ if (!sandbox_cmd.empty() && stat(sandbox_binary_.c_str(), &st) == 0) {
+ if (access(sandbox_binary_.c_str(), X_OK) == 0 &&
+ (st.st_uid == 0) &&
+ (st.st_mode & S_ISUID) &&
+ (st.st_mode & S_IXOTH)) {
+ using_suid_sandbox_ = true;
+ cmd_line.PrependWrapper(sandbox_binary_);
+
+ SaveSUIDUnsafeEnvironmentVariables();
+ } else {
+ LOG(FATAL) << "The SUID sandbox helper binary was found, but is not "
+ "configured correctly. Rather than run without sandboxing "
+ "I'm aborting now. You need to make sure that "
+ << sandbox_binary_ << " is mode 4755 and owned by root.";
+ }
+ }
+
+ // Start up the sandbox host process and get the file descriptor for the
+ // renderers to talk to it.
+ const int sfd = RenderSandboxHostLinux::GetInstance()->GetRendererSocket();
+ fds_to_map.push_back(std::make_pair(sfd, 5));
+
+ int dummy_fd = -1;
+ if (using_suid_sandbox_) {
+ dummy_fd = socket(PF_UNIX, SOCK_DGRAM, 0);
+ CHECK(dummy_fd >= 0);
+ fds_to_map.push_back(std::make_pair(dummy_fd, 7));
+ }
+
+ base::ProcessHandle process;
+ base::LaunchApp(cmd_line.argv(), fds_to_map, false, &process);
+ CHECK(process != -1) << "Failed to launch zygote process";
+
+ if (using_suid_sandbox_) {
+ // In the SUID sandbox, the real zygote is forked from the sandbox.
+ // We need to look for it.
+ // But first, wait for the zygote to tell us it's running.
+ // The sending code is in chrome/browser/zygote_main_linux.cc.
+ std::vector<int> fds_vec;
+ const int kExpectedLength = sizeof(kZygoteMagic);
+ char buf[kExpectedLength];
+ const ssize_t len = UnixDomainSocket::RecvMsg(fds[0], buf, sizeof(buf),
+ &fds_vec);
+ CHECK(len == kExpectedLength) << "Incorrect zygote magic length";
+ CHECK(0 == strcmp(buf, kZygoteMagic)) << "Incorrect zygote magic";
+
+ std::string inode_output;
+ ino_t inode = 0;
+ // Figure out the inode for |dummy_fd|, close |dummy_fd| on our end,
+ // and find the zygote process holding |dummy_fd|.
+ if (base::FileDescriptorGetInode(&inode, dummy_fd)) {
+ close(dummy_fd);
+ std::vector<std::string> get_inode_cmdline;
+ get_inode_cmdline.push_back(sandbox_binary_);
+ get_inode_cmdline.push_back(base::kFindInodeSwitch);
+ get_inode_cmdline.push_back(base::Int64ToString(inode));
+ CommandLine get_inode_cmd(get_inode_cmdline);
+ if (base::GetAppOutput(get_inode_cmd, &inode_output)) {
+ base::StringToInt(inode_output, &pid_);
+ }
+ }
+ CHECK(pid_ > 0) << "Did not find zygote process (using sandbox binary "
+ << sandbox_binary_ << ")";
+
+ if (process != pid_) {
+ // Reap the sandbox.
+ ProcessWatcher::EnsureProcessGetsReaped(process);
+ }
+ } else {
+ // Not using the SUID sandbox.
+ pid_ = process;
+ }
+
+ close(fds[1]);
+ control_fd_ = fds[0];
+
+ Pickle pickle;
+ pickle.WriteInt(kCmdGetSandboxStatus);
+ std::vector<int> empty_fds;
+ if (!UnixDomainSocket::SendMsg(control_fd_, pickle.data(), pickle.size(),
+ empty_fds))
+ LOG(FATAL) << "Cannot communicate with zygote";
+ // We don't wait for the reply. We'll read it in ReadReply.
+}
+
+ssize_t ZygoteHost::ReadReply(void* buf, size_t buf_len) {
+ // At startup we send a kCmdGetSandboxStatus request to the zygote, but don't
+ // wait for the reply. Thus, the first time that we read from the zygote, we
+ // get the reply to that request.
+ if (!have_read_sandbox_status_word_) {
+ if (HANDLE_EINTR(read(control_fd_, &sandbox_status_,
+ sizeof(sandbox_status_))) !=
+ sizeof(sandbox_status_)) {
+ return -1;
+ }
+ have_read_sandbox_status_word_ = true;
+ }
+
+ return HANDLE_EINTR(read(control_fd_, buf, buf_len));
+}
+
+pid_t ZygoteHost::ForkRenderer(
+ const std::vector<std::string>& argv,
+ const base::GlobalDescriptors::Mapping& mapping) {
+ DCHECK(init_);
+ Pickle pickle;
+
+ pickle.WriteInt(kCmdFork);
+ pickle.WriteInt(argv.size());
+ for (std::vector<std::string>::const_iterator
+ i = argv.begin(); i != argv.end(); ++i)
+ pickle.WriteString(*i);
+
+ pickle.WriteInt(mapping.size());
+
+ std::vector<int> fds;
+ for (base::GlobalDescriptors::Mapping::const_iterator
+ i = mapping.begin(); i != mapping.end(); ++i) {
+ pickle.WriteUInt32(i->first);
+ fds.push_back(i->second);
+ }
+
+ pid_t pid;
+ {
+ base::AutoLock lock(control_lock_);
+ if (!UnixDomainSocket::SendMsg(control_fd_, pickle.data(), pickle.size(),
+ fds))
+ return base::kNullProcessHandle;
+
+ if (ReadReply(&pid, sizeof(pid)) != sizeof(pid))
+ return base::kNullProcessHandle;
+ if (pid <= 0)
+ return base::kNullProcessHandle;
+ }
+
+ const int kRendererScore = 5;
+ AdjustRendererOOMScore(pid, kRendererScore);
+
+ return pid;
+}
+
+void ZygoteHost::AdjustRendererOOMScore(base::ProcessHandle pid, int score) {
+ // 1) You can't change the oom_adj of a non-dumpable process (EPERM) unless
+ // you're root. Because of this, we can't set the oom_adj from the browser
+ // process.
