Fix the origin access whitelist for extensions

extensions/renderer/dispatcher.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/renderer/dispatcher.h"
 
 #include "base/bind.h"
 #include "base/callback.h"
 #include "base/command_line.h"
 #include "base/debug/alias.h"
@@ skipping 253 matching lines @@
                                 frame->document().securityOrigin());
 
   ScriptContext* context =
       delegate_->CreateScriptContext(v8_context, frame, extension, context_type)
           .release();
   script_context_set_.Add(context);
 
   // Initialize origin permissions for content scripts, which can't be
   // initialized in |OnActivateExtension|.
   if (context_type == Feature::CONTENT_SCRIPT_CONTEXT)
-    UpdateOriginPermissions(extension);
+    InitOriginPermissions(extension);
 
   {
     scoped_ptr<ModuleSystem> module_system(
         new ModuleSystem(context, &source_map_));
     context->set_module_system(module_system.Pass());
   }
   ModuleSystem* module_system = context->module_system();
 
   // Enable natives in startup.
   ModuleSystem::NativesEnabledScope natives_enabled_scope(module_system);
@@ skipping 214 matching lines @@
   }
 
   // Initialize host permissions for any extensions that were activated before
   // WebKit was initialized.
   for (std::set<std::string>::iterator iter = active_extension_ids_.begin();
        iter != active_extension_ids_.end();
        ++iter) {
     const Extension* extension = extensions_.GetByID(*iter);
     CHECK(extension);
 
-    UpdateOriginPermissions(extension);
+    InitOriginPermissions(extension);
   }
 
   EnableCustomElementWhiteList();
 
   is_webkit_initialized_ = true;
 }
 
 void Dispatcher::IdleNotification() {
   if (is_extension_process_ && forced_idle_timer_) {
     // Dampen the forced delay as well if the extension stays idle for long
@@ skipping 38 matching lines @@
   active_extension_ids_.insert(extension_id);
 
   // This is called when starting a new extension page, so start the idle
   // handler ticking.
   RenderThread::Get()->ScheduleIdleHandler(kInitialExtensionIdleHandlerDelayMs);
 
   if (is_webkit_initialized_) {
     extensions::DOMActivityLogger::AttachToWorld(
         extensions::DOMActivityLogger::kMainWorldId, extension_id);
 
-    UpdateOriginPermissions(extension);
+    InitOriginPermissions(extension);
   }
 
   UpdateActiveExtensions();
 }
 
 void Dispatcher::OnCancelSuspend(const std::string& extension_id) {
   DispatchEvent(extension_id, kOnSuspendCanceledEvent);
 }
 
 void Dispatcher::OnClearTabSpecificPermissions(
@@ skipping 155 matching lines @@
     const ExtensionMsg_UpdatePermissions_Params& params) {
   const Extension* extension = extensions_.GetByID(params.extension_id);
   if (!extension)
     return;
 
   scoped_refptr<const PermissionSet> active =
       params.active_permissions.ToPermissionSet();
   scoped_refptr<const PermissionSet> withheld =
       params.withheld_permissions.ToPermissionSet();
 
+  if (is_webkit_initialized_) {
+    UpdateOriginPermissions(
+        extension,
+        active->effective_hosts(),
+        extension->permissions_data()->GetEffectiveHostPermissions());
+  }
+
   extension->permissions_data()->SetPermissions(active, withheld);
-  UpdateOriginPermissions(extension);
   UpdateBindings(extension->id());
 }
 
 void Dispatcher::OnUpdateTabSpecificPermissions(
     const GURL& url,
     int tab_id,
     const std::string& extension_id,
     const URLPatternSet& origin_set) {
   delegate_->UpdateTabSpecificPermissions(
       this, url, tab_id, extension_id, origin_set);
 }
 
 void Dispatcher::OnUsingWebRequestAPI(bool webrequest_used) {
   delegate_->HandleWebRequestAPIUsage(webrequest_used);
 }
 
 void Dispatcher::OnUserScriptsUpdated(
       const std::set<std::string>& changed_extensions,
       const std::vector<UserScript*>& scripts) {
   UpdateActiveExtensions();
 }
 
 void Dispatcher::UpdateActiveExtensions() {
   std::set<std::string> active_extensions = active_extension_ids_;
   user_script_set_->GetActiveExtensionIds(&active_extensions);
   delegate_->OnActiveExtensionsUpdated(active_extensions);
 }
 
