Add ContentVerifierDelegate::ShouldBeChecked

All policy-based extensions' files should be checked in some way. It
already works for Chrome Web Store extension, but not yet for
self-hosted ones. This commit adds a way of telling to ContentVerifier
that extension should be checked.

The commit only adds a new delegate method, which is not yet used.

Bug: 958794
Change-Id: I67898ce61c47d9ecc53c0398bfa5e9bdb65373b7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1710327Reviewed-by: Istiaque Ahmed <lazyboy@chromium.org>
Reviewed-by: Nikita Podguzov <nikitapodguzov@google.com>
Commit-Queue: Oleg Davydov <burunduk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#683213}

chrome/browser/extensions/chrome_content_verifier_delegate.cc

@@ -135,6 +135,15 @@ ChromeContentVerifierDelegate::ChromeContentVerifierDelegate(
 ChromeContentVerifierDelegate::~ChromeContentVerifierDelegate() {
 }
 
+bool ChromeContentVerifierDelegate::ShouldBeChecked(
+    const Extension& extension) {
+  // All policy-based extensions should have some checks.
+  return ShouldBeVerified(extension);
+  // TODO(crbug.com/958794): After all preparations enable content checking for
+  // all policy-based extension (even for self-hosted ones):
+  // || Manifest::IsPolicyLocation(extension.location());
+}
+
 bool ChromeContentVerifierDelegate::ShouldBeVerified(
     const Extension& extension) {
   return GetVerifyMode(extension) != NONE;

chrome/browser/extensions/chrome_content_verifier_delegate.h

@@ -55,6 +55,7 @@ class ChromeContentVerifierDelegate : public ContentVerifierDelegate {
   ~ChromeContentVerifierDelegate() override;
 
   // ContentVerifierDelegate:
+  bool ShouldBeChecked(const Extension& extension) override;
   bool ShouldBeVerified(const Extension& extension) override;
   ContentVerifierKey GetPublicKey() override;
   GURL GetSignatureFetchUrl(const std::string& extension_id,

extensions/browser/content_verifier/test_utils.cc

@@ -133,6 +133,10 @@ void TestContentVerifyJobObserver::JobFinished(
 MockContentVerifierDelegate::MockContentVerifierDelegate() = default;
 MockContentVerifierDelegate::~MockContentVerifierDelegate() = default;
 
+bool MockContentVerifierDelegate::ShouldBeChecked(const Extension& extension) {
+  return true;
+}
+
 bool MockContentVerifierDelegate::ShouldBeVerified(const Extension& extension) {
   return true;
 }

extensions/browser/content_verifier/test_utils.h

@@ -111,6 +111,7 @@ class MockContentVerifierDelegate : public ContentVerifierDelegate {
   ~MockContentVerifierDelegate() override;
 
   // ContentVerifierDelegate:
+  bool ShouldBeChecked(const Extension& extension) override;
   bool ShouldBeVerified(const Extension& extension) override;
   ContentVerifierKey GetPublicKey() override;
   GURL GetSignatureFetchUrl(const ExtensionId& extension_id,

extensions/browser/content_verifier_delegate.h

@@ -25,11 +25,18 @@ class ContentVerifierDelegate {
  public:
   virtual ~ContentVerifierDelegate() {}
 
-  // Returns whether or not resources from |extension| should be verified.
+  // Returns true if resources from |extension| should be checked for some
+  // content mismatch at all. Note that differs from ShouldBeVerified, and does
+  // not consider whether |extension| has signed hashes (verified_contents.json)
+  // or not.
+  virtual bool ShouldBeChecked(const Extension& extension) = 0;
+
+  // Returns whether or not resources from |extension| should be verified using
+  // signed hashes data (verified_contents.json). If yes, methods GetPublicKey
+  // and GetSignatureFetchUrl might be used.
   virtual bool ShouldBeVerified(const Extension& extension) = 0;
 
-  // Returns the public key to use for validating signatures via the two out
-  // parameters.
+  // Returns the public key to use for validating signatures.
   virtual ContentVerifierKey GetPublicKey() = 0;
 
   // Returns a URL that can be used to fetch the verified_contents.json