diff options
| author | skerner@chromium.org <skerner@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-30 16:16:18 +0000 |
|---|---|---|
| committer | skerner@chromium.org <skerner@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-30 16:16:18 +0000 |
| commit | e4f976498a9a229633529c8468209e6877da0472 (patch) | |
| tree | 32d9b1368d7e85e894324b31a2bd495f00ffb18e | |
| parent | 80bebf48af21c4470b0732919df363f5ba8e52ab (diff) | |
| download | chromium_src-e4f976498a9a229633529c8468209e6877da0472.zip chromium_src-e4f976498a9a229633529c8468209e6877da0472.tar.gz chromium_src-e4f976498a9a229633529c8468209e6877da0472.tar.bz2 | |
Give a better error when extension unpacking can't be done.
The sandbox can not allow file access to paths that contain reparse points. Chrome tries to find a reparse point free path to the directory which will be sandboxed for extension unpacking. However, there are cases where there is no such path. See the bug for an example. In this case, give a decent error message.
BUG=49530
TEST=Manually created a partition mounted in C:/mnt, mounted as drive letter, and mounted only under /Devices/HardDisk3/, tried unpacking extensions in each.
Review URL: http://codereview.chromium.org/3060026
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@54327 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | base/file_util_win.cc | 7 | ||||
| -rw-r--r-- | chrome/browser/extensions/sandboxed_extension_unpacker.cc | 45 |
2 files changed, 33 insertions, 19 deletions
diff --git a/base/file_util_win.cc b/base/file_util_win.cc index b6a741b..2181516 100644 --- a/base/file_util_win.cc +++ b/base/file_util_win.cc @@ -59,9 +59,10 @@ bool DevicePathToDriveLetterPath(const FilePath& device_path, while(*drive_map_ptr++); } - // No drive matched. The path does not start with a device junction. - *drive_letter_path = device_path; - return true; + // No drive matched. The path does not start with a device junction + // that is mounted as a drive letter. This means there is no drive + // letter path to the volume that holds |device_path|, so fail. + return false; } } // namespace diff --git a/chrome/browser/extensions/sandboxed_extension_unpacker.cc b/chrome/browser/extensions/sandboxed_extension_unpacker.cc index 2de1c09..a564d11 100644 --- a/chrome/browser/extensions/sandboxed_extension_unpacker.cc +++ b/chrome/browser/extensions/sandboxed_extension_unpacker.cc @@ -63,20 +63,6 @@ void SandboxedExtensionUnpacker::Start() { return; } - // The utility process will have access to the directory passed to - // SandboxedExtensionUnpacker. That directory should not contain a - // symlink or NTFS junction, because when the path is used, following - // the link will cause file system access outside the sandbox path. - FilePath normalized_crx_path; - if (!file_util::NormalizeFilePath(temp_crx_path, &normalized_crx_path)) { - LOG(ERROR) << "Could not get the normalized path of " - << temp_crx_path.value(); - normalized_crx_path = temp_crx_path; - } else { - LOG(INFO) << "RealFilePath: from " << temp_crx_path.value() - << " to " << normalized_crx_path.value(); - } - // If we are supposed to use a subprocess, kick off the subprocess. // // TODO(asargent) we shouldn't need to do this branch here - instead @@ -84,15 +70,42 @@ void SandboxedExtensionUnpacker::Start() { bool use_utility_process = rdh_ && !CommandLine::ForCurrentProcess()->HasSwitch(switches::kSingleProcess); if (use_utility_process) { + // The utility process will have access to the directory passed to + // SandboxedExtensionUnpacker. That directory should not contain a + // symlink or NTFS reparse point. When the path is used, following + // the link/reparse point will cause file system access outside the + // sandbox path, and the sandbox will deny the operation. + FilePath link_free_crx_path; + if (!file_util::NormalizeFilePath(temp_crx_path, &link_free_crx_path)) { + LOG(ERROR) << "Could not get the normalized path of " + << temp_crx_path.value(); +#if defined (OS_WIN) + // On windows, it is possible to mount a disk without the root of that + // disk having a drive letter. The sandbox does not support this. + // See crbug/49530 . + ReportFailure( + "Can not unpack extension. To safely unpack an extension, " + "there must be a path to your profile directory that starts " + "with a drive letter and does not contain a junction, mount " + "point, or symlink. No such path exists for your profile."); +#else + ReportFailure( + "Can not unpack extension. To safely unpack an extension, " + "there must be a path to your profile directory that does " + "not contain a symlink. No such path exists for your profile."); +#endif + return; + } + ChromeThread::PostTask( ChromeThread::IO, FROM_HERE, NewRunnableMethod( this, &SandboxedExtensionUnpacker::StartProcessOnIOThread, - normalized_crx_path)); + link_free_crx_path)); } else { // Otherwise, unpack the extension in this process. - ExtensionUnpacker unpacker(normalized_crx_path); + ExtensionUnpacker unpacker(temp_crx_path); if (unpacker.Run() && unpacker.DumpImagesToFile() && unpacker.DumpMessageCatalogsToFile()) { OnUnpackExtensionSucceeded(*unpacker.parsed_manifest()); |