Allow re-enabling of DISABLE_NOT_VERIFIED extensions if appropriate

chrome/browser/extensions/install_verifier.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/install_verifier.h"
 
 #include <algorithm>
 #include <string>
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram.h"
 #include "base/prefs/pref_service.h"
 #include "base/stl_util.h"
 #include "chrome/browser/extensions/extension_prefs.h"
 #include "chrome/browser/extensions/install_signer.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/extensions/manifest_url_handler.h"
 #include "chrome/common/pref_names.h"
 #include "content/public/common/content_switches.h"
 #include "extensions/common/manifest.h"
 #include "grit/generated_resources.h"
 #include "ui/base/l10n/l10n_util.h"
 
 namespace {
 
 enum VerifyStatus {
-  NONE = 0,       // Do not request install signatures, and do not enforce them.
-  BOOTSTRAP = 1,  // Request install signatures, but do not enforce them.
-  ENFORCE = 2     // Request install signatures, and enforce them.
+  NONE = 0,   // Do not request install signatures, and do not enforce them.
+  BOOTSTRAP,  // Request install signatures, but do not enforce them.
+  ENFORCE,    // Request install signatures, and enforce them.
 };
 
 #if defined(GOOGLE_CHROME_BUILD)
 const char kExperimentName[] = "ExtensionInstallVerification";
 #endif  // defined(GOOGLE_CHROME_BUILD)
 
 VerifyStatus GetExperimentStatus() {
 #if defined(GOOGLE_CHROME_BUILD)
   const std::string group = base::FieldTrialList::FindFullName(
       kExperimentName);
@@ skipping 74 matching lines @@
       DVLOG(1) << "Init - ignoring invalid signature";
     } else {
       signature_ = signature_from_prefs.Pass();
       UMA_HISTOGRAM_COUNTS("InstallVerifier.InitGoodSignature",
                            signature_->ids.size());
       GarbageCollect();
     }
   } else {
     UMA_HISTOGRAM_BOOLEAN("InstallVerifier.InitNoSignature", true);
   }
+}
 
-  if (!signature_.get() && ShouldFetchSignature()) {
-    // We didn't have any signature but are in fetch mode, so do a request for
-    // a signature if needed.
-    scoped_ptr<ExtensionPrefs::ExtensionsInfo> all_info =
-        prefs_->GetInstalledExtensionsInfo();
-    ExtensionIdSet to_add;
-    if (all_info.get()) {
-      for (ExtensionPrefs::ExtensionsInfo::const_iterator i = all_info->begin();
-           i != all_info->end(); ++i) {
-        const ExtensionInfo& info = **i;
-        const base::DictionaryValue* dictionary = info.extension_manifest.get();
-        if (dictionary && ManifestURL::UpdatesFromGallery(dictionary)) {
-          Manifest manifest(info.extension_location,
-                            scoped_ptr<DictionaryValue>(
-                                dictionary->DeepCopy()));
-          if (manifest.is_extension())
-            to_add.insert(info.extension_id);
-        }
-      }
-    }
-    if (to_add.empty()) {
-      // Write an empty signature so we don't have to redo this at next Init.
-      signature_.reset(new InstallSignature());
-      SaveToPrefs();
-    } else {
-      AddMany(to_add, AddResultCallback());
-    }
-  }
+bool InstallVerifier::NeedsBootstrap() {
+  return signature_.get() == NULL && ShouldFetchSignature();
 }
 
 void InstallVerifier::Add(const std::string& id,
                           const AddResultCallback& callback) {
   ExtensionIdSet ids;
   ids.insert(id);
   AddMany(ids, callback);
 }
 
 void InstallVerifier::AddMany(const ExtensionIdSet& ids,
                               const AddResultCallback& callback) {
-  if (!ShouldFetchSignature())
+  if (!ShouldFetchSignature()) {
+    if (!callback.is_null())
+      callback.Run(true);
     return;
+  }
 
   if (signature_.get()) {
     ExtensionIdSet not_allowed_yet =
         base::STLSetDifference<ExtensionIdSet>(ids, signature_->ids);
     if (not_allowed_yet.empty()) {
       if (!callback.is_null())
         callback.Run(true);
       return;
     }
   }
@@ skipping 56 matching lines @@
 }
 
 bool InstallVerifier::MustRemainDisabled(const Extension* extension,
                                          Extension::DisableReason* reason,
                                          base::string16* error) const {
   if (!extension->is_extension() ||
       Manifest::IsUnpackedLocation(extension->location()) ||
       AllowedByEnterprisePolicy(extension->id()))
     return false;
 
+  // If we don't have a signature yet, we'll temporarily consider every
+  // extension from the webstore verified to avoid false positives on existing
+  // profiles hitting this code for the first time, and rely on consumers of
+  // this class to check NeedsBootstrap() and schedule a first check so we can
+  // get a signature.
   bool verified =
       FromStore(extension) &&
-      IsVerified(extension->id()) &&
+      (signature_.get() == NULL || IsVerified(extension->id())) &&
       !ContainsKey(InstallSigner::GetForcedNotFromWebstore(), extension->id());
 
   if (!verified && !ShouldEnforce()) {
     if (signature_.get())
       UMA_HISTOGRAM_BOOLEAN("InstallVerifier.SignatureFailedButNotEnforcing",
                             true);
     return false;
   }
 
   if (!verified) {
@@ skipping 131 matching lines @@
   } else {
     signature_ = signature.Pass();
     SaveToPrefs();
 
     if (!provisional_.empty()) {
       // Update |provisional_| to remove ids that were successfully signed.
       provisional_ = base::STLSetDifference<ExtensionIdSet>(
           provisional_, signature_->ids);
     }
 
-    // See if we were able to sign all of |ids|.
-    ExtensionIdSet not_allowed =
-        base::STLSetDifference<ExtensionIdSet>(operation->ids,
-                                               signature_->ids);
-
-    UMA_HISTOGRAM_COUNTS_100("InstallVerifier.CallbackNotAllowed",
-                             not_allowed.size());
-
     if (!operation->callback.is_null())
-      operation->callback.Run(not_allowed.empty());
+      operation->callback.Run(success);
   }
 
   if (!operation_queue_.empty())
     BeginFetch();
 }
 
 
 }  // namespace extensions