Add some browser-level checks to prohibit access to extension bindings by

non-extension renderers.  Also add a check so that bindings are only exposed
if the top-level frame is the chrome-extension scheme.

BUG=11545
BUG=11993
TEST=none
Review URL: http://codereview.chromium.org/119014

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@17408 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 8 insertions, 0 deletions

diff --git a/chrome/browser/child_process_security_policy.h b/chrome/browser/child_process_security_policy.h
index ae1eb41..22db422 100644
--- a/chrome/browser/child_process_security_policy.h
+++ b/chrome/browser/child_process_security_policy.h
@@ -78,6 +78,9 @@ class ChildProcessSecurityPolicy {
   // Grant this renderer the ability to use DOM UI Bindings.
   void GrantDOMUIBindings(int renderer_id);
 
+  // Grant this renderer the ability to use extension Bindings.
+  void GrantExtensionBindings(int renderer_id);
+
   // Before servicing a renderer's request for a URL, the browser should call
   // this method to determine whether the renderer has the capability to
   // request the URL.
@@ -93,6 +96,11 @@ class ChildProcessSecurityPolicy {
   // allowed to use DOMUIBindings.
   bool HasDOMUIBindings(int renderer_id);
 
+  // Returns true of the specified renderer_id has been granted DOMUIBindings.
+  // The browser should check this property before assuming the renderer is
+  // allowed to use extension bindings.
+  bool HasExtensionBindings(int renderer_id);
+
  private:
   friend class ChildProcessSecurityPolicyInProcessBrowserTest;
   FRIEND_TEST(ChildProcessSecurityPolicyInProcessBrowserTest, NoLeak);