Have the Debugger extension api check that it has access to the tab

extensions/common/permissions/permissions_data.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/common/permissions/permissions_data.h"
 
 #include "base/command_line.h"
 #include "content/public/common/url_constants.h"
 #include "extensions/common/constants.h"
 #include "extensions/common/error_utils.h"
@@ skipping 52 matching lines @@
   if (extension->location() == Manifest::COMPONENT)
     return true;
 
   const ExtensionsClient::ScriptingWhitelist& whitelist =
       ExtensionsClient::Get()->GetScriptingWhitelist();
 
   return std::find(whitelist.begin(), whitelist.end(), extension->id()) !=
          whitelist.end();
 }
 
+// static
+bool PermissionsData::UrlIsRestricted(const GURL& document_url,

[meacer, 2014/06/25 21:24:25]

Would these schemes/urls be covered by this method?

- about:settings, about:version etc.
- view-source:
- data:
- chrome-devtools: (can you debug the debugger?)
- filesystem:
- mailto: or any external protocol (not sure what happens if you try to debug
them)

[not at google - send to devlin, 2014/06/25 21:26:27]

oh, good point. we should also check the whitelisted set of origins, which is
checked on extension installation, but we should check here tool.

[Devlin, 2014/06/25 23:30:00]

Done.

+                                      const GURL& top_frame_url,
+                                      const Extension* extension,
+                                      std::string* error) {
+  bool can_execute_everywhere = CanExecuteScriptEverywhere(extension);

[not at google - send to devlin, 2014/06/25 20:42:17]

this is a bit silly, because every condition checks
!can_execute_script_everywhere. so we can save a bunch of lines of code by just
doing

if (CanExecuteScriptEverywhere(extension)) {
  return false;
}

and not worry about |can_execute_script_everywhere|

[Devlin, 2014/06/25 23:30:00]

Done.

+  if (!can_execute_everywhere &&
+      !ExtensionsClient::Get()->IsScriptableURL(document_url, error)) {
+    return true;
+  }
+
+  bool has_switch = base::CommandLine::ForCurrentProcess()->HasSwitch(

[not at google - send to devlin, 2014/06/25 20:42:17]

please call this allow_chrome_urls or something.

[Devlin, 2014/06/25 23:30:00]

Done.

+                        switches::kExtensionsOnChromeURLs);
+  if (document_url.SchemeIs(content::kChromeUIScheme) &&
+      !can_execute_everywhere &&
+      !has_switch) {
+    if (error)
+      *error = manifest_errors::kCannotAccessChromeUrl;
+    return true;
+  }
+
+  if (top_frame_url.SchemeIs(kExtensionScheme) &&
+      top_frame_url.host() != extension->id() &&
+      !can_execute_everywhere &&
+      !has_switch) {
+    if (error)
+      *error = manifest_errors::kCannotAccessExtensionUrl;
+    return true;
+  }
+
+  return false;
+}
+
 void PermissionsData::SetActivePermissions(
     const PermissionSet* permissions) const {
   base::AutoLock auto_lock(runtime_lock_);
   active_permissions_unsafe_ = permissions;
 }
 
 void PermissionsData::UpdateTabSpecificPermissions(
     int tab_id,
     scoped_refptr<const PermissionSet> permissions) const {
   base::AutoLock auto_lock(runtime_lock_);
@@ skipping 193 matching lines @@
                                    int tab_id,
                                    int process_id,
                                    const URLPatternSet& permitted_url_patterns,
                                    std::string* error) const {
   if (g_policy_delegate &&
       !g_policy_delegate->CanExecuteScriptOnPage(
           extension, document_url, top_frame_url, tab_id, process_id, error)) {
     return false;
   }
 
-  bool can_execute_everywhere = CanExecuteScriptEverywhere(extension);
-  if (!can_execute_everywhere &&
-      !ExtensionsClient::Get()->IsScriptableURL(document_url, error)) {
+  if (UrlIsRestricted(document_url, top_frame_url, extension, error))
     return false;
-  }
-
-  if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kExtensionsOnChromeURLs)) {
-    if (document_url.SchemeIs(content::kChromeUIScheme) &&
-        !can_execute_everywhere) {
-      if (error)
-        *error = manifest_errors::kCannotAccessChromeUrl;
-      return false;
-    }
-  }
-
-  if (top_frame_url.SchemeIs(kExtensionScheme) &&
-      top_frame_url.GetOrigin() !=
-          Extension::GetBaseURLFromExtensionId(extension->id()).GetOrigin() &&
-      !can_execute_everywhere) {
-    if (error)
-      *error = manifest_errors::kCannotAccessExtensionUrl;
-    return false;
-  }
 
   if (HasTabSpecificPermissionToExecuteScript(tab_id, top_frame_url))
     return true;
 
   bool can_access = permitted_url_patterns.MatchesURL(document_url);
 
   if (!can_access && error) {
     *error = ErrorUtils::FormatErrorMessage(manifest_errors::kCannotAccessPage,
                                             document_url.spec());
   }
 
   return can_access;
 }
 
 }  // namespace extensions