Added a PolicyManifestHandler.

chrome/browser/policy/policy_manifest_handler.cc

Index: chrome/browser/policy/policy_manifest_handler.cc
diff --git a/chrome/browser/policy/policy_manifest_handler.cc b/chrome/browser/policy/policy_manifest_handler.cc
new file mode 100644
index 0000000000000000000000000000000000000000..fd052fd818fa34561ca4afea2c29a938ee426baf
--- /dev/null
+++ b/chrome/browser/policy/policy_manifest_handler.cc
@@ -0,0 +1,82 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/policy/policy_manifest_handler.h"
+
+#include "base/file_util.h"
+#include "base/files/file_path.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/string16.h"
+#include "base/stringprintf.h"
+#include "base/utf_string_conversions.h"
+#include "chrome/browser/policy/policy_schema.h"
+#include "chrome/common/extensions/extension.h"
+#include "chrome/common/extensions/extension_manifest_constants.h"
+#include "chrome/common/extensions/manifest.h"
+#include "chrome/common/extensions/permissions/api_permission.h"
+
+namespace policy {
+
+namespace {
+
+const char kInvalidPermission[] =

[Mattias Nissler (ping if slow), 2013/05/15 10:37:39]

nit: kMissingPermission would be more accurate.

[Joao da Silva, 2013/05/19 13:21:35]

Done.

+    "The storage permission is required to use storage.managed_schema";
+const char kInvalidValue[] =
+    "Invalid value for storage.managed_schema - must be a string";
+const char kInvalidPath[] = "storage.managed_schema must be a relative path";
+
+}  // namespace
+
+PolicyManifestHandler::PolicyManifestHandler() {}
+
+PolicyManifestHandler::~PolicyManifestHandler() {}
+
+bool PolicyManifestHandler::Parse(extensions::Extension* extension,
+                                  string16* error) {
+  std::string path;
+  if (!extension->manifest()->GetString(
+          extension_manifest_keys::kStorageManagedSchema, &path)) {
+    *error = ASCIIToUTF16(kInvalidValue);
+    return false;
+  }
+  return true;
+}
+
+bool PolicyManifestHandler::Validate(
+    const extensions::Extension* extension,
+    std::string* error,
+    std::vector<extensions::InstallWarning>* warnings) const {
+  if (!extension->HasAPIPermission(extensions::APIPermission::kStorage)) {
+    *error = kInvalidPermission;
+    return false;
+  }
+  std::string path;
+  extension->manifest()->GetString(
+      extension_manifest_keys::kStorageManagedSchema, &path);
+  base::FilePath file(path);
+  if (file.IsAbsolute()) {
+    *error = kInvalidPath;
+    return false;
+  }
+  file = extension->path().Append(path);

[Mattias Nissler (ping if slow), 2013/05/15 10:37:39]

Does this make sure I can't put ../../../../../../../../etc/passwd?

[Joao da Silva, 2013/05/19 13:21:35]

It doesn't, but FilePath::ReferencesParent() does. Good catch!

I doubt that /etc/passwd is valid JSON schema though ;-)

+  if (!file_util::PathExists(file)) {
+    *error =
+        base::StringPrintf("File does not exist: %s", file.value().c_str());
+    return false;
+  }
+  std::string content;
+  if (!file_util::ReadFileToString(file, &content)) {
+    *error = base::StringPrintf("Can't read %s", file.value().c_str());
+    return false;
+  }
+  scoped_ptr<policy::PolicySchema> schema =
+      policy::PolicySchema::Parse(content, error);
+  return schema;

[Yoyo Zhou, 2013/05/16 19:14:16]

I'd expect !!schema or such for readability.

[Joao da Silva, 2013/05/19 13:21:35]

Done.

+}
+
+const std::vector<std::string> PolicyManifestHandler::Keys() const {
+  return SingleKey(extension_manifest_keys::kStorageManagedSchema);
+}
+
+}  // namespace policy