+ //
+ // 2) We can't set the oom_adj before entering the sandbox because the
+ // zygote is in the sandbox and the zygote is as critical as the browser
+ // process. Its oom_adj value shouldn't be changed.
+ //
+ // 3) A non-dumpable process can't even change its own oom_adj because it's
+ // root owned 0644. The sandboxed processes don't even have /proc, but one
+ // could imagine passing in a descriptor from outside.
+ //
+ // So, in the normal case, we use the SUID binary to change it for us.
+ // However, Fedora (and other SELinux systems) don't like us touching other
+ // process's oom_adj values
+ // (https://bugzilla.redhat.com/show_bug.cgi?id=581256).
+ //
+ // The offical way to get the SELinux mode is selinux_getenforcemode, but I
+ // don't want to add another library to the build as it's sure to cause
+ // problems with other, non-SELinux distros.
+ //
+ // So we just check for /selinux. This isn't foolproof, but it's not bad
+ // and it's easy.
+
+ static bool selinux;
+ static bool selinux_valid = false;
+
+ if (!selinux_valid) {
+ selinux = access("/selinux", X_OK) == 0;
+ selinux_valid = true;
+ }
+
+ if (using_suid_sandbox_ && !selinux) {
+ base::ProcessHandle sandbox_helper_process;
+ std::vector<std::string> adj_oom_score_cmdline;
+
+ adj_oom_score_cmdline.push_back(sandbox_binary_);
+ adj_oom_score_cmdline.push_back(base::kAdjustOOMScoreSwitch);
+ adj_oom_score_cmdline.push_back(base::Int64ToString(pid));
+ adj_oom_score_cmdline.push_back(base::IntToString(score));
+ CommandLine adj_oom_score_cmd(adj_oom_score_cmdline);
+ if (base::LaunchApp(adj_oom_score_cmd, false, true,
+ &sandbox_helper_process)) {
+ ProcessWatcher::EnsureProcessGetsReaped(sandbox_helper_process);
+ }
+ } else if (!using_suid_sandbox_) {
+ if (!base::AdjustOOMScore(pid, score))
+ PLOG(ERROR) << "Failed to adjust OOM score of renderer with pid " << pid;
+ }
+}
+
+void ZygoteHost::EnsureProcessTerminated(pid_t process) {
+ DCHECK(init_);
+ Pickle pickle;
+
+ pickle.WriteInt(kCmdReap);
+ pickle.WriteInt(process);
+
+ if (HANDLE_EINTR(write(control_fd_, pickle.data(), pickle.size())) < 0)
+ PLOG(ERROR) << "write";
+}
+
+base::TerminationStatus ZygoteHost::GetTerminationStatus(
+ base::ProcessHandle handle,
+ int* exit_code) {
+ DCHECK(init_);
+ Pickle pickle;
+ pickle.WriteInt(kCmdGetTerminationStatus);
+ pickle.WriteInt(handle);
+
+ // Set this now to handle the early termination cases.
+ if (exit_code)
+ *exit_code = ResultCodes::NORMAL_EXIT;
+
+ static const unsigned kMaxMessageLength = 128;
+ char buf[kMaxMessageLength];
+ ssize_t len;
+ {
+ base::AutoLock lock(control_lock_);
+ if (HANDLE_EINTR(write(control_fd_, pickle.data(), pickle.size())) < 0)
+ PLOG(ERROR) << "write";
+
+ len = ReadReply(buf, sizeof(buf));
+ }
+
+ if (len == -1) {
+ LOG(WARNING) << "Error reading message from zygote: " << errno;
+ return base::TERMINATION_STATUS_NORMAL_TERMINATION;
+ } else if (len == 0) {
+ LOG(WARNING) << "Socket closed prematurely.";
+ return base::TERMINATION_STATUS_NORMAL_TERMINATION;
+ }
+
+ Pickle read_pickle(buf, len);
+ int status, tmp_exit_code;
+ void* iter = NULL;
+ if (!read_pickle.ReadInt(&iter, &status) ||
+ !read_pickle.ReadInt(&iter, &tmp_exit_code)) {
+ LOG(WARNING) << "Error parsing GetTerminationStatus response from zygote.";
+ return base::TERMINATION_STATUS_NORMAL_TERMINATION;
+ }
+
+ if (exit_code)
+ *exit_code = tmp_exit_code;
+
+ return static_cast<base::TerminationStatus>(status);
+}
diff --git a/content/browser/zygote_host_linux.h b/content/browser/zygote_host_linux.h
new file mode 100644
index 0000000..5ead5f59
--- /dev/null
+++ b/content/browser/zygote_host_linux.h
@@ -0,0 +1,98 @@
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_BROWSER_ZYGOTE_HOST_LINUX_H_
+#define CONTENT_BROWSER_ZYGOTE_HOST_LINUX_H_
+#pragma once
+
+#include <unistd.h>
+
+#include <string>
+#include <vector>
+
+#include "base/global_descriptors_posix.h"
+#include "base/process.h"
+#include "base/process_util.h"
+#include "base/synchronization/lock.h"
+
+template<typename Type>
+struct DefaultSingletonTraits;
+
+static const char kZygoteMagic[] = "ZYGOTE_OK";
+
+// http://code.google.com/p/chromium/wiki/LinuxZygote
+
+// The zygote host is the interface, in the browser process, to the zygote
+// process.
