| OLD | NEW |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/chrome_content_browser_client_extensions_par
t.h" | 5 #include "chrome/browser/extensions/chrome_content_browser_client_extensions_par
t.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <set> | 9 #include <set> |
| 10 | 10 |
| 11 #include "base/command_line.h" | 11 #include "base/command_line.h" |
| 12 #include "base/metrics/histogram_macros.h" |
| 12 #include "chrome/browser/browser_process.h" | 13 #include "chrome/browser/browser_process.h" |
| 13 #include "chrome/browser/extensions/extension_service.h" | 14 #include "chrome/browser/extensions/extension_service.h" |
| 14 #include "chrome/browser/extensions/extension_web_ui.h" | 15 #include "chrome/browser/extensions/extension_web_ui.h" |
| 15 #include "chrome/browser/extensions/extension_webkit_preferences.h" | 16 #include "chrome/browser/extensions/extension_webkit_preferences.h" |
| 16 #include "chrome/browser/media_galleries/fileapi/media_file_system_backend.h" | 17 #include "chrome/browser/media_galleries/fileapi/media_file_system_backend.h" |
| 17 #include "chrome/browser/profiles/profile.h" | 18 #include "chrome/browser/profiles/profile.h" |
| 18 #include "chrome/browser/profiles/profile_io_data.h" | 19 #include "chrome/browser/profiles/profile_io_data.h" |
| 19 #include "chrome/browser/profiles/profile_manager.h" | 20 #include "chrome/browser/profiles/profile_manager.h" |
| 20 #include "chrome/browser/renderer_host/chrome_extension_message_filter.h" | 21 #include "chrome/browser/renderer_host/chrome_extension_message_filter.h" |
| 21 #include "chrome/browser/sync_file_system/local/sync_file_system_backend.h" | 22 #include "chrome/browser/sync_file_system/local/sync_file_system_backend.h" |
| 22 #include "chrome/common/chrome_constants.h" | 23 #include "chrome/common/chrome_constants.h" |
| 23 #include "chrome/common/chrome_switches.h" | 24 #include "chrome/common/chrome_switches.h" |
| 24 #include "chrome/common/extensions/extension_process_policy.h" | 25 #include "chrome/common/extensions/extension_process_policy.h" |
| 26 #include "chrome/common/url_constants.h" |
| 25 #include "components/guest_view/browser/guest_view_message_filter.h" | 27 #include "components/guest_view/browser/guest_view_message_filter.h" |
| 26 #include "content/public/browser/browser_thread.h" | 28 #include "content/public/browser/browser_thread.h" |
| 27 #include "content/public/browser/browser_url_handler.h" | 29 #include "content/public/browser/browser_url_handler.h" |
| 28 #include "content/public/browser/render_process_host.h" | 30 #include "content/public/browser/render_process_host.h" |
| 29 #include "content/public/browser/render_view_host.h" | 31 #include "content/public/browser/render_view_host.h" |
| 30 #include "content/public/browser/resource_dispatcher_host.h" | 32 #include "content/public/browser/resource_dispatcher_host.h" |
| 31 #include "content/public/browser/site_instance.h" | 33 #include "content/public/browser/site_instance.h" |
| 32 #include "content/public/browser/vpn_service_proxy.h" | 34 #include "content/public/browser/vpn_service_proxy.h" |
| 33 #include "content/public/browser/web_contents.h" | 35 #include "content/public/browser/web_contents.h" |
| 34 #include "content/public/common/content_switches.h" | 36 #include "content/public/common/content_switches.h" |
| 37 #include "content/public/common/url_constants.h" |
| 35 #include "extensions/browser/api/web_request/web_request_api.h" | 38 #include "extensions/browser/api/web_request/web_request_api.h" |
| 36 #include "extensions/browser/api/web_request/web_request_api_helpers.h" | 39 #include "extensions/browser/api/web_request/web_request_api_helpers.h" |
| 37 #include "extensions/browser/bad_message.h" | 40 #include "extensions/browser/bad_message.h" |
