Allow extensions on chrome:// URLs, when flag is set and permission is explicitly requested

chrome/common/extensions/extension.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/extensions/extension.h"
 
 #include "base/base64.h"
 #include "base/basictypes.h"
 #include "base/command_line.h"
 #include "base/file_util.h"
@@ skipping 572 matching lines @@
         URLPattern::SCHEME_ALL : kValidHostPermissionSchemes;
 
     for (std::vector<std::string>::const_iterator it = host_data.begin();
          it != host_data.end(); ++it) {
       const std::string& permission_str = *it;
 
       // Check if it's a host pattern permission.
       URLPattern pattern = URLPattern(kAllowedSchemes);
       URLPattern::ParseResult parse_result = pattern.Parse(permission_str);
       if (parse_result == URLPattern::PARSE_SUCCESS) {
+        // The path component is not used for host permissions, so we force it
+        // to match all paths.
+        pattern.SetPath("/*");
+        int valid_schemes = pattern.valid_schemes();
+        if (pattern.MatchesScheme(chrome::kFileScheme) &&
+            !CanExecuteScriptEverywhere()) {
+          wants_file_access_ = true;
+          if (!(creation_flags_ & ALLOW_FILE_ACCESS))
+            valid_schemes &= ~URLPattern::SCHEME_FILE;
+        }
+
+        if (pattern.scheme() != chrome::kChromeUIScheme &&
+            !CanExecuteScriptEverywhere()) {
+          // Keep chrome:// in allowed schemes only if it's explicitly requested
+          // or CanExecuteScriptEverywhere is true. If the
+          // extensions_on_chrome_urls flag is not set, CanSpecifyHostPermission
+          // will fail, so don't check the flag here.
+          valid_schemes &= ~URLPattern::SCHEME_CHROMEUI;
+        }
+        pattern.SetValidSchemes(valid_schemes);
+
         if (!CanSpecifyHostPermission(pattern, *api_permissions)) {
+          // TODO(aboxhall): make a warning (see line 633)
           *error = ErrorUtils::FormatErrorMessageUTF16(
               errors::kInvalidPermissionScheme, permission_str);
           return false;
         }
 
-        // The path component is not used for host permissions, so we force it
-        // to match all paths.
-        pattern.SetPath("/*");
+        host_permissions->AddPattern(pattern);
 
-        if (pattern.MatchesScheme(chrome::kFileScheme) &&
-            !CanExecuteScriptEverywhere()) {
-          wants_file_access_ = true;
-          if (!(creation_flags_ & ALLOW_FILE_ACCESS)) {
-            pattern.SetValidSchemes(
-                pattern.valid_schemes() & ~URLPattern::SCHEME_FILE);
+        // We need to make sure all_urls matches chrome://favicon and
+        // (maybe) chrome://thumbnail, so add them back in to host_permissions
+        // separately.
+        if (pattern.match_all_urls()) {
+          host_permissions->AddPattern(
+              URLPattern(URLPattern::SCHEME_CHROMEUI,
+                         chrome::kChromeUIFaviconURL));
+          if (api_permissions->find(APIPermission::kExperimental) !=
+              api_permissions->end()) {
+            host_permissions->AddPattern(
+                URLPattern(URLPattern::SCHEME_CHROMEUI,
+                           chrome::kChromeUIThumbnailURL));
           }
         }
-
-        host_permissions->AddPattern(pattern);
         continue;
       }
 
       // It's probably an unknown API permission. Do not throw an error so
       // extensions can retain backwards compatability (http://crbug.com/42742).
       install_warnings_.push_back(InstallWarning(
           InstallWarning::FORMAT_TEXT,
           base::StringPrintf(
               "Permission '%s' is unknown or URL pattern is malformed.",
               permission_str.c_str())));
@@ skipping 34 matching lines @@
 const URLPatternSet& Extension::GetEffectiveHostPermissions() const {
   base::AutoLock auto_lock(runtime_data_lock_);
   return runtime_data_.GetActivePermissions()->effective_hosts();
 }
 
 bool Extension::CanSilentlyIncreasePermissions() const {
   return location() != Manifest::INTERNAL;
 }
 
 bool Extension::HasHostPermission(const GURL& url) const {
-  if (url.SchemeIs(chrome::kChromeUIScheme) &&
-      url.host() != chrome::kChromeUIFaviconHost &&
-      url.host() != chrome::kChromeUIThumbnailHost &&
-      location() != Manifest::COMPONENT) {
-    return false;
-  }
-
   base::AutoLock auto_lock(runtime_data_lock_);
   return runtime_data_.GetActivePermissions()->
       HasExplicitAccessToOrigin(url);
 }
 
 bool Extension::HasEffectiveAccessToAllHosts() const {
   base::AutoLock auto_lock(runtime_data_lock_);
   return runtime_data_.GetActivePermissions()->HasEffectiveAccessToAllHosts();
 }
 
