| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/common/permissions/permissions_data.h" | 5 #include "extensions/common/permissions/permissions_data.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "content/public/common/url_constants.h" | 8 #include "content/public/common/url_constants.h" |
| 9 #include "extensions/common/constants.h" | 9 #include "extensions/common/constants.h" |
| 10 #include "extensions/common/error_utils.h" | 10 #include "extensions/common/error_utils.h" |
| 11 #include "extensions/common/extension.h" | 11 #include "extensions/common/extension.h" |
| 12 #include "extensions/common/extensions_client.h" | 12 #include "extensions/common/extensions_client.h" |
| 13 #include "extensions/common/manifest.h" | 13 #include "extensions/common/manifest.h" |
| 14 #include "extensions/common/manifest_constants.h" | 14 #include "extensions/common/manifest_constants.h" |
| 15 #include "extensions/common/manifest_handlers/permissions_parser.h" | 15 #include "extensions/common/manifest_handlers/permissions_parser.h" |
| 16 #include "extensions/common/permissions/permission_message_provider.h" | 16 #include "extensions/common/permissions/permission_message_provider.h" |
| 17 #include "extensions/common/switches.h" | 17 #include "extensions/common/switches.h" |
| 18 #include "extensions/common/url_pattern_set.h" | 18 #include "extensions/common/url_pattern_set.h" |
| 19 #include "url/gurl.h" | 19 #include "url/gurl.h" |
| 20 #include "url/url_constants.h" | 20 #include "url/url_constants.h" |
| 21 | 21 |
| 22 namespace extensions { | 22 namespace extensions { |
| 23 | 23 |
| 24 namespace { | 24 namespace { |
| 25 | 25 |
| 26 PermissionsData::PolicyDelegate* g_policy_delegate = NULL; | 26 PermissionsData::PolicyDelegate* g_policy_delegate = NULL; |
| 27 | 27 |
| 28 class AutoLockOnValidThread { |
| 29 public: |
| 30 AutoLockOnValidThread(base::Lock& lock, base::ThreadChecker* thread_checker) |
| 31 : auto_lock_(lock) { |
| 32 DCHECK(!thread_checker || thread_checker->CalledOnValidThread()); |
| 33 } |
| 34 |
| 35 private: |
| 36 base::AutoLock auto_lock_; |
| 37 |
| 38 DISALLOW_COPY_AND_ASSIGN(AutoLockOnValidThread); |
| 39 }; |
| 40 |
| 28 } // namespace | 41 } // namespace |
| 29 | 42 |
| 30 PermissionsData::PermissionsData(const Extension* extension) | 43 PermissionsData::PermissionsData(const Extension* extension) |
| 31 : extension_id_(extension->id()), manifest_type_(extension->GetType()) { | 44 : extension_id_(extension->id()), manifest_type_(extension->GetType()) { |
| 32 base::AutoLock auto_lock(runtime_lock_); | 45 const PermissionSet* required_permissions = |
| 33 scoped_refptr<const PermissionSet> required_permissions = | |
| 34 PermissionsParser::GetRequiredPermissions(extension); | 46 PermissionsParser::GetRequiredPermissions(extension); |
| 35 active_permissions_unsafe_ = | 47 active_permissions_unsafe_.reset( |
| 36 new PermissionSet(required_permissions->apis(), | 48 new PermissionSet(required_permissions->apis(), |
| 37 required_permissions->manifest_permissions(), | 49 required_permissions->manifest_permissions(), |
| 38 required_permissions->explicit_hosts(), | 50 required_permissions->explicit_hosts(), |
| 39 required_permissions->scriptable_hosts()); | 51 required_permissions->scriptable_hosts())); |
| 40 withheld_permissions_unsafe_ = new PermissionSet(); | 52 withheld_permissions_unsafe_.reset(new PermissionSet()); |
| 41 } | 53 } |
| 42 | 54 |
| 43 PermissionsData::~PermissionsData() { | 55 PermissionsData::~PermissionsData() { |
