Allow extensions on chrome:// URLs, when flag is set and permission is explicitly requested

chrome/common/extensions/extension.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/extensions/extension.h"
 
 #include "base/base64.h"
 #include "base/basictypes.h"
 #include "base/command_line.h"
 #include "base/file_util.h"
@@ skipping 199 matching lines @@
 #endif
 
 // first 16 bytes of SHA256 hashed public key.
 const size_t Extension::kIdSize = 16;
 
 const char Extension::kMimeType[] = "application/x-chrome-extension";
 
 const int Extension::kValidWebExtentSchemes =
     URLPattern::SCHEME_HTTP | URLPattern::SCHEME_HTTPS;
 
-const int Extension::kValidHostPermissionSchemes =
-    UserScript::kValidUserScriptSchemes | URLPattern::SCHEME_CHROMEUI;
+const int Extension::kValidHostPermissionSchemes = URLPattern::SCHEME_CHROMEUI |
+                                                   URLPattern::SCHEME_HTTP |
+                                                   URLPattern::SCHEME_HTTPS |
+                                                   URLPattern::SCHEME_FILE |
+                                                   URLPattern::SCHEME_FTP;
 
 Extension::Requirements::Requirements()
     : webgl(false),
       css3d(false),
       npapi(false) {
 }
 
 Extension::Requirements::~Requirements() {}
 
 //
@@ skipping 351 matching lines @@
         URLPattern::SCHEME_ALL : kValidHostPermissionSchemes;
 
     for (std::vector<std::string>::const_iterator it = host_data.begin();
          it != host_data.end(); ++it) {
       const std::string& permission_str = *it;
 
       // Check if it's a host pattern permission.
       URLPattern pattern = URLPattern(kAllowedSchemes);
       URLPattern::ParseResult parse_result = pattern.Parse(permission_str);
       if (parse_result == URLPattern::PARSE_SUCCESS) {
+        // The path component is not used for host permissions, so we force it
+        // to match all paths.
+        pattern.SetPath("/*");
+        int valid_schemes = pattern.valid_schemes();
+        if (pattern.MatchesScheme(chrome::kFileScheme) &&
+            !CanExecuteScriptEverywhere()) {
+          wants_file_access_ = true;
+          if (!(creation_flags_ & ALLOW_FILE_ACCESS))
+            valid_schemes &= ~URLPattern::SCHEME_FILE;
+        }
+
+        if (pattern.scheme() != chrome::kChromeUIScheme &&
+            !CanExecuteScriptEverywhere()) {
+          // Keep chrome:// in allowed schemes only if it's explicitly requested
+          // or CanExecuteScriptEverywhere is true. If the
+          // extensions_on_chrome_urls flag is not set, CanSpecifyHostPermission
+          // will fail, so don't check the flag here.
+          valid_schemes &= ~URLPattern::SCHEME_CHROMEUI;
+        }
+        pattern.SetValidSchemes(valid_schemes);
+
         if (!CanSpecifyHostPermission(pattern, *api_permissions)) {
+          // TODO(aboxhall): make a warning (see line 633)
           *error = ErrorUtils::FormatErrorMessageUTF16(
               errors::kInvalidPermissionScheme, permission_str);
           return false;
         }
 
-        // The path component is not used for host permissions, so we force it
-        // to match all paths.
-        pattern.SetPath("/*");
+        host_permissions->AddPattern(pattern);
 
-        if (pattern.MatchesScheme(chrome::kFileScheme) &&
-            !CanExecuteScriptEverywhere()) {
-          wants_file_access_ = true;
-          if (!(creation_flags_ & ALLOW_FILE_ACCESS)) {
-            pattern.SetValidSchemes(
-                pattern.valid_schemes() & ~URLPattern::SCHEME_FILE);
+        // We need to make sure all_urls matches chrome://favicon and
+        // (maybe) chrome://thumbnail, so add them back in to host_permissions
+        // separately.
+        if (pattern.match_all_urls()) {
+          host_permissions->AddPattern(
+              URLPattern(URLPattern::SCHEME_CHROMEUI,
+                         chrome::kChromeUIFaviconURL));
+          if (api_permissions->find(APIPermission::kExperimental) !=
+              api_permissions->end()) {
+            host_permissions->AddPattern(
+                URLPattern(URLPattern::SCHEME_CHROMEUI,
+                           chrome::kChromeUIThumbnailURL));
           }
         }
-
-        host_permissions->AddPattern(pattern);
         continue;
       }
 
