Make extension file URL access opt-in.

This corrects an issue causing file URL access to default on for <all_urls> and file:/// permissions. We also revert all extension's "allow file access" flags to false since we can't distinguish between extensions that were installed with the bug present and those where the user clicked allow file access.

BUG=91577
TEST=ExtensionServiceTest.DefaultFileAccess

Review URL: http://codereview.chromium.org/7574017

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@96041 0039d316-1c4b-4281-b951-d872f2087c98

chrome/browser/extensions/extension_prefs.cc

@@ -74,7 +74,11 @@ const char kPrefIncognitoEnabled[] = "incognito";
 
 // A preference to control whether an extension is allowed to inject script in
 // pages with file URLs.
-const char kPrefAllowFileAccess[] = "allowFileAccess";
+const char kPrefAllowFileAccess[] = "newAllowFileAccess";
+// TODO(jstritar): As part of fixing http://crbug.com/91577, we revoked all
+// extension file access by renaming the pref. We should eventually clean up
+// the old flag and possibly go back to that name.
+// const char kPrefAllowFileAccessOld[] = "allowFileAccess";
 
 // A preference set by the web store to indicate login information for
 // purchased apps.

chrome/browser/extensions/extension_service.cc

@@ -2207,7 +2207,7 @@ void ExtensionService::OnExtensionInstalled(
 
   // Unpacked extensions default to allowing file access, but if that has been
   // overridden, don't reset the value.
-  if (Extension::ShouldAlwaysAllowFileAccess(Extension::LOAD) &&
+  if (Extension::ShouldAlwaysAllowFileAccess(extension->location()) &&
       !extension_prefs_->HasAllowFileAccessSetting(id)) {
     extension_prefs_->SetAllowFileAccess(id, true);
   }

chrome/browser/extensions/extension_service_unittest.cc

@@ -1756,6 +1756,18 @@ TEST_F(ExtensionServiceTest, InstallApps) {
   ValidatePrefKeyCount(pref_count);
 }
 
+// Tests that file access is OFF by default.
+TEST_F(ExtensionServiceTest, DefaultFileAccess) {
+  InitializeEmptyExtensionService();
+  PackAndInstallCrx(data_dir_.AppendASCII("permissions").AppendASCII("files"),
+                    true);
+
+  EXPECT_EQ(0u, GetErrors().size());
+  EXPECT_EQ(1u, service_->extensions()->size());
+  std::string id = service_->extensions()->at(0)->id();
+  EXPECT_FALSE(service_->extension_prefs()->AllowFileAccess(id));
+}
+
 TEST_F(ExtensionServiceTest, UpdateApps) {
   InitializeEmptyExtensionService();
   FilePath extensions_path = data_dir_.AppendASCII("app_update");

chrome/test/data/extensions/good/Preferences

@@ -10,7 +10,7 @@
               "host": ["file://*", "http://*.google.com/*", "https://*.google.com/*", "http://*.news.com/*"]
             },
             "state": 1,
-            "allowFileAccess": true,
+            "newAllowFileAccess": true,
             "manifest": {
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDuUZGKCDbff6IRaxa4Pue7PPkxwPaNhGT3JEqppEsNWFjM80imEdqMbf3lrWqEfaHgaNku7nlpwPO1mu3/4Hr+XdNa5MhfnOnuPee4hyTLwOs3Vzz81wpbdzUxZSi2OmqMyI5oTaBYICfNHLwcuc65N5dbt6WKGeKgTpp4v7j7zwIDAQAB",
               "version": "1.0.0.0",

chrome/test/data/extensions/permissions/files/manifest.json

+{
+  "name": "file access extension",
+  "version": "1",
+  "permissions": ["file:///*"]
+}