1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/plugins/plugin_info_message_filter.h"
8 #include "base/memory/scoped_ptr.h"
9 #include "base/metrics/histogram.h"
10 #include "base/prefs/pref_service.h"
11 #include "base/strings/utf_string_conversions.h"
12 #include "chrome/browser/content_settings/content_settings_utils.h"
13 #include "chrome/browser/content_settings/host_content_settings_map.h"
14 #include "chrome/browser/extensions/extension_renderer_state.h"
15 #include "chrome/browser/plugins/chrome_plugin_service_filter.h"
16 #include "chrome/browser/plugins/plugin_finder.h"
17 #include "chrome/browser/plugins/plugin_metadata.h"
18 #include "chrome/browser/plugins/plugin_prefs.h"
19 #include "chrome/browser/profiles/profile.h"
20 #include "chrome/common/chrome_content_client.h"
21 #include "chrome/common/content_settings.h"
22 #include "chrome/common/pref_names.h"
23 #include "chrome/common/render_messages.h"
24 #include "content/public/browser/browser_thread.h"
25 #include "content/public/browser/plugin_service.h"
26 #include "content/public/browser/plugin_service_filter.h"
29 #include "widevine_cdm_version.h" // In SHARED_INTERMEDIATE_DIR.
32 #include "base/win/metro.h"
35 using content::PluginService;
36 using content::WebPluginInfo;
40 // For certain sandboxed Pepper plugins, use the JavaScript Content Settings.
41 bool ShouldUseJavaScriptSettingForPlugin(const WebPluginInfo& plugin) {
42 if (plugin.type != WebPluginInfo::PLUGIN_TYPE_PEPPER_IN_PROCESS &&
43 plugin.type != WebPluginInfo::PLUGIN_TYPE_PEPPER_OUT_OF_PROCESS) {
47 // Treat Native Client invocations like JavaScript.
48 if (plugin.name == base::ASCIIToUTF16(ChromeContentClient::kNaClPluginName))
51 #if defined(WIDEVINE_CDM_AVAILABLE) && defined(ENABLE_PEPPER_CDMS)
52 // Treat CDM invocations like JavaScript.
53 if (plugin.name == base::ASCIIToUTF16(kWidevineCdmDisplayName)) {
54 DCHECK(plugin.type == WebPluginInfo::PLUGIN_TYPE_PEPPER_OUT_OF_PROCESS);
57 #endif // defined(WIDEVINE_CDM_AVAILABLE) && defined(ENABLE_PEPPER_CDMS)
62 #if defined(ENABLE_PEPPER_CDMS)
64 enum PluginAvailabilityStatusForUMA {
65 PLUGIN_NOT_REGISTERED,
68 PLUGIN_AVAILABILITY_STATUS_MAX
71 static void SendPluginAvailabilityUMA(const std::string& mime_type,
72 PluginAvailabilityStatusForUMA status) {
73 #if defined(WIDEVINE_CDM_AVAILABLE)
74 // Only report results for Widevine CDM.
75 if (mime_type != kWidevineCdmPluginMimeType)
78 UMA_HISTOGRAM_ENUMERATION("Plugin.AvailabilityStatus.WidevineCdm",
79 status, PLUGIN_AVAILABILITY_STATUS_MAX);
80 #endif // defined(WIDEVINE_CDM_AVAILABLE)
83 #endif // defined(ENABLE_PEPPER_CDMS)
87 PluginInfoMessageFilter::Context::Context(int render_process_id,
89 : render_process_id_(render_process_id),
90 resource_context_(profile->GetResourceContext()),
91 host_content_settings_map_(profile->GetHostContentSettingsMap()),
92 plugin_prefs_(PluginPrefs::GetForProfile(profile)) {
93 allow_outdated_plugins_.Init(prefs::kPluginsAllowOutdated,
95 allow_outdated_plugins_.MoveToThread(
96 content::BrowserThread::GetMessageLoopProxyForThread(
97 content::BrowserThread::IO));
98 always_authorize_plugins_.Init(prefs::kPluginsAlwaysAuthorize,
100 always_authorize_plugins_.MoveToThread(
101 content::BrowserThread::GetMessageLoopProxyForThread(
102 content::BrowserThread::IO));
105 PluginInfoMessageFilter::Context::~Context() {
108 PluginInfoMessageFilter::PluginInfoMessageFilter(
109 int render_process_id,
111 : BrowserMessageFilter(ChromeMsgStart),
112 context_(render_process_id, profile),
113 weak_ptr_factory_(this) {
116 bool PluginInfoMessageFilter::OnMessageReceived(const IPC::Message& message) {
117 IPC_BEGIN_MESSAGE_MAP(PluginInfoMessageFilter, message)
118 IPC_MESSAGE_HANDLER_DELAY_REPLY(ChromeViewHostMsg_GetPluginInfo,
120 #if defined(ENABLE_PEPPER_CDMS)
122 ChromeViewHostMsg_IsInternalPluginAvailableForMimeType,
123 OnIsInternalPluginAvailableForMimeType)
125 IPC_MESSAGE_UNHANDLED(return false)
126 IPC_END_MESSAGE_MAP()
130 void PluginInfoMessageFilter::OnDestruct() const {
131 const_cast<PluginInfoMessageFilter*>(this)->
132 weak_ptr_factory_.InvalidateWeakPtrs();
134 // Destroy on the UI thread because we contain a |PrefMember|.
