| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/common/permissions/permission_set.h" | 5 #include "extensions/common/permissions/permission_set.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <iterator> | 8 #include <iterator> |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| 11 #include "base/strings/stringprintf.h" |
| 11 #include "extensions/common/permissions/permissions_info.h" | 12 #include "extensions/common/permissions/permissions_info.h" |
| 12 #include "extensions/common/url_pattern.h" | 13 #include "extensions/common/url_pattern.h" |
| 13 #include "extensions/common/url_pattern_set.h" | 14 #include "extensions/common/url_pattern_set.h" |
| 15 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" |
| 14 #include "url/gurl.h" | 16 #include "url/gurl.h" |
| 15 | 17 |
| 16 using extensions::URLPatternSet; | 18 namespace extensions { |
| 17 | 19 |
| 18 namespace { | 20 namespace { |
| 19 | 21 |
| 20 void AddPatternsAndRemovePaths(const URLPatternSet& set, URLPatternSet* out) { | 22 void AddPatternsAndRemovePaths(const URLPatternSet& set, URLPatternSet* out) { |
| 21 DCHECK(out); | 23 DCHECK(out); |
| 22 for (URLPatternSet::const_iterator i = set.begin(); i != set.end(); ++i) { | 24 for (URLPatternSet::const_iterator i = set.begin(); i != set.end(); ++i) { |
| 23 URLPattern p = *i; | 25 URLPattern p = *i; |
| 24 p.SetPath("/*"); | 26 p.SetPath("/*"); |
| 25 out->AddPattern(p); | 27 out->AddPattern(p); |
| 26 } | 28 } |
| 27 } | 29 } |
| 28 | 30 |
| 29 } // namespace | 31 } // namespace |
| 30 | 32 |
| 31 namespace extensions { | |
| 32 | |
| 33 // | 33 // |
| 34 // PermissionSet | 34 // PermissionSet |
| 35 // | 35 // |
| 36 | 36 |
| 37 PermissionSet::PermissionSet() {} | 37 PermissionSet::PermissionSet() : should_warn_all_hosts_(UNINITIALIZED) {} |
| 38 | 38 |
| 39 PermissionSet::PermissionSet( | 39 PermissionSet::PermissionSet( |
| 40 const APIPermissionSet& apis, | 40 const APIPermissionSet& apis, |
| 41 const ManifestPermissionSet& manifest_permissions, | 41 const ManifestPermissionSet& manifest_permissions, |
| 42 const URLPatternSet& explicit_hosts, | 42 const URLPatternSet& explicit_hosts, |
| 43 const URLPatternSet& scriptable_hosts) | 43 const URLPatternSet& scriptable_hosts) |
| 44 : apis_(apis), | 44 : apis_(apis), |
| 45 manifest_permissions_(manifest_permissions), | 45 manifest_permissions_(manifest_permissions), |
| 46 scriptable_hosts_(scriptable_hosts) { | 46 scriptable_hosts_(scriptable_hosts), |
| 47 should_warn_all_hosts_(UNINITIALIZED) { |
| 47 AddPatternsAndRemovePaths(explicit_hosts, &explicit_hosts_); | 48 AddPatternsAndRemovePaths(explicit_hosts, &explicit_hosts_); |
| 48 InitImplicitPermissions(); | 49 InitImplicitPermissions(); |
| 49 InitEffectiveHosts(); | 50 InitEffectiveHosts(); |
| 50 } | 51 } |
| 51 | 52 |
| 52 // static | 53 // static |
| 53 PermissionSet* PermissionSet::CreateDifference( | 54 PermissionSet* PermissionSet::CreateDifference( |
| 54 const PermissionSet* set1, | 55 const PermissionSet* set1, |
| 55 const PermissionSet* set2) { | 56 const PermissionSet* set2) { |
| 56 scoped_refptr<PermissionSet> empty = new PermissionSet(); | 57 scoped_refptr<PermissionSet> empty = new PermissionSet(); |
| (...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 223 } | 224 } |
| 224 | 225 |
| 225 for (APIPermissionSet::const_iterator i = apis().begin(); | 226 for (APIPermissionSet::const_iterator i = apis().begin(); |
| 226 i != apis().end(); ++i) { | 227 i != apis().end(); ++i) { |
| 227 if (i->info()->implies_full_url_access()) | 228 if (i->info()->implies_full_url_access()) |
| 228 return true; | 229 return true; |
| 229 } | 230 } |
| 230 return false; | 231 return false; |
| 231 } | 232 } |
| 232 | 233 |
| 234 bool PermissionSet::ShouldWarnAllHosts() const { |
| 235 if (should_warn_all_hosts_ == UNINITIALIZED) |
| 236 InitShouldWarnAllHosts(); |
| 237 return should_warn_all_hosts_ == WARN_ALL_HOSTS; |
| 238 } |
| 239 |
| 233 bool PermissionSet::HasEffectiveAccessToURL(const GURL& url) const { | 240 bool PermissionSet::HasEffectiveAccessToURL(const GURL& url) const { |
| 234 return effective_hosts().MatchesURL(url); | 241 return effective_hosts().MatchesURL(url); |
| 235 } | 242 } |
| 236 | 243 |
| 237 bool PermissionSet::HasEffectiveFullAccess() const { | 244 bool PermissionSet::HasEffectiveFullAccess() const { |
| 238 for (APIPermissionSet::const_iterator i = apis().begin(); | 245 for (APIPermissionSet::const_iterator i = apis().begin(); |
| 239 i != apis().end(); ++i) { | 246 i != apis().end(); ++i) { |
| 240 if (i->info()->implies_full_access()) | 247 if (i->info()->implies_full_access()) |
| 241 return true; | 248 return true; |
| 242 } | 249 } |
| (...skipping 12 matching lines...) Expand all Loading... |
| 255 apis_.insert(APIPermission::kFileBrowserHandlerInternal); | 262 apis_.insert(APIPermission::kFileBrowserHandlerInternal); |
| 256 } | 263 } |
| 257 | 264 |
| 258 void PermissionSet::InitEffectiveHosts() { | 265 void PermissionSet::InitEffectiveHosts() { |
| 259 effective_hosts_.ClearPatterns(); | 266 effective_hosts_.ClearPatterns(); |
| 260 | 267 |
| 261 URLPatternSet::CreateUnion( | 268 URLPatternSet::CreateUnion( |
| 262 explicit_hosts(), scriptable_hosts(), &effective_hosts_); | 269 explicit_hosts(), scriptable_hosts(), &effective_hosts_); |
| 263 } | 270 } |
| 264 | 271 |
| 272 void PermissionSet::InitShouldWarnAllHosts() const { |
| 273 if (HasEffectiveAccessToAllHosts()) { |
| 274 should_warn_all_hosts_ = WARN_ALL_HOSTS; |
| 275 return; |
| 276 } |
| 277 |
| 278 for (URLPatternSet::const_iterator iter = effective_hosts_.begin(); |
| 279 iter != effective_hosts_.end(); |
| 280 ++iter) { |
| 281 // If this doesn't even match subdomains, it can't possibly imply all hosts. |
| 282 if (!iter->match_subdomains()) |
| 283 continue; |
| 284 |
| 285 // If iter->host() is a recognized TLD, this will be 0. We don't include |
| 286 // private TLDs, so that, e.g., *.appspot.com does not imply all hosts. |
| 287 size_t registry_length = |
| 288 net::registry_controlled_domains::GetRegistryLength( |
| 289 iter->host(), |
| 290 net::registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES, |
| 291 net::registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES); |
| 292 // If there was more than just a TLD in the host (e.g., *.foobar.com), it |
| 293 // doesn't imply all hosts. |
| 294 if (registry_length > 0) |
| 295 continue; |
| 296 |
| 297 // At this point the host could either be just a TLD ("com") or some unknown |
| 298 // TLD-like string ("notatld"). To disambiguate between them construct a |
| 299 // fake URL, and check the registry. This returns 0 if the TLD is |
| 300 // unrecognized, or the length of the recognized TLD. |
| 301 registry_length = net::registry_controlled_domains::GetRegistryLength( |
| 302 base::StringPrintf("foo.%s", iter->host().c_str()), |
| 303 net::registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES, |
| 304 net::registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES); |
| 305 // If we recognized this TLD, then this is a pattern like *.com, and it |
| 306 // should imply all hosts. |
| 307 if (registry_length > 0) { |
| 308 should_warn_all_hosts_ = WARN_ALL_HOSTS; |
| 309 return; |
| 310 } |
| 311 } |
| 312 |
| 313 should_warn_all_hosts_ = DONT_WARN_ALL_HOSTS; |
| 314 } |
| 315 |
| 265 } // namespace extensions | 316 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 293003008:
Make ActiveScriptController use Active Tab-style permissions (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src