OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef EXTENSIONS_BROWSER_SANDBOXED_UNPACKER_H_ | 5 #ifndef EXTENSIONS_BROWSER_SANDBOXED_UNPACKER_H_ |
6 #define EXTENSIONS_BROWSER_SANDBOXED_UNPACKER_H_ | 6 #define EXTENSIONS_BROWSER_SANDBOXED_UNPACKER_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
11 #include "base/files/scoped_temp_dir.h" | 11 #include "base/files/scoped_temp_dir.h" |
12 #include "base/macros.h" | 12 #include "base/macros.h" |
13 #include "base/memory/ref_counted_delete_on_sequence.h" | 13 #include "base/memory/ref_counted_delete_on_sequence.h" |
14 #include "base/memory/weak_ptr.h" | 14 #include "base/memory/weak_ptr.h" |
15 #include "base/time/time.h" | 15 #include "base/time/time.h" |
16 #include "content/public/browser/browser_thread.h" | 16 #include "content/public/browser/browser_thread.h" |
17 #include "content/public/browser/utility_process_host_client.h" | 17 #include "content/public/browser/utility_process_mojo_client.h" |
18 #include "extensions/browser/crx_file_info.h" | 18 #include "extensions/browser/crx_file_info.h" |
19 #include "extensions/browser/install/crx_install_error.h" | 19 #include "extensions/browser/install/crx_install_error.h" |
20 #include "extensions/common/extension_unpacker.mojom.h" | |
20 #include "extensions/common/manifest.h" | 21 #include "extensions/common/manifest.h" |
21 | 22 |
22 class SkBitmap; | 23 class SkBitmap; |
23 | 24 |
24 namespace base { | 25 namespace base { |
25 class DictionaryValue; | 26 class DictionaryValue; |
26 class SequencedTaskRunner; | 27 class SequencedTaskRunner; |
27 } | 28 } |
28 | 29 |
29 namespace content { | |
30 class UtilityProcessHost; | |
31 } | |
32 | |
33 namespace extensions { | 30 namespace extensions { |
34 class Extension; | 31 class Extension; |
35 | 32 |
36 class SandboxedUnpackerClient | 33 class SandboxedUnpackerClient |
37 : public base::RefCountedDeleteOnSequence<SandboxedUnpackerClient> { | 34 : public base::RefCountedDeleteOnSequence<SandboxedUnpackerClient> { |
38 public: | 35 public: |
39 // Initialize the ref-counted base to always delete on the UI thread. Note | 36 // Initialize the ref-counted base to always delete on the UI thread. Note |
40 // the constructor call must also happen on the UI thread. | 37 // the constructor call must also happen on the UI thread. |
41 SandboxedUnpackerClient(); | 38 SandboxedUnpackerClient(); |
42 | 39 |
(...skipping 13 matching lines...) Expand all Loading... | |
56 const base::FilePath& extension_root, | 53 const base::FilePath& extension_root, |
57 const base::DictionaryValue* original_manifest, | 54 const base::DictionaryValue* original_manifest, |
58 const Extension* extension, | 55 const Extension* extension, |
59 const SkBitmap& install_icon) = 0; | 56 const SkBitmap& install_icon) = 0; |
60 virtual void OnUnpackFailure(const CrxInstallError& error) = 0; | 57 virtual void OnUnpackFailure(const CrxInstallError& error) = 0; |
61 | 58 |
62 protected: | 59 protected: |
63 friend class base::RefCountedDeleteOnSequence<SandboxedUnpackerClient>; | 60 friend class base::RefCountedDeleteOnSequence<SandboxedUnpackerClient>; |
64 friend class base::DeleteHelper<SandboxedUnpackerClient>; | 61 friend class base::DeleteHelper<SandboxedUnpackerClient>; |
65 | 62 |
66 virtual ~SandboxedUnpackerClient() {} | 63 virtual ~SandboxedUnpackerClient() = default; |
67 }; | 64 }; |
68 | 65 |
69 // SandboxedUnpacker does work to optionally unpack and then validate/sanitize | 66 // SandboxedUnpacker does work to optionally unpack and then validate/sanitize |
70 // an extension, either starting from a crx file or an already unzipped | 67 // an extension, either starting from a crx file or an already unzipped |
71 // directory (eg from differential update). This is done in a sandboxed | 68 // directory (eg from differential update). This is done in a sandboxed |
72 // subprocess to protect the browser process from parsing complex formats like | 69 // subprocess to protect the browser process from parsing complex formats like |
73 // JPEG or JSON from untrusted sources. | 70 // JPEG or JSON from untrusted sources. |
