-
Notifications
You must be signed in to change notification settings - Fork 6.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Don't let WebUI events cross the incognito barrier.
WebUI events use the same dispatch mechanism as extensions. Extensions have a mechanism to allow some extension events to cross the incognito barrier. These checks were inadvertently being skipped for WebUI and webpages. This CL adds the check for WebUI and webpages to enforce that no events cross the incognito boundary. This CL updates SettingsPrivateEventRouter to attach a browser context to the generated event. Bug: 1381219 Change-Id: Iffa6fc40de737b353ab2705919f4863c583d2c5c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4786992 Reviewed-by: Emily Stark <estark@chromium.org> Code-Coverage: findit-for-me@appspot.gserviceaccount.com <findit-for-me@appspot.gserviceaccount.com> Reviewed-by: Devlin Cronin <rdevlin.cronin@chromium.org> Commit-Queue: Erik Chen <erikchen@chromium.org> Cr-Commit-Position: refs/heads/main@{#1187516}
- Loading branch information
Showing
15 changed files
with
303 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
160 changes: 160 additions & 0 deletions
160
chrome/browser/extensions/api/settings_private/settings_private_event_router_unittest.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,160 @@ | ||
// Copyright 2023 The Chromium Authors | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#include "chrome/browser/extensions/api/settings_private/settings_private_event_router.h" | ||
|
||
#include "base/test/run_until.h" | ||
#include "chrome/browser/extensions/api/settings_private/settings_private_event_router_factory.h" | ||
#include "chrome/browser/profiles/profile.h" | ||
#include "chrome/common/pref_names.h" | ||
#include "chrome/test/base/testing_browser_process.h" | ||
#include "chrome/test/base/testing_profile.h" | ||
#include "chrome/test/base/testing_profile_manager.h" | ||
#include "content/public/test/browser_task_environment.h" | ||
#include "content/public/test/mock_render_process_host.h" | ||
#include "extensions/browser/event_router_factory.h" | ||
#include "extensions/browser/process_map.h" | ||
#include "extensions/browser/process_map_factory.h" | ||
#include "testing/gtest/include/gtest/gtest.h" | ||
|
||
namespace extensions { | ||
namespace { | ||
|
||
// A fake that pretends that all contexts are WebUI. | ||
class ProcessMapFake : public ProcessMap { | ||
public: | ||
Feature::Context GetMostLikelyContextType(const Extension* extension, | ||
int process_id, | ||
const GURL* url) const override { | ||
return Feature::WEBUI_CONTEXT; | ||
} | ||
}; | ||
|
||
std::unique_ptr<KeyedService> BuildEventRouter( | ||
content::BrowserContext* profile) { | ||
return std::make_unique<extensions::EventRouter>(profile, nullptr); | ||
} | ||
|
||
std::unique_ptr<KeyedService> BuildSettingsPrivateEventRouter( | ||
content::BrowserContext* profile) { | ||
return std::unique_ptr<KeyedService>( | ||
SettingsPrivateEventRouter::Create(profile)); | ||
} | ||
|
||
std::unique_ptr<KeyedService> BuildProcessMap( | ||
content::BrowserContext* profile) { | ||
return std::make_unique<ProcessMapFake>(); | ||
} | ||
|
||
// Tracks event dispatches to a specific process. | ||
class EventRouterObserver : public EventRouter::TestObserver { | ||
public: | ||
// Only counts events that match |process_id|. | ||
explicit EventRouterObserver(int process_id) : process_id_(process_id) {} | ||
|
||
void OnWillDispatchEvent(const Event& event) override { | ||
// Do nothing. | ||
} | ||
|
||
void OnDidDispatchEventToProcess(const Event& event, | ||
int process_id) override { | ||
if (process_id == process_id_) { | ||
++dispatch_count; | ||
} | ||
} | ||
|
||
int dispatch_count = 0; | ||
const int process_id_; | ||
}; | ||
|
||
class SettingsPrivateEventRouterTest : public testing::Test { | ||
public: | ||
SettingsPrivateEventRouterTest() | ||
: manager_(TestingBrowserProcess::GetGlobal()) {} | ||
void SetUp() override { ASSERT_TRUE(manager_.SetUp()); } | ||
|
||
protected: | ||
