fix: ensure ElectronBrowser mojo service is only bound to appropriate render frames (#33323)

* fix: ensure ElectronBrowser mojo service is only bound to authorized render frames Notes: no-notes * refactor: extract electron API IPC to its own mojo interface * fix: just check main frame not primary main frame
2022-03-18 19:50:05 -07:00 · 2022-03-18 19:50:05 -07:00 · e07c2b84d7
commit e07c2b84d7
parent f2b06324b8
17 changed files with 381 additions and 229 deletions
--- a/shell/browser/electron_api_ipc_handler_impl.h
+++ b/shell/browser/electron_api_ipc_handler_impl.h
@ -0,0 +1,79 @@
+// Copyright (c) 2022 Slack Technologies, Inc.
+// Use of this source code is governed by the MIT license that can be
+// found in the LICENSE file.
+
+#ifndef ELECTRON_SHELL_BROWSER_ELECTRON_API_IPC_HANDLER_IMPL_H_
+#define ELECTRON_SHELL_BROWSER_ELECTRON_API_IPC_HANDLER_IMPL_H_
+
+#include <string>
+#include <vector>
+
+#include "base/memory/weak_ptr.h"
+#include "content/public/browser/web_contents_observer.h"
+#include "electron/shell/common/api/api.mojom.h"
+#include "shell/browser/api/electron_api_web_contents.h"
+
+namespace content {
+class RenderFrameHost;
+}
+
+namespace electron {
+class ElectronApiIPCHandlerImpl : public mojom::ElectronApiIPC,
+                                  public content::WebContentsObserver {
+ public:
+  explicit ElectronApiIPCHandlerImpl(
+      content::RenderFrameHost* render_frame_host,
+      mojo::PendingAssociatedReceiver<mojom::ElectronApiIPC> receiver);
+
+  static void Create(
+      content::RenderFrameHost* frame_host,
+      mojo::PendingAssociatedReceiver<mojom::ElectronApiIPC> receiver);
+
+  // disable copy
+  ElectronApiIPCHandlerImpl(const ElectronApiIPCHandlerImpl&) = delete;
+  ElectronApiIPCHandlerImpl& operator=(const ElectronApiIPCHandlerImpl&) =
+      delete;
+
+  // mojom::ElectronApiIPC:
+  void Message(bool internal,
+               const std::string& channel,
+               blink::CloneableMessage arguments) override;
+  void Invoke(bool internal,
+              const std::string& channel,
+              blink::CloneableMessage arguments,
+              InvokeCallback callback) override;
+  void ReceivePostMessage(const std::string& channel,
+                          blink::TransferableMessage message) override;
+  void MessageSync(bool internal,
+                   const std::string& channel,
+                   blink::CloneableMessage arguments,
+                   MessageSyncCallback callback) override;
+  void MessageTo(int32_t web_contents_id,
+                 const std::string& channel,
+                 blink::CloneableMessage arguments) override;
+  void MessageHost(const std::string& channel,
+                   blink::CloneableMessage arguments) override;
+
+  base::WeakPtr<ElectronApiIPCHandlerImpl> GetWeakPtr() {
+    return weak_factory_.GetWeakPtr();
+  }
+
+ private:
+  ~ElectronApiIPCHandlerImpl() override;
+
+  // content::WebContentsObserver:
+  void WebContentsDestroyed() override;
+
+  void OnConnectionError();
+
+  content::RenderFrameHost* GetRenderFrameHost();
+
+  const int render_process_id_;
+  const int render_frame_id_;
+
+  mojo::AssociatedReceiver<mojom::ElectronApiIPC> receiver_{this};
+
+  base::WeakPtrFactory<ElectronApiIPCHandlerImpl> weak_factory_{this};
+};
+}  // namespace electron
+#endif  // ELECTRON_SHELL_BROWSER_ELECTRON_API_IPC_HANDLER_IMPL_H_