Allow extension APIs to be called from WebUI.

extensions/browser/extension_function_dispatcher.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/browser/extension_function_dispatcher.h"
 
 #include "base/bind.h"
 #include "base/json/json_string_value_serializer.h"
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/memory/ref_counted.h"
 #include "base/metrics/sparse_histogram.h"
 #include "base/process/process.h"
 #include "base/values.h"
 #include "build/build_config.h"
 #include "content/public/browser/browser_thread.h"
+#include "content/public/browser/child_process_security_policy.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/user_metrics.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/browser/web_contents_observer.h"
 #include "content/public/common/result_codes.h"
 #include "extensions/browser/api_activity_monitor.h"
 #include "extensions/browser/extension_function_registry.h"
 #include "extensions/browser/extension_message_filter.h"
@@ skipping 224 matching lines @@
       function->AsIOThreadExtensionFunction();
   if (!function_io) {
     NOTREACHED();
     return;
   }
   function_io->set_ipc_sender(ipc_sender, routing_id);
   function_io->set_extension_info_map(extension_info_map);
   function->set_include_incognito(
       extension_info_map->IsIncognitoEnabled(extension->id()));
 
-  if (!CheckPermissions(function.get(), extension, params, callback))
+  if (!CheckPermissions(function.get(), params, callback))
     return;
 
   QuotaService* quota = extension_info_map->GetQuotaService();
   std::string violation_error = quota->Assess(extension->id(),
                                               function.get(),
                                               &params.arguments,
                                               base::TimeTicks::Now());
   if (violation_error.empty()) {
     scoped_ptr<base::ListValue> args(params.arguments.DeepCopy());
     NotifyApiFunctionCalled(extension->id(),
@@ skipping 30 matching lines @@
     ui_thread_response_callback_wrappers_[render_view_host] = callback_wrapper;
   } else {
     callback_wrapper = iter->second;
   }
 
   DispatchWithCallbackInternal(
       params, render_view_host, NULL,
       callback_wrapper->CreateCallback(params.request_id));
 }
 
-void ExtensionFunctionDispatcher::DispatchWithCallback(
-    const ExtensionHostMsg_Request_Params& params,
-    content::RenderFrameHost* render_frame_host,
-    const ExtensionFunction::ResponseCallback& callback) {
-  DispatchWithCallbackInternal(params, NULL, render_frame_host, callback);
-}
-
 void ExtensionFunctionDispatcher::DispatchWithCallbackInternal(
     const ExtensionHostMsg_Request_Params& params,
     RenderViewHost* render_view_host,
     content::RenderFrameHost* render_frame_host,
     const ExtensionFunction::ResponseCallback& callback) {
   DCHECK(render_view_host || render_frame_host);
   // TODO(yzshen): There is some shared logic between this method and
   // DispatchOnIOThread(). It is nice to deduplicate.
   ProcessMap* process_map = ProcessMap::Get(browser_context_);
   if (!process_map)
     return;
 
   ExtensionRegistry* registry = ExtensionRegistry::Get(browser_context_);
-  const Extension* extension = registry->enabled_extensions().GetByID(
-      params.extension_id);
+  const Extension* extension =
+      registry->enabled_extensions().GetByID(params.extension_id);
   if (!extension) {
     extension =
         registry->enabled_extensions().GetHostedAppByURL(params.source_url);
   }
 
   int process_id = render_view_host ? render_view_host->GetProcess()->GetID() :
                                       render_frame_host->GetProcess()->GetID();
   scoped_refptr<ExtensionFunction> function(
       CreateExtensionFunction(params,
                               extension,
@@ skipping 11 matching lines @@
     NOTREACHED();
     return;
   }
   if (render_view_host) {
     function_ui->SetRenderViewHost(render_view_host);
   } else {
     function_ui->SetRenderFrameHost(render_frame_host);
   }
   function_ui->set_dispatcher(AsWeakPtr());
   function_ui->set_browser_context(browser_context_);
-  function->set_include_incognito(
+  if (extension &&
       ExtensionsBrowserClient::Get()->CanExtensionCrossIncognito(
-          extension, browser_context_));
+          extension, browser_context_)) {
+    function->set_include_incognito(true);
+  }
 
