| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_COMMON_EXTENSIONS_EXTENSION_SET_H_ | 5 #ifndef CHROME_COMMON_EXTENSIONS_EXTENSION_SET_H_ |
| 6 #define CHROME_COMMON_EXTENSIONS_EXTENSION_SET_H_ | 6 #define CHROME_COMMON_EXTENSIONS_EXTENSION_SET_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <map> | 9 #include <map> |
| 10 #include <string> | 10 #include <string> |
| 11 #include <vector> | 11 #include <vector> |
| 12 | 12 |
| 13 #include "base/gtest_prod_util.h" | 13 #include "base/gtest_prod_util.h" |
| 14 #include "base/memory/ref_counted.h" | 14 #include "base/memory/ref_counted.h" |
| 15 #include "chrome/common/extensions/extension.h" | 15 #include "chrome/common/extensions/extension.h" |
| 16 #include "googleurl/src/gurl.h" | 16 #include "googleurl/src/gurl.h" |
| 17 #include "third_party/WebKit/Source/WebKit/chromium/public/WebSecurityOrigin.h" |
| 18 |
| 19 class ExtensionURLInfo { |
| 20 public: |
| 21 // The extension system uses both a document's origin and its URL to |
| 22 // grant permissions. Ideally, we would use only the origin, but because |
| 23 // the web extent of a hosted app can be less than an entire origin, we |
| 24 // take the URL into account as well |
| 25 ExtensionURLInfo(WebKit::WebSecurityOrigin origin, const GURL& url); |
| 26 |
| 27 // WARNING! Using this constructor can miss important security checks if |
| 28 // you're trying to find a running extension. For example, if the |
| 29 // URL in question is being rendered inside an iframe sandbox, then |
| 30 // we might incorrectly grant it access to powerful extension APIs. |
| 31 explicit ExtensionURLInfo(const GURL& url); |
| 32 |
| 33 const WebKit::WebSecurityOrigin& origin() const { return origin_; } |
| 34 const GURL& url() const { return url_; } |
| 35 |
| 36 private: |
| 37 WebKit::WebSecurityOrigin origin_; |
| 38 GURL url_; |
| 39 }; |
| 17 | 40 |
| 18 // The one true extension container. Extensions are identified by their id. | 41 // The one true extension container. Extensions are identified by their id. |
| 19 // Only one extension can be in the set with a given ID. | 42 // Only one extension can be in the set with a given ID. |
| 20 class ExtensionSet { | 43 class ExtensionSet { |
| 21 public: | 44 public: |
| 22 typedef std::pair<FilePath, std::string> ExtensionPathAndDefaultLocale; | 45 typedef std::pair<FilePath, std::string> ExtensionPathAndDefaultLocale; |
| 23 typedef std::map<std::string, scoped_refptr<const Extension> > ExtensionMap; | 46 typedef std::map<std::string, scoped_refptr<const Extension> > ExtensionMap; |
| 24 typedef ExtensionMap::const_iterator const_iterator; | 47 typedef ExtensionMap::const_iterator const_iterator; |
| 25 | 48 |
| 26 ExtensionSet(); | 49 ExtensionSet(); |
| 27 ~ExtensionSet(); | 50 ~ExtensionSet(); |
| 28 | 51 |
| 29 // Gets the number of extensions contained. | 52 // Gets the number of extensions contained. |
| 30 size_t size() const; | 53 size_t size() const; |
| 31 | 54 |
| 32 // Iteration support. | 55 // Iteration support. |
| 33 const_iterator begin() const { return extensions_.begin(); } | 56 const_iterator begin() const { return extensions_.begin(); } |
| 34 const_iterator end() const { return extensions_.end(); } | 57 const_iterator end() const { return extensions_.end(); } |
| 35 | 58 |
| 36 // Returns true if the set contains the specified extension. | 59 // Returns true if the set contains the specified extension. |
| 37 bool Contains(const std::string& id) const; | 60 bool Contains(const std::string& id) const; |
| 38 | 61 |
