chrome/common/extensions/extension_set.cc - Issue 8659009: Consider the origin when computing extension permissions

Side by Side Diff: chrome/common/extensions/extension_set.cc

Issue 8659009: Consider the origin when computing extension permissions (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: '' Created 9 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/common/extensions/extension_set.h"	5 #include "chrome/common/extensions/extension_set.h"

6	6

7 #include "base/logging.h"	7 #include "base/logging.h"

8 #include "chrome/common/url_constants.h"	8 #include "chrome/common/url_constants.h"

9	9

	10 using WebKit::WebSecurityOrigin;

	11

10 ExtensionSet::ExtensionSet() {	12 ExtensionSet::ExtensionSet() {

11 }	13 }

12	14

13 ExtensionSet::~ExtensionSet() {	15 ExtensionSet::~ExtensionSet() {

14 }	16 }

15	17

16 size_t ExtensionSet::size() const {	18 size_t ExtensionSet::size() const {

17 return extensions_.size();	19 return extensions_.size();

18 }	20 }

19	21

20 bool ExtensionSet::Contains(const std::string& extension_id) const {	22 bool ExtensionSet::Contains(const std::string& extension_id) const {

21 return extensions_.find(extension_id) != extensions_.end();	23 return extensions_.find(extension_id) != extensions_.end();

22 }	24 }

23	25

24 void ExtensionSet::Insert(const scoped_refptr<const Extension>& extension) {	26 void ExtensionSet::Insert(const scoped_refptr<const Extension>& extension) {

25 extensions_[extension->id()] = extension;	27 extensions_[extension->id()] = extension;

26 }	28 }

27	29

28 void ExtensionSet::Remove(const std::string& id) {	30 void ExtensionSet::Remove(const std::string& id) {

29 extensions_.erase(id);	31 extensions_.erase(id);

30 }	32 }

31	33

32 std::string ExtensionSet::GetIdByURL(const GURL& url) const {	34 std::string ExtensionSet::GetIdByURL(WebSecurityOrigin origin,

	35 const GURL& url) const {

33 if (url.SchemeIs(chrome::kExtensionScheme))	36 if (url.SchemeIs(chrome::kExtensionScheme))

34 return url.host();	37 return origin.isUnique() ? "" : url.host();
	Aaron Boodman 2011/11/30 02:01:31 What will the host() be in the case of a unique or What will the host() be in the case of a unique origin. Seems like it would already be the empty string. abarth-chromium 2011/11/30 02:04:49 In the case of iframe sandbox, it can actually be Show quoted text On 2011/11/30 02:01:31, Aaron Boodman wrote: > What will the host() be in the case of a unique origin. Seems like it would > already be the empty string. In the case of iframe sandbox, it can actually be anything. You can take whatever URL you like and render it in a sandboxed iframe. The iframe will then have a unique origin, but it will remember its normal URL.
35	38

36 const Extension* extension = GetByURL(url);	39 const Extension* extension = GetByURL(origin, url);

37 if (!extension)	40 if (!extension)

38 return "";	41 return "";

39	42

40 return extension->id();	43 return extension->id();

41 }	44 }

42	45

43 const Extension* ExtensionSet::GetByURL(const GURL& url) const {	46 const Extension* ExtensionSet::GetByURL(WebSecurityOrigin origin,

	47 const GURL& url) const {

	48 // The extension system uses both a document's origin and its URL to

	49 // grant permissions. Ideally, we would use only the origin, but because

	50 // the web extent of a hosted app can be less than an entire origin, we

	51 // take the URL into account as well

	52 //

	53 // In the common case, the document's origin will coorespond to its URL,
	Aaron Boodman 2011/11/30 02:01:31 typo: coorespond typo: coorespond
	54 // but in some rare cases involving sandboxing, the two will be different.

	55 // We catch those cases by checking whether the document's origin is unique.

	56 // If that's not the case, then we conclude that the document's security

	57 // context is well-described by its URL and proceed to use only the URL.

	58 if (origin.isUnique())

	59 return NULL;

	60 return GetByURLWithoutSecurityCheck(url);

	61 }

	62

	63 const Extension* ExtensionSet::GetByURLWithoutSecurityCheck(

	64 const GURL& url) const {

44 if (url.SchemeIs(chrome::kExtensionScheme))	65 if (url.SchemeIs(chrome::kExtensionScheme))

45 return GetByID(url.host());	66 return GetByID(url.host());

46	67

47 ExtensionMap::const_iterator i = extensions_.begin();	68 ExtensionMap::const_iterator i = extensions_.begin();

48 for (; i != extensions_.end(); ++i) {	69 for (; i != extensions_.end(); ++i) {

49 if (i->second->web_extent().MatchesURL(url))	70 if (i->second->web_extent().MatchesURL(url))

50 return i->second.get();	71 return i->second.get();

51 }	72 }

52	73

53 return NULL;	74 return NULL;

54 }	75 }

55	76

56 bool ExtensionSet::InSameExtent(const GURL& old_url,	77 bool ExtensionSet::InSameExtent(const GURL& old_url,

57 const GURL& new_url) const {	78 const GURL& new_url) const {

58 return GetByURL(old_url) == GetByURL(new_url);	79 return GetByURLWithoutSecurityCheck(old_url) ==

	80 GetByURLWithoutSecurityCheck(new_url);

59 }	81 }

60	82

61 const Extension* ExtensionSet::GetByID(const std::string& id) const {	83 const Extension* ExtensionSet::GetByID(const std::string& id) const {

62 ExtensionMap::const_iterator i = extensions_.find(id);	84 ExtensionMap::const_iterator i = extensions_.find(id);

63 if (i != extensions_.end())	85 if (i != extensions_.end())

64 return i->second.get();	86 return i->second.get();

65 else	87 else

66 return NULL;	88 return NULL;

67 }	89 }

68	90

69 bool ExtensionSet::ExtensionBindingsAllowed(const GURL& url) const {	91 bool ExtensionSet::ExtensionBindingsAllowed(WebSecurityOrigin origin,

	92 const GURL& url) const {

	93 if (origin.isUnique())

	94 return false;

	95

70 if (url.SchemeIs(chrome::kExtensionScheme))	96 if (url.SchemeIs(chrome::kExtensionScheme))

71 return true;	97 return true;

72	98

73 ExtensionMap::const_iterator i = extensions_.begin();	99 ExtensionMap::const_iterator i = extensions_.begin();

74 for (; i != extensions_.end(); ++i) {	100 for (; i != extensions_.end(); ++i) {

75 if (i->second->location() == Extension::COMPONENT &&	101 if (i->second->location() == Extension::COMPONENT &&

76 i->second->web_extent().MatchesURL(url))	102 i->second->web_extent().MatchesURL(url))

77 return true;	103 return true;

78 }	104 }

79	105

80 return false;	106 return false;

81 }	107 }

OLD	NEW

« chrome/common/extensions/extension_set.h ('K') | « chrome/common/extensions/extension_set.h ('k') | chrome/common/extensions/extension_set_unittest.cc » ('j') | no next file with comments »