| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/api/web_request/web_request_permissions.h" | 5 #include "extensions/browser/api/web_request/web_request_permissions.h" |
| 6 | 6 |
| 7 #include "base/strings/string_piece.h" | 7 #include "base/strings/string_piece.h" |
| 8 #include "base/strings/string_util.h" | 8 #include "base/strings/string_util.h" |
| 9 #include "base/strings/stringprintf.h" | 9 #include "base/strings/stringprintf.h" |
| 10 #include "chromeos/login/login_state.h" |
| 10 #include "content/public/browser/resource_request_info.h" | 11 #include "content/public/browser/resource_request_info.h" |
| 11 #include "extensions/browser/extension_navigation_ui_data.h" | 12 #include "extensions/browser/extension_navigation_ui_data.h" |
| 12 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h" | 13 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h" |
| 13 #include "extensions/browser/info_map.h" | 14 #include "extensions/browser/info_map.h" |
| 14 #include "extensions/common/constants.h" | 15 #include "extensions/common/constants.h" |
| 15 #include "extensions/common/extension.h" | 16 #include "extensions/common/extension.h" |
| 16 #include "extensions/common/extension_urls.h" | 17 #include "extensions/common/extension_urls.h" |
| 17 #include "extensions/common/permissions/permissions_data.h" | 18 #include "extensions/common/permissions/permissions_data.h" |
| 18 #include "net/url_request/url_request.h" | 19 #include "net/url_request/url_request.h" |
| 19 #include "url/gurl.h" | 20 #include "url/gurl.h" |
| 20 #include "url/origin.h" | 21 #include "url/origin.h" |
| 21 | 22 |
| 22 using content::ResourceRequestInfo; | 23 using content::ResourceRequestInfo; |
| 23 using extensions::PermissionsData; | 24 using extensions::PermissionsData; |
| 24 | 25 |
| 25 namespace { | 26 namespace { |
| 26 | 27 |
| 27 // Returns true if the scheme is one we want to allow extensions to have access | 28 // Returns true if the scheme is one we want to allow extensions to have access |
| 28 // to. Extensions still need specific permissions for a given URL, which is | 29 // to. Extensions still need specific permissions for a given URL, which is |
| 29 // covered by CanExtensionAccessURL. | 30 // covered by CanExtensionAccessURL. |
| 30 bool HasWebRequestScheme(const GURL& url) { | 31 bool HasWebRequestScheme(const GURL& url) { |
| 31 return (url.SchemeIs(url::kAboutScheme) || url.SchemeIs(url::kFileScheme) || | 32 return (url.SchemeIs(url::kAboutScheme) || url.SchemeIs(url::kFileScheme) || |
| 32 url.SchemeIs(url::kFileSystemScheme) || | 33 url.SchemeIs(url::kFileSystemScheme) || |
| 33 url.SchemeIs(url::kFtpScheme) || url.SchemeIs(url::kHttpScheme) || | 34 url.SchemeIs(url::kFtpScheme) || url.SchemeIs(url::kHttpScheme) || |
| 34 url.SchemeIs(url::kHttpsScheme) || | 35 url.SchemeIs(url::kHttpsScheme) || |
| 35 url.SchemeIs(extensions::kExtensionScheme)); | 36 url.SchemeIs(extensions::kExtensionScheme)); |
| 36 } | 37 } |
| 37 | 38 |
| 39 bool g_allow_all_extension_locations_in_public_session = false; |
| 40 |
| 38 } // namespace | 41 } // namespace |
| 39 | 42 |
| 40 // Returns true if the URL is sensitive and requests to this URL must not be | 43 // Returns true if the URL is sensitive and requests to this URL must not be |
| 41 // modified/canceled by extensions, e.g. because it is targeted to the webstore | 44 // modified/canceled by extensions, e.g. because it is targeted to the webstore |
| 42 // to check for updates, extension blacklisting, etc. | 45 // to check for updates, extension blacklisting, etc. |
| 43 bool IsSensitiveURL(const GURL& url) { | 46 bool IsSensitiveURL(const GURL& url) { |
| 44 // TODO(battre) Merge this, CanExtensionAccessURL and | 47 // TODO(battre) Merge this, CanExtensionAccessURL and |
| 45 // PermissionsData::CanAccessPage into one function. | 48 // PermissionsData::CanAccessPage into one function. |
| 46 bool sensitive_chrome_url = false; | 49 bool sensitive_chrome_url = false; |
| 47 const base::StringPiece& host = url.host_piece(); | 50 const base::StringPiece& host = url.host_piece(); |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 98 process_id)) { | 101 process_id)) { |
| 99 return true; | 102 return true; |
| 100 } | 103 } |
| 101 } | 104 } |
| 102 | 105 |
| 103 const GURL& url = request->url(); | 106 const GURL& url = request->url(); |
| 104 return IsSensitiveURL(url) || !HasWebRequestScheme(url); | 107 return IsSensitiveURL(url) || !HasWebRequestScheme(url); |
| 105 } | 108 } |
| 106 | 109 |
| 107 // static | 110 // static |
