Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(25)

Unified Diff: extensions/browser/sandboxed_unpacker.h

Issue 829583002: Validate hash_sha256 checksum on .crx update. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix unittest build for windows. Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « extensions/browser/crx_file_info.cc ('k') | extensions/browser/sandboxed_unpacker.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/browser/sandboxed_unpacker.h
diff --git a/extensions/browser/sandboxed_unpacker.h b/extensions/browser/sandboxed_unpacker.h
index 60a5bbdd4aa0b517857e283c22c11b4bcc92bb2a..398600bff8c466be15e45a6dcd1b2db5ff90c3d6 100644
--- a/extensions/browser/sandboxed_unpacker.h
+++ b/extensions/browser/sandboxed_unpacker.h
@@ -12,6 +12,7 @@
#include "base/memory/ref_counted.h"
#include "base/time/time.h"
#include "content/public/browser/utility_process_host_client.h"
+#include "extensions/browser/crx_file_info.h"
#include "extensions/common/manifest.h"
class SkBitmap;
@@ -21,6 +22,10 @@ class DictionaryValue;
class SequencedTaskRunner;
}
+namespace crypto {
+class SecureHash;
+}
+
namespace extensions {
class Extension;
@@ -79,7 +84,7 @@ class SandboxedUnpacker : public content::UtilityProcessHostClient {
// |client| with the result. If |run_out_of_process| is provided, unpacking
// is done in a sandboxed subprocess. Otherwise, it is done in-process.
SandboxedUnpacker(
- const base::FilePath& crx_path,
+ const CRXFileInfo& file,
Manifest::Location location,
int creation_flags,
const base::FilePath& extensions_dir,
@@ -148,6 +153,9 @@ class SandboxedUnpacker : public content::UtilityProcessHostClient {
ERROR_SERIALIZING_CATALOG,
ERROR_SAVING_CATALOG,
+ // SandboxedUnpacker::ValidateSignature()
+ CRX_HASH_VERIFICATION_FAILED,
+
NUM_FAILURE_REASONS
};
@@ -160,6 +168,11 @@ class SandboxedUnpacker : public content::UtilityProcessHostClient {
// Return true on success.
virtual bool CreateTempDirectory();
+ // Finalizes hash calculation and checks the result against the expected
+ // package hash. In case of mismatch, depending on the command-line option,
+ // we will either fail installation, or just update histograms.
+ bool FinalizeHash(scoped_ptr<crypto::SecureHash>& hash);
+
// Validates the signature of the extension and extract the key to
// |public_key_|. Returns true if the signature validates, false otherwise.
//
@@ -202,6 +215,12 @@ class SandboxedUnpacker : public content::UtilityProcessHostClient {
// The path to the CRX to unpack.
base::FilePath crx_path_;
+ // The package hash that was reported from the Web Store.
+ std::string package_hash_;
+
+ // Whether we need to check the .crx hash sum.
+ bool check_crx_hash_;
+
// Our client.
scoped_refptr<SandboxedUnpackerClient> client_;
« no previous file with comments | « extensions/browser/crx_file_info.cc ('k') | extensions/browser/sandboxed_unpacker.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698