Add some browser-level checks to prohibit access to extension bindings by...

chrome/browser/child_process_security_policy.cc

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/child_process_security_policy.h"
 
 #include "base/file_path.h"
 #include "base/logging.h"
 #include "base/stl_util-inl.h"
 #include "base/string_util.h"
+#include "chrome/common/bindings_policy.h"
 #include "chrome/common/url_constants.h"
 #include "googleurl/src/gurl.h"
 #include "net/url_request/url_request.h"
 
 // The SecurityState class is used to maintain per-renderer security state
 // information.
 class ChildProcessSecurityPolicy::SecurityState {
  public:
-  SecurityState() : has_dom_ui_bindings_(false) { }
+  SecurityState() : enabled_bindings_(0) { }
   ~SecurityState() {
     scheme_policy_.clear();
   }
 
   // Grant permission to request URLs with the specified scheme.
   void GrantScheme(const std::string& scheme) {
     scheme_policy_[scheme] = true;
   }
 
   // Revoke permission to request URLs with the specified scheme.
   void RevokeScheme(const std::string& scheme) {
     scheme_policy_[scheme] = false;
   }
 
   // Grant permission to upload the specified file to the web.
   void GrantUploadFile(const FilePath& file) {
     uploadable_files_.insert(file);
   }
 
-  void GrantDOMUIBindings() {
-    has_dom_ui_bindings_ = true;
+  void GrantBindings(int bindings) {
+    enabled_bindings_ |= bindings;
   }
 
   // Determine whether permission has been granted to request url.
   // Schemes that have not been granted default to being denied.
   bool CanRequestURL(const GURL& url) {
     SchemeMap::const_iterator judgment(scheme_policy_.find(url.scheme()));
 
     if (judgment == scheme_policy_.end())
       return false;  // Unmentioned schemes are disallowed.
 
     return judgment->second;
   }
 
   // Determine whether permission has been granted to upload file.
   // Files that have not been granted default to being denied.
   bool CanUploadFile(const FilePath& file) {
     return uploadable_files_.find(file) != uploadable_files_.end();
   }
 
-  bool has_dom_ui_bindings() const { return has_dom_ui_bindings_; }
+  bool has_dom_ui_bindings() const {
+    return BindingsPolicy::is_dom_ui_enabled(enabled_bindings_);
+  }
+
+  bool has_extension_bindings() const {
+    return BindingsPolicy::is_extension_enabled(enabled_bindings_);
+  }
 
  private:
   typedef std::map<std::string, bool> SchemeMap;
   typedef std::set<FilePath> FileSet;
 
   // Maps URL schemes to whether permission has been granted or revoked:
   //   |true| means the scheme has been granted.
   //   |false| means the scheme has been revoked.
   // If a scheme is not present in the map, then it has never been granted
   // or revoked.
   SchemeMap scheme_policy_;
 
   // The set of files the renderer is permited to upload to the web.
   FileSet uploadable_files_;
 
-  bool has_dom_ui_bindings_;
+  int enabled_bindings_;
 
   DISALLOW_COPY_AND_ASSIGN(SecurityState);
 };
 
 ChildProcessSecurityPolicy::ChildProcessSecurityPolicy() {
   // We know about these schemes and believe them to be safe.
   RegisterWebSafeScheme(chrome::kHttpScheme);
   RegisterWebSafeScheme(chrome::kHttpsScheme);
   RegisterWebSafeScheme(chrome::kFtpScheme);
   RegisterWebSafeScheme(chrome::kDataScheme);
@@ skipping 124 matching lines @@
   state->second->GrantScheme(chrome::kChromeUIScheme);
 }
 
 void ChildProcessSecurityPolicy::GrantDOMUIBindings(int renderer_id) {
   AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(renderer_id);
   if (state == security_state_.end())
     return;
 
-  state->second->GrantDOMUIBindings();
+  state->second->GrantBindings(BindingsPolicy::DOM_UI);
 
   // DOM UI bindings need the ability to request chrome: URLs.
   state->second->GrantScheme(chrome::kChromeUIScheme);
 
   // DOM UI pages can contain links to file:// URLs.
   state->second->GrantScheme(chrome::kFileScheme);
 }
 
+void ChildProcessSecurityPolicy::GrantExtensionBindings(int renderer_id) {
+  AutoLock lock(lock_);
+
+  SecurityStateMap::iterator state = security_state_.find(renderer_id);
+  if (state == security_state_.end())
+    return;
+
+  state->second->GrantBindings(BindingsPolicy::EXTENSION);
+}
+
 bool ChildProcessSecurityPolicy::CanRequestURL(int renderer_id, const GURL& url) {
   if (!url.is_valid())
     return false;  // Can't request invalid URLs.
 
   if (IsWebSafeScheme(url.scheme()))
     return true;  // The scheme has been white-listed for every renderer.
 
   if (IsPseudoScheme(url.scheme())) {
     // There are a number of special cases for pseudo schemes.
 
@@ skipping 41 matching lines @@
 
 bool ChildProcessSecurityPolicy::HasDOMUIBindings(int renderer_id) {
   AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(renderer_id);
   if (state == security_state_.end())
     return false;
 
   return state->second->has_dom_ui_bindings();
 }
+
+bool ChildProcessSecurityPolicy::HasExtensionBindings(int renderer_id) {
+  AutoLock lock(lock_);
+
+  SecurityStateMap::iterator state = security_state_.find(renderer_id);
+  if (state == security_state_.end())
+    return false;
+
+  return state->second->has_extension_bindings();
+}