| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef EXTENSIONS_BROWSER_CONTENT_VERIFIER_H_ |
| 6 #define EXTENSIONS_BROWSER_CONTENT_VERIFIER_H_ |
| 7 |
| 8 #include "base/macros.h" |
| 9 #include "base/memory/ref_counted.h" |
| 10 #include "base/observer_list_threadsafe.h" |
| 11 #include "extensions/browser/content_verifier_filter.h" |
| 12 #include "extensions/browser/content_verify_job.h" |
| 13 |
| 14 namespace base { |
| 15 class FilePath; |
| 16 } |
| 17 |
| 18 namespace content { |
| 19 class BrowserContext; |
| 20 } |
| 21 |
| 22 namespace extensions { |
| 23 |
| 24 // Interface for clients of ContentVerifier. |
| 25 class ContentVerifierObserver { |
| 26 public: |
| 27 // Called when the content verifier detects that a read of a file inside |
| 28 // an extension did not match its expected hash. |
| 29 virtual void ContentVerifyFailed(const std::string& extension_id) = 0; |
| 30 }; |
| 31 |
| 32 // Used for managing overall content verification - both fetching content |
| 33 // hashes as needed, and supplying job objects to verify file contents as they |
| 34 // are read. |
| 35 class ContentVerifier : public base::RefCountedThreadSafe<ContentVerifier> { |
| 36 public: |
| 37 ContentVerifier(content::BrowserContext* context, |
| 38 const ContentVerifierFilter& filter); |
| 39 void Start(); |
| 40 void Shutdown(); |
| 41 |
| 42 // Call this before reading a file within an extension. The caller owns the |
| 43 // returned job. |
| 44 ContentVerifyJob* CreateJobFor(const std::string& extension_id, |
| 45 const base::FilePath& extension_root, |
| 46 const base::FilePath& relative_path); |
| 47 |
| 48 // Called (typically by a verification job) to indicate that verification |
| 49 // failed while reading some file in |extension_id|. |
| 50 void VerifyFailed(const std::string& extension_id, |
| 51 ContentVerifyJob::FailureReason reason); |
| 52 |
| 53 // Observers will be called back on the same thread that they call |
| 54 // AddObserver on. |
| 55 void AddObserver(ContentVerifierObserver* observer); |
| 56 void RemoveObserver(ContentVerifierObserver* observer); |
| 57 |
| 58 private: |
| 59 DISALLOW_COPY_AND_ASSIGN(ContentVerifier); |
| 60 |
| 61 friend class base::RefCountedThreadSafe<ContentVerifier>; |
| 62 virtual ~ContentVerifier(); |
| 63 |
| 64 // Attempts to fetch content hashes for |extension_id|. |
| 65 void RequestFetch(const std::string& extension_id); |
| 66 |
| 67 enum Mode { |
| 68 // Do not try to fetch content hashes if they are missing, and do not |
| 69 // enforce them if they are present. |
| 70 NONE = 0, |
| 71 |
| 72 // If content hashes are missing, try to fetch them, but do not enforce. |
| 73 BOOTSTRAP, |
| 74 |
| 75 // If hashes are present, enforce them. If they are missing, try to fetch |
| 76 // them. |
| 77 ENFORCE, |
| 78 |
| 79 // Treat the absence of hashes the same as a verification failure. |
| 80 ENFORCE_STRICT |
| 81 }; |
| 82 |
| 83 static Mode GetMode(); |
| 84 |
| 85 // The mode we're running in - set once at creation. |
| 86 const Mode mode_; |
| 87 |
| 88 // The filter we use to decide whether to return a ContentVerifyJob. |
| 89 ContentVerifierFilter filter_; |
| 90 |
| 91 // The associated BrowserContext. |
| 92 content::BrowserContext* context_; |
| 93 |
| 94 // The set of objects interested in verification failures. |
| 95 scoped_refptr<ObserverListThreadSafe<ContentVerifierObserver> > observers_; |
| 96 }; |
| 97 |
| 98 } // namespace extensions |
| 99 |
| 100 #endif // EXTENSIONS_BROWSER_CONTENT_VERIFIER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 266963003:
Beginning of support for extension content verification (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src