| Index: chrome/browser/extensions/sandboxed_extension_unpacker.h
|
| diff --git a/chrome/browser/extensions/sandboxed_extension_unpacker.h b/chrome/browser/extensions/sandboxed_extension_unpacker.h
|
| index 3e2fd230b3e3e2a69d60fd41e55f0431dd7c6ff0..1ae5d6218839de4e7440536d0bd0ca95d30b65fc 100644
|
| --- a/chrome/browser/extensions/sandboxed_extension_unpacker.h
|
| +++ b/chrome/browser/extensions/sandboxed_extension_unpacker.h
|
| @@ -1,52 +1,64 @@
|
| -// Copyright (c) 2009 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -#ifndef CHROME_BROWSER_EXTENSIONS_SANDBOXED_EXTENSION_UNPACKER_H_
|
| -#define CHROME_BROWSER_EXTENSIONS_SANDBOXED_EXTENSION_UNPACKER_H_
|
| -
|
| -#include <string>
|
| -
|
| -#include "base/file_path.h"
|
| -#include "base/ref_counted.h"
|
| -#include "base/scoped_temp_dir.h"
|
| -#include "base/values.h"
|
| -#include "chrome/browser/utility_process_host.h"
|
| -
|
| -class Extension;
|
| -class MessageLoop;
|
| -class ResourceDispatcherHost;
|
| -
|
| -class SandboxedExtensionUnpackerClient {
|
| - public:
|
| - // temp_dir - A temporary directoy containing the results of the extension
|
| - // unpacking. The client is responsible for deleting this directory.
|
| - //
|
| - // extension_root - The path to the extension root inside of temp_dir.
|
| - //
|
| - // extension - The extension that was unpacked. The client is responsible
|
| - // for deleting this memory.
|
| - virtual void OnUnpackSuccess(const FilePath& temp_dir,
|
| - const FilePath& extension_root,
|
| - Extension* extension) = 0;
|
| - virtual void OnUnpackFailure(const std::string& error) = 0;
|
| -};
|
| -
|
| -// SandboxedExtensionUnpacker unpacks extensions from the CRX format into a
|
| -// directory. This is done in a sandboxed subprocess to protect the browser
|
| -// process from parsing complex formats like JPEG or JSON from untrusted
|
| -// sources.
|
| -//
|
| -// Unpacking an extension using this class makes minor changes to its source,
|
| -// such as transcoding all images to PNG and rewriting the manifest JSON. As
|
| -// such, it should not be used when the output is not intended to be given back
|
| -// to the author.
|
| -//
|
| -// NOTE: This class should only be used on the file thread.
|
| -
|
| -
|
| -class SandboxedExtensionUnpacker : public UtilityProcessHost::Client {
|
| - public:
|
| +// Copyright (c) 2009 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#ifndef CHROME_BROWSER_EXTENSIONS_SANDBOXED_EXTENSION_UNPACKER_H_
|
| +#define CHROME_BROWSER_EXTENSIONS_SANDBOXED_EXTENSION_UNPACKER_H_
|
| +
|
| +#include <string>
|
| +
|
| +#include "base/file_path.h"
|
| +#include "base/ref_counted.h"
|
| +#include "base/scoped_temp_dir.h"
|
| +#include "base/values.h"
|
| +#include "chrome/browser/utility_process_host.h"
|
| +
|
| +class Extension;
|
| +class MessageLoop;
|
| +class ResourceDispatcherHost;
|
| +
|
| +class SandboxedExtensionUnpackerClient
|
| + : public base::RefCountedThreadSafe<SandboxedExtensionUnpackerClient> {
|
| + public:
|
| + virtual ~SandboxedExtensionUnpackerClient(){
|
| + }
|
| +
|
| + // temp_dir - A temporary directoy containing the results of the extension
|
| + // unpacking. The client is responsible for deleting this directory.
|
| + //
|
| + // extension_root - The path to the extension root inside of temp_dir.
|
| + //
|
| + // extension - The extension that was unpacked. The client is responsible
|
| + // for deleting this memory.
|
| + virtual void OnUnpackSuccess(const FilePath& temp_dir,
|
| + const FilePath& extension_root,
|
| + Extension* extension) = 0;
|
| + virtual void OnUnpackFailure(const std::string& error) = 0;
|
| +};
|
| +
|
| +// SandboxedExtensionUnpacker unpacks extensions from the CRX format into a
|
| +// directory. This is done in a sandboxed subprocess to protect the browser
|
| +// process from parsing complex formats like JPEG or JSON from untrusted
|
| +// sources.
|
| +//
|
| +// Unpacking an extension using this class makes minor changes to its source,
|
| +// such as transcoding all images to PNG and rewriting the manifest JSON. As
|
| +// such, it should not be used when the output is not intended to be given back
|
| +// to the author.
|
| +//
|
| +//
|
| +// Lifetime management:
|
| +//
|
| +// This class is ref-counted by each call it makes to itself on another thread,
|
| +// and by UtilityProcessHost.
|
| +//
|
| +// Additionally, we hold a reference to our own client so that it lives at least
|
| +// long enough to receive the result of unpacking.
|
| +//
|
| +//
|
| +// NOTE: This class should only be used on the file thread.
