| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/common/permissions/permissions_data.h" | 5 #include "extensions/common/permissions/permissions_data.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "content/public/common/url_constants.h" | 8 #include "content/public/common/url_constants.h" |
| 9 #include "extensions/common/constants.h" | 9 #include "extensions/common/constants.h" |
| 10 #include "extensions/common/error_utils.h" | 10 #include "extensions/common/error_utils.h" |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 76 } | 76 } |
| 77 | 77 |
| 78 bool PermissionsData::ShouldSkipPermissionWarnings( | 78 bool PermissionsData::ShouldSkipPermissionWarnings( |
| 79 const std::string& extension_id) { | 79 const std::string& extension_id) { |
| 80 // See http://b/4946060 for more details. | 80 // See http://b/4946060 for more details. |
| 81 return extension_id == std::string("nckgahadagoaajjgafhacjanaoiihapd"); | 81 return extension_id == std::string("nckgahadagoaajjgafhacjanaoiihapd"); |
| 82 } | 82 } |
| 83 | 83 |
| 84 // static | 84 // static |
| 85 bool PermissionsData::IsRestrictedUrl(const GURL& document_url, | 85 bool PermissionsData::IsRestrictedUrl(const GURL& document_url, |
| 86 const GURL& top_frame_url, | |
| 87 const Extension* extension, | 86 const Extension* extension, |
| 88 std::string* error) { | 87 std::string* error) { |
| 89 if (extension && CanExecuteScriptEverywhere(extension)) | 88 if (extension && CanExecuteScriptEverywhere(extension)) |
| 90 return false; | 89 return false; |
| 91 | 90 |
| 92 // Check if the scheme is valid for extensions. If not, return. | 91 // Check if the scheme is valid for extensions. If not, return. |
| 93 if (!URLPattern::IsValidSchemeForExtensions(document_url.scheme()) && | 92 if (!URLPattern::IsValidSchemeForExtensions(document_url.scheme()) && |
| 94 document_url.spec() != url::kAboutBlankURL) { | 93 document_url.spec() != url::kAboutBlankURL) { |
| 95 if (error) { | 94 if (error) { |
| 96 *error = ErrorUtils::FormatErrorMessage( | 95 *error = ErrorUtils::FormatErrorMessage( |
| 97 manifest_errors::kCannotAccessPage, | 96 manifest_errors::kCannotAccessPage, |
| 98 document_url.spec()); | 97 document_url.spec()); |
| 99 } | 98 } |
| 100 return true; | 99 return true; |
| 101 } | 100 } |
| 102 | 101 |
| 103 if (!ExtensionsClient::Get()->IsScriptableURL(document_url, error)) | 102 if (!ExtensionsClient::Get()->IsScriptableURL(document_url, error)) |
| 104 return true; | 103 return true; |
| 105 | 104 |
| 106 bool allow_on_chrome_urls = base::CommandLine::ForCurrentProcess()->HasSwitch( | 105 bool allow_on_chrome_urls = base::CommandLine::ForCurrentProcess()->HasSwitch( |
| 107 switches::kExtensionsOnChromeURLs); | 106 switches::kExtensionsOnChromeURLs); |
| 108 if (document_url.SchemeIs(content::kChromeUIScheme) && | 107 if (document_url.SchemeIs(content::kChromeUIScheme) && |
| 109 !allow_on_chrome_urls) { | 108 !allow_on_chrome_urls) { |
| 110 if (error) | 109 if (error) |
| 111 *error = manifest_errors::kCannotAccessChromeUrl; | 110 *error = manifest_errors::kCannotAccessChromeUrl; |
| 112 return true; | 111 return true; |
| 113 } | 112 } |
| 114 | 113 |
| 115 if (extension && top_frame_url.SchemeIs(kExtensionScheme) && | 114 if (extension && document_url.SchemeIs(kExtensionScheme) && |
| 116 top_frame_url.host() != extension->id() && !allow_on_chrome_urls) { | 115 document_url.host() != extension->id() && !allow_on_chrome_urls) { |
| 117 if (error) | 116 if (error) |
| 118 *error = manifest_errors::kCannotAccessExtensionUrl; | 117 *error = manifest_errors::kCannotAccessExtensionUrl; |
| 119 return true; | 118 return true; |
| 120 } | 119 } |
| 121 | 120 |
| 122 return false; | 121 return false; |
| 123 } | 122 } |
| 124 | 123 |
| 125 void PermissionsData::SetPermissions( | 124 void PermissionsData::SetPermissions( |
| 126 const scoped_refptr<const PermissionSet>& active, | 125 const scoped_refptr<const PermissionSet>& active, |
| (...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 220 | 219 |
