| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/plugins/chrome_content_browser_client_plugins_part.h" |
| 6 |
| 7 #include "chrome/browser/extensions/extension_service.h" |
| 8 #include "chrome/browser/plugins/plugin_info_message_filter.h" |
| 9 #include "chrome/browser/profiles/profile.h" |
| 10 #include "chrome/common/chrome_switches.h" |
| 11 #include "chrome/common/chrome_version_info.h" |
| 12 #include "chrome/common/pepper_permission_util.h" |
| 13 #include "content/public/browser/render_process_host.h" |
| 14 #include "extensions/browser/extension_system.h" |
| 15 #include "extensions/common/constants.h" |
| 16 #include "extensions/common/permissions/permissions_data.h" |
| 17 #include "extensions/common/permissions/socket_permission.h" |
| 18 |
| 19 using namespace extensions; |
| 20 |
| 21 namespace plugins { |
| 22 |
| 23 // TODO(teravest): Add renderer-side API-specific checking for these APIs so |
| 24 // that blanket permission isn't granted to all dev channel APIs for these. |
| 25 // http://crbug.com/386743 |
| 26 const char* const kPredefinedAllowedDevChannelOrigins[] = { |
| 27 "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F", // see crbug.com/383937 |
| 28 "4EB74897CB187C7633357C2FE832E0AD6A44883A" // see crbug.com/383937 |
| 29 }; |
| 30 |
| 31 const char* const kPredefinedAllowedFileHandleOrigins[] = { |
| 32 "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F", // see crbug.com/234789 |
| 33 "4EB74897CB187C7633357C2FE832E0AD6A44883A" // see crbug.com/234789 |
| 34 }; |
| 35 |
| 36 const char* const kPredefinedAllowedSocketOrigins[] = { |
| 37 "okddffdblfhhnmhodogpojmfkjmhinfp", // Test SSH Client |
| 38 "pnhechapfaindjhompbnflcldabbghjo", // HTerm App (SSH Client) |
| 39 "bglhmjfplikpjnfoegeomebmfnkjomhe", // see crbug.com/122126 |
| 40 "gbchcmhmhahfdphkhkmpfmihenigjmpp", // Chrome Remote Desktop |
| 41 "kgngmbheleoaphbjbaiobfdepmghbfah", // Pre-release Chrome Remote Desktop |
| 42 "odkaodonbgfohohmklejpjiejmcipmib", // Dogfood Chrome Remote Desktop |
| 43 "ojoimpklfciegopdfgeenehpalipignm", // Chromoting canary |
| 44 "cbkkbcmdlboombapidmoeolnmdacpkch", // see crbug.com/129089 |
| 45 "hhnbmknkdabfoieppbbljkhkfjcmcbjh", // see crbug.com/134099 |
| 46 "mablfbjkhmhkmefkjjacnbaikjkipphg", // see crbug.com/134099 |
| 47 "pdeelgamlgannhelgoegilelnnojegoh", // see crbug.com/134099 |
| 48 "cabapfdbkniadpollkckdnedaanlciaj", // see crbug.com/134099 |
| 49 "mapljbgnjledlpdmlchihnmeclmefbba", // see crbug.com/134099 |
| 50 "ghbfeebgmiidnnmeobbbaiamklmpbpii", // see crbug.com/134099 |
| 51 "jdfhpkjeckflbbleddjlpimecpbjdeep", // see crbug.com/142514 |
| 52 "iabmpiboiopbgfabjmgeedhcmjenhbla", // see crbug.com/165080 |
| 53 "B7CF8A292249681AF81771650BA4CEEAF19A4560", // see crbug.com/165080 |
| 54 "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F", // see crbug.com/234789 |
| 55 "4EB74897CB187C7633357C2FE832E0AD6A44883A", // see crbug.com/234789 |
| 56 "7525AF4F66763A70A883C4700529F647B470E4D2", // see crbug.com/238084 |
| 57 "0B549507088E1564D672F7942EB87CA4DAD73972", // see crbug.com/238084 |
| 58 "864288364E239573E777D3E0E36864E590E95C74" // see crbug.com/238084 |
| 59 }; |
| 60 |
| 61 ChromeContentBrowserClientPluginsPart::ChromeContentBrowserClientPluginsPart() { |
| 62 for (size_t i = 0; i < arraysize(kPredefinedAllowedDevChannelOrigins); ++i) |
| 63 allowed_dev_channel_origins_.insert(kPredefinedAllowedDevChannelOrigins[i]); |
| 64 for (size_t i = 0; i < arraysize(kPredefinedAllowedFileHandleOrigins); ++i) |
| 65 allowed_file_handle_origins_.insert(kPredefinedAllowedFileHandleOrigins[i]); |
| 66 for (size_t i = 0; i < arraysize(kPredefinedAllowedSocketOrigins); ++i) |
| 67 allowed_socket_origins_.insert(kPredefinedAllowedSocketOrigins[i]); |
| 68 } |
| 69 |
| 70 ChromeContentBrowserClientPluginsPart:: |
| 71 ~ChromeContentBrowserClientPluginsPart() { |
| 72 } |
| 73 |
| 74 void ChromeContentBrowserClientPluginsPart::RenderProcessWillLaunch( |
