From d77b6347eca69425d9d64a0fc22f84e3ab2f53cb Mon Sep 17 00:00:00 2001 From: Bakka Uday Kiran Date: Mon, 30 Jan 2023 19:18:51 +0530 Subject: [PATCH] [M108 Migration] Set ContentSecurityPolicy rules to blink 1. Set CSP rules from ewk API to engine via mojo IPC after |RenderFrameObserver::DidCreateDocumentElement| is notified. 2. Set sandbox flag on security context when |WebDocument::SetContentSecurityPolicyUsingHeader| is invoked. References: https://review.tizen.org/gerrit/c/278286 https://review.tizen.org/gerrit/c/281099 Change-Id: I005b4ca61bc4c6dd1f7765eb18563889685c1a77 Signed-off-by: Bakka Uday Kiran --- third_party/blink/public/mojom/frame/frame.mojom | 7 ++++ .../frame/csp/execution_context_csp_delegate.cc | 3 ++ .../blink/renderer/core/frame/local_frame.cc | 15 +++++++ .../blink/renderer/core/frame/local_frame.h | 14 +++++++ .../core/frame/local_frame_mojo_handler.cc | 9 +++++ .../renderer/core/frame/local_frame_mojo_handler.h | 6 +++ .../efl_integration/common/render_messages_ewk.h | 8 +--- .../renderer/render_frame_observer_efl.cc | 7 ++++ .../renderer/render_frame_observer_efl.h | 2 + .../efl_integration/web_contents_observer_efl.cc | 47 +++++++++++++--------- .../efl_integration/web_contents_observer_efl.h | 2 +- 11 files changed, 94 insertions(+), 26 deletions(-) diff --git a/third_party/blink/public/mojom/frame/frame.mojom b/third_party/blink/public/mojom/frame/frame.mojom index 7a4564f..53b1b4d 100644 --- a/third_party/blink/public/mojom/frame/frame.mojom +++ b/third_party/blink/public/mojom/frame/frame.mojom @@ -998,6 +998,13 @@ interface LocalMainFrame { UpdateBrowserControlsState(cc.mojom.BrowserControlsState constraints, cc.mojom.BrowserControlsState current, bool animate); + + // Applies CSP policies set from ewk api or wrt config.xml. + [EnableIf=is_efl] + SetContentSecurityPolicyUsingHeader( + string policy, + network.mojom.ContentSecurityPolicyType header_type, + url.mojom.Url base_url); }; // Implemented in Browser, this interface defines local-main-frame-specific diff --git a/third_party/blink/renderer/core/frame/csp/execution_context_csp_delegate.cc b/third_party/blink/renderer/core/frame/csp/execution_context_csp_delegate.cc index 4991800..45530d6 100644 --- a/third_party/blink/renderer/core/frame/csp/execution_context_csp_delegate.cc +++ b/third_party/blink/renderer/core/frame/csp/execution_context_csp_delegate.cc @@ -57,6 +57,9 @@ void ExecutionContextCSPDelegate::SetSandboxFlags( // the Agent that is assigned for the ExecutionContext. Changing // an ExecutionContext's agent in the middle of an object lifecycle // is not permitted. +#if BUILDFLAG(IS_TIZEN) + GetSecurityContext().SetSandboxFlags(mask); +#endif // Since Workers and Worklets don't share agents (each one is unique) // we allow them to apply new sandbox flags on top of the current ones. diff --git a/third_party/blink/renderer/core/frame/local_frame.cc b/third_party/blink/renderer/core/frame/local_frame.cc index 79bb525..3bcc1b5 100644 --- a/third_party/blink/renderer/core/frame/local_frame.cc +++ b/third_party/blink/renderer/core/frame/local_frame.cc @@ -2752,6 +2752,21 @@ void LocalFrame::SetScaleFactor(float scale_factor) { GetPage()->GetVisualViewport().SetScale(scale_factor); } +#if BUILDFLAG(IS_EFL) +void LocalFrame::SetContentSecurityPolicyUsingHeader( + const String& policy, + network::mojom::ContentSecurityPolicyType header_type, + const KURL& base_url) { + ExecutionContext* context = GetDocument()->GetExecutionContext(); + if (!context) + return; + + context->GetContentSecurityPolicy()->AddPolicies(ParseContentSecurityPolicies( + policy, header_type, + network::mojom::blink::ContentSecurityPolicySource::kHTTP, base_url)); +} +#endif + void LocalFrame::ClosePageForTesting() { mojo_handler_->ClosePageForTesting(); } diff --git a/third_party/blink/renderer/core/frame/local_frame.h b/third_party/blink/renderer/core/frame/local_frame.h index 4296d02..31a8799 100644 --- a/third_party/blink/renderer/core/frame/local_frame.h +++ b/third_party/blink/renderer/core/frame/local_frame.h @@ -92,6 +92,14 @@ namespace base { class SingleThreadTaskRunner; } +#if