diff options
| author | jstritar@chromium.org <jstritar@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-02-09 00:07:38 +0000 |
|---|---|---|
| committer | jstritar@chromium.org <jstritar@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-02-09 00:07:38 +0000 |
| commit | a446534de1a24cbfe8858a9958dd22383f1b49d1 (patch) | |
| tree | 7fd6623fdf1d7a14f88289330f29eabac67f8ca2 /chrome/browser/chromeos/web_socket_proxy_controller.cc | |
| parent | 2d03c44237c6802ab1695ccb697300542de714ca (diff) | |
| download | chromium_src-a446534de1a24cbfe8858a9958dd22383f1b49d1.zip chromium_src-a446534de1a24cbfe8858a9958dd22383f1b49d1.tar.gz chromium_src-a446534de1a24cbfe8858a9958dd22383f1b49d1.tar.bz2 | |
Add a centralized mechanism for whitelisting access to extension permissions.
This also updates the following permissions to use the whitelist:
- terminalPrivate
- webSocketProxyPrivate
- chromePrivate
- inputMethodPrivate
- chromeAuthPrivate
- webstorePrivate
Includes more tests to verify that Extension loading fails for different permission parameters:
- by extension type
- component only flag
- whitelists
BUG=84211, 111314
TEST=extension unit and browser tests
Review URL: http://codereview.chromium.org/9317013
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@121111 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/chromeos/web_socket_proxy_controller.cc')
| -rw-r--r-- | chrome/browser/chromeos/web_socket_proxy_controller.cc | 85 |
1 files changed, 1 insertions, 84 deletions
diff --git a/chrome/browser/chromeos/web_socket_proxy_controller.cc b/chrome/browser/chromeos/web_socket_proxy_controller.cc index 478e3c2..50d286c 100644 --- a/chrome/browser/chromeos/web_socket_proxy_controller.cc +++ b/chrome/browser/chromeos/web_socket_proxy_controller.cc @@ -32,72 +32,6 @@ namespace { -const char* kAllowedIds[] = { - "haiffjcadagjlijoggckpgfnoeiflnem", - "gnedhmakppccajfpfiihfcdlnpgomkcf", - "fjcibdnjlbfnbfdjneajpipnlcppleek", - "okddffdblfhhnmhodogpojmfkjmhinfp", - "pnhechapfaindjhompbnflcldabbghjo" // HTerm App (SSH Client) -}; - -class OriginValidator { - public: - OriginValidator() { - chromeos::FillWithExtensionsIdsWithPrivateAccess(&allowed_ids_); - CommandLine* command_line = CommandLine::ForCurrentProcess(); - DCHECK(command_line); - std::string allowed_list = - command_line->GetSwitchValueASCII(switches::kAllowWebSocketProxy); - if (!allowed_list.empty()) { - StringTokenizer t(allowed_list, ","); - while (t.GetNext()) { - // It must be either extension id or origin. - if (Extension::IdIsValid(t.token())) { - allowed_ids_.push_back(t.token()); - } else { - // It is not extension id, check if it is an origin. - GURL origin = GURL(t.token()).GetOrigin(); - if (!origin.is_valid()) { - LOG(ERROR) << "Invalid extension id or origin specified via " - << switches::kAllowWebSocketProxy << " switch"; - break; - } - allowed_origins_.push_back(origin.spec()); - if (origin.SchemeIs(chrome::kExtensionScheme)) - allowed_ids_.push_back(origin.host()); - } - } - } - for (size_t i = 0; i < allowed_ids_.size(); ++i) { - allowed_origins_.push_back(Extension::GetBaseURLFromExtensionId( - allowed_ids_[i]).GetOrigin().spec()); - } - std::sort(allowed_ids_.begin(), allowed_ids_.end()); - allowed_ids_.resize(std::unique( - allowed_ids_.begin(), allowed_ids_.end()) - allowed_ids_.begin()); - std::sort(allowed_origins_.begin(), allowed_origins_.end()); - allowed_origins_.resize(std::unique(allowed_origins_.begin(), - allowed_origins_.end()) - allowed_origins_.begin()); - } - - bool CheckCredentials( - const std::string& extension_id, - const std::string& hostname, - unsigned short port, - chromeos::WebSocketProxyController::ConnectionFlags flags) { - return std::binary_search( - allowed_ids_.begin(), allowed_ids_.end(), extension_id); - } - - const std::vector<std::string>& allowed_origins() { return allowed_origins_; } - - private: - std::vector<std::string> allowed_ids_; - std::vector<std::string> allowed_origins_; -}; - -base::LazyInstance<OriginValidator> g_validator = LAZY_INSTANCE_INITIALIZER; - class ProxyLifetime : public net::NetworkChangeNotifier::OnlineStateObserver, public content::NotificationObserver { @@ -145,8 +79,7 @@ class ProxyLifetime void ProxyCallback() { LOG(INFO) << "Attempt to run web socket proxy task"; - chromeos::WebSocketProxy* server = new chromeos::WebSocketProxy( - g_validator.Get().allowed_origins()); + chromeos::WebSocketProxy* server = new chromeos::WebSocketProxy(); { base::AutoLock alk(lock_); if (shutdown_requested_) @@ -193,12 +126,6 @@ base::LazyInstance<ProxyLifetime> g_proxy_lifetime = LAZY_INSTANCE_INITIALIZER; namespace chromeos { -void FillWithExtensionsIdsWithPrivateAccess(std::vector<std::string>* ids) { - ids->clear(); - for (size_t i = 0; i < arraysize(kAllowedIds); ++i) - ids->push_back(kAllowedIds[i]); -} - // static void WebSocketProxyController::Initiate() { g_proxy_lifetime.Get(); @@ -231,14 +158,4 @@ void WebSocketProxyController::Shutdown() { g_proxy_lifetime.Get().web_socket_proxy_thread_.Stop(); } -// static -bool WebSocketProxyController::CheckCredentials( - const std::string& extension_id, - const std::string& hostname, - unsigned short port, - ConnectionFlags flags) { - return g_validator.Get().CheckCredentials( - extension_id, hostname, port, flags); -} - } // namespace chromeos |