Only allow installation of extensions/apps with gallery update url via download from gallery

BUG=45542
TEST=NONE

Review URL: http://codereview.chromium.org/2855009

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50333 0039d316-1c4b-4281-b951-d872f2087c98

14 files changed, 53 insertions, 30 deletions

diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd
index 41bc30d..1e4a033 100644
--- a/chrome/app/generated_resources.grd
+++ b/chrome/app/generated_resources.grd
@@ -3373,6 +3373,9 @@ each locale. -->
       <message name="IDS_EXTENSION_DIRECTORY_NO_EXISTS" desc="Warning displayed in pack dialog when the extension directory does not exist.">
         Input directory must exist.
       </message>
+      <message name="IDS_EXTENSION_DISALLOW_NON_DOWNLOADED_GALLERY_INSTALLS" desc="Error displayed when an extension that has an update URL used by the gallery is installed when not directly downloaded from the gallery.">
+        This package can only be installed from the <ph name="CHROME_WEB_STORE">$1<ex>Chrome Web Store</ex></ph>.
+      </message>
       <message name="IDS_EXTENSION_PRIVATE_KEY_INVALID_PATH" desc="Warning displayed in pack dialog when the private key must be a valid path.">
         Input value for private key must be a valid path.
       </message>
@@ -3627,6 +3630,9 @@ Keep your key file in a safe place. You will need it to create new versions of y
       <message name="IDS_EXTENSION_PROMPT_ENABLE_INCOGNITO_BUTTON" desc="Text for the allow button on the extension run-in-incognito prompt">
         Allow
       </message>
+      <message name="IDS_EXTENSION_WEB_STORE_TITLE" desc="Text for the Chrome Web Store">
+        Chrome Web Store
+      </message>
 
       <!-- chrome://plugins page -->
       <message name="IDS_PLUGINS_TITLE" desc="Title for the chrome://plugins page.">
diff --git a/chrome/browser/dom_ui/app_launcher_handler.cc b/chrome/browser/dom_ui/app_launcher_handler.cc
index 31384cb..12c23c2 100644
--- a/chrome/browser/dom_ui/app_launcher_handler.cc
+++ b/chrome/browser/dom_ui/app_launcher_handler.cc
@@ -5,6 +5,7 @@
 #include "chrome/browser/dom_ui/app_launcher_handler.h"
 
 #include "app/animation.h"
+#include "app/l10n_util.h"
 #include "app/resource_bundle.h"
 #include "base/base64.h"
 #include "base/utf_string_conversions.h"
@@ -16,12 +17,14 @@
 #include "chrome/browser/platform_util.h"
 #include "chrome/browser/tab_contents/tab_contents.h"
 #include "chrome/common/chrome_switches.h"
+#include "chrome/common/extensions/extension.h"
 #include "chrome/common/extensions/extension_resource.h"
 #include "chrome/common/notification_service.h"
 #include "chrome/common/notification_type.h"
 #include "chrome/common/url_constants.h"
 #include "gfx/rect.h"
 #include "grit/browser_resources.h"
+#include "grit/generated_resources.h"
 
 namespace {
 
@@ -95,20 +98,15 @@ void AppLauncherHandler::CreateAppInfo(Extension* extension,
 }
 
 void AppLauncherHandler::HandleGetApps(const Value* value) {
-  std::string gallery_title;
-  std::string gallery_url;
-
-  // TODO(aa): Decide the final values for these and remove the switches.
-  gallery_title = CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
-      switches::kAppsGalleryTitle);
-  gallery_url = CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
-      switches::kAppsGalleryURL);
+  std::string gallery_title =
+      l10n_util::GetStringUTF8(IDS_EXTENSION_WEB_STORE_TITLE);
+
   bool show_debug_link = CommandLine::ForCurrentProcess()->HasSwitch(
       switches::kAppsDebug);
 
   DictionaryValue dictionary;
   dictionary.SetString(L"galleryTitle", gallery_title);
-  dictionary.SetString(L"galleryURL", gallery_url);
+  dictionary.SetString(L"galleryURL", Extension::ChromeStoreURL());
   dictionary.SetBoolean(L"showDebugLink", show_debug_link);
 
