Extensions: run "custom bindings" v8-extensions in content scripts.

chrome/common/extensions/api/extension_api.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/extensions/api/extension_api.h"
 
+#include <algorithm>
 #include <string>
 #include <vector>
 
 #include "base/json/json_reader.h"
 #include "base/logging.h"
 #include "base/string_split.h"
 #include "base/string_util.h"
 #include "base/values.h"
 #include "chrome/common/extensions/extension.h"
 #include "chrome/common/extensions/extension_permission_set.h"
@@ skipping 13 matching lines @@
   ListValue* dependencies = NULL;
   if (!schema.GetList("dependencies", &dependencies))
     return;
   for (size_t i = 0; i < dependencies->GetSize(); ++i) {
     std::string api_name;
     if (dependencies->GetString(i, &api_name) && !reference.count(api_name))
       out->insert(api_name);
   }
 }
 
+// Returns whether the list at |name_space_node|.|child_kind| contains any
+// children with an { "unprivileged": true } property.
+bool HasUnprivilegedChild(const DictionaryValue* name_space_node,
+                          const std::string& child_kind) {
+  ListValue* child_list = NULL;
+  name_space_node->GetList(child_kind, &child_list);
+  if (!child_list)
+    return false;
+
+  for (size_t i = 0; i < child_list->GetSize(); ++i) {
+    DictionaryValue* item = NULL;
+    CHECK(child_list->GetDictionary(i, &item));
+    bool unprivileged = false;
+    if (item->GetBoolean("unprivileged", &unprivileged))
+      return unprivileged;
+  }
+
+  return false;
+}
+
 }  // namespace
 
 // static
 ExtensionAPI* ExtensionAPI::GetInstance() {
   return Singleton<ExtensionAPI>::get();
 }
 
 static base::ListValue* LoadSchemaList(int resource_id) {
   const bool kAllowTrailingCommas = false;
   std::string error_message;
@@ skipping 80 matching lines @@
     IDR_EXTENSION_API_JSON_WEBNAVIGATION,
     IDR_EXTENSION_API_JSON_WEBREQUEST,
     IDR_EXTENSION_API_JSON_WEBSOCKETPROXYPRIVATE,
     IDR_EXTENSION_API_JSON_WEBSTOREPRIVATE,
     IDR_EXTENSION_API_JSON_WINDOWS,
   };
 
   for (size_t i = 0; i < arraysize(kJsonApiResourceIds); i++) {
     LoadSchemaFromResource(kJsonApiResourceIds[i]);
   }
+
+  // Populate {completely,partially}_unprivileged_apis_.
+  for (SchemaMap::iterator it = schemas_.begin(); it != schemas_.end(); ++it) {
+    bool unprivileged = false;
+    it->second->GetBoolean("unprivileged", &unprivileged);
+    if (unprivileged) {
+      completely_unprivileged_apis_.insert(it->first);
+      continue;
+    }
+
+    // Only need to look at functions/events; even though there are unprivileged
+    // properties (e.g. in extensions), access to those never reaches C++ land.
+    if (HasUnprivilegedChild(it->second.get(), "functions") ||
+        HasUnprivilegedChild(it->second.get(), "events")) {
+      partially_unprivileged_apis_.insert(it->first);
+    }
+  }
 }
 
 ExtensionAPI::~ExtensionAPI() {
 }
 
 bool ExtensionAPI::IsPrivileged(const std::string& full_name) const {
-  std::vector<std::string> split_full_name;
-  base::SplitString(full_name, '.', &split_full_name);
-  std::string name = split_full_name.back();
-  split_full_name.pop_back();
-  std::string name_space = JoinString(split_full_name, '.');
+  std::string api_name;

[Aaron Boodman, 2012/02/16 00:17:13]

This is going to be replaced with Feature stuff eventually, right?

[not at google - send to devlin, 2012/02/16 01:45:53]

mos def.

+  std::string child_name;
 
-  // HACK(kalman): explicitly mark all Storage API methods as unprivileged.
-  // TODO(kalman): solve this in a more general way; the problem is that
-  // functions-on-properties are not found with the following algorithm.
-  if (name_space == "storage")
+  {
+    std::vector<std::string> split;
+    base::SplitString(full_name, '.', &split);
+    std::reverse(split.begin(), split.end());
+
+    api_name = split.back();
+    split.pop_back();
+    if (api_name == "experimental") {
+      api_name += "." + split.back();
+      split.pop_back();
+    }
+
+    // This only really works properly if split.size() == 1, however:
+    //  - if it's empty, it's ok to leave child_name empty; presumably there's
+    //    no functions or events with empty names.
+    //  - if it's > 1, we can just do our best.
+    if (split.size() > 0)
+      child_name = split[0];
+  }
+
+  if (completely_unprivileged_apis_.count(api_name))
     return false;
 
-  const base::DictionaryValue* name_space_node = GetSchema(name_space);
-  if (!name_space_node)
-    return true;
-
-  if (!IsChildNamePrivileged(name_space_node, "functions", name) ||
-      !IsChildNamePrivileged(name_space_node, "events", name)) {
-    return false;
+  if (partially_unprivileged_apis_.count(api_name)) {
+    const DictionaryValue* schema = GetSchema(api_name);
+    return IsChildNamePrivileged(schema, "functions", child_name) &&
+           IsChildNamePrivileged(schema, "events", child_name);
   }
 
   return true;
 }
 
 DictionaryValue* ExtensionAPI::FindListItem(
     const base::ListValue* list,
     const std::string& property_name,
     const std::string& property_value) const {
   for (size_t i = 0; i < list->GetSize(); ++i) {
@@ skipping 61 matching lines @@
 
 void ExtensionAPI::GetSchemasForPermissions(
     const ExtensionPermissionSet& permissions, SchemaMap* out) const {
   for (SchemaMap::const_iterator it = schemas_.begin(); it != schemas_.end();
       ++it) {
     if (permissions.HasAnyAccessToAPI(it->first))
       (*out)[it->first] = it->second;
   }
 }
 
+bool ExtensionAPI::IsWholeAPIPrivileged(const std::string& api_name) const {
+  return !completely_unprivileged_apis_.count(api_name) &&
+         !partially_unprivileged_apis_.count(api_name);
 }
+
+}  // namespace extensions