mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1
electron/shell/browser/usb/electron_usb_delegate.cc
electron-roller[bot] dd03cceda0
chore: bump chromium to 137.0.7128.1 (main) (#46482) 
* chore: bump chromium in DEPS to 137.0.7107.0

* chore: bump chromium in DEPS to 137.0.7109.0

* chore: bump chromium in DEPS to 137.0.7111.0

* chore: bump chromium in DEPS to 137.0.7113.0

* 6384240: Remove double-declaration for accessibility on macOS | 6384240

* 6422872: Remove unused includes in isolation_info_mojom_traits.h | 6422872

* chore: update patches

* 6400733: Avoid ipc_message_macros.h usage in some foo_param_traits_macros.h files | 6400733

* chore: update patches

* 6423410: Enable unsafe buffer warnings for chromium, try #3. | 6423410

* chore: iwyu

* refactor: prefer value initialization over memset()

From the looks up upstream commits in base/, it looks like memset()
could trigger `-Wunsafe-buffer-usage` warnings soon?

Value initialization is more C++ish and less error-prone anyway,
due to memset()'s easily swappable parameters.

* refactor: NotifyIcon::InitIconData() returns a NOTIFYICONDATA

This follows F.20 in the C++ Core Guidelines and also removes the need
for memset()

* 6423410: Enable unsafe buffer warnings for chromium, try #3. | 6423410

remove all uses of:

- strcmp()

* fixup!  6423410: Enable unsafe buffer warnings for chromium, try #3. | 6423410

* 6433203: Add a PassKey to RegisterDeleteDelegateCallback(). | 6433203

* chore: bump chromium in DEPS to 137.0.7115.0

* 6387077: [PermissionOptions] Generalize PermissionRequestDescription | 6387077

* chore: update patches

* 6387077: [PermissionOptions] Generalize PermissionRequestDescription | 6387077

* fix: add pragma for MacSDK unsafe buffers | 6423410: Enable unsafe buffer warnings for chromium, try #3. | 6423410

* chore: bump chromium in DEPS to 137.0.7117.0

* chore: update patches

* chore: update filesnames.libcxx.gni

* 6431756: Replace SetOwnedByWidget() bool arg with a PassKey. | 6431756

* 6387077: [PermissionOptions] Generalize PermissionRequestDescription | 6387077

* 6428345: Remove ExtensionService usage from ChromeExtensionRegistrarDelegate | 6428345

* 6384315: Migrate extensions_enabled from ExtensionService to Registrar | 6384315

* 6428749: [extensions] Refactor ExtensionService for AddNewAndUpdateExtension. | 6428749

* chore: bump chromium in DEPS to 137.0.7119.0

* 6440290: corner-shape: support inset shadow | 6440290

* 6429230: FSA: Move blocked paths to the PermissionContext class | 6429230

* chore: update patches

* chore: bump chromium in DEPS to 137.0.7121.0

* chore: update patches

* fix: partially revert 6443473: Remove ItemDelete from the Mac version of AppleKeychain | 6443473

* fix: update filenames.libcxx.gni

* chore: bump chromium in DEPS to 137.0.7123.0

* chore: update patches

* chore: "grandfather in" electron views too

Lock further access to View::set_owned_by_client() | 6448510

* chore: update feat_corner_smoothing_css_rule_and_blink_painting.patch

corner-shape: support inset shadow | 6440290

* refactor: grandfather in AutofillPopupView as a subclass of WidgetDelegateView

Add a PassKey for std::make_unique<WidgetDelegateView>() | 6442265

* Provide dbus appmenu information on Wayland | 6405535

* [extensions] Move OnExtensionInstalled out of ExtensionService. | 6443325

* refactor: grandfather in NativeWindowViews for delete callbacks

6433203: Add a PassKey to RegisterDeleteDelegateCallback(). | 6433203

* chore: merge the four "grandfather" patches into one

* [A11yPerformance] Remove IsAccessibilityAllowed() | 6404386: [A11yPerformance] Remove IsAccessibilityAllowed() | 6404386

NB: the changes here are copied from the upstream changes in
chrome/browser/ui/webui/accessibility/accessibility_ui.cc

* 6420753: [PermissionOptions] Use PermissionDescriptorPtr in PermissionController | 6420753

* 6429573: [accessibility] Move mode change out of AccessibilityNotificationWaiter | 6429573

* chore: e patches all

* 6419936: [win] Change ScreenWin public static methods to virtual | 6419936

* 6423410: Enable unsafe buffer warnings for chromium, try #3. | 6423410

remove all uses of:

- fprintf()
- fputs()
- snprintf()
- vsnprintf()

* fix: size conversion FTBFS on Win

* 6423410: Enable unsafe buffer warnings for chromium, try #3. | 6423410

remove all uses of:

- wcscpy_s()

* 6423410: Enable unsafe buffer warnings for chromium, try #3. | 6423410

remove all uses of:

- wcsncpy_s()

* chore: update mas_avoid_private_macos_api_usage.patch.patch

6394283: Remove double-declaration for accessibility on iOS | 6394283

Lots of context shear in this commit but the only interesting part is:

-+  return nullptr;
++  return {};

Which is needed because the return type is sometimes not a pointer.

