Allow NaCl plugin to be loaded from hosted app URLs.

chrome/renderer/chrome_content_renderer_client.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/renderer/chrome_content_renderer_client.h"
 
 #include <string>
 #include <vector>
 
 #include "base/command_line.h"
@@ skipping 521 matching lines @@
           // If this is an external plugin that handles the NaCl mime type, we
           // allow Native Client, so Native Client's integration tests work.
           is_nacl_unrestricted = true;
         }
         if (is_nacl_plugin || is_nacl_mime_type) {
           GURL manifest_url = is_nacl_mime_type ?
               url : GetNaClContentHandlerURL(actual_mime_type, plugin);
           const Extension* extension =
               extension_dispatcher_->extensions()->GetExtensionOrAppByURL(
                   ExtensionURLInfo(manifest_url));
-          bool is_extension_from_webstore =
-              extension && extension->from_webstore();
-          // Allow built-in extensions and extensions under development.
-          bool is_extension_unrestricted = extension &&
-              (extension->location() == extensions::Manifest::COMPONENT ||
-               extensions::Manifest::IsUnpackedLocation(extension->location()));
           GURL top_url = frame->top()->document().url();
           if (!IsNaClAllowed(manifest_url,
                              top_url,
                              is_nacl_unrestricted,
-                             is_extension_unrestricted,
-                             is_extension_from_webstore,
+                             extension,
                              &params)) {
             frame->addMessageToConsole(
                 WebConsoleMessage(
                     WebConsoleMessage::LevelError,
                     "Only unpacked extensions and apps installed from the "
                     "Chrome Web Store can load NaCl modules without enabling "
                     "Native Client in about:flags."));
             placeholder = PluginPlaceholder::CreateBlockedPlugin(
                 render_view, frame, params, plugin, identifier, group_name,
                 IDR_BLOCKED_PLUGIN_HTML,
@@ skipping 119 matching lines @@
     }
   }
   return GURL();
 }
 
 //  static
 bool ChromeContentRendererClient::IsNaClAllowed(
     const GURL& manifest_url,
     const GURL& top_url,
     bool is_nacl_unrestricted,
-    bool is_extension_unrestricted,
-    bool is_extension_from_webstore,
+    const Extension* extension,
     WebPluginParams* params) {
   // Temporarily allow these URLs to run NaCl apps. We should remove this
   // code when PNaCl ships.
   bool is_whitelisted_url =
       top_url.SchemeIs("https") &&
       (top_url.host() == "plus.google.com" ||
           top_url.host() == "plus.sandbox.google.com") &&
       top_url.path().find("/games") == 0;
 
+  bool is_extension_from_webstore =
+      extension && extension->from_webstore();
+
+  bool is_invoked_by_hosted_app = extension &&
+      extension->is_hosted_app() &&
+      extension->web_extent().MatchesURL(top_url);
+
+  // Allow built-in extensions and extensions under development.
+  bool is_extension_unrestricted = extension &&
+      (extension->location() == extensions::Manifest::COMPONENT ||
+       extensions::Manifest::IsUnpackedLocation(extension->location()));
+
   bool is_invoked_by_extension = top_url.SchemeIs("chrome-extension");
 
   // NaCl PDF viewer can be loaded from all URLs.
   bool is_nacl_pdf_viewer =
       (is_extension_from_webstore &&
        manifest_url.SchemeIs("chrome-extension") &&
        manifest_url.host() == "acadkphlmlegjaadjagenfimbpphcgnh");
 
   // Allow Chrome Web Store extensions, built-in extensions and extensions
   // under development if the invocation comes from a URL with an extension
   // scheme. Also allow invocations if they are from whitelisted URLs or
   // if --enable-nacl is set.
   bool is_nacl_allowed = is_nacl_unrestricted ||
                          is_whitelisted_url ||
                          is_nacl_pdf_viewer ||
+                         is_invoked_by_hosted_app ||
                          (is_invoked_by_extension &&
                              (is_extension_from_webstore ||
                                  is_extension_unrestricted));
   if (is_nacl_allowed) {
     bool app_can_use_dev_interfaces = is_nacl_pdf_viewer;
     // Make sure that PPAPI 'dev' interfaces aren't available for production
     // apps unless they're whitelisted.
     WebString dev_attribute = WebString::fromUTF8("@dev");
     if ((!is_whitelisted_url && !is_extension_from_webstore) ||
         app_can_use_dev_interfaces) {
@@ skipping 393 matching lines @@
   if (container->element().shadowHost().tagName().equals(
           WebKit::WebString::fromUTF8(kWebViewTagName))) {
     return true;
   } else {
     return CommandLine::ForCurrentProcess()->HasSwitch(
         switches::kEnableBrowserPluginForAllViewTypes);
   }
 }
 
 }  // namespace chrome