| 39 // Adds the specified extension to the set. The set becomes an owner. Any | 62 // Adds the specified extension to the set. The set becomes an owner. Any |
| 40 // previous extension with the same ID is removed. | 63 // previous extension with the same ID is removed. |
| 41 void Insert(const scoped_refptr<const Extension>& extension); | 64 void Insert(const scoped_refptr<const Extension>& extension); |
| 42 | 65 |
| 43 // Removes the specified extension. | 66 // Removes the specified extension. |
| 44 void Remove(const std::string& id); | 67 void Remove(const std::string& id); |
| 45 | 68 |
| 46 // Returns the extension ID that the given URL is a part of, or empty if | 69 // Returns the extension ID, or empty if none. This includes web URLs that |
| 47 // none. This includes web URLs that are part of an extension's web extent. | 70 // are part of an extension's web extent. |
| 48 std::string GetIdByURL(const GURL& url) const; | 71 std::string GetIdByURL(const ExtensionURLInfo& info) const; |
| 49 | 72 |
| 50 // Returns the Extension that the given URL is a part of, or NULL if none. | 73 // Returns the Extension, or NULL if none. This includes web URLs that are |
| 51 // This includes web URLs that are part of an extension's web extent. | 74 // part of an extension's web extent. |
| 52 // NOTE: This can return NULL if called before UpdateExtensions receives | 75 // NOTE: This can return NULL if called before UpdateExtensions receives |
| 53 // bulk extension data (e.g. if called from | 76 // bulk extension data (e.g. if called from |
| 54 // EventBindings::HandleContextCreated) | 77 // EventBindings::HandleContextCreated) |
| 55 const Extension* GetByURL(const GURL& url) const; | 78 const Extension* GetByURL(const ExtensionURLInfo& info) const; |
| 56 | 79 |
| 57 // Returns true if |new_url| is in the extent of the same extension as | 80 // Returns true if |new_url| is in the extent of the same extension as |
| 58 // |old_url|. Also returns true if neither URL is in an app. | 81 // |old_url|. Also returns true if neither URL is in an app. |
| 59 bool InSameExtent(const GURL& old_url, const GURL& new_url) const; | 82 bool InSameExtent(const GURL& old_url, const GURL& new_url) const; |
| 60 | 83 |
| 61 // Look up an Extension object by id. | 84 // Look up an Extension object by id. |
| 62 const Extension* GetByID(const std::string& id) const; | 85 const Extension* GetByID(const std::string& id) const; |
| 63 | 86 |
| 64 // Returns true if |url| should get extension api bindings and be permitted | 87 // Returns true if |info| should get extension api bindings and be permitted |
| 65 // to make api calls. Note that this is independent of what extension | 88 // to make api calls. Note that this is independent of what extension |
| 66 // permissions the given extension has been granted. | 89 // permissions the given extension has been granted. |
| 67 bool ExtensionBindingsAllowed(const GURL& url) const; | 90 bool ExtensionBindingsAllowed(const ExtensionURLInfo& info) const; |
| 68 | 91 |
| 69 private: | 92 private: |
| 70 FRIEND_TEST_ALL_PREFIXES(ExtensionSetTest, ExtensionSet); | 93 FRIEND_TEST_ALL_PREFIXES(ExtensionSetTest, ExtensionSet); |
| 71 | 94 |
| 72 ExtensionMap extensions_; | 95 ExtensionMap extensions_; |
| 73 | 96 |
| 74 DISALLOW_COPY_AND_ASSIGN(ExtensionSet); | 97 DISALLOW_COPY_AND_ASSIGN(ExtensionSet); |
| 75 }; | 98 }; |
| 76 | 99 |
| 77 #endif // CHROME_COMMON_EXTENSIONS_EXTENSION_SET_H_ | 100 #endif // CHROME_COMMON_EXTENSIONS_EXTENSION_SET_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8659009:
Consider the origin when computing extension permissions (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/