Add some browser-level checks to prohibit access to extension bindings by...

chrome/browser/renderer_host/render_view_host.cc

 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/renderer_host/render_view_host.h"
 
 #include <string>
 #include <vector>
 
 #include "app/resource_bundle.h"
@@ skipping 127 matching lines @@
 
   // The process may (if we're sharing a process with another host that already
   // initialized it) or may not (we have our own process or the old process
   // crashed) have been initialized. Calling Init multiple times will be
   // ignored, so this is safe.
   if (!process()->Init())
     return false;
   DCHECK(process()->channel());
   DCHECK(process()->profile());
 
-  if (enabled_bindings_ & BindingsPolicy::DOM_UI) {
+  if (BindingsPolicy::is_dom_ui_enabled(enabled_bindings_)) {
     ChildProcessSecurityPolicy::GetInstance()->GrantDOMUIBindings(
         process()->pid());
   }
 
+  if (BindingsPolicy::is_extension_enabled(enabled_bindings_)) {
+    ChildProcessSecurityPolicy::GetInstance()->GrantExtensionBindings(
+        process()->pid());
+  }
+
   renderer_initialized_ = true;
 
 #if defined(OS_WIN)
   HANDLE modal_dialog_event_handle;
   HANDLE renderer_process_handle = process()->process().handle();
   if (renderer_process_handle == NULL)
     renderer_process_handle = GetCurrentProcess();
 
   BOOL result = DuplicateHandle(GetCurrentProcess(),
       modal_dialog_event_->handle(),
@@ skipping 1254 matching lines @@
                                                     const std::string& origin,
                                                     const std::string& target) {
   Send(new ViewMsg_HandleMessageFromExternalHost(routing_id(), message, origin,
                                                  target));
 }
 
 void RenderViewHost::OnExtensionRequest(const std::string& name,
                                         const std::string& args,
                                         int request_id,
                                         bool has_callback) {
-  // TODO(aa): Here is where we can check that this renderer was supposed to be
-  // able to call extension APIs.
+  if (!BindingsPolicy::is_extension_enabled(enabled_bindings_)) {
+    NOTREACHED() << "Blocked unauthorized use of extension bindings.";
+    return;
+  }
+
   DCHECK(extension_function_dispatcher_.get());
   extension_function_dispatcher_->HandleRequest(name, args, request_id,
       has_callback);
 }
 
 void RenderViewHost::SendExtensionResponse(int request_id, bool success,
                                            const std::string& response,
                                            const std::string& error) {
   Send(new ViewMsg_ExtensionResponse(routing_id(), request_id, success,
       response, error));
 }
 
 void RenderViewHost::OnExtensionPostMessage(
     int port_id, const std::string& message) {
   URLRequestContext* context = process()->profile()->GetRequestContext();
   ExtensionMessageService::GetInstance(context)->
       PostMessageFromRenderer(port_id, message);
 }
 
 void RenderViewHost::OnAccessibilityFocusChange(int acc_obj_id) {
 #if defined(OS_WIN)
   BrowserAccessibilityManager::GetInstance()->
       ChangeAccessibilityFocus(acc_obj_id, process()->pid(), routing_id());
 #else
   // TODO(port): accessibility not yet implemented. See http://crbug.com/8288.
 #endif
 }