From 0a2869e5c3dc9b46f1aec27aa2393db079f0bfde Mon Sep 17 00:00:00 2001
From: Ben Konyi <bkonyi@google.com>
Date: Wed, 10 Apr 2019 14:38:58 -0700
Subject: [PATCH] Added support for authentication codes for the VM service
 (#8527)

---
 DEPS                                                     | 2 +-
 ci/licenses_golden/licenses_third_party                  | 2 +-
 common/settings.h                                        | 4 ++++
 runtime/dart_isolate.cc                                  | 3 ++-
 runtime/dart_service_isolate.cc                          | 5 +++++
 runtime/dart_service_isolate.h                           | 1 +
 runtime/dart_vm.cc                                       | 9 +++++++++
 shell/common/switches.cc                                 | 7 +++++++
 shell/common/switches.h                                  | 6 ++++++
 .../android/io/flutter/app/FlutterActivityDelegate.java  | 3 +++
 .../io/flutter/embedding/engine/FlutterShellArgs.java    | 9 ++++++++-
 11 files changed, 47 insertions(+), 4 deletions(-)

diff --git a/DEPS b/DEPS
index 4249fdbe19..9d5772ace6 100644
--- a/DEPS
+++ b/DEPS
@@ -31,7 +31,7 @@ vars = {
   # Dart is: https://github.com/dart-lang/sdk/blob/master/DEPS.
   # You can use //tools/dart/create_updated_flutter_deps.py to produce
   # updated revision list of existing dependencies.
-  'dart_revision': '1490a90bc1c4cbbf13470af3408584e57d135fb2',
+  'dart_revision': '15b11b018364ce032eae50d78fc8a52b541e2bce',
 
   # WARNING: DO NOT EDIT MANUALLY
   # The lines between blank lines above and below are generated by a script. See create_updated_flutter_deps.py
diff --git a/ci/licenses_golden/licenses_third_party b/ci/licenses_golden/licenses_third_party
index 05eaa5a857..ea4c2e9ba7 100644
--- a/ci/licenses_golden/licenses_third_party
+++ b/ci/licenses_golden/licenses_third_party
@@ -1,4 +1,4 @@
-Signature: 1ab2f2e559e655ad5cfe1e759d241b54
+Signature: 866085660a05bb407caffc09636cbd32
 
 UNUSED LICENSES:
 
diff --git a/common/settings.h b/common/settings.h
index ab47a559ff..96a1f8f92c 100644
--- a/common/settings.h
+++ b/common/settings.h
@@ -86,6 +86,10 @@ struct Settings {
   uint32_t observatory_port = 0;
   bool ipv6 = false;
 
+  // Determines whether an authentication code is required to communicate with
+  // the VM service.
+  bool disable_service_auth_codes = true;
+
   // Font settings
   bool use_test_fonts = false;
 
diff --git a/runtime/dart_isolate.cc b/runtime/dart_isolate.cc
index adf5655272..3c888887d9 100644
--- a/runtime/dart_isolate.cc
+++ b/runtime/dart_isolate.cc
@@ -579,7 +579,8 @@ Dart_Isolate DartIsolate::DartCreateAndStartServiceIsolate(
           settings.observatory_port,            // server observatory port
           tonic::DartState::HandleLibraryTag,   // embedder library tag handler
           false,  //  disable websocket origin check
-          error   // error (out)
+          settings.disable_service_auth_codes,  // disable VM service auth codes
+          error                                 // error (out)
           )) {
     // Error is populated by call to startup.
     FML_DLOG(ERROR) << *error;
diff --git a/runtime/dart_service_isolate.cc b/runtime/dart_service_isolate.cc
index 530af43d14..966a31bea8 100644
--- a/runtime/dart_service_isolate.cc
+++ b/runtime/dart_service_isolate.cc
@@ -134,6 +134,7 @@ bool DartServiceIsolate::Startup(std::string server_ip,
                                  intptr_t server_port,
                                  Dart_LibraryTagHandler embedder_tag_handler,
                                  bool disable_origin_check,
+                                 bool disable_service_auth_codes,
                                  char** error) {
   Dart_Isolate isolate = Dart_CurrentIsolate();
   FML_CHECK(isolate);
@@ -196,6 +197,10 @@ bool DartServiceIsolate::Startup(std::string server_ip,
       Dart_SetField(library, Dart_NewStringFromCString("_originCheckDisabled"),
                     Dart_NewBoolean(disable_origin_check));
   SHUTDOWN_ON_ERROR(result);
+  result =
+      Dart_SetField(library, Dart_NewStringFromCString("_authCodesDisabled"),
+                    Dart_NewBoolean(disable_service_auth_codes));
+  SHUTDOWN_ON_ERROR(result);
   return true;
 }
 
diff --git a/runtime/dart_service_isolate.h b/runtime/dart_service_isolate.h
index 4b98e83607..c042a07715 100644
--- a/runtime/dart_service_isolate.h
+++ b/runtime/dart_service_isolate.h
@@ -26,6 +26,7 @@ class DartServiceIsolate {
                       intptr_t server_port,
                       Dart_LibraryTagHandler embedder_tag_handler,
                       bool disable_origin_check,
+                      bool disable_service_auth_codes,
                       char** error);
 
   static std::string GetObservatoryUri();
diff --git a/runtime/dart_vm.cc b/runtime/dart_vm.cc
index 1abf8171c5..476d05f2fc 100644
--- a/runtime/dart_vm.cc
+++ b/runtime/dart_vm.cc
@@ -84,6 +84,10 @@ static const char* kDartStartPausedArgs[]{
     "--pause_isolates_on_start",
 };
 