content::BrowserTaskEnvironment task_environment_; | ||
TestingProfileManager manager_; | ||
}; | ||
|
||
// Tests that events from incognito profiles do not get routed to regular | ||
// profiles. Regression test for https://crbug.com/1381219. | ||
TEST_F(SettingsPrivateEventRouterTest, IncognitoEventRouting) { | ||
// Create a testing profile. Override relevant factories. | ||
TestingProfile* profile = manager_.CreateTestingProfile("test"); | ||
EventRouterFactory::GetInstance()->SetTestingFactory( | ||
profile, base::BindRepeating(&BuildEventRouter)); | ||
SettingsPrivateEventRouterFactory::GetInstance()->SetTestingFactory( | ||
profile, base::BindRepeating(&BuildSettingsPrivateEventRouter)); | ||
ProcessMapFactory::GetInstance()->SetTestingFactory( | ||
profile, base::BindRepeating(&BuildProcessMap)); | ||
|
||
// Create an otr profile. Override relevant factories. | ||
Profile::OTRProfileID otr_id = Profile::OTRProfileID::PrimaryID(); | ||
Profile* otr_profile = | ||
profile->GetOffTheRecordProfile(otr_id, /*create_if_needed=*/true); | ||
EventRouterFactory::GetInstance()->SetTestingFactory( | ||
otr_profile, base::BindRepeating(&BuildEventRouter)); | ||
SettingsPrivateEventRouterFactory::GetInstance()->SetTestingFactory( | ||
otr_profile, base::BindRepeating(&BuildSettingsPrivateEventRouter)); | ||
ProcessMapFactory::GetInstance()->SetTestingFactory( | ||
otr_profile, base::BindRepeating(&BuildProcessMap)); | ||
|
||
// Create the event routers. | ||
EventRouter* regular_event_router = | ||
EventRouterFactory::GetInstance()->GetForBrowserContext(profile); | ||
EventRouter* otr_event_router = | ||
EventRouterFactory::GetInstance()->GetForBrowserContext(otr_profile); | ||
|
||
// Today, EventRouter instances are shared between on- and off-the-record | ||
// profile instances. We separate them into variables here, since the | ||
// SettingsPrivateEventRouter shouldn't necessarily know about that or | ||
// care. | ||
EXPECT_EQ(regular_event_router, otr_event_router); | ||
|
||
// Create the special routers for settingsPrivate. | ||
ASSERT_TRUE(SettingsPrivateEventRouterFactory::GetForProfile(profile)); | ||
ASSERT_TRUE(SettingsPrivateEventRouterFactory::GetForProfile(otr_profile)); | ||
|
||
// Create some mock rphs. | ||
content::MockRenderProcessHost regular_rph(profile); | ||
content::MockRenderProcessHost otr_rph(otr_profile); | ||
|
||
// Add event listeners, as if we had created two real WebUIs, one in a regular | ||
// profile and one in an otr profile. Note that the string chrome://settings | ||
// is hardcoded into the api permissions of settingsPrivate. | ||
GURL kDummyURL("chrome://settings"); | ||
regular_event_router->AddEventListenerForURL( | ||
api::settings_private::OnPrefsChanged::kEventName, ®ular_rph, | ||
kDummyURL); | ||
otr_event_router->AddEventListenerForURL( | ||
api::settings_private::OnPrefsChanged::kEventName, &otr_rph, kDummyURL); | ||
|
||
// Hook up some test observers | ||
EventRouterObserver regular_counter(regular_rph.GetID()); | ||
regular_event_router->AddObserverForTesting(®ular_counter); | ||
EventRouterObserver otr_counter(otr_rph.GetID()); | ||
otr_event_router->AddObserverForTesting(&otr_counter); | ||
|
||
EXPECT_EQ(0, regular_counter.dispatch_count); | ||
EXPECT_EQ(0, otr_counter.dispatch_count); | ||
|
||
// Setting an otr pref should not trigger the normal observer. | ||
otr_profile->GetPrefs()->SetBoolean(prefs::kPromptForDownload, true); | ||
ASSERT_TRUE( | ||
base::test::RunUntil([&]() { return otr_counter.dispatch_count == 1; })); | ||
EXPECT_EQ(0, regular_counter.dispatch_count); | ||
EXPECT_EQ(1, otr_counter.dispatch_count); | ||
|
||
// Setting a regular pref should not trigger the otr observer. | ||
profile->GetPrefs()->SetBoolean(prefs::kPromptForDownload, true); | ||
ASSERT_TRUE(base::test::RunUntil( | ||
[&]() { return regular_counter.dispatch_count == 1; })); | ||
EXPECT_EQ(1, regular_counter.dispatch_count); | ||
EXPECT_EQ(1, otr_counter.dispatch_count); | ||
} | ||
|
||
} // namespace | ||
} // namespace extensions |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.