Enable file_handlers and chrome.app.runtime for QuickOffice.

extensions/common/features/simple_feature.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/common/features/simple_feature.h"
 
 #include <map>
 #include <vector>
 
 #include "base/command_line.h"
@@ skipping 209 matching lines @@
   DCHECK(id_hash.length() == base::kSHA1Length);
   return base::HexEncode(id_hash.c_str(), id_hash.length());
 }
 
 }  // namespace
 
 SimpleFeature::SimpleFeature()
     : location_(UNSPECIFIED_LOCATION),
       min_manifest_version_(0),
       max_manifest_version_(0),
-      has_parent_(false) {}
+      has_parent_(false),
+      component_extensions_auto_whitelisted_(true) {}
 
 SimpleFeature::~SimpleFeature() {}
 
 void SimpleFeature::AddFilter(scoped_ptr<SimpleFeatureFilter> filter) {
   filters_.push_back(make_linked_ptr(filter.release()));
 }
 
 std::string SimpleFeature::Parse(const base::DictionaryValue* value) {
   ParseURLPatterns(value, "matches", &matches_);
+  ParseSet(value, "blacklist", &blacklist_);
   ParseSet(value, "whitelist", &whitelist_);
   ParseSet(value, "dependencies", &dependencies_);
   ParseEnumSet<Manifest::Type>(value, "extension_types", &extension_types_,
                                 g_mappings.Get().extension_types);
   ParseEnumSet<Context>(value, "contexts", &contexts_,
                         g_mappings.Get().contexts);
   ParseEnum<Location>(value, "location", &location_,
                       g_mappings.Get().locations);
   ParseEnumSet<Platform>(value, "platforms", &platforms_,
                          g_mappings.Get().platforms);
   value->GetInteger("min_manifest_version", &min_manifest_version_);
   value->GetInteger("max_manifest_version", &max_manifest_version_);
 
   no_parent_ = false;
   value->GetBoolean("noparent", &no_parent_);
 
+  component_extensions_auto_whitelisted_ = true;
+  value->GetBoolean("component_extensions_auto_whitelisted",
+                    &component_extensions_auto_whitelisted_);
+
   if (matches_.is_empty() && contexts_.count(WEB_PAGE_CONTEXT) != 0) {
     return name() + ": Allowing web_page contexts requires supplying a value " +
         "for matches.";
   }
 
   for (FilterList::iterator filter_iter = filters_.begin();
        filter_iter != filters_.end();
        ++filter_iter) {
     std::string result = (*filter_iter)->Parse(value);
     if (!result.empty()) {
@@ skipping 14 matching lines @@
   // to component extensions.
   // HACK(kalman): user script -> extension. Solve this in a more generic way
   // when we compile feature files.
   Manifest::Type type_to_check = (type == Manifest::TYPE_USER_SCRIPT) ?
       Manifest::TYPE_EXTENSION : type;
   if (!extension_types_.empty() &&
       extension_types_.find(type_to_check) == extension_types_.end()) {
     return CreateAvailability(INVALID_TYPE, type);
   }
 
-  // Component extensions can access any feature.
-  // TODO(kalman/asargent): Should this match EXTERNAL_COMPONENT too?
-  if (location == Manifest::COMPONENT)
+  if (IsIdInBlacklist(extension_id))
+    return CreateAvailability(FOUND_IN_BLACKLIST, type);
+
+  // TODO(benwells): don't auto whitelist all component extensions.
+  // See http://crbug.com/370375 for more details.

[not at google - send to devlin, 2014/05/06 23:04:03]

this is pretty hacky. I've been working on trying to cut out the component auto
whitelist again but it's tricky, so, let's just do this for now. It's not too
invasive.

+  if (component_extensions_auto_whitelisted_ && location == Manifest::COMPONENT)
     return CreateAvailability(IS_AVAILABLE, type);
 
   if (!whitelist_.empty()) {
     if (!IsIdInWhitelist(extension_id)) {
       // TODO(aa): This is gross. There should be a better way to test the
       // whitelist.
       CommandLine* command_line = CommandLine::ForCurrentProcess();
       if (!command_line->HasSwitch(switches::kWhitelistedExtensionID))
         return CreateAvailability(NOT_FOUND_IN_WHITELIST, type);
 
       std::string whitelist_switch_value =
           CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
               switches::kWhitelistedExtensionID);
       if (extension_id != whitelist_switch_value)
         return CreateAvailability(NOT_FOUND_IN_WHITELIST, type);
     }
   }
 
+  // Component extensions can access any feature.
+  // TODO(kalman/asargent): Should this match EXTERNAL_COMPONENT too?