+class ZygoteHost {
+ public:
+ // Returns the singleton instance.
+ static ZygoteHost* GetInstance();
+
+ void Init(const std::string& sandbox_cmd);
+
+ // Tries to start a renderer process. Returns its pid on success, otherwise
+ // base::kNullProcessHandle;
+ pid_t ForkRenderer(const std::vector<std::string>& command_line,
+ const base::GlobalDescriptors::Mapping& mapping);
+ void EnsureProcessTerminated(pid_t process);
+
+ // Get the termination status (and, optionally, the exit code) of
+ // the process. |exit_code| is set to the exit code of the child
+ // process. (|exit_code| may be NULL.)
+ base::TerminationStatus GetTerminationStatus(base::ProcessHandle handle,
+ int* exit_code);
+
+ // These are the command codes used on the wire between the browser and the
+ // zygote.
+ enum {
+ kCmdFork = 0, // Fork off a new renderer.
+ kCmdReap = 1, // Reap a renderer child.
+ kCmdGetTerminationStatus = 2, // Check what happend to a child process.
+ kCmdGetSandboxStatus = 3, // Read a bitmask of kSandbox*
+ };
+
+ // These form a bitmask which describes the conditions of the sandbox that
+ // the zygote finds itself in.
+ enum {
+ kSandboxSUID = 1 << 0, // SUID sandbox active
+ kSandboxPIDNS = 1 << 1, // SUID sandbox is using the PID namespace
+ kSandboxNetNS = 1 << 2, // SUID sandbox is using the network namespace
+ kSandboxSeccomp = 1 << 3, // seccomp sandbox active.
+ };
+
+ pid_t pid() const { return pid_; }
+
+ // Returns an int which is a bitmask of kSandbox* values. Only valid after
+ // the first render has been forked.
+ int sandbox_status() const {
+ if (have_read_sandbox_status_word_)
+ return sandbox_status_;
+ return 0;
+ }
+
+ // Adjust the OOM score of the given renderer's PID.
+ void AdjustRendererOOMScore(base::ProcessHandle process_handle, int score);
+
+ private:
+ friend struct DefaultSingletonTraits<ZygoteHost>;
+ ZygoteHost();
+ ~ZygoteHost();
+
+ ssize_t ReadReply(void* buf, size_t buflen);
+
+ int control_fd_; // the socket to the zygote
+ // A lock protecting all communication with the zygote. This lock must be
+ // acquired before sending a command and released after the result has been
+ // received.
+ base::Lock control_lock_;
+ pid_t pid_;
+ bool init_;
+ bool using_suid_sandbox_;
+ std::string sandbox_binary_;
+ bool have_read_sandbox_status_word_;
+ int sandbox_status_;
+};
+
+#endif // CONTENT_BROWSER_ZYGOTE_HOST_LINUX_H_
diff --git a/content/browser/zygote_main_linux.cc b/content/browser/zygote_main_linux.cc
new file mode 100644
index 0000000..188ad34
--- /dev/null
+++ b/content/browser/zygote_main_linux.cc
@@ -0,0 +1,753 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <dlfcn.h>
+#include <fcntl.h>
+#include <pthread.h>
+#include <sys/epoll.h>
+#include <sys/prctl.h>
+#include <sys/signal.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#if defined(CHROMIUM_SELINUX)
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+#endif
+
+#include "content/browser/zygote_host_linux.h"
+
+#include "base/basictypes.h"
+#include "base/command_line.h"
+#include "base/eintr_wrapper.h"
+#include "base/file_path.h"
+#include "base/global_descriptors_posix.h"
+#include "base/hash_tables.h"
+#include "base/linux_util.h"
+#include "base/path_service.h"
+#include "base/pickle.h"
+#include "base/process_util.h"
+#include "base/rand_util.h"
+#include "base/scoped_ptr.h"
+#include "base/sys_info.h"
+#include "build/build_config.h"
+#include "chrome/common/chrome_descriptors.h"
+#include "chrome/common/chrome_switches.h"
+#include "chrome/common/font_config_ipc_linux.h"
+#include "chrome/common/main_function_params.h"
+#include "chrome/common/pepper_plugin_registry.h"
+#include "chrome/common/process_watcher.h"
+#include "chrome/common/result_codes.h"
+#include "chrome/common/sandbox_methods_linux.h"
+#include "chrome/common/set_process_title.h"
+#include "chrome/common/unix_domain_socket_posix.h"
+#include "media/base/media.h"
+#include "seccompsandbox/sandbox.h"
+#include "skia/ext/SkFontHost_fontconfig_control.h"
+#include "unicode/timezone.h"
+
+#if defined(ARCH_CPU_X86_FAMILY) && !defined(CHROMIUM_SELINUX) && \
+ !defined(__clang__)
+// The seccomp sandbox is enabled on all ia32 and x86-64 processor as long as
+// we aren't using SELinux or clang.
+#define SECCOMP_SANDBOX
+#endif
+
+// http://code.google.com/p/chromium/wiki/LinuxZygote
+
+static const int kBrowserDescriptor = 3;
+static const int kMagicSandboxIPCDescriptor = 5;
+static const int kZygoteIdDescriptor = 7;
+static bool g_suid_sandbox_active = false;
+#if defined(SECCOMP_SANDBOX)
+// |g_proc_fd| is used only by the seccomp sandbox.
