| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/common/permissions/permissions_data.h" | 5 #include "extensions/common/permissions/permissions_data.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| 11 #include "base/lazy_instance.h" |
| 11 #include "base/macros.h" | 12 #include "base/macros.h" |
| 12 #include "content/public/common/url_constants.h" | 13 #include "content/public/common/url_constants.h" |
| 13 #include "extensions/common/constants.h" | 14 #include "extensions/common/constants.h" |
| 14 #include "extensions/common/error_utils.h" | 15 #include "extensions/common/error_utils.h" |
| 15 #include "extensions/common/extension.h" | 16 #include "extensions/common/extension.h" |
| 16 #include "extensions/common/extensions_client.h" | 17 #include "extensions/common/extensions_client.h" |
| 17 #include "extensions/common/manifest.h" | 18 #include "extensions/common/manifest.h" |
| 18 #include "extensions/common/manifest_constants.h" | 19 #include "extensions/common/manifest_constants.h" |
| 19 #include "extensions/common/manifest_handlers/permissions_parser.h" | 20 #include "extensions/common/manifest_handlers/permissions_parser.h" |
| 20 #include "extensions/common/permissions/api_permission.h" | 21 #include "extensions/common/permissions/api_permission.h" |
| 21 #include "extensions/common/permissions/permission_message_provider.h" | 22 #include "extensions/common/permissions/permission_message_provider.h" |
| 22 #include "extensions/common/switches.h" | 23 #include "extensions/common/switches.h" |
| 23 #include "extensions/common/url_pattern_set.h" | 24 #include "extensions/common/url_pattern_set.h" |
| 24 #include "url/gurl.h" | 25 #include "url/gurl.h" |
| 25 #include "url/url_constants.h" | 26 #include "url/url_constants.h" |
| 26 | 27 |
| 27 namespace extensions { | 28 namespace extensions { |
| 28 | 29 |
| 29 namespace { | 30 namespace { |
| 30 | 31 |
| 31 PermissionsData::PolicyDelegate* g_policy_delegate = nullptr; | 32 PermissionsData::PolicyDelegate* g_policy_delegate = nullptr; |
| 32 | 33 |
| 34 struct DefaultRuntimePolicy { |
| 35 URLPatternSet blocked_hosts; |
| 36 URLPatternSet allowed_hosts; |
| 37 }; |
| 38 // URLs an extension can't interact with. An extension can override these |
| 39 // settings by declaring its own list of blocked and allowed hosts using |
| 40 // policy_blocked_hosts and policy_allowed_hosts. |
| 41 base::LazyInstance<DefaultRuntimePolicy>::Leaky default_runtime_policy = |
| 42 LAZY_INSTANCE_INITIALIZER; |
| 43 |
| 33 class AutoLockOnValidThread { | 44 class AutoLockOnValidThread { |
| 34 public: | 45 public: |
| 35 AutoLockOnValidThread(base::Lock& lock, base::ThreadChecker* thread_checker) | 46 AutoLockOnValidThread(base::Lock& lock, base::ThreadChecker* thread_checker) |
| 36 : auto_lock_(lock) { | 47 : auto_lock_(lock) { |
| 37 DCHECK(!thread_checker || thread_checker->CalledOnValidThread()); | 48 DCHECK(!thread_checker || thread_checker->CalledOnValidThread()); |
| 38 } | 49 } |
| 39 | 50 |
| 40 private: | 51 private: |
| 41 base::AutoLock auto_lock_; | 52 base::AutoLock auto_lock_; |
| 42 | 53 |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 80 bool PermissionsData::ShouldSkipPermissionWarnings( | 91 bool PermissionsData::ShouldSkipPermissionWarnings( |
| 81 const std::string& extension_id) { | 92 const std::string& extension_id) { |
| 82 // See http://b/4946060 for more details. | 93 // See http://b/4946060 for more details. |
| 83 return extension_id == extension_misc::kProdHangoutsExtensionId; | 94 return extension_id == extension_misc::kProdHangoutsExtensionId; |
| 84 } | 95 } |
| 85 | 96 |
| 86 // static | 97 // static |
| 87 bool PermissionsData::IsRestrictedUrl(const GURL& document_url, | 98 bool PermissionsData::IsRestrictedUrl(const GURL& document_url, |
| 88 const Extension* extension, | 99 const Extension* extension, |