| 44 } | 56 } |
| 45 | 57 |
| 46 // static | 58 // static |
| 47 void PermissionsData::SetPolicyDelegate(PolicyDelegate* delegate) { | 59 void PermissionsData::SetPolicyDelegate(PolicyDelegate* delegate) { |
| 48 g_policy_delegate = delegate; | 60 g_policy_delegate = delegate; |
| 49 } | 61 } |
| 50 | 62 |
| (...skipping 17 matching lines...) Expand all Loading... |
| 68 // shows up in chrome:extensions (so the user can grant withheld permissions), | 80 // shows up in chrome:extensions (so the user can grant withheld permissions), |
| 69 // is not part of chrome or corporate policy, not on the scripting whitelist, | 81 // is not part of chrome or corporate policy, not on the scripting whitelist, |
| 70 // and requires enough permissions that we should withhold them. | 82 // and requires enough permissions that we should withhold them. |
| 71 return extension->ShouldDisplayInExtensionSettings() && | 83 return extension->ShouldDisplayInExtensionSettings() && |
| 72 !Manifest::IsPolicyLocation(extension->location()) && | 84 !Manifest::IsPolicyLocation(extension->location()) && |
| 73 !Manifest::IsComponentLocation(extension->location()) && | 85 !Manifest::IsComponentLocation(extension->location()) && |
| 74 !CanExecuteScriptEverywhere(extension) && | 86 !CanExecuteScriptEverywhere(extension) && |
| 75 permissions->ShouldWarnAllHosts(); | 87 permissions->ShouldWarnAllHosts(); |
| 76 } | 88 } |
| 77 | 89 |
| 90 // static |
| 78 bool PermissionsData::ShouldSkipPermissionWarnings( | 91 bool PermissionsData::ShouldSkipPermissionWarnings( |
| 79 const std::string& extension_id) { | 92 const std::string& extension_id) { |
| 80 // See http://b/4946060 for more details. | 93 // See http://b/4946060 for more details. |
| 81 return extension_id == extension_misc::kProdHangoutsExtensionId; | 94 return extension_id == extension_misc::kProdHangoutsExtensionId; |
| 82 } | 95 } |
| 83 | 96 |
| 84 // static | 97 // static |
| 85 bool PermissionsData::IsRestrictedUrl(const GURL& document_url, | 98 bool PermissionsData::IsRestrictedUrl(const GURL& document_url, |
| 86 const Extension* extension, | 99 const Extension* extension, |
| 87 std::string* error) { | 100 std::string* error) { |
| (...skipping 26 matching lines...) Expand all Loading... |
| 114 if (extension && document_url.SchemeIs(kExtensionScheme) && | 127 if (extension && document_url.SchemeIs(kExtensionScheme) && |
| 115 document_url.host() != extension->id() && !allow_on_chrome_urls) { | 128 document_url.host() != extension->id() && !allow_on_chrome_urls) { |
| 116 if (error) | 129 if (error) |
| 117 *error = manifest_errors::kCannotAccessExtensionUrl; | 130 *error = manifest_errors::kCannotAccessExtensionUrl; |
| 118 return true; | 131 return true; |
| 119 } | 132 } |
| 120 | 133 |
| 121 return false; | 134 return false; |
| 122 } | 135 } |
| 123 | 136 |
| 137 void PermissionsData::BindToCurrentThread() const { |
| 138 DCHECK(!thread_checker_); |
| 139 thread_checker_.reset(new base::ThreadChecker()); |
| 140 } |
| 141 |
| 124 void PermissionsData::SetPermissions( | 142 void PermissionsData::SetPermissions( |
| 125 const scoped_refptr<const PermissionSet>& active, | 143 scoped_ptr<const PermissionSet> active, |
| 126 const scoped_refptr<const PermissionSet>& withheld) const { | 144 scoped_ptr<const PermissionSet> withheld) const { |
| 127 base::AutoLock auto_lock(runtime_lock_); | 145 AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get()); |