| 221 bool PermissionsData::HasWithheldImpliedAllHosts() const { | 220 bool PermissionsData::HasWithheldImpliedAllHosts() const { |
| 222 // Since we currently only withhold all_hosts, it's sufficient to check | 221 // Since we currently only withhold all_hosts, it's sufficient to check |
| 223 // that either set is not empty. | 222 // that either set is not empty. |
| 224 return !withheld_permissions()->explicit_hosts().is_empty() || | 223 return !withheld_permissions()->explicit_hosts().is_empty() || |
| 225 !withheld_permissions()->scriptable_hosts().is_empty(); | 224 !withheld_permissions()->scriptable_hosts().is_empty(); |
| 226 } | 225 } |
| 227 | 226 |
| 228 bool PermissionsData::CanAccessPage(const Extension* extension, | 227 bool PermissionsData::CanAccessPage(const Extension* extension, |
| 229 const GURL& document_url, | 228 const GURL& document_url, |
| 230 const GURL& top_frame_url, | |
| 231 int tab_id, | 229 int tab_id, |
| 232 int process_id, | 230 int process_id, |
| 233 std::string* error) const { | 231 std::string* error) const { |
| 234 AccessType result = CanRunOnPage(extension, | 232 AccessType result = CanRunOnPage(extension, |
| 235 document_url, | 233 document_url, |
| 236 top_frame_url, | |
| 237 tab_id, | 234 tab_id, |
| 238 process_id, | 235 process_id, |
| 239 active_permissions()->explicit_hosts(), | 236 active_permissions()->explicit_hosts(), |
| 240 withheld_permissions()->explicit_hosts(), | 237 withheld_permissions()->explicit_hosts(), |
| 241 error); | 238 error); |
| 242 // TODO(rdevlin.cronin) Update callers so that they only need ACCESS_ALLOWED. | 239 // TODO(rdevlin.cronin) Update callers so that they only need ACCESS_ALLOWED. |
| 243 return result == ACCESS_ALLOWED || result == ACCESS_WITHHELD; | 240 return result == ACCESS_ALLOWED || result == ACCESS_WITHHELD; |
| 244 } | 241 } |
| 245 | 242 |
| 246 PermissionsData::AccessType PermissionsData::GetPageAccess( | 243 PermissionsData::AccessType PermissionsData::GetPageAccess( |
| 247 const Extension* extension, | 244 const Extension* extension, |
| 248 const GURL& document_url, | 245 const GURL& document_url, |
| 249 const GURL& top_frame_url, | |
| 250 int tab_id, | 246 int tab_id, |
| 251 int process_id, | 247 int process_id, |
| 252 std::string* error) const { | 248 std::string* error) const { |
| 253 return CanRunOnPage(extension, | 249 return CanRunOnPage(extension, |
| 254 document_url, | 250 document_url, |
| 255 top_frame_url, | |
| 256 tab_id, | 251 tab_id, |
| 257 process_id, | 252 process_id, |
| 258 active_permissions()->explicit_hosts(), | 253 active_permissions()->explicit_hosts(), |
| 259 withheld_permissions()->explicit_hosts(), | 254 withheld_permissions()->explicit_hosts(), |
| 260 error); | 255 error); |
| 261 } | 256 } |
| 262 | 257 |
| 263 bool PermissionsData::CanRunContentScriptOnPage(const Extension* extension, | 258 bool PermissionsData::CanRunContentScriptOnPage(const Extension* extension, |
| 264 const GURL& document_url, | 259 const GURL& document_url, |
| 265 const GURL& top_frame_url, | |
| 266 int tab_id, | 260 int tab_id, |
| 267 int process_id, | 261 int process_id, |
| 268 std::string* error) const { | 262 std::string* error) const { |
| 269 AccessType result = CanRunOnPage(extension, | 263 AccessType result = CanRunOnPage(extension, |
| 270 document_url, | 264 document_url, |
| 271 top_frame_url, | |
| 272 tab_id, | 265 tab_id, |
| 273 process_id, | 266 process_id, |
| 274 active_permissions()->scriptable_hosts(), | 267 active_permissions()->scriptable_hosts(), |
| 275 withheld_permissions()->scriptable_hosts(), | 268 withheld_permissions()->scriptable_hosts(), |
| 276 error); | 269 error); |
| 277 // TODO(rdevlin.cronin) Update callers so that they only need ACCESS_ALLOWED. | 270 // TODO(rdevlin.cronin) Update callers so that they only need ACCESS_ALLOWED. |
| 278 return result == ACCESS_ALLOWED || result == ACCESS_WITHHELD; | 271 return result == ACCESS_ALLOWED || result == ACCESS_WITHHELD; |
| 279 } | 272 } |
| 280 | 273 |
