| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/extensions/extension_set.h" | 5 #include "chrome/common/extensions/extension_set.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/stl_util.h" | 8 #include "base/stl_util.h" |
| 9 #include "chrome/common/extensions/extension.h" | 9 #include "chrome/common/extensions/extension.h" |
| 10 #include "chrome/common/extensions/manifest_handlers/sandboxed_page_info.h" | 10 #include "chrome/common/extensions/manifest_handlers/sandboxed_page_info.h" |
| 11 #include "chrome/common/url_constants.h" | 11 #include "chrome/common/url_constants.h" |
| 12 #include "extensions/common/constants.h" | 12 #include "extensions/common/constants.h" |
| 13 | 13 |
| 14 using WebKit::WebSecurityOrigin; | |
| 15 using extensions::Extension; | 14 using extensions::Extension; |
| 16 | 15 |
| 17 ExtensionURLInfo::ExtensionURLInfo(WebSecurityOrigin origin, const GURL& url) | |
| 18 : origin_(origin), | |
| 19 url_(url) { | |
| 20 DCHECK(!origin_.isNull()); | |
| 21 } | |
| 22 | |
| 23 ExtensionURLInfo::ExtensionURLInfo(const GURL& url) | |
| 24 : url_(url) { | |
| 25 } | |
| 26 | |
| 27 ExtensionSet::const_iterator::const_iterator() {} | 16 ExtensionSet::const_iterator::const_iterator() {} |
| 28 | 17 |
| 29 ExtensionSet::const_iterator::const_iterator(const const_iterator& other) | 18 ExtensionSet::const_iterator::const_iterator(const const_iterator& other) |
| 30 : it_(other.it_) { | 19 : it_(other.it_) { |
| 31 } | 20 } |
| 32 | 21 |
| 33 ExtensionSet::const_iterator::const_iterator(ExtensionMap::const_iterator it) | 22 ExtensionSet::const_iterator::const_iterator(ExtensionMap::const_iterator it) |
| 34 : it_(it) { | 23 : it_(it) { |
| 35 } | 24 } |
| 36 | 25 |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 68 } | 57 } |
| 69 | 58 |
| 70 bool ExtensionSet::Remove(const std::string& id) { | 59 bool ExtensionSet::Remove(const std::string& id) { |
| 71 return extensions_.erase(id) > 0; | 60 return extensions_.erase(id) > 0; |
| 72 } | 61 } |
| 73 | 62 |
| 74 void ExtensionSet::Clear() { | 63 void ExtensionSet::Clear() { |
| 75 extensions_.clear(); | 64 extensions_.clear(); |
| 76 } | 65 } |
| 77 | 66 |
| 78 std::string ExtensionSet::GetExtensionOrAppIDByURL( | 67 std::string ExtensionSet::GetExtensionOrAppIDByURL(const GURL& url) const { |
| 79 const ExtensionURLInfo& info) const { | 68 if (url.SchemeIs(extensions::kExtensionScheme)) |
| 80 DCHECK(!info.origin().isNull()); | 69 return url.host(); |
| 81 | 70 |
| 82 if (info.url().SchemeIs(extensions::kExtensionScheme)) | 71 const Extension* extension = GetExtensionOrAppByURL(url); |
| 83 return info.origin().isUnique() ? std::string() : info.url().host(); | |
| 84 | |
| 85 const Extension* extension = GetExtensionOrAppByURL(info); | |
| 86 if (!extension) | 72 if (!extension) |
| 87 return std::string(); | 73 return std::string(); |
| 88 | 74 |
| 89 return extension->id(); | 75 return extension->id(); |
| 90 } | 76 } |
| 91 | 77 |
| 92 const Extension* ExtensionSet::GetExtensionOrAppByURL( | 78 const Extension* ExtensionSet::GetExtensionOrAppByURL(const GURL& url) const { |
| 93 const ExtensionURLInfo& info) const { | 79 if (url.SchemeIs(extensions::kExtensionScheme)) |
| 94 // In the common case, the document's origin will correspond to its URL, | 80 return GetByID(url.host()); |
| 95 // but in some rare cases involving sandboxing, the two will be different. | |
| 96 // We catch those cases by checking whether the document's origin is unique. | |
| 97 // If that's not the case, then we conclude that the document's security | |
| 98 // context is well-described by its URL and proceed to use only the URL. | |
| 99 if (!info.origin().isNull() && info.origin().isUnique()) | |
| 100 return NULL; | |
| 101 | 81 |
| 102 if (info.url().SchemeIs(extensions::kExtensionScheme)) | 82 return GetHostedAppByURL(url); |
| 103 return GetByID(info.url().host()); | |
| 104 | |
| 105 return GetHostedAppByURL(info); | |
| 106 } | 83 } |
| 107 | 84 |
| 108 const Extension* ExtensionSet::GetHostedAppByURL( | 85 const Extension* ExtensionSet::GetHostedAppByURL(const GURL& url) const { |
| 109 const ExtensionURLInfo& info) const { | |
| 110 for (ExtensionMap::const_iterator iter = extensions_.begin(); | 86 for (ExtensionMap::const_iterator iter = extensions_.begin(); |
