Only allow installation of extensions/apps with gallery update url via download from gallery

chrome/browser/extensions/crx_installer.cc

Index: chrome/browser/extensions/crx_installer.cc
diff --git a/chrome/browser/extensions/crx_installer.cc b/chrome/browser/extensions/crx_installer.cc
index 832318cda1d2947313940934ea259b552101232b..c6a3f25ecc31d209bb3eb1a918aefc96e85be8a4 100644
--- a/chrome/browser/extensions/crx_installer.cc
+++ b/chrome/browser/extensions/crx_installer.cc
@@ -20,6 +20,7 @@
 #include "chrome/browser/web_applications/web_app.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/extensions/extension_file_util.h"
+#include "chrome/common/extensions/extension_constants.h"
 #include "chrome/common/notification_service.h"
 #include "chrome/common/notification_type.h"
 #include "grit/browser_resources.h"
@@ -135,6 +136,17 @@ void CrxInstaller::OnUnpackSuccess(const FilePath& temp_dir,
   // the temp dir.
   unpacked_extension_root_ = extension_dir;
 
+  // Only allow extensions with a gallery update url to be installed after
+  // having been directly downloaded from the gallery.
+  if (extension->update_url() == GURL(extension_urls::kGalleryUpdateURL) &&
+      !StartsWithASCII(original_url_.spec(),
+          extension_urls::kGalleryDownloadPrefix, false)) {
+    ReportFailureFromUIThread(l10n_util::GetStringFUTF8(

[akalin, 2010/06/24 01:09:58]

This should be ReportFailureFromFileThread()

[rafaelw, 2010/06/24 02:27:51]

Thanks for the catch. Done here: http://codereview.chromium.org/2867023

On 2010/06/24 01:09:58, akalin wrote:

+        IDS_EXTENSION_DISALLOW_NON_DOWNLOADED_GALLERY_INSTALLS,
+        l10n_util::GetStringUTF16(IDS_EXTENSION_WEB_STORE_TITLE)));
+    return;
+  }
+
   // Determine whether to allow installation. We always allow themes and
   // external installs.
   if (!extensions_enabled_ && !extension->IsTheme() &&