chromium/src
0
Fork 0
Code Activity

OOR-CORS: Move chrome specific origin permission code to ExtensionsClient

Browse Source 
Now Chrome specific origin permissions are handled in
extensions::DispatcherDelegate implementation in chrome/renderer/extensions.
To share this code with new callers in browser process, this change moves
the method to ExtensionsClient so that browser side callers can call it.

Bug: 870172
Change-Id: I0a55bd41b0eccb3450c7b6b32bc1fa5105ac3856
Reviewed-on: https://chromium-review.googlesource.com/c/1314018
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#606361}
This commit is contained in:
Takashi Toyoshima
2018-11-08 05:54:17 +00:00
committed by Commit Bot
parent 2c5768515d
commit e2d39810b3
9 changed files with 61 additions and 50 deletions

36
chrome/common/extensions/chrome_extensions_client.cc

@ -19,6 +19,7 @@
#include "chrome/common/extensions/chrome_extensions_api_provider.h"
#include "chrome/common/extensions/manifest_handlers/theme_handler.h"
#include "chrome/common/url_constants.h"
#include "chrome/common/webui_url_constants.h"
#include "chrome/grit/chromium_strings.h"
#include "components/version_info/version_info.h"
#include "content/public/common/url_constants.h"
@ -29,9 +30,11 @@
#include "extensions/common/extension_icon_set.h"
#include "extensions/common/extension_urls.h"
#include "extensions/common/features/feature_channel.h"
#include "extensions/common/manifest.h"
#include "extensions/common/manifest_constants.h"
#include "extensions/common/manifest_handlers/icons_handler.h"
#include "extensions/common/permissions/api_permission_set.h"
#include "extensions/common/permissions/permissions_data.h"
#include "extensions/common/url_pattern.h"
#include "extensions/common/url_pattern_set.h"
#include "ui/base/l10n/l10n_util.h"
@ -265,4 +268,37 @@ std::string ChromeExtensionsClient::GetUserAgent() const {
return ::GetUserAgent();
}
void ChromeExtensionsClient::AddOriginAccessPermissions(
const Extension& extension,
bool is_extension_active,
std::vector<network::mojom::CorsOriginPatternPtr>* origin_patterns) const {
// Allow component extensions to access chrome://theme/.
//
// We don't want to grant these permissions to inactive component extensions,
// to avoid granting them in "unblessed" (non-extension) processes. If a
// component extension somehow starts as inactive and becomes active later,
// we'll re-init the origin permissions, so there's no danger in being
// conservative. Components shouldn't be subject to enterprise policy controls
// or blocking access to the webstore so they get the highest priority
// allowlist entry.
if (extensions::Manifest::IsComponentLocation(extension.location()) &&
is_extension_active) {
origin_patterns->push_back(network::mojom::CorsOriginPattern::New(
content::kChromeUIScheme, chrome::kChromeUIThemeHost,
false /*allow_destination_subdomains*/,
network::mojom::CORSOriginAccessMatchPriority::kMaxPriority));
}
// TODO(jstritar): We should try to remove this special case. Also, these
// whitelist entries need to be updated when the kManagement permission
// changes.
if (is_extension_active && extension.permissions_data()->HasAPIPermission(
extensions::APIPermission::kManagement)) {
origin_patterns->push_back(network::mojom::CorsOriginPattern::New(
content::kChromeUIScheme, chrome::kChromeUIExtensionIconHost,
false /*allow_destination_subdomains*/,
network::mojom::CORSOriginAccessMatchPriority::kDefaultPriority));
}
}
} // namespace extensions

5
chrome/common/extensions/chrome_extensions_client.h

@ -47,6 +47,11 @@ class ChromeExtensionsClient : public ExtensionsClient {
const Extension* extension) override;
bool ExtensionAPIEnabledInExtensionServiceWorkers() const override;
std::string GetUserAgent() const override;
void AddOriginAccessPermissions(
const Extension& extension,
bool is_extension_active,
std::vector<network::mojom::CorsOriginPatternPtr>* origin_patterns)
const override;
private:
const ChromePermissionMessageProvider permission_message_provider_;

1
chrome/renderer/BUILD.gn

@ -360,6 +360,7 @@ jumbo_static_library("renderer") {
"//media/cast:net",
"//media/cast:receiver",
"//media/cast:sender",
"//services/network/public/cpp",
]
public_deps = [
"//ipc",

