Index: chrome/android/java/src/org/chromium/chrome/browser/webapps/WebappLauncherActivity.java |
diff --git a/chrome/android/java/src/org/chromium/chrome/browser/webapps/WebappLauncherActivity.java b/chrome/android/java/src/org/chromium/chrome/browser/webapps/WebappLauncherActivity.java |
index c25ccaebbc11b28233f726ba673aa941fe847384..7a30b21748e08735faf8c11ceb19c2036b1cd5f8 100644 |
--- a/chrome/android/java/src/org/chromium/chrome/browser/webapps/WebappLauncherActivity.java |
+++ b/chrome/android/java/src/org/chromium/chrome/browser/webapps/WebappLauncherActivity.java |
@@ -13,14 +13,17 @@ import android.util.Base64; |
import org.chromium.base.ApiCompatibilityUtils; |
import org.chromium.base.ApplicationStatus; |
+import org.chromium.base.CommandLine; |
import org.chromium.base.ContextUtils; |
import org.chromium.base.Log; |
+import org.chromium.chrome.browser.ChromeSwitches; |
import org.chromium.chrome.browser.IntentHandler; |
import org.chromium.chrome.browser.ShortcutHelper; |
import org.chromium.chrome.browser.document.ChromeLauncherActivity; |
import org.chromium.chrome.browser.metrics.LaunchMetrics; |
import org.chromium.chrome.browser.tab.Tab; |
import org.chromium.chrome.browser.util.IntentUtils; |
+import org.chromium.webapk.lib.client.WebApkValidator; |
import java.lang.ref.WeakReference; |
@@ -51,24 +54,22 @@ public class WebappLauncherActivity extends Activity { |
Intent intent = getIntent(); |
String webappId = webappInfo.id(); |
String webappUrl = webappInfo.uri().toString(); |
+ String webappPackageName = webappInfo.packageName(); |
int webappSource = webappInfo.source(); |
if (webappId != null && webappUrl != null) { |
- String webappMacString = IntentUtils.safeGetStringExtra( |
- intent, ShortcutHelper.EXTRA_MAC); |
- byte[] webappMac = |
- webappMacString == null ? null : Base64.decode(webappMacString, Base64.DEFAULT); |
- |
Intent launchIntent = null; |
- // Permit the launch to a standalone web app frame if the intent was sent by Chrome, or |
- // if the MAC is present and valid for the URL to be opened. |
- boolean isTrusted = IntentHandler.wasIntentSenderChrome(intent, |
- ContextUtils.getApplicationContext()); |
- boolean isUrlValid = (webappMac != null |
- && WebappAuthenticator.isUrlValid(this, webappUrl, webappMac)); |
- |
- if (isTrusted || isUrlValid) { |
+ // Permit the launch to a standalone web app frame if: |
+ // - the request was for a WebAPK that is valid |
+ // - the MAC is present and valid for the homescreen shortcut to be opened. |
+ // - the intent was sent by Chrome |
+ boolean isWebApk = CommandLine.getInstance().hasSwitch(ChromeSwitches.ENABLE_WEBAPK) |
+ && isValidWebApk(webappPackageName, webappUrl); |
+ if (isWebApk |
+ || isValidFullscreenPwa(webappUrl, IntentUtils.safeGetStringExtra( |
+ intent, ShortcutHelper.EXTRA_MAC)) |
+ || wasIntentFromChrome(intent)) { |
pkotwicz
2016/05/18 23:00:17
The security review will take a lot of time (and i
Xi Han
2016/05/19 18:31:50
Good idea, since the security check isn't the focu
|
LaunchMetrics.recordHomeScreenLaunchIntoStandaloneActivity(webappUrl, webappSource); |
String activityName = WebappActivity.class.getName(); |
@@ -94,12 +95,11 @@ public class WebappLauncherActivity extends Activity { |
// launch the URL with a VIEW Intent in the regular browser. |
launchIntent = new Intent(Intent.ACTION_VIEW, Uri.parse(webappUrl)); |
launchIntent.setClassName(getPackageName(), ChromeLauncherActivity.class.getName()); |
- launchIntent.putExtra(ShortcutHelper.REUSE_URL_MATCHING_TAB_ELSE_NEW_TAB, true); |
- launchIntent.putExtra(ShortcutHelper.EXTRA_SOURCE, webappSource); |
} |
- |
- launchIntent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK |
- | ApiCompatibilityUtils.getActivityNewDocumentFlag()); |
+ if (!isWebApk) { |
+ launchIntent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK |
+ | ApiCompatibilityUtils.getActivityNewDocumentFlag()); |
+ } |
startActivity(launchIntent); |
} |
@@ -107,6 +107,42 @@ public class WebappLauncherActivity extends Activity { |
} |
/** |
+ * Checks whether the package being targeted is a valid WebAPK and whether the url supplied |
+ * can be fulfilled by that WebAPK. |
+ * @param webapkPackage The package name of the requested WebAPK |
+ * @param url The url to navigate to |
+ * @return true iff all validation criteria are met |
+ */ |
+ private boolean isValidWebApk(String webapkPackage, String url) { |
+ boolean isValidWebApk = WebApkValidator.isValidWebApk(this, webapkPackage); |
+ if (!isValidWebApk) { |
+ Log.d(TAG, "isValidWebApk(pkg=\"" + webapkPackage + "\",url=\"" + url + "\")=false"); |
+ return false; |
+ } |
+ |
+ boolean result = webapkPackage != null |
+ && webapkPackage.equals(WebApkValidator.queryWebApkPackage(this, url)); |
+ Log.d(TAG, "isValidWebApk(pkg=\"" + webapkPackage + "\",url=\"" + url + "\")=" + result); |
+ return result; |
+ } |
+ |
+ /** |
+ * Returns whether the MAC is present and valid for the fullscreen PWA to be opened. |
+ * @param url the url to launch |
+ * @param mac the MAC code provided which must match the requested url |
+ * @return whether the supplied MAC is valid for the supplied url |
+ */ |
+ private boolean isValidFullscreenPwa(String url, String mac) { |
+ return mac != null |
+ && WebappAuthenticator.isUrlValid(this, url, Base64.decode(mac, Base64.DEFAULT)); |
+ } |
+ |
+ private boolean wasIntentFromChrome(Intent intent) { |
+ return IntentHandler.wasIntentSenderChrome(intent, |
+ ContextUtils.getApplicationContext()); |
+ } |
+ |
+ /** |
* Brings a live WebappActivity back to the foreground if one exists for the given tab ID. |
* @param tabId ID of the Tab to bring back to the foreground. |
* @return True if a live WebappActivity was found, false otherwise. |