OLD | NEW |
---|---|
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "extensions/common/permissions/permissions_data.h" | 5 #include "extensions/common/permissions/permissions_data.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "content/public/common/url_constants.h" | 8 #include "content/public/common/url_constants.h" |
9 #include "extensions/common/constants.h" | 9 #include "extensions/common/constants.h" |
10 #include "extensions/common/error_utils.h" | 10 #include "extensions/common/error_utils.h" |
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
63 if (extension->location() == Manifest::COMPONENT) | 63 if (extension->location() == Manifest::COMPONENT) |
64 return true; | 64 return true; |
65 | 65 |
66 const ExtensionsClient::ScriptingWhitelist& whitelist = | 66 const ExtensionsClient::ScriptingWhitelist& whitelist = |
67 ExtensionsClient::Get()->GetScriptingWhitelist(); | 67 ExtensionsClient::Get()->GetScriptingWhitelist(); |
68 | 68 |
69 return std::find(whitelist.begin(), whitelist.end(), extension->id()) != | 69 return std::find(whitelist.begin(), whitelist.end(), extension->id()) != |
70 whitelist.end(); | 70 whitelist.end(); |
71 } | 71 } |
72 | 72 |
73 // static | |
74 bool PermissionsData::UrlIsRestricted(const GURL& document_url, | |
meacer
2014/06/25 21:24:25
Would these schemes/urls be covered by this method
not at google - send to devlin
2014/06/25 21:26:27
oh, good point. we should also check the whitelist
Devlin
2014/06/25 23:30:00
Done.
| |
75 const GURL& top_frame_url, | |
76 const Extension* extension, | |
77 std::string* error) { | |
78 bool can_execute_everywhere = CanExecuteScriptEverywhere(extension); | |
not at google - send to devlin
2014/06/25 20:42:17
this is a bit silly, because every condition check
Devlin
2014/06/25 23:30:00
Done.
| |
79 if (!can_execute_everywhere && | |
80 !ExtensionsClient::Get()->IsScriptableURL(document_url, error)) { | |
81 return true; | |
82 } | |
83 | |
84 bool has_switch = base::CommandLine::ForCurrentProcess()->HasSwitch( | |
not at google - send to devlin
2014/06/25 20:42:17
please call this allow_chrome_urls or something.
Devlin
2014/06/25 23:30:00
Done.
| |
85 switches::kExtensionsOnChromeURLs); | |
86 if (document_url.SchemeIs(content::kChromeUIScheme) && | |
87 !can_execute_everywhere && | |
88 !has_switch) { | |
89 if (error) | |
90 *error = manifest_errors::kCannotAccessChromeUrl; | |
91 return true; | |
92 } | |
93 | |
94 if (top_frame_url.SchemeIs(kExtensionScheme) && | |
95 top_frame_url.host() != extension->id() && | |
96 !can_execute_everywhere && | |
97 !has_switch) { | |
98 if (error) | |
99 *error = manifest_errors::kCannotAccessExtensionUrl; | |
100 return true; | |
101 } | |
102 | |
103 return false; | |
104 } | |
105 | |
73 void PermissionsData::SetActivePermissions( | 106 void PermissionsData::SetActivePermissions( |
74 const PermissionSet* permissions) const { | 107 const PermissionSet* permissions) const { |
75 base::AutoLock auto_lock(runtime_lock_); | 108 base::AutoLock auto_lock(runtime_lock_); |
76 active_permissions_unsafe_ = permissions; | 109 active_permissions_unsafe_ = permissions; |
77 } | 110 } |
78 | 111 |
79 void PermissionsData::UpdateTabSpecificPermissions( | 112 void PermissionsData::UpdateTabSpecificPermissions( |
80 int tab_id, | 113 int tab_id, |
81 scoped_refptr<const PermissionSet> permissions) const { | 114 scoped_refptr<const PermissionSet> permissions) const { |
82 base::AutoLock auto_lock(runtime_lock_); | 115 base::AutoLock auto_lock(runtime_lock_); |
(...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
276 int tab_id, | 309 int tab_id, |
277 int process_id, | 310 int process_id, |
278 const URLPatternSet& permitted_url_patterns, | 311 const URLPatternSet& permitted_url_patterns, |
279 std::string* error) const { | 312 std::string* error) const { |
280 if (g_policy_delegate && | 313 if (g_policy_delegate && |
281 !g_policy_delegate->CanExecuteScriptOnPage( | 314 !g_policy_delegate->CanExecuteScriptOnPage( |
282 extension, document_url, top_frame_url, tab_id, process_id, error)) { | 315 extension, document_url, top_frame_url, tab_id, process_id, error)) { |
283 return false; | 316 return false; |
284 } | 317 } |
285 | 318 |
286 bool can_execute_everywhere = CanExecuteScriptEverywhere(extension); | 319 if (UrlIsRestricted(document_url, top_frame_url, extension, error)) |
287 if (!can_execute_everywhere && | |
288 !ExtensionsClient::Get()->IsScriptableURL(document_url, error)) { | |
289 return false; | 320 return false; |
290 } | |
291 | |
292 if (!base::CommandLine::ForCurrentProcess()->HasSwitch( | |
293 switches::kExtensionsOnChromeURLs)) { | |
294 if (document_url.SchemeIs(content::kChromeUIScheme) && | |
295 !can_execute_everywhere) { | |
296 if (error) | |
297 *error = manifest_errors::kCannotAccessChromeUrl; | |
298 return false; | |
299 } | |
300 } | |
301 | |
302 if (top_frame_url.SchemeIs(kExtensionScheme) && | |
303 top_frame_url.GetOrigin() != | |
304 Extension::GetBaseURLFromExtensionId(extension->id()).GetOrigin() && | |
305 !can_execute_everywhere) { | |
306 if (error) | |
307 *error = manifest_errors::kCannotAccessExtensionUrl; | |
308 return false; | |
309 } | |
310 | 321 |
311 if (HasTabSpecificPermissionToExecuteScript(tab_id, top_frame_url)) | 322 if (HasTabSpecificPermissionToExecuteScript(tab_id, top_frame_url)) |
312 return true; | 323 return true; |
313 | 324 |
314 bool can_access = permitted_url_patterns.MatchesURL(document_url); | 325 bool can_access = permitted_url_patterns.MatchesURL(document_url); |
315 | 326 |
316 if (!can_access && error) { | 327 if (!can_access && error) { |
317 *error = ErrorUtils::FormatErrorMessage(manifest_errors::kCannotAccessPage, | 328 *error = ErrorUtils::FormatErrorMessage(manifest_errors::kCannotAccessPage, |
318 document_url.spec()); | 329 document_url.spec()); |
319 } | 330 } |
320 | 331 |
321 return can_access; | 332 return can_access; |
322 } | 333 } |
323 | 334 |
324 } // namespace extensions | 335 } // namespace extensions |
OLD | NEW |