| 89 std::string* error) { | 100 std::string* error) { |
| 101 if (extension && |
| 102 extension->permissions_data()->IsRuntimeBlockedHost(document_url)) { |
| 103 *error = manifest_errors::kCannotAccessPage; |
| 104 return true; |
| 105 } |
| 90 if (extension && CanExecuteScriptEverywhere(extension)) | 106 if (extension && CanExecuteScriptEverywhere(extension)) |
| 91 return false; | 107 return false; |
| 92 | 108 |
| 93 // Check if the scheme is valid for extensions. If not, return. | 109 // Check if the scheme is valid for extensions. If not, return. |
| 94 if (!URLPattern::IsValidSchemeForExtensions(document_url.scheme()) && | 110 if (!URLPattern::IsValidSchemeForExtensions(document_url.scheme()) && |
| 95 document_url.spec() != url::kAboutBlankURL) { | 111 document_url.spec() != url::kAboutBlankURL) { |
| 96 if (error) { | 112 if (error) { |
| 97 if (extension->permissions_data()->active_permissions().HasAPIPermission( | 113 if (extension->permissions_data()->active_permissions().HasAPIPermission( |
| 98 APIPermission::kTab)) { | 114 APIPermission::kTab)) { |
| 99 *error = ErrorUtils::FormatErrorMessage( | 115 *error = ErrorUtils::FormatErrorMessage( |
| (...skipping 20 matching lines...) Expand all Loading... |
| 120 if (extension && document_url.SchemeIs(kExtensionScheme) && | 136 if (extension && document_url.SchemeIs(kExtensionScheme) && |
| 121 document_url.host() != extension->id() && !allow_on_chrome_urls) { | 137 document_url.host() != extension->id() && !allow_on_chrome_urls) { |
| 122 if (error) | 138 if (error) |
| 123 *error = manifest_errors::kCannotAccessExtensionUrl; | 139 *error = manifest_errors::kCannotAccessExtensionUrl; |
| 124 return true; | 140 return true; |
| 125 } | 141 } |
| 126 | 142 |
| 127 return false; | 143 return false; |
| 128 } | 144 } |
| 129 | 145 |
| 146 bool PermissionsData::UsesDefaultPolicyHostRestrictions() const { |
| 147 DCHECK(!thread_checker_ || thread_checker_->CalledOnValidThread()); |
| 148 return uses_default_policy_host_restrictions; |
| 149 } |
| 150 |
| 151 const URLPatternSet& PermissionsData::default_policy_blocked_hosts() { |
| 152 return default_runtime_policy.Get().blocked_hosts; |
| 153 } |
| 154 |
| 155 const URLPatternSet& PermissionsData::default_policy_allowed_hosts() { |
| 156 return default_runtime_policy.Get().allowed_hosts; |
| 157 } |
| 158 |
| 159 const URLPatternSet& PermissionsData::policy_blocked_hosts() const { |
| 160 DCHECK(!thread_checker_ || thread_checker_->CalledOnValidThread()); |
| 161 if (uses_default_policy_host_restrictions) |
| 162 return default_policy_blocked_hosts(); |
| 163 return policy_blocked_hosts_unsafe; |
| 164 } |
| 165 |
| 166 const URLPatternSet& PermissionsData::policy_allowed_hosts() const { |
| 167 DCHECK(!thread_checker_ || thread_checker_->CalledOnValidThread()); |
| 168 if (uses_default_policy_host_restrictions) |
| 169 return default_policy_allowed_hosts(); |
| 170 return policy_allowed_hosts_unsafe; |
| 171 } |
| 172 |
| 130 void PermissionsData::BindToCurrentThread() const { | 173 void PermissionsData::BindToCurrentThread() const { |
| 131 DCHECK(!thread_checker_); | 174 DCHECK(!thread_checker_); |
| 132 thread_checker_.reset(new base::ThreadChecker()); | 175 thread_checker_.reset(new base::ThreadChecker()); |
| 133 } | 176 } |
| 134 | 177 |
| 135 void PermissionsData::SetPermissions( | 178 void PermissionsData::SetPermissions( |
| 136 std::unique_ptr<const PermissionSet> active, | 179 std::unique_ptr<const PermissionSet> active, |
| 137 std::unique_ptr<const PermissionSet> withheld) const { | 180 std::unique_ptr<const PermissionSet> withheld) const { |
| 138 AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get()); | 181 AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get()); |
| 139 active_permissions_unsafe_ = std::move(active); | 182 active_permissions_unsafe_ = std::move(active); |