| 38 #include "extensions/browser/extension_host.h" | 41 #include "extensions/browser/extension_host.h" |
| 39 #include "extensions/browser/extension_message_filter.h" | 42 #include "extensions/browser/extension_message_filter.h" |
| 40 #include "extensions/browser/extension_registry.h" | 43 #include "extensions/browser/extension_registry.h" |
| 41 #include "extensions/browser/extension_service_worker_message_filter.h" | 44 #include "extensions/browser/extension_service_worker_message_filter.h" |
| 42 #include "extensions/browser/extension_system.h" | 45 #include "extensions/browser/extension_system.h" |
| 43 #include "extensions/browser/guest_view/extensions_guest_view_message_filter.h" | 46 #include "extensions/browser/guest_view/extensions_guest_view_message_filter.h" |
| 44 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h" | 47 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h" |
| (...skipping 30 matching lines...) Expand all Loading... |
| 75 // below. Extension, and isolated apps require different privileges to be | 78 // below. Extension, and isolated apps require different privileges to be |
| 76 // granted to their RenderProcessHosts. This classification allows us to make | 79 // granted to their RenderProcessHosts. This classification allows us to make |
| 77 // sure URLs are served by hosts with the right set of privileges. | 80 // sure URLs are served by hosts with the right set of privileges. |
| 78 enum RenderProcessHostPrivilege { | 81 enum RenderProcessHostPrivilege { |
| 79 PRIV_NORMAL, | 82 PRIV_NORMAL, |
| 80 PRIV_HOSTED, | 83 PRIV_HOSTED, |
| 81 PRIV_ISOLATED, | 84 PRIV_ISOLATED, |
| 82 PRIV_EXTENSION, | 85 PRIV_EXTENSION, |
| 83 }; | 86 }; |
| 84 | 87 |
| 88 // Specifies reasons why web-accessible resource checks in ShouldAllowOpenURL |
| 89 // might fail. |
| 90 // |
| 91 // This enum backs an UMA histogram. The order of existing values |
| 92 // should not be changed, and new values should only be added before |
| 93 // FAILURE_LAST. |
| 94 enum ShouldAllowOpenURLFailureReason { |
| 95 FAILURE_FILE_SYSTEM_URL = 0, |
| 96 FAILURE_BLOB_URL, |
| 97 FAILURE_SCHEME_NOT_HTTP_OR_HTTPS_OR_EXTENSION, |
| 98 FAILURE_RESOURCE_NOT_WEB_ACCESSIBLE, |
| 99 FAILURE_LAST, |
| 100 }; |
| 101 |
| 85 RenderProcessHostPrivilege GetPrivilegeRequiredByUrl( | 102 RenderProcessHostPrivilege GetPrivilegeRequiredByUrl( |
| 86 const GURL& url, | 103 const GURL& url, |
| 87 ExtensionRegistry* registry) { | 104 ExtensionRegistry* registry) { |
| 88 // Default to a normal renderer cause it is lower privileged. This should only | 105 // Default to a normal renderer cause it is lower privileged. This should only |
| 89 // occur if the URL on a site instance is either malformed, or uninitialized. | 106 // occur if the URL on a site instance is either malformed, or uninitialized. |
| 90 // If it is malformed, then there is no need for better privileges anyways. | 107 // If it is malformed, then there is no need for better privileges anyways. |
| 91 // If it is uninitialized, but eventually settles on being an a scheme other | 108 // If it is uninitialized, but eventually settles on being an a scheme other |
| 92 // than normal webrenderer, the navigation logic will correct us out of band | 109 // than normal webrenderer, the navigation logic will correct us out of band |
| 93 // anyways. | 110 // anyways. |
| 94 if (!url.is_valid()) | 111 if (!url.is_valid()) |
| (...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 189 DCHECK(origin.SchemeIs(extensions::kExtensionScheme)); | 206 DCHECK(origin.SchemeIs(extensions::kExtensionScheme)); |
| 190 | 207 |
| 191 if (IsIllegalOrigin(resource_context, child_id, origin)) { | 208 if (IsIllegalOrigin(resource_context, child_id, origin)) { |
| 192 // TODO(ananta): Find a way to specify the right error code here. | 209 // TODO(ananta): Find a way to specify the right error code here. |