BUILDFLAG(IS_EFL) +namespace network { +namespace mojom { +enum class ContentSecurityPolicyType : int32_t; +} +} // namespace network +#endif + namespace gfx { class Point; class Range; @@ -708,6 +716,12 @@ class CORE_EXPORT LocalFrame final void SetScaleFactor(float scale); void ClosePageForTesting(); void SetInitialFocus(bool reverse); +#if BUILDFLAG(IS_EFL) + void SetContentSecurityPolicyUsingHeader( + const String& policy, + network::mojom::ContentSecurityPolicyType header_type, + const KURL& base_url); +#endif #if BUILDFLAG(IS_MAC) void GetCharacterIndexAtPoint(const gfx::Point& point); diff --git a/third_party/blink/renderer/core/frame/local_frame_mojo_handler.cc b/third_party/blink/renderer/core/frame/local_frame_mojo_handler.cc index 4dd8501..5af0855 100644 --- a/third_party/blink/renderer/core/frame/local_frame_mojo_handler.cc +++ b/third_party/blink/renderer/core/frame/local_frame_mojo_handler.cc @@ -1423,6 +1423,15 @@ void LocalFrameMojoHandler::UpdateBrowserControlsState( current, animate); } +#if BUILDFLAG(IS_EFL) +void LocalFrameMojoHandler::SetContentSecurityPolicyUsingHeader( + const String& policy, + network::mojom::ContentSecurityPolicyType header_type, + const KURL& base_url) { + frame_->SetContentSecurityPolicyUsingHeader(policy, header_type, base_url); +} +#endif + void LocalFrameMojoHandler::DispatchBeforeUnload( bool is_reload, mojom::blink::LocalFrame::BeforeUnloadCallback callback) { diff --git a/third_party/blink/renderer/core/frame/local_frame_mojo_handler.h b/third_party/blink/renderer/core/frame/local_frame_mojo_handler.h index 64ce603..0c16199 100644 --- a/third_party/blink/renderer/core/frame/local_frame_mojo_handler.h +++ b/third_party/blink/renderer/core/frame/local_frame_mojo_handler.h @@ -230,6 +230,12 @@ class LocalFrameMojoHandler void UpdateBrowserControlsState(cc::BrowserControlsState constraints, cc::BrowserControlsState current, bool animate) override; +#if BUILDFLAG(IS_EFL) + void SetContentSecurityPolicyUsingHeader( + const String& policy, + network::mojom::ContentSecurityPolicyType header_type, + const KURL& base_url) override; +#endif // mojom::blink::HighPriorityLocalFrame implementation: void DispatchBeforeUnload( diff --git a/tizen_src/ewk/efl_integration/common/render_messages_ewk.h b/tizen_src/ewk/efl_integration/common/render_messages_ewk.h index ce935e3..b1c7056 100644 --- a/tizen_src/ewk/efl_integration/common/render_messages_ewk.h +++ b/tizen_src/ewk/efl_integration/common/render_messages_ewk.h @@ -151,13 +151,7 @@ IPC_MESSAGE_CONTROL3(EwkViewHostMsg_HitTestAsyncReply, Hit_Test_Params, int64_t /* request id */) -IPC_MESSAGE_ROUTED2(EwkViewMsg_SetCSP, - std::string, /* policy */ - Ewk_CSP_Header_Type /* header type */) - -IPC_SYNC_MESSAGE_ROUTED0_2(EwkHostMsg_GetContentSecurityPolicy, - std::string, /* policy */ - Ewk_CSP_Header_Type /* header type */) +IPC_MESSAGE_ROUTED0(EwkHostMsg_DidCreateDocumentElement) IPC_MESSAGE_ROUTED1(EwkHostMsg_DidPrintPagesToPdf, DidPrintPagesParams /* pdf document parameters */) diff --git a/tizen_src/ewk/efl_integration/renderer/render_frame_observer_efl.cc b/tizen_src/ewk/efl_integration/renderer/render_frame_observer_efl.cc index f5f3208..860b3b6 100644 --- a/tizen_src/ewk/efl_integration/renderer/render_frame_observer_efl.cc +++ b/tizen_src/ewk/efl_integration/renderer/render_frame_observer_efl.cc @@ -233,6 +233,13 @@ void RenderFrameObserverEfl::WillSubmitForm( Send(new EwkHostMsg_FormSubmit(render_frame()->GetRoutingID(), url)); } +void RenderFrameObserverEfl::DidCreateDocumentElement() { + if (!render_frame()->IsMainFrame()) + return; + + Send(new EwkHostMsg_DidCreateDocumentElement(render_frame()->GetRoutingID())); +} + void RenderFrameObserverEfl::DidCreateScriptContext( v8::Local context, int world_id) { diff --git a/tizen_src/ewk/efl_integration/renderer/render_frame_observer_efl.h b/tizen_src/ewk/efl_integration/renderer/render_frame_observer_efl.h index 9b56cb3..6a4c564 100644 --- a/tizen_src/ewk/efl_integration/renderer/render_frame_observer_efl.h +++ b/tizen_src/ewk/efl_integration/renderer/render_frame_observer_efl.h @@ -54,6 +54,8 @@ class