| 128 active_permissions_unsafe_ = active; | 146 active_permissions_unsafe_ = active.Pass(); |
| 129 withheld_permissions_unsafe_ = withheld; | 147 withheld_permissions_unsafe_ = withheld.Pass(); |
| 148 } |
| 149 |
| 150 void PermissionsData::SetActivePermissions( |
| 151 scoped_ptr<const PermissionSet> active) const { |
| 152 AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get()); |
| 153 active_permissions_unsafe_ = active.Pass(); |
| 130 } | 154 } |
| 131 | 155 |
| 132 void PermissionsData::UpdateTabSpecificPermissions( | 156 void PermissionsData::UpdateTabSpecificPermissions( |
| 133 int tab_id, | 157 int tab_id, |
| 134 scoped_refptr<const PermissionSet> permissions) const { | 158 const PermissionSet& permissions) const { |
| 135 base::AutoLock auto_lock(runtime_lock_); | 159 AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get()); |
| 136 CHECK_GE(tab_id, 0); | 160 CHECK_GE(tab_id, 0); |
| 137 TabPermissionsMap::iterator iter = tab_specific_permissions_.find(tab_id); | 161 TabPermissionsMap::const_iterator iter = |
| 138 if (iter == tab_specific_permissions_.end()) | 162 tab_specific_permissions_.find(tab_id); |
| 139 tab_specific_permissions_[tab_id] = permissions; | 163 scoped_ptr<const PermissionSet> new_permissions = PermissionSet::CreateUnion( |
| 140 else | 164 iter == tab_specific_permissions_.end() |
| 141 iter->second = PermissionSet::CreateUnion(*(iter->second), *permissions); | 165 ? static_cast<const PermissionSet&>(PermissionSet()) |
| 166 : *iter->second, |
| 167 permissions); |
| 168 tab_specific_permissions_.set(tab_id, new_permissions.Pass()); |
| 142 } | 169 } |
| 143 | 170 |
| 144 void PermissionsData::ClearTabSpecificPermissions(int tab_id) const { | 171 void PermissionsData::ClearTabSpecificPermissions(int tab_id) const { |
| 145 base::AutoLock auto_lock(runtime_lock_); | 172 AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get()); |
| 146 CHECK_GE(tab_id, 0); | 173 CHECK_GE(tab_id, 0); |
| 147 tab_specific_permissions_.erase(tab_id); | 174 tab_specific_permissions_.erase(tab_id); |
| 148 } | 175 } |
| 149 | 176 |
| 150 bool PermissionsData::HasAPIPermission(APIPermission::ID permission) const { | 177 bool PermissionsData::HasAPIPermission(APIPermission::ID permission) const { |
| 151 return active_permissions()->HasAPIPermission(permission); | 178 base::AutoLock auto_lock(runtime_lock_); |
| 179 return active_permissions_unsafe_->HasAPIPermission(permission); |
| 152 } | 180 } |
| 153 | 181 |
| 154 bool PermissionsData::HasAPIPermission( | 182 bool PermissionsData::HasAPIPermission( |
| 155 const std::string& permission_name) const { | 183 const std::string& permission_name) const { |
| 156 return active_permissions()->HasAPIPermission(permission_name); | 184 base::AutoLock auto_lock(runtime_lock_); |
| 185 return active_permissions_unsafe_->HasAPIPermission(permission_name); |
| 157 } | 186 } |
| 158 | 187 |
| 159 bool PermissionsData::HasAPIPermissionForTab( | 188 bool PermissionsData::HasAPIPermissionForTab( |
| 160 int tab_id, | 189 int tab_id, |
| 161 APIPermission::ID permission) const { | 190 APIPermission::ID permission) const { |
| 162 if (HasAPIPermission(permission)) | 191 base::AutoLock auto_lock(runtime_lock_); |
| 192 if (active_permissions_unsafe_->HasAPIPermission(permission)) |
| 163 return true; | 193 return true; |
| 164 | 194 |
| 165 scoped_refptr<const PermissionSet> tab_permissions = | 195 const PermissionSet* tab_permissions = GetTabSpecificPermissions(tab_id); |