+static int g_proc_fd = -1;
+#endif
+
+#if defined(CHROMIUM_SELINUX)
+static void SELinuxTransitionToTypeOrDie(const char* type) {
+ security_context_t security_context;
+ if (getcon(&security_context))
+ LOG(FATAL) << "Cannot get SELinux context";
+
+ context_t context = context_new(security_context);
+ context_type_set(context, type);
+ const int r = setcon(context_str(context));
+ context_free(context);
+ freecon(security_context);
+
+ if (r) {
+ LOG(FATAL) << "dynamic transition to type '" << type << "' failed. "
+ "(this binary has been built with SELinux support, but maybe "
+ "the policies haven't been loaded into the kernel?)";
+ }
+}
+#endif // CHROMIUM_SELINUX
+
+// This is the object which implements the zygote. The ZygoteMain function,
+// which is called from ChromeMain, simply constructs one of these objects and
+// runs it.
+class Zygote {
+ public:
+ explicit Zygote(int sandbox_flags)
+ : sandbox_flags_(sandbox_flags) {
+ }
+
+ bool ProcessRequests() {
+ // A SOCK_SEQPACKET socket is installed in fd 3. We get commands from the
+ // browser on it.
+ // A SOCK_DGRAM is installed in fd 5. This is the sandbox IPC channel.
+ // See http://code.google.com/p/chromium/wiki/LinuxSandboxIPC
+
+ // We need to accept SIGCHLD, even though our handler is a no-op because
+ // otherwise we cannot wait on children. (According to POSIX 2001.)
+ struct sigaction action;
+ memset(&action, 0, sizeof(action));
+ action.sa_handler = SIGCHLDHandler;
+ CHECK(sigaction(SIGCHLD, &action, NULL) == 0);
+
+ if (g_suid_sandbox_active) {
+ // Let the ZygoteHost know we are ready to go.
+ // The receiving code is in chrome/browser/zygote_host_linux.cc.
+ std::vector<int> empty;
+ bool r = UnixDomainSocket::SendMsg(kBrowserDescriptor, kZygoteMagic,
+ sizeof(kZygoteMagic), empty);
+ CHECK(r) << "Sending zygote magic failed";
+ }
+
+ for (;;) {
+ // This function call can return multiple times, once per fork().
+ if (HandleRequestFromBrowser(kBrowserDescriptor))
+ return true;
+ }
+ }
+
+ private:
+ // See comment below, where sigaction is called.
+ static void SIGCHLDHandler(int signal) { }
+
+ // ---------------------------------------------------------------------------
+ // Requests from the browser...
+
+ // Read and process a request from the browser. Returns true if we are in a
+ // new process and thus need to unwind back into ChromeMain.
+ bool HandleRequestFromBrowser(int fd) {
+ std::vector<int> fds;
+ static const unsigned kMaxMessageLength = 1024;
+ char buf[kMaxMessageLength];
+ const ssize_t len = UnixDomainSocket::RecvMsg(fd, buf, sizeof(buf), &fds);
+
+ if (len == 0 || (len == -1 && errno == ECONNRESET)) {
+ // EOF from the browser. We should die.
+ _exit(0);
+ return false;
+ }
+
+ if (len == -1) {
+ PLOG(ERROR) << "Error reading message from browser";
+ return false;
+ }
+
+ Pickle pickle(buf, len);
+ void* iter = NULL;
+
+ int kind;
+ if (pickle.ReadInt(&iter, &kind)) {
+ switch (kind) {
+ case ZygoteHost::kCmdFork:
+ // This function call can return multiple times, once per fork().
+ return HandleForkRequest(fd, pickle, iter, fds);
+ case ZygoteHost::kCmdReap:
+ if (!fds.empty())
+ break;
+ HandleReapRequest(fd, pickle, iter);
+ return false;
+ case ZygoteHost::kCmdGetTerminationStatus:
+ if (!fds.empty())
+ break;
+ HandleGetTerminationStatus(fd, pickle, iter);
+ return false;
+ case ZygoteHost::kCmdGetSandboxStatus:
+ HandleGetSandboxStatus(fd, pickle, iter);
+ return false;
+ default:
+ NOTREACHED();
+ break;
+ }
+ }
+
+ LOG(WARNING) << "Error parsing message from browser";
+ for (std::vector<int>::const_iterator
+ i = fds.begin(); i != fds.end(); ++i)
+ close(*i);
+ return false;
+ }
+
+ void HandleReapRequest(int fd, const Pickle& pickle, void* iter) {
+ base::ProcessId child;
+ base::ProcessId actual_child;
+
+ if (!pickle.ReadInt(&iter, &child)) {
+ LOG(WARNING) << "Error parsing reap request from browser";
+ return;
+ }
+
+ if (g_suid_sandbox_active) {
+ actual_child = real_pids_to_sandbox_pids[child];
+ if (!actual_child)
+ return;
+ real_pids_to_sandbox_pids.erase(child);
+ } else {
+ actual_child = child;
+ }
+
+ ProcessWatcher::EnsureProcessTerminated(actual_child);
+ }
+
+ void HandleGetTerminationStatus(int fd, const Pickle& pickle, void* iter) {
+ base::ProcessHandle child;
+
+ if (!pickle.ReadInt(&iter, &child)) {
+ LOG(WARNING) << "Error parsing GetTerminationStatus request "
+ << "from browser";
+ return;
+ }
+
+ base::TerminationStatus status;
+ int exit_code;
+ if (g_suid_sandbox_active)
+ child = real_pids_to_sandbox_pids[child];
+ if (child) {
+ status = base::GetTerminationStatus(child, &exit_code);
+ } else {
+ // Assume that if we can't find the child in the sandbox, then
+ // it terminated normally.
