Chromium Code Reviews Chromium Code Reviews
Issue 18399007:
Don't count host permission changes for v2 apps as a permission increase. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/extensions/permissions/permission_set.h" | 5 #include "chrome/common/extensions/permissions/permission_set.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <iterator> | 8 #include <iterator> |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| (...skipping 426 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 437 bool PermissionSet::HasEffectiveFullAccess() const { | 437 bool PermissionSet::HasEffectiveFullAccess() const { |
| 438 for (APIPermissionSet::const_iterator i = apis().begin(); | 438 for (APIPermissionSet::const_iterator i = apis().begin(); |
| 439 i != apis().end(); ++i) { | 439 i != apis().end(); ++i) { |
| 440 if (i->info()->implies_full_access()) | 440 if (i->info()->implies_full_access()) |
| 441 return true; | 441 return true; |
| 442 } | 442 } |
| 443 return false; | 443 return false; |
| 444 } | 444 } |
| 445 | 445 |
| 446 bool PermissionSet::HasLessPrivilegesThan( | 446 bool PermissionSet::HasLessPrivilegesThan( |
| 447 const PermissionSet* permissions) const { | 447 const PermissionSet* permissions, |
| 448 Manifest::Type extension_type) const { | |
| 448 // Things can't get worse than native code access. | 449 // Things can't get worse than native code access. |
| 449 if (HasEffectiveFullAccess()) | 450 if (HasEffectiveFullAccess()) |
| 450 return false; | 451 return false; |
| 451 | 452 |
| 452 // Otherwise, it's a privilege increase if the new one has full access. | 453 // Otherwise, it's a privilege increase if the new one has full access. |
| 453 if (permissions->HasEffectiveFullAccess()) | 454 if (permissions->HasEffectiveFullAccess()) |
| 454 return true; | 455 return true; |
| 455 | 456 |
| 456 if (HasLessHostPrivilegesThan(permissions)) | 457 if (HasLessHostPrivilegesThan(permissions, extension_type)) |
| 457 return true; | 458 return true; |
| 458 | 459 |
| 459 if (HasLessAPIPrivilegesThan(permissions)) | 460 if (HasLessAPIPrivilegesThan(permissions)) |
|
Jeffrey Yasskin
2013/07/09 00:32:57
Mike, are there other API privileges that we displ
miket_OOO
2013/07/09 17:12:08
None come to mind. I ran through chrome_api_permis
| |
| 460 return true; | 461 return true; |
| 461 | 462 |
| 462 return false; | 463 return false; |
| 463 } | 464 } |
| 464 | 465 |
| 465 PermissionSet::~PermissionSet() {} | 466 PermissionSet::~PermissionSet() {} |
| 466 | 467 |
| 467 // static | 468 // static |
| 468 std::set<std::string> PermissionSet::GetDistinctHosts( | 469 std::set<std::string> PermissionSet::GetDistinctHosts( |
| 469 const URLPatternSet& host_patterns, | 470 const URLPatternSet& host_patterns, |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 573 std::set<PermissionMessage> delta_warnings; | 574 std::set<PermissionMessage> delta_warnings; |
| 574 std::set_difference(new_warnings.begin(), new_warnings.end(), | 575 std::set_difference(new_warnings.begin(), new_warnings.end(), |
| 575 current_warnings.begin(), current_warnings.end(), | 576 current_warnings.begin(), current_warnings.end(), |
| 576 std::inserter(delta_warnings, delta_warnings.begin())); | 577 std::inserter(delta_warnings, delta_warnings.begin())); |
| 577 | 578 |
| 578 // We have less privileges if there are additional warnings present. | 579 // We have less privileges if there are additional warnings present. |
| 579 return !delta_warnings.empty(); | 580 return !delta_warnings.empty(); |
| 580 } | 581 } |
| 581 | 582 |
| 582 bool PermissionSet::HasLessHostPrivilegesThan( | 583 bool PermissionSet::HasLessHostPrivilegesThan( |
| 583 const PermissionSet* permissions) const { | 584 const PermissionSet* permissions, |
| 585 Manifest::Type extension_type) const { | |
| 586 // Platform apps host permission changes do not count as privilege increases. | |
| 587 if (extension_type == Manifest::TYPE_PLATFORM_APP) | |
| 588 return false; | |
| 589 | |
| 584 // If this permission set can access any host, then it can't be elevated. | 590 // If this permission set can access any host, then it can't be elevated. |
| 585 if (HasEffectiveAccessToAllHosts()) | 591 if (HasEffectiveAccessToAllHosts()) |
| 586 return false; | 592 return false; |
| 587 | 593 |
| 588 // Likewise, if the other permission set has full host access, then it must be | 594 // Likewise, if the other permission set has full host access, then it must be |
| 589 // a privilege increase. | 595 // a privilege increase. |
| 590 if (permissions->HasEffectiveAccessToAllHosts()) | 596 if (permissions->HasEffectiveAccessToAllHosts()) |
| 591 return true; | 597 return true; |
| 592 | 598 |
| 593 const URLPatternSet& old_list = effective_hosts(); | 599 const URLPatternSet& old_list = effective_hosts(); |
| 594 const URLPatternSet& new_list = permissions->effective_hosts(); | 600 const URLPatternSet& new_list = permissions->effective_hosts(); |
| 595 | 601 |
| 596 // TODO(jstritar): This is overly conservative with respect to subdomains. | 602 // TODO(jstritar): This is overly conservative with respect to subdomains. |
| 597 // For example, going from *.google.com to www.google.com will be | 603 // For example, going from *.google.com to www.google.com will be |
| 598 // considered an elevation, even though it is not (http://crbug.com/65337). | 604 // considered an elevation, even though it is not (http://crbug.com/65337). |
| 599 std::set<std::string> new_hosts_set(GetDistinctHosts(new_list, false, false)); | 605 std::set<std::string> new_hosts_set(GetDistinctHosts(new_list, false, false)); |
| 600 std::set<std::string> old_hosts_set(GetDistinctHosts(old_list, false, false)); | 606 std::set<std::string> old_hosts_set(GetDistinctHosts(old_list, false, false)); |
| 601 std::set<std::string> new_hosts_only; | 607 std::set<std::string> new_hosts_only; |
| 602 | 608 |
| 603 std::set_difference(new_hosts_set.begin(), new_hosts_set.end(), | 609 std::set_difference(new_hosts_set.begin(), new_hosts_set.end(), |
| 604 old_hosts_set.begin(), old_hosts_set.end(), | 610 old_hosts_set.begin(), old_hosts_set.end(), |
| 605 std::inserter(new_hosts_only, new_hosts_only.begin())); | 611 std::inserter(new_hosts_only, new_hosts_only.begin())); |
| 606 | 612 |
| 607 return !new_hosts_only.empty(); | 613 return !new_hosts_only.empty(); |
| 608 } | 614 } |
| 609 | 615 |
| 610 } // namespace extensions | 616 } // namespace extensions |
| OLD | NEW |