@@ skipping 112 matching lines @@
   GURL store_url(extension_urls::GetWebstoreLaunchURL());
   if ((document_url.host() == store_url.host()) &&
       !CanExecuteScriptEverywhere() &&
       !CommandLine::ForCurrentProcess()->HasSwitch(
           switches::kAllowScriptingGallery)) {
     if (error)
       *error = errors::kCannotScriptGallery;
     return false;
   }
 
-  if (document_url.SchemeIs(chrome::kChromeUIScheme) &&
-      !CanExecuteScriptEverywhere()) {
-    return false;
+  if (!CommandLine::ForCurrentProcess()->HasSwitch(
+      switches::kExtensionsOnChromeURLs)) {
+    if (document_url.SchemeIs(chrome::kChromeUIScheme) &&
+        !CanExecuteScriptEverywhere()) {
+      return false;

[dmazzoni, 2013/03/19 20:48:44]

Doesn't this allow any extension to run on chrome:// urls with the flag, even if
they don't request it? Or is that caught earlier?

[aboxhall, 2013/03/20 22:04:59]

It's caught later, specifically on either line 850 or 854/55. This line just
early-outs in the case of a chrome:// url.

+    }
   }
 
   if (top_frame_url.SchemeIs(extensions::kExtensionScheme) &&
       top_frame_url.GetOrigin() !=
           GetBaseURLFromExtensionId(id()).GetOrigin() &&
       !CanExecuteScriptEverywhere()) {
     return false;
   }
 
   // If a tab ID is specified, try the tab-specific permissions.
@@ skipping 1329 matching lines @@
     std::string match_str;
     if (!matches->GetString(j, &match_str)) {
       *error = ErrorUtils::FormatErrorMessageUTF16(
           errors::kInvalidMatch,
           base::IntToString(definition_index),
           base::IntToString(j),
           errors::kExpectString);
       return false;
     }
 
-    URLPattern pattern(UserScript::kValidUserScriptSchemes);
-    if (CanExecuteScriptEverywhere())
-      pattern.SetValidSchemes(URLPattern::SCHEME_ALL);
+    URLPattern pattern(
+        UserScript::ValidUserScriptSchemes(CanExecuteScriptEverywhere()));
 
     URLPattern::ParseResult parse_result = pattern.Parse(match_str);
     if (parse_result != URLPattern::PARSE_SUCCESS) {
       *error = ErrorUtils::FormatErrorMessageUTF16(
           errors::kInvalidMatch,
           base::IntToString(definition_index),
           base::IntToString(j),
           URLPattern::GetParseResultString(parse_result));
       return false;
     }
 
+    // TODO(aboxhall): check for webstore
+    if (!CanExecuteScriptEverywhere() &&
+        pattern.scheme() != chrome::kChromeUIScheme) {
+      pattern.SetValidSchemes(

[Matt Perry, 2013/03/19 17:49:32]

Add a comment on what's happening here.

[aboxhall, 2013/03/20 22:04:59]

Done.

[aboxhall, 2013/03/20 22:04:59]

Done.

+          pattern.valid_schemes() & ~URLPattern::SCHEME_CHROMEUI);
+    }
+
     if (pattern.MatchesScheme(chrome::kFileScheme) &&
         !CanExecuteScriptEverywhere()) {
       wants_file_access_ = true;
       if (!(creation_flags_ & ALLOW_FILE_ACCESS)) {
         pattern.SetValidSchemes(
             pattern.valid_schemes() & ~URLPattern::SCHEME_FILE);
       }
     }
 
     result->add_url_pattern(pattern);
@@ skipping 219 matching lines @@
     // Experimental extensions are also allowed chrome://thumb.
     if (pattern.host() == chrome::kChromeUIThumbnailHost) {
       return permissions.find(APIPermission::kExperimental) !=
           permissions.end();
     }
 
     // Component extensions can have access to all of chrome://*.
     if (CanExecuteScriptEverywhere())
       return true;
 
+    if (CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kExtensionsOnChromeURLs))
+      return true;
+
+    // TODO(aboxhall): return from_webstore() when webstore handles blocking
+    // extensions which request chrome:// urls
     return false;
   }
 
   // Otherwise, the valid schemes were handled by URLPattern.
   return true;
 }
 
 bool Extension::CheckMinimumChromeVersion(string16* error) const {
   if (!manifest_->HasKey(keys::kMinimumChromeVersion))
     return true;
@@ skipping 81 matching lines @@
 
 UpdatedExtensionPermissionsInfo::UpdatedExtensionPermissionsInfo(
     const Extension* extension,
     const PermissionSet* permissions,
     Reason reason)
     : reason(reason),
       extension(extension),
       permissions(permissions) {}
 
 }   // namespace extensions