Fix install verification for sideloaded extensions without update urls

chrome/browser/extensions/install_verifier.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/install_verifier.h"
 
 #include <algorithm>
 #include <string>
 
 #include "base/bind.h"
@@ skipping 112 matching lines @@
 
   INIT_RESULT_MAX
 };
 
 void LogInitResultHistogram(InitResult result) {
   UMA_HISTOGRAM_ENUMERATION("ExtensionInstallVerifier.InitResult",
                             result, INIT_RESULT_MAX);
 }
 
 bool FromStore(const Extension& extension) {
-  bool updates_from_store = ManifestURL::UpdatesFromGallery(&extension);
-  return extension.from_webstore() || updates_from_store;
+  if (extension.from_webstore() || ManifestURL::UpdatesFromGallery(&extension))
+    return true;
+
+  // If an extension has no update url, our autoupdate code will ask the
+  // webstore about it (to aid in migrating to the webstore from self-hosting
+  // or sideloading based installs). So we want to do verification checks on
+  // such extensions too so that we don't accidentally disable old installs of
+  // extensions that did migrate to the webstore.
+  return (ManifestURL::GetUpdateURL(&extension).is_empty() &&
+          Manifest::IsAutoUpdateableLocation(extension.location()));
 }
 
 bool CanUseExtensionApis(const Extension& extension) {
   return extension.is_extension() || extension.is_legacy_packaged_app();
 }
 
 }  // namespace
 
 // static
 bool InstallVerifier::NeedsVerification(const Extension& extension) {
@@ skipping 31 matching lines @@
   return signature_.get() == NULL && ShouldFetchSignature();
 }
 
 base::Time InstallVerifier::SignatureTimestamp() {
   if (signature_.get())
     return signature_->timestamp;
   else
     return base::Time();
 }
 
+bool InstallVerifier::IsKnownId(const std::string& id) {
+  return signature_.get() && (ContainsKey(signature_->ids, id) ||
+                              ContainsKey(signature_->invalid_ids, id));
+}
+
 void InstallVerifier::Add(const std::string& id,
                           const AddResultCallback& callback) {
   ExtensionIdSet ids;
   ids.insert(id);
   AddMany(ids, callback);
 }
 
 void InstallVerifier::AddMany(const ExtensionIdSet& ids,
                               const AddResultCallback& callback) {
   if (!ShouldFetchSignature()) {
@@ skipping 35 matching lines @@
   ids.insert(id);
   RemoveMany(ids);
 }
 
 void InstallVerifier::RemoveMany(const ExtensionIdSet& ids) {
   if (!signature_.get() || !ShouldFetchSignature())
     return;
 
   bool found_any = false;
   for (ExtensionIdSet::const_iterator i = ids.begin(); i != ids.end(); ++i) {
-    if (ContainsKey(signature_->ids, *i)) {
+    if (ContainsKey(signature_->ids, *i) ||
+        ContainsKey(signature_->invalid_ids, *i)) {
       found_any = true;
       break;
     }
   }
   if (!found_any)
     return;
 
   InstallVerifier::PendingOperation* operation =
     new InstallVerifier::PendingOperation();
   operation->type = InstallVerifier::REMOVE;
@@ skipping 14 matching lines @@
   VERIFIED = 0,
   NOT_EXTENSION,
   UNPACKED,
   ENTERPRISE_POLICY_ALLOWED,
   FORCED_NOT_VERIFIED,
   NOT_FROM_STORE,
   NO_SIGNATURE,
   NOT_VERIFIED_BUT_NOT_ENFORCING,
   NOT_VERIFIED,
   NOT_VERIFIED_BUT_INSTALL_TIME_NEWER_THAN_SIGNATURE,
+  NOT_VERIFIED_BUT_UNKNOWN_ID,
+  COMPONENT,
 
   // This is used in histograms - do not remove or reorder entries above! Also
   // the "MAX" item below should always be the last element.
   MUST_REMAIN_DISABLED_OUTCOME_MAX
 };
 
 void MustRemainDisabledHistogram(MustRemainDisabledOutcome outcome) {
   UMA_HISTOGRAM_ENUMERATION("ExtensionInstallVerifier.MustRemainDisabled",
                             outcome, MUST_REMAIN_DISABLED_OUTCOME_MAX);
 }
 
