OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "extensions/common/permissions/permissions_data.h" | 5 #include "extensions/common/permissions/permissions_data.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "content/public/common/url_constants.h" | 8 #include "content/public/common/url_constants.h" |
9 #include "extensions/common/constants.h" | 9 #include "extensions/common/constants.h" |
10 #include "extensions/common/error_utils.h" | 10 #include "extensions/common/error_utils.h" |
11 #include "extensions/common/extensions_client.h" | 11 #include "extensions/common/extensions_client.h" |
12 #include "extensions/common/manifest.h" | 12 #include "extensions/common/manifest.h" |
13 #include "extensions/common/manifest_constants.h" | 13 #include "extensions/common/manifest_constants.h" |
14 #include "extensions/common/manifest_handlers/permissions_parser.h" | 14 #include "extensions/common/manifest_handlers/permissions_parser.h" |
15 #include "extensions/common/permissions/permission_message_provider.h" | 15 #include "extensions/common/permissions/permission_message_provider.h" |
16 #include "extensions/common/switches.h" | 16 #include "extensions/common/switches.h" |
17 #include "extensions/common/url_pattern_set.h" | 17 #include "extensions/common/url_pattern_set.h" |
18 #include "extensions/common/user_script.h" | 18 #include "extensions/common/user_script.h" |
19 #include "url/gurl.h" | 19 #include "url/gurl.h" |
| 20 #include "url/url_constants.h" |
20 | 21 |
21 namespace extensions { | 22 namespace extensions { |
22 | 23 |
23 namespace { | 24 namespace { |
24 | 25 |
25 PermissionsData::PolicyDelegate* g_policy_delegate = NULL; | 26 PermissionsData::PolicyDelegate* g_policy_delegate = NULL; |
26 | 27 |
27 // Returns true if this extension id is from a trusted provider. | 28 // Returns true if this extension id is from a trusted provider. |
28 bool ShouldSkipPermissionWarnings(const std::string& extension_id) { | 29 bool ShouldSkipPermissionWarnings(const std::string& extension_id) { |
29 // See http://b/4946060 for more details. | 30 // See http://b/4946060 for more details. |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
63 if (extension->location() == Manifest::COMPONENT) | 64 if (extension->location() == Manifest::COMPONENT) |
64 return true; | 65 return true; |
65 | 66 |
66 const ExtensionsClient::ScriptingWhitelist& whitelist = | 67 const ExtensionsClient::ScriptingWhitelist& whitelist = |
67 ExtensionsClient::Get()->GetScriptingWhitelist(); | 68 ExtensionsClient::Get()->GetScriptingWhitelist(); |
68 | 69 |
69 return std::find(whitelist.begin(), whitelist.end(), extension->id()) != | 70 return std::find(whitelist.begin(), whitelist.end(), extension->id()) != |
70 whitelist.end(); | 71 whitelist.end(); |
71 } | 72 } |
72 | 73 |
| 74 // static |
| 75 bool PermissionsData::IsRestrictedUrl(const GURL& document_url, |
| 76 const GURL& top_frame_url, |
| 77 const Extension* extension, |
| 78 std::string* error) { |
| 79 if (CanExecuteScriptEverywhere(extension)) |
| 80 return false; |
| 81 |
| 82 // Check if the scheme is valid for extensions. If not, return. |
| 83 if (!URLPattern::IsValidSchemeForExtensions(document_url.scheme()) && |
| 84 document_url.spec() != url::kAboutBlankURL) { |
| 85 if (error) { |
| 86 *error = ErrorUtils::FormatErrorMessage( |
| 87 manifest_errors::kCannotAccessPage, |
| 88 document_url.spec()); |
| 89 } |
| 90 return true; |
| 91 } |
| 92 |
| 93 if (!ExtensionsClient::Get()->IsScriptableURL(document_url, error)) |
| 94 return true; |
| 95 |
| 96 bool allow_on_chrome_urls = base::CommandLine::ForCurrentProcess()->HasSwitch( |
| 97 switches::kExtensionsOnChromeURLs); |
| 98 if (document_url.SchemeIs(content::kChromeUIScheme) && |
