New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 758387 link

Starred by 5 users

Issue metadata

Status: Fixed
Owner:
Closed: Oct 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug

Blocking:
issue 731255
issue 732424
issue 755272



Sign in to add a comment

OOPIF embedding doesn't work with mus

Project Member Reported by sky@chromium.org, Aug 23 2017

Issue description

Currently embedding happens in the browser, where as in mus it should happen in the renderer.
 

Comment 1 by sky@chromium.org, Aug 29 2017

Cc: -sadrul@chromium.org
Owner: e...@chromium.org
Status: Assigned (was: Available)
Roughly, I think RenderWidgetHostViewChildFrame should request a WindowTreeClient from the child renderer, and then pass the other end of the message pipe to the parent renderer. The parent should Embed the WindowTreeClient.

Renderers use RendererWindowTreeClient, instead of aura. We cannot use aura in the renderer because it is single threaded whereas the CompositorFrameSink in the renderer is used on a different thread.

Comment 3 by e...@chromium.org, Sep 12 2017

Cc: sadrul@chromium.org e...@chromium.org
Owner: ----
Status: Available (was: Assigned)
Project Member

Comment 4 by bugdroid1@chromium.org, Sep 20 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b50f3556b65f959aa94f58abb796b0ca264bd3d1

commit b50f3556b65f959aa94f58abb796b0ca264bd3d1
Author: Scott Violet <sky@chromium.org>
Date: Wed Sep 20 00:37:38 2017

chromeos: make event interception inherited

When a WindowTreeClient embeds another WindowTreeClient the one
doing the embedding can choose to intercept events. This patch
makes interception inherited as otherwise secondary embeddings
would not necessarily intercept events, which is obviously
problematic.

BUG= 758387 
TEST=covered by test

Change-Id: I8a7628f9bb82765508c4051093ee7d843a8f07f1
Reviewed-on: https://chromium-review.googlesource.com/673854
Reviewed-by: Elliot Glaysher <erg@chromium.org>
Commit-Queue: Scott Violet <sky@chromium.org>
Cr-Commit-Position: refs/heads/master@{#503007}
[modify] https://crrev.com/b50f3556b65f959aa94f58abb796b0ca264bd3d1/services/ui/ws/window_manager_state_unittest.cc
[modify] https://crrev.com/b50f3556b65f959aa94f58abb796b0ca264bd3d1/services/ui/ws/window_tree.cc

Project Member

Comment 5 by bugdroid1@chromium.org, Oct 4 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a8140751e283f54edcb30cd645a93585c8a3eb69

commit a8140751e283f54edcb30cd645a93585c8a3eb69
Author: Scott Violet <sky@chromium.org>
Date: Wed Oct 04 19:23:37 2017

chromeos: Adds two phase embedding to window server

For OOPIF we want the parent renderer to embed the child. This is
mediated by the browser. That is, we want something like the
following:

1. Browser obtains WindowTreeClient from child renderer (cWTC).
2. Browser passes cWTC to parent renderer.
3. Parent renderer creates Window in mus and calls Embed() with cWTC.

Unfortunately in step 2 if the parent renderer were compromised then
it could directly call functions on cWTC, such as spoofing
events. This is a security problem.

To avoid this scenario I'm adding the option of a two phase
embed. This results in the following:

1. Browser obtains WindowTreeClient from child renderer (cWTC).
2. Browser calls ScheduleEmbed() on it's WindowTree
   connection. ScheduleEmbed is a new function that takes a
   WindowTreeClient and returns a token.
3. Browser waits for token.
4. Browser passes token to parent renderer.
5. Parent renderer creates Window in mus and calls Embed() passing
   token.

With this flow renderers don't end up with a WindowTreeClient from a
different client.

