| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chrome_content_browser_client.h" | 5 #include "chrome/browser/chrome_content_browser_client.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <utility> | 8 #include <utility> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 128 #endif | 128 #endif |
| 129 | 129 |
| 130 using content::AccessTokenStore; | 130 using content::AccessTokenStore; |
| 131 using content::BrowserThread; | 131 using content::BrowserThread; |
| 132 using content::BrowserURLHandler; | 132 using content::BrowserURLHandler; |
| 133 using content::ChildProcessSecurityPolicy; | 133 using content::ChildProcessSecurityPolicy; |
| 134 using content::QuotaPermissionContext; | 134 using content::QuotaPermissionContext; |
| 135 using content::RenderViewHost; | 135 using content::RenderViewHost; |
| 136 using content::SiteInstance; | 136 using content::SiteInstance; |
| 137 using content::WebContents; | 137 using content::WebContents; |
| 138 using extensions::APIPermission; |
| 138 using extensions::Extension; | 139 using extensions::Extension; |
| 139 using webkit_glue::WebPreferences; | 140 using webkit_glue::WebPreferences; |
| 140 | 141 |
| 141 namespace { | 142 namespace { |
| 142 | 143 |
| 143 const char* kPredefinedAllowedSocketOrigins[] = { | 144 const char* kPredefinedAllowedSocketOrigins[] = { |
| 144 "okddffdblfhhnmhodogpojmfkjmhinfp", // Test SSH Client | 145 "okddffdblfhhnmhodogpojmfkjmhinfp", // Test SSH Client |
| 145 "pnhechapfaindjhompbnflcldabbghjo", // HTerm App (SSH Client) | 146 "pnhechapfaindjhompbnflcldabbghjo", // HTerm App (SSH Client) |
| 146 "bglhmjfplikpjnfoegeomebmfnkjomhe", // see crbug.com/122126 | 147 "bglhmjfplikpjnfoegeomebmfnkjomhe", // see crbug.com/122126 |
| 147 "gbchcmhmhahfdphkhkmpfmihenigjmpp", // Chrome Remote Desktop | 148 "gbchcmhmhahfdphkhkmpfmihenigjmpp", // Chrome Remote Desktop |
| (...skipping 341 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 489 const Extension* extension = profile->GetExtensionService()->extensions()-> | 490 const Extension* extension = profile->GetExtensionService()->extensions()-> |
| 490 GetExtensionOrAppByURL(ExtensionURLInfo(effective_url)); | 491 GetExtensionOrAppByURL(ExtensionURLInfo(effective_url)); |
| 491 if (!extension) | 492 if (!extension) |
| 492 return false; | 493 return false; |
| 493 | 494 |
| 494 // If the URL is part of a hosted app that does not have the background | 495 // If the URL is part of a hosted app that does not have the background |
| 495 // permission, or that does not allow JavaScript access to the background | 496 // permission, or that does not allow JavaScript access to the background |
| 496 // page, we want to give each instance its own process to improve | 497 // page, we want to give each instance its own process to improve |
| 497 // responsiveness. | 498 // responsiveness. |
| 498 if (extension->GetType() == Extension::TYPE_HOSTED_APP) { | 499 if (extension->GetType() == Extension::TYPE_HOSTED_APP) { |
| 499 if (!extension->HasAPIPermission(ExtensionAPIPermission::kBackground) || | 500 if (!extension->HasAPIPermission(APIPermission::kBackground) || |
| 500 !extension->allow_background_js_access()) { | 501 !extension->allow_background_js_access()) { |
| 501 return false; | 502 return false; |
| 502 } | 503 } |
| 503 } | 504 } |
| 504 | 505 |
| 505 // Hosted apps that have script access to their background page must use | 506 // Hosted apps that have script access to their background page must use |
| 506 // process per site, since all instances can make synchronous calls to the | 507 // process per site, since all instances can make synchronous calls to the |
| 507 // background window. Other extensions should use process per site as well. | 508 // background window. Other extensions should use process per site as well. |
| 508 return true; | 509 return true; |
| 509 } | 510 } |
| (...skipping 641 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1151 | 1152 |
| 1152 // Skip showing the infobar if the request comes from an extension, and that | 1153 // Skip showing the infobar if the request comes from an extension, and that |