+ status = base::TERMINATION_STATUS_NORMAL_TERMINATION;
+ exit_code = ResultCodes::NORMAL_EXIT;
+ }
+
+ Pickle write_pickle;
+ write_pickle.WriteInt(static_cast<int>(status));
+ write_pickle.WriteInt(exit_code);
+ ssize_t written =
+ HANDLE_EINTR(write(fd, write_pickle.data(), write_pickle.size()));
+ if (written != static_cast<ssize_t>(write_pickle.size()))
+ PLOG(ERROR) << "write";
+ }
+
+ // This is equivalent to fork(), except that, when using the SUID
+ // sandbox, it returns the real PID of the child process as it
+ // appears outside the sandbox, rather than returning the PID inside
+ // the sandbox.
+ int ForkWithRealPid() {
+ if (!g_suid_sandbox_active)
+ return fork();
+
+ int dummy_fd;
+ ino_t dummy_inode;
+ int pipe_fds[2] = { -1, -1 };
+ base::ProcessId pid = 0;
+
+ dummy_fd = socket(PF_UNIX, SOCK_DGRAM, 0);
+ if (dummy_fd < 0) {
+ LOG(ERROR) << "Failed to create dummy FD";
+ goto error;
+ }
+ if (!base::FileDescriptorGetInode(&dummy_inode, dummy_fd)) {
+ LOG(ERROR) << "Failed to get inode for dummy FD";
+ goto error;
+ }
+ if (pipe(pipe_fds) != 0) {
+ LOG(ERROR) << "Failed to create pipe";
+ goto error;
+ }
+
+ pid = fork();
+ if (pid < 0) {
+ goto error;
+ } else if (pid == 0) {
+ // In the child process.
+ close(pipe_fds[1]);
+ char buffer[1];
+ // Wait until the parent process has discovered our PID. We
+ // should not fork any child processes (which the seccomp
+ // sandbox does) until then, because that can interfere with the
+ // parent's discovery of our PID.
+ if (HANDLE_EINTR(read(pipe_fds[0], buffer, 1)) != 1 ||
+ buffer[0] != 'x') {
+ LOG(FATAL) << "Failed to synchronise with parent zygote process";
+ }
+ close(pipe_fds[0]);
+ close(dummy_fd);
+ return 0;
+ } else {
+ // In the parent process.
+ close(dummy_fd);
+ dummy_fd = -1;
+ close(pipe_fds[0]);
+ pipe_fds[0] = -1;
+ uint8_t reply_buf[512];
+ Pickle request;
+ request.WriteInt(LinuxSandbox::METHOD_GET_CHILD_WITH_INODE);
+ request.WriteUInt64(dummy_inode);
+
+ const ssize_t r = UnixDomainSocket::SendRecvMsg(
+ kMagicSandboxIPCDescriptor, reply_buf, sizeof(reply_buf), NULL,
+ request);
+ if (r == -1) {
+ LOG(ERROR) << "Failed to get child process's real PID";
+ goto error;
+ }
+
+ base::ProcessId real_pid;
+ Pickle reply(reinterpret_cast<char*>(reply_buf), r);
+ void* iter2 = NULL;
+ if (!reply.ReadInt(&iter2, &real_pid))
+ goto error;
+ if (real_pid <= 0) {
+ // METHOD_GET_CHILD_WITH_INODE failed. Did the child die already?
+ LOG(ERROR) << "METHOD_GET_CHILD_WITH_INODE failed";
+ goto error;
+ }
+ real_pids_to_sandbox_pids[real_pid] = pid;
+ if (HANDLE_EINTR(write(pipe_fds[1], "x", 1)) != 1) {
+ LOG(ERROR) << "Failed to synchronise with child process";
+ goto error;
+ }
+ close(pipe_fds[1]);
+ return real_pid;
+ }
+
+ error:
+ if (pid > 0) {
+ if (waitpid(pid, NULL, WNOHANG) == -1)
+ LOG(ERROR) << "Failed to wait for process";
+ }
+ if (dummy_fd >= 0)
+ close(dummy_fd);
+ if (pipe_fds[0] >= 0)
+ close(pipe_fds[0]);
+ if (pipe_fds[1] >= 0)
+ close(pipe_fds[1]);
+ return -1;
+ }
+
+ // Handle a 'fork' request from the browser: this means that the browser
+ // wishes to start a new renderer.
+ bool HandleForkRequest(int fd, const Pickle& pickle, void* iter,
+ std::vector<int>& fds) {
+ std::vector<std::string> args;
+ int argc, numfds;
+ base::GlobalDescriptors::Mapping mapping;
+ base::ProcessId child;
+
+ if (!pickle.ReadInt(&iter, &argc))
+ goto error;
+
+ for (int i = 0; i < argc; ++i) {
+ std::string arg;
+ if (!pickle.ReadString(&iter, &arg))
+ goto error;
+ args.push_back(arg);
+ }
+
+ if (!pickle.ReadInt(&iter, &numfds))
+ goto error;
+ if (numfds != static_cast<int>(fds.size()))
+ goto error;
+
+ for (int i = 0; i < numfds; ++i) {
+ base::GlobalDescriptors::Key key;
+ if (!pickle.ReadUInt32(&iter, &key))
+ goto error;
+ mapping.push_back(std::make_pair(key, fds[i]));
+ }
+
+ mapping.push_back(std::make_pair(
+ static_cast<uint32_t>(kSandboxIPCChannel), kMagicSandboxIPCDescriptor));
+
+ child = ForkWithRealPid();
+
+ if (!child) {
+#if defined(SECCOMP_SANDBOX)
+ // Try to open /proc/self/maps as the seccomp sandbox needs access to it
+ if (g_proc_fd >= 0) {
+ int proc_self_maps = openat(g_proc_fd, "self/maps", O_RDONLY);
+ if (proc_self_maps >= 0) {
+ SeccompSandboxSetProcSelfMaps(proc_self_maps);
+ }
+ close(g_proc_fd);
+ g_proc_fd = -1;
+ }
+#endif
+
+ close(kBrowserDescriptor); // our socket from the browser
+ if (g_suid_sandbox_active)
+ close(kZygoteIdDescriptor); // another socket from the browser
+ base::GlobalDescriptors::GetInstance()->Reset(mapping);
+
+#if defined(CHROMIUM_SELINUX)
+ SELinuxTransitionToTypeOrDie("chromium_renderer_t");
+#endif
+
+ // Reset the process-wide command line to our new command line.
