| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/common/manifest_handlers/permissions_parser.h" | 5 #include "extensions/common/manifest_handlers/permissions_parser.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 9 #include "base/strings/utf_string_conversions.h" | 9 #include "base/strings/utf_string_conversions.h" |
| 10 #include "base/values.h" | 10 #include "base/values.h" |
| (...skipping 28 matching lines...) Expand all Loading... |
| 39 }; | 39 }; |
| 40 | 40 |
| 41 ManifestPermissions::ManifestPermissions( | 41 ManifestPermissions::ManifestPermissions( |
| 42 scoped_refptr<const PermissionSet> permissions) | 42 scoped_refptr<const PermissionSet> permissions) |
| 43 : permissions(permissions) { | 43 : permissions(permissions) { |
| 44 } | 44 } |
| 45 | 45 |
| 46 ManifestPermissions::~ManifestPermissions() { | 46 ManifestPermissions::~ManifestPermissions() { |
| 47 } | 47 } |
| 48 | 48 |
| 49 // Custom checks for the experimental permission that can't be expressed in | |
| 50 // _permission_features.json. | |
| 51 bool CanSpecifyExperimentalPermission(const Extension* extension) { | |
| 52 if (extension->location() == Manifest::COMPONENT) | |
| 53 return true; | |
| 54 | |
| 55 if (CommandLine::ForCurrentProcess()->HasSwitch( | |
| 56 switches::kEnableExperimentalExtensionApis)) { | |
| 57 return true; | |
| 58 } | |
| 59 | |
| 60 // We rely on the webstore to check access to experimental. This way we can | |
| 61 // whitelist extensions to have access to experimental in just the store, and | |
| 62 // not have to push a new version of the client. | |
| 63 if (extension->from_webstore()) | |
| 64 return true; | |
| 65 | |
| 66 return false; | |
| 67 } | |
| 68 | |
| 69 // Checks whether the host |pattern| is allowed for the given |extension|, | 49 // Checks whether the host |pattern| is allowed for the given |extension|, |
| 70 // given API permissions |permissions|. | 50 // given API permissions |permissions|. |
| 71 bool CanSpecifyHostPermission(const Extension* extension, | 51 bool CanSpecifyHostPermission(const Extension* extension, |
| 72 const URLPattern& pattern, | 52 const URLPattern& pattern, |
| 73 const APIPermissionSet& permissions) { | 53 const APIPermissionSet& permissions) { |
| 74 if (!pattern.match_all_urls() && | 54 if (!pattern.match_all_urls() && |
| 75 pattern.MatchesScheme(content::kChromeUIScheme)) { | 55 pattern.MatchesScheme(content::kChromeUIScheme)) { |
| 76 URLPatternSet chrome_scheme_hosts = | 56 URLPatternSet chrome_scheme_hosts = |
| 77 ExtensionsClient::Get()->GetPermittedChromeSchemeHosts(extension, | 57 ExtensionsClient::Get()->GetPermittedChromeSchemeHosts(extension, |
| 78 permissions); | 58 permissions); |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 139 | 119 |
| 140 // The feature should exist since we just got an APIPermission for it. The | 120 // The feature should exist since we just got an APIPermission for it. The |
| 141 // two systems should be updated together whenever a permission is added. | 121 // two systems should be updated together whenever a permission is added. |
| 142 DCHECK(feature) << "Could not find feature for " << iter->name(); | 122 DCHECK(feature) << "Could not find feature for " << iter->name(); |
| 143 // http://crbug.com/176381 | 123 // http://crbug.com/176381 |
| 144 if (!feature) { | 124 if (!feature) { |
| 145 to_remove.push_back(iter->id()); | 125 to_remove.push_back(iter->id()); |
| 146 continue; | 126 continue; |
| 147 } | 127 } |
| 148 | 128 |
| 129 // Sneaky check for "experimental", which we always allow for extensions |
| 130 // installed from the Webstore. This way we can whitelist extensions to |
| 131 // have access to experimental in just the store, and not have to push a |
| 132 // new version of the client. Otherwise, experimental goes through the |
| 133 // usual features check. |
| 134 if (iter->id() == APIPermission::kExperimental && |
| 135 extension->from_webstore()) { |
| 136 continue; |
| 137 } |
| 138 |
| 149 Feature::Availability availability = | 139 Feature::Availability availability = |
| 150 feature->IsAvailableToExtension(extension); | 140 feature->IsAvailableToExtension(extension); |
| 151 if (!availability.is_available()) { | 141 if (!availability.is_available()) { |
| 152 // Don't fail, but warn the developer that the manifest contains | 142 // Don't fail, but warn the developer that the manifest contains |
| 153 // unrecognized permissions. This may happen legitimately if the | 143 // unrecognized permissions. This may happen legitimately if the |
| 154 // extensions requests platform- or channel-specific permissions. | 144 // extensions requests platform- or channel-specific permissions. |
| 155 extension->AddInstallWarning( | 145 extension->AddInstallWarning( |
| 156 InstallWarning(availability.message(), feature->name())); | 146 InstallWarning(availability.message(), feature->name())); |
| 157 to_remove.push_back(iter->id()); | 147 to_remove.push_back(iter->id()); |
| 158 continue; | 148 continue; |
| 159 } | 149 } |
| 160 | |
| 161 if (iter->id() == APIPermission::kExperimental) { | |
| 162 if (!CanSpecifyExperimentalPermission(extension)) { | |
| 163 *error = base::ASCIIToUTF16(errors::kExperimentalFlagRequired); | |
| 164 return false; | |
| 165 } | |
| 166 } | |
| 167 } | 150 } |
| 168 | 151 |
| 169 api_permissions->AddImpliedPermissions(); | 152 api_permissions->AddImpliedPermissions(); |
| 170 | 153 |
| 171 // Remove permissions that are not available to this extension. | 154 // Remove permissions that are not available to this extension. |
| 172 for (std::vector<APIPermission::ID>::const_iterator iter = to_remove.begin(); | 155 for (std::vector<APIPermission::ID>::const_iterator iter = to_remove.begin(); |
| 173 iter != to_remove.end(); | 156 iter != to_remove.end(); |
| 174 ++iter) { | 157 ++iter) { |
| 175 api_permissions->erase(*iter); | 158 api_permissions->erase(*iter); |
| 176 } | 159 } |
| (...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 348 // static | 331 // static |
| 349 scoped_refptr<const PermissionSet> PermissionsParser::GetOptionalPermissions( | 332 scoped_refptr<const PermissionSet> PermissionsParser::GetOptionalPermissions( |
| 350 const Extension* extension) { | 333 const Extension* extension) { |
| 351 DCHECK(extension->GetManifestData(keys::kOptionalPermissions)); | 334 DCHECK(extension->GetManifestData(keys::kOptionalPermissions)); |
| 352 return static_cast<const ManifestPermissions*>( | 335 return static_cast<const ManifestPermissions*>( |
| 353 extension->GetManifestData(keys::kOptionalPermissions)) | 336 extension->GetManifestData(keys::kOptionalPermissions)) |
| 354 ->permissions; | 337 ->permissions; |
| 355 } | 338 } |
| 356 | 339 |
| 357 } // namespace extensions | 340 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 801603002:
Add support for command line switches to Features, and as proof that it works, (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master