| 166 GetTabSpecificPermissions(tab_id); | 196 return tab_permissions && tab_permissions->HasAPIPermission(permission); |
| 167 | |
| 168 // Place autolock below the HasAPIPermission() and | |
| 169 // GetTabSpecificPermissions(), since each already acquires the lock. | |
| 170 base::AutoLock auto_lock(runtime_lock_); | |
| 171 return tab_permissions.get() && tab_permissions->HasAPIPermission(permission); | |
| 172 } | 197 } |
| 173 | 198 |
| 174 bool PermissionsData::CheckAPIPermissionWithParam( | 199 bool PermissionsData::CheckAPIPermissionWithParam( |
| 175 APIPermission::ID permission, | 200 APIPermission::ID permission, |
| 176 const APIPermission::CheckParam* param) const { | 201 const APIPermission::CheckParam* param) const { |
| 177 return active_permissions()->CheckAPIPermissionWithParam(permission, param); | 202 base::AutoLock auto_lock(runtime_lock_); |
| 203 return active_permissions_unsafe_->CheckAPIPermissionWithParam(permission, |
| 204 param); |
| 178 } | 205 } |
| 179 | 206 |
| 180 URLPatternSet PermissionsData::GetEffectiveHostPermissions() const { | 207 URLPatternSet PermissionsData::GetEffectiveHostPermissions() const { |
| 181 base::AutoLock auto_lock(runtime_lock_); | 208 base::AutoLock auto_lock(runtime_lock_); |
| 182 URLPatternSet effective_hosts = active_permissions_unsafe_->effective_hosts(); | 209 URLPatternSet effective_hosts = active_permissions_unsafe_->effective_hosts(); |
| 183 for (const auto& val : tab_specific_permissions_) | 210 for (const auto& val : tab_specific_permissions_) |
| 184 effective_hosts.AddPatterns(val.second->effective_hosts()); | 211 effective_hosts.AddPatterns(val.second->effective_hosts()); |
| 185 return effective_hosts; | 212 return effective_hosts; |
| 186 } | 213 } |
| 187 | 214 |
| 188 bool PermissionsData::HasHostPermission(const GURL& url) const { | 215 bool PermissionsData::HasHostPermission(const GURL& url) const { |
| 189 return active_permissions()->HasExplicitAccessToOrigin(url); | 216 base::AutoLock auto_lock(runtime_lock_); |
| 217 return active_permissions_unsafe_->HasExplicitAccessToOrigin(url); |
| 190 } | 218 } |
| 191 | 219 |
| 192 bool PermissionsData::HasEffectiveAccessToAllHosts() const { | 220 bool PermissionsData::HasEffectiveAccessToAllHosts() const { |
| 193 return active_permissions()->HasEffectiveAccessToAllHosts(); | 221 base::AutoLock auto_lock(runtime_lock_); |
| 222 return active_permissions_unsafe_->HasEffectiveAccessToAllHosts(); |
| 194 } | 223 } |
| 195 | 224 |
| 196 PermissionMessages PermissionsData::GetPermissionMessages() const { | 225 PermissionMessages PermissionsData::GetPermissionMessages() const { |
| 226 base::AutoLock auto_lock(runtime_lock_); |
| 197 return PermissionMessageProvider::Get()->GetPermissionMessages( | 227 return PermissionMessageProvider::Get()->GetPermissionMessages( |
| 198 PermissionMessageProvider::Get()->GetAllPermissionIDs( | 228 PermissionMessageProvider::Get()->GetAllPermissionIDs( |
| 199 active_permissions().get(), manifest_type_)); | 229 active_permissions_unsafe_.get(), manifest_type_)); |
| 200 } | 230 } |
| 201 | 231 |
| 202 bool PermissionsData::HasWithheldImpliedAllHosts() const { | 232 bool PermissionsData::HasWithheldImpliedAllHosts() const { |
| 233 base::AutoLock auto_lock(runtime_lock_); |
| 203 // Since we currently only withhold all_hosts, it's sufficient to check | 234 // Since we currently only withhold all_hosts, it's sufficient to check |
| 204 // that either set is not empty. | 235 // that either set is not empty. |