+ CommandLine::Reset();
+ CommandLine::Init(0, NULL);
+ CommandLine::ForCurrentProcess()->InitFromArgv(args);
+
+ // Update the process title. The argv was already cached by the call to
+ // SetProcessTitleFromCommandLine in ChromeMain, so we can pass NULL here
+ // (we don't have the original argv at this point).
+ SetProcessTitleFromCommandLine(NULL);
+
+ // The fork() request is handled further up the call stack.
+ return true;
+ } else if (child < 0) {
+ LOG(ERROR) << "Zygote could not fork: " << errno;
+ goto error;
+ }
+
+ for (std::vector<int>::const_iterator
+ i = fds.begin(); i != fds.end(); ++i)
+ close(*i);
+
+ if (HANDLE_EINTR(write(fd, &child, sizeof(child))) < 0)
+ PLOG(ERROR) << "write";
+ return false;
+
+ error:
+ LOG(ERROR) << "Error parsing fork request from browser";
+ for (std::vector<int>::const_iterator
+ i = fds.begin(); i != fds.end(); ++i)
+ close(*i);
+ return false;
+ }
+
+ bool HandleGetSandboxStatus(int fd, const Pickle& pickle, void* iter) {
+ if (HANDLE_EINTR(write(fd, &sandbox_flags_, sizeof(sandbox_flags_)) !=
+ sizeof(sandbox_flags_))) {
+ PLOG(ERROR) << "write";
+ }
+
+ return false;
+ }
+
+ // In the SUID sandbox, we try to use a new PID namespace. Thus the PIDs
+ // fork() returns are not the real PIDs, so we need to map the Real PIDS
+ // into the sandbox PID namespace.
+ typedef base::hash_map<base::ProcessHandle, base::ProcessHandle> ProcessMap;
+ ProcessMap real_pids_to_sandbox_pids;
+
+ const int sandbox_flags_;
+};
+
+// With SELinux we can carve out a precise sandbox, so we don't have to play
+// with intercepting libc calls.
+#if !defined(CHROMIUM_SELINUX)
+
+static void ProxyLocaltimeCallToBrowser(time_t input, struct tm* output,
+ char* timezone_out,
+ size_t timezone_out_len) {
+ Pickle request;
+ request.WriteInt(LinuxSandbox::METHOD_LOCALTIME);
+ request.WriteString(
+ std::string(reinterpret_cast<char*>(&input), sizeof(input)));
+
+ uint8_t reply_buf[512];
+ const ssize_t r = UnixDomainSocket::SendRecvMsg(
+ kMagicSandboxIPCDescriptor, reply_buf, sizeof(reply_buf), NULL, request);
+ if (r == -1) {
+ memset(output, 0, sizeof(struct tm));
+ return;
+ }
+
+ Pickle reply(reinterpret_cast<char*>(reply_buf), r);
+ void* iter = NULL;
+ std::string result, timezone;
+ if (!reply.ReadString(&iter, &result) ||
+ !reply.ReadString(&iter, &timezone) ||
+ result.size() != sizeof(struct tm)) {
+ memset(output, 0, sizeof(struct tm));
+ return;
+ }
+
+ memcpy(output, result.data(), sizeof(struct tm));
+ if (timezone_out_len) {
+ const size_t copy_len = std::min(timezone_out_len - 1, timezone.size());
+ memcpy(timezone_out, timezone.data(), copy_len);
+ timezone_out[copy_len] = 0;
+ output->tm_zone = timezone_out;
+ } else {
+ output->tm_zone = NULL;
+ }
+}
+
+static bool g_am_zygote_or_renderer = false;
+
+// Sandbox interception of libc calls.
+//
+// Because we are running in a sandbox certain libc calls will fail (localtime
+// being the motivating example - it needs to read /etc/localtime). We need to
+// intercept these calls and proxy them to the browser. However, these calls
+// may come from us or from our libraries. In some cases we can't just change
+// our code.
+//
+// It's for these cases that we have the following setup:
+//
+// We define global functions for those functions which we wish to override.
+// Since we will be first in the dynamic resolution order, the dynamic linker
+// will point callers to our versions of these functions. However, we have the
+// same binary for both the browser and the renderers, which means that our
+// overrides will apply in the browser too.
+//
+// The global |g_am_zygote_or_renderer| is true iff we are in a zygote or
+// renderer process. It's set in ZygoteMain and inherited by the renderers when
+// they fork. (This means that it'll be incorrect for global constructor
+// functions and before ZygoteMain is called - beware).
+//
+// Our replacement functions can check this global and either proxy
+// the call to the browser over the sandbox IPC
+// (http://code.google.com/p/chromium/wiki/LinuxSandboxIPC) or they can use
+// dlsym with RTLD_NEXT to resolve the symbol, ignoring any symbols in the
+// current module.
+//
+// Other avenues:
+//
+// Our first attempt involved some assembly to patch the GOT of the current
+// module. This worked, but was platform specific and doesn't catch the case
+// where a library makes a call rather than current module.
+//
+// We also considered patching the function in place, but this would again by
+// platform specific and the above technique seems to work well enough.
