Chromium Code Reviews Chromium Code Reviews
Issue 12886023:
Remove SandboxedPages and SandboxedCSP from Extension Class (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/extensions/extension.h" | 5 #include "chrome/common/extensions/extension.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/file_util.h" | 10 #include "base/file_util.h" |
| (...skipping 15 matching lines...) Expand all Loading... | |
| 26 #include "chrome/common/chrome_version_info.h" | 26 #include "chrome/common/chrome_version_info.h" |
| 27 // TODO(rdevlin.cronin): Remove these once all references have been removed as | 27 // TODO(rdevlin.cronin): Remove these once all references have been removed as |
| 28 // part of crbug.com/159265. | 28 // part of crbug.com/159265. |
| 29 #include "chrome/common/extensions/api/extension_action/action_info.h" | 29 #include "chrome/common/extensions/api/extension_action/action_info.h" |
| 30 #include "chrome/common/extensions/api/extension_action/page_action_handler.h" | 30 #include "chrome/common/extensions/api/extension_action/page_action_handler.h" |
| 31 #include "chrome/common/extensions/api/icons/icons_handler.h" | 31 #include "chrome/common/extensions/api/icons/icons_handler.h" |
| 32 #include "chrome/common/extensions/api/plugins/plugins_handler.h" | 32 #include "chrome/common/extensions/api/plugins/plugins_handler.h" |
| 33 #include "chrome/common/extensions/api/themes/theme_handler.h" | 33 #include "chrome/common/extensions/api/themes/theme_handler.h" |
| 34 #include "chrome/common/extensions/background_info.h" | 34 #include "chrome/common/extensions/background_info.h" |
| 35 #include "chrome/common/extensions/csp_handler.h" | 35 #include "chrome/common/extensions/csp_handler.h" |
| 36 #include "chrome/common/extensions/csp_validator.h" | |
| 37 #include "chrome/common/extensions/extension_manifest_constants.h" | 36 #include "chrome/common/extensions/extension_manifest_constants.h" |
| 38 #include "chrome/common/extensions/feature_switch.h" | 37 #include "chrome/common/extensions/feature_switch.h" |
| 39 #include "chrome/common/extensions/features/base_feature_provider.h" | 38 #include "chrome/common/extensions/features/base_feature_provider.h" |
| 40 #include "chrome/common/extensions/features/feature.h" | 39 #include "chrome/common/extensions/features/feature.h" |
| 41 #include "chrome/common/extensions/manifest.h" | 40 #include "chrome/common/extensions/manifest.h" |
| 42 #include "chrome/common/extensions/manifest_handler.h" | 41 #include "chrome/common/extensions/manifest_handler.h" |
| 43 #include "chrome/common/extensions/manifest_handler_helpers.h" | 42 #include "chrome/common/extensions/manifest_handler_helpers.h" |
| 44 #include "chrome/common/extensions/manifest_url_handler.h" | 43 #include "chrome/common/extensions/manifest_url_handler.h" |
| 45 #include "chrome/common/extensions/permissions/api_permission_set.h" | 44 #include "chrome/common/extensions/permissions/api_permission_set.h" |
| 46 #include "chrome/common/extensions/permissions/permission_set.h" | 45 #include "chrome/common/extensions/permissions/permission_set.h" |
| 47 #include "chrome/common/extensions/permissions/permissions_info.h" | 46 #include "chrome/common/extensions/permissions/permissions_info.h" |
| 47 #include "chrome/common/extensions/sandboxed_page_info.h" | |
| 48 #include "chrome/common/extensions/user_script.h" | 48 #include "chrome/common/extensions/user_script.h" |
| 49 #include "chrome/common/url_constants.h" | 49 #include "chrome/common/url_constants.h" |
| 50 #include "crypto/sha2.h" | 50 #include "crypto/sha2.h" |
| 51 #include "extensions/common/constants.h" | 51 #include "extensions/common/constants.h" |
| 52 #include "extensions/common/error_utils.h" | 52 #include "extensions/common/error_utils.h" |
| 53 #include "extensions/common/url_pattern_set.h" | 53 #include "extensions/common/url_pattern_set.h" |
| 54 #include "googleurl/src/url_util.h" | 54 #include "googleurl/src/url_util.h" |
| 55 #include "grit/chromium_strings.h" | 55 #include "grit/chromium_strings.h" |
| 56 #include "grit/theme_resources.h" | 56 #include "grit/theme_resources.h" |
| 57 #include "third_party/skia/include/core/SkBitmap.h" | 57 #include "third_party/skia/include/core/SkBitmap.h" |
| 58 #include "ui/base/l10n/l10n_util.h" | 58 #include "ui/base/l10n/l10n_util.h" |