* chore: e patches all

* chore: disable -Wmacro-redefined warning in electron_main_win.cc

* chore: bump chromium in DEPS to 137.0.7123.5

* refactor: patch electron PermissionTypes into blink

6387077: [PermissionOptions] Generalize PermissionRequestDescription | 6387077

* chore: e patches all

* chore: remove the box_painter_base.cc part of feat_corner_smoothing_css_rule_and_blink_painting.patch

as per code review @ https://github.com/electron/electron/pull/46482#pullrequestreview-2777338370

* test: enable window-smaller-than-64x64 test on Linux

* chore: bump chromium in DEPS to 137.0.7124.1

* chore: bump chromium in DEPS to 137.0.7125.1

* chore: bump chromium in DEPS to 137.0.7127.3

* 6459201: [Extensions] Remove ExtensionSystem::FinishDelayedInstallationIfReady() | 6459201

* 6454796: [Extensions] Move (most) registrar delayed install logic to //extensions | 6454796

* chore: bump chromium in DEPS to 137.0.7128.1

* chore: e patches all

* chore: node ./script/gen-libc++-filenames.js

* [views] Gate DesktopWindowTreeHostWin::window_enlargement_ behind flag

Refs 6428649

* feat: allow opt-out animated_content_sampler.

Refs 6438681

* Trigger CI

---------

Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Keeley Hammond <khammond@slack-corp.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
Co-authored-by: Keeley Hammond <vertedinde@electronjs.org>
Co-authored-by: deepak1556 <hop2deep@gmail.com>
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
2025-04-22 15:53:29 -04:00