RenderFrameObserverEfl : public RenderFrameObserver { int world_id) override; void DidUpdateMainFrameLayout() override; + void DidCreateDocumentElement() override; + private: void OnSelectPopupMenuItems(bool canceled, const std::vector& selected_indices); diff --git a/tizen_src/ewk/efl_integration/web_contents_observer_efl.cc b/tizen_src/ewk/efl_integration/web_contents_observer_efl.cc index 537b761..d9d6374 100644 --- a/tizen_src/ewk/efl_integration/web_contents_observer_efl.cc +++ b/tizen_src/ewk/efl_integration/web_contents_observer_efl.cc @@ -40,6 +40,21 @@ using autofill::AutofillClientEfl; namespace content { +namespace { +typedef network::mojom::ContentSecurityPolicyType SecurityPolicyType; + +static_assert(static_cast(SecurityPolicyType::kReport) == + static_cast(EWK_REPORT_ONLY), + "mismatching enums : EWK_REPORT_ONLY"); +static_assert(static_cast(SecurityPolicyType::kEnforce) == + static_cast(EWK_ENFORCE_POLICY), + "mismatching enums : EWK_ENFORCE_POLICY"); + +SecurityPolicyType ToSecurityPolicyType(Ewk_CSP_Header_Type type) { + return static_cast(type); +} +} // namespace + static bool IsMainFrame(RenderFrameHost* render_frame_host) { return !render_frame_host->GetParent(); } @@ -58,10 +73,11 @@ void WebContentsObserverEfl::SetContentSecurityPolicy( const std::string& policy, Ewk_CSP_Header_Type header_type) { if (document_created_) { -#if !defined(EWK_BRINGUP) // FIXME: m94 bringup - RenderViewHost* rvh = web_contents_.GetRenderViewHost(); - rvh->Send(new EwkViewMsg_SetCSP(rvh->GetRoutingID(), policy, header_type)); -#endif + WebContentsImpl* wci = static_cast(&web_contents_); + wci->GetPrimaryMainFrame() + ->GetAssociatedLocalMainFrame() + ->SetContentSecurityPolicyUsingHeader( + policy, ToSecurityPolicyType(header_type), wci->GetURL()); } else { DCHECK(!pending_content_security_policy_.get()); pending_content_security_policy_.reset( @@ -205,8 +221,8 @@ bool WebContentsObserverEfl::OnMessageReceived( RenderFrameHost* render_frame_host) { bool handled = true; IPC_BEGIN_MESSAGE_MAP(WebContentsObserverEfl, message) - IPC_MESSAGE_HANDLER_DELAY_REPLY(EwkHostMsg_GetContentSecurityPolicy, - OnGetContentSecurityPolicy) + IPC_MESSAGE_HANDLER(EwkHostMsg_DidCreateDocumentElement, + OnDidCreateDocumentElement) IPC_MESSAGE_HANDLER(EwkHostMsg_DidPrintPagesToPdf, OnPrintedMetafileReceived) IPC_MESSAGE_HANDLER(EwkHostMsg_WrtMessage, OnWrtPluginMessage) @@ -232,19 +248,14 @@ bool WebContentsObserverEfl::Send(IPC::Message* message) { #endif } -void WebContentsObserverEfl::OnGetContentSecurityPolicy( - IPC::Message* reply_msg) { +void WebContentsObserverEfl::OnDidCreateDocumentElement() { document_created_ = true; - if (!pending_content_security_policy_.get()) { - EwkHostMsg_GetContentSecurityPolicy::WriteReplyParams( - reply_msg, std::string(), EWK_DEFAULT_POLICY); - } else { - EwkHostMsg_GetContentSecurityPolicy::WriteReplyParams( - reply_msg, pending_content_security_policy_->policy, - pending_content_security_policy_->header_type); - pending_content_security_policy_.reset(); - } - Send(reply_msg); + if (!pending_content_security_policy_.get()) + return; + + Ewk_CSP_Header_Type type = pending_content_security_policy_->header_type; + if (type == EWK_REPORT_ONLY || type == EWK_ENFORCE_POLICY) + SetContentSecurityPolicy(pending_content_security_policy_->policy, type); } void WebContentsObserverEfl::OnPrintedMetafileReceived( diff --git a/tizen_src/ewk/efl_integration/web_contents_observer_efl.h b/tizen_src/ewk/efl_integration/web_contents_observer_efl.h index b870fa6..95480e0 100644 --- a/tizen_src/ewk/efl_integration/web_contents_observer_efl.h +++ b/tizen_src/ewk/efl_integration/web_contents_observer_efl.h @@ -66,7 +66,7 @@ class WebContentsObserverEfl : public WebContentsObserver, public IPC::Sender { RenderFrameHost* render_frame_host) override; // IPC message handlers: - void OnGetContentSecurityPolicy(IPC::Message* reply_msg); + void OnDidCreateDocumentElement(); void OnPrintedMetafileReceived(const DidPrintPagesParams& params); void OnWrtPluginMessage(const Ewk_Wrt_Message_Data& data); void OnWrtPluginSyncMessage(const Ewk_Wrt_Message_Data& data, -- 2.7.4