Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(569)

Side by Side Diff: chrome/common/extensions/extension.cc

Issue 9317013: Add a centralized mechanism for whitelisting access to extension permissions. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: fix a couple tests Created 8 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/common/extensions/extension.h" 5 #include "chrome/common/extensions/extension.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 8
9 #include "base/base64.h" 9 #include "base/base64.h"
10 #include "base/basictypes.h" 10 #include "base/basictypes.h"
(...skipping 2817 matching lines...) Expand 10 before | Expand all | Expand 10 after
2828 2828
2829 bool Extension::ImplicitlyDelaysNetworkStartup() const { 2829 bool Extension::ImplicitlyDelaysNetworkStartup() const {
2830 // Network requests should be deferred until any extensions that might want 2830 // Network requests should be deferred until any extensions that might want
2831 // to observe and modify them are loaded. 2831 // to observe and modify them are loaded.
2832 return HasAPIPermission(ExtensionAPIPermission::kWebRequestBlocking); 2832 return HasAPIPermission(ExtensionAPIPermission::kWebRequestBlocking);
2833 } 2833 }
2834 2834
2835 bool Extension::CanSpecifyAPIPermission( 2835 bool Extension::CanSpecifyAPIPermission(
2836 const ExtensionAPIPermission* permission, 2836 const ExtensionAPIPermission* permission,
2837 string16* error) const { 2837 string16* error) const {
2838 if (permission->is_component_only()) { 2838 if ((permission->is_component_only() &&
2839 if (!CanSpecifyComponentOnlyPermission()) { 2839 location_ != COMPONENT) ||
2840 *error = ExtensionErrorUtils::FormatErrorMessageUTF16( 2840 (permission->should_enforce_whitelist() &&
2841 errors::kPermissionNotAllowed, permission->name()); 2841 !permission->IsWhitelisted(id_))) {
2842 return false; 2842 *error = ExtensionErrorUtils::FormatErrorMessageUTF16(
2843 } 2843 errors::kPermissionNotAllowed, permission->name());
2844 return false;
2844 } 2845 }
2845 2846
2846 if (permission->id() == ExtensionAPIPermission::kExperimental) { 2847 if (permission->id() == ExtensionAPIPermission::kExperimental) {
2847 if (!CanSpecifyExperimentalPermission()) { 2848 if (!CanSpecifyExperimentalPermission()) {
2848 *error = ASCIIToUTF16(errors::kExperimentalFlagRequired); 2849 *error = ASCIIToUTF16(errors::kExperimentalFlagRequired);
2849 return false; 2850 return false;
2850 } 2851 }
2851 } 2852 }
2852 2853
2853 if (location_ == Extension::COMPONENT) 2854 if (location_ == Extension::COMPONENT)
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
2885 if (!is_hosted_app() || creation_flags_ & STRICT_ERROR_CHECKS) { 2886 if (!is_hosted_app() || creation_flags_ & STRICT_ERROR_CHECKS) {
2886 *error = ExtensionErrorUtils::FormatErrorMessageUTF16( 2887 *error = ExtensionErrorUtils::FormatErrorMessageUTF16(
2887 errors::kPermissionNotAllowed, permission->name()); 2888 errors::kPermissionNotAllowed, permission->name());
2888 } 2889 }
2889 return false; 2890 return false;
2890 } 2891 }
2891 2892
2892 return true; 2893 return true;
2893 } 2894 }
2894 2895
2895 bool Extension::CanSpecifyComponentOnlyPermission() const {
2896 // Only COMPONENT extensions can use private APIs.
2897 // TODO(asargent) - We want a more general purpose mechanism for this,
2898 // and better error messages. (http://crbug.com/54013)
2899 return location_ == Extension::COMPONENT;
2900 }
2901
2902 bool Extension::CanSpecifyExperimentalPermission() const { 2896 bool Extension::CanSpecifyExperimentalPermission() const {
2903 if (location_ == Extension::COMPONENT) 2897 if (location_ == Extension::COMPONENT)
2904 return true; 2898 return true;
2905 2899
2906 if (CommandLine::ForCurrentProcess()->HasSwitch( 2900 if (CommandLine::ForCurrentProcess()->HasSwitch(
2907 switches::kEnableExperimentalExtensionApis)) { 2901 switches::kEnableExperimentalExtensionApis)) {
2908 return true; 2902 return true;
2909 } 2903 }
2910 2904
2911 // We rely on the webstore to check access to experimental. This way we can 2905 // We rely on the webstore to check access to experimental. This way we can
(...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after
3047 already_disabled(false), 3041 already_disabled(false),
3048 extension(extension) {} 3042 extension(extension) {}
3049 3043
3050 UpdatedExtensionPermissionsInfo::UpdatedExtensionPermissionsInfo( 3044 UpdatedExtensionPermissionsInfo::UpdatedExtensionPermissionsInfo(
3051 const Extension* extension, 3045 const Extension* extension,
3052 const ExtensionPermissionSet* permissions, 3046 const ExtensionPermissionSet* permissions,
3053 Reason reason) 3047 Reason reason)
3054 : reason(reason), 3048 : reason(reason),
3055 extension(extension), 3049 extension(extension),
3056 permissions(permissions) {} 3050 permissions(permissions) {}
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698