341 lines
12 KiB
C++
Raw Blame History

// Copyright (c) 2022 Microsoft, Inc.
// Use of this source code is governed by the MIT license that can be
// found in the LICENSE file.
#include "shell/browser/usb/electron_usb_delegate.h"
#include <string_view>
#include <utility>
#include "base/observer_list.h"
#include "base/scoped_observation.h"
#include "content/public/browser/render_frame_host.h"
#include "content/public/browser/web_contents.h"
#include "electron/buildflags/buildflags.h"
#include "services/device/public/mojom/usb_enumeration_options.mojom.h"
#include "shell/browser/electron_browser_context.h"
#include "shell/browser/electron_permission_manager.h"
#include "shell/browser/usb/usb_chooser_context.h"
#include "shell/browser/usb/usb_chooser_context_factory.h"
#include "shell/browser/usb/usb_chooser_controller.h"
#include "shell/browser/web_contents_permission_helper.h"
#if BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
#include "base/containers/fixed_flat_set.h"
#include "chrome/common/chrome_features.h"
#include "extensions/browser/extension_registry.h"
#include "extensions/browser/guest_view/web_view/web_view_guest.h"
#include "extensions/common/constants.h"
#include "extensions/common/extension.h"
#include "services/device/public/mojom/usb_device.mojom.h"
#endif
namespace {
electron::UsbChooserContext* GetChooserContext(
content::BrowserContext* browser_context) {
return electron::UsbChooserContextFactory::GetForBrowserContext(
browser_context);
}
#if BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
// These extensions can claim the smart card USB class and automatically gain
// permissions for devices that have an interface with this class.
constexpr auto kSmartCardPrivilegedExtensionIds =
base::MakeFixedFlatSet<std::string_view>({
// Smart Card Connector Extension and its Beta version, see
// crbug.com/1233881.
"khpfeaanjngmcnplbdlpegiifgpfgdco",
"mockcojkppdndnhgonljagclgpkjbkek",
});
bool DeviceHasInterfaceWithClass(
const device::mojom::UsbDeviceInfo& device_info,
uint8_t interface_class) {
for (const auto& configuration : device_info.configurations) {
for (const auto& interface : configuration->interfaces) {
for (const auto& alternate : interface->alternates) {
if (alternate->class_code == interface_class)
return true;
}
}
}
return false;
}
#endif // BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
bool IsDevicePermissionAutoGranted(
const url::Origin& origin,
const device::mojom::UsbDeviceInfo& device_info) {
#if BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
// Note: The `DeviceHasInterfaceWithClass()` call is made after checking the
// origin, since that method call is expensive.
if (origin.scheme() == extensions::kExtensionScheme &&
kSmartCardPrivilegedExtensionIds.contains(origin.host()) &&
DeviceHasInterfaceWithClass(device_info,
device::mojom::kUsbSmartCardClass)) {
return true;
}
#endif // BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
return false;
}
} // namespace
namespace electron {
// Manages the UsbDelegate observers for a single browser context.
class ElectronUsbDelegate::ContextObservation
: private UsbChooserContext::DeviceObserver {
public:
ContextObservation(ElectronUsbDelegate* parent,
content::BrowserContext* browser_context)
: parent_(parent), browser_context_(browser_context) {
auto* chooser_context = GetChooserContext(browser_context_);
if (chooser_context)
device_observation_.Observe(chooser_context);
}
ContextObservation(ContextObservation&) = delete;
ContextObservation& operator=(ContextObservation&) = delete;
~ContextObservation() override = default;
// UsbChooserContext::DeviceObserver:
void OnDeviceAdded(const device::mojom::UsbDeviceInfo& device_info) override {
for (auto& observer : observer_list_)
observer.OnDeviceAdded(device_info);
}
void OnDeviceRemoved(
const device::mojom::UsbDeviceInfo& device_info) override {
for (auto& observer : observer_list_)
observer.OnDeviceRemoved(device_info);
}
void OnDeviceManagerConnectionError() override {
for (auto& observer : observer_list_)
observer.OnDeviceManagerConnectionError();
}
void OnBrowserContextShutdown() override {
parent_->observations_.erase(browser_context_);
// Return since `this` is now deleted.
}
void AddObserver(content::UsbDelegate::Observer* observer) {
observer_list_.AddObserver(observer);
}
void RemoveObserver(content::UsbDelegate::Observer* observer) {
observer_list_.RemoveObserver(observer);
}
private:
// Safe because `parent_` owns `this`.
const raw_ptr<ElectronUsbDelegate> parent_;
// Safe because `this` is destroyed when the context is lost.
const raw_ptr<content::BrowserContext> browser_context_;
base::ScopedObservation<UsbChooserContext, UsbChooserContext::DeviceObserver>
device_observation_{this};
base::ObserverList<content::UsbDelegate::Observer> observer_list_;
};
ElectronUsbDelegate::ElectronUsbDelegate() = default;
ElectronUsbDelegate::~ElectronUsbDelegate() = default;
void ElectronUsbDelegate::AdjustProtectedInterfaceClasses(
content::BrowserContext* browser_context,
const url::Origin& origin,
content::RenderFrameHost* frame,
std::vector<uint8_t>& classes) {
auto* permission_manager = static_cast<ElectronPermissionManager*>(
browser_context->GetPermissionControllerDelegate());
classes = permission_manager->CheckProtectedUSBClasses(classes);
}
std::unique_ptr<content::UsbChooser> ElectronUsbDelegate::RunChooser(
content::RenderFrameHost& frame,
blink::mojom::WebUsbRequestDeviceOptionsPtr options,
blink::mojom::WebUsbService::GetPermissionCallback callback) {
UsbChooserController* controller = ControllerForFrame(&frame);
if (controller) {
DeleteControllerForFrame(&frame);
}
AddControllerForFrame(&frame, std::move(options), std::move(callback));
// Return a nullptr because the return value isn't used for anything. The
// return value is simply used in Chromium to cleanup the chooser UI once the
// usb service is destroyed.
return nullptr;
}
bool ElectronUsbDelegate::CanRequestDevicePermission(