36
chrome/renderer/extensions/chrome_extensions_dispatcher_delegate.cc

@ -13,7 +13,6 @@
#include "chrome/common/channel_info.h"
#include "chrome/common/chrome_switches.h"
#include "chrome/common/crash_keys.h"
#include "chrome/common/url_constants.h"
#include "chrome/grit/renderer_resources.h"
#include "chrome/renderer/extensions/app_bindings.h"
#include "chrome/renderer/extensions/app_hooks_delegate.h"
@ -35,7 +34,6 @@
#include "extensions/common/features/feature_channel.h"
#include "extensions/common/permissions/manifest_permission_set.h"
#include "extensions/common/permissions/permission_set.h"
#include "extensions/common/permissions/permissions_data.h"
#include "extensions/common/switches.h"
#include "extensions/renderer/bindings/api_bindings_system.h"
#include "extensions/renderer/css_native_handler.h"
@ -65,40 +63,6 @@ ChromeExtensionsDispatcherDelegate::ChromeExtensionsDispatcherDelegate() {
ChromeExtensionsDispatcherDelegate::~ChromeExtensionsDispatcherDelegate() {
}
void ChromeExtensionsDispatcherDelegate::AddOriginAccessPermissions(
const extensions::Extension& extension,
bool is_extension_active) {
// Allow component extensions to access chrome://theme/.
//
// We don't want to grant these permissions to inactive component extensions,
// to avoid granting them in "unblessed" (non-extension) processes. If a
// component extension somehow starts as inactive and becomes active later,
// we'll re-init the origin permissions, so there's no danger in being
// conservative. Components shouldn't be subject to enterprise policy controls
// or blocking access to the webstore so they get the highest priority
// allowlist entry.
if (extensions::Manifest::IsComponentLocation(extension.location()) &&
is_extension_active) {
blink::WebSecurityPolicy::AddOriginAccessAllowListEntry(
extension.url(), blink::WebString::FromUTF8(content::kChromeUIScheme),
blink::WebString::FromUTF8(chrome::kChromeUIThemeHost),
false /*allow_destination_subdomains*/,
network::mojom::CORSOriginAccessMatchPriority::kMaxPriority);
}
// TODO(jstritar): We should try to remove this special case. Also, these
// whitelist entries need to be updated when the kManagement permission
// changes.
if (is_extension_active && extension.permissions_data()->HasAPIPermission(
extensions::APIPermission::kManagement)) {
blink::WebSecurityPolicy::AddOriginAccessAllowListEntry(
extension.url(), blink::WebString::FromUTF8(content::kChromeUIScheme),
blink::WebString::FromUTF8(chrome::kChromeUIExtensionIconHost),
false /*allow_destination_subdomains*/,
network::mojom::CORSOriginAccessMatchPriority::kDefaultPriority);
}
}
void ChromeExtensionsDispatcherDelegate::RegisterNativeHandlers(
extensions::Dispatcher* dispatcher,
extensions::ModuleSystem* module_system,

2
chrome/renderer/extensions/chrome_extensions_dispatcher_delegate.h

@ -16,8 +16,6 @@ class ChromeExtensionsDispatcherDelegate
private:
// extensions::DispatcherDelegate implementation.
void AddOriginAccessPermissions(const extensions::Extension& extension,
bool is_extension_active) override;
void RegisterNativeHandlers(
extensions::Dispatcher* dispatcher,
extensions::ModuleSystem* module_system,

5
extensions/common/extensions_client.cc

@ -109,6 +109,11 @@ std::string ExtensionsClient::GetUserAgent() const {
return std::string();
}
void ExtensionsClient::AddOriginAccessPermissions(
const Extension& extension,
bool is_extension_active,
std::vector<network::mojom::CorsOriginPatternPtr>* origin_patterns) const {}
void ExtensionsClient::DoInitialize() {
initialize_called_ = true;

8
extensions/common/extensions_client.h

@ -12,6 +12,7 @@
#include "base/strings/string_piece.h"
#include "extensions/common/permissions/api_permission_set.h"
#include "services/network/public/mojom/cors_origin_pattern.mojom.h"
class GURL;
@ -150,6 +151,13 @@ class ExtensionsClient {
// Returns the user agent used by the content module.
virtual std::string GetUserAgent() const;
// Adds client specific permitted origins to |origin_patterns| for
// cross-origin communication for an extension context.
virtual void AddOriginAccessPermissions(
const Extension& extension,
bool is_extension_active,
std::vector<network::mojom::CorsOriginPatternPtr>* origin_patterns) const;
private:
// Performs common initialization and calls Initialize() to allow subclasses
// to do any extra initialization.

12
extensions/renderer/dispatcher.cc

@ -38,6 +38,7 @@
#include "extensions/common/extension_features.h"
#include "extensions/common/extension_messages.h"
#include "extensions/common/extension_urls.h"
#include "extensions/common/extensions_client.h"
#include "extensions/common/features/behavior_feature.h"
#include "extensions/common/features/feature.h"
#include "extensions/common/features/feature_channel.h"
@ -1214,12 +1215,11 @@ void Dispatcher::UpdateOriginPermissions(const Extension& extension) {
// Remove all old patterns associated with this extension.
WebSecurityPolicy::ClearOriginAccessListForOrigin(extension.url());
// TODO(toyoshim): Change this delegate call to be available even from the
// browser process.
delegate_->AddOriginAccessPermissions(extension,
IsExtensionActive(extension.id()));
for (const auto& entry : CreateCorsOriginAccessAllowList(extension)) {
std::vector<network::mojom::CorsOriginPatternPtr> allow_list =
CreateCorsOriginAccessAllowList(extension);
ExtensionsClient::Get()->AddOriginAccessPermissions(
extension, IsExtensionActive(extension.id()), &allow_list);
for (const auto& entry : allow_list) {
WebSecurityPolicy::AddOriginAccessAllowListEntry(
extension.url(), WebString::FromUTF8(entry->protocol),
WebString::FromUTF8(entry->domain), entry->allow_subdomains,

6
extensions/renderer/dispatcher_delegate.h

@ -10,7 +10,6 @@
namespace extensions {
class Dispatcher;
class Extension;
class ExtensionBindingsSystem;
class ModuleSystem;
class NativeExtensionBindingsSystem;
@ -24,11 +23,6 @@ class DispatcherDelegate {
public:
virtual ~DispatcherDelegate() {}
// Adds any allowlisted entries for cross-origin communication for a newly
// created extension context.
virtual void AddOriginAccessPermissions(const Extension& extension,
bool is_extension_active) {}
// Includes additional native handlers in a ScriptContext's ModuleSystem.
virtual void RegisterNativeHandlers(Dispatcher* dispatcher,
ModuleSystem* module_system,