| 140 withheld_permissions_unsafe_ = std::move(withheld); | 183 withheld_permissions_unsafe_ = std::move(withheld); |
| 141 } | 184 } |
| 142 | 185 |
| 186 void PermissionsData::SetPolicyHostRestrictions( |
| 187 const URLPatternSet& runtime_blocked_hosts, |
| 188 const URLPatternSet& runtime_allowed_hosts, |
| 189 const bool uses_default_policy_host_restrictions) const { |
| 190 AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get()); |
| 191 policy_blocked_hosts_unsafe = runtime_blocked_hosts; |
| 192 policy_allowed_hosts_unsafe = runtime_allowed_hosts; |
| 193 this->uses_default_policy_host_restrictions = |
| 194 uses_default_policy_host_restrictions; |
| 195 } |
| 196 |
| 197 // static |
| 198 void PermissionsData::SetDefaultPolicyHostRestrictions( |
| 199 const URLPatternSet& default_runtime_blocked_hosts, |
| 200 const URLPatternSet& default_runtime_allowed_hosts) { |
| 201 default_runtime_policy.Get().blocked_hosts = default_runtime_blocked_hosts; |
| 202 default_runtime_policy.Get().allowed_hosts = default_runtime_allowed_hosts; |
| 203 } |
| 204 |
| 143 void PermissionsData::SetActivePermissions( | 205 void PermissionsData::SetActivePermissions( |
| 144 std::unique_ptr<const PermissionSet> active) const { | 206 std::unique_ptr<const PermissionSet> active) const { |
| 145 AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get()); | 207 AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get()); |
| 146 active_permissions_unsafe_ = std::move(active); | 208 active_permissions_unsafe_ = std::move(active); |
| 147 } | 209 } |
| 148 | 210 |
| 149 void PermissionsData::UpdateTabSpecificPermissions( | 211 void PermissionsData::UpdateTabSpecificPermissions( |
| 150 int tab_id, | 212 int tab_id, |
| 151 const PermissionSet& permissions) const { | 213 const PermissionSet& permissions) const { |
| 152 AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get()); | 214 AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get()); |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 201 URLPatternSet PermissionsData::GetEffectiveHostPermissions() const { | 263 URLPatternSet PermissionsData::GetEffectiveHostPermissions() const { |
| 202 base::AutoLock auto_lock(runtime_lock_); | 264 base::AutoLock auto_lock(runtime_lock_); |
| 203 URLPatternSet effective_hosts = active_permissions_unsafe_->effective_hosts(); | 265 URLPatternSet effective_hosts = active_permissions_unsafe_->effective_hosts(); |
| 204 for (const auto& val : tab_specific_permissions_) | 266 for (const auto& val : tab_specific_permissions_) |
| 205 effective_hosts.AddPatterns(val.second->effective_hosts()); | 267 effective_hosts.AddPatterns(val.second->effective_hosts()); |
| 206 return effective_hosts; | 268 return effective_hosts; |
| 207 } | 269 } |
| 208 | 270 |
| 209 bool PermissionsData::HasHostPermission(const GURL& url) const { | 271 bool PermissionsData::HasHostPermission(const GURL& url) const { |
| 210 base::AutoLock auto_lock(runtime_lock_); | 272 base::AutoLock auto_lock(runtime_lock_); |
| 211 return active_permissions_unsafe_->HasExplicitAccessToOrigin(url); | 273 return active_permissions_unsafe_->HasExplicitAccessToOrigin(url) && |
| 274 !IsRuntimeBlockedHost(url); |
| 212 } | 275 } |
| 213 | 276 |
| 214 bool PermissionsData::HasEffectiveAccessToAllHosts() const { | 277 bool PermissionsData::HasEffectiveAccessToAllHosts() const { |
| 215 base::AutoLock auto_lock(runtime_lock_); | 278 base::AutoLock auto_lock(runtime_lock_); |
| 216 return active_permissions_unsafe_->HasEffectiveAccessToAllHosts(); | 279 return active_permissions_unsafe_->HasEffectiveAccessToAllHosts(); |
| 217 } | 280 } |
| 218 | 281 |
| 219 PermissionMessages PermissionsData::GetPermissionMessages() const { | 282 PermissionMessages PermissionsData::GetPermissionMessages() const { |
| 220 base::AutoLock auto_lock(runtime_lock_); | 283 base::AutoLock auto_lock(runtime_lock_); |
