Add a whitelist check for nacl-nonsfi mode

chrome/common/pepper_permission_util.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/pepper_permission_util.h"
 
 #include <vector>
 
 #include "base/command_line.h"
 #include "base/sha1.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_tokenizer.h"
 #include "extensions/common/constants.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/extension_set.h"
 #include "extensions/common/manifest_handlers/shared_module_info.h"
 
 using extensions::Extension;
 using extensions::Manifest;
+using extensions::SharedModuleInfo;
 
 namespace chrome {
 
 namespace {
 
 std::string HashHost(const std::string& host) {
   const std::string id_hash = base::SHA1HashString(host);
   DCHECK_EQ(id_hash.length(), base::kSHA1Length);
   return base::HexEncode(id_hash.c_str(), id_hash.length());
 }
 
 bool HostIsInSet(const std::string& host, const std::set<std::string>& set) {
   return set.count(host) > 0 || set.count(HashHost(host)) > 0;
 }
 
 }  // namespace
 
 bool IsExtensionOrSharedModuleWhitelisted(

[jln (very slow on Chromium), 2014/05/08 23:22:41]

I didn't find pepper_permission_util.h very clear.

Could you be a little more verbose in the header? For instance:
- Mention that the extension is identified by |url|.
- What should |extension_set| represent precisely?
- The transitivity level is 1, correct? i.e. if a module itself imports a
whitelisted module, this will not pass the check.

[elijahtaylor1, 2014/05/09 00:33:28]

Done.

     const GURL& url,
     const extensions::ExtensionSet* extension_set,
     const std::set<std::string>& whitelist) {
   if (!url.is_valid() || !url.SchemeIs(extensions::kExtensionScheme))
     return false;
 
   const std::string host = url.host();
   if (HostIsInSet(host, whitelist))
     return true;
 
   // Check the modules that are imported by this extension to see if any of them
   // is whitelisted.
   const Extension* extension = extension_set ? extension_set->GetByID(host)
                                              : NULL;
   if (extension) {

[jln (very slow on Chromium), 2014/05/08 23:22:41]

Nit: I would find "if (!extension) { return false; } more readable, and this
allows you do de-indent the rest of the code one level up.

[elijahtaylor1, 2014/05/09 00:33:28]

Done.

-    typedef std::vector<extensions::SharedModuleInfo::ImportInfo>
-        ImportInfoVector;
-    const ImportInfoVector& imports =
-        extensions::SharedModuleInfo::GetImports(extension);
+    typedef std::vector<SharedModuleInfo::ImportInfo> ImportInfoVector;
+    const ImportInfoVector& imports = SharedModuleInfo::GetImports(extension);
     for (ImportInfoVector::const_iterator it = imports.begin();
          it != imports.end(); ++it) {
       const Extension* imported_extension = extension_set->GetByID(
           it->extension_id);
       if (imported_extension &&
-          extensions::SharedModuleInfo::IsSharedModule(imported_extension) &&
+          SharedModuleInfo::IsSharedModule(imported_extension) &&
+          // We check the whitelist explicitly even though the extension should
+          // never have been allowed to be installed in the first place if this
+          // fails.
+          SharedModuleInfo::IsExportAllowedByWhitelist(imported_extension,
+                                                       host) &&
           HostIsInSet(it->extension_id, whitelist)) {
         return true;
       }
     }
   }
 
   return false;
 }
 
 bool IsHostAllowedByCommandLine(const GURL& url,
@@ skipping 23 matching lines @@
   base::StringTokenizer t(allowed_list, ",");
   while (t.GetNext()) {
     if (t.token() == host)
       return true;
   }
 
   return false;
 }
 
 }  // namespace chrome