| 193 callback.Run(false, 0); | 210 callback.Run(false, 0); |
| 194 } else { | 211 } else { |
| 195 callback.Run(true, 0); | 212 callback.Run(true, 0); |
| 196 } | 213 } |
| 197 } | 214 } |
| 198 | 215 |
| 216 void RecordShowAllowOpenURLFailure(ShouldAllowOpenURLFailureReason reason) { |
| 217 UMA_HISTOGRAM_ENUMERATION("Extensions.ShouldAllowOpenURL.Failure", reason, |
| 218 FAILURE_LAST); |
| 219 } |
| 220 |
| 199 } // namespace | 221 } // namespace |
| 200 | 222 |
| 201 ChromeContentBrowserClientExtensionsPart:: | 223 ChromeContentBrowserClientExtensionsPart:: |
| 202 ChromeContentBrowserClientExtensionsPart() { | 224 ChromeContentBrowserClientExtensionsPart() { |
| 203 } | 225 } |
| 204 | 226 |
| 205 ChromeContentBrowserClientExtensionsPart:: | 227 ChromeContentBrowserClientExtensionsPart:: |
| 206 ~ChromeContentBrowserClientExtensionsPart() { | 228 ~ChromeContentBrowserClientExtensionsPart() { |
| 207 } | 229 } |
| 208 | 230 |
| (...skipping 280 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 489 const Extension* extension = | 511 const Extension* extension = |
| 490 extension_info_map->extensions().GetExtensionOrAppByURL(first_party_url); | 512 extension_info_map->extensions().GetExtensionOrAppByURL(first_party_url); |
| 491 // Don't allow a service worker for an extension url with no extension (this | 513 // Don't allow a service worker for an extension url with no extension (this |
| 492 // could happen in the case of, e.g., an unloaded extension). | 514 // could happen in the case of, e.g., an unloaded extension). |
| 493 return extension != nullptr; | 515 return extension != nullptr; |
| 494 } | 516 } |
| 495 | 517 |
| 496 // static | 518 // static |
| 497 bool ChromeContentBrowserClientExtensionsPart::ShouldAllowOpenURL( | 519 bool ChromeContentBrowserClientExtensionsPart::ShouldAllowOpenURL( |
| 498 content::SiteInstance* site_instance, | 520 content::SiteInstance* site_instance, |
| 499 const GURL& from_url, | |
| 500 const GURL& to_url, | 521 const GURL& to_url, |
| 501 bool* result) { | 522 bool* result) { |
| 502 DCHECK(result); | 523 DCHECK(result); |
| 503 | 524 |
| 525 // Using url::Origin is important to properly handle blob: and filesystem: |
| 526 // URLs. |
| 527 url::Origin to_origin(to_url); |
| 528 if (to_origin.scheme() != kExtensionScheme) { |
| 529 // We're not responsible for protecting this resource. Note that hosted |
| 530 // apps fall into this category. |
| 531 return false; |
| 532 } |
| 533 |
| 504 // Do not allow pages from the web or other extensions navigate to | 534 // Do not allow pages from the web or other extensions navigate to |
| 505 // non-web-accessible extension resources. | 535 // non-web-accessible extension resources. |
| 506 if (to_url.SchemeIs(kExtensionScheme) && | |
| 507 (from_url.SchemeIsHTTPOrHTTPS() || from_url.SchemeIs(kExtensionScheme))) { | |
| 508 Profile* profile = Profile::FromBrowserContext( | |
| 509 site_instance->GetProcess()->GetBrowserContext()); | |
| 510 ExtensionRegistry* registry = ExtensionRegistry::Get(profile); | |
| 511 if (!registry) { | |
| 512 *result = true; | |
| 513 return true; | |
| 514 } | |
| 515 const Extension* extension = | |
| 516 registry->enabled_extensions().GetExtensionOrAppByURL(to_url); | |
| 517 if (!extension) { | |
| 518 *result = true; | |
| 519 return true; | |
| 520 } | |
| 521 const Extension* from_extension = | |
| 522 registry->enabled_extensions().GetExtensionOrAppByURL( | |
| 523 site_instance->GetSiteURL()); | |
| 524 if (from_extension && from_extension->id() == extension->id()) { | |
| 525 *result = true; | |
| 526 return true; | |
| 527 } | |
| 528 | 536 |
| 529 if (!WebAccessibleResourcesInfo::IsResourceWebAccessible( | 537 ExtensionRegistry* registry = |