74 // | 71 // |
75 // Unpacking an extension using this class makes minor changes to its source, | 72 // Unpacking an extension using this class makes minor changes to its source, |
76 // such as transcoding all images to PNG, parsing all message catalogs | 73 // such as transcoding all images to PNG, parsing all message catalogs |
77 // and rewriting the manifest JSON. As such, it should not be used when the | 74 // and rewriting the manifest JSON. As such, it should not be used when the |
78 // output is not intended to be given back to the author. | 75 // output is not intended to be given back to the author. |
79 // | 76 // |
80 // | 77 // |
81 // Lifetime management: | 78 // Lifetime management: |
82 // | 79 // |
83 // This class is ref-counted by each call it makes to itself on another thread, | 80 // This class is ref-counted by each call it makes to itself on another thread. |
84 // and by UtilityProcessHost. | |
85 // | 81 // |
86 // Additionally, we hold a reference to our own client so that it lives at least | 82 // Additionally, we hold a reference to our own client so that it lives at least |
87 // long enough to receive the result of unpacking. | 83 // long enough to receive the result of unpacking. |
88 // | 84 // |
89 // | 85 // |
90 // NOTE: This class should only be used on the file thread. | 86 // NOTE: This class should only be used on the file thread. |
91 class SandboxedUnpacker : public content::UtilityProcessHostClient { | 87 class SandboxedUnpacker : public base::RefCountedThreadSafe<SandboxedUnpacker> { |
92 public: | 88 public: |
93 // Creates a SanboxedUnpacker that will do work to unpack an extension, | 89 // Creates a SanboxedUnpacker that will do work to unpack an extension, |
94 // passing the |location| and |creation_flags| to Extension::Create. The | 90 // passing the |location| and |creation_flags| to Extension::Create. The |
95 // |extensions_dir| parameter should specify the directory under which we'll | 91 // |extensions_dir| parameter should specify the directory under which we'll |
96 // create a subdirectory to write the unpacked extension contents. | 92 // create a subdirectory to write the unpacked extension contents. |
97 SandboxedUnpacker( | 93 SandboxedUnpacker( |
98 Manifest::Location location, | 94 Manifest::Location location, |
99 int creation_flags, | 95 int creation_flags, |
100 const base::FilePath& extensions_dir, | 96 const base::FilePath& extensions_dir, |
101 const scoped_refptr<base::SequencedTaskRunner>& unpacker_io_task_runner, | 97 const scoped_refptr<base::SequencedTaskRunner>& unpacker_io_task_runner, |
102 SandboxedUnpackerClient* client); | 98 SandboxedUnpackerClient* client); |
103 | 99 |
104 // Start processing the extension, either from a CRX file or already unzipped | 100 // Start processing the extension, either from a CRX file or already unzipped |
105 // in a directory. The client is called with the results. The directory form | 101 // in a directory. The client is called with the results. The directory form |
106 // requires the id and base64-encoded public key (for insertion into the | 102 // requires the id and base64-encoded public key (for insertion into the |
107 // 'key' field of the manifest.json file). | 103 // 'key' field of the manifest.json file). |
108 void StartWithCrx(const CRXFileInfo& crx_info); | 104 void StartWithCrx(const CRXFileInfo& crx_info); |
109 void StartWithDirectory(const std::string& extension_id, | 105 void StartWithDirectory(const std::string& extension_id, |
110 const std::string& public_key_base64, | 106 const std::string& public_key_base64, |
111 const base::FilePath& directory); | 107 const base::FilePath& directory); |
112 | 108 |
113 private: | 109 private: |
114 class ProcessHostClient; | 110 friend class base::RefCountedThreadSafe<SandboxedUnpacker>; |
115 | 111 |
116 // Enumerate all the ways unpacking can fail. Calls to ReportFailure() | 112 // Enumerate all the ways unpacking can fail. Calls to ReportFailure() |
117 // take a failure reason as an argument, and put it in histogram | 113 // take a failure reason as an argument, and put it in histogram |