| 1153 // extension has the 'notify' permission. (If the extension does not have the | 1154 // extension has the 'notify' permission. (If the extension does not have the |
| 1154 // permission, the user will still be prompted.) | 1155 // permission, the user will still be prompted.) |
| 1155 Profile* profile = Profile::FromBrowserContext(contents->GetBrowserContext()); | 1156 Profile* profile = Profile::FromBrowserContext(contents->GetBrowserContext()); |
| 1156 ExtensionService* service = profile->GetExtensionService(); | 1157 ExtensionService* service = profile->GetExtensionService(); |
| 1157 const Extension* extension = !service ? NULL : | 1158 const Extension* extension = !service ? NULL : |
| 1158 service->extensions()->GetExtensionOrAppByURL(ExtensionURLInfo( | 1159 service->extensions()->GetExtensionOrAppByURL(ExtensionURLInfo( |
| 1159 source_origin)); | 1160 source_origin)); |
| 1160 if (extension && | 1161 if (extension && |
| 1161 extension->HasAPIPermission(ExtensionAPIPermission::kNotification)) { | 1162 extension->HasAPIPermission(APIPermission::kNotification)) { |
| 1162 RenderViewHost* rvh = | 1163 RenderViewHost* rvh = |
| 1163 RenderViewHost::FromID(render_process_id, render_view_id); | 1164 RenderViewHost::FromID(render_process_id, render_view_id); |
| 1164 if (rvh) | 1165 if (rvh) |
| 1165 rvh->DesktopNotificationPermissionRequestDone(callback_context); | 1166 rvh->DesktopNotificationPermissionRequestDone(callback_context); |
| 1166 return; | 1167 return; |
| 1167 } | 1168 } |
| 1168 | 1169 |
| 1169 DesktopNotificationService* notifications = | 1170 DesktopNotificationService* notifications = |
| 1170 DesktopNotificationServiceFactory::GetForProfile(profile); | 1171 DesktopNotificationServiceFactory::GetForProfile(profile); |
| 1171 notifications->RequestPermission(source_origin, render_process_id, | 1172 notifications->RequestPermission(source_origin, render_process_id, |
| 1172 render_view_id, callback_context, contents); | 1173 render_view_id, callback_context, contents); |
| 1173 #else | 1174 #else |
| 1174 NOTIMPLEMENTED(); | 1175 NOTIMPLEMENTED(); |
| 1175 #endif | 1176 #endif |
| 1176 } | 1177 } |
| 1177 | 1178 |
| 1178 WebKit::WebNotificationPresenter::Permission | 1179 WebKit::WebNotificationPresenter::Permission |
| 1179 ChromeContentBrowserClient::CheckDesktopNotificationPermission( | 1180 ChromeContentBrowserClient::CheckDesktopNotificationPermission( |
| 1180 const GURL& source_origin, | 1181 const GURL& source_origin, |
| 1181 content::ResourceContext* context, | 1182 content::ResourceContext* context, |
| 1182 int render_process_id) { | 1183 int render_process_id) { |
| 1183 #if defined(ENABLE_NOTIFICATIONS) | 1184 #if defined(ENABLE_NOTIFICATIONS) |
| 1184 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 1185 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| 1185 ProfileIOData* io_data = ProfileIOData::FromResourceContext(context); | 1186 ProfileIOData* io_data = ProfileIOData::FromResourceContext(context); |
| 1186 if (io_data->GetExtensionInfoMap()->SecurityOriginHasAPIPermission( | 1187 if (io_data->GetExtensionInfoMap()->SecurityOriginHasAPIPermission( |
| 1187 source_origin, render_process_id, | 1188 source_origin, render_process_id, |
| 1188 ExtensionAPIPermission::kNotification)) | 1189 APIPermission::kNotification)) |
| 1189 return WebKit::WebNotificationPresenter::PermissionAllowed; | 1190 return WebKit::WebNotificationPresenter::PermissionAllowed; |
| 1190 | 1191 |
| 1191 // Fall back to the regular notification preferences, which works on an | 1192 // Fall back to the regular notification preferences, which works on an |
| 1192 // origin basis. | 1193 // origin basis. |
| 1193 return io_data->GetNotificationService() ? | 1194 return io_data->GetNotificationService() ? |
| 1194 io_data->GetNotificationService()->HasPermission(source_origin) : | 1195 io_data->GetNotificationService()->HasPermission(source_origin) : |
| 1195 WebKit::WebNotificationPresenter::PermissionNotAllowed; | 1196 WebKit::WebNotificationPresenter::PermissionNotAllowed; |
| 1196 #else | 1197 #else |
| 1197 return WebKit::WebNotificationPresenter::PermissionAllowed; | 1198 return WebKit::WebNotificationPresenter::PermissionAllowed; |
