OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "extensions/browser/api/web_request/web_request_permissions.h" | 5 #include "extensions/browser/api/web_request/web_request_permissions.h" |
6 | 6 |
7 #include "base/strings/string_piece.h" | 7 #include "base/strings/string_piece.h" |
8 #include "base/strings/string_util.h" | 8 #include "base/strings/string_util.h" |
9 #include "base/strings/stringprintf.h" | 9 #include "base/strings/stringprintf.h" |
10 #include "chromeos/login/login_state.h" | 10 #include "chromeos/login/login_state.h" |
11 #include "content/public/browser/child_process_security_policy.h" | 11 #include "content/public/browser/child_process_security_policy.h" |
12 #include "content/public/browser/resource_request_info.h" | 12 #include "content/public/browser/resource_request_info.h" |
13 #include "extensions/browser/extension_navigation_ui_data.h" | 13 #include "extensions/browser/extension_navigation_ui_data.h" |
14 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h" | 14 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h" |
15 #include "extensions/browser/info_map.h" | 15 #include "extensions/browser/info_map.h" |
16 #include "extensions/common/constants.h" | 16 #include "extensions/common/constants.h" |
17 #include "extensions/common/extension.h" | 17 #include "extensions/common/extension.h" |
18 #include "extensions/common/extension_urls.h" | 18 #include "extensions/common/extension_urls.h" |
19 #include "extensions/common/permissions/permissions_data.h" | 19 #include "extensions/common/permissions/permissions_data.h" |
20 #include "net/url_request/url_request.h" | 20 #include "net/url_request/url_request.h" |
21 #include "url/gurl.h" | 21 #include "url/gurl.h" |
22 #include "url/origin.h" | |
23 | 22 |
24 #if defined(OS_CHROMEOS) | 23 #if defined(OS_CHROMEOS) |
25 #include "chromeos/login/login_state.h" | 24 #include "chromeos/login/login_state.h" |
26 #endif // defined(OS_CHROMEOS) | 25 #endif // defined(OS_CHROMEOS) |
27 | 26 |
28 using content::ResourceRequestInfo; | 27 using content::ResourceRequestInfo; |
29 using extensions::PermissionsData; | 28 using extensions::PermissionsData; |
30 | 29 |
31 namespace { | 30 namespace { |
32 | 31 |
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
144 g_allow_all_extension_locations_in_public_session = value; | 143 g_allow_all_extension_locations_in_public_session = value; |
145 } | 144 } |
146 | 145 |
147 // static | 146 // static |
148 PermissionsData::AccessType WebRequestPermissions::CanExtensionAccessURL( | 147 PermissionsData::AccessType WebRequestPermissions::CanExtensionAccessURL( |
149 const extensions::InfoMap* extension_info_map, | 148 const extensions::InfoMap* extension_info_map, |
150 const std::string& extension_id, | 149 const std::string& extension_id, |
151 const GURL& url, | 150 const GURL& url, |
152 int tab_id, | 151 int tab_id, |
153 bool crosses_incognito, | 152 bool crosses_incognito, |
154 HostPermissionsCheck host_permissions_check) { | 153 HostPermissionsCheck host_permissions_check, |
| 154 const base::Optional<url::Origin>& initiator) { |
155 // extension_info_map can be NULL in testing. | 155 // extension_info_map can be NULL in testing. |
156 if (!extension_info_map) | 156 if (!extension_info_map) |
157 return PermissionsData::ACCESS_ALLOWED; | 157 return PermissionsData::ACCESS_ALLOWED; |
158 | 158 |
159 const extensions::Extension* extension = | 159 const extensions::Extension* extension = |
160 extension_info_map->extensions().GetByID(extension_id); | 160 extension_info_map->extensions().GetByID(extension_id); |
161 if (!extension) | 161 if (!extension) |
162 return PermissionsData::ACCESS_DENIED; | 162 return PermissionsData::ACCESS_DENIED; |
163 | 163 |
| 164 // Prevent viewing / modifying requests initiated by a host protected by |
| 165 // policy. |
| 166 if (initiator && extension->permissions_data()->IsRuntimeBlockedHost( |
| 167 initiator->GetPhysicalOrigin().GetURL())) |
| 168 return PermissionsData::ACCESS_DENIED; |
| 169 |
164 // When we are in a Public Session, allow all URLs for webRequests initiated | 170 // When we are in a Public Session, allow all URLs for webRequests initiated |
165 // by a regular extension (but don't allow chrome:// URLs). | 171 // by a regular extension (but don't allow chrome:// URLs). |
166 #if defined(OS_CHROMEOS) | 172 #if defined(OS_CHROMEOS) |
167 if (chromeos::LoginState::IsInitialized() && | 173 if (chromeos::LoginState::IsInitialized() && |
168 chromeos::LoginState::Get()->IsPublicSessionUser() && | 174 chromeos::LoginState::Get()->IsPublicSessionUser() && |
169 extension->is_extension() && | 175 extension->is_extension() && |
170 !url.SchemeIs("chrome")) { | 176 !url.SchemeIs("chrome")) { |
171 // Make sure that the extension is truly installed by policy (the assumption | 177 // Make sure that the extension is truly installed by policy (the assumption |
172 // in Public Session is that all extensions are installed by policy). | 178 // in Public Session is that all extensions are installed by policy). |
173 CHECK(g_allow_all_extension_locations_in_public_session || | 179 CHECK(g_allow_all_extension_locations_in_public_session || |
(...skipping 24 matching lines...) Expand all Loading... |
198 break; | 204 break; |
199 case REQUIRE_ALL_URLS: | 205 case REQUIRE_ALL_URLS: |
200 if (extension->permissions_data()->HasEffectiveAccessToAllHosts()) | 206 if (extension->permissions_data()->HasEffectiveAccessToAllHosts()) |
201 access = PermissionsData::ACCESS_ALLOWED; | 207 access = PermissionsData::ACCESS_ALLOWED; |
202 // else ACCESS_DENIED | 208 // else ACCESS_DENIED |
203 break; | 209 break; |
204 } | 210 } |
205 | 211 |
206 return access; | 212 return access; |
207 } | 213 } |
OLD | NEW |