   ListValue* list = new ListValue();
diff --git a/chrome/browser/extensions/crx_installer.cc b/chrome/browser/extensions/crx_installer.cc
index e5bed66..61b67f8 100644
--- a/chrome/browser/extensions/crx_installer.cc
+++ b/chrome/browser/extensions/crx_installer.cc
@@ -20,6 +20,7 @@
 #include "chrome/browser/web_applications/web_app.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/extensions/extension_file_util.h"
+#include "chrome/common/extensions/extension_constants.h"
 #include "chrome/common/notification_service.h"
 #include "chrome/common/notification_type.h"
 #include "grit/browser_resources.h"
@@ -135,6 +136,17 @@ void CrxInstaller::OnUnpackSuccess(const FilePath& temp_dir,
   // the temp dir.
   unpacked_extension_root_ = extension_dir;
 
+  // Only allow extensions with a gallery update url to be installed after
+  // having been directly downloaded from the gallery.
+  if (extension->update_url() == GURL(extension_urls::kGalleryUpdateURL) &&
+      !StartsWithASCII(original_url_.spec(),
+          extension_urls::kGalleryDownloadPrefix, false)) {
+    ReportFailureFromUIThread(l10n_util::GetStringFUTF8(
+        IDS_EXTENSION_DISALLOW_NON_DOWNLOADED_GALLERY_INSTALLS,
+        l10n_util::GetStringUTF16(IDS_EXTENSION_WEB_STORE_TITLE)));
+    return;
+  }
+
   // Determine whether to allow installation. We always allow themes and
   // external installs.
   if (!extensions_enabled_ && !extension->is_theme() &&
diff --git a/chrome/browser/extensions/extension_updater.cc b/chrome/browser/extensions/extension_updater.cc
index 781a200..9c428e3 100644
--- a/chrome/browser/extensions/extension_updater.cc
+++ b/chrome/browser/extensions/extension_updater.cc
@@ -26,6 +26,7 @@
 #include "chrome/browser/utility_process_host.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/extensions/extension.h"
+#include "chrome/common/extensions/extension_constants.h"
 #include "chrome/common/pref_names.h"
 #include "googleurl/src/gurl.h"
 #include "net/base/escape.h"
@@ -46,11 +47,6 @@ using prefs::kExtensionBlacklistUpdateVersion;
 using prefs::kLastExtensionsUpdateCheck;
 using prefs::kNextExtensionsUpdateCheck;
 
-// The default URL to fall back to if an extension doesn't have an
-// update URL.
-const char kDefaultUpdateURL[] =
-    "http://clients2.google.com/service/update2/crx";
-
 // NOTE: HTTPS is used here to ensure the response from omaha can be trusted.
 // The response contains a url for fetching the blacklist and a hash value
 // for validation.
@@ -241,7 +237,7 @@ void ManifestFetchesBuilder::AddExtensionData(
   } else if (update_url.is_empty()) {
     url_stats_.no_url_count++;
     // Fill in default update URL.
-    update_url = GURL(kDefaultUpdateURL);
+    update_url = GURL(extension_urls::kGalleryUpdateURL);
   } else {
     url_stats_.other_url_count++;
   }
diff --git a/chrome/browser/extensions/extensions_service.cc b/chrome/browser/extensions/extensions_service.cc
index 57ef3e2..99dcd9c 100644
--- a/chrome/browser/extensions/extensions_service.cc
+++ b/chrome/browser/extensions/extensions_service.cc
@@ -104,7 +104,7 @@ bool ExtensionsService::IsDownloadFromGallery(const GURL& download_url,
   if (StartsWithASCII(download_url.spec(),
                       extension_urls::kGalleryDownloadPrefix, false) &&
       StartsWithASCII(referrer_url.spec(),
-                      extension_urls::kGalleryBrowsePrefix, false)) {
+                      Extension::ChromeStoreURL(), false)) {
     return true;
   }
 
