| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/common/permissions/permission_set.h" | 5 #include "extensions/common/permissions/permission_set.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <iterator> | 8 #include <iterator> |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| 11 #include "base/strings/stringprintf.h" |
| 11 #include "extensions/common/permissions/permissions_info.h" | 12 #include "extensions/common/permissions/permissions_info.h" |
| 12 #include "extensions/common/url_pattern.h" | 13 #include "extensions/common/url_pattern.h" |
| 13 #include "extensions/common/url_pattern_set.h" | 14 #include "extensions/common/url_pattern_set.h" |
| 15 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" |
| 14 #include "url/gurl.h" | 16 #include "url/gurl.h" |
| 15 | 17 |
| 16 using extensions::URLPatternSet; | 18 namespace extensions { |
| 17 | 19 |
| 18 namespace { | 20 namespace { |
| 19 | 21 |
| 20 void AddPatternsAndRemovePaths(const URLPatternSet& set, URLPatternSet* out) { | 22 void AddPatternsAndRemovePaths(const URLPatternSet& set, URLPatternSet* out) { |
| 21 DCHECK(out); | 23 DCHECK(out); |
| 22 for (URLPatternSet::const_iterator i = set.begin(); i != set.end(); ++i) { | 24 for (URLPatternSet::const_iterator i = set.begin(); i != set.end(); ++i) { |
| 23 URLPattern p = *i; | 25 URLPattern p = *i; |
| 24 p.SetPath("/*"); | 26 p.SetPath("/*"); |
| 25 out->AddPattern(p); | 27 out->AddPattern(p); |
| 26 } | 28 } |
| 27 } | 29 } |
| 28 | 30 |
| 29 } // namespace | 31 } // namespace |
| 30 | 32 |
| 31 namespace extensions { | |
| 32 | |
| 33 // | 33 // |
| 34 // PermissionSet | 34 // PermissionSet |
| 35 // | 35 // |
| 36 | 36 |
| 37 PermissionSet::PermissionSet() {} | 37 PermissionSet::PermissionSet() {} |
| 38 | 38 |
| 39 PermissionSet::PermissionSet( | 39 PermissionSet::PermissionSet( |
| 40 const APIPermissionSet& apis, | 40 const APIPermissionSet& apis, |
| 41 const ManifestPermissionSet& manifest_permissions, | 41 const ManifestPermissionSet& manifest_permissions, |
| 42 const URLPatternSet& explicit_hosts, | 42 const URLPatternSet& explicit_hosts, |
| (...skipping 180 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 223 } | 223 } |
| 224 | 224 |
| 225 for (APIPermissionSet::const_iterator i = apis().begin(); | 225 for (APIPermissionSet::const_iterator i = apis().begin(); |
| 226 i != apis().end(); ++i) { | 226 i != apis().end(); ++i) { |
| 227 if (i->info()->implies_full_url_access()) | 227 if (i->info()->implies_full_url_access()) |
| 228 return true; | 228 return true; |
| 229 } | 229 } |
| 230 return false; | 230 return false; |
| 231 } | 231 } |
| 232 | 232 |
| 233 bool PermissionSet::HasAccessToMostHosts() const { |
| 234 if (has_access_to_most_hosts_.get() == NULL) |
| 235 InitHasAccessToMostHosts(); |
| 236 return *has_access_to_most_hosts_; |
| 237 } |
| 238 |
| 233 bool PermissionSet::HasEffectiveAccessToURL(const GURL& url) const { | 239 bool PermissionSet::HasEffectiveAccessToURL(const GURL& url) const { |
| 234 return effective_hosts().MatchesURL(url); | 240 return effective_hosts().MatchesURL(url); |
| 235 } | 241 } |
| 236 | 242 |
| 237 bool PermissionSet::HasEffectiveFullAccess() const { | 243 bool PermissionSet::HasEffectiveFullAccess() const { |
| 238 for (APIPermissionSet::const_iterator i = apis().begin(); | 244 for (APIPermissionSet::const_iterator i = apis().begin(); |
| 239 i != apis().end(); ++i) { | 245 i != apis().end(); ++i) { |
| 240 if (i->info()->implies_full_access()) | 246 if (i->info()->implies_full_access()) |
| 241 return true; | 247 return true; |
| 242 } | 248 } |
| (...skipping 12 matching lines...) Expand all Loading... |
| 255 apis_.insert(APIPermission::kFileBrowserHandlerInternal); | 261 apis_.insert(APIPermission::kFileBrowserHandlerInternal); |
| 256 } | 262 } |
| 257 | 263 |
| 258 void PermissionSet::InitEffectiveHosts() { | 264 void PermissionSet::InitEffectiveHosts() { |
| 259 effective_hosts_.ClearPatterns(); | 265 effective_hosts_.ClearPatterns(); |
| 260 | 266 |
| 261 URLPatternSet::CreateUnion( | 267 URLPatternSet::CreateUnion( |
| 262 explicit_hosts(), scriptable_hosts(), &effective_hosts_); | 268 explicit_hosts(), scriptable_hosts(), &effective_hosts_); |
| 263 } | 269 } |
| 264 | 270 |
| 271 void PermissionSet::InitHasAccessToMostHosts() const { |
| 272 if (HasEffectiveAccessToAllHosts()) { |
| 273 has_access_to_most_hosts_.reset(new bool(true)); |
| 274 return; |
| 275 } |
| 276 |
| 277 for (URLPatternSet::const_iterator iter = effective_hosts_.begin(); |
| 278 iter != effective_hosts_.end(); |
| 279 ++iter) { |
| 280 // If this doesn't even match subdomains, it can't possibly imply all hosts. |
| 281 if (!iter->match_subdomains()) |
| 282 continue; |
| 283 |
| 284 // If iter->host() is a recognized TLD, this will be 0. We don't include |
| 285 // private TLDs, so that, e.g., *.appspot.com does not imply all hosts. |
| 286 size_t registry_length = |
| 287 net::registry_controlled_domains::GetRegistryLength( |
| 288 iter->host(), |
| 289 net::registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES, |
| 290 net::registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES); |
| 291 // If there was more than just a TLD in the host (e.g., *.foobar.com), it |
| 292 // doesn't imply all hosts. |
| 293 if (registry_length > 0) |
| 294 continue; |
| 295 |
| 296 // At this point the host could either be just a TLD ("com") or some unknown |
| 297 // TLD-like string ("notatld"). To disambiguate between them construct a |
| 298 // fake URL, and check the registry. This returns 0 if the TLD is |
| 299 // unrecognized, or the length of the recognized TLD. |
| 300 registry_length = net::registry_controlled_domains::GetRegistryLength( |
| 301 base::StringPrintf("foo.%s", iter->host().c_str()), |
| 302 net::registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES, |
| 303 net::registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES); |
| 304 // If we recognized this TLD, then this is a pattern like *.com, and it |
| 305 // should imply all hosts. |
| 306 if (registry_length > 0) { |
| 307 has_access_to_most_hosts_.reset(new bool(true)); |
| 308 return; |
| 309 } |
| 310 } |
| 311 |
| 312 has_access_to_most_hosts_.reset(new bool(false)); |
| 313 } |
| 314 |
| 265 } // namespace extensions | 315 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 293003008:
Make ActiveScriptController use Active Tab-style permissions (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src