118 // Extensions.SandboxUnpackFailureReason. | 114 // Extensions.SandboxUnpackFailureReason. |
119 enum FailureReason { | 115 enum FailureReason { |
120 // SandboxedUnpacker::CreateTempDirectory() | 116 // SandboxedUnpacker::CreateTempDirectory() |
121 COULD_NOT_GET_TEMP_DIRECTORY, | 117 COULD_NOT_GET_TEMP_DIRECTORY, |
122 COULD_NOT_CREATE_TEMP_DIRECTORY, | 118 COULD_NOT_CREATE_TEMP_DIRECTORY, |
123 | 119 |
124 // SandboxedUnpacker::Start() | 120 // SandboxedUnpacker::Start() |
125 FAILED_TO_COPY_EXTENSION_FILE_TO_TEMP_DIRECTORY, | 121 FAILED_TO_COPY_EXTENSION_FILE_TO_TEMP_DIRECTORY, |
126 COULD_NOT_GET_SANDBOX_FRIENDLY_PATH, | 122 COULD_NOT_GET_SANDBOX_FRIENDLY_PATH, |
127 | 123 |
128 // SandboxedUnpacker::OnUnpackExtensionSucceeded() | 124 // SandboxedUnpacker::UnpackExtensionSucceeded() |
Devlin
2017/02/14 17:24:59
What's the motivation for changing these names? O
Noel Gordon
2017/02/15 17:28:08
Short discussion about that in connection with a b
| |
129 COULD_NOT_LOCALIZE_EXTENSION, | 125 COULD_NOT_LOCALIZE_EXTENSION, |
130 INVALID_MANIFEST, | 126 INVALID_MANIFEST, |
131 | 127 |
132 // SandboxedUnpacker::OnUnpackExtensionFailed() | 128 // SandboxedUnpacker::UnpackExtensionFailed() |
133 UNPACKER_CLIENT_FAILED, | 129 UNPACKER_CLIENT_FAILED, |
134 | 130 |
135 // SandboxedUnpacker::OnProcessCrashed() | 131 // SandboxedUnpacker::UtilityProcessFailed() |
136 UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL, | 132 UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL, |
137 | 133 |
138 // SandboxedUnpacker::ValidateSignature() | 134 // SandboxedUnpacker::ValidateSignature() |
139 CRX_FILE_NOT_READABLE, | 135 CRX_FILE_NOT_READABLE, |
140 CRX_HEADER_INVALID, | 136 CRX_HEADER_INVALID, |
141 CRX_MAGIC_NUMBER_INVALID, | 137 CRX_MAGIC_NUMBER_INVALID, |
142 CRX_VERSION_NUMBER_INVALID, | 138 CRX_VERSION_NUMBER_INVALID, |
143 CRX_EXCESSIVELY_LARGE_KEY_OR_SIGNATURE, | 139 CRX_EXCESSIVELY_LARGE_KEY_OR_SIGNATURE, |
144 CRX_ZERO_KEY_LENGTH, | 140 CRX_ZERO_KEY_LENGTH, |
145 CRX_ZERO_SIGNATURE_LENGTH, | 141 CRX_ZERO_SIGNATURE_LENGTH, |
(...skipping 21 matching lines...) Expand all Loading... | |
167 INVALID_CATALOG_DATA, | 163 INVALID_CATALOG_DATA, |
168 INVALID_PATH_FOR_CATALOG, | 164 INVALID_PATH_FOR_CATALOG, |
169 ERROR_SERIALIZING_CATALOG, | 165 ERROR_SERIALIZING_CATALOG, |
170 ERROR_SAVING_CATALOG, | 166 ERROR_SAVING_CATALOG, |
171 | 167 |
172 // SandboxedUnpacker::ValidateSignature() | 168 // SandboxedUnpacker::ValidateSignature() |
173 CRX_HASH_VERIFICATION_FAILED, | 169 CRX_HASH_VERIFICATION_FAILED, |
174 | 170 |
175 UNZIP_FAILED, | 171 UNZIP_FAILED, |
176 DIRECTORY_MOVE_FAILED, | 172 DIRECTORY_MOVE_FAILED, |
177 COULD_NOT_START_UTILITY_PROCESS, | |
178 | 173 |
179 NUM_FAILURE_REASONS | 174 NUM_FAILURE_REASONS |
180 }; | 175 }; |
181 | 176 |
182 friend class ProcessHostClient; | |
183 friend class SandboxedUnpackerTest; | 177 friend class SandboxedUnpackerTest; |
184 | 178 |
185 ~SandboxedUnpacker() override; | 179 ~SandboxedUnpacker(); |
186 | 180 |
187 // Set |temp_dir_| as a temporary directory to unpack the extension in. | 181 // Set |temp_dir_| as a temporary directory to unpack the extension in. |
188 // Return true on success. | 182 // Return true on success. |
189 virtual bool CreateTempDirectory(); | 183 bool CreateTempDirectory(); |
190 | 184 |
191 // Helper functions to simplify calls to ReportFailure. | 185 // Helper functions to simplify calls to ReportFailure. |
192 base::string16 FailureReasonToString16(FailureReason reason); | 186 base::string16 FailureReasonToString16(FailureReason reason); |
193 void FailWithPackageError(FailureReason reason); | 187 void FailWithPackageError(FailureReason reason); |
194 | 188 |
195 // Validates the signature of the extension and extract the key to | 189 // Validates the signature of the extension and extract the key to |
196 // |public_key_|. Returns true if the signature validates, false otherwise. | 190 // |public_key_|. Returns true if the signature validates, false otherwise. |
