Allow webstore extensions to use experimental permissions.

chrome/common/extensions/extension.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/extensions/extension.h"
 
 #include <algorithm>
 
 #include "base/base64.h"
 #include "base/basictypes.h"
@@ skipping 1111 matching lines @@
       *error = errors::kInvalidLaunchHeight;
       return false;
     }
   }
 
   return true;
 }
 
 bool Extension::LoadAppIsolation(const DictionaryValue* manifest,
                                  std::string* error) {
-  // Only parse app isolation features if this switch is present.
-  if (!CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kEnableExperimentalExtensionApis))
-    return true;
-
   Value* temp = NULL;
   if (!manifest->Get(keys::kIsolation, &temp))
     return true;
 
   if (temp->GetType() != Value::TYPE_LIST) {
     *error = errors::kInvalidIsolation;
     return false;
   }
 
   ListValue* isolation_list = static_cast<ListValue*>(temp);
@@ skipping 342 matching lines @@
 
   // Initialize name.
   string16 localized_name;
   if (!source.GetString(keys::kName, &localized_name)) {
     *error = errors::kInvalidName;
     return false;
   }
   base::i18n::AdjustStringForLocaleDirection(&localized_name);
   name_ = UTF16ToUTF8(localized_name);
 
+  // Initialize the permissions (optional).
+  ExtensionAPIPermissionSet api_permissions;
+  URLPatternSet host_permissions;
+  if (!ParsePermissions(&source,
+                        keys::kPermissions,
+                        flags,
+                        error,
+                        &api_permissions,
+                        &host_permissions)) {
+    return false;
+  }
+
+  // Initialize the optional permissions (optional).
+  ExtensionAPIPermissionSet optional_api_permissions;
+  URLPatternSet optional_host_permissions;
+  if (!ParsePermissions(&source,
+                        keys::kOptionalPermissions,
+                        flags,
+                        error,
+                        &optional_api_permissions,
+                        &optional_host_permissions)) {
+    return false;
+  }
+
   // Initialize description (if present).
   if (source.HasKey(keys::kDescription)) {
     if (!source.GetString(keys::kDescription,
                           &description_)) {
       *error = errors::kInvalidDescription;
       return false;
     }
   }
 
   // Initialize homepage url (if present).
@@ skipping 267 matching lines @@
             errors::kInvalidNaClModulesMIMEType, base::IntToString(i));
         return false;
       }
 
       nacl_modules_.push_back(NaClModuleInfo());
       nacl_modules_.back().url = GetResourceURL(path_str);
       nacl_modules_.back().mime_type = mime_type;
     }
   }
 
-  // Initialize toolstrips.  This is deprecated for public use.
-  // NOTE(erikkay) Although deprecated, we intend to preserve this parsing
-  // code indefinitely.  Please contact me or Joi for details as to why.
-  if (CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kEnableExperimentalExtensionApis) &&
+  // Initialize toolstrips.
+  // TODO(aa): Remove this and all the related tests, docs, etc.
+  // See: crbug.com/100488.
+  if (api_permissions.count(ExtensionAPIPermission::kExperimental) &&
       source.HasKey(keys::kToolstrips)) {
     ListValue* list_value = NULL;
     if (!source.GetList(keys::kToolstrips, &list_value)) {
       *error = errors::kInvalidToolstrips;
       return false;
     }
 
     for (size_t i = 0; i < list_value->GetSize(); ++i) {
       GURL toolstrip;
       DictionaryValue* toolstrip_value = NULL;
@@ skipping 115 matching lines @@
   }
 
   // Load App settings.
   if (!LoadIsApp(manifest_value_.get(), error) ||
       !LoadExtent(manifest_value_.get(), keys::kWebURLs,
                   &extent_,
                   errors::kInvalidWebURLs, errors::kInvalidWebURL,
                   parse_strictness, error) ||
       !EnsureNotHybridApp(manifest_value_.get(), error) ||
       !LoadLaunchURL(manifest_value_.get(), error) ||
-      !LoadLaunchContainer(manifest_value_.get(), error) ||
-      !LoadAppIsolation(manifest_value_.get(), error)) {
+      !LoadLaunchContainer(manifest_value_.get(), error))
     return false;
+
+  if (api_permissions.count(ExtensionAPIPermission::kExperimental)) {
+    if (!LoadAppIsolation(manifest_value_.get(), error))
+      return false;
   }
 