135 content::BrowserThread::DeleteOnUIThread::Destruct(this);
138 PluginInfoMessageFilter::~PluginInfoMessageFilter() {}
140 struct PluginInfoMessageFilter::GetPluginInfo_Params {
144 std::string mime_type;
147 void PluginInfoMessageFilter::OnGetPluginInfo(
150 const GURL& top_origin_url,
151 const std::string& mime_type,
152 IPC::Message* reply_msg) {
153 GetPluginInfo_Params params = {
159 PluginService::GetInstance()->GetPlugins(
160 base::Bind(&PluginInfoMessageFilter::PluginsLoaded,
161 weak_ptr_factory_.GetWeakPtr(),
165 void PluginInfoMessageFilter::PluginsLoaded(
166 const GetPluginInfo_Params& params,
167 IPC::Message* reply_msg,
168 const std::vector<WebPluginInfo>& plugins) {
169 ChromeViewHostMsg_GetPluginInfo_Output output;
170 // This also fills in |actual_mime_type|.
171 scoped_ptr<PluginMetadata> plugin_metadata;
172 if (context_.FindEnabledPlugin(params.render_frame_id, params.url,
173 params.top_origin_url, params.mime_type,
174 &output.status, &output.plugin,
175 &output.actual_mime_type,
177 context_.DecidePluginStatus(params, output.plugin, plugin_metadata.get(),
181 if (plugin_metadata) {
182 output.group_identifier = plugin_metadata->identifier();
183 output.group_name = plugin_metadata->name();
186 context_.MaybeGrantAccess(output.status, output.plugin.path);
188 ChromeViewHostMsg_GetPluginInfo::WriteReplyParams(reply_msg, output);
192 #if defined(ENABLE_PEPPER_CDMS)
193 void PluginInfoMessageFilter::OnIsInternalPluginAvailableForMimeType(
194 const std::string& mime_type,
196 std::vector<base::string16>* additional_param_names,
197 std::vector<base::string16>* additional_param_values) {
198 std::vector<WebPluginInfo> plugins;
199 PluginService::GetInstance()->GetInternalPlugins(&plugins);
201 bool is_plugin_disabled = false;
202 for (size_t i = 0; i < plugins.size(); ++i) {
203 const WebPluginInfo& plugin = plugins[i];
204 const std::vector<content::WebPluginMimeType>& mime_types =
206 for (size_t j = 0; j < mime_types.size(); ++j) {
207 if (mime_types[j].mime_type == mime_type) {
208 if (!context_.IsPluginEnabled(plugin)) {
209 is_plugin_disabled = true;
213 *is_available = true;
214 *additional_param_names = mime_types[j].additional_param_names;
215 *additional_param_values = mime_types[j].additional_param_values;
216 SendPluginAvailabilityUMA(mime_type, PLUGIN_AVAILABLE);
222 *is_available = false;
223 SendPluginAvailabilityUMA(
224 mime_type, is_plugin_disabled ? PLUGIN_DISABLED : PLUGIN_NOT_REGISTERED);
227 #endif // defined(ENABLE_PEPPER_CDMS)
229 void PluginInfoMessageFilter::Context::DecidePluginStatus(
230 const GetPluginInfo_Params& params,
231 const WebPluginInfo& plugin,
232 const PluginMetadata* plugin_metadata,
233 ChromeViewHostMsg_GetPluginInfo_Status* status) const {
235 if (plugin.type == WebPluginInfo::PLUGIN_TYPE_NPAPI &&
236 base::win::IsMetroProcess()) {
238 ChromeViewHostMsg_GetPluginInfo_Status::kNPAPINotSupported;
242 if (plugin.type == WebPluginInfo::PLUGIN_TYPE_NPAPI) {
243 CHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
244 // NPAPI plugins are not supported inside <webview> guests.