|
| +class SandboxedExtensionUnpacker : public UtilityProcessHost::Client {
|
| + public:
|
| // The size of the magic character sequence at the beginning of each crx
|
| // file, in bytes. This should be a multiple of 4.
|
| static const size_t kExtensionHeaderMagicSize = 4;
|
| @@ -75,51 +87,51 @@ class SandboxedExtensionUnpacker : public UtilityProcessHost::Client {
|
| // The current version of the crx format.
|
| static const uint32 kCurrentVersion = 2;
|
|
|
| - // Unpacks the extension in |crx_path| into a temporary directory and calls
|
| - // |client| with the result. If |rdh| is provided, unpacking is done in a
|
| - // sandboxed subprocess. Otherwise, it is done in-process.
|
| - SandboxedExtensionUnpacker(const FilePath& crx_path,
|
| - ResourceDispatcherHost* rdh,
|
| - SandboxedExtensionUnpackerClient* cilent);
|
| -
|
| - // Start unpacking the extension. The client is called with the results.
|
| - void Start();
|
| -
|
| - private:
|
| - class ProcessHostClient;
|
| - friend ProcessHostClient;
|
| -
|
| - // Validates the signature of the extension and extract the key to
|
| - // |public_key_|. Returns true if the signature validates, false otherwise.
|
| - //
|
| - // NOTE: Having this method here is a bit ugly. This code should really live
|
| - // in ExtensionUnpacker as it is not specific to sandboxed unpacking. It was
|
| - // put here because we cannot run windows crypto code in the sandbox. But we
|
| - // could still have this method statically on ExtensionUnpacker so that code
|
| - // just for unpacking is there and code just for sandboxing of unpacking is
|
| - // here.
|
| - bool ValidateSignature();
|
| -
|
| - // Starts the utility process that unpacks our extension.
|
| - void StartProcessOnIOThread(const FilePath& temp_crx_path);
|
| -
|
| - // SandboxedExtensionUnpacker
|
| - void OnUnpackExtensionSucceeded(const DictionaryValue& manifest);
|
| - void OnUnpackExtensionFailed(const std::string& error_message);
|
| - void OnProcessCrashed();
|
| -
|
| - void ReportFailure(const std::string& message);
|
| - void ReportSuccess();
|
| -
|
| - FilePath crx_path_;
|
| - MessageLoop* client_loop_;
|
| - ResourceDispatcherHost* rdh_;
|
| - SandboxedExtensionUnpackerClient* client_;
|
| - ScopedTempDir temp_dir_;
|
| - FilePath extension_root_;
|
| - scoped_ptr<Extension> extension_;
|
| - bool got_response_;
|
| - std::string public_key_;
|
| -};
|
| -
|
| -#endif // CHROME_BROWSER_EXTENSIONS_SANDBOXED_EXTENSION_UNPACKER_H_
|
| + // Unpacks the extension in |crx_path| into a temporary directory and calls
|
| + // |client| with the result. If |rdh| is provided, unpacking is done in a
|
| + // sandboxed subprocess. Otherwise, it is done in-process.
|
| + SandboxedExtensionUnpacker(const FilePath& crx_path,
|
| + ResourceDispatcherHost* rdh,
|
| + SandboxedExtensionUnpackerClient* cilent);
|
| +
|
| + // Start unpacking the extension. The client is called with the results.
|
| + void Start();
|
| +
|
| + private:
|
| + class ProcessHostClient;
|
| + friend ProcessHostClient;
|
| +
|
| + // Validates the signature of the extension and extract the key to
|
| + // |public_key_|. Returns true if the signature validates, false otherwise.
|
| + //
|
| + // NOTE: Having this method here is a bit ugly. This code should really live
|
| + // in ExtensionUnpacker as it is not specific to sandboxed unpacking. It was
|
| + // put here because we cannot run windows crypto code in the sandbox. But we
|
| + // could still have this method statically on ExtensionUnpacker so that code
|
| + // just for unpacking is there and code just for sandboxing of unpacking is
|
| + // here.
|
| + bool ValidateSignature();
|
| +
|
| + // Starts the utility process that unpacks our extension.
|
| + void StartProcessOnIOThread(const FilePath& temp_crx_path);
|
| +
|
| + // SandboxedExtensionUnpacker
|
| + void OnUnpackExtensionSucceeded(const DictionaryValue& manifest);
|
| + void OnUnpackExtensionFailed(const std::string& error_message);
|
| + void OnProcessCrashed();
|
| +
|
| + void ReportFailure(const std::string& message);
|
| + void ReportSuccess();
|
| +
|
| + FilePath crx_path_;
|
| + MessageLoop* client_loop_;
|
| + ResourceDispatcherHost* rdh_;
|
| + scoped_refptr<SandboxedExtensionUnpackerClient> client_;
|
| + ScopedTempDir temp_dir_;
|
| + FilePath extension_root_;
|
| + scoped_ptr<Extension> extension_;
|
| + bool got_response_;
|
| + std::string public_key_;
|
| +};
|
| +
|
| +#endif // CHROME_BROWSER_EXTENSIONS_SANDBOXED_EXTENSION_UNPACKER_H_
|
|
|
Chromium Code Reviews
Issue 160311:
Pull CrxInstaller out of ExtensionsService. (Closed)