197 bool ValidateSignature(const base::FilePath& crx_path, | 191 bool ValidateSignature(const base::FilePath& crx_path, |
198 const std::string& expected_hash); | 192 const std::string& expected_hash); |
199 | 193 |
200 void StartUnzipOnIOThread(const base::FilePath& crx_path); | 194 // Ensures the utility process is created. |
201 void StartUnpackOnIOThread(const base::FilePath& directory_path); | 195 void StartUtilityProcess(const base::FilePath& directory); |
202 | 196 |
203 // UtilityProcessHostClient | 197 // Utility process crashed or failed while trying to install. |
204 bool OnMessageReceived(const IPC::Message& message) override; | 198 void UtilityProcessCrashed(); |
205 void OnProcessCrashed(int exit_code) override; | |
206 | 199 |
207 // IPC message handlers. | 200 void UnzipOnIOThread(const base::FilePath& crx_path); |
208 void OnUnzipToDirSucceeded(const base::FilePath& directory); | 201 void UnzipDone(const base::FilePath& directory, bool success); |
209 void OnUnzipToDirFailed(const std::string& error); | |
210 void OnUnpackExtensionSucceeded(const base::DictionaryValue& manifest); | |
211 void OnUnpackExtensionFailed(const base::string16& error_message); | |
212 | 202 |
213 void ReportFailure(FailureReason reason, const base::string16& message); | 203 void UnpackOnIOThread(const base::FilePath& directory); |
214 void ReportSuccess(const base::DictionaryValue& original_manifest, | 204 void UnpackDone(const base::string16& error, |
205 std::unique_ptr<base::DictionaryValue> manifest); | |
206 void UnpackExtensionSucceeded( | |
207 std::unique_ptr<base::DictionaryValue> manifest); | |
208 void UnpackExtensionFailed(const base::string16& error); | |
209 | |
210 void ReportSuccess(std::unique_ptr<base::DictionaryValue> original_manifest, | |
215 const SkBitmap& install_icon); | 211 const SkBitmap& install_icon); |
212 void ReportFailure(FailureReason reason, const base::string16& error); | |
216 | 213 |
217 // Overwrites original manifest with safe result from utility process. | 214 // Overwrites original manifest with safe result from utility process. |
218 // Returns NULL on error. Caller owns the returned object. | 215 // Returns NULL on error. Caller owns the returned object. |
219 base::DictionaryValue* RewriteManifestFile( | 216 base::DictionaryValue* RewriteManifestFile( |
220 const base::DictionaryValue& manifest); | 217 const base::DictionaryValue& manifest); |
221 | 218 |
222 // Overwrites original files with safe results from utility process. | 219 // Overwrites original files with safe results from utility process. |
223 // Reports error and returns false if it fails. | 220 // Reports error and returns false if it fails. |
224 bool RewriteImageFiles(SkBitmap* install_icon); | 221 bool RewriteImageFiles(SkBitmap* install_icon); |
225 bool RewriteCatalogFiles(); | 222 bool RewriteCatalogFiles(); |
226 | 223 |
227 // Cleans up temp directory artifacts. | 224 // Cleans up temp directory artifacts. |
228 void Cleanup(); | 225 void Cleanup(); |
229 | 226 |
230 // This is a helper class to make it easier to keep track of the lifecycle of | |
231 // a UtilityProcessHost, including automatic begin and end of batch mode. | |
232 class UtilityHostWrapper : public base::RefCountedThreadSafe< | |
233 UtilityHostWrapper, | |
234 content::BrowserThread::DeleteOnIOThread> { | |
235 public: | |
236 UtilityHostWrapper(); | |
237 | |
238 // Start up the utility process if it is not already started, putting it | |
239 // into batch mode and giving it access to |exposed_dir|. This should only | |
240 // be called on the IO thread. Returns false if there was an error starting | |
241 // the utility process or putting it into batch mode. | |
242 bool StartIfNeeded( | |
243 const base::FilePath& exposed_dir, | |
244 const scoped_refptr<UtilityProcessHostClient>& client, | |
245 const scoped_refptr<base::SequencedTaskRunner>& client_task_runner); | |
246 | |
247 // This should only be called on the IO thread. | |
248 content::UtilityProcessHost* host() const; | |
249 | |
250 private: | |
251 friend struct content::BrowserThread::DeleteOnThread< | |