245 if (ExtensionRendererState::GetInstance()->IsWebViewRenderer(
246 render_process_id_)) {
248 ChromeViewHostMsg_GetPluginInfo_Status::kNPAPINotSupported;
253 ContentSetting plugin_setting = CONTENT_SETTING_DEFAULT;
254 bool uses_default_content_setting = true;
255 bool is_managed = false;
256 // Check plug-in content settings. The primary URL is the top origin URL and
257 // the secondary URL is the plug-in URL.
258 GetPluginContentSetting(plugin, params.top_origin_url, params.url,
259 plugin_metadata->identifier(), &plugin_setting,
260 &uses_default_content_setting, &is_managed);
261 DCHECK(plugin_setting != CONTENT_SETTING_DEFAULT);
263 PluginMetadata::SecurityStatus plugin_status =
264 plugin_metadata->GetSecurityStatus(plugin);
265 #if defined(ENABLE_PLUGIN_INSTALLATION)
266 // Check if the plug-in is outdated.
267 if (plugin_status == PluginMetadata::SECURITY_STATUS_OUT_OF_DATE &&
268 !allow_outdated_plugins_.GetValue()) {
269 if (allow_outdated_plugins_.IsManaged()) {
271 ChromeViewHostMsg_GetPluginInfo_Status::kOutdatedDisallowed;
273 status->value = ChromeViewHostMsg_GetPluginInfo_Status::kOutdatedBlocked;
278 // Check if the plug-in or its group is enabled by policy.
279 PluginPrefs::PolicyStatus plugin_policy =
280 plugin_prefs_->PolicyStatusForPlugin(plugin.name);
281 PluginPrefs::PolicyStatus group_policy =
282 plugin_prefs_->PolicyStatusForPlugin(plugin_metadata->name());
284 // Check if the plug-in requires authorization.
286 PluginMetadata::SECURITY_STATUS_REQUIRES_AUTHORIZATION &&
287 plugin.type != WebPluginInfo::PLUGIN_TYPE_PEPPER_IN_PROCESS &&
288 plugin.type != WebPluginInfo::PLUGIN_TYPE_PEPPER_OUT_OF_PROCESS &&
289 !always_authorize_plugins_.GetValue() &&
290 plugin_setting != CONTENT_SETTING_BLOCK &&
291 uses_default_content_setting &&
292 plugin_policy != PluginPrefs::POLICY_ENABLED &&
293 group_policy != PluginPrefs::POLICY_ENABLED &&
294 !ChromePluginServiceFilter::GetInstance()->IsPluginRestricted(
296 status->value = ChromeViewHostMsg_GetPluginInfo_Status::kUnauthorized;
300 // Check if the plug-in is crashing too much.
301 if (PluginService::GetInstance()->IsPluginUnstable(plugin.path) &&
302 !always_authorize_plugins_.GetValue() &&
303 plugin_setting != CONTENT_SETTING_BLOCK &&
304 uses_default_content_setting) {
305 status->value = ChromeViewHostMsg_GetPluginInfo_Status::kUnauthorized;
309 if (plugin_setting == CONTENT_SETTING_ASK) {
310 status->value = ChromeViewHostMsg_GetPluginInfo_Status::kClickToPlay;
311 } else if (plugin_setting == CONTENT_SETTING_BLOCK) {
313 is_managed ? ChromeViewHostMsg_GetPluginInfo_Status::kBlockedByPolicy
314 : ChromeViewHostMsg_GetPluginInfo_Status::kBlocked;
317 if (status->value == ChromeViewHostMsg_GetPluginInfo_Status::kAllowed) {
318 // Allow an embedder of <webview> to block a plugin from being loaded inside
319 // the guest. In order to do this, set the status to 'Unauthorized' here,
320 // and update the status as appropriate depending on the response from the
322 if (ExtensionRendererState::GetInstance()->IsWebViewRenderer(
323 render_process_id_)) {
324 status->value = ChromeViewHostMsg_GetPluginInfo_Status::kUnauthorized;
329 bool PluginInfoMessageFilter::Context::FindEnabledPlugin(
332 const GURL& top_origin_url,
333 const std::string& mime_type,
334 ChromeViewHostMsg_GetPluginInfo_Status* status,
335 WebPluginInfo* plugin,
336 std::string* actual_mime_type,
337 scoped_ptr<PluginMetadata>* plugin_metadata) const {
338 bool allow_wildcard = true;
339 std::vector<WebPluginInfo> matching_plugins;
340 std::vector<std::string> mime_types;
341 PluginService::GetInstance()->GetPluginInfoArray(
342 url, mime_type, allow_wildcard, &matching_plugins, &mime_types);
343 if (matching_plugins.empty()) {
344 status->value = ChromeViewHostMsg_GetPluginInfo_Status::kNotFound;
348 content::PluginServiceFilter* filter =
349 PluginService::GetInstance()->GetFilter();
351 for (; i < matching_plugins.size(); ++i) {
352 if (!filter || filter->IsPluginAvailable(render_process_id_,
357 &matching_plugins[i])) {
362 // If we broke out of the loop, we have found an enabled plug-in.