| 59 | 59 |
| 60 #if defined(OS_WIN) | 60 #if defined(OS_WIN) |
| 61 #include "grit/generated_resources.h" | 61 #include "grit/generated_resources.h" |
| 62 #endif | 62 #endif |
| 63 | 63 |
| 64 namespace keys = extension_manifest_keys; | 64 namespace keys = extension_manifest_keys; |
| 65 namespace values = extension_manifest_values; | 65 namespace values = extension_manifest_values; |
| 66 namespace errors = extension_manifest_errors; | 66 namespace errors = extension_manifest_errors; |
| 67 namespace info_keys = extension_info_keys; | 67 namespace info_keys = extension_info_keys; |
| 68 | 68 |
| 69 using extensions::csp_validator::ContentSecurityPolicyIsLegal; | |
| 70 using extensions::csp_validator::ContentSecurityPolicyIsSandboxed; | |
| 71 | |
| 72 namespace extensions { | 69 namespace extensions { |
| 73 | 70 |
| 74 namespace { | 71 namespace { |
| 75 | 72 |
| 76 const int kModernManifestVersion = 2; | 73 const int kModernManifestVersion = 2; |
| 77 const int kPEMOutputColumns = 65; | 74 const int kPEMOutputColumns = 65; |
| 78 | 75 |
| 79 // The maximum number of commands (including page action/browser actions) an | 76 // The maximum number of commands (including page action/browser actions) an |
| 80 // extension can have. | 77 // extension can have. |
| 81 const size_t kMaxCommandsPerExtension = 4; | 78 const size_t kMaxCommandsPerExtension = 4; |
| 82 | 79 |
| 83 // KEY MARKERS | 80 // KEY MARKERS |
| 84 const char kKeyBeginHeaderMarker[] = "-----BEGIN"; | 81 const char kKeyBeginHeaderMarker[] = "-----BEGIN"; |
| 85 const char kKeyBeginFooterMarker[] = "-----END"; | 82 const char kKeyBeginFooterMarker[] = "-----END"; |
| 86 const char kKeyInfoEndMarker[] = "KEY-----"; | 83 const char kKeyInfoEndMarker[] = "KEY-----"; |
| 87 const char kPublic[] = "PUBLIC"; | 84 const char kPublic[] = "PUBLIC"; |
| 88 const char kPrivate[] = "PRIVATE"; | 85 const char kPrivate[] = "PRIVATE"; |
| 89 | 86 |
| 90 const int kRSAKeySize = 1024; | 87 const int kRSAKeySize = 1024; |
| 91 | 88 |
| 92 const char kDefaultSandboxedPageContentSecurityPolicy[] = | |
| 93 "sandbox allow-scripts allow-forms allow-popups"; | |
| 94 | |
| 95 // Converts a normal hexadecimal string into the alphabet used by extensions. | 89 // Converts a normal hexadecimal string into the alphabet used by extensions. |
| 96 // We use the characters 'a'-'p' instead of '0'-'f' to avoid ever having a | 90 // We use the characters 'a'-'p' instead of '0'-'f' to avoid ever having a |
| 97 // completely numeric host, since some software interprets that as an IP | 91 // completely numeric host, since some software interprets that as an IP |
| 98 // address. | 92 // address. |
| 99 static void ConvertHexadecimalToIDAlphabet(std::string* id) { | 93 static void ConvertHexadecimalToIDAlphabet(std::string* id) { |
| 100 for (size_t i = 0; i < id->size(); ++i) { | 94 for (size_t i = 0; i < id->size(); ++i) { |
| 101 int val; | 95 int val; |
| 102 if (base::HexStringToInt(base::StringPiece(id->begin() + i, | 96 if (base::HexStringToInt(base::StringPiece(id->begin() + i, |
| 103 id->begin() + i + 1), | 97 id->begin() + i + 1), |
| 104 &val)) { | 98 &val)) { |
| (...skipping 259 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 364 DCHECK(StartsWithASCII(ret_val.spec(), extension_url.spec(), false)); | 358 DCHECK(StartsWithASCII(ret_val.spec(), extension_url.spec(), false)); |
| 365 | 359 |
| 366 return ret_val; | 360 return ret_val; |
| 367 } | 361 } |
| 368 | 362 |
| 369 bool Extension::ResourceMatches(const URLPatternSet& pattern_set, | 363 bool Extension::ResourceMatches(const URLPatternSet& pattern_set, |
| 370 const std::string& resource) const { | 364 const std::string& resource) const { |
| 371 return pattern_set.MatchesURL(extension_url_.Resolve(resource)); | 365 return pattern_set.MatchesURL(extension_url_.Resolve(resource)); |
| 372 } | 366 } |
| 373 | 367 |
| 374 bool Extension::IsSandboxedPage(const std::string& relative_path) const { | |
| 375 return ResourceMatches(sandboxed_pages_, relative_path); | |
| 376 } | |
| 377 | |
| 378 std::string Extension::GetResourceContentSecurityPolicy( | 368 std::string Extension::GetResourceContentSecurityPolicy( |
|
Yoyo Zhou
2013/03/25 17:16:01
Can this function be moved to CSPInfo? I think it
Devlin
2013/03/26 23:00:15
Done.