| 530 extension, to_url.path())) { | 538 ExtensionRegistry::Get(site_instance->GetBrowserContext()); |
| 531 *result = false; | 539 const Extension* to_extension = |
| 532 return true; | 540 registry->enabled_extensions().GetByID(to_origin.host()); |
| 533 } | 541 if (!to_extension) { |
| 542 *result = true; |
| 543 return true; |
| 534 } | 544 } |
| 535 return false; | 545 |
| 546 GURL site_url(site_instance->GetSiteURL()); |
| 547 const Extension* from_extension = |
| 548 registry->enabled_extensions().GetExtensionOrAppByURL(site_url); |
| 549 if (from_extension && from_extension == to_extension) { |
| 550 *result = true; |
| 551 return true; |
| 552 } |
| 553 |
| 554 // Blob and filesystem URLs are never considered web-accessible. See |
| 555 // https://crbug.com/656752. |
| 556 if (to_url.SchemeIsFileSystem() || to_url.SchemeIsBlob()) { |
| 557 if (to_url.SchemeIsFileSystem()) |
| 558 RecordShowAllowOpenURLFailure(FAILURE_FILE_SYSTEM_URL); |
| 559 else |
| 560 RecordShowAllowOpenURLFailure(FAILURE_BLOB_URL); |
| 561 |
| 562 *result = false; |
| 563 return true; |
| 564 } |
| 565 |
| 566 // Navigations from chrome:// or chrome-search:// pages need to be allowed, |
| 567 // even if |to_url| is not web-accessible. See https://crbug.com/662602. |
| 568 // |
| 569 // Note that this is intentionally done after the check for blob: and |
| 570 // filesystem: URLs above, for consistency with the renderer-side checks |
| 571 // which already disallow navigations from chrome URLs to blob/filesystem |
| 572 // URLs. |
| 573 if (site_url.SchemeIs(content::kChromeUIScheme) || |
| 574 site_url.SchemeIs(chrome::kChromeSearchScheme)) { |
| 575 *result = true; |
| 576 return true; |
| 577 } |
| 578 |
| 579 if (WebAccessibleResourcesInfo::IsResourceWebAccessible(to_extension, |
| 580 to_url.path())) { |
| 581 *result = true; |
| 582 return true; |
| 583 } |
| 584 |
| 585 if (!site_url.SchemeIsHTTPOrHTTPS() && !site_url.SchemeIs(kExtensionScheme)) { |
| 586 // Previous version of this function skipped the web-accessible |
| 587 // resource checks in this case. Collect data to see how often this |
| 588 // happened. |
| 589 RecordShowAllowOpenURLFailure( |
| 590 FAILURE_SCHEME_NOT_HTTP_OR_HTTPS_OR_EXTENSION); |
| 591 } else { |
| 592 RecordShowAllowOpenURLFailure(FAILURE_RESOURCE_NOT_WEB_ACCESSIBLE); |
| 593 } |
| 594 |
| 595 *result = false; |
| 596 return true; |
| 536 } | 597 } |
| 537 | 598 |
| 538 // static | 599 // static |
| 539 std::unique_ptr<content::VpnServiceProxy> | 600 std::unique_ptr<content::VpnServiceProxy> |
| 540 ChromeContentBrowserClientExtensionsPart::GetVpnServiceProxy( | 601 ChromeContentBrowserClientExtensionsPart::GetVpnServiceProxy( |
| 541 content::BrowserContext* browser_context) { | 602 content::BrowserContext* browser_context) { |
| 542 #if defined(OS_CHROMEOS) | 603 #if defined(OS_CHROMEOS) |
| 543 chromeos::VpnService* vpn_service = | 604 chromeos::VpnService* vpn_service = |
| 544 chromeos::VpnServiceFactory::GetForBrowserContext(browser_context); | 605 chromeos::VpnServiceFactory::GetForBrowserContext(browser_context); |
| 545 if (!vpn_service) | 606 if (!vpn_service) |
| (...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 693 } | 754 } |
| 694 } | 755 } |
| 695 } | 756 } |
| 696 | 757 |
| 697 void ChromeContentBrowserClientExtensionsPart::ResourceDispatcherHostCreated() { | 758 void ChromeContentBrowserClientExtensionsPart::ResourceDispatcherHostCreated() { |
| 698 content::ResourceDispatcherHost::Get()->RegisterInterceptor( | 759 content::ResourceDispatcherHost::Get()->RegisterInterceptor( |
| 699 "Origin", kExtensionScheme, base::Bind(&OnHttpHeaderReceived)); | 760 "Origin", kExtensionScheme, base::Bind(&OnHttpHeaderReceived)); |
| 700 } | 761 } |
| 701 | 762 |
| 702 } // namespace extensions | 763 } // namespace extensions |
| OLD | NEW |