Expand whitelist for media stream APIs.

chrome/renderer/chrome_content_renderer_client.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/renderer/chrome_content_renderer_client.h"
 
 #include "base/command_line.h"
 #include "base/debug/crash_logging.h"
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
@@ skipping 756 matching lines @@
   return GURL();
 }
 
 //  static
 bool ChromeContentRendererClient::IsNaClAllowed(
     const GURL& manifest_url,
     const GURL& app_url,
     bool is_nacl_unrestricted,
     const Extension* extension,
     WebPluginParams* params) {
-  // Temporarily allow these URLs to run NaCl apps, as long as the manifest is
-  // also whitelisted. We should remove this code when PNaCl ships.
-  bool is_whitelisted_url =
+  // Temporarily allow these whitelisted apps to use NaCl.
+  std::string manifest_url_path = manifest_url.path();
+  bool is_whitelisted_app =
+      // Whitelisted apps must be served over https.
       app_url.SchemeIs("https") &&
-      (app_url.host() == "plus.google.com" ||
-       app_url.host() == "plus.sandbox.google.com") &&
       manifest_url.SchemeIs("https") &&
-      manifest_url.host() == "ssl.gstatic.com" &&
-      ((manifest_url.path().find("s2/oz/nacl/") == 1) ||
-       (manifest_url.path().find("photos/nacl/") == 1));
+      // Photos app.
+      (((app_url.DomainIs("plus.google.com") ||
+         app_url.DomainIs("plus.sandbox.google.com")) &&
+       manifest_url.DomainIs("ssl.gstatic.com") &&
+      (manifest_url_path.find("s2/oz/nacl/") == 1 ||
+       manifest_url_path.find("photos/nacl/") == 1)) ||
+      // Hangouts app.

[darin (slow to review), 2013/09/16 19:37:44]

nit: "Hangouts" -> "Chat" since the URLs don't mention Hangouts.

[bbudge, 2013/09/16 19:47:51]

Done.

+      (EndsWith(app_url.host(), "talkgadget.google.com", false) &&
+       manifest_url.DomainIs("ssl.gstatic.com") &&
+       manifest_url_path.find("chat/apps/fx") == 1));
 
   bool is_extension_from_webstore =
       extension && extension->from_webstore();
 
   bool is_invoked_by_hosted_app = extension &&
       extension->is_hosted_app() &&
       extension->web_extent().MatchesURL(app_url);
 
   // Allow built-in extensions and extensions under development.
   bool is_extension_unrestricted = extension &&
       (extension->location() == extensions::Manifest::COMPONENT ||
        extensions::Manifest::IsUnpackedLocation(extension->location()));
 
   bool is_invoked_by_extension = app_url.SchemeIs("chrome-extension");
 
   // The NaCl PDF viewer is always allowed and can use 'Dev' interfaces.
   bool is_nacl_pdf_viewer =
       (is_extension_from_webstore &&
        manifest_url.SchemeIs("chrome-extension") &&
        manifest_url.host() == "acadkphlmlegjaadjagenfimbpphcgnh");
 
   // Allow Chrome Web Store extensions, built-in extensions and extensions
   // under development if the invocation comes from a URL with an extension
   // scheme. Also allow invocations if they are from whitelisted URLs or
   // if --enable-nacl is set.
   bool is_nacl_allowed = is_nacl_unrestricted ||
-                         is_whitelisted_url ||
+                         is_whitelisted_app ||
                          is_nacl_pdf_viewer ||
                          is_invoked_by_hosted_app ||
                          (is_invoked_by_extension &&
                              (is_extension_from_webstore ||
                                  is_extension_unrestricted));
   if (is_nacl_allowed) {
     bool app_can_use_dev_interfaces = is_nacl_pdf_viewer;
     // Make sure that PPAPI 'dev' interfaces aren't available for production
     // apps unless they're whitelisted.
     WebString dev_attribute = WebString::fromUTF8("@dev");
-    if ((!is_whitelisted_url && !is_extension_from_webstore) ||
+    if ((!is_whitelisted_app && !is_extension_from_webstore) ||
         app_can_use_dev_interfaces) {
       // Add the special '@dev' attribute.
       std::vector<string16> param_names;
       std::vector<string16> param_values;
       param_names.push_back(dev_attribute);
       param_values.push_back(WebString());
       AppendParams(
           param_names,
           param_values,
           &params->attributeNames,
@@ skipping 444 matching lines @@
     return false;
 
   WebString tag_name = container->element().shadowHost().tagName();
   return tag_name.equals(WebString::fromUTF8(kWebViewTagName)) ||
     tag_name.equals(WebString::fromUTF8(kAdViewTagName));
 }
 
 bool ChromeContentRendererClient::AllowPepperMediaStreamAPI(
     const GURL& url) {
 #if !defined(OS_ANDROID)
-  std::string host = url.host();
   // Allow only the Hangouts app to use the MediaStream APIs. It's OK to check
   // the whitelist in the renderer, since we're only preventing access until
   // these APIs are public and stable.
-  if (url.SchemeIs(extensions::kExtensionScheme) &&
-      !host.compare("hpcogiolnobbkijnnkdahioejpdcdoph")) {
+  if (url.SchemeIs("https") &&
+      url.DomainIs("talkgadget.google.com")) {

[juberti2, 2013/09/16 19:41:52]

I think this needs the EndsWith treatment too.

[bbudge, 2013/09/16 19:47:51]

Yep, good catch. Done.

     return true;
   }
   // Allow access for tests.
   if (CommandLine::ForCurrentProcess()->HasSwitch(
           switches::kEnablePepperTesting)) {
     return true;
   }
 #endif  // !defined(OS_ANDROID)
   return false;
 }
@@ skipping 12 matching lines @@
   // SiteIsolationPolicy is off by default. We would like to activate cross-site
   // document blocking (for UMA data collection) for normal renderer processes
   // running a normal web page from the Internet. We only turn on
   // SiteIsolationPolicy for a renderer process that does not have the extension
   // flag on.
   CommandLine* command_line = CommandLine::ForCurrentProcess();
   return !command_line->HasSwitch(switches::kExtensionProcess);
 }
 
 }  // namespace chrome