+
+typedef struct tm* (*LocaltimeFunction)(const time_t* timep);
+typedef struct tm* (*LocaltimeRFunction)(const time_t* timep,
+ struct tm* result);
+
+static pthread_once_t g_libc_localtime_funcs_guard = PTHREAD_ONCE_INIT;
+static LocaltimeFunction g_libc_localtime;
+static LocaltimeRFunction g_libc_localtime_r;
+
+static void InitLibcLocaltimeFunctions() {
+ g_libc_localtime = reinterpret_cast<LocaltimeFunction>(
+ dlsym(RTLD_NEXT, "localtime"));
+ g_libc_localtime_r = reinterpret_cast<LocaltimeRFunction>(
+ dlsym(RTLD_NEXT, "localtime_r"));
+
+ if (!g_libc_localtime || !g_libc_localtime_r) {
+ // http://code.google.com/p/chromium/issues/detail?id=16800
+ //
+ // Nvidia's libGL.so overrides dlsym for an unknown reason and replaces
+ // it with a version which doesn't work. In this case we'll get a NULL
+ // result. There's not a lot we can do at this point, so we just bodge it!
+ LOG(ERROR) << "Your system is broken: dlsym doesn't work! This has been "
+ "reported to be caused by Nvidia's libGL. You should expect"
+ " time related functions to misbehave. "
+ "http://code.google.com/p/chromium/issues/detail?id=16800";
+ }
+
+ if (!g_libc_localtime)
+ g_libc_localtime = gmtime;
+ if (!g_libc_localtime_r)
+ g_libc_localtime_r = gmtime_r;
+}
+
+struct tm* localtime(const time_t* timep) {
+ if (g_am_zygote_or_renderer) {
+ static struct tm time_struct;
+ static char timezone_string[64];
+ ProxyLocaltimeCallToBrowser(*timep, &time_struct, timezone_string,
+ sizeof(timezone_string));
+ return &time_struct;
+ } else {
+ CHECK_EQ(0, pthread_once(&g_libc_localtime_funcs_guard,
+ InitLibcLocaltimeFunctions));
+ return g_libc_localtime(timep);
+ }
+}
+
+struct tm* localtime_r(const time_t* timep, struct tm* result) {
+ if (g_am_zygote_or_renderer) {
+ ProxyLocaltimeCallToBrowser(*timep, result, NULL, 0);
+ return result;
+ } else {
+ CHECK_EQ(0, pthread_once(&g_libc_localtime_funcs_guard,
+ InitLibcLocaltimeFunctions));
+ return g_libc_localtime_r(timep, result);
+ }
+}
+
+#endif // !CHROMIUM_SELINUX
+
+// This function triggers the static and lazy construction of objects that need
+// to be created before imposing the sandbox.
+static void PreSandboxInit() {
+ base::RandUint64();
+
+ base::SysInfo::MaxSharedMemorySize();
+
+ // ICU DateFormat class (used in base/time_format.cc) needs to get the
+ // Olson timezone ID by accessing the zoneinfo files on disk. After
+ // TimeZone::createDefault is called once here, the timezone ID is
+ // cached and there's no more need to access the file system.
+ scoped_ptr<icu::TimeZone> zone(icu::TimeZone::createDefault());
+
+ FilePath module_path;
+ if (PathService::Get(base::DIR_MODULE, &module_path))
+ media::InitializeMediaLibrary(module_path);
+
+ // Ensure access to the Pepper plugins before the sandbox is turned on.
+ PepperPluginRegistry::PreloadModules();
+}
+
+#if !defined(CHROMIUM_SELINUX)
+static bool EnterSandbox() {
+ // The SUID sandbox sets this environment variable to a file descriptor
+ // over which we can signal that we have completed our startup and can be
+ // chrooted.
+ const char* const sandbox_fd_string = getenv("SBX_D");
+
+ if (sandbox_fd_string) {
+ // Use the SUID sandbox. This still allows the seccomp sandbox to
+ // be enabled by the process later.
+ g_suid_sandbox_active = true;
+
+ char* endptr;
+ const long fd_long = strtol(sandbox_fd_string, &endptr, 10);
+ if (!*sandbox_fd_string || *endptr || fd_long < 0 || fd_long > INT_MAX)
+ return false;
+ const int fd = fd_long;
+
+ PreSandboxInit();
+
+ static const char kMsgChrootMe = 'C';
+ static const char kMsgChrootSuccessful = 'O';
+
+ if (HANDLE_EINTR(write(fd, &kMsgChrootMe, 1)) != 1) {
+ LOG(ERROR) << "Failed to write to chroot pipe: " << errno;
+ return false;
+ }
+
+ // We need to reap the chroot helper process in any event:
+ wait(NULL);
+
+ char reply;
+ if (HANDLE_EINTR(read(fd, &reply, 1)) != 1) {
+ LOG(ERROR) << "Failed to read from chroot pipe: " << errno;
+ return false;
+ }
+
+ if (reply != kMsgChrootSuccessful) {
+ LOG(ERROR) << "Error code reply from chroot helper";
+ return false;
+ }
+
+ SkiaFontConfigSetImplementation(
+ new FontConfigIPC(kMagicSandboxIPCDescriptor));
+
+ // Previously, we required that the binary be non-readable. This causes the
+ // kernel to mark the process as non-dumpable at startup. The thinking was
+ // that, although we were putting the renderers into a PID namespace (with
+ // the SUID sandbox), they would nonetheless be in the /same/ PID
+ // namespace. So they could ptrace each other unless they were non-dumpable.
+ //
+ // If the binary was readable, then there would be a window between process
+ // startup and the point where we set the non-dumpable flag in which a
+ // compromised renderer could ptrace attach.
+ //
+ // However, now that we have a zygote model, only the (trusted) zygote
+ // exists at this point and we can set the non-dumpable flag which is
+ // inherited by all our renderer children.
+ //
+ // Note: a non-dumpable process can't be debugged. To debug sandbox-related
+ // issues, one can specify --allow-sandbox-debugging to let the process be
+ // dumpable.