| 111 iter != extensions_.end(); ++iter) { | 87 iter != extensions_.end(); ++iter) { |
| 112 if (iter->second->web_extent().MatchesURL(info.url())) | 88 if (iter->second->web_extent().MatchesURL(url)) |
| 113 return iter->second.get(); | 89 return iter->second.get(); |
| 114 } | 90 } |
| 115 | 91 |
| 116 return NULL; | 92 return NULL; |
| 117 } | 93 } |
| 118 | 94 |
| 119 const Extension* ExtensionSet::GetHostedAppByOverlappingWebExtent( | 95 const Extension* ExtensionSet::GetHostedAppByOverlappingWebExtent( |
| 120 const extensions::URLPatternSet& extent) const { | 96 const extensions::URLPatternSet& extent) const { |
| 121 for (ExtensionMap::const_iterator iter = extensions_.begin(); | 97 for (ExtensionMap::const_iterator iter = extensions_.begin(); |
| 122 iter != extensions_.end(); ++iter) { | 98 iter != extensions_.end(); ++iter) { |
| 123 if (iter->second->web_extent().OverlapsWith(extent)) | 99 if (iter->second->web_extent().OverlapsWith(extent)) |
| 124 return iter->second.get(); | 100 return iter->second.get(); |
| 125 } | 101 } |
| 126 | 102 |
| 127 return NULL; | 103 return NULL; |
| 128 } | 104 } |
| 129 | 105 |
| 130 bool ExtensionSet::InSameExtent(const GURL& old_url, | 106 bool ExtensionSet::InSameExtent(const GURL& old_url, |
| 131 const GURL& new_url) const { | 107 const GURL& new_url) const { |
| 132 return GetExtensionOrAppByURL(ExtensionURLInfo(old_url)) == | 108 return GetExtensionOrAppByURL(old_url) == |
| 133 GetExtensionOrAppByURL(ExtensionURLInfo(new_url)); | 109 GetExtensionOrAppByURL(new_url); |
| 134 } | 110 } |
| 135 | 111 |
| 136 const Extension* ExtensionSet::GetByID(const std::string& id) const { | 112 const Extension* ExtensionSet::GetByID(const std::string& id) const { |
| 137 ExtensionMap::const_iterator i = extensions_.find(id); | 113 ExtensionMap::const_iterator i = extensions_.find(id); |
| 138 if (i != extensions_.end()) | 114 if (i != extensions_.end()) |
| 139 return i->second.get(); | 115 return i->second.get(); |
| 140 else | 116 else |
| 141 return NULL; | 117 return NULL; |
| 142 } | 118 } |
| 143 | 119 |
| 144 std::set<std::string> ExtensionSet::GetIDs() const { | 120 std::set<std::string> ExtensionSet::GetIDs() const { |
| 145 std::set<std::string> ids; | 121 std::set<std::string> ids; |
| 146 for (ExtensionMap::const_iterator it = extensions_.begin(); | 122 for (ExtensionMap::const_iterator it = extensions_.begin(); |
| 147 it != extensions_.end(); ++it) { | 123 it != extensions_.end(); ++it) { |
| 148 ids.insert(it->first); | 124 ids.insert(it->first); |
| 149 } | 125 } |
| 150 return ids; | 126 return ids; |
| 151 } | 127 } |
| 152 | 128 |
| 153 bool ExtensionSet::ExtensionBindingsAllowed( | 129 bool ExtensionSet::ExtensionBindingsAllowed(const GURL& url) const { |
| 154 const ExtensionURLInfo& info) const { | 130 if (url.SchemeIs(extensions::kExtensionScheme)) |
| 155 if (info.origin().isUnique() || IsSandboxedPage(info)) | |
| 156 return false; | |
| 157 | |
| 158 if (info.url().SchemeIs(extensions::kExtensionScheme)) | |
| 159 return true; | 131 return true; |
| 160 | 132 |
| 161 ExtensionMap::const_iterator i = extensions_.begin(); | 133 ExtensionMap::const_iterator i = extensions_.begin(); |
| 162 for (; i != extensions_.end(); ++i) { | 134 for (; i != extensions_.end(); ++i) { |
| 163 if (i->second->location() == extensions::Manifest::COMPONENT && | 135 if (i->second->location() == extensions::Manifest::COMPONENT && |
| 164 i->second->web_extent().MatchesURL(info.url())) | 136 i->second->web_extent().MatchesURL(url)) |
| 165 return true; | 137 return true; |
| 166 } | 138 } |
| 167 | 139 |
| 168 return false; | 140 return false; |
| 169 } | 141 } |
| 170 | |
| 171 bool ExtensionSet::IsSandboxedPage(const ExtensionURLInfo& info) const { | |
| 172 if (info.url().SchemeIs(extensions::kExtensionScheme)) { | |
| 173 const Extension* extension = GetByID(info.url().host()); | |
| 174 if (extension) { | |
| 175 return extensions::SandboxedPageInfo::IsSandboxedPage(extension, | |
| 176 info.url().path()); | |
| 177 } | |
| 178 } | |
| 179 return false; | |
| 180 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 16625012:
Remove ExtensionURLInfo, make security decisions in render process (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src