363 bool enabled = i < matching_plugins.size();
365 // Otherwise, we only found disabled plug-ins, so we take the first one.
367 status->value = ChromeViewHostMsg_GetPluginInfo_Status::kDisabled;
370 *plugin = matching_plugins[i];
371 *actual_mime_type = mime_types[i];
373 *plugin_metadata = PluginFinder::GetInstance()->GetPluginMetadata(*plugin);
378 void PluginInfoMessageFilter::Context::GetPluginContentSetting(
379 const WebPluginInfo& plugin,
380 const GURL& policy_url,
381 const GURL& plugin_url,
382 const std::string& resource,
383 ContentSetting* setting,
384 bool* uses_default_content_setting,
385 bool* is_managed) const {
386 scoped_ptr<base::Value> value;
387 content_settings::SettingInfo info;
388 bool uses_plugin_specific_setting = false;
389 if (ShouldUseJavaScriptSettingForPlugin(plugin)) {
391 host_content_settings_map_->GetWebsiteSetting(
392 policy_url, policy_url, CONTENT_SETTINGS_TYPE_JAVASCRIPT,
393 std::string(), &info));
395 content_settings::SettingInfo specific_info;
396 scoped_ptr<base::Value> specific_setting(
397 host_content_settings_map_->GetWebsiteSetting(
398 policy_url, plugin_url, CONTENT_SETTINGS_TYPE_PLUGINS, resource,
400 content_settings::SettingInfo general_info;
401 scoped_ptr<base::Value> general_setting(
402 host_content_settings_map_->GetWebsiteSetting(
403 policy_url, plugin_url, CONTENT_SETTINGS_TYPE_PLUGINS,
404 std::string(), &general_info));
406 // If there is a plugin-specific setting, we use it, unless the general
407 // setting was set by policy, in which case it takes precedence.
408 uses_plugin_specific_setting = specific_setting &&
409 (general_info.source != content_settings::SETTING_SOURCE_POLICY);
410 if (uses_plugin_specific_setting) {
411 value = specific_setting.Pass();
412 info = specific_info;
414 value = general_setting.Pass();
418 *setting = content_settings::ValueToContentSetting(value.get());
419 *uses_default_content_setting =
420 !uses_plugin_specific_setting &&
421 info.primary_pattern == ContentSettingsPattern::Wildcard() &&
422 info.secondary_pattern == ContentSettingsPattern::Wildcard();
423 *is_managed = info.source == content_settings::SETTING_SOURCE_POLICY;
426 void PluginInfoMessageFilter::Context::MaybeGrantAccess(
427 const ChromeViewHostMsg_GetPluginInfo_Status& status,
428 const base::FilePath& path) const {
429 if (status.value == ChromeViewHostMsg_GetPluginInfo_Status::kAllowed ||
430 status.value == ChromeViewHostMsg_GetPluginInfo_Status::kClickToPlay) {
431 ChromePluginServiceFilter::GetInstance()->AuthorizePlugin(
432 render_process_id_, path);
436 bool PluginInfoMessageFilter::Context::IsPluginEnabled(
437 const content::WebPluginInfo& plugin) const {
438 return plugin_prefs_->IsPluginEnabled(plugin);