| 111 void WebRequestPermissions:: |
| 112 AllowAllExtensionLocationsInPublicSessionForTesting(bool value) { |
| 113 g_allow_all_extension_locations_in_public_session = value; |
| 114 } |
| 115 |
| 116 // static |
| 108 PermissionsData::AccessType WebRequestPermissions::CanExtensionAccessURL( | 117 PermissionsData::AccessType WebRequestPermissions::CanExtensionAccessURL( |
| 109 const extensions::InfoMap* extension_info_map, | 118 const extensions::InfoMap* extension_info_map, |
| 110 const std::string& extension_id, | 119 const std::string& extension_id, |
| 111 const GURL& url, | 120 const GURL& url, |
| 112 int tab_id, | 121 int tab_id, |
| 113 bool crosses_incognito, | 122 bool crosses_incognito, |
| 114 HostPermissionsCheck host_permissions_check) { | 123 HostPermissionsCheck host_permissions_check) { |
| 115 // extension_info_map can be NULL in testing. | 124 // extension_info_map can be NULL in testing. |
| 116 if (!extension_info_map) | 125 if (!extension_info_map) |
| 117 return PermissionsData::ACCESS_ALLOWED; | 126 return PermissionsData::ACCESS_ALLOWED; |
| 118 | 127 |
| 119 const extensions::Extension* extension = | 128 const extensions::Extension* extension = |
| 120 extension_info_map->extensions().GetByID(extension_id); | 129 extension_info_map->extensions().GetByID(extension_id); |
| 121 if (!extension) | 130 if (!extension) |
| 122 return PermissionsData::ACCESS_DENIED; | 131 return PermissionsData::ACCESS_DENIED; |
| 123 | 132 |
| 133 // When we are in a Public Session, allow all URLs for webRequests initiated |
| 134 // by a regular extension (but don't allow chrome:// URLs). |
| 135 #if defined(OS_CHROMEOS) |
| 136 if (chromeos::LoginState::IsInitialized() && |
| 137 chromeos::LoginState::Get()->IsPublicSessionUser() && |
| 138 extension->is_extension() && |
| 139 !url.SchemeIs("chrome")) { |
| 140 // Make sure that the extension is truly installed by policy (the assumption |
| 141 // in Public Session is that all extensions are installed by policy). |
| 142 CHECK(g_allow_all_extension_locations_in_public_session || |
| 143 extensions::Manifest::IsPolicyLocation(extension->location())); |
| 144 return PermissionsData::ACCESS_ALLOWED; |
| 145 } |
| 146 #endif |
| 147 |
| 124 // Check if this event crosses incognito boundaries when it shouldn't. | 148 // Check if this event crosses incognito boundaries when it shouldn't. |
| 125 if (crosses_incognito && !extension_info_map->CanCrossIncognito(extension)) | 149 if (crosses_incognito && !extension_info_map->CanCrossIncognito(extension)) |
| 126 return PermissionsData::ACCESS_DENIED; | 150 return PermissionsData::ACCESS_DENIED; |
| 127 | 151 |
| 128 PermissionsData::AccessType access = PermissionsData::ACCESS_DENIED; | 152 PermissionsData::AccessType access = PermissionsData::ACCESS_DENIED; |
| 129 switch (host_permissions_check) { | 153 switch (host_permissions_check) { |
| 130 case DO_NOT_CHECK_HOST: | 154 case DO_NOT_CHECK_HOST: |
| 131 access = PermissionsData::ACCESS_ALLOWED; | 155 access = PermissionsData::ACCESS_ALLOWED; |
| 132 break; | 156 break; |
| 133 case REQUIRE_HOST_PERMISSION: | 157 case REQUIRE_HOST_PERMISSION: |
| 134 // about: URLs are not covered in host permissions, but are allowed | 158 // about: URLs are not covered in host permissions, but are allowed |
| 135 // anyway. | 159 // anyway. |
| 136 if (url.SchemeIs(url::kAboutScheme) || | 160 if (url.SchemeIs(url::kAboutScheme) || |
| 137 url::IsSameOriginWith(url, extension->url())) { | 161 url::IsSameOriginWith(url, extension->url())) { |
| 138 access = PermissionsData::ACCESS_ALLOWED; | 162 access = PermissionsData::ACCESS_ALLOWED; |
| 139 break; | 163 break; |
| 140 } | 164 } |
| 141 access = extension->permissions_data()->GetPageAccess(extension, url, | 165 access = extension->permissions_data()->GetPageAccess(extension, url, |
| 142 tab_id, nullptr); | 166 tab_id, nullptr); |
| 143 break; | 167 break; |
| 144 case REQUIRE_ALL_URLS: | 168 case REQUIRE_ALL_URLS: |
| 145 if (extension->permissions_data()->HasEffectiveAccessToAllHosts()) | 169 if (extension->permissions_data()->HasEffectiveAccessToAllHosts()) |
| 146 access = PermissionsData::ACCESS_ALLOWED; | 170 access = PermissionsData::ACCESS_ALLOWED; |
| 147 // else ACCESS_DENIED | 171 // else ACCESS_DENIED |
| 148 break; | 172 break; |
| 149 } | 173 } |
| 150 | 174 |
| 151 return access; | 175 return access; |
| 152 } | 176 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2455393002:
PS - Adjusting webRequest API for use in Public Sessions (Closed)