| 205 return !withheld_permissions()->explicit_hosts().is_empty() || | 236 return !withheld_permissions_unsafe_->explicit_hosts().is_empty() || |
| 206 !withheld_permissions()->scriptable_hosts().is_empty(); | 237 !withheld_permissions_unsafe_->scriptable_hosts().is_empty(); |
| 207 } | 238 } |
| 208 | 239 |
| 209 bool PermissionsData::CanAccessPage(const Extension* extension, | 240 bool PermissionsData::CanAccessPage(const Extension* extension, |
| 210 const GURL& document_url, | 241 const GURL& document_url, |
| 211 int tab_id, | 242 int tab_id, |
| 212 int process_id, | 243 int process_id, |
| 213 std::string* error) const { | 244 std::string* error) const { |
| 214 AccessType result = CanRunOnPage(extension, | 245 base::AutoLock auto_lock(runtime_lock_); |
| 215 document_url, | 246 AccessType result = |
| 216 tab_id, | 247 CanRunOnPage(extension, document_url, tab_id, process_id, |
| 217 process_id, | 248 active_permissions_unsafe_->explicit_hosts(), |
| 218 active_permissions()->explicit_hosts(), | 249 withheld_permissions_unsafe_->explicit_hosts(), error); |
| 219 withheld_permissions()->explicit_hosts(), | |
| 220 error); | |
| 221 // TODO(rdevlin.cronin) Update callers so that they only need ACCESS_ALLOWED. | 250 // TODO(rdevlin.cronin) Update callers so that they only need ACCESS_ALLOWED. |
| 222 return result == ACCESS_ALLOWED || result == ACCESS_WITHHELD; | 251 return result == ACCESS_ALLOWED || result == ACCESS_WITHHELD; |
| 223 } | 252 } |
| 224 | 253 |
| 225 PermissionsData::AccessType PermissionsData::GetPageAccess( | 254 PermissionsData::AccessType PermissionsData::GetPageAccess( |
| 226 const Extension* extension, | 255 const Extension* extension, |
| 227 const GURL& document_url, | 256 const GURL& document_url, |
| 228 int tab_id, | 257 int tab_id, |
| 229 int process_id, | 258 int process_id, |
| 230 std::string* error) const { | 259 std::string* error) const { |
| 231 return CanRunOnPage(extension, | 260 base::AutoLock auto_lock(runtime_lock_); |
| 232 document_url, | 261 return CanRunOnPage(extension, document_url, tab_id, process_id, |
| 233 tab_id, | 262 active_permissions_unsafe_->explicit_hosts(), |
| 234 process_id, | 263 withheld_permissions_unsafe_->explicit_hosts(), error); |
| 235 active_permissions()->explicit_hosts(), | |
| 236 withheld_permissions()->explicit_hosts(), | |
| 237 error); | |
| 238 } | 264 } |
| 239 | 265 |
| 240 bool PermissionsData::CanRunContentScriptOnPage(const Extension* extension, | 266 bool PermissionsData::CanRunContentScriptOnPage(const Extension* extension, |
| 241 const GURL& document_url, | 267 const GURL& document_url, |
| 242 int tab_id, | 268 int tab_id, |
| 243 int process_id, | 269 int process_id, |
| 244 std::string* error) const { | 270 std::string* error) const { |
| 245 AccessType result = CanRunOnPage(extension, | 271 base::AutoLock auto_lock(runtime_lock_); |
| 246 document_url, | 272 AccessType result = |
| 247 tab_id, | 273 CanRunOnPage(extension, document_url, tab_id, process_id, |
| 248 process_id, | 274 active_permissions_unsafe_->scriptable_hosts(), |
| 249 active_permissions()->scriptable_hosts(), | 275 withheld_permissions_unsafe_->scriptable_hosts(), error); |
| 250 withheld_permissions()->scriptable_hosts(), | |
| 251 error); | |
| 252 // TODO(rdevlin.cronin) Update callers so that they only need ACCESS_ALLOWED. | 276 // TODO(rdevlin.cronin) Update callers so that they only need ACCESS_ALLOWED. |