   // Initialize options page url (optional).
   // Function LoadIsApp() set is_app_ above.
   if (source.HasKey(keys::kOptionsPage)) {
     std::string options_str;
     if (!source.GetString(keys::kOptionsPage, &options_str)) {
       *error = errors::kInvalidOptionsPage;
       return false;
     }
@@ skipping 14 matching lines @@
         return false;
       }
       options_url_ = GetResourceURL(options_str);
       if (!options_url_.is_valid()) {
         *error = errors::kInvalidOptionsPage;
         return false;
       }
     }
   }
 
-  // Initialize the permissions (optional).
-  ExtensionAPIPermissionSet api_permissions;
-  URLPatternSet host_permissions;
-  if (!ParsePermissions(&source,
-                        keys::kPermissions,
-                        flags,
-                        error,
-                        &api_permissions,
-                        &host_permissions)) {
-    return false;
-  }
-
-  // Initialize the optional permissions (optional).
-  ExtensionAPIPermissionSet optional_api_permissions;
-  URLPatternSet optional_host_permissions;
-  if (!ParsePermissions(&source,
-                        keys::kOptionalPermissions,
-                        flags,
-                        error,
-                        &optional_api_permissions,
-                        &optional_host_permissions)) {
-    return false;
-  }
-
   // Initialize background url (optional).
   if (source.HasKey(keys::kBackground)) {
     std::string background_str;
     if (!source.GetString(keys::kBackground, &background_str)) {
       *error = errors::kInvalidBackground;
       return false;
     }
 
     if (is_hosted_app()) {
       // Make sure "background" permission is set.
@@ skipping 66 matching lines @@
       chrome_url_overrides_[page] = GetResourceURL(val);
     }
 
     // An extension may override at most one page.
     if (overrides->size() > 1) {
       *error = errors::kMultipleOverrides;
       return false;
     }
   }
 
-  if (CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kEnableExperimentalExtensionApis) &&
+  if (api_permissions.count(ExtensionAPIPermission::kExperimental) &&
       source.HasKey(keys::kInputComponents)) {
     ListValue* list_value = NULL;
     if (!source.GetList(keys::kInputComponents, &list_value)) {
       *error = errors::kInvalidInputComponents;
       return false;
     }
 
     for (size_t i = 0; i < list_value->GetSize(); ++i) {
       DictionaryValue* module_value = NULL;
       std::string name_str;
@@ skipping 506 matching lines @@
       std::string permission_str;
       if (!permissions->GetString(i, &permission_str)) {
         *error = ExtensionErrorUtils::FormatErrorMessage(
             errors::kInvalidPermission, base::IntToString(i));
         return false;
       }
 
       ExtensionAPIPermission* permission =
           ExtensionPermissionsInfo::GetInstance()->GetByName(permission_str);
 
-      // Only COMPONENT extensions can use private APIs.
-      // TODO(asargent) - We want a more general purpose mechanism for this,
-      // and better error messages. (http://crbug.com/54013)
-      if (!IsComponentOnlyPermission(permission)
-#ifndef NDEBUG
-           && !CommandLine::ForCurrentProcess()->HasSwitch(
-                 switches::kExposePrivateExtensionApi)
-#endif
-          ) {
+      if (permission != NULL) {
+        if (CanSpecifyAPIPermission(permission, error))
+          api_permissions->insert(permission->id());
+
+        // Sometimes when you can't specify an API permission we ignore it
+        // silently. This seems like a bug. Specifically, crbug.com/100489.
+        if (!error->empty())
+          return false;
+
         continue;
       }
 
-      if (web_extent().is_empty() || location() == Extension::COMPONENT) {
-        // Check if it's a module permission.  If so, enable that permission.
-        if (permission != NULL) {
-          // Only allow the experimental API permission if the command line
-          // flag is present, or if the extension is a component of Chrome.
-          if (IsDisallowedExperimentalPermission(permission->id()) &&
-              location() != Extension::COMPONENT) {
-            *error = errors::kExperimentalFlagRequired;
-            return false;
-          }
-          api_permissions->insert(permission->id());
-          continue;
-        }
-      } else {
-        // Hosted apps only get access to a subset of the valid permissions.
-        if (permission != NULL && permission->is_hosted_app()) {
-          if (IsDisallowedExperimentalPermission(permission->id())) {
-            *error = errors::kExperimentalFlagRequired;
-            return false;
-          }
-          api_permissions->insert(permission->id());
-          continue;
-        }
-      }
-
       // Check if it's a host pattern permission.
       URLPattern pattern = URLPattern(CanExecuteScriptEverywhere() ?
           URLPattern::SCHEME_ALL : kValidHostPermissionSchemes);
 
