Skip to content

GitLab

T
tangled
Commit 2d174304 authored by mpcomplete@google.com's avatar mpcomplete@google.com
Browse files
Options

Disallow content scripts from running in a process containing the webstore. 

BUG=116128
TBR=asargent@chromium.org, thestig@chromium.org

Review URL: https://codereview.chromium.org/15929004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@202676 0039d316-1c4b-4281-b951-d872f2087c98
parent 57052bc3
Hide whitespace changes
Inline Side-by-side
Showing with 72 additions and 12 deletions
chrome/renderer/chrome_content_renderer_client.cc
View file @ 2d174304
......@@ -213,7 +213,8 @@ void ChromeContentRendererClient::RenderThreadStarted() {
chrome_observer_.reset(new ChromeRenderProcessObserver(this));
extension_dispatcher_.reset(new extensions::Dispatcher());
permissions_policy_delegate_.reset(
new extensions::RendererPermissionsPolicyDelegate());
new extensions::RendererPermissionsPolicyDelegate(
extension_dispatcher_.get()));
prescient_networking_dispatcher_.reset(new PrescientNetworkingDispatcher());
net_predictor_.reset(new RendererNetPredictor());
spellcheck_.reset(new SpellCheck());
......@@ -1058,6 +1059,9 @@ bool ChromeContentRendererClient::HandleSetCookieRequest(
void ChromeContentRendererClient::SetExtensionDispatcher(
extensions::Dispatcher* extension_dispatcher) {
extension_dispatcher_.reset(extension_dispatcher);
permissions_policy_delegate_.reset(
new extensions::RendererPermissionsPolicyDelegate(
extension_dispatcher_.get()));
}
bool ChromeContentRendererClient::CrossesExtensionExtents(
......
chrome/renderer/extensions/dispatcher.cc
View file @ 2d174304
......@@ -622,10 +622,14 @@ void Dispatcher::OnLoaded(
extension_load_errors_[i->id] = error;
continue;
}
extensions_.Insert(extension);
OnLoadedInternal(extension);
}
}
void Dispatcher::OnLoadedInternal(scoped_refptr<const Extension> extension) {
extensions_.Insert(extension);
}
void Dispatcher::OnUnloaded(const std::string& id) {
extensions_.Remove(id);
active_extension_ids_.erase(id);
......
chrome/renderer/extensions/dispatcher.h
View file @ 2d174304
......@@ -131,6 +131,8 @@ class Dispatcher : public content::RenderProcessObserver {
private:
friend class RenderViewTest;
FRIEND_TEST_ALL_PREFIXES(RendererPermissionsPolicyDelegateTest,
CannotScriptWebstore);
typedef void (*BindingInstaller)(ModuleSystem* module_system,
v8::Handle<v8::Object> chrome,
v8::Handle<v8::Object> chrome_hidden);
......@@ -155,6 +157,7 @@ class Dispatcher : public content::RenderProcessObserver {
void OnSetFunctionNames(const std::vector<std::string>& names);
void OnLoaded(
const std::vector<ExtensionMsg_Loaded_Params>& loaded_extensions);
void OnLoadedInternal(scoped_refptr<const Extension> extension);
void OnUnloaded(const std::string& id);
void OnSetScriptingWhitelist(
const Extension::ScriptingWhitelist& extension_ids);
......
chrome/renderer/extensions/renderer_permissions_policy_delegate.cc
View file @ 2d174304
......@@ -6,13 +6,16 @@
#include "base/command_line.h"
#include "chrome/common/chrome_switches.h"
#include "chrome/common/extensions/extension_constants.h"
#include "chrome/common/extensions/extension_manifest_constants.h"
#include "chrome/renderer/extensions/dispatcher.h"
namespace extensions {
namespace errors = extension_manifest_errors;
RendererPermissionsPolicyDelegate::RendererPermissionsPolicyDelegate() {
RendererPermissionsPolicyDelegate::RendererPermissionsPolicyDelegate(
Dispatcher* dispatcher) : dispatcher_(dispatcher) {
PermissionsData::SetPolicyDelegate(this);
}
RendererPermissionsPolicyDelegate::~RendererPermissionsPolicyDelegate() {
......@@ -33,6 +36,12 @@ bool RendererPermissionsPolicyDelegate::CanExecuteScriptOnPage(
return false;
}
if (dispatcher_->IsExtensionActive(extension_misc::kWebStoreAppId)) {
if (error)
*error = errors::kCannotScriptGallery;
return false;
}
return true;
}
......
chrome/renderer/extensions/renderer_permissions_policy_delegate.h