| |
| 379 const std::string& relative_path) const { | 369 const std::string& relative_path) const { |
| 380 return IsSandboxedPage(relative_path) ? | 370 return SandboxedPageInfo::IsSandboxedPage(this, relative_path) ? |
| 381 sandboxed_pages_content_security_policy_ : | 371 SandboxedPageInfo::GetContentSecurityPolicy(this) : |
| 382 CSPInfo::GetContentSecurityPolicy(this); | 372 CSPInfo::GetContentSecurityPolicy(this); |
| 383 } | 373 } |
| 384 | 374 |
| 385 ExtensionResource Extension::GetResource( | 375 ExtensionResource Extension::GetResource( |
| 386 const std::string& relative_path) const { | 376 const std::string& relative_path) const { |
| 387 std::string new_path = relative_path; | 377 std::string new_path = relative_path; |
| 388 // We have some legacy data where resources have leading slashes. | 378 // We have some legacy data where resources have leading slashes. |
| 389 // See: http://crbug.com/121164 | 379 // See: http://crbug.com/121164 |
| 390 if (!new_path.empty() && new_path.at(0) == '/') | 380 if (!new_path.empty() && new_path.at(0) == '/') |
| 391 new_path.erase(0, 1); | 381 new_path.erase(0, 1); |
| (...skipping 1350 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1742 extent_.ClearPatterns(); | 1732 extent_.ClearPatterns(); |
| 1743 } | 1733 } |
| 1744 | 1734 |
| 1745 return true; | 1735 return true; |
| 1746 } | 1736 } |
| 1747 | 1737 |
| 1748 bool Extension::LoadSharedFeatures(string16* error) { | 1738 bool Extension::LoadSharedFeatures(string16* error) { |
| 1749 if (!LoadDescription(error) || | 1739 if (!LoadDescription(error) || |
| 1750 !ManifestHandler::ParseExtension(this, error) || | 1740 !ManifestHandler::ParseExtension(this, error) || |
| 1751 !LoadNaClModules(error) || | 1741 !LoadNaClModules(error) || |
| 1752 !LoadSandboxedPages(error) || | |
| 1753 !LoadRequirements(error) || | 1742 !LoadRequirements(error) || |
| 1754 !LoadKioskEnabled(error) || | 1743 !LoadKioskEnabled(error) || |
| 1755 !LoadOfflineEnabled(error)) | 1744 !LoadOfflineEnabled(error)) |
| 1756 return false; | 1745 return false; |
| 1757 | 1746 |
| 1758 return true; | 1747 return true; |
| 1759 } | 1748 } |
| 1760 | 1749 |
| 1761 bool Extension::LoadDescription(string16* error) { | 1750 bool Extension::LoadDescription(string16* error) { |
| 1762 if (manifest_->HasKey(keys::kDescription) && | 1751 if (manifest_->HasKey(keys::kDescription) && |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1826 } | 1815 } |
| 1827 | 1816 |
| 1828 nacl_modules_.push_back(NaClModuleInfo()); | 1817 nacl_modules_.push_back(NaClModuleInfo()); |
| 1829 nacl_modules_.back().url = GetResourceURL(path_str); | 1818 nacl_modules_.back().url = GetResourceURL(path_str); |
| 1830 nacl_modules_.back().mime_type = mime_type; | 1819 nacl_modules_.back().mime_type = mime_type; |
| 1831 } | 1820 } |
| 1832 | 1821 |
| 1833 return true; | 1822 return true; |
| 1834 } | 1823 } |
| 1835 | 1824 |
| 1836 bool Extension::LoadSandboxedPages(string16* error) { | |
| 1837 if (!manifest_->HasPath(keys::kSandboxedPages)) | |
| 1838 return true; | |
| 1839 | |
| 1840 const ListValue* list_value = NULL; | |
| 1841 if (!manifest_->GetList(keys::kSandboxedPages, &list_value)) { | |
| 1842 *error = ASCIIToUTF16(errors::kInvalidSandboxedPagesList); | |
| 1843 return false; | |
| 1844 } | |
| 1845 for (size_t i = 0; i < list_value->GetSize(); ++i) { | |
| 1846 std::string relative_path; | |