| 221 return PermissionMessageProvider::Get()->GetPermissionMessages( | 284 return PermissionMessageProvider::Get()->GetPermissionMessages( |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 320 if (tab_id >= 0) { | 383 if (tab_id >= 0) { |
| 321 const PermissionSet* tab_permissions = GetTabSpecificPermissions(tab_id); | 384 const PermissionSet* tab_permissions = GetTabSpecificPermissions(tab_id); |
| 322 if (tab_permissions && | 385 if (tab_permissions && |
| 323 tab_permissions->explicit_hosts().MatchesSecurityOrigin(url)) { | 386 tab_permissions->explicit_hosts().MatchesSecurityOrigin(url)) { |
| 324 return true; | 387 return true; |
| 325 } | 388 } |
| 326 } | 389 } |
| 327 return false; | 390 return false; |
| 328 } | 391 } |
| 329 | 392 |
| 393 bool PermissionsData::IsRuntimeBlockedHost(const GURL& url) const { |
| 394 return policy_blocked_hosts().MatchesURL(url) && |
| 395 !policy_allowed_hosts().MatchesURL(url); |
| 396 } |
| 397 |
| 330 PermissionsData::AccessType PermissionsData::CanRunOnPage( | 398 PermissionsData::AccessType PermissionsData::CanRunOnPage( |
| 331 const Extension* extension, | 399 const Extension* extension, |
| 332 const GURL& document_url, | 400 const GURL& document_url, |
| 333 int tab_id, | 401 int tab_id, |
| 334 const URLPatternSet& permitted_url_patterns, | 402 const URLPatternSet& permitted_url_patterns, |
| 335 const URLPatternSet& withheld_url_patterns, | 403 const URLPatternSet& withheld_url_patterns, |
| 336 std::string* error) const { | 404 std::string* error) const { |
| 337 runtime_lock_.AssertAcquired(); | 405 runtime_lock_.AssertAcquired(); |
| 338 if (g_policy_delegate && | 406 if (g_policy_delegate && |
| 339 !g_policy_delegate->CanExecuteScriptOnPage(extension, document_url, | 407 !g_policy_delegate->CanExecuteScriptOnPage(extension, document_url, |
| 340 tab_id, error)) { | 408 tab_id, error)) |
| 409 return ACCESS_DENIED; |
| 410 |
| 411 if (IsRuntimeBlockedHost(document_url)) { |
| 412 if (error) |
| 413 *error = |
| 414 "This page cannot be scripted due to an ExtensionsSettings policy."; |
| 341 return ACCESS_DENIED; | 415 return ACCESS_DENIED; |
| 342 } | 416 } |
| 343 | 417 |
| 344 if (IsRestrictedUrl(document_url, extension, error)) | 418 if (IsRestrictedUrl(document_url, extension, error)) |
| 345 return ACCESS_DENIED; | 419 return ACCESS_DENIED; |
| 346 | 420 |
| 347 if (HasTabSpecificPermissionToExecuteScript(tab_id, document_url)) | 421 if (HasTabSpecificPermissionToExecuteScript(tab_id, document_url)) |
| 348 return ACCESS_ALLOWED; | 422 return ACCESS_ALLOWED; |
| 349 | 423 |
| 350 if (permitted_url_patterns.MatchesURL(document_url)) | 424 if (permitted_url_patterns.MatchesURL(document_url)) |
| 351 return ACCESS_ALLOWED; | 425 return ACCESS_ALLOWED; |
| 352 | 426 |
| 353 if (withheld_url_patterns.MatchesURL(document_url)) | 427 if (withheld_url_patterns.MatchesURL(document_url)) |
| 354 return ACCESS_WITHHELD; | 428 return ACCESS_WITHHELD; |
| 355 | 429 |
| 356 if (error) { | 430 if (error) { |
| 357 if (extension->permissions_data()->active_permissions().HasAPIPermission( | 431 if (extension->permissions_data()->active_permissions().HasAPIPermission( |
| 358 APIPermission::kTab)) { | 432 APIPermission::kTab)) { |
| 359 *error = ErrorUtils::FormatErrorMessage( | 433 *error = ErrorUtils::FormatErrorMessage( |
| 360 manifest_errors::kCannotAccessPageWithUrl, document_url.spec()); | 434 manifest_errors::kCannotAccessPageWithUrl, document_url.spec()); |
| 361 } else { | 435 } else { |
| 362 *error = manifest_errors::kCannotAccessPage; | 436 *error = manifest_errors::kCannotAccessPage; |
| 363 } | 437 } |
| 364 } | 438 } |
| 365 | 439 |
| 366 return ACCESS_DENIED; | 440 return ACCESS_DENIED; |
| 367 } | 441 } |
| 368 | 442 |
| 369 } // namespace extensions | 443 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2499493004:
Communicate ExtensionSettings policy to renderers (Closed)