       // It's probably an unknown API permission. Do not throw an error so
       // extensions can retain backwards compatability (http://crbug.com/42742).
       install_warnings_.push_back(InstallWarning(
           InstallWarning::FORMAT_TEXT,
           base::StringPrintf(
               "Permission '%s' is unknown or URL pattern is malformed.",
               permission_str.c_str())));
@@ skipping 34 matching lines @@
 const URLPatternSet& Extension::GetEffectiveHostPermissions() const {
   base::AutoLock auto_lock(runtime_data_lock_);
   return runtime_data_.GetActivePermissions()->effective_hosts();
 }
 
 bool Extension::CanSilentlyIncreasePermissions() const {
   return location() != Manifest::INTERNAL;
 }
 
 bool Extension::HasHostPermission(const GURL& url) const {
-  if (url.SchemeIs(chrome::kChromeUIScheme) &&
-      url.host() != chrome::kChromeUIFaviconHost &&
-      url.host() != chrome::kChromeUIThumbnailHost &&
-      location() != Manifest::COMPONENT) {
-    return false;
-  }
-
   base::AutoLock auto_lock(runtime_data_lock_);
   return runtime_data_.GetActivePermissions()->
       HasExplicitAccessToOrigin(url);
 }
 
 bool Extension::HasEffectiveAccessToAllHosts() const {
   base::AutoLock auto_lock(runtime_data_lock_);
   return runtime_data_.GetActivePermissions()->HasEffectiveAccessToAllHosts();
 }
 
@@ skipping 112 matching lines @@
   GURL store_url(extension_urls::GetWebstoreLaunchURL());
   if ((document_url.host() == store_url.host()) &&
       !CanExecuteScriptEverywhere() &&
       !CommandLine::ForCurrentProcess()->HasSwitch(
           switches::kAllowScriptingGallery)) {
     if (error)
       *error = errors::kCannotScriptGallery;
     return false;
   }
 
-  if (document_url.SchemeIs(chrome::kChromeUIScheme) &&
-      !CanExecuteScriptEverywhere()) {
-    return false;
+  if (!CommandLine::ForCurrentProcess()->HasSwitch(
+      switches::kExtensionsOnChromeURLs)) {
+    if (document_url.SchemeIs(chrome::kChromeUIScheme) &&
+        !CanExecuteScriptEverywhere()) {
+      return false;
+    }
   }
 
   if (top_frame_url.SchemeIs(extensions::kExtensionScheme) &&
       top_frame_url.GetOrigin() !=
           GetBaseURLFromExtensionId(id()).GetOrigin() &&
       !CanExecuteScriptEverywhere()) {
     return false;
   }
 
   // If a tab ID is specified, try the tab-specific permissions.
@@ skipping 1136 matching lines @@
       !LoadSystemIndicator(error) ||
       !LoadIncognitoMode(error))
     return false;
 
   return true;
 }
 
 bool Extension::LoadContentScripts(string16* error) {
   if (!manifest_->HasKey(keys::kContentScripts))
     return true;
+
   const ListValue* list_value;
   if (!manifest_->GetList(keys::kContentScripts, &list_value)) {
     *error = ASCIIToUTF16(errors::kInvalidContentScriptsList);
     return false;
   }
 
   for (size_t i = 0; i < list_value->GetSize(); ++i) {
     const DictionaryValue* content_script = NULL;
     if (!list_value->GetDictionary(i, &content_script)) {
       *error = ErrorUtils::FormatErrorMessageUTF16(
           errors::kInvalidContentScript, base::IntToString(i));
       return false;
     }
 
     UserScript script;
     if (!LoadUserScriptHelper(content_script, i, error, &script))
       return false;  // Failed to parse script context definition.
+
     script.set_extension_id(id());
     if (converted_from_user_script_) {
       script.set_emulate_greasemonkey(true);
       script.set_match_all_frames(true);  // Greasemonkey matches all frames.
     }
     content_scripts_.push_back(script);
   }
   return true;
 }
 