| 99 !allow_on_chrome_urls) { |
| 100 if (error) |
| 101 *error = manifest_errors::kCannotAccessChromeUrl; |
| 102 return true; |
| 103 } |
| 104 |
| 105 if (top_frame_url.SchemeIs(kExtensionScheme) && |
| 106 top_frame_url.host() != extension->id() && |
| 107 !allow_on_chrome_urls) { |
| 108 if (error) |
| 109 *error = manifest_errors::kCannotAccessExtensionUrl; |
| 110 return true; |
| 111 } |
| 112 |
| 113 return false; |
| 114 } |
| 115 |
73 void PermissionsData::SetActivePermissions( | 116 void PermissionsData::SetActivePermissions( |
74 const PermissionSet* permissions) const { | 117 const PermissionSet* permissions) const { |
75 base::AutoLock auto_lock(runtime_lock_); | 118 base::AutoLock auto_lock(runtime_lock_); |
76 active_permissions_unsafe_ = permissions; | 119 active_permissions_unsafe_ = permissions; |
77 } | 120 } |
78 | 121 |
79 void PermissionsData::UpdateTabSpecificPermissions( | 122 void PermissionsData::UpdateTabSpecificPermissions( |
80 int tab_id, | 123 int tab_id, |
81 scoped_refptr<const PermissionSet> permissions) const { | 124 scoped_refptr<const PermissionSet> permissions) const { |
82 base::AutoLock auto_lock(runtime_lock_); | 125 base::AutoLock auto_lock(runtime_lock_); |
(...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
276 int tab_id, | 319 int tab_id, |
277 int process_id, | 320 int process_id, |
278 const URLPatternSet& permitted_url_patterns, | 321 const URLPatternSet& permitted_url_patterns, |
279 std::string* error) const { | 322 std::string* error) const { |
280 if (g_policy_delegate && | 323 if (g_policy_delegate && |
281 !g_policy_delegate->CanExecuteScriptOnPage( | 324 !g_policy_delegate->CanExecuteScriptOnPage( |
282 extension, document_url, top_frame_url, tab_id, process_id, error)) { | 325 extension, document_url, top_frame_url, tab_id, process_id, error)) { |
283 return false; | 326 return false; |
284 } | 327 } |
285 | 328 |
286 bool can_execute_everywhere = CanExecuteScriptEverywhere(extension); | 329 if (IsRestrictedUrl(document_url, top_frame_url, extension, error)) |
287 if (!can_execute_everywhere && | |
288 !ExtensionsClient::Get()->IsScriptableURL(document_url, error)) { | |
289 return false; | 330 return false; |
290 } | |
291 | |
292 if (!base::CommandLine::ForCurrentProcess()->HasSwitch( | |
293 switches::kExtensionsOnChromeURLs)) { | |
294 if (document_url.SchemeIs(content::kChromeUIScheme) && | |
295 !can_execute_everywhere) { | |
296 if (error) | |
297 *error = manifest_errors::kCannotAccessChromeUrl; | |
298 return false; | |
299 } | |
300 } | |
301 | |
302 if (top_frame_url.SchemeIs(kExtensionScheme) && | |
303 top_frame_url.GetOrigin() != | |
304 Extension::GetBaseURLFromExtensionId(extension->id()).GetOrigin() && | |
305 !can_execute_everywhere) { | |
306 if (error) | |
307 *error = manifest_errors::kCannotAccessExtensionUrl; | |
308 return false; | |
309 } | |
310 | 331 |
311 if (HasTabSpecificPermissionToExecuteScript(tab_id, top_frame_url)) | 332 if (HasTabSpecificPermissionToExecuteScript(tab_id, top_frame_url)) |
312 return true; | 333 return true; |
313 | 334 |
314 bool can_access = permitted_url_patterns.MatchesURL(document_url); | 335 bool can_access = permitted_url_patterns.MatchesURL(document_url); |
315 | 336 |
316 if (!can_access && error) { | 337 if (!can_access && error) { |
317 *error = ErrorUtils::FormatErrorMessage(manifest_errors::kCannotAccessPage, | 338 *error = ErrorUtils::FormatErrorMessage(manifest_errors::kCannotAccessPage, |
318 document_url.spec()); | 339 document_url.spec()); |
319 } | 340 } |
320 | 341 |
321 return can_access; | 342 return can_access; |
322 } | 343 } |
323 | 344 |
324 } // namespace extensions | 345 } // namespace extensions |
OLD | NEW |