| 253 return result == ACCESS_ALLOWED || result == ACCESS_WITHHELD; | 277 return result == ACCESS_ALLOWED || result == ACCESS_WITHHELD; |
| 254 } | 278 } |
| 255 | 279 |
| 256 PermissionsData::AccessType PermissionsData::GetContentScriptAccess( | 280 PermissionsData::AccessType PermissionsData::GetContentScriptAccess( |
| 257 const Extension* extension, | 281 const Extension* extension, |
| 258 const GURL& document_url, | 282 const GURL& document_url, |
| 259 int tab_id, | 283 int tab_id, |
| 260 int process_id, | 284 int process_id, |
| 261 std::string* error) const { | 285 std::string* error) const { |
| 262 return CanRunOnPage(extension, | 286 base::AutoLock auto_lock(runtime_lock_); |
| 263 document_url, | 287 return CanRunOnPage(extension, document_url, tab_id, process_id, |
| 264 tab_id, | 288 active_permissions_unsafe_->scriptable_hosts(), |
| 265 process_id, | 289 withheld_permissions_unsafe_->scriptable_hosts(), error); |
| 266 active_permissions()->scriptable_hosts(), | |
| 267 withheld_permissions()->scriptable_hosts(), | |
| 268 error); | |
| 269 } | 290 } |
| 270 | 291 |
| 271 bool PermissionsData::CanCaptureVisiblePage(int tab_id, | 292 bool PermissionsData::CanCaptureVisiblePage(int tab_id, |
| 272 std::string* error) const { | 293 std::string* error) const { |
| 273 const URLPattern all_urls(URLPattern::SCHEME_ALL, | 294 const URLPattern all_urls(URLPattern::SCHEME_ALL, |
| 274 URLPattern::kAllUrlsPattern); | 295 URLPattern::kAllUrlsPattern); |
| 275 | 296 |
| 276 if (active_permissions()->explicit_hosts().ContainsPattern(all_urls)) | 297 base::AutoLock auto_lock(runtime_lock_); |
| 298 if (active_permissions_unsafe_->explicit_hosts().ContainsPattern(all_urls)) |
| 277 return true; | 299 return true; |
| 278 | 300 |
| 279 if (tab_id >= 0) { | 301 if (tab_id >= 0) { |
| 280 scoped_refptr<const PermissionSet> tab_permissions = | 302 const PermissionSet* tab_permissions = GetTabSpecificPermissions(tab_id); |
| 281 GetTabSpecificPermissions(tab_id); | 303 if (tab_permissions && |
| 282 if (tab_permissions.get() && | |
| 283 tab_permissions->HasAPIPermission(APIPermission::kTab)) { | 304 tab_permissions->HasAPIPermission(APIPermission::kTab)) { |
| 284 return true; | 305 return true; |
| 285 } | 306 } |
| 286 if (error) | 307 if (error) |
| 287 *error = manifest_errors::kActiveTabPermissionNotGranted; | 308 *error = manifest_errors::kActiveTabPermissionNotGranted; |
| 288 return false; | 309 return false; |
| 289 } | 310 } |
| 290 | 311 |
| 291 if (error) | 312 if (error) |
| 292 *error = manifest_errors::kAllURLOrActiveTabNeeded; | 313 *error = manifest_errors::kAllURLOrActiveTabNeeded; |
| 293 return false; | 314 return false; |
| 294 } | 315 } |
| 295 | 316 |
| 296 PermissionsData::TabPermissionsMap | 317 const PermissionSet* PermissionsData::GetTabSpecificPermissions( |
| 297 PermissionsData::CopyTabSpecificPermissionsMap() const { | |
| 298 base::AutoLock auto_lock(runtime_lock_); | |
| 299 return tab_specific_permissions_; | |
| 300 } | |
| 301 | |
| 302 scoped_refptr<const PermissionSet> PermissionsData::GetTabSpecificPermissions( | |
| 303 int tab_id) const { | 318 int tab_id) const { |
| 304 base::AutoLock auto_lock(runtime_lock_); | |
| 305 CHECK_GE(tab_id, 0); | 319 CHECK_GE(tab_id, 0); |
| 320 runtime_lock_.AssertAcquired(); |
| 306 TabPermissionsMap::const_iterator iter = | 321 TabPermissionsMap::const_iterator iter = |
| 307 tab_specific_permissions_.find(tab_id); | 322 tab_specific_permissions_.find(tab_id); |
