Chromium Code Reviews Chromium Code Reviews
Issue 264923011:
Add a whitelist check for nacl-nonsfi mode (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/pepper_permission_util.h" | 5 #include "chrome/common/pepper_permission_util.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/sha1.h" | 10 #include "base/sha1.h" |
| 11 #include "base/strings/string_number_conversions.h" | 11 #include "base/strings/string_number_conversions.h" |
| 12 #include "base/strings/string_tokenizer.h" | 12 #include "base/strings/string_tokenizer.h" |
| 13 #include "extensions/common/constants.h" | 13 #include "extensions/common/constants.h" |
| 14 #include "extensions/common/extension.h" | 14 #include "extensions/common/extension.h" |
| 15 #include "extensions/common/extension_set.h" | 15 #include "extensions/common/extension_set.h" |
| 16 #include "extensions/common/manifest_handlers/shared_module_info.h" | 16 #include "extensions/common/manifest_handlers/shared_module_info.h" |
| 17 | 17 |
| 18 using extensions::Extension; | 18 using extensions::Extension; |
| 19 using extensions::Manifest; | 19 using extensions::Manifest; |
| 20 using extensions::SharedModuleInfo; | |
| 20 | 21 |
| 21 namespace chrome { | 22 namespace chrome { |
| 22 | 23 |
| 23 namespace { | 24 namespace { |
| 24 | 25 |
| 25 std::string HashHost(const std::string& host) { | 26 std::string HashHost(const std::string& host) { |
| 26 const std::string id_hash = base::SHA1HashString(host); | 27 const std::string id_hash = base::SHA1HashString(host); |
| 27 DCHECK_EQ(id_hash.length(), base::kSHA1Length); | 28 DCHECK_EQ(id_hash.length(), base::kSHA1Length); |
| 28 return base::HexEncode(id_hash.c_str(), id_hash.length()); | 29 return base::HexEncode(id_hash.c_str(), id_hash.length()); |
| 29 } | 30 } |
| (...skipping 12 matching lines...) Expand all Loading... | |
| 42 return false; | 43 return false; |
| 43 | 44 |
| 44 const std::string host = url.host(); | 45 const std::string host = url.host(); |
| 45 if (HostIsInSet(host, whitelist)) | 46 if (HostIsInSet(host, whitelist)) |
| 46 return true; | 47 return true; |
| 47 | 48 |
| 48 // Check the modules that are imported by this extension to see if any of them | 49 // Check the modules that are imported by this extension to see if any of them |
| 49 // is whitelisted. | 50 // is whitelisted. |
| 50 const Extension* extension = extension_set ? extension_set->GetByID(host) | 51 const Extension* extension = extension_set ? extension_set->GetByID(host) |
| 51 : NULL; | 52 : NULL; |
| 52 if (extension) { | 53 if (!extension) |
| 53 typedef std::vector<extensions::SharedModuleInfo::ImportInfo> | 54 return false; |
| 54 ImportInfoVector; | 55 |
| 55 const ImportInfoVector& imports = | 56 typedef std::vector<SharedModuleInfo::ImportInfo> ImportInfoVector; |
|
Tom Sepez
2014/05/09 19:27:32
nit: pity this typedef isn't in shared_module_info
elijahtaylor1
2014/05/09 19:31:24
I agree. I will save this for a future change (as
| |
| 56 extensions::SharedModuleInfo::GetImports(extension); | 57 const ImportInfoVector& imports = SharedModuleInfo::GetImports(extension); |
| 57 for (ImportInfoVector::const_iterator it = imports.begin(); | 58 for (ImportInfoVector::const_iterator it = imports.begin(); |
| 58 it != imports.end(); ++it) { | 59 it != imports.end(); |
| 59 const Extension* imported_extension = extension_set->GetByID( | 60 ++it) { |
| 60 it->extension_id); | 61 const Extension* imported_extension = |
| 61 if (imported_extension && | 62 extension_set->GetByID(it->extension_id); |
| 62 extensions::SharedModuleInfo::IsSharedModule(imported_extension) && | 63 if (imported_extension && |
| 63 HostIsInSet(it->extension_id, whitelist)) { | 64 SharedModuleInfo::IsSharedModule(imported_extension) && |
| 64 return true; | 65 // We check the whitelist explicitly even though the extension should |
| 65 } | 66 // never have been allowed to be installed in the first place if this |
| 67 // fails. See SharedModuleService::CheckImports for details. | |
| 68 SharedModuleInfo::IsExportAllowedByWhitelist(imported_extension, | |
| 69 host) && | |
| 70 HostIsInSet(it->extension_id, whitelist)) { | |
| 71 return true; | |
| 66 } | 72 } |
| 67 } | 73 } |
| 68 | 74 |
| 69 return false; | 75 return false; |
| 70 } | 76 } |
| 71 | 77 |
| 72 bool IsHostAllowedByCommandLine(const GURL& url, | 78 bool IsHostAllowedByCommandLine(const GURL& url, |
| 73 const extensions::ExtensionSet* extension_set, | 79 const extensions::ExtensionSet* extension_set, |
| 74 const char* command_line_switch) { | 80 const char* command_line_switch) { |
| 75 if (!url.is_valid()) | 81 if (!url.is_valid()) |
| (...skipping 20 matching lines...) Expand all Loading... | |
| 96 base::StringTokenizer t(allowed_list, ","); | 102 base::StringTokenizer t(allowed_list, ","); |
| 97 while (t.GetNext()) { | 103 while (t.GetNext()) { |
| 98 if (t.token() == host) | 104 if (t.token() == host) |
| 99 return true; | 105 return true; |
| 100 } | 106 } |
| 101 | 107 |
| 102 return false; | 108 return false; |
| 103 } | 109 } |
| 104 | 110 |
| 105 } // namespace chrome | 111 } // namespace chrome |
| OLD | NEW |