-void Dispatcher::UpdateOriginPermissions(const Extension* extension) {
-  const URLPatternSet& hosts =
-      extension->permissions_data()->GetEffectiveHostPermissions();
-  WebSecurityPolicy::resetOriginAccessWhitelists();
+void Dispatcher::InitOriginPermissions(const Extension* extension) {
   delegate_->InitOriginPermissions(extension,
                                    IsExtensionActive(extension->id()));
-  for (URLPatternSet::const_iterator iter = hosts.begin(); iter != hosts.end();
-       ++iter) {
-    const char* schemes[] = {
-        url::kHttpScheme,
-        url::kHttpsScheme,
-        url::kFileScheme,
-        content::kChromeUIScheme,
-        url::kFtpScheme,
-    };
-    for (size_t j = 0; j < arraysize(schemes); ++j) {
-      if (iter->MatchesScheme(schemes[j])) {
+  UpdateOriginPermissions(
+      extension,
+      extension->permissions_data()->GetEffectiveHostPermissions(),
+      URLPatternSet());  // No old permissions.
+}
+
+void Dispatcher::UpdateOriginPermissions(
+    const Extension* extension,
+    const URLPatternSet& new_patterns,

[not at google - send to devlin, 2014/07/23 17:01:17]

nit: could you swap new_patterns and old_patterns? this order (new then old) is
opposite to what I expect.

[Devlin, 2014/07/23 17:20:58]

Done.

+    const URLPatternSet& old_patterns) {
+  static const char* kSchemes[] = {
+      url::kHttpScheme,
+      url::kHttpsScheme,
+      url::kFileScheme,
+      content::kChromeUIScheme,
+      url::kFtpScheme,
+  };
+  for (size_t i = 0; i < arraysize(kSchemes); ++i) {
+    const char* scheme = kSchemes[i];
+    // Remove all old patterns that aren't also in the new patterns.
+    for (URLPatternSet::const_iterator pattern = old_patterns.begin();
+         pattern != old_patterns.end(); ++pattern) {
+      if (pattern->MatchesScheme(scheme) &&
+          !new_patterns.ContainsPattern(*pattern)) {
+        WebSecurityPolicy::removeOriginAccessWhitelistEntry(
+            extension->url(),
+            WebString::fromUTF8(scheme),
+            WebString::fromUTF8(pattern->host()),
+            pattern->match_subdomains());
+      }
+    }
+    for (URLPatternSet::const_iterator pattern = new_patterns.begin();
+         pattern != new_patterns.end(); ++pattern) {
+      // Add any new patterns that weren't in the old patterns.

[not at google - send to devlin, 2014/07/23 17:01:17]

nit: this comment should be up a couple of lines to match the placement of the
other one

[Devlin, 2014/07/23 17:20:58]

Done.

+      if (pattern->MatchesScheme(scheme) &&
+          !old_patterns.ContainsPattern(*pattern)) {
         WebSecurityPolicy::addOriginAccessWhitelistEntry(
             extension->url(),
-            WebString::fromUTF8(schemes[j]),
-            WebString::fromUTF8(iter->host()),
-            iter->match_subdomains());
+            WebString::fromUTF8(scheme),
+            WebString::fromUTF8(pattern->host()),
+            pattern->match_subdomains());
       }
     }
   }
 }
 
 void Dispatcher::EnableCustomElementWhiteList() {
   blink::WebCustomElement::addEmbedderCustomElementName("webview");
   blink::WebCustomElement::addEmbedderCustomElementName("appview");
   blink::WebCustomElement::addEmbedderCustomElementName("appplugin");
   blink::WebCustomElement::addEmbedderCustomElementName("browserplugin");
@@ skipping 391 matching lines @@
     return v8::Handle<v8::Object>();
 
   if (bind_name)
     *bind_name = split.back();
 
   return bind_object.IsEmpty() ? AsObjectOrEmpty(GetOrCreateChrome(context))
                                : bind_object;
 }
 
 }  // namespace extensions