ChildProcessId and Mojo

[Christopher Staite]

Hi all,

I’m getting in touch with regards bug https://crbug.com/379869738 whereby the untyped renderer process ID is being converted to a base::IdType (int32_t -> content::ChildProcessId).

I’ve gotten to a part where I’m in need of passing the content::ChildProcessId around in mojo and we’re at a bit of an impasse as to what to do about the “special” value 0.  This value indicates that it is the browser process, however it is also marked as an invalid value for ChildProcessId.

The issue comes from the understanding that invalid values are not allowed over a mojo interface.  And therefore the value 0 ought to be rejected.  However, there are cases where this value needs to be passed currently to indicate the browser process, for example, it bypasses the ChildProcessSecurityPolicy for file uploads that originate in the browser process.

There’s been a few suggestions as to what to do here.  I think the current best is to have the value of 0 as invalid and instead change the uses of checking for this to instead take an std::optional<content::ChildProcessId> and treat std::nullopt as the browser process.  Essentially this is the same thing, but we no longer allow for an invalid value to be passed.

There’s another consideration to make here which is that the content::ChildProcessId is now a type required within network which breaks component isolation.  I think perhaps we need to have a duplicate type, say network::RendererProcessId which is used there?

I’ve done some digging for uses of the process ID in mojo and I’ve found these locations (this may not be exhaustive):

content/browser/process_internals/process_internals.mojom FrameInfo

services/network/public/mojom/network_context.mojom URLLoaderFactoryParams, NetworkContext

services/network/public/mojom/network_service.mojom NetworkService

services/network/public/mojom/network_context_client.mojom NetworkContextClient

services/network/public/mojom/url_request.mojom WebBundleTokenParams

chromecast/browser/mojom/cast_web_contents.mojom CastWebContentsObserver

device/vr/public/mojom/isolated_xr_service.mojom XRRuntimeSessionOptions

For reference, the CL that this is being discussed on currently is https://crrev.com/c/7269607 and an example of its use is at https://crrev.com/c/7270005

In summary:

 - Should content::ChildProcessId be used in network, or should there be a mirrored network::RendererProcessId?

 - How should the special case of the browser process be handled (currently the magic number 0) - std::optional, a wrapper class, continue with a magic number?

I appreciate your input on this.

Thanks, Chris.

[Dave Tapuska]

network doesn't depend on content. So I don't think that is an option is it?

I probably would have added a union in the network service definition. 

struct BrowserProcess {

};

struct ChildProcess {

  int32 process_id;

};

union ProcessIdentifier {

  BrowserProcess browser_process;

  ChildProcess child_process;

};

dave.

--
You received this message because you are subscribed to the Google Groups "content-owners" group.
To unsubscribe from this group and stop receiving emails from it, send an email to content-owner...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/content-owners/FF7D5709-2A6B-4D3E-A873-74A8D4A56FA4%40menlosecurity.com.