diff --git a/chrome/browser/extensions/extensions_ui.cc b/chrome/browser/extensions/extensions_ui.cc
index 5cd3711..9ad2e78 100644
--- a/chrome/browser/extensions/extensions_ui.cc
+++ b/chrome/browser/extensions/extensions_ui.cc
@@ -33,7 +33,6 @@
 #include "chrome/browser/tab_contents/tab_contents_view.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/extensions/extension.h"
-#include "chrome/common/extensions/extension_constants.h"
 #include "chrome/common/extensions/user_script.h"
 #include "chrome/common/extensions/url_pattern.h"
 #include "chrome/common/jstemplate_builder.h"
@@ -100,12 +99,12 @@ void ExtensionsUIHTMLSource::StartDataRequest(const std::string& path,
       l10n_util::GetStringF(IDS_EXTENSIONS_NONE_INSTALLED_SUGGEST_GALLERY,
           std::wstring(L"<a href='") +
           ASCIIToWide(google_util::AppendGoogleLocaleParam(
-              GURL(extension_urls::kGalleryBrowsePrefix)).spec()) + L"'>",
+              GURL(Extension::ChromeStoreURL())).spec()) + L"'>",
           L"</a>"));
   localized_strings.SetString(L"getMoreExtensions",
       std::wstring(L"<a href='") +
           ASCIIToWide(google_util::AppendGoogleLocaleParam(
-              GURL(extension_urls::kGalleryBrowsePrefix)).spec()) + L"'>" +
+              GURL(Extension::ChromeStoreURL())).spec()) + L"'>" +
           l10n_util::GetString(IDS_GET_MORE_EXTENSIONS) +
           L"</a>");
   localized_strings.SetString(L"extensionDisabled",
diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc
index da839ae..ace6106 100644
--- a/chrome/common/chrome_switches.cc
+++ b/chrome/common/chrome_switches.cc
@@ -43,9 +43,6 @@ const char kAppLaunchAsPanel[]              = "app-launch-as-panel";
 // Makes the app launcher popup when a new tab is created.
 const char kAppsPanel[]                     = "apps-panel";
 
-// The title to use for the gallery link in the app launcher.
-const char kAppsGalleryTitle[]              = "apps-gallery-title";
-
 // The URL to use for the gallery link in the app launcher.
 const char kAppsGalleryURL[]                = "apps-gallery-url";
 
diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h
index 3144673..3f42f68 100644
--- a/chrome/common/chrome_switches.h
+++ b/chrome/common/chrome_switches.h
@@ -28,7 +28,6 @@ extern const char kAppId[];
 extern const char kAppLaunchAsPanel[];
 extern const char kAppsDebug[];
 extern const char kAppsPanel[];
-extern const char kAppsGalleryTitle[];
 extern const char kAppsGalleryURL[];
 extern const char kAppsNoThrob[];
 extern const char kAuthServerWhitelist[];
diff --git a/chrome/common/extensions/extension.cc b/chrome/common/extensions/extension.cc
index d2b3d3b..7f7c1bb 100644
--- a/chrome/common/extensions/extension.cc
+++ b/chrome/common/extensions/extension.cc
@@ -1467,12 +1467,20 @@ bool Extension::InitFromValue(const DictionaryValue& source, bool require_key,
   return true;
 }
 
+// static
+std::string Extension::ChromeStoreURL() {
+  std::string gallery_prefix = extension_urls::kGalleryBrowsePrefix;
+  if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kAppsGalleryURL))
+    gallery_prefix = CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
+        switches::kAppsGalleryURL);
+  return gallery_prefix;
+}
+
 GURL Extension::GalleryUrl() const {
   if (!update_url_.DomainIs("google.com"))
     return GURL();
 
-  GURL url(std::string(extension_urls::kGalleryBrowsePrefix) +
-           std::string("/detail/") + id_);
+  GURL url(ChromeStoreURL() + std::string("/detail/") + id_);
 
   return url;
 }
@@ -1620,7 +1628,7 @@ bool Extension::CanExecuteScriptOnHost(const GURL& url,
                                        std::string* error) const {
   // No extensions are allowed to execute script on the gallery because that
   // would allow extensions to manipulate their own install pages.
-  if (url.host() == GURL(extension_urls::kGalleryBrowsePrefix).host()) {
+  if (url.host() == GURL(ChromeStoreURL()).host()) {
     if (error)
       *error = errors::kCannotScriptGallery;
     return false;
diff --git a/chrome/common/extensions/extension.h b/chrome/common/extensions/extension.h
index 512c7c0..08654ef 100644
--- a/chrome/common/extensions/extension.h
+++ b/chrome/common/extensions/extension.h
@@ -213,6 +213,10 @@ class Extension {
   // it was explictly turned on via a command line switch).
   static bool AppsAreEnabled();
 
