Packaged (CRX) extensions shouldn't be able to get 'dev' interfaces in NaCl.

chrome/renderer/chrome_content_renderer_client.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/renderer/chrome_content_renderer_client.h"
 
 #include <string>
 
 #include "base/command_line.h"
 #include "base/logging.h"
@@ skipping 399 matching lines @@
   if (plugin_setting == CONTENT_SETTING_ALLOW ||
       host_setting == CONTENT_SETTING_ALLOW ||
       plugin.path.value() == webkit::npapi::kDefaultPluginLibraryName) {
     // Delay loading plugins if prerendering.
     if (prerender::PrerenderHelper::IsPrerendering(render_view)) {
       return CreatePluginPlaceholder(
           render_view, frame, plugin, params, group.get(),
           IDR_CLICK_TO_PLAY_PLUGIN_HTML, IDS_PLUGIN_LOAD, true, true);
     }
 
-    // Enforce the Chrome WebStore restriction on the Native Client plugin.
+    // If this is the NaCl plugin, get the manifest URL for the app so we can

[jam, 2011/10/14 22:51:09]

this function is already too big, can we move the nacl part to another function?

[bbudge, 2011/10/14 23:40:14]

Done. It's true, it was turning into a monster.

+    // determine if it's OK to run.
     if (is_nacl_plugin) {
-      bool allow_nacl = cmd->HasSwitch(switches::kEnableNaCl);
-      if (!allow_nacl) {
-        const char* kNaClPluginMimeType = "application/x-nacl";
-        const char* kNaClPluginManifestAttribute = "nacl";
+      const char* kNaClPluginMimeType = "application/x-nacl";
+      const char* kNaClPluginManifestAttribute = "nacl";
 
-        GURL nexe_url;
-        if (actual_mime_type == kNaClPluginMimeType) {
-          nexe_url = url;  // Normal embedded NaCl plugin.
-        } else {
-          // Content type handling NaCl plugin; the "nacl" param on the
-          // MIME type holds the nexe URL.
-          string16 nacl_attr = ASCIIToUTF16(kNaClPluginManifestAttribute);
-          for (size_t i = 0; i < plugin.mime_types.size(); ++i) {
-            if (plugin.mime_types[i].mime_type == actual_mime_type) {
-              const webkit::WebPluginMimeType& content_type =
-                  plugin.mime_types[i];
-              for (size_t i = 0;
-                  i < content_type.additional_param_names.size(); ++i) {
-                if (content_type.additional_param_names[i] == nacl_attr) {
-                  nexe_url = GURL(content_type.additional_param_values[i]);
-                  break;
-                }
+      GURL manifest_url;
+      if (actual_mime_type == kNaClPluginMimeType) {
+        manifest_url = url;  // Normal embedded NaCl plugin.
+      } else {
+        // Content type handling NaCl plugin; the "nacl" param on the
+        // MIME type holds the nexe URL.
+        string16 nacl_attr = ASCIIToUTF16(kNaClPluginManifestAttribute);
+        for (size_t i = 0; i < plugin.mime_types.size(); ++i) {
+          if (plugin.mime_types[i].mime_type == actual_mime_type) {
+            const webkit::WebPluginMimeType& content_type =
+                plugin.mime_types[i];
+            for (size_t i = 0;
+                i < content_type.additional_param_names.size(); ++i) {
+              if (content_type.additional_param_names[i] == nacl_attr) {
+                manifest_url = GURL(content_type.additional_param_values[i]);
+                break;
               }
-              break;
             }
+            break;
           }
         }
-
-        // Create the NaCl plugin only if the .nexe is part of an extension
-        // that was installed from the Chrome Web Store, or part of a component
-        // extension, or part of an unpacked extension.
-        const Extension* extension =
-            extension_dispatcher_->extensions()->GetByURL(nexe_url);
-        allow_nacl = extension &&
-            (extension->from_webstore() ||
-            extension->location() == Extension::COMPONENT ||
-            extension->location() == Extension::LOAD);
       }
 
-      if (!allow_nacl) {
+      // Determine if the manifest URL is part of an extension.
+      const Extension* extension =
+          extension_dispatcher_->extensions()->GetByURL(manifest_url);
+      // Only component, unpacked, and Chrome Web Store extensions are allowed.
+      bool allowed_extension = extension &&
+          (extension->from_webstore() ||
+          extension->location() == Extension::COMPONENT ||
+          extension->location() == Extension::LOAD);
+
+      // Block any other use of NaCl plugin, unless --enable-nacl is set.
+      if (!allowed_extension && !cmd->HasSwitch(switches::kEnableNaCl)) {
         // TODO(bbudge) Webkit will crash if this is a full-frame plug-in and
         // we return NULL. Prepare a patch to fix that, and return NULL here.
         return CreatePluginPlaceholder(
             render_view, frame, plugin, params, group.get(),
             IDR_BLOCKED_PLUGIN_HTML, IDS_PLUGIN_BLOCKED, false, false);
       }
+
+      // Allow dev interfaces for non-extension apps.
+      bool allow_dev_interfaces = true;
+      if (allowed_extension) {
+        // Allow dev interfaces for component and unpacked extensions.
+        if (extension->location() != Extension::COMPONENT &&
+            extension->location() != Extension::LOAD) {
+          // Whitelist all other allowed extensions.
+          allow_dev_interfaces =
+              // PDF Viewer plugin
+              (manifest_url.scheme() == "chrome-extension" &&
+              manifest_url.host() == "acadkphlmlegjaadjagenfimbpphcgnh");
+        }
+      }
+      WebString dev_attribute = WebString::fromUTF8("@dev");
+      if (allow_dev_interfaces) {
+        std::vector<string16> param_names;
+        std::vector<string16> param_values;
+        param_names.push_back(dev_attribute);
+        param_values.push_back(WebString());
+        AppendParams(
+            param_names,
+            param_values,
+            &params.attributeNames,
+            &params.attributeValues);
+      } else {
+        // If the params somehow contain this special attribute, remove it.
+        size_t attribute_count = params.attributeNames.size();
+        for (size_t i = 0; i < attribute_count; ++i) {
+          if (params.attributeNames[i].equals(dev_attribute))
+            params.attributeNames[i] = WebString();
+        }
+      }
     }
 
     return render_view->CreatePlugin(frame, plugin, params);
   }
 
   observer->DidBlockContentType(content_type, resource);
   if (plugin_setting == CONTENT_SETTING_ASK) {
     RenderThread::Get()->RecordUserMetrics("Plugin_ClickToPlay");
     return CreatePluginPlaceholder(
         render_view, frame, plugin, params, group.get(),
@@ skipping 301 matching lines @@
   if (spellcheck_.get())
     thread->RemoveObserver(spellcheck_.get());
   SpellCheck* new_spellcheck = new SpellCheck();
   if (spellcheck_provider_)
     spellcheck_provider_->SetSpellCheck(new_spellcheck);
   spellcheck_.reset(new_spellcheck);
   thread->AddObserver(new_spellcheck);
 }
 
 }  // namespace chrome