Only allow --install-chrome-app to install apps.

This prevents --install-chrome-app from being used to install malicious extensions. BUG=341353 Review URL: https://codereview.chromium.org/434843002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@287261 0039d316-1c4b-4281-b951-d872f2087c98

Only allow --install-chrome-app to install apps.
This prevents --install-chrome-app from being used to install malicious extensions. BUG=341353 Review URL: https://codereview.chromium.org/434843002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@287261 0039d316-1c4b-4281-b951-d872f2087c98
9bb759a1 · jackhou@chromium.org · 36cff5fd · 9bb759a1
Commit 9bb759a1 authored Aug 03, 2014 by jackhou@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 42 additions and 6 deletions

chrome/browser/apps/install_chrome_app.cc chrome/browser/apps/install_chrome_app.cc +42 -6

No files found.
--- a/chrome/browser/apps/install_chrome_app.cc
+++ b/chrome/browser/apps/install_chrome_app.cc
@@ -14,8 +14,10 @@
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_list.h"
 #include "chrome/browser/ui/browser_window.h"
+#include "chrome/common/extensions/webstore_install_result.h"
 #include "extensions/browser/extension_registry.h"
 #include "extensions/common/extension.h"
+#include "extensions/common/manifest_constants.h"
 using extensions::ExtensionRegistry;
@@ -25,11 +27,48 @@ namespace {
 const char kWebstoreUrlFormat[] =
    "https://chrome.google.com/webstore/detail/%s";
+// Error given when the extension is not an app.
+const char kInstallChromeAppErrorNotAnApp[] =
+    "--install-chrome-app can only be used to install apps.";
 // Returns the webstore URL for an app.
 GURL GetAppInstallUrl(const std::string& app_id) {
  return GURL(base::StringPrintf(kWebstoreUrlFormat, app_id.c_str()));
 }
+// Checks the manifest and completes the installation with NOT_PERMITTED if the
+// extension is not an app.
+class WebstoreInstallWithPromptAppsOnly
+    : public extensions::WebstoreInstallWithPrompt {
+ public:
+  WebstoreInstallWithPromptAppsOnly(const std::string& app_id,
+                                    Profile* profile,
+                                    gfx::NativeWindow parent_window)
+      : WebstoreInstallWithPrompt(
+            app_id,
+            profile,
+            parent_window,
+            extensions::WebstoreStandaloneInstaller::Callback()) {}
+ private:
+  virtual ~WebstoreInstallWithPromptAppsOnly() {}
+  // extensions::WebstoreStandaloneInstaller overrides:
+  virtual void OnManifestParsed() OVERRIDE;
+  DISALLOW_COPY_AND_ASSIGN(WebstoreInstallWithPromptAppsOnly);
+};
+void WebstoreInstallWithPromptAppsOnly::OnManifestParsed() {
+  if (!manifest()->HasKey(extensions::manifest_keys::kApp)) {
+    CompleteInstall(extensions::webstore_install::NOT_PERMITTED,
+                    kInstallChromeAppErrorNotAnApp);
+    return;
+  }
+  ProceedWithInstallPrompt();
+}
 }  // namespace
 namespace install_chrome_app {
@@ -63,12 +102,9 @@ void InstallChromeApp(const std::string& app_id) {
  if (installed_extension)
    return;
-  extensions::WebstoreInstallWithPrompt* installer =
+  WebstoreInstallWithPromptAppsOnly* installer =
-      new extensions::WebstoreInstallWithPrompt(
+      new WebstoreInstallWithPromptAppsOnly(
-          app_id,
+          app_id, browser->profile(), browser->window()->GetNativeWindow());
-          browser->profile(),
-          browser->window()->GetNativeWindow(),
-          extensions::WebstoreStandaloneInstaller::Callback());
  installer->BeginInstall();
 }