Only allow installation of extensions/apps with gallery update url via download from gallery

chrome/browser/extensions/crx_installer.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/crx_installer.h"
 
 #include "app/l10n_util.h"
 #include "app/resource_bundle.h"
 #include "base/file_util.h"
 #include "base/path_service.h"
 #include "base/scoped_temp_dir.h"
 #include "base/task.h"
 #include "base/utf_string_conversions.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chrome_thread.h"
 #include "chrome/browser/extensions/convert_user_script.h"
 #include "chrome/browser/extensions/extension_error_reporter.h"
 #include "chrome/browser/profile.h"
 #include "chrome/browser/shell_integration.h"
 #include "chrome/browser/web_applications/web_app.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/extensions/extension_file_util.h"
+#include "chrome/common/extensions/extension_constants.h"
 #include "chrome/common/notification_service.h"
 #include "chrome/common/notification_type.h"
 #include "grit/browser_resources.h"
 #include "grit/chromium_strings.h"
 #include "grit/generated_resources.h"
 #include "third_party/skia/include/core/SkBitmap.h"
 
 namespace {
   // Helper function to delete files. This is used to avoid ugly casts which
   // would be necessary with PostMessage since file_util::Delete is overloaded.
@@ skipping 95 matching lines @@
   DCHECK(ChromeThread::CurrentlyOn(ChromeThread::FILE));
 
   // Note: We take ownership of |extension| and |temp_dir|.
   extension_.reset(extension);
   temp_dir_ = temp_dir;
 
   // The unpack dir we don't have to delete explicity since it is a child of
   // the temp dir.
   unpacked_extension_root_ = extension_dir;
 
+  // Only allow extensions with a gallery update url to be installed after
+  // having been directly downloaded from the gallery.
+  if (extension->update_url() == GURL(extension_urls::kGalleryUpdateURL) &&
+      !StartsWithASCII(original_url_.spec(),
+          extension_urls::kGalleryDownloadPrefix, false)) {
+    ReportFailureFromUIThread(l10n_util::GetStringFUTF8(

[akalin, 2010/06/24 01:09:58]

This should be ReportFailureFromFileThread()

[rafaelw, 2010/06/24 02:27:51]

Thanks for the catch. Done here: http://codereview.chromium.org/2867023

On 2010/06/24 01:09:58, akalin wrote:

+        IDS_EXTENSION_DISALLOW_NON_DOWNLOADED_GALLERY_INSTALLS,
+        l10n_util::GetStringUTF16(IDS_EXTENSION_WEB_STORE_TITLE)));
+    return;
+  }
+
   // Determine whether to allow installation. We always allow themes and
   // external installs.
   if (!extensions_enabled_ && !extension->IsTheme() &&
       !Extension::IsExternalLocation(install_source_)) {
     ReportFailureFromFileThread("Extensions are not enabled.");
     return;
   }
 
   // Make sure the expected id matches.
   // TODO(aa): Also support expected version?
@@ skipping 173 matching lines @@
     client_->OnInstallSuccess(extension_.get());
 
   // Tell the frontend about the installation and hand off ownership of
   // extension_ to it.
   frontend_->OnExtensionInstalled(extension_.release(),
                                   allow_privilege_increase_);
 
   // We're done. We don't post any more tasks to ourselves so we are deleted
   // soon.
 }