Chromium Code Reviews Chromium Code Reviews
Issue 264923011:
Add a whitelist check for nacl-nonsfi mode (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/pepper_permission_util.h" | 5 #include "chrome/common/pepper_permission_util.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/sha1.h" | 10 #include "base/sha1.h" |
| 11 #include "base/strings/string_number_conversions.h" | 11 #include "base/strings/string_number_conversions.h" |
| 12 #include "base/strings/string_tokenizer.h" | 12 #include "base/strings/string_tokenizer.h" |
| 13 #include "extensions/common/constants.h" | 13 #include "extensions/common/constants.h" |
| 14 #include "extensions/common/extension.h" | 14 #include "extensions/common/extension.h" |
| 15 #include "extensions/common/extension_set.h" | 15 #include "extensions/common/extension_set.h" |
| 16 #include "extensions/common/manifest_handlers/shared_module_info.h" | 16 #include "extensions/common/manifest_handlers/shared_module_info.h" |
| 17 | 17 |
| 18 using extensions::Extension; | 18 using extensions::Extension; |
| 19 using extensions::Manifest; | 19 using extensions::Manifest; |
| 20 using extensions::SharedModuleInfo; | |
| 20 | 21 |
| 21 namespace chrome { | 22 namespace chrome { |
| 22 | 23 |
| 23 namespace { | 24 namespace { |
| 24 | 25 |
| 25 std::string HashHost(const std::string& host) { | 26 std::string HashHost(const std::string& host) { |
| 26 const std::string id_hash = base::SHA1HashString(host); | 27 const std::string id_hash = base::SHA1HashString(host); |
| 27 DCHECK_EQ(id_hash.length(), base::kSHA1Length); | 28 DCHECK_EQ(id_hash.length(), base::kSHA1Length); |
| 28 return base::HexEncode(id_hash.c_str(), id_hash.length()); | 29 return base::HexEncode(id_hash.c_str(), id_hash.length()); |
| 29 } | 30 } |
| (...skipping 13 matching lines...) Expand all Loading... | |
| 43 | 44 |
| 44 const std::string host = url.host(); | 45 const std::string host = url.host(); |
| 45 if (HostIsInSet(host, whitelist)) | 46 if (HostIsInSet(host, whitelist)) |
| 46 return true; | 47 return true; |
| 47 | 48 |
| 48 // Check the modules that are imported by this extension to see if any of them | 49 // Check the modules that are imported by this extension to see if any of them |
| 49 // is whitelisted. | 50 // is whitelisted. |
| 50 const Extension* extension = extension_set ? extension_set->GetByID(host) | 51 const Extension* extension = extension_set ? extension_set->GetByID(host) |
| 51 : NULL; | 52 : NULL; |
| 52 if (extension) { | 53 if (extension) { |
| 53 typedef std::vector<extensions::SharedModuleInfo::ImportInfo> | 54 typedef std::vector<SharedModuleInfo::ImportInfo> ImportInfoVector; |
| 54 ImportInfoVector; | 55 const ImportInfoVector& imports = SharedModuleInfo::GetImports(extension); |
| 55 const ImportInfoVector& imports = | |
| 56 extensions::SharedModuleInfo::GetImports(extension); | |
| 57 for (ImportInfoVector::const_iterator it = imports.begin(); | 56 for (ImportInfoVector::const_iterator it = imports.begin(); |
| 58 it != imports.end(); ++it) { | 57 it != imports.end(); ++it) { |
| 59 const Extension* imported_extension = extension_set->GetByID( | 58 const Extension* imported_extension = extension_set->GetByID( |
| 60 it->extension_id); | 59 it->extension_id); |
| 61 if (imported_extension && | 60 if (imported_extension && |
| 62 extensions::SharedModuleInfo::IsSharedModule(imported_extension) && | 61 SharedModuleInfo::IsSharedModule(imported_extension) && |
| 62 // We check the whitelist explicitly even though the extension should | |
|
Mark Seaborn
2014/05/03 01:37:59
I'm not familiar with this part of the code, so I'
elijahtaylor1
2014/05/06 05:56:15
Added some unit tests for this function.
| |
| 63 // never have been allowed installed in the first place if this fails. | |
|
Mark Seaborn
2014/05/03 01:37:59
"allowed to be installed"?
elijahtaylor1
2014/05/06 05:56:15
Done.
| |
| 64 SharedModuleInfo::IsExportAllowedByWhitelist(imported_extension, | |
| 65 host) && | |
| 63 HostIsInSet(it->extension_id, whitelist)) { | 66 HostIsInSet(it->extension_id, whitelist)) { |
| 64 return true; | 67 return true; |
| 65 } | 68 } |
| 66 } | 69 } |
| 67 } | 70 } |
| 68 | 71 |
| 69 return false; | 72 return false; |
| 70 } | 73 } |
| 71 | 74 |
| 72 bool IsHostAllowedByCommandLine(const GURL& url, | 75 bool IsHostAllowedByCommandLine(const GURL& url, |
| (...skipping 23 matching lines...) Expand all Loading... | |
| 96 base::StringTokenizer t(allowed_list, ","); | 99 base::StringTokenizer t(allowed_list, ","); |
| 97 while (t.GetNext()) { | 100 while (t.GetNext()) { |
| 98 if (t.token() == host) | 101 if (t.token() == host) |
| 99 return true; | 102 return true; |
| 100 } | 103 } |
| 101 | 104 |
| 102 return false; | 105 return false; |
| 103 } | 106 } |
| 104 | 107 |
| 105 } // namespace chrome | 108 } // namespace chrome |
| OLD | NEW |
