Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(257)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/renderer/chrome_setting.cc

Issue 2953453002: [Extensions Bindings] Add access checks in custom types (Closed)
Patch Set: lazyboy's Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « extensions/renderer/chrome_setting.h ('k') | extensions/renderer/content_setting.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2017 The Chromium Authors. All rights reserved. 1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/renderer/chrome_setting.h" 5 #include "extensions/renderer/chrome_setting.h"
6 6
7 #include "base/memory/ptr_util.h" 7 #include "base/memory/ptr_util.h"
8 #include "base/strings/stringprintf.h" 8 #include "base/strings/stringprintf.h"
9 #include "base/values.h" 9 #include "base/values.h"
10 #include "extensions/renderer/api_event_handler.h" 10 #include "extensions/renderer/api_event_handler.h"
11 #include "extensions/renderer/api_request_handler.h" 11 #include "extensions/renderer/api_request_handler.h"
12 #include "extensions/renderer/api_signature.h" 12 #include "extensions/renderer/api_signature.h"
13 #include "extensions/renderer/api_type_reference_map.h" 13 #include "extensions/renderer/api_type_reference_map.h"
14 #include "extensions/renderer/binding_access_checker.h"
14 #include "gin/arguments.h" 15 #include "gin/arguments.h"
15 #include "gin/handle.h" 16 #include "gin/handle.h"
16 #include "gin/object_template_builder.h" 17 #include "gin/object_template_builder.h"
17 18
18 namespace extensions { 19 namespace extensions {
19 20
20 v8::Local<v8::Object> ChromeSetting::Create( 21 v8::Local<v8::Object> ChromeSetting::Create(
21 v8::Isolate* isolate, 22 v8::Isolate* isolate,
22 const std::string& property_name, 23 const std::string& property_name,
23 const base::ListValue* property_values, 24 const base::ListValue* property_values,
24 APIRequestHandler* request_handler, 25 APIRequestHandler* request_handler,
25 APIEventHandler* event_handler, 26 APIEventHandler* event_handler,
26 APITypeReferenceMap* type_refs) { 27 APITypeReferenceMap* type_refs,
28 const BindingAccessChecker* access_checker) {
27 std::string pref_name; 29 std::string pref_name;
28 CHECK(property_values->GetString(0u, &pref_name)); 30 CHECK(property_values->GetString(0u, &pref_name));
29 const base::DictionaryValue* value_spec = nullptr; 31 const base::DictionaryValue* value_spec = nullptr;
30 CHECK(property_values->GetDictionary(1u, &value_spec)); 32 CHECK(property_values->GetDictionary(1u, &value_spec));
31 33
32 gin::Handle<ChromeSetting> handle = gin::CreateHandle( 34 gin::Handle<ChromeSetting> handle = gin::CreateHandle(
33 isolate, new ChromeSetting(request_handler, event_handler, type_refs, 35 isolate, new ChromeSetting(request_handler, event_handler, type_refs,
34 pref_name, *value_spec)); 36 access_checker, pref_name, *value_spec));
35 return handle.ToV8().As<v8::Object>(); 37 return handle.ToV8().As<v8::Object>();
36 } 38 }
37 39
38 ChromeSetting::ChromeSetting(APIRequestHandler* request_handler, 40 ChromeSetting::ChromeSetting(APIRequestHandler* request_handler,
39 APIEventHandler* event_handler, 41 APIEventHandler* event_handler,
40 const APITypeReferenceMap* type_refs, 42 const APITypeReferenceMap* type_refs,
43 const BindingAccessChecker* access_checker,
41 const std::string& pref_name, 44 const std::string& pref_name,
42 const base::DictionaryValue& set_value_spec) 45 const base::DictionaryValue& set_value_spec)
43 : request_handler_(request_handler), 46 : request_handler_(request_handler),
44 event_handler_(event_handler), 47 event_handler_(event_handler),
45 type_refs_(type_refs), 48 type_refs_(type_refs),
49 access_checker_(access_checker),
46 pref_name_(pref_name), 50 pref_name_(pref_name),
47 argument_spec_(ArgumentType::OBJECT) { 51 argument_spec_(ArgumentType::OBJECT) {
48 // The set() call takes an object { value: { type: <t> }, ... }, where <t> 52 // The set() call takes an object { value: { type: <t> }, ... }, where <t>
49 // is the custom set() argument specified above by value_spec. 53 // is the custom set() argument specified above by value_spec.
50 ArgumentSpec::PropertiesMap properties; 54 ArgumentSpec::PropertiesMap properties;
51 { 55 {
52 auto scope_spec = base::MakeUnique<ArgumentSpec>(ArgumentType::REF); 56 auto scope_spec = base::MakeUnique<ArgumentSpec>(ArgumentType::REF);
53 scope_spec->set_ref("types.ChromeSettingScope"); 57 scope_spec->set_ref("types.ChromeSettingScope");
54 scope_spec->set_optional(true); 58 scope_spec->set_optional(true);
55 properties["scope"] = std::move(scope_spec); 59 properties["scope"] = std::move(scope_spec);
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after
128 132
129 void ChromeSetting::HandleFunction(const std::string& method_name, 133 void ChromeSetting::HandleFunction(const std::string& method_name,
130 gin::Arguments* arguments) { 134 gin::Arguments* arguments) {
131 v8::Isolate* isolate = arguments->isolate(); 135 v8::Isolate* isolate = arguments->isolate();
132 v8::HandleScope handle_scope(isolate); 136 v8::HandleScope handle_scope(isolate);
133 v8::Local<v8::Context> context = arguments->GetHolderCreationContext(); 137 v8::Local<v8::Context> context = arguments->GetHolderCreationContext();
134 138
135 std::vector<v8::Local<v8::Value>> argument_list = arguments->GetAll(); 139 std::vector<v8::Local<v8::Value>> argument_list = arguments->GetAll();
136 140
137 std::string full_name = "types.ChromeSetting." + method_name; 141 std::string full_name = "types.ChromeSetting." + method_name;
142
143 if (!access_checker_->HasAccessOrThrowError(context, full_name))
144 return;
145
138 std::unique_ptr<base::ListValue> converted_arguments; 146 std::unique_ptr<base::ListValue> converted_arguments;
139 v8::Local<v8::Function> callback; 147 v8::Local<v8::Function> callback;
140 std::string error; 148 std::string error;
141 if (!type_refs_->GetTypeMethodSignature(full_name)->ParseArgumentsToJSON( 149 if (!type_refs_->GetTypeMethodSignature(full_name)->ParseArgumentsToJSON(
142 context, argument_list, *type_refs_, &converted_arguments, &callback, 150 context, argument_list, *type_refs_, &converted_arguments, &callback,
143 &error)) { 151 &error)) {
144 arguments->ThrowTypeError("Invalid invocation"); 152 arguments->ThrowTypeError("Invalid invocation");
145 return; 153 return;
146 } 154 }
147 155
148 converted_arguments->Insert(0u, base::MakeUnique<base::Value>(pref_name_)); 156 converted_arguments->Insert(0u, base::MakeUnique<base::Value>(pref_name_));
149 request_handler_->StartRequest( 157 request_handler_->StartRequest(
150 context, full_name, std::move(converted_arguments), callback, 158 context, full_name, std::move(converted_arguments), callback,
151 v8::Local<v8::Function>(), binding::RequestThread::UI); 159 v8::Local<v8::Function>(), binding::RequestThread::UI);
152 } 160 }
153 161
154 } // namespace extensions 162 } // namespace extensions
OLDNEW
« no previous file with comments | « extensions/renderer/chrome_setting.h ('k') | extensions/renderer/content_setting.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698