Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3612)

Unified Diff: chrome/browser/chrome_content_browser_client.cc

Issue 338523007: Pepper: Whitelist dev channel APIs for some apps. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: gross pnacl hack Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/chrome_content_browser_client.h ('k') | components/nacl/browser/nacl_host_message_filter.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chrome_content_browser_client.cc
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
index a500608f602883d1459990b340f517c526be759f..b194a4fd159ba4931815963c77fa87c34caa7e5b 100644
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -280,6 +280,14 @@ namespace {
base::LazyInstance<std::string> g_io_thread_application_locale;
#if defined(ENABLE_PLUGINS)
+// TODO(teravest): Add renderer-side API-specific checking for these APIs so
+// that blanket permission isn't granted to all dev channel APIs for these.
+// http://crbug.com/386743
+const char* const kPredefinedAllowedDevChannelOrigins[] = {
+ "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F", // see crbug.com/383937
+ "4EB74897CB187C7633357C2FE832E0AD6A44883A" // see crbug.com/383937
+};
+
const char* const kPredefinedAllowedFileHandleOrigins[] = {
"6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F", // see crbug.com/234789
"4EB74897CB187C7633357C2FE832E0AD6A44883A" // see crbug.com/234789
@@ -642,6 +650,8 @@ namespace chrome {
ChromeContentBrowserClient::ChromeContentBrowserClient()
: prerender_tracker_(NULL) {
#if defined(ENABLE_PLUGINS)
+ for (size_t i = 0; i < arraysize(kPredefinedAllowedDevChannelOrigins); ++i)
+ allowed_dev_channel_origins_.insert(kPredefinedAllowedDevChannelOrigins[i]);
for (size_t i = 0; i < arraysize(kPredefinedAllowedFileHandleOrigins); ++i)
allowed_file_handle_origins_.insert(kPredefinedAllowedFileHandleOrigins[i]);
for (size_t i = 0; i < arraysize(kPredefinedAllowedSocketOrigins); ++i)
@@ -2795,8 +2805,6 @@ bool ChromeContentBrowserClient::IsPluginAllowedToCallRequestOSFileHandle(
extension_set = extensions::ExtensionSystem::Get(profile)->
extension_service()->extensions();
}
- // TODO(teravest): Populate allowed_file_handle_origins_ when FileIO is moved
- // from the renderer to the browser.
return IsExtensionOrSharedModuleWhitelisted(url, extension_set,
allowed_file_handle_origins_) ||
IsHostAllowedByCommandLine(url, extension_set,
@@ -2806,7 +2814,9 @@ bool ChromeContentBrowserClient::IsPluginAllowedToCallRequestOSFileHandle(
#endif
}
-bool ChromeContentBrowserClient::IsPluginAllowedToUseDevChannelAPIs() {
+bool ChromeContentBrowserClient::IsPluginAllowedToUseDevChannelAPIs(
+ content::BrowserContext* browser_context,
+ const GURL& url) {
#if defined(ENABLE_PLUGINS)
// Allow access for tests.
if (CommandLine::ForCurrentProcess()->HasSwitch(
@@ -2814,6 +2824,20 @@ bool ChromeContentBrowserClient::IsPluginAllowedToUseDevChannelAPIs() {
return true;
}
+ Profile* profile = Profile::FromBrowserContext(browser_context);
+ const extensions::ExtensionSet* extension_set = NULL;
+ if (profile) {
+ extension_set = extensions::ExtensionSystem::Get(profile)->
+ extension_service()->extensions();
+ }
+
+ // Allow access for whitelisted applications.
+ if (IsExtensionOrSharedModuleWhitelisted(url,
+ extension_set,
+ allowed_dev_channel_origins_)) {
+ return true;
+ }
+
chrome::VersionInfo::Channel channel = chrome::VersionInfo::GetChannel();
// Allow dev channel APIs to be used on "Canary", "Dev", and "Unknown"
// releases of Chrome. Permitting "Unknown" allows these APIs to be used on
« no previous file with comments | « chrome/browser/chrome_content_browser_client.h ('k') | components/nacl/browser/nacl_host_message_filter.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698