       URLPattern::ParseResult parse_result = pattern.Parse(permission_str,
                                                            parse_strictness);
       if (parse_result == URLPattern::PARSE_SUCCESS) {
         if (!CanSpecifyHostPermission(pattern)) {
           *error = ExtensionErrorUtils::FormatErrorMessage(
               errors::kInvalidPermissionScheme, base::IntToString(i));
@@ skipping 105 matching lines @@
   base::AutoLock auto_lock(runtime_data_lock_);
   runtime_data_.SetActivePermissions(permissions);
 }
 
 scoped_refptr<const ExtensionPermissionSet>
     Extension::GetActivePermissions() const {
   base::AutoLock auto_lock(runtime_data_lock_);
   return runtime_data_.GetActivePermissions();
 }
 
-bool Extension::IsComponentOnlyPermission(
-    const ExtensionAPIPermission* api) const {
-  if (location() == Extension::COMPONENT)
-    return true;
-
-  if (api == NULL)
-    return true;
-
-  return !api->is_component_only();
-}
-
 bool Extension::HasMultipleUISurfaces() const {
   int num_surfaces = 0;
 
   if (page_action())
     ++num_surfaces;
 
   if (browser_action())
     ++num_surfaces;
 
   if (is_app())
@@ skipping 51 matching lines @@
   return location() != Extension::COMPONENT;
 }
 
 bool Extension::ImplicitlyDelaysNetworkStartup() const {
   // Network requests should be deferred until any extensions that might want
   // to observe or modify them are loaded.
   return HasAPIPermission(ExtensionAPIPermission::kWebNavigation) ||
       HasAPIPermission(ExtensionAPIPermission::kWebRequest);
 }
 
-bool Extension::IsDisallowedExperimentalPermission(
-    ExtensionAPIPermission::ID permission) const {
-  return permission == ExtensionAPIPermission::kExperimental &&
-      !CommandLine::ForCurrentProcess()->HasSwitch(
-        switches::kEnableExperimentalExtensionApis);
+bool Extension::CanSpecifyAPIPermission(
+    const ExtensionAPIPermission* permission,
+    std::string* error) const {
+  if (permission->is_component_only()) {
+    if (!CanSpecifyComponentOnlyPermission())
+      return false;
+  }
+
+  if (permission->id() == ExtensionAPIPermission::kExperimental) {
+    if (!CanSpecifyExperimentalPermission()) {
+      *error = errors::kExperimentalFlagRequired;
+      return false;
+    }
+  }
+
+  if (is_hosted_app()) {
+    if (!CanSpecifyPermissionForHostedApp(permission))
+      return false;
+  }
+
+  return true;
+}
+
+bool Extension::CanSpecifyComponentOnlyPermission() const {
+  // Only COMPONENT extensions can use private APIs.
+  // TODO(asargent) - We want a more general purpose mechanism for this,
+  // and better error messages. (http://crbug.com/54013)
+  if (location_ == Extension::COMPONENT)
+    return true;
+
+#ifndef NDEBUG
+  if (CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kExposePrivateExtensionApi)) {
+    return true;
+  }
+#endif
+
+  return false;
+}
+
+bool Extension::CanSpecifyExperimentalPermission() const {
+  if (location_ == Extension::COMPONENT)
+    return true;
+
+  if (CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kEnableExperimentalExtensionApis)) {
+    return true;
+  }
+
+  // We rely on the webstore to check access to experimental. This way we can
+  // whitelist extensions to have access to experimental in just the store, and
+  // not have to push a new version of the client.
+  if (from_webstore())
+    return true;
+
+  return false;
+}
+
+bool Extension::CanSpecifyPermissionForHostedApp(
+    const ExtensionAPIPermission* permission) const {
+  if (location_ == Extension::COMPONENT)
+    return true;
+
+  if (permission->is_hosted_app())
+    return true;
+
+  return false;
 }
 
 bool Extension::CanExecuteScriptEverywhere() const {
   if (location() == Extension::COMPONENT
 #ifndef NDEBUG
       || CommandLine::ForCurrentProcess()->HasSwitch(
           switches::kExposePrivateExtensionApi)
 #endif
       )
     return true;
@@ skipping 129 matching lines @@
     already_disabled(false),
     extension(extension) {}
 
 UpdatedExtensionPermissionsInfo::UpdatedExtensionPermissionsInfo(
     const Extension* extension,
     const ExtensionPermissionSet* permissions,
     Reason reason)
     : reason(reason),
       extension(extension),
       permissions(permissions) {}