@@ skipping 105 matching lines @@
     std::string match_str;
     if (!matches->GetString(j, &match_str)) {
       *error = ErrorUtils::FormatErrorMessageUTF16(
           errors::kInvalidMatch,
           base::IntToString(definition_index),
           base::IntToString(j),
           errors::kExpectString);
       return false;
     }
 
-    URLPattern pattern(UserScript::kValidUserScriptSchemes);
-    if (CanExecuteScriptEverywhere())
-      pattern.SetValidSchemes(URLPattern::SCHEME_ALL);
+    URLPattern pattern(
+        UserScript::ValidUserScriptSchemes(CanExecuteScriptEverywhere()));
 
     URLPattern::ParseResult parse_result = pattern.Parse(match_str);
     if (parse_result != URLPattern::PARSE_SUCCESS) {
       *error = ErrorUtils::FormatErrorMessageUTF16(
           errors::kInvalidMatch,
           base::IntToString(definition_index),
           base::IntToString(j),
           URLPattern::GetParseResultString(parse_result));
       return false;
     }
 
+    // TODO(aboxhall): check for webstore
+    if (!CanExecuteScriptEverywhere() &&
+        pattern.scheme() != chrome::kChromeUIScheme) {
+      // Exclude SCHEME_CHROMEUI unless it's been explicitly requested.
+      // If the --extensions-on-chrome-urls flag has not been passed, requesting
+      // a chrome:// url will cause a parse failure above, so there's no need to
+      // check the flag here.
+      pattern.SetValidSchemes(
+          pattern.valid_schemes() & ~URLPattern::SCHEME_CHROMEUI);
+    }
+
     if (pattern.MatchesScheme(chrome::kFileScheme) &&
         !CanExecuteScriptEverywhere()) {
       wants_file_access_ = true;
       if (!(creation_flags_ & ALLOW_FILE_ACCESS)) {
         pattern.SetValidSchemes(
             pattern.valid_schemes() & ~URLPattern::SCHEME_FILE);
       }
     }
 
     result->add_url_pattern(pattern);
@@ skipping 13 matching lines @@
       std::string match_str;
       if (!exclude_matches->GetString(j, &match_str)) {
         *error = ErrorUtils::FormatErrorMessageUTF16(
             errors::kInvalidExcludeMatch,
             base::IntToString(definition_index),
             base::IntToString(j),
             errors::kExpectString);
         return false;
       }
 
-      URLPattern pattern(UserScript::kValidUserScriptSchemes);
-      if (CanExecuteScriptEverywhere())
-        pattern.SetValidSchemes(URLPattern::SCHEME_ALL);
+      int valid_schemes =
+          UserScript::ValidUserScriptSchemes(CanExecuteScriptEverywhere());
+      URLPattern pattern(valid_schemes);
       URLPattern::ParseResult parse_result = pattern.Parse(match_str);
       if (parse_result != URLPattern::PARSE_SUCCESS) {
         *error = ErrorUtils::FormatErrorMessageUTF16(
             errors::kInvalidExcludeMatch,
             base::IntToString(definition_index), base::IntToString(j),
             URLPattern::GetParseResultString(parse_result));
         return false;
       }
 
       result->add_exclude_url_pattern(pattern);
@@ skipping 183 matching lines @@
     // Experimental extensions are also allowed chrome://thumb.
     if (pattern.host() == chrome::kChromeUIThumbnailHost) {
       return permissions.find(APIPermission::kExperimental) !=
           permissions.end();
     }
 
     // Component extensions can have access to all of chrome://*.
     if (CanExecuteScriptEverywhere())
       return true;
 
+    if (CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kExtensionsOnChromeURLs))
+      return true;
+
+    // TODO(aboxhall): return from_webstore() when webstore handles blocking
+    // extensions which request chrome:// urls
     return false;
   }
 
   // Otherwise, the valid schemes were handled by URLPattern.
   return true;
 }
 
 bool Extension::CheckMinimumChromeVersion(string16* error) const {
   if (!manifest_->HasKey(keys::kMinimumChromeVersion))
     return true;
@@ skipping 81 matching lines @@
 
 UpdatedExtensionPermissionsInfo::UpdatedExtensionPermissionsInfo(
     const Extension* extension,
     const PermissionSet* permissions,
     Reason reason)
     : reason(reason),
       extension(extension),
       permissions(permissions) {}
 
 }   // namespace extensions