-  if (!CheckPermissions(function.get(), extension, params, callback))
+  if (!CheckPermissions(function.get(), params, callback))
     return;
 
-  ExtensionSystem* extension_system = ExtensionSystem::Get(browser_context_);
-  QuotaService* quota = extension_system->quota_service();
-  std::string violation_error = quota->Assess(extension->id(),
-                                              function.get(),
-                                              &params.arguments,
-                                              base::TimeTicks::Now());
-  if (violation_error.empty()) {
-    scoped_ptr<base::ListValue> args(params.arguments.DeepCopy());
+  if (extension) {
+    ExtensionSystem* extension_system = ExtensionSystem::Get(browser_context_);
+    QuotaService* quota = extension_system->quota_service();
+    std::string violation_error = quota->Assess(extension->id(),
+                                                function.get(),
+                                                &params.arguments,
+                                                base::TimeTicks::Now());
 
-    NotifyApiFunctionCalled(
-        extension->id(), params.name, args.Pass(), browser_context_);
-    UMA_HISTOGRAM_SPARSE_SLOWLY("Extensions.FunctionCalls",
-                                function->histogram_value());
+    if (violation_error.empty()) {
+      scoped_ptr<base::ListValue> args(params.arguments.DeepCopy());
+
+      NotifyApiFunctionCalled(
+          extension->id(), params.name, args.Pass(), browser_context_);
+      UMA_HISTOGRAM_SPARSE_SLOWLY("Extensions.FunctionCalls",
+                                  function->histogram_value());
+      function->Run()->Execute();
+    } else {
+      function->OnQuotaExceeded(violation_error);
+    }
+
+    // Note: do not access |this| after this point. We may have been deleted
+    // if function->Run() ended up closing the tab that owns us.
+
+    // Check if extension was uninstalled by management.uninstall.
+    if (!registry->enabled_extensions().GetByID(params.extension_id))
+      return;
+
+    // We only adjust the keepalive count for UIThreadExtensionFunction for
+    // now, largely for simplicity's sake. This is OK because currently, only
+    // the webRequest API uses IOThreadExtensionFunction, and that API is not
+    // compatible with lazy background pages.
+    extension_system->process_manager()->IncrementLazyKeepaliveCount(extension);
+  } else {
+    // Skip all of the UMA, quota, event page, activity logging stuff if there
+    // isn't an extension.
     function->Run()->Execute();

[Charlie Reis, 2014/07/22 21:10:24]

Minor nit: Maybe this would be easier to read if we just put it in a "if
(!extension) { Execute; return; }" block on line 368, leaving the rest of the
block as it was?

[not at google - send to devlin, 2014/07/22 23:42:33]

Done.

-  } else {
-    function->OnQuotaExceeded(violation_error);
   }
-
-  // Note: do not access |this| after this point. We may have been deleted
-  // if function->Run() ended up closing the tab that owns us.
-
-  // Check if extension was uninstalled by management.uninstall.
-  if (!registry->enabled_extensions().GetByID(params.extension_id))
-    return;
-
-  // We only adjust the keepalive count for UIThreadExtensionFunction for
-  // now, largely for simplicity's sake. This is OK because currently, only
-  // the webRequest API uses IOThreadExtensionFunction, and that API is not
-  // compatible with lazy background pages.
-  extension_system->process_manager()->IncrementLazyKeepaliveCount(extension);
 }
 
 void ExtensionFunctionDispatcher::OnExtensionFunctionCompleted(
     const Extension* extension) {
-  ExtensionSystem::Get(browser_context_)->process_manager()->
-      DecrementLazyKeepaliveCount(extension);
+  if (extension) {
+    ExtensionSystem::Get(browser_context_)
+        ->process_manager()
+        ->DecrementLazyKeepaliveCount(extension);
+  }
 }
 