+static const char* kDartDisableServiceAuthCodesArgs[]{
+    "--disable-service-auth-codes",
+};
+
 static const char* kDartTraceStartupArgs[]{
     "--timeline_streams=Compiler,Dart,Debugger,Embedder,GC,Isolate,VM",
 };
@@ -325,6 +329,11 @@ DartVM::DartVM(std::shared_ptr<const DartVMData> vm_data,
     PushBackAll(&args, kDartStartPausedArgs, arraysize(kDartStartPausedArgs));
   }
 
+  if (settings_.disable_service_auth_codes) {
+    PushBackAll(&args, kDartDisableServiceAuthCodesArgs,
+                arraysize(kDartDisableServiceAuthCodesArgs));
+  }
+
   if (settings_.endless_trace_buffer || settings_.trace_startup) {
     // If we are tracing startup, make sure the trace buffer is endless so we
     // don't lose early traces.
diff --git a/shell/common/switches.cc b/shell/common/switches.cc
index 916f91e48e..366923614b 100644
--- a/shell/common/switches.cc
+++ b/shell/common/switches.cc
@@ -166,6 +166,13 @@ Settings SettingsFromCommandLine(const fml::CommandLine& command_line) {
     }
   }
 
+  // Enable need for authentication codes for VM service communication, if
+  // specified.
+  // TODO(bkonyi): when authentication codes are enabled by default, change
+  // to 'DisableServiceAuthCodes' and un-negate.
+  settings.disable_service_auth_codes =
+      !command_line.HasOption(FlagForSwitch(Switch::EnableServiceAuthCodes));
+
   // Checked mode overrides.
   settings.disable_dart_asserts =
       command_line.HasOption(FlagForSwitch(Switch::DisableDartAsserts));
diff --git a/shell/common/switches.h b/shell/common/switches.h
index ac9b5e829e..b0ff32d9b4 100644
--- a/shell/common/switches.h
+++ b/shell/common/switches.h
@@ -96,6 +96,12 @@ DEF_SWITCH(FlutterAssetsDir,
            "Path to the Flutter assets directory.")
 DEF_SWITCH(Help, "help", "Display this help text.")
 DEF_SWITCH(LogTag, "log-tag", "Tag associated with log messages.")
+// TODO(bkonyi): when authentication codes are enabled by default, change
+// to 'disable-service-auth-codes' instead of 'enable-service-auth-codes'.
+DEF_SWITCH(EnableServiceAuthCodes,
+           "enable-service-auth-codes",
+           "Enable the requirement for authentication codes for communicating"
+           " with the VM service.")
 DEF_SWITCH(StartPaused,
            "start-paused",
            "Start the application paused in the Dart debugger.")
diff --git a/shell/platform/android/io/flutter/app/FlutterActivityDelegate.java b/shell/platform/android/io/flutter/app/FlutterActivityDelegate.java
index c56908db64..467bfdbce2 100644
--- a/shell/platform/android/io/flutter/app/FlutterActivityDelegate.java
+++ b/shell/platform/android/io/flutter/app/FlutterActivityDelegate.java
@@ -297,6 +297,9 @@ public final class FlutterActivityDelegate
         if (intent.getBooleanExtra("start-paused", false)) {
             args.add("--start-paused");
         }
+        if (intent.getBooleanExtra("enable-service-auth-codes", false)) {
+            args.add("--enable-service-auth-codes");
+        }
         if (intent.getBooleanExtra("use-test-fonts", false)) {
             args.add("--use-test-fonts");
         }
diff --git a/shell/platform/android/io/flutter/embedding/engine/FlutterShellArgs.java b/shell/platform/android/io/flutter/embedding/engine/FlutterShellArgs.java
index 6e5ec8c7ba..8a65a1430b 100644
--- a/shell/platform/android/io/flutter/embedding/engine/FlutterShellArgs.java
+++ b/shell/platform/android/io/flutter/embedding/engine/FlutterShellArgs.java
@@ -27,6 +27,8 @@ public class FlutterShellArgs {
   public static final String ARG_TRACE_STARTUP = "--trace-startup";
   public static final String ARG_KEY_START_PAUSED = "start-paused";
   public static final String ARG_START_PAUSED = "--start-paused";
+  public static final String ARG_KEY_ENABLE_SERVICE_AUTH_CODES = "enable-service-auth-codes";
+  public static final String ARG_ENABLE_SERVICE_AUTH_CODES = "--enable-service-auth-codes";
   public static final String ARG_KEY_USE_TEST_FONTS = "use-test-fonts";
   public static final String ARG_USE_TEST_FONTS = "--use-test-fonts";
   public static final String ARG_KEY_ENABLE_DART_PROFILING = "enable-dart-profiling";
@@ -56,6 +58,11 @@ public class FlutterShellArgs {
     if (intent.getBooleanExtra(ARG_KEY_START_PAUSED, false)) {
       args.add(ARG_START_PAUSED);
     }
+    // TODO(bkonyi): when authentication codes are enabled by default, change
+    // to 'disable-service-auth-codes' instead of 'enable-service-auth-codes'.
+    if (intent.getBooleanExtra(ARG_KEY_ENABLE_SERVICE_AUTH_CODES, false)) {
+      args.add(ARG_ENABLE_SERVICE_AUTH_CODES);
+    }
     if (intent.getBooleanExtra(ARG_KEY_USE_TEST_FONTS, false)) {
       args.add(ARG_USE_TEST_FONTS);
     }
@@ -133,4 +140,4 @@ public class FlutterShellArgs {
     String[] argsArray = new String[args.size()];
     return args.toArray(argsArray);
   }
-}
\ No newline at end of file
+}
-- 
GitLab