| 281 PermissionsData::AccessType PermissionsData::GetContentScriptAccess( | 274 PermissionsData::AccessType PermissionsData::GetContentScriptAccess( |
| 282 const Extension* extension, | 275 const Extension* extension, |
| 283 const GURL& document_url, | 276 const GURL& document_url, |
| 284 const GURL& top_frame_url, | |
| 285 int tab_id, | 277 int tab_id, |
| 286 int process_id, | 278 int process_id, |
| 287 std::string* error) const { | 279 std::string* error) const { |
| 288 return CanRunOnPage(extension, | 280 return CanRunOnPage(extension, |
| 289 document_url, | 281 document_url, |
| 290 top_frame_url, | |
| 291 tab_id, | 282 tab_id, |
| 292 process_id, | 283 process_id, |
| 293 active_permissions()->scriptable_hosts(), | 284 active_permissions()->scriptable_hosts(), |
| 294 withheld_permissions()->scriptable_hosts(), | 285 withheld_permissions()->scriptable_hosts(), |
| 295 error); | 286 error); |
| 296 } | 287 } |
| 297 | 288 |
| 298 bool PermissionsData::CanCaptureVisiblePage(int tab_id, | 289 bool PermissionsData::CanCaptureVisiblePage(int tab_id, |
| 299 std::string* error) const { | 290 std::string* error) const { |
| 300 const URLPattern all_urls(URLPattern::SCHEME_ALL, | 291 const URLPattern all_urls(URLPattern::SCHEME_ALL, |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 345 tab_permissions->explicit_hosts().MatchesSecurityOrigin(url)) { | 336 tab_permissions->explicit_hosts().MatchesSecurityOrigin(url)) { |
| 346 return true; | 337 return true; |
| 347 } | 338 } |
| 348 } | 339 } |
| 349 return false; | 340 return false; |
| 350 } | 341 } |
| 351 | 342 |
| 352 PermissionsData::AccessType PermissionsData::CanRunOnPage( | 343 PermissionsData::AccessType PermissionsData::CanRunOnPage( |
| 353 const Extension* extension, | 344 const Extension* extension, |
| 354 const GURL& document_url, | 345 const GURL& document_url, |
| 355 const GURL& top_frame_url, | |
| 356 int tab_id, | 346 int tab_id, |
| 357 int process_id, | 347 int process_id, |
| 358 const URLPatternSet& permitted_url_patterns, | 348 const URLPatternSet& permitted_url_patterns, |
| 359 const URLPatternSet& withheld_url_patterns, | 349 const URLPatternSet& withheld_url_patterns, |
| 360 std::string* error) const { | 350 std::string* error) const { |
| 361 if (g_policy_delegate && | 351 if (g_policy_delegate && |
| 362 !g_policy_delegate->CanExecuteScriptOnPage( | 352 !g_policy_delegate->CanExecuteScriptOnPage( |
| 363 extension, document_url, top_frame_url, tab_id, process_id, error)) { | 353 extension, document_url, tab_id, process_id, error)) { |
| 364 return ACCESS_DENIED; | 354 return ACCESS_DENIED; |
| 365 } | 355 } |
| 366 | 356 |
| 367 if (IsRestrictedUrl(document_url, top_frame_url, extension, error)) | 357 if (IsRestrictedUrl(document_url, extension, error)) |
| 368 return ACCESS_DENIED; | 358 return ACCESS_DENIED; |
| 369 | 359 |
| 370 if (HasTabSpecificPermissionToExecuteScript(tab_id, top_frame_url)) | 360 if (HasTabSpecificPermissionToExecuteScript(tab_id, document_url)) |
| 371 return ACCESS_ALLOWED; | 361 return ACCESS_ALLOWED; |
| 372 | 362 |
| 373 if (permitted_url_patterns.MatchesURL(document_url)) | 363 if (permitted_url_patterns.MatchesURL(document_url)) |
| 374 return ACCESS_ALLOWED; | 364 return ACCESS_ALLOWED; |
| 375 | 365 |
| 376 if (withheld_url_patterns.MatchesURL(document_url)) | 366 if (withheld_url_patterns.MatchesURL(document_url)) |
| 377 return ACCESS_WITHHELD; | 367 return ACCESS_WITHHELD; |
| 378 | 368 |
| 379 if (error) { | 369 if (error) { |
| 380 *error = ErrorUtils::FormatErrorMessage(manifest_errors::kCannotAccessPage, | 370 *error = ErrorUtils::FormatErrorMessage(manifest_errors::kCannotAccessPage, |
| 381 document_url.spec()); | 371 document_url.spec()); |
| 382 } | 372 } |
| 383 return ACCESS_DENIED; | 373 return ACCESS_DENIED; |
| 384 } | 374 } |
| 385 | 375 |
| 386 } // namespace extensions | 376 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1150683007:
[Extensions] Use document url (not top url) for tab-specific permissions (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master