 }  // namespace
 
 bool InstallVerifier::MustRemainDisabled(const Extension* extension,
                                          Extension::DisableReason* reason,
                                          base::string16* error) const {
   CHECK(extension);
   if (!CanUseExtensionApis(*extension)) {
     MustRemainDisabledHistogram(NOT_EXTENSION);
     return false;
   }
   if (Manifest::IsUnpackedLocation(extension->location())) {
     MustRemainDisabledHistogram(UNPACKED);
     return false;
   }
+  if (extension->location() == Manifest::COMPONENT) {
+    MustRemainDisabledHistogram(COMPONENT);
+    return false;
+  }
   if (AllowedByEnterprisePolicy(extension->id())) {
     MustRemainDisabledHistogram(ENTERPRISE_POLICY_ALLOWED);
     return false;
   }
 
   bool verified = true;
   MustRemainDisabledOutcome outcome = VERIFIED;
   if (ContainsKey(InstallSigner::GetForcedNotFromWebstore(), extension->id())) {
     verified = false;
     outcome = FORCED_NOT_VERIFIED;
   } else if (!FromStore(*extension)) {
     verified = false;
     outcome = NOT_FROM_STORE;
   } else if (signature_.get() == NULL) {
     // If we don't have a signature yet, we'll temporarily consider every
     // extension from the webstore verified to avoid false positives on existing
     // profiles hitting this code for the first time, and rely on consumers of
     // this class to check NeedsBootstrap() and schedule a first check so we can
     // get a signature.
     outcome = NO_SIGNATURE;
   } else if (!IsVerified(extension->id())) {
-    if (WasInstalledAfterSignature(extension->id())) {
-      outcome = NOT_VERIFIED_BUT_INSTALL_TIME_NEWER_THAN_SIGNATURE;
+    if (!ContainsKey(signature_->invalid_ids, extension->id())) {
+      outcome = NOT_VERIFIED_BUT_UNKNOWN_ID;
     } else {
       verified = false;
       outcome = NOT_VERIFIED;
     }
   }
   if (!verified && !ShouldEnforce()) {
     verified = true;
     outcome = NOT_VERIFIED_BUT_NOT_ENFORCING;
   }
   MustRemainDisabledHistogram(outcome);
@@ skipping 15 matching lines @@
 
 InstallVerifier::PendingOperation::~PendingOperation() {
 }
 
 void InstallVerifier::GarbageCollect() {
   if (!ShouldFetchSignature()) {
     return;
   }
   CHECK(signature_.get());
   ExtensionIdSet leftovers = signature_->ids;
+  leftovers.insert(signature_->invalid_ids.begin(),
+                   signature_->invalid_ids.end());
   ExtensionIdList all_ids;
   prefs_->GetExtensions(&all_ids);
   for (ExtensionIdList::const_iterator i = all_ids.begin();
        i != all_ids.end(); ++i) {
     ExtensionIdSet::iterator found = leftovers.find(*i);
     if (found != leftovers.end())
       leftovers.erase(found);
   }
   if (!leftovers.empty()) {
     RemoveMany(leftovers);
@@ skipping 16 matching lines @@
       return true;
   }
   return false;
 }
 
 bool InstallVerifier::IsVerified(const std::string& id) const {
   return ((signature_.get() && ContainsKey(signature_->ids, id)) ||
           ContainsKey(provisional_, id));
 }
 
-bool InstallVerifier::WasInstalledAfterSignature(const std::string& id) const {
-  if (!signature_.get() || signature_->timestamp.is_null())
-    return true;
-
-  base::Time install_time = prefs_->GetInstallTime(id);
-  // If the extension install time is in the future, just assume it isn't
-  // newer than the signature. (Either the clock went backwards, or
-  // an attacker changed the install time in the preferences).
-  if (install_time >= base::Time::Now())
-    return false;
-  return install_time > signature_->timestamp;
-}
-
 void InstallVerifier::BeginFetch() {
   DCHECK(ShouldFetchSignature());
 
   // TODO(asargent) - It would be possible to coalesce all operations in the
   // queue into one fetch - we'd probably just need to change the queue to
   // hold (set of ids, list of callbacks) pairs.
   CHECK(!operation_queue_.empty());
   const PendingOperation& operation = *operation_queue_.front();
 
   ExtensionIdSet ids_to_sign;
@@ skipping 92 matching lines @@
     if (!operation->callback.is_null())
       operation->callback.Run(success);
   }
 
   if (!operation_queue_.empty())
     BeginFetch();
 }
 
 
 }  // namespace extensions