| 75 content::RenderProcessHost* host) { |
| 76 int id = host->GetID(); |
| 77 Profile* profile = Profile::FromBrowserContext(host->GetBrowserContext()); |
| 78 host->AddFilter(new PluginInfoMessageFilter(id, profile)); |
| 79 } |
| 80 |
| 81 bool |
| 82 ChromeContentBrowserClientPluginsPart::IsPluginAllowedToCallRequestOSFileHandle( |
| 83 content::BrowserContext* browser_context, |
| 84 const GURL& url) { |
| 85 const extensions::ExtensionSet* extension_set = NULL; |
| 86 |
| 87 const ExtensionService* ext_service = |
| 88 extensions::ExtensionSystem::Get(browser_context)->extension_service(); |
| 89 if (ext_service) { |
| 90 extension_set = ext_service->extensions(); |
| 91 } |
| 92 return chrome::IsExtensionOrSharedModuleWhitelisted( |
| 93 url, extension_set, allowed_file_handle_origins_) || |
| 94 chrome::IsHostAllowedByCommandLine( |
| 95 url, extension_set, ::switches::kAllowNaClFileHandleAPI); |
| 96 } |
| 97 |
| 98 bool ChromeContentBrowserClientPluginsPart::AllowPepperSocketAPI( |
| 99 content::BrowserContext* browser_context, |
| 100 const GURL& url, |
| 101 bool private_api, |
| 102 const content::SocketPermissionRequest* params) { |
| 103 const extensions::ExtensionSet* extension_set = NULL; |
| 104 const ExtensionService* ext_service = |
| 105 extensions::ExtensionSystem::Get(browser_context)->extension_service(); |
| 106 if (ext_service) { |
| 107 extension_set = ext_service->extensions(); |
| 108 } |
| 109 |
| 110 if (private_api) { |
| 111 // Access to private socket APIs is controlled by the whitelist. |
| 112 if (chrome::IsExtensionOrSharedModuleWhitelisted( |
| 113 url, extension_set, allowed_socket_origins_)) { |
| 114 return true; |
| 115 } |
| 116 } else { |
| 117 // Access to public socket APIs is controlled by extension permissions. |
| 118 if (url.is_valid() && url.SchemeIs(extensions::kExtensionScheme) && |
| 119 extension_set) { |
| 120 const Extension* extension = extension_set->GetByID(url.host()); |
| 121 if (extension) { |
| 122 const extensions::PermissionsData* permissions_data = |
| 123 extension->permissions_data(); |
| 124 if (params) { |
| 125 extensions::SocketPermission::CheckParam check_params( |
| 126 params->type, params->host, params->port); |
| 127 if (permissions_data->CheckAPIPermissionWithParam( |
| 128 extensions::APIPermission::kSocket, &check_params)) { |
| 129 return true; |
| 130 } |
| 131 } else if (permissions_data->HasAPIPermission( |
| 132 extensions::APIPermission::kSocket)) { |
| 133 return true; |
| 134 } |
| 135 } |
| 136 } |
| 137 } |
| 138 |
| 139 // Allow both public and private APIs if the command line says so. |
| 140 return chrome::IsHostAllowedByCommandLine( |
| 141 url, extension_set, ::switches::kAllowNaClSocketAPI); |
| 142 } |
| 143 |
| 144 bool ChromeContentBrowserClientPluginsPart::IsPluginAllowedToUseDevChannelAPIs( |
| 145 content::BrowserContext* browser_context, |
| 146 const GURL& url) { |
| 147 const extensions::ExtensionSet* extension_set = NULL; |
| 148 const ExtensionService* ext_service = |
| 149 extensions::ExtensionSystem::Get(browser_context)->extension_service(); |
| 150 if (ext_service) { |
| 151 extension_set = ext_service->extensions(); |
| 152 } |
| 153 |
| 154 // Allow access for whitelisted applications. |
| 155 if (chrome::IsExtensionOrSharedModuleWhitelisted( |
| 156 url, extension_set, allowed_dev_channel_origins_)) { |
| 157 return true; |
| 158 } |
| 159 |
| 160 chrome::VersionInfo::Channel channel = chrome::VersionInfo::GetChannel(); |
| 161 // Allow dev channel APIs to be used on "Canary", "Dev", and "Unknown" |
| 162 // releases of Chrome. Permitting "Unknown" allows these APIs to be used on |
| 163 // Chromium builds as well. |
| 164 return channel <= chrome::VersionInfo::CHANNEL_DEV; |
| 165 } |
| 166 |
| 167 } // namespace plugins |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 591063003:
Split ChromeContentBrowserClient into smaller parts. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master