| 1198 #endif | 1199 #endif |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1260 | 1261 |
| 1261 // If the opener is trying to create a background window but doesn't have | 1262 // If the opener is trying to create a background window but doesn't have |
| 1262 // the appropriate permission, fail the attempt. | 1263 // the appropriate permission, fail the attempt. |
| 1263 if (container_type == WINDOW_CONTAINER_TYPE_BACKGROUND) { | 1264 if (container_type == WINDOW_CONTAINER_TYPE_BACKGROUND) { |
| 1264 ProfileIOData* io_data = ProfileIOData::FromResourceContext(context); | 1265 ProfileIOData* io_data = ProfileIOData::FromResourceContext(context); |
| 1265 ExtensionInfoMap* map = io_data->GetExtensionInfoMap(); | 1266 ExtensionInfoMap* map = io_data->GetExtensionInfoMap(); |
| 1266 | 1267 |
| 1267 if (!map->SecurityOriginHasAPIPermission( | 1268 if (!map->SecurityOriginHasAPIPermission( |
| 1268 source_origin, | 1269 source_origin, |
| 1269 render_process_id, | 1270 render_process_id, |
| 1270 ExtensionAPIPermission::kBackground)) { | 1271 APIPermission::kBackground)) { |
| 1271 return false; | 1272 return false; |
| 1272 } | 1273 } |
| 1273 | 1274 |
| 1274 // Note: this use of GetExtensionOrAppByURL is safe but imperfect. It may | 1275 // Note: this use of GetExtensionOrAppByURL is safe but imperfect. It may |
| 1275 // return a recently installed Extension even if this CanCreateWindow call | 1276 // return a recently installed Extension even if this CanCreateWindow call |
| 1276 // was made by an old copy of the page in a normal web process. That's ok, | 1277 // was made by an old copy of the page in a normal web process. That's ok, |
| 1277 // because the permission check above would have caused an early return | 1278 // because the permission check above would have caused an early return |
| 1278 // already. We must use the full URL to find hosted apps, though, and not | 1279 // already. We must use the full URL to find hosted apps, though, and not |
| 1279 // just the origin. | 1280 // just the origin. |
| 1280 const Extension* extension = map->extensions().GetExtensionOrAppByURL( | 1281 const Extension* extension = map->extensions().GetExtensionOrAppByURL( |
| (...skipping 288 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1569 StringTokenizer t(allowed_list, ","); | 1570 StringTokenizer t(allowed_list, ","); |
| 1570 while (t.GetNext()) { | 1571 while (t.GetNext()) { |
| 1571 if (t.token() == host) | 1572 if (t.token() == host) |
| 1572 return true; | 1573 return true; |
| 1573 } | 1574 } |
| 1574 } | 1575 } |
| 1575 | 1576 |
| 1576 if (!extension) | 1577 if (!extension) |
| 1577 return false; | 1578 return false; |
| 1578 | 1579 |
| 1579 if (extension->HasAPIPermission(ExtensionAPIPermission::kSocket)) | 1580 if (extension->HasAPIPermission(APIPermission::kSocket)) |
| 1580 return true; | 1581 return true; |
| 1581 | 1582 |
| 1582 return false; | 1583 return false; |
| 1583 } | 1584 } |
| 1584 | 1585 |
| 1585 bool ChromeContentBrowserClient::AllowPepperPrivateFileAPI() { | 1586 bool ChromeContentBrowserClient::AllowPepperPrivateFileAPI() { |
| 1586 return CommandLine::ForCurrentProcess()->HasSwitch( | 1587 return CommandLine::ForCurrentProcess()->HasSwitch( |
| 1587 switches::kPpapiFlashInProcess); | 1588 switches::kPpapiFlashInProcess); |
| 1588 } | 1589 } |
| 1589 | 1590 |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1633 io_thread_application_locale_ = locale; | 1634 io_thread_application_locale_ = locale; |
| 1634 } | 1635 } |
| 1635 | 1636 |
| 1636 void ChromeContentBrowserClient::SetApplicationLocaleOnIOThread( | 1637 void ChromeContentBrowserClient::SetApplicationLocaleOnIOThread( |
| 1637 const std::string& locale) { | 1638 const std::string& locale) { |
| 1638 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 1639 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| 1639 io_thread_application_locale_ = locale; | 1640 io_thread_application_locale_ = locale; |
| 1640 } | 1641 } |
| 1641 | 1642 |
| 1642 } // namespace chrome | 1643 } // namespace chrome |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10649003:
Move each permission classes to its own files in extensions/permissions (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master