View file @ 2d174304
......@@ -9,11 +9,13 @@
namespace extensions {
class Dispatcher;
// Policy delegate for the renderer process.
class RendererPermissionsPolicyDelegate
: public PermissionsData::PolicyDelegate {
public:
RendererPermissionsPolicyDelegate();
explicit RendererPermissionsPolicyDelegate(Dispatcher* dispatcher);
virtual ~RendererPermissionsPolicyDelegate();
virtual bool CanExecuteScriptOnPage(const Extension* extension,
......@@ -24,6 +26,9 @@ class RendererPermissionsPolicyDelegate
int process_id,
std::string* error) OVERRIDE;
private:
Dispatcher* dispatcher_;
DISALLOW_COPY_AND_ASSIGN(RendererPermissionsPolicyDelegate);
};
......
chrome/renderer/extensions/renderer_permissions_policy_delegate_unittest.cc
View file @ 2d174304
......@@ -6,13 +6,12 @@
#include "chrome/common/chrome_switches.h"
#include "chrome/common/extensions/extension.h"
#include "chrome/common/extensions/extension_builder.h"
#include "chrome/common/extensions/extension_messages.h"
#include "chrome/common/extensions/permissions/permissions_data.h"
#include "chrome/renderer/extensions/dispatcher.h"
#include "chrome/renderer/extensions/renderer_permissions_policy_delegate.h"
#include "chrome/test/base/testing_browser_process.h"
#include "chrome/test/base/testing_profile.h"
#include "chrome/test/base/testing_profile_manager.h"
#include "content/public/test/mock_render_process_host.h"
#include "content/public/test/test_browser_thread.h"
#include "content/public/test/mock_render_thread.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace extensions {
......@@ -20,14 +19,20 @@ namespace extensions {
namespace {
class RendererPermissionsPolicyDelegateTest : public testing::Test {
public:
public:
RendererPermissionsPolicyDelegateTest() {
}
virtual void SetUp() {
policy_delegate_.reset(new RendererPermissionsPolicyDelegate());
testing::Test::SetUp();
render_thread_.reset(new content::MockRenderThread());
extension_dispatcher_.reset(new Dispatcher());
policy_delegate_.reset(
new RendererPermissionsPolicyDelegate(extension_dispatcher_.get()));
}
protected:
protected:
scoped_ptr<Dispatcher> extension_dispatcher_;
scoped_ptr<RendererPermissionsPolicyDelegate> policy_delegate_;
scoped_ptr<content::MockRenderThread> render_thread_;
};
scoped_refptr<const Extension> CreateTestExtension(const std::string& id) {
......@@ -45,7 +50,7 @@ scoped_refptr<const Extension> CreateTestExtension(const std::string& id) {
// Tests that CanExecuteScriptOnPage returns false for the signin process,
// all else being equal.
TEST_F(RendererPermissionsPolicyDelegateTest, CanExecuteScriptOnPage) {
TEST_F(RendererPermissionsPolicyDelegateTest, CannotScriptSigninProcess) {
GURL kSigninUrl(
"https://accounts.google.com/ServiceLogin?service=chromiumsync");
scoped_refptr<const Extension> extension(CreateTestExtension("a"));
......@@ -70,4 +75,34 @@ TEST_F(RendererPermissionsPolicyDelegateTest, CanExecuteScriptOnPage) {
&error)) << error;
}
// Tests that CanExecuteScriptOnPage returns false for the any process
// which hosts the webstore.
TEST_F(RendererPermissionsPolicyDelegateTest, CannotScriptWebstore) {
GURL kAnyUrl("http://example.com/");
scoped_refptr<const Extension> extension(CreateTestExtension("a"));
std::string error;
EXPECT_TRUE(PermissionsData::CanExecuteScriptOnPage(extension,
kAnyUrl,
kAnyUrl,
-1,
NULL,
-1,
&error)) << error;
// Pretend we are in the webstore process. We should not be able to execute
// script.
scoped_refptr<const Extension> webstore_extension(
CreateTestExtension(extension_misc::kWebStoreAppId));
extension_dispatcher_->OnLoadedInternal(webstore_extension);
extension_dispatcher_->OnActivateExtension(extension_misc::kWebStoreAppId);
EXPECT_FALSE(PermissionsData::CanExecuteScriptOnPage(extension,
kAnyUrl,
kAnyUrl,
-1,
NULL,
-1,
&error)) << error;
}
} // namespace extensions
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment