Make ActiveTabPermissionManager also grant the tabs permission.

chrome/renderer/extensions/extension_dispatcher.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/renderer/extensions/extension_dispatcher.h"
 
 #include "base/callback.h"
 #include "base/command_line.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/string_piece.h"
@@ skipping 59 matching lines @@
 using WebKit::WebDocument;
 using WebKit::WebFrame;
 using WebKit::WebScopedUserGesture;
 using WebKit::WebSecurityPolicy;
 using WebKit::WebString;
 using WebKit::WebVector;
 using WebKit::WebView;
 using content::RenderThread;
 using content::RenderView;
 using extensions::APIPermission;
+using extensions::APIPermissionSet;
 using extensions::ApiDefinitionsNatives;
 using extensions::AppWindowCustomBindings;
 using extensions::ContextMenusCustomBindings;
 using extensions::Extension;
 using extensions::ExperimentalAppCustomBindings;
 using extensions::ExperimentalUsbCustomBindings;
 using extensions::ExtensionAPI;
 using extensions::ExtensionCustomBindings;
 using extensions::Feature;
 using extensions::FileBrowserHandlerCustomBindings;
@@ skipping 896 matching lines @@
   // the target tab. This may change. Either way, if this is the target tab it
   // gives us the chance to check against the page ID to avoid races.
   DCHECK(view);
   if (view && view->GetPageId() != page_id)
     return;
 
   const Extension* extension = extensions_.GetByID(extension_id);
   if (!extension)
     return;
 
-  extension->SetTabSpecificHostPermissions(tab_id, origin_set);
+  extension->UpdateTabSpecificPermissions(
+      tab_id,
+      new PermissionSet(APIPermissionSet(), origin_set, URLPatternSet()));
 }
 
 void ExtensionDispatcher::OnClearTabSpecificPermissions(
     int tab_id,
     const std::vector<std::string>& extension_ids) {
   for (std::vector<std::string>::const_iterator it = extension_ids.begin();
        it != extension_ids.end(); ++it) {
     const Extension* extension = extensions_.GetByID(*it);
     if (extension)
-      extension->ClearTabSpecificHostPermissions(tab_id);
+      extension->ClearTabSpecificPermissions(tab_id);
   }
 }
 
 void ExtensionDispatcher::OnUpdateUserScripts(
     base::SharedMemoryHandle scripts) {
   DCHECK(base::SharedMemory::IsHandleValid(scripts)) << "Bad scripts handle";
   user_script_slave_->UpdateScripts(scripts);
   UpdateActiveExtensions();
 }
 
@@ skipping 88 matching lines @@
 }
 
 bool ExtensionDispatcher::CheckCurrentContextAccessToExtensionAPI(
     const std::string& function_name) const {
   ChromeV8Context* context = v8_context_set().GetCurrent();
   if (!context) {
     DLOG(ERROR) << "Not in a v8::Context";
     return false;
   }
 
-  if (!context->extension() ||
+  if (!context->extension()) {
+    v8::ThrowException(
+        v8::Exception::Error(v8::String::New("Not in an extension.")));
+    return false;
+  }
+
+  // We need to whitelist tabs.executeScript and tabs.insertCSS because they
+  // are granted under special circumstances with the activeTab permission
+  // (note that the browser checks too, so this isn't a security problem).
+  //
+  // Only the browser knows which tab this call will be sent to... sometimes we
+  // *could* figure it out (if the extension gives an explicit tab ID in the
+  // call), but the expected case will be the extension passing through -1,
+  // meaning the active tab, and only the browser safely knows what this is.
+  bool skip_permission_check = (function_name == "tabs.executeScript") ||
+                               (function_name == "tabs.insertCSS");
+
+  if (!skip_permission_check &&
       !context->extension()->HasAPIPermission(function_name)) {
     static const char kMessage[] =
         "You do not have permission to use '%s'. Be sure to declare"
         " in your manifest what permissions you need.";
     std::string error_msg = base::StringPrintf(kMessage, function_name.c_str());
     v8::ThrowException(
         v8::Exception::Error(v8::String::New(error_msg.c_str())));
     return false;
   }
 
@@ skipping 11 matching lines @@
   // APIs, they don't get extension bindings injected. If we end up here it
   // means that a sandboxed page somehow managed to invoke an API anyway, so
   // we should abort.
   WebKit::WebFrame* frame = context->web_frame();
   ExtensionURLInfo url_info(frame->document().securityOrigin(),
       extensions::UserScriptSlave::GetDataSourceURLForFrame(frame));
   CHECK(!extensions_.IsSandboxedPage(url_info));
 
   return true;
 }