 // static
 bool ExtensionFunctionDispatcher::CheckPermissions(
     ExtensionFunction* function,
-    const Extension* extension,
     const ExtensionHostMsg_Request_Params& params,
     const ExtensionFunction::ResponseCallback& callback) {
   if (!function->HasPermission()) {
-    LOG(ERROR) << "Extension " << extension->id() << " does not have "
-               << "permission to function: " << params.name;
+    LOG(ERROR) << "Permission denied for " << params.name;
     SendAccessDenied(callback);
     return false;
   }
   return true;
 }
 
 namespace {
 
 // Only COMPONENT hosted apps may call extension APIs, and they are limited
 // to just the permissions they explicitly request. They should not have access
@@ skipping 25 matching lines @@
 
 // static
 ExtensionFunction* ExtensionFunctionDispatcher::CreateExtensionFunction(
     const ExtensionHostMsg_Request_Params& params,
     const Extension* extension,
     int requesting_process_id,
     const ProcessMap& process_map,
     ExtensionAPI* api,
     void* profile_id,
     const ExtensionFunction::ResponseCallback& callback) {
-  if (!extension) {
-    LOG(ERROR) << "Specified extension does not exist.";
+  const char* disallowed_reason = NULL;
+
+  if (extension) {
+    // Extension is calling this API.
+    if (extension->is_hosted_app() &&
+        !AllowHostedAppAPICall(*extension, params.source_url, params.name)) {
+      // Most hosted apps can't call APIs.
+      disallowed_reason = "Hosted apps cannot call privileged APIs";
+    } else if (!process_map.Contains(extension->id(), requesting_process_id) &&
+               !api->IsAvailableInUntrustedContext(params.name, extension)) {
+      // Privileged APIs can only be called from the process the extension
+      // is running in.
+      disallowed_reason =
+          "Privileged APIs cannot be called from untrusted processes";
+    }
+  } else if (content::ChildProcessSecurityPolicy::GetInstance()
+                 ->HasWebUIBindings(requesting_process_id)) {
+    // WebUI is calling this API.
+    if (!api->IsAvailableToWebUI(params.name)) {
+      disallowed_reason = "WebUI can only call webui-enabled APIs";
+    }
+  } else {
+    // Web page is calling this API. However, the APIs that are available to
+    // web pages (e.g. messaging) don't go through ExtensionFunctionDispatcher,
+    // so this should be impossible.
+    disallowed_reason = "Specified extension does not exist.";
+  }
+
+  if (disallowed_reason != NULL) {
+    LOG(ERROR) << "Extension API call disallowed - name:" << params.name
+               << ", pid:" << requesting_process_id
+               << ", from URL: " << params.source_url.spec()
+               << ", reason: " << disallowed_reason;
     SendAccessDenied(callback);
     return NULL;
   }
-
-  // Most hosted apps can't call APIs.
-  bool allowed = true;
-  if (extension->is_hosted_app())
-    allowed = AllowHostedAppAPICall(*extension, params.source_url, params.name);
-
-  // Privileged APIs can only be called from the process the extension
-  // is running in.
-  if (allowed && !api->IsAvailableInUntrustedContext(params.name, extension))
-    allowed = process_map.Contains(extension->id(), requesting_process_id);
-
-  if (!allowed) {
-    LOG(ERROR) << "Extension API call disallowed - name:" << params.name
-               << " pid:" << requesting_process_id
-               << " from URL " << params.source_url.spec();
-    SendAccessDenied(callback);
-    return NULL;
-  }
 
   ExtensionFunction* function =
       ExtensionFunctionRegistry::GetInstance()->NewFunction(params.name);
   if (!function) {
     LOG(ERROR) << "Unknown Extension API - " << params.name;
     SendAccessDenied(callback);
     return NULL;
   }
 
   function->SetArgs(&params.arguments);
@@ skipping 11 matching lines @@
 
 // static
 void ExtensionFunctionDispatcher::SendAccessDenied(
     const ExtensionFunction::ResponseCallback& callback) {
   base::ListValue empty_list;
   callback.Run(ExtensionFunction::FAILED, empty_list,
                "Access to extension API denied.");
 }
 
 }  // namespace extensions