[not at google - send to devlin, 2014/05/06 23:04:03]

hey could you change this TODO to be instead:

NOTE: Deliberately does not match EXTERNAL_COMPONENT.

+  if (location == Manifest::COMPONENT)
+    return CreateAvailability(IS_AVAILABLE, type);
+
   if (!MatchesManifestLocation(location))
     return CreateAvailability(INVALID_LOCATION, type);
 
   if (!platforms_.empty() &&
       platforms_.find(platform) == platforms_.end())
     return CreateAvailability(INVALID_PLATFORM, type);
 
   if (min_manifest_version_ != 0 && manifest_version < min_manifest_version_)
     return CreateAvailability(INVALID_MIN_MANIFEST_VERSION, type);
 
@@ skipping 47 matching lines @@
 
 std::string SimpleFeature::GetAvailabilityMessage(
     AvailabilityResult result,
     Manifest::Type type,
     const GURL& url,
     Context context) const {
   switch (result) {
     case IS_AVAILABLE:
       return std::string();
     case NOT_FOUND_IN_WHITELIST:
+    case FOUND_IN_BLACKLIST:
       return base::StringPrintf(
           "'%s' is not allowed for specified extension ID.",
           name().c_str());
     case INVALID_URL:
       return base::StringPrintf("'%s' is not allowed on %s.",
                                 name().c_str(), url.spec().c_str());
     case INVALID_TYPE:
       return base::StringPrintf(
           "'%s' is only allowed for %s, but this is a %s.",
           name().c_str(),
@@ skipping 71 matching lines @@
 std::set<Feature::Context>* SimpleFeature::GetContexts() {
   return &contexts_;
 }
 
 bool SimpleFeature::IsInternal() const {
   return false;
 }
 
 bool SimpleFeature::IsBlockedInServiceWorker() const { return false; }
 
+bool SimpleFeature::IsIdInBlacklist(const std::string& extension_id) const {
+  return IsIdInList(extension_id, blacklist_);
+}
+
 bool SimpleFeature::IsIdInWhitelist(const std::string& extension_id) const {
-  return IsIdInWhitelist(extension_id, whitelist_);
+  return IsIdInList(extension_id, whitelist_);
 }
 
 // static
-bool SimpleFeature::IsIdInWhitelist(const std::string& extension_id,
-                                    const std::set<std::string>& whitelist) {
+bool SimpleFeature::IsIdInList(const std::string& extension_id,
+                               const std::set<std::string>& list) {
   // Belt-and-suspenders philosophy here. We should be pretty confident by this
   // point that we've validated the extension ID format, but in case something
   // slips through, we avoid a class of attack where creative ID manipulation
   // leads to hash collisions.
   if (extension_id.length() != 32)  // 128 bits / 4 = 32 mpdecimal characters
     return false;
 
-  if (whitelist.find(extension_id) != whitelist.end() ||
-      whitelist.find(HashExtensionId(extension_id)) != whitelist.end()) {
+  if (list.find(extension_id) != list.end() ||
+      list.find(HashExtensionId(extension_id)) != list.end()) {
     return true;
   }
 
   return false;
 }
 
 bool SimpleFeature::MatchesManifestLocation(
     Manifest::Location manifest_location) const {
   switch (location_) {
     case SimpleFeature::UNSPECIFIED_LOCATION:
       return true;
     case SimpleFeature::COMPONENT_LOCATION:
       // TODO(kalman/asargent): Should this include EXTERNAL_COMPONENT too?
       return manifest_location == Manifest::COMPONENT;
     case SimpleFeature::POLICY_LOCATION:
       return manifest_location == Manifest::EXTERNAL_POLICY ||
              manifest_location == Manifest::EXTERNAL_POLICY_DOWNLOAD;
   }
   NOTREACHED();
   return false;
 }
 
 }  // namespace extensions