Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(37)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/browser/extension_function_dispatcher.cc

Issue 427983003: Change the default implementation of ExtensionFunction::HasPermission to use (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: fix failures Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « extensions/browser/extension_function.cc ('k') | extensions/browser/process_map.h » ('j') | extensions/browser/process_map.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/browser/extension_function_dispatcher.cc
diff --git a/extensions/browser/extension_function_dispatcher.cc b/extensions/browser/extension_function_dispatcher.cc
index ee9651c247605c9778ffc0b43640aeaf46cfcaca..b26ef2d395ddd9a0417c2cb89389d1a58d101c4d 100644
--- a/extensions/browser/extension_function_dispatcher.cc
+++ b/extensions/browser/extension_function_dispatcher.cc
@@ -14,7 +14,6 @@
#include "base/values.h"
#include "build/build_config.h"
#include "content/public/browser/browser_thread.h"
-#include "content/public/browser/child_process_security_policy.h"
#include "content/public/browser/render_frame_host.h"
#include "content/public/browser/render_process_host.h"
#include "content/public/browser/render_view_host.h"
@@ -429,36 +428,6 @@ bool ExtensionFunctionDispatcher::CheckPermissions(
return true;
}
-namespace {
-
-// Only COMPONENT hosted apps may call extension APIs, and they are limited
-// to just the permissions they explicitly request. They should not have access
-// to extension APIs like eg chrome.runtime, chrome.windows, etc. that normally
-// are available without permission.
-// TODO(mpcomplete): move this to ExtensionFunction::HasPermission (or remove
-// it altogether).
-bool AllowHostedAppAPICall(const Extension& extension,
- const GURL& source_url,
- const std::string& function_name) {
- if (extension.location() != Manifest::COMPONENT)
- return false;
-
- if (!extension.web_extent().MatchesURL(source_url))
- return false;
-
- // Note: Not BLESSED_WEB_PAGE_CONTEXT here because these component hosted app
- // entities have traditionally been treated as blessed extensions, for better
- // or worse.
- Feature::Availability availability =
- ExtensionAPI::GetSharedInstance()->IsAvailable(
- function_name, &extension, Feature::BLESSED_EXTENSION_CONTEXT,
- source_url);
- return availability.is_available();
-}
-
-} // namespace
-
-
// static
ExtensionFunction* ExtensionFunctionDispatcher::CreateExtensionFunction(
const ExtensionHostMsg_Request_Params& params,
@@ -468,44 +437,6 @@ ExtensionFunction* ExtensionFunctionDispatcher::CreateExtensionFunction(
ExtensionAPI* api,
void* profile_id,
const ExtensionFunction::ResponseCallback& callback) {
- const char* disallowed_reason = NULL;
-
- if (extension) {
- // Extension is calling this API.
- if (extension->is_hosted_app() &&
- !AllowHostedAppAPICall(*extension, params.source_url, params.name)) {
- // Most hosted apps can't call APIs.
- disallowed_reason = "Hosted apps cannot call privileged APIs";
- } else if (!process_map.Contains(extension->id(), requesting_process_id) &&
- !api->IsAvailableInUntrustedContext(params.name, extension)) {
- // Privileged APIs can only be called from the process the extension
- // is running in.
- disallowed_reason =
- "Privileged APIs cannot be called from untrusted processes";
- }
- } else if (content::ChildProcessSecurityPolicy::GetInstance()
- ->HasWebUIBindings(requesting_process_id)) {
- // WebUI is calling this API.
- if (!api->IsAvailableToWebUI(params.name, params.source_url)) {
- disallowed_reason = "WebUI can only call webui-enabled APIs";
- }
- } else {
- // Web page is calling this API. However, the APIs that are available to
- // web pages (e.g. messaging) don't go through ExtensionFunctionDispatcher,
- // so this should be impossible.
- NOTREACHED();
- disallowed_reason = "Specified extension does not exist.";
- }
-
- if (disallowed_reason != NULL) {
- LOG(ERROR) << "Extension API call disallowed - name:" << params.name
- << ", pid:" << requesting_process_id
- << ", from URL: " << params.source_url.spec()
- << ", reason: " << disallowed_reason;
- SendAccessDenied(callback);
- return NULL;
- }
-
ExtensionFunction* function =
ExtensionFunctionRegistry::GetInstance()->NewFunction(params.name);
if (!function) {
@@ -523,6 +454,8 @@ ExtensionFunction* ExtensionFunctionDispatcher::CreateExtensionFunction(
function->set_profile_id(profile_id);
function->set_response_callback(callback);
function->set_source_tab_id(params.source_tab_id);
+ function->set_source_context_type(
+ process_map.GuessContextType(extension, requesting_process_id));
return function;
}
« no previous file with comments | « extensions/browser/extension_function.cc ('k') | extensions/browser/process_map.h » ('j') | extensions/browser/process_map.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698