| 308 return (iter != tab_specific_permissions_.end()) ? iter->second : NULL; | 323 return (iter != tab_specific_permissions_.end()) ? iter->second : nullptr; |
| 309 } | 324 } |
| 310 | 325 |
| 311 bool PermissionsData::HasTabSpecificPermissionToExecuteScript( | 326 bool PermissionsData::HasTabSpecificPermissionToExecuteScript( |
| 312 int tab_id, | 327 int tab_id, |
| 313 const GURL& url) const { | 328 const GURL& url) const { |
| 329 runtime_lock_.AssertAcquired(); |
| 314 if (tab_id >= 0) { | 330 if (tab_id >= 0) { |
| 315 scoped_refptr<const PermissionSet> tab_permissions = | 331 const PermissionSet* tab_permissions = GetTabSpecificPermissions(tab_id); |
| 316 GetTabSpecificPermissions(tab_id); | 332 if (tab_permissions && |
| 317 if (tab_permissions.get() && | |
| 318 tab_permissions->explicit_hosts().MatchesSecurityOrigin(url)) { | 333 tab_permissions->explicit_hosts().MatchesSecurityOrigin(url)) { |
| 319 return true; | 334 return true; |
| 320 } | 335 } |
| 321 } | 336 } |
| 322 return false; | 337 return false; |
| 323 } | 338 } |
| 324 | 339 |
| 325 PermissionsData::AccessType PermissionsData::CanRunOnPage( | 340 PermissionsData::AccessType PermissionsData::CanRunOnPage( |
| 326 const Extension* extension, | 341 const Extension* extension, |
| 327 const GURL& document_url, | 342 const GURL& document_url, |
| 328 int tab_id, | 343 int tab_id, |
| 329 int process_id, | 344 int process_id, |
| 330 const URLPatternSet& permitted_url_patterns, | 345 const URLPatternSet& permitted_url_patterns, |
| 331 const URLPatternSet& withheld_url_patterns, | 346 const URLPatternSet& withheld_url_patterns, |
| 332 std::string* error) const { | 347 std::string* error) const { |
| 348 runtime_lock_.AssertAcquired(); |
| 333 if (g_policy_delegate && | 349 if (g_policy_delegate && |
| 334 !g_policy_delegate->CanExecuteScriptOnPage( | 350 !g_policy_delegate->CanExecuteScriptOnPage( |
| 335 extension, document_url, tab_id, process_id, error)) { | 351 extension, document_url, tab_id, process_id, error)) { |
| 336 return ACCESS_DENIED; | 352 return ACCESS_DENIED; |
| 337 } | 353 } |
| 338 | 354 |
| 339 if (IsRestrictedUrl(document_url, extension, error)) | 355 if (IsRestrictedUrl(document_url, extension, error)) |
| 340 return ACCESS_DENIED; | 356 return ACCESS_DENIED; |
| 341 | 357 |
| 342 if (HasTabSpecificPermissionToExecuteScript(tab_id, document_url)) | 358 if (HasTabSpecificPermissionToExecuteScript(tab_id, document_url)) |
| 343 return ACCESS_ALLOWED; | 359 return ACCESS_ALLOWED; |
| 344 | 360 |
| 345 if (permitted_url_patterns.MatchesURL(document_url)) | 361 if (permitted_url_patterns.MatchesURL(document_url)) |
| 346 return ACCESS_ALLOWED; | 362 return ACCESS_ALLOWED; |
| 347 | 363 |
| 348 if (withheld_url_patterns.MatchesURL(document_url)) | 364 if (withheld_url_patterns.MatchesURL(document_url)) |
| 349 return ACCESS_WITHHELD; | 365 return ACCESS_WITHHELD; |
| 350 | 366 |
| 351 if (error) { | 367 if (error) { |
| 352 *error = ErrorUtils::FormatErrorMessage(manifest_errors::kCannotAccessPage, | 368 *error = ErrorUtils::FormatErrorMessage(manifest_errors::kCannotAccessPage, |
| 353 document_url.spec()); | 369 document_url.spec()); |
| 354 } | 370 } |
| 355 return ACCESS_DENIED; | 371 return ACCESS_DENIED; |
| 356 } | 372 } |
| 357 | 373 |
| 358 } // namespace extensions | 374 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1349613003:
[Extensions] Un-refcount PermissionSet (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master