252 content::BrowserThread::IO>; | |
253 friend class base::DeleteHelper<UtilityHostWrapper>; | |
254 ~UtilityHostWrapper(); | |
255 | |
256 // Should only be used on the IO thread. | |
257 base::WeakPtr<content::UtilityProcessHost> utility_host_; | |
258 | |
259 DISALLOW_COPY_AND_ASSIGN(UtilityHostWrapper); | |
260 }; | |
261 | |
262 // If we unpacked a crx file, we hold on to the path for use in various | 227 // If we unpacked a crx file, we hold on to the path for use in various |
263 // histograms. | 228 // histograms. |
264 base::FilePath crx_path_for_histograms_; | 229 base::FilePath crx_path_for_histograms_; |
265 | 230 |
266 // Our client. | 231 // Our client. |
267 scoped_refptr<SandboxedUnpackerClient> client_; | 232 scoped_refptr<SandboxedUnpackerClient> client_; |
268 | 233 |
269 // The Extensions directory inside the profile. | 234 // The Extensions directory inside the profile. |
270 base::FilePath extensions_dir_; | 235 base::FilePath extensions_dir_; |
271 | 236 |
272 // A temporary directory to use for unpacking. | 237 // A temporary directory to use for unpacking. |
273 base::ScopedTempDir temp_dir_; | 238 base::ScopedTempDir temp_dir_; |
274 | 239 |
275 // The root directory of the unpacked extension. This is a child of temp_dir_. | 240 // The root directory of the unpacked extension. This is a child of temp_dir_. |
276 base::FilePath extension_root_; | 241 base::FilePath extension_root_; |
277 | 242 |
278 // Represents the extension we're unpacking. | 243 // Represents the extension we're unpacking. |
279 scoped_refptr<Extension> extension_; | 244 scoped_refptr<Extension> extension_; |
280 | 245 |
281 // Whether we've received a response from the utility process yet. | |
282 bool got_response_; | |
283 | |
284 // The public key that was extracted from the CRX header. | 246 // The public key that was extracted from the CRX header. |
285 std::string public_key_; | 247 std::string public_key_; |
286 | 248 |
287 // The extension's ID. This will be calculated from the public key in the crx | 249 // The extension's ID. This will be calculated from the public key in the crx |
288 // header. | 250 // header. |
289 std::string extension_id_; | 251 std::string extension_id_; |
290 | 252 |
291 // If we unpacked a .crx file, the time at which unpacking started. Used to | 253 // If we unpacked a .crx file, the time at which unpacking started. Used to |
292 // compute the time unpacking takes. | 254 // compute the time unpacking takes. |
293 base::TimeTicks crx_unpack_start_time_; | 255 base::TimeTicks crx_unpack_start_time_; |
294 | 256 |
295 // Location to use for the unpacked extension. | 257 // Location to use for the unpacked extension. |
296 Manifest::Location location_; | 258 Manifest::Location location_; |
297 | 259 |
298 // Creation flags to use for the extension. These flags will be used | 260 // Creation flags to use for the extension. These flags will be used |
299 // when calling Extenion::Create() by the crx installer. | 261 // when calling Extenion::Create() by the crx installer. |
300 int creation_flags_; | 262 int creation_flags_; |
301 | 263 |
302 // Sequenced task runner where file I/O operations will be performed at. | 264 // Sequenced task runner where file I/O operations will be performed. |
303 scoped_refptr<base::SequencedTaskRunner> unpacker_io_task_runner_; | 265 scoped_refptr<base::SequencedTaskRunner> unpacker_io_task_runner_; |
304 | 266 |
305 // Used for sending tasks to the utility process. | 267 // Utility client used for sending tasks to the utility process. |
306 scoped_refptr<UtilityHostWrapper> utility_wrapper_; | 268 std::unique_ptr< |
269 content::UtilityProcessMojoClient<extensions::mojom::ExtensionUnpacker>> | |
270 utility_process_mojo_client_; | |
307 | 271 |
308 DISALLOW_COPY_AND_ASSIGN(SandboxedUnpacker); | 272 DISALLOW_COPY_AND_ASSIGN(SandboxedUnpacker); |
309 }; | 273 }; |
310 | 274 |
311 } // namespace extensions | 275 } // namespace extensions |
312 | 276 |
313 #endif // EXTENSIONS_BROWSER_SANDBOXED_UNPACKER_H_ | 277 #endif // EXTENSIONS_BROWSER_SANDBOXED_UNPACKER_H_ |
OLD | NEW |