| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/extension_function_dispatcher.h" | 5 #include "extensions/browser/extension_function_dispatcher.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/json/json_string_value_serializer.h" | 8 #include "base/json/json_string_value_serializer.h" |
| 9 #include "base/lazy_instance.h" | 9 #include "base/lazy_instance.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 465 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 476 } else if (!process_map.Contains(extension->id(), requesting_process_id) && | 476 } else if (!process_map.Contains(extension->id(), requesting_process_id) && |
| 477 !api->IsAvailableInUntrustedContext(params.name, extension)) { | 477 !api->IsAvailableInUntrustedContext(params.name, extension)) { |
| 478 // Privileged APIs can only be called from the process the extension | 478 // Privileged APIs can only be called from the process the extension |
| 479 // is running in. | 479 // is running in. |
| 480 disallowed_reason = | 480 disallowed_reason = |
| 481 "Privileged APIs cannot be called from untrusted processes"; | 481 "Privileged APIs cannot be called from untrusted processes"; |
| 482 } | 482 } |
| 483 } else if (content::ChildProcessSecurityPolicy::GetInstance() | 483 } else if (content::ChildProcessSecurityPolicy::GetInstance() |
| 484 ->HasWebUIBindings(requesting_process_id)) { | 484 ->HasWebUIBindings(requesting_process_id)) { |
| 485 // WebUI is calling this API. | 485 // WebUI is calling this API. |
| 486 if (!api->IsAvailableToWebUI(params.name)) { | 486 if (!api->IsAvailableToWebUI(params.name, params.source_url)) { |
| 487 disallowed_reason = "WebUI can only call webui-enabled APIs"; | 487 disallowed_reason = "WebUI can only call webui-enabled APIs"; |
| 488 } | 488 } |
| 489 } else { | 489 } else { |
| 490 // Web page is calling this API. However, the APIs that are available to | 490 // Web page is calling this API. However, the APIs that are available to |
| 491 // web pages (e.g. messaging) don't go through ExtensionFunctionDispatcher, | 491 // web pages (e.g. messaging) don't go through ExtensionFunctionDispatcher, |
| 492 // so this should be impossible. | 492 // so this should be impossible. |
| 493 disallowed_reason = "Specified extension does not exist."; | 493 disallowed_reason = "Specified extension does not exist."; |
| 494 } | 494 } |
| 495 | 495 |
| 496 if (disallowed_reason != NULL) { | 496 if (disallowed_reason != NULL) { |
| (...skipping 28 matching lines...) Expand all Loading... |
| 525 | 525 |
| 526 // static | 526 // static |
| 527 void ExtensionFunctionDispatcher::SendAccessDenied( | 527 void ExtensionFunctionDispatcher::SendAccessDenied( |
| 528 const ExtensionFunction::ResponseCallback& callback) { | 528 const ExtensionFunction::ResponseCallback& callback) { |
| 529 base::ListValue empty_list; | 529 base::ListValue empty_list; |
| 530 callback.Run(ExtensionFunction::FAILED, empty_list, | 530 callback.Run(ExtensionFunction::FAILED, empty_list, |
| 531 "Access to extension API denied."); | 531 "Access to extension API denied."); |
| 532 } | 532 } |
| 533 | 533 |
| 534 } // namespace extensions | 534 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 411733002:
WIP: diff which plumbs through the event URL.
Base URL: svn://svn.chromium.org/chrome/trunk/src