chrome/browser/extensions/install_verifier.cc - Issue 160313002: Don't disable extensions immediately if verification is out of date

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/browser/extensions/install_verifier.cc

Issue 160313002: Don't disable extensions immediately if verification is out of date (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: fixes suggested by review Created 6 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/browser/extensions/install_verifier.cc

diff --git a/chrome/browser/extensions/install_verifier.cc b/chrome/browser/extensions/install_verifier.cc

index 642457dc8efd4419bfb0269bd4e5e641f435d294..1f6e824d3987771e9f3bc36468aa1df750ec6373 100644

--- a/chrome/browser/extensions/install_verifier.cc

+++ b/chrome/browser/extensions/install_verifier.cc

@@ -176,6 +176,13 @@ bool InstallVerifier::NeedsBootstrap() {

return signature_.get() == NULL && ShouldFetchSignature();

}

+base::Time InstallVerifier::SignatureTimestamp() {

+ if (signature_.get())

+ return signature_->timestamp;

+ else

+ return base::Time();

void InstallVerifier::Add(const std::string& id,

const AddResultCallback& callback) {

ExtensionIdSet ids;

@@ -265,10 +272,10 @@ enum MustRemainDisabledOutcome {

NO_SIGNATURE,

NOT_VERIFIED_BUT_NOT_ENFORCING,

NOT_VERIFIED,

+ NOT_VERIFIED_BUT_INSTALL_TIME_NEWER_THAN_SIGNATURE,

// This is used in histograms - do not remove or reorder entries above! Also

// the "MAX" item below should always be the last element.

MUST_REMAIN_DISABLED_OUTCOME_MAX

};

@@ -312,8 +319,12 @@ bool InstallVerifier::MustRemainDisabled(const Extension* extension,

// get a signature.

outcome = NO_SIGNATURE;

} else if (!IsVerified(extension->id())) {

- verified = false;

- outcome = NOT_VERIFIED;

+ if (WasInstalledAfterSignature(extension->id())) {

+ outcome = NOT_VERIFIED_BUT_INSTALL_TIME_NEWER_THAN_SIGNATURE;

+ } else {

+ verified = false;

+ outcome = NOT_VERIFIED;

+ }

}

if (!verified && !ShouldEnforce()) {

verified = true;

@@ -381,6 +392,19 @@ bool InstallVerifier::IsVerified(const std::string& id) const {

ContainsKey(provisional_, id));

}

+bool InstallVerifier::WasInstalledAfterSignature(const std::string& id) const {

+ if (!signature_.get() || signature_->timestamp.is_null())

+ return true;

+ base::Time install_time = prefs_->GetInstallTime(id);

+ // If the extension install time is in the future, just assume it isn't

+ // newer than the signature. (Either the clock went backwards, or

+ // an attacker changed the install time in the preferences).

+ if (install_time >= base::Time::Now())

+ return false;

+ return install_time > signature_->timestamp;

void InstallVerifier::BeginFetch() {

DCHECK(ShouldFetchSignature());

« chrome/browser/extensions/install_signer.h ('K') | « chrome/browser/extensions/install_verifier.h ('k') | no next file » | no next file with comments »