Have the browser process rewrite manifest.json and theme images that the...

chrome/browser/extensions/extensions_service.cc

 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/extensions_service.h"
 
 #include "base/file_util.h"
+#include "base/gfx/png_encoder.h"
 #include "base/scoped_handle.h"
 #include "base/scoped_temp_dir.h"
 #include "base/string_util.h"
 #include "base/third_party/nss/blapi.h"
 #include "base/third_party/nss/sha256.h"
 #include "base/thread.h"
 #include "base/values.h"
 #include "net/base/file_stream.h"
 #include "chrome/browser/browser.h"
 #include "chrome/browser/browser_list.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chrome_thread.h"
 #include "chrome/browser/extensions/extension.h"
 #include "chrome/browser/extensions/extension_browser_event_router.h"
 #include "chrome/browser/extensions/extension_error_reporter.h"
 #include "chrome/browser/extensions/extension_process_manager.h"
 #include "chrome/browser/profile.h"
 #include "chrome/browser/utility_process_host.h"
 #include "chrome/common/extensions/extension_unpacker.h"
 #include "chrome/common/json_value_serializer.h"
 #include "chrome/common/notification_service.h"
 #include "chrome/common/pref_service.h"
 #include "chrome/common/unzip.h"
 #include "chrome/common/url_constants.h"
+#include "third_party/skia/include/core/SkBitmap.h"
 
 #if defined(OS_WIN)
 #include "base/registry.h"
 #endif
 
 // ExtensionsService
 
 const char* ExtensionsService::kInstallDirectoryName = "Extensions";
 const char* ExtensionsService::kCurrentVersionFileName = "Current Version";
 const char* ExtensionsServiceBackend::kTempExtensionName = "TEMP_INSTALL";
@@ skipping 80 matching lines @@
 
     if (backend_->resource_dispatcher_host_) {
       ChromeThread::GetMessageLoop(ChromeThread::IO)->PostTask(FROM_HERE,
           NewRunnableMethod(this, &UnpackerClient::StartProcessOnIOThread,
                             backend_->resource_dispatcher_host_,
                             MessageLoop::current()));
     } else {
       // Cheesy... but if we don't have a ResourceDispatcherHost, assume we're
       // in a unit test and run the unpacker directly in-process.
       ExtensionUnpacker unpacker(temp_extension_path_);
-      bool success = unpacker.Run();
-      OnUnpackExtensionReply(success, unpacker.error_message());
+      if (unpacker.Run()) {
+        OnUnpackExtensionSucceeded(*unpacker.parsed_manifest(),
+                                   unpacker.decoded_images());
+      } else {
+        OnUnpackExtensionFailed(unpacker.error_message());
+      }
     }
   }
 
  private:
   // UtilityProcessHost::Client
   virtual void OnProcessCrashed() {
-    OnUnpackExtensionReply(false, "Chrome crashed while trying to install");
+    OnUnpackExtensionFailed("Chrome crashed while trying to install");
   }
 
-  virtual void OnUnpackExtensionReply(bool success,
-                                      const std::string& error_message) {
-    if (success) {
-      // The extension was unpacked to the temp dir inside our unpacking dir.
-      FilePath extension_dir = temp_extension_path_.DirName().AppendASCII(
-          ExtensionsServiceBackend::kTempExtensionName);
-      backend_->OnExtensionUnpacked(extension_path_, extension_dir,
-                                    expected_id_, from_external_);
-    } else {
-      backend_->ReportExtensionInstallError(extension_path_, error_message);
-    }
+  virtual void OnUnpackExtensionSucceeded(
+      const DictionaryValue& manifest,
+      const std::vector< Tuple2<SkBitmap, FilePath> >& images) {
+    // The extension was unpacked to the temp dir inside our unpacking dir.
+    FilePath extension_dir = temp_extension_path_.DirName().AppendASCII(
+        ExtensionsServiceBackend::kTempExtensionName);
+    backend_->OnExtensionUnpacked(extension_path_, extension_dir,
+                                  expected_id_, from_external_,
+                                  manifest, images);
     Cleanup();
-    Release();  // balanced in Run()
+  }
+
+  virtual void OnUnpackExtensionFailed(const std::string& error_message) {
+    backend_->ReportExtensionInstallError(extension_path_, error_message);
+    Cleanup();
   }
 
   // Cleans up our temp directory.
   void Cleanup() {
     file_util::Delete(temp_extension_path_.DirName(), true);
+    Release();  // balanced in Run()
   }
 
   // Starts the utility process that unpacks our extension.
   void StartProcessOnIOThread(ResourceDispatcherHost* rdh,
                               MessageLoop* file_loop) {
     UtilityProcessHost* host = new UtilityProcessHost(rdh, this, file_loop);
     host->StartExtensionUnpacker(temp_extension_path_);
   }
 
   scoped_refptr<ExtensionsServiceBackend> backend_;
@@ skipping 634 matching lines @@
     bool from_external) {
   UnpackerClient* client =
       new UnpackerClient(this, extension_path, expected_id, from_external);
   client->Start();
 }
 
 void ExtensionsServiceBackend::OnExtensionUnpacked(
     const FilePath& extension_path,
     const FilePath& temp_extension_dir,
     const std::string expected_id,
-    bool from_external) {
-  // TODO(mpcomplete): the utility process should pass up a parsed manifest that
-  // we rewrite in the browser.
-  // Bug http://code.google.com/p/chromium/issues/detail?id=11680
-  scoped_ptr<DictionaryValue> manifest(ReadManifest(extension_path));
-  if (!manifest.get()) {
-    // ReadManifest has already reported the extension error.
-    return;
-  }
-
+    bool from_external,
+    const DictionaryValue& manifest,
+    const std::vector< Tuple2<SkBitmap, FilePath> >& images) {
   Extension extension;
   std::string error;
-  if (!extension.InitFromValue(*manifest,
+  if (!extension.InitFromValue(manifest,
                                true,  // require ID
                                &error)) {
     ReportExtensionInstallError(extension_path, "Invalid extension manifest.");
     return;
   }
 