+  // Returns the url prefix for the extension/apps gallery. Can be set via the
+  // --apps-gallery-url switch.
+  static std::string ChromeStoreURL();
+
   // Initialize the extension from a parsed manifest.
   // Usually, the id of an extension is generated by the "key" property of
   // its manifest, but if |require_key| is |false|, a temporary ID will be
diff --git a/chrome/common/extensions/extension_constants.cc b/chrome/common/extensions/extension_constants.cc
index be58611..f80c7e6 100644
--- a/chrome/common/extensions/extension_constants.cc
+++ b/chrome/common/extensions/extension_constants.cc
@@ -254,6 +254,8 @@ namespace extension_urls {
 const char* kGalleryBrowsePrefix = "https://chrome.google.com/extensions";
 const char* kGalleryDownloadPrefix =
     "https://clients2.googleusercontent.com/crx/download";
+const char* kGalleryUpdateURL =
+    "http://clients2.google.com/service/update2/crx";
 const char* kMiniGalleryBrowsePrefix = "https://tools.google.com/chrome/";
 const char* kMiniGalleryDownloadPrefix = "https://dl-ssl.google.com/chrome/";
 }
diff --git a/chrome/common/extensions/extension_constants.h b/chrome/common/extensions/extension_constants.h
index c515c72..46082c8 100644
--- a/chrome/common/extensions/extension_constants.h
+++ b/chrome/common/extensions/extension_constants.h
@@ -172,6 +172,9 @@ namespace extension_urls {
   extern const char* kGalleryBrowsePrefix;
   extern const char* kGalleryDownloadPrefix;
 
+  // The update url used by gallery/webstore extensions.
+  extern const char* kGalleryUpdateURL;
+
   // Same thing for the "minigallery". The minigallery is the temporary static
   // themes gallery that we put up when we launched themes.
   extern const char* kMiniGalleryBrowsePrefix;
diff --git a/chrome/renderer/render_view.cc b/chrome/renderer/render_view.cc
index a8d5ab2..869065a 100755
--- a/chrome/renderer/render_view.cc
+++ b/chrome/renderer/render_view.cc
@@ -29,7 +29,7 @@
 #include "chrome/common/chrome_constants.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
-#include "chrome/common/extensions/extension_constants.h"
+#include "chrome/common/extensions/extension.h"
 #include "chrome/common/jstemplate_builder.h"
 #include "chrome/common/page_zoom.h"
 #include "chrome/common/pepper_plugin_registry.h"
@@ -4930,7 +4930,7 @@ void RenderView::ExecuteCodeImpl(WebFrame* frame,
                                  const ViewMsg_ExecuteCode_Params& params) {
   // Don't execute scripts in gallery pages.
   GURL frame_url = GURL(frame->url());
-  if (frame_url.host() == GURL(extension_urls::kGalleryBrowsePrefix).host()) {
+  if (frame_url.host() == GURL(Extension::ChromeStoreURL()).host()) {
     Send(new ViewMsg_ExecuteCodeFinished(routing_id_, params.request_id, true));
     return;
   }
diff --git a/chrome/renderer/user_script_slave.cc b/chrome/renderer/user_script_slave.cc
index 4015484..11ad1f2 100644
--- a/chrome/renderer/user_script_slave.cc
+++ b/chrome/renderer/user_script_slave.cc
@@ -14,7 +14,6 @@
 #include "base/string_util.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/extensions/extension.h"
-#include "chrome/common/extensions/extension_constants.h"
 #include "chrome/renderer/extension_groups.h"
 #include "chrome/renderer/render_thread.h"
 #include "googleurl/src/gurl.h"
@@ -151,7 +150,7 @@ bool UserScriptSlave::InjectScripts(WebFrame* frame,
 
   // Don't inject user scripts into the gallery itself.  This prevents
   // a user script from removing the "report abuse" link, for example.
-  if (frame_url.host() == GURL(extension_urls::kGalleryBrowsePrefix).host())
+  if (frame_url.host() == GURL(Extension::ChromeStoreURL()).host())
     return true;
 
   PerfTimer timer;