Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(5)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/pepper_permission_util.cc

Issue 264923011: Add a whitelist check for nacl-nonsfi mode (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: add includes (windows compile fail) Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/common/pepper_permission_util.h ('k') | chrome/common/pepper_permission_util_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/common/pepper_permission_util.h" 5 #include "chrome/common/pepper_permission_util.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/sha1.h" 10 #include "base/sha1.h"
11 #include "base/strings/string_number_conversions.h" 11 #include "base/strings/string_number_conversions.h"
12 #include "base/strings/string_tokenizer.h" 12 #include "base/strings/string_tokenizer.h"
13 #include "extensions/common/constants.h" 13 #include "extensions/common/constants.h"
14 #include "extensions/common/extension.h" 14 #include "extensions/common/extension.h"
15 #include "extensions/common/extension_set.h" 15 #include "extensions/common/extension_set.h"
16 #include "extensions/common/manifest_handlers/shared_module_info.h" 16 #include "extensions/common/manifest_handlers/shared_module_info.h"
17 17
18 using extensions::Extension; 18 using extensions::Extension;
19 using extensions::Manifest; 19 using extensions::Manifest;
20 using extensions::SharedModuleInfo;
20 21
21 namespace chrome { 22 namespace chrome {
22 23
23 namespace { 24 namespace {
24 25
25 std::string HashHost(const std::string& host) { 26 std::string HashHost(const std::string& host) {
26 const std::string id_hash = base::SHA1HashString(host); 27 const std::string id_hash = base::SHA1HashString(host);
27 DCHECK_EQ(id_hash.length(), base::kSHA1Length); 28 DCHECK_EQ(id_hash.length(), base::kSHA1Length);
28 return base::HexEncode(id_hash.c_str(), id_hash.length()); 29 return base::HexEncode(id_hash.c_str(), id_hash.length());
29 } 30 }
(...skipping 12 matching lines...) Expand all
42 return false; 43 return false;
43 44
44 const std::string host = url.host(); 45 const std::string host = url.host();
45 if (HostIsInSet(host, whitelist)) 46 if (HostIsInSet(host, whitelist))
46 return true; 47 return true;
47 48
48 // Check the modules that are imported by this extension to see if any of them 49 // Check the modules that are imported by this extension to see if any of them
49 // is whitelisted. 50 // is whitelisted.
50 const Extension* extension = extension_set ? extension_set->GetByID(host) 51 const Extension* extension = extension_set ? extension_set->GetByID(host)
51 : NULL; 52 : NULL;
52 if (extension) { 53 if (!extension)
53 typedef std::vector<extensions::SharedModuleInfo::ImportInfo> 54 return false;
54 ImportInfoVector; 55
55 const ImportInfoVector& imports = 56 typedef std::vector<SharedModuleInfo::ImportInfo> ImportInfoVector;
56 extensions::SharedModuleInfo::GetImports(extension); 57 const ImportInfoVector& imports = SharedModuleInfo::GetImports(extension);
57 for (ImportInfoVector::const_iterator it = imports.begin(); 58 for (ImportInfoVector::const_iterator it = imports.begin();
58 it != imports.end(); ++it) { 59 it != imports.end();
59 const Extension* imported_extension = extension_set->GetByID( 60 ++it) {
60 it->extension_id); 61 const Extension* imported_extension =
61 if (imported_extension && 62 extension_set->GetByID(it->extension_id);
62 extensions::SharedModuleInfo::IsSharedModule(imported_extension) && 63 if (imported_extension &&
63 HostIsInSet(it->extension_id, whitelist)) { 64 SharedModuleInfo::IsSharedModule(imported_extension) &&
64 return true; 65 // We check the whitelist explicitly even though the extension should
65 } 66 // never have been allowed to be installed in the first place if this
67 // fails. See SharedModuleService::CheckImports for details.
68 SharedModuleInfo::IsExportAllowedByWhitelist(imported_extension,
69 host) &&
70 HostIsInSet(it->extension_id, whitelist)) {
71 return true;
66 } 72 }
67 } 73 }
68 74
69 return false; 75 return false;
70 } 76 }
71 77
72 bool IsHostAllowedByCommandLine(const GURL& url, 78 bool IsHostAllowedByCommandLine(const GURL& url,
73 const extensions::ExtensionSet* extension_set, 79 const extensions::ExtensionSet* extension_set,
74 const char* command_line_switch) { 80 const char* command_line_switch) {
75 if (!url.is_valid()) 81 if (!url.is_valid())
(...skipping 20 matching lines...) Expand all
96 base::StringTokenizer t(allowed_list, ","); 102 base::StringTokenizer t(allowed_list, ",");
97 while (t.GetNext()) { 103 while (t.GetNext()) {
98 if (t.token() == host) 104 if (t.token() == host)
99 return true; 105 return true;
100 } 106 }
101 107
102 return false; 108 return false;
103 } 109 }
104 110
105 } // namespace chrome 111 } // namespace chrome
OLDNEW
« no previous file with comments | « chrome/common/pepper_permission_util.h ('k') | chrome/common/pepper_permission_util_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698