| 1847 if (!list_value->GetString(i, &relative_path)) { | |
| 1848 *error = ErrorUtils::FormatErrorMessageUTF16( | |
| 1849 errors::kInvalidSandboxedPage, base::IntToString(i)); | |
| 1850 return false; | |
| 1851 } | |
| 1852 URLPattern pattern(URLPattern::SCHEME_EXTENSION); | |
| 1853 if (pattern.Parse(extension_url_.spec()) != URLPattern::PARSE_SUCCESS) { | |
| 1854 *error = ErrorUtils::FormatErrorMessageUTF16( | |
| 1855 errors::kInvalidURLPatternError, extension_url_.spec()); | |
| 1856 return false; | |
| 1857 } | |
| 1858 while (relative_path[0] == '/') | |
| 1859 relative_path = relative_path.substr(1, relative_path.length() - 1); | |
| 1860 pattern.SetPath(pattern.path() + relative_path); | |
| 1861 sandboxed_pages_.AddPattern(pattern); | |
| 1862 } | |
| 1863 | |
| 1864 if (manifest_->HasPath(keys::kSandboxedPagesCSP)) { | |
| 1865 if (!manifest_->GetString( | |
| 1866 keys::kSandboxedPagesCSP, &sandboxed_pages_content_security_policy_)) { | |
| 1867 *error = ASCIIToUTF16(errors::kInvalidSandboxedPagesCSP); | |
| 1868 return false; | |
| 1869 } | |
| 1870 | |
| 1871 if (!ContentSecurityPolicyIsLegal( | |
| 1872 sandboxed_pages_content_security_policy_) || | |
| 1873 !ContentSecurityPolicyIsSandboxed( | |
| 1874 sandboxed_pages_content_security_policy_, GetType())) { | |
| 1875 *error = ASCIIToUTF16(errors::kInvalidSandboxedPagesCSP); | |
| 1876 return false; | |
| 1877 } | |
| 1878 } else { | |
| 1879 sandboxed_pages_content_security_policy_ = | |
| 1880 kDefaultSandboxedPageContentSecurityPolicy; | |
| 1881 CHECK(ContentSecurityPolicyIsSandboxed( | |
| 1882 sandboxed_pages_content_security_policy_, GetType())); | |
| 1883 } | |
| 1884 | |
| 1885 return true; | |
| 1886 } | |
| 1887 | |
| 1888 bool Extension::LoadRequirements(string16* error) { | 1825 bool Extension::LoadRequirements(string16* error) { |
| 1889 // Before parsing requirements from the manifest, automatically default the | 1826 // Before parsing requirements from the manifest, automatically default the |
| 1890 // NPAPI plugin requirement based on whether it includes NPAPI plugins. | 1827 // NPAPI plugin requirement based on whether it includes NPAPI plugins. |
| 1891 const ListValue* list_value = NULL; | 1828 const ListValue* list_value = NULL; |
| 1892 requirements_.npapi = | 1829 requirements_.npapi = |
| 1893 manifest_->GetList(keys::kPlugins, &list_value) && !list_value->empty(); | 1830 manifest_->GetList(keys::kPlugins, &list_value) && !list_value->empty(); |
| 1894 | 1831 |
| 1895 if (!manifest_->HasKey(keys::kRequirements)) | 1832 if (!manifest_->HasKey(keys::kRequirements)) |
| 1896 return true; | 1833 return true; |
| 1897 | 1834 |
| (...skipping 615 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2513 | 2450 |
| 2514 UpdatedExtensionPermissionsInfo::UpdatedExtensionPermissionsInfo( | 2451 UpdatedExtensionPermissionsInfo::UpdatedExtensionPermissionsInfo( |
| 2515 const Extension* extension, | 2452 const Extension* extension, |
| 2516 const PermissionSet* permissions, | 2453 const PermissionSet* permissions, |
| 2517 Reason reason) | 2454 Reason reason) |
| 2518 : reason(reason), | 2455 : reason(reason), |
| 2519 extension(extension), | 2456 extension(extension), |
| 2520 permissions(permissions) {} | 2457 permissions(permissions) {} |
| 2521 | 2458 |
| 2522 } // namespace extensions | 2459 } // namespace extensions |
| OLD | NEW |