+ const CommandLine& command_line = *CommandLine::ForCurrentProcess();
+ if (!command_line.HasSwitch(switches::kAllowSandboxDebugging)) {
+ prctl(PR_SET_DUMPABLE, 0, 0, 0, 0);
+ if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) {
+ LOG(ERROR) << "Failed to set non-dumpable flag";
+ return false;
+ }
+ }
+ } else if (switches::SeccompSandboxEnabled()) {
+ PreSandboxInit();
+ SkiaFontConfigSetImplementation(
+ new FontConfigIPC(kMagicSandboxIPCDescriptor));
+ } else {
+ SkiaFontConfigUseDirectImplementation();
+ }
+
+ return true;
+}
+#else // CHROMIUM_SELINUX
+
+static bool EnterSandbox() {
+ PreSandboxInit();
+ SkiaFontConfigUseIPCImplementation(kMagicSandboxIPCDescriptor);
+ return true;
+}
+
+#endif // CHROMIUM_SELINUX
+
+bool ZygoteMain(const MainFunctionParams& params) {
+#if !defined(CHROMIUM_SELINUX)
+ g_am_zygote_or_renderer = true;
+#endif
+
+#if defined(SECCOMP_SANDBOX)
+ // The seccomp sandbox needs access to files in /proc, which might be denied
+ // after one of the other sandboxes have been started. So, obtain a suitable
+ // file handle in advance.
+ if (switches::SeccompSandboxEnabled()) {
+ g_proc_fd = open("/proc", O_DIRECTORY | O_RDONLY);
+ if (g_proc_fd < 0) {
+ LOG(ERROR) << "WARNING! Cannot access \"/proc\". Disabling seccomp "
+ "sandboxing.";
+ }
+ }
+#endif // SECCOMP_SANDBOX
+
+ // Turn on the SELinux or SUID sandbox
+ if (!EnterSandbox()) {
+ LOG(FATAL) << "Failed to enter sandbox. Fail safe abort. (errno: "
+ << errno << ")";
+ return false;
+ }
+
+ int sandbox_flags = 0;
+ if (getenv("SBX_D"))
+ sandbox_flags |= ZygoteHost::kSandboxSUID;
+ if (getenv("SBX_PID_NS"))
+ sandbox_flags |= ZygoteHost::kSandboxPIDNS;
+ if (getenv("SBX_NET_NS"))
+ sandbox_flags |= ZygoteHost::kSandboxNetNS;
+
+#if defined(SECCOMP_SANDBOX)
+ // The seccomp sandbox will be turned on when the renderers start. But we can
+ // already check if sufficient support is available so that we only need to
+ // print one error message for the entire browser session.
+ if (g_proc_fd >= 0 && switches::SeccompSandboxEnabled()) {
+ if (!SupportsSeccompSandbox(g_proc_fd)) {
+ // There are a good number of users who cannot use the seccomp sandbox
+ // (e.g. because their distribution does not enable seccomp mode by
+ // default). While we would prefer to deny execution in this case, it
+ // seems more realistic to continue in degraded mode.
+ LOG(ERROR) << "WARNING! This machine lacks support needed for the "
+ "Seccomp sandbox. Running renderers with Seccomp "
+ "sandboxing disabled.";
+ } else {
+ VLOG(1) << "Enabling experimental Seccomp sandbox.";
+ sandbox_flags |= ZygoteHost::kSandboxSeccomp;
+ }
+ }
+#endif // SECCOMP_SANDBOX
+
+ Zygote zygote(sandbox_flags);
+ // This function call can return multiple times, once per fork().
+ return zygote.ProcessRequests();
+}
diff --git a/content/content_browser.gypi b/content/content_browser.gypi
index 4a5a09a..f497bf5 100644
--- a/content/content_browser.gypi
+++ b/content/content_browser.gypi
@@ -46,6 +46,23 @@
'browser/cross_site_request_manager.h',
'browser/disposition_utils.cc',
'browser/disposition_utils.h',
+ 'browser/gpu_blacklist.cc',
+ 'browser/gpu_blacklist.h',
+ 'browser/gpu_process_host.cc',
+ 'browser/gpu_process_host.h',
+ 'browser/host_zoom_map.cc',
+ 'browser/host_zoom_map.h',
+ 'browser/mime_registry_message_filter.cc',
+ 'browser/mime_registry_message_filter.h',
+ 'browser/modal_html_dialog_delegate.cc',
+ 'browser/modal_html_dialog_delegate.h',
+ 'browser/ppapi_plugin_process_host.cc',
+ 'browser/ppapi_plugin_process_host.h',
+ 'browser/plugin_process_host.cc',
+ 'browser/plugin_process_host.h',
+ 'browser/plugin_process_host_mac.cc',
+ 'browser/plugin_service.cc',
+ 'browser/plugin_service.h',
'browser/renderer_host/accelerated_surface_container_mac.cc',
'browser/renderer_host/accelerated_surface_container_mac.h',
'browser/renderer_host/accelerated_surface_container_manager_mac.cc',
@@ -156,6 +173,9 @@
'browser/tab_contents/tab_contents_observer.h',
'browser/tab_contents/tab_contents_view.cc',
'browser/tab_contents/tab_contents_view.h',
+ 'browser/zygote_host_linux.cc',
+ 'browser/zygote_host_linux.h',
+ 'browser/zygote_main_linux.cc',
],
'conditions': [
['OS=="win"', {
@@ -177,6 +197,14 @@
'browser/certificate_manager_model.h',
],
}],
+ ['OS=="mac"', {
+ 'link_settings': {
+ 'mac_bundle_resources': [
+ 'browser/gpu.sb',
+ 'browser/worker.sb',
+ ],
+ },
+ }],
],
},
],