content::BrowserContext* browser_context,
const url::Origin& origin) {
if (!browser_context)
return false;
base::Value::Dict details;
details.Set("securityOrigin", origin.GetURL().spec());
auto* permission_manager = static_cast<ElectronPermissionManager*>(
browser_context->GetPermissionControllerDelegate());
return permission_manager->CheckPermissionWithDetails(
blink::PermissionType::USB, nullptr, origin.GetURL(), std::move(details));
}
void ElectronUsbDelegate::RevokeDevicePermissionWebInitiated(
content::BrowserContext* browser_context,
const url::Origin& origin,
const device::mojom::UsbDeviceInfo& device) {
auto* chooser_context = GetChooserContext(browser_context);
if (chooser_context) {
chooser_context->RevokeDevicePermissionWebInitiated(origin, device);
}
}
const device::mojom::UsbDeviceInfo* ElectronUsbDelegate::GetDeviceInfo(
content::BrowserContext* browser_context,
const std::string& guid) {
auto* chooser_context = GetChooserContext(browser_context);
if (!chooser_context)
return nullptr;
return chooser_context->GetDeviceInfo(guid);
}
bool ElectronUsbDelegate::HasDevicePermission(
content::BrowserContext* browser_context,
content::RenderFrameHost* frame,
const url::Origin& origin,
const device::mojom::UsbDeviceInfo& device_info) {
if (IsDevicePermissionAutoGranted(origin, device_info))
return true;
auto* chooser_context = GetChooserContext(browser_context);
if (!chooser_context)
return false;
return GetChooserContext(browser_context)
->HasDevicePermission(origin, device_info);
}
void ElectronUsbDelegate::GetDevices(
content::BrowserContext* browser_context,
blink::mojom::WebUsbService::GetDevicesCallback callback) {
auto* chooser_context = GetChooserContext(browser_context);
if (!chooser_context) {
std::move(callback).Run(std::vector<device::mojom::UsbDeviceInfoPtr>());
return;
}
chooser_context->GetDevices(std::move(callback));
}
void ElectronUsbDelegate::GetDevice(
content::BrowserContext* browser_context,
const std::string& guid,
base::span<const uint8_t> blocked_interface_classes,
mojo::PendingReceiver<device::mojom::UsbDevice> device_receiver,
mojo::PendingRemote<device::mojom::UsbDeviceClient> device_client) {
auto* chooser_context = GetChooserContext(browser_context);
if (chooser_context) {
chooser_context->GetDevice(guid, blocked_interface_classes,
std::move(device_receiver),
std::move(device_client));
}
}
void ElectronUsbDelegate::AddObserver(content::BrowserContext* browser_context,
Observer* observer) {
if (!browser_context)
return;
GetContextObserver(browser_context)->AddObserver(observer);
}
void ElectronUsbDelegate::RemoveObserver(
content::BrowserContext* browser_context,
Observer* observer) {
if (!browser_context)
return;
GetContextObserver(browser_context)->RemoveObserver(observer);
}
ElectronUsbDelegate::ContextObservation*
ElectronUsbDelegate::GetContextObserver(
content::BrowserContext* browser_context) {
CHECK(browser_context);
if (!observations_.contains(browser_context)) {
observations_.emplace(browser_context, std::make_unique<ContextObservation>(
this, browser_context));
}
return observations_[browser_context].get();
}
bool ElectronUsbDelegate::IsServiceWorkerAllowedForOrigin(
const url::Origin& origin) {
#if BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
// WebUSB is only available on extension service workers for now.
if (origin.scheme() == extensions::kExtensionScheme) {
return true;
}
#endif // BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
return false;
}
UsbChooserController* ElectronUsbDelegate::ControllerForFrame(
content::RenderFrameHost* render_frame_host) {
auto mapping = controller_map_.find(render_frame_host);
return mapping == controller_map_.end() ? nullptr : mapping->second.get();
}
UsbChooserController* ElectronUsbDelegate::AddControllerForFrame(
content::RenderFrameHost* render_frame_host,
blink::mojom::WebUsbRequestDeviceOptionsPtr options,
blink::mojom::WebUsbService::GetPermissionCallback callback) {
auto* web_contents =
content::WebContents::FromRenderFrameHost(render_frame_host);
auto controller = std::make_unique<UsbChooserController>(
render_frame_host, std::move(options), std::move(callback), web_contents,
weak_factory_.GetWeakPtr());
controller_map_.insert(
std::make_pair(render_frame_host, std::move(controller)));
return ControllerForFrame(render_frame_host);
}
void ElectronUsbDelegate::DeleteControllerForFrame(
content::RenderFrameHost* render_frame_host) {
controller_map_.erase(render_frame_host);
}
bool ElectronUsbDelegate::PageMayUseUsb(content::Page& page) {
content::RenderFrameHost& main_rfh = page.GetMainDocument();
#if BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
// WebViewGuests have no mechanism to show permission prompts and their
// embedder can't grant USB access through its permissionrequest API. Also
// since webviews use a separate StoragePartition, they must not gain access
// through permissions granted in non-webview contexts.
if (extensions::WebViewGuest::FromRenderFrameHost(&main_rfh)) {
return false;
}
#endif // BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
// USB permissions are scoped to a BrowserContext instead of a
// StoragePartition, so we need to be careful about usage across
// StoragePartitions. Until this is scoped correctly, we'll try to avoid
// inappropriate sharing by restricting access to the API. We can't be as
// strict as we'd like, as cases like extensions and Isolated Web Apps still
// need USB access in non-default partitions, so we'll just guard against
// HTTP(S) as that presents a clear risk for inappropriate sharing.
// TODO(crbug.com/1469672): USB permissions should be explicitly scoped to
// StoragePartitions.
if (main_rfh.GetStoragePartition() !=
main_rfh.GetBrowserContext()->GetDefaultStoragePartition()) {
return !main_rfh.GetLastCommittedURL().SchemeIsHTTPOrHTTPS();
}
return true;
}
} // namespace electron
Reference in a new issue View git blame Copy permalink