BUG= 758387 
TEST=covered by tests

Change-Id: I819a57cd811d4939cbeecec8aeb8273eefca64f5
Reviewed-on: https://chromium-review.googlesource.com/699519
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Reviewed-by: Michael Wasserman <msw@chromium.org>
Commit-Queue: Scott Violet <sky@chromium.org>
Cr-Commit-Position: refs/heads/master@{#506476}
[modify] https://crrev.com/a8140751e283f54edcb30cd645a93585c8a3eb69/services/ui/public/interfaces/BUILD.gn
[modify] https://crrev.com/a8140751e283f54edcb30cd645a93585c8a3eb69/services/ui/public/interfaces/window_tree.mojom
[modify] https://crrev.com/a8140751e283f54edcb30cd645a93585c8a3eb69/services/ui/ws/window_tree.cc
[modify] https://crrev.com/a8140751e283f54edcb30cd645a93585c8a3eb69/services/ui/ws/window_tree.h
[modify] https://crrev.com/a8140751e283f54edcb30cd645a93585c8a3eb69/services/ui/ws/window_tree_client_unittest.cc
[modify] https://crrev.com/a8140751e283f54edcb30cd645a93585c8a3eb69/ui/aura/mus/window_port_mus.cc
[modify] https://crrev.com/a8140751e283f54edcb30cd645a93585c8a3eb69/ui/aura/mus/window_port_mus.h
[modify] https://crrev.com/a8140751e283f54edcb30cd645a93585c8a3eb69/ui/aura/mus/window_tree_client.cc
[modify] https://crrev.com/a8140751e283f54edcb30cd645a93585c8a3eb69/ui/aura/mus/window_tree_client.h
[modify] https://crrev.com/a8140751e283f54edcb30cd645a93585c8a3eb69/ui/aura/test/mus/test_window_tree.cc
[modify] https://crrev.com/a8140751e283f54edcb30cd645a93585c8a3eb69/ui/aura/test/mus/test_window_tree.h

Project Member

Comment 6 by bugdroid1@chromium.org, Oct 5 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1098538e5eeec1a11a7e67bdb67fc42127455648

commit 1098538e5eeec1a11a7e67bdb67fc42127455648
Author: Scott Violet <sky@chromium.org>
Date: Thu Oct 05 19:23:33 2017

chromeos: Gets OOPIF working for mus

The flow is:
1. browser requests WindowTreeClient from the RenderWidget of the
  frame to embed.
2. browser send a message to the parent RenderFrameProxy with the
   WindowTreeClient.
3. RenderFrameProxy forwards to RendererWindowTreeClient to create the
   child window and embed the WindowTreeClient in it.

BUG= 758387 
TEST=none

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_site_isolation
Change-Id: I0296e802c0f754e463c65492f38ec5a68df30eba
Reviewed-on: https://chromium-review.googlesource.com/673066
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Sadrul Chowdhury <sadrul@chromium.org>
Commit-Queue: Scott Violet <sky@chromium.org>
Cr-Commit-Position: refs/heads/master@{#506819}
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/browser/frame_host/cross_process_frame_connector.cc
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/browser/frame_host/cross_process_frame_connector.h
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/browser/frame_host/render_frame_proxy_host.cc
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/browser/frame_host/render_frame_proxy_host.h
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/browser/renderer_host/frame_connector_delegate.h
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/browser/renderer_host/render_widget_host_view_aura.cc
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/browser/renderer_host/render_widget_host_view_aura.h
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/browser/renderer_host/render_widget_host_view_base.cc
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/browser/renderer_host/render_widget_host_view_base.h
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/browser/renderer_host/render_widget_host_view_child_frame.cc
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/browser/site_per_process_browsertest.cc
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/common/render_widget_window_tree_client_factory.mojom
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/public/test/text_input_test_utils.cc
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/renderer/BUILD.gn
[add] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/renderer/mash_util.cc
[add] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/renderer/mash_util.h
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/renderer/mus/render_widget_window_tree_client_factory.cc
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/renderer/mus/renderer_window_tree_client.cc
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/renderer/mus/renderer_window_tree_client.h
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/renderer/render_frame_proxy.cc
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/renderer/render_frame_proxy.h
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/renderer/render_thread_impl.cc
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/renderer/render_widget.cc
[modify] https://crrev.com/1098538e5eeec1a11a7e67bdb67fc42127455648/content/renderer/render_widget.h

Components: MUS

Comment 8 by sky@chromium.org, Oct 10 2017

Owner: sky@chromium.org
Status: Fixed (was: Available)

Comment 9 by sky@chromium.org, Oct 10 2017

Blocking: -732424

Comment 10 by sky@chromium.org, Oct 10 2017

Blocking: 732424
Cc: xiy...@chromium.org rjkroege@chromium.org fsam...@chromium.org sky@chromium.org jamescook@chromium.org
 Issue 732424  has been merged into this issue.

Comment 11 by sky@chromium.org, Oct 10 2017

 Issue 715280  has been merged into this issue.

Comment 12 by dchan@chromium.org, Jan 22 2018

Status: Archived (was: Fixed)

Comment 13 by dchan@chromium.org, Jan 23 2018

Status: Fixed (was: Archived)
Components: -MUS Internals>Services>WindowService

Sign in to add a comment