Enable file_handlers and chrome.app.runtime for QuickOffice.

extensions/common/features/simple_feature.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/common/features/simple_feature.h"
 
 #include <map>
 #include <vector>
 
 #include "base/command_line.h"
@@ skipping 209 matching lines @@
   DCHECK(id_hash.length() == base::kSHA1Length);
   return base::HexEncode(id_hash.c_str(), id_hash.length());
 }
 
 }  // namespace
 
 SimpleFeature::SimpleFeature()
     : location_(UNSPECIFIED_LOCATION),
       min_manifest_version_(0),
       max_manifest_version_(0),
-      has_parent_(false) {}
+      has_parent_(false),
+      component_extensions_auto_granted_(true) {}
 
 SimpleFeature::~SimpleFeature() {}
 
 void SimpleFeature::AddFilter(scoped_ptr<SimpleFeatureFilter> filter) {
   filters_.push_back(make_linked_ptr(filter.release()));
 }
 
 std::string SimpleFeature::Parse(const base::DictionaryValue* value) {
   ParseURLPatterns(value, "matches", &matches_);
+  ParseSet(value, "blacklist", &blacklist_);
   ParseSet(value, "whitelist", &whitelist_);
   ParseSet(value, "dependencies", &dependencies_);
   ParseEnumSet<Manifest::Type>(value, "extension_types", &extension_types_,
                                 g_mappings.Get().extension_types);
   ParseEnumSet<Context>(value, "contexts", &contexts_,
                         g_mappings.Get().contexts);
   ParseEnum<Location>(value, "location", &location_,
                       g_mappings.Get().locations);
   ParseEnumSet<Platform>(value, "platforms", &platforms_,
                          g_mappings.Get().platforms);
   value->GetInteger("min_manifest_version", &min_manifest_version_);
   value->GetInteger("max_manifest_version", &max_manifest_version_);
 
   no_parent_ = false;
   value->GetBoolean("noparent", &no_parent_);
 
+  component_extensions_auto_granted_ = true;
+  value->GetBoolean("component_extensions_auto_granted",
+                    &component_extensions_auto_granted_);
+
   if (matches_.is_empty() && contexts_.count(WEB_PAGE_CONTEXT) != 0) {
     return name() + ": Allowing web_page contexts requires supplying a value " +
         "for matches.";
   }
 
   for (FilterList::iterator filter_iter = filters_.begin();
        filter_iter != filters_.end();
        ++filter_iter) {
     std::string result = (*filter_iter)->Parse(value);
     if (!result.empty()) {
@@ skipping 14 matching lines @@
   // to component extensions.
   // HACK(kalman): user script -> extension. Solve this in a more generic way
   // when we compile feature files.
   Manifest::Type type_to_check = (type == Manifest::TYPE_USER_SCRIPT) ?
       Manifest::TYPE_EXTENSION : type;
   if (!extension_types_.empty() &&
       extension_types_.find(type_to_check) == extension_types_.end()) {
     return CreateAvailability(INVALID_TYPE, type);
   }
 
+  if (IsIdInBlacklist(extension_id))
+    return CreateAvailability(FOUND_IN_BLACKLIST, type);
+
+  // TODO(benwells): don't grant all component extensions.
+  // See http://crbug.com/370375 for more details.
   // Component extensions can access any feature.
-  // TODO(kalman/asargent): Should this match EXTERNAL_COMPONENT too?
-  if (location == Manifest::COMPONENT)
+  // NOTE: Deliberately does not match EXTERNAL_COMPONENT.
+  if (component_extensions_auto_granted_ && location == Manifest::COMPONENT)
     return CreateAvailability(IS_AVAILABLE, type);
 
   if (!whitelist_.empty()) {
     if (!IsIdInWhitelist(extension_id)) {
       // TODO(aa): This is gross. There should be a better way to test the
       // whitelist.
       CommandLine* command_line = CommandLine::ForCurrentProcess();
       if (!command_line->HasSwitch(switches::kWhitelistedExtensionID))
         return CreateAvailability(NOT_FOUND_IN_WHITELIST, type);
 
@@ skipping 65 matching lines @@
 
 std::string SimpleFeature::GetAvailabilityMessage(
     AvailabilityResult result,
     Manifest::Type type,
     const GURL& url,
     Context context) const {
   switch (result) {
     case IS_AVAILABLE:
       return std::string();
     case NOT_FOUND_IN_WHITELIST:
+    case FOUND_IN_BLACKLIST:
       return base::StringPrintf(
           "'%s' is not allowed for specified extension ID.",
           name().c_str());
     case INVALID_URL:
       return base::StringPrintf("'%s' is not allowed on %s.",
                                 name().c_str(), url.spec().c_str());
     case INVALID_TYPE:
       return base::StringPrintf(
           "'%s' is only allowed for %s, but this is a %s.",
           name().c_str(),
@@ skipping 71 matching lines @@
 std::set<Feature::Context>* SimpleFeature::GetContexts() {
   return &contexts_;
 }
 
 bool SimpleFeature::IsInternal() const {
   return false;
 }
 
 bool SimpleFeature::IsBlockedInServiceWorker() const { return false; }
 
+bool SimpleFeature::IsIdInBlacklist(const std::string& extension_id) const {
+  return IsIdInList(extension_id, blacklist_);
+}
+
 bool SimpleFeature::IsIdInWhitelist(const std::string& extension_id) const {
-  return IsIdInWhitelist(extension_id, whitelist_);
+  return IsIdInList(extension_id, whitelist_);
 }
 
 // static
-bool SimpleFeature::IsIdInWhitelist(const std::string& extension_id,
-                                    const std::set<std::string>& whitelist) {
+bool SimpleFeature::IsIdInList(const std::string& extension_id,
+                               const std::set<std::string>& list) {
   // Belt-and-suspenders philosophy here. We should be pretty confident by this
   // point that we've validated the extension ID format, but in case something
   // slips through, we avoid a class of attack where creative ID manipulation
   // leads to hash collisions.
   if (extension_id.length() != 32)  // 128 bits / 4 = 32 mpdecimal characters
     return false;
 
-  if (whitelist.find(extension_id) != whitelist.end() ||
-      whitelist.find(HashExtensionId(extension_id)) != whitelist.end()) {
+  if (list.find(extension_id) != list.end() ||
+      list.find(HashExtensionId(extension_id)) != list.end()) {
     return true;
   }
 
   return false;
 }
 
 bool SimpleFeature::MatchesManifestLocation(
     Manifest::Location manifest_location) const {
   switch (location_) {
     case SimpleFeature::UNSPECIFIED_LOCATION:
       return true;
     case SimpleFeature::COMPONENT_LOCATION:
       // TODO(kalman/asargent): Should this include EXTERNAL_COMPONENT too?
       return manifest_location == Manifest::COMPONENT;
     case SimpleFeature::POLICY_LOCATION:
       return manifest_location == Manifest::EXTERNAL_POLICY ||
              manifest_location == Manifest::EXTERNAL_POLICY_DOWNLOAD;
   }
   NOTREACHED();
   return false;
 }
 
 }  // namespace extensions