   // If an expected id was provided, make sure it matches.
   if (!expected_id.empty() && expected_id != extension.id()) {
     ReportExtensionInstallError(extension_path,
         "ID in new extension manifest does not match expected ID.");
     return;
   }
 
   // <profile>/Extensions/<id>
   FilePath dest_dir = install_directory_.AppendASCII(extension.id());
   std::string version = extension.VersionString();
   std::string current_version;
   bool was_update = false;
   if (ReadCurrentVersion(dest_dir, &current_version)) {
     if (!CheckCurrentVersion(version, current_version, dest_dir))
       return;
     was_update = true;
   }
 
+  // Write our parsed manifest back to disk, to ensure it doesn't contain an
+  // exploitable bug that can be used to compromise the browser.
+  std::string manifest_json;
+  JSONStringValueSerializer serializer(&manifest_json);
+  serializer.set_pretty_print(true);
+  if (!serializer.Serialize(manifest)) {
+    ReportExtensionInstallError(extension_path,
+                                "Error serializing manifest.json.");
+    return;
+  }
+
+  FilePath manifest_path =
+      temp_extension_dir.AppendASCII(Extension::kManifestFilename);
+  if (!file_util::WriteFile(manifest_path,
+                            manifest_json.data(), manifest_json.size())) {
+    ReportExtensionInstallError(extension_path, "Error saving manifest.json.");
+    return;
+  }
+
+  // Write our parsed images back to disk as well.
+  for (size_t i = 0; i < images.size(); ++i) {
+    const SkBitmap& image = images[i].a;
+    FilePath path = temp_extension_dir.Append(images[i].b);
+
+    std::vector<unsigned char> image_data;
+    // TODO(mpcomplete): It's lame that we're encoding all images as PNG, even
+    // though they may originally be .jpg, etc.  Figure something out.
+    // http://code.google.com/p/chromium/issues/detail?id=12459
+    if (!PNGEncoder::EncodeBGRASkBitmap(image, false, &image_data)) {
+      ReportExtensionInstallError(extension_path,
+                                  "Error re-encoding theme image.");
+      return;
+    }
+
+    // Note: we're overwriting existing files that the utility process wrote,
+    // so we can be sure the directory exists.
+    const char* image_data_ptr = reinterpret_cast<const char*>(&image_data[0]);
+    if (!file_util::WriteFile(path, image_data_ptr, image_data.size())) {
+      ReportExtensionInstallError(extension_path, "Error saving theme image.");
+      return;
+    }
+  }
+
   // <profile>/Extensions/<dir_name>/<version>
   FilePath version_dir = dest_dir.AppendASCII(version);
+
+  // If anything fails after this, we want to delete the extension dir.
+  ScopedTempDir scoped_version_dir;
+  scoped_version_dir.Set(version_dir);
+
   if (!InstallDirSafely(temp_extension_dir, version_dir))
     return;
 
-  if (!SetCurrentVersion(dest_dir, version)) {
-    if (!file_util::Delete(version_dir, true))
-      LOG(WARNING) << "Can't remove " << dest_dir.value();
+  if (!SetCurrentVersion(dest_dir, version))
     return;
-  }
 
   // To mark that this extension was installed from an external source, create a
   // zero-length file.  At load time, this is used to indicate that the
   // extension should be uninstalled.
   // TODO(erikkay): move this into per-extension config storage when it appears.
   if (from_external) {
     FilePath marker = version_dir.AppendASCII(kExternalInstallFile);
     file_util::WriteFile(marker, NULL, 0);
   }
 
   // Load the extension immediately and then report installation success. We
   // don't load extensions for external installs because external installation
   // occurs before the normal startup so we just let startup pick them up. We
-  // don't notify installation because there is no UI or external install so
+  // don't notify installation because there is no UI for external install so
   // there is nobody to notify.
   if (!from_external) {
     Extension* extension = LoadExtension(version_dir, true);  // require id
     CHECK(extension);
 
     frontend_loop_->PostTask(FROM_HERE, NewRunnableMethod(
         frontend_, &ExtensionsService::OnExtensionInstalled, extension,
         was_update));
 
     // Only one extension, but ReportExtensionsLoaded can handle multiple,
     // so we need to construct a list.
     scoped_ptr<ExtensionList> extensions(new ExtensionList);
     extensions->push_back(extension);
     LOG(INFO) << "Done.";
     // Hand off ownership of the loaded extensions to the frontend.
     ReportExtensionsLoaded(extensions.release());
   }
+
+  scoped_version_dir.Take();
 }
 
 void ExtensionsServiceBackend::ReportExtensionInstallError(
     const FilePath& extension_path,  const std::string &error) {
 
   // TODO(erikkay): note that this isn't guaranteed to work properly on Linux.
   std::string path_str = WideToASCII(extension_path.ToWStringHack());
   std::string message =
       StringPrintf("Could not install extension from '%s'. %s",
                    path_str.c_str(), error.c_str());
@@ skipping 127 matching lines @@
 
 bool ExtensionsServiceBackend::ShouldInstall(const std::string& id,
                                              const std::string& version) {
   FilePath dir(install_directory_.AppendASCII(id.c_str()));
   std::string current_version;
   if (ReadCurrentVersion(dir, &current_version)) {
     return CheckCurrentVersion(version, current_version, dir);
   }
   return true;
 }