Reland r50834

TBR=tony@chromium.org

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50837 0039d316-1c4b-4281-b951-d872f2087c98

7 files changed, 35 insertions, 75 deletions

diff --git a/chrome/browser/extensions/crx_installer.cc b/chrome/browser/extensions/crx_installer.cc
index 3609320..70f8146 100644
--- a/chrome/browser/extensions/crx_installer.cc
+++ b/chrome/browser/extensions/crx_installer.cc
@@ -43,7 +43,7 @@ CrxInstaller::CrxInstaller(const FilePath& install_directory,
       install_source_(Extension::INTERNAL),
       delete_source_(false),
       allow_privilege_increase_(false),
-      force_web_origin_to_download_url_(false),
+      limit_web_extent_to_download_host_(false),
       create_app_shortcut_(false),
       frontend_(frontend),
       client_(client) {
@@ -84,10 +84,6 @@ void CrxInstaller::InstallCrx(const FilePath& source_file) {
           g_browser_process->resource_dispatcher_host(),
           this));
 
-  if (force_web_origin_to_download_url_) {
-    unpacker->set_web_origin(original_url_.GetOrigin());
-  }
-
   ChromeThread::PostTask(
       ChromeThread::FILE, FROM_HERE,
       NewRunnableMethod(
@@ -164,6 +160,22 @@ void CrxInstaller::OnUnpackSuccess(const FilePath& temp_dir,
     return;
   }
 
+  // Require that apps are served from the domain they claim in their extent,
+  // or some ancestor domain.
+  if (extension_->is_app() && limit_web_extent_to_download_host_) {
+    URLPattern pattern;
+    pattern.set_host(original_url_.host());
+    pattern.set_match_subdomains(true);
+
+    for (size_t i = 0; i < extension_->web_extent().patterns().size(); ++i) {
+      if (!pattern.MatchesHost(extension_->web_extent().patterns()[i].host())) {
+        ReportFailureFromFileThread(StringPrintf(
+            "Apps must be served from the host that they affect."));
+        return;
+      }
+    }
+  }
+
   if (client_ || extension_->GetFullLaunchURL().is_valid()) {
     Extension::DecodeIcon(extension_.get(), Extension::EXTENSION_ICON_LARGE,
                           &install_icon_);
@@ -185,13 +197,11 @@ void CrxInstaller::ConfirmInstall() {
 
   GURL overlapping_url;
   Extension* overlapping_extension =
-      frontend_->GetExtensionByOverlappingWebExtent(
-          extension_->web_extent(), &overlapping_url);
+      frontend_->GetExtensionByOverlappingWebExtent(extension_->web_extent());
   if (overlapping_extension) {
     ReportFailureFromUIThread(l10n_util::GetStringFUTF8(
         IDS_EXTENSION_OVERLAPPING_WEB_EXTENT,
-        UTF8ToUTF16(overlapping_extension->name()),
-        UTF8ToUTF16(overlapping_url.spec())));
+        UTF8ToUTF16(overlapping_extension->name())));
     return;
   }
 
diff --git a/chrome/browser/extensions/crx_installer.h b/chrome/browser/extensions/crx_installer.h
index d64f668..905a3f2 100644
--- a/chrome/browser/extensions/crx_installer.h
+++ b/chrome/browser/extensions/crx_installer.h
@@ -83,11 +83,11 @@ class CrxInstaller
     allow_privilege_increase_ = val;
   }
 
-  bool force_web_origin_to_download_url() const {
-    return force_web_origin_to_download_url_;
+  bool limit_web_extent_to_download_host() const {
+    return limit_web_extent_to_download_host_;
   }
-  void set_force_web_origin_to_download_url(bool val) {
-    force_web_origin_to_download_url_ = val;
+  void set_limit_web_extent_to_download_host(bool val) {
+    limit_web_extent_to_download_host_ = val;
   }
 
  private:
@@ -151,11 +151,9 @@ class CrxInstaller
   // either. Defaults to false.
   bool allow_privilege_increase_;
 
-  // If true and the installed extension uses web content, the web origin will
-  // be forced to the origin of |original_url_|. Defaults to false. This is used
-  // for non-gallery installs, where we don't trust the origin given in the
-  // manifest.
-  bool force_web_origin_to_download_url_;
+  // Limits the web extent to the app being installed to the host of the
+  // download URL. If the crx being installed is not an app, this is a no-op.
+  bool limit_web_extent_to_download_host_;
 
   // Whether to create an app shortcut after successful installation. This is
   // set based on the user's selection in the UI and can only ever be true for
diff --git a/chrome/browser/extensions/extensions_service.cc b/chrome/browser/extensions/extensions_service.cc
index a416f17..108a214 100644
--- a/chrome/browser/extensions/extensions_service.cc
+++ b/chrome/browser/extensions/extensions_service.cc
@@ -264,7 +264,7 @@ void ExtensionsService::UpdateExtension(const std::string& id,
                        client));
   installer->set_expected_id(id);
   installer->set_delete_source(true);
-  installer->set_force_web_origin_to_download_url(true);
+  installer->set_limit_web_extent_to_download_host(true);
   installer->set_original_url(download_url);
   installer->InstallCrx(extension_path);
 }
@@ -984,16 +984,8 @@ Extension* ExtensionsService::GetExtensionByWebExtent(const GURL& url) {
 }
 
 Extension* ExtensionsService::GetExtensionByOverlappingWebExtent(
-    const ExtensionExtent& extent, GURL* overlapping_url) {
-  for (size_t i = 0; i < extensions_.size(); ++i) {
-    for (size_t j = 0; j < extent.paths().size(); ++j) {
-      GURL url(extent.origin().Resolve(extent.paths()[j]));
-      if (extensions_[i]->web_extent().ContainsURL(url)) {
-        *overlapping_url = url;
-        return extensions_[i];
-      }
-    }
-  }
+    const ExtensionExtent& extent) {
+  // TODO(aa): Make this work for the new extents. http://crbug.com/47445.
   return NULL;
 }
 
diff --git a/chrome/browser/extensions/extensions_service.h b/chrome/browser/extensions/extensions_service.h
index f019630..a5725ef 100644
--- a/chrome/browser/extensions/extensions_service.h
+++ b/chrome/browser/extensions/extensions_service.h
@@ -269,10 +269,8 @@ class ExtensionsService
   Extension* GetExtensionByWebExtent(const GURL& url);
 
   // Returns an extension that contains any URL that overlaps with the given
-  // extent, if one exists. Also fills |overlapping_url| with the first URL that
-  // overlaps.
-  Extension* GetExtensionByOverlappingWebExtent(const ExtensionExtent& extent,
-                                                GURL* overlapping_url);
+  // extent, if one exists.
+  Extension* GetExtensionByOverlappingWebExtent(const ExtensionExtent& extent);
 
   // Clear all ExternalExtensionProviders.
   void ClearProvidersForTesting();
diff --git a/chrome/browser/extensions/extensions_service_unittest.cc b/chrome/browser/extensions/extensions_service_unittest.cc
index cc50bab..5618648 100644
--- a/chrome/browser/extensions/extensions_service_unittest.cc
+++ b/chrome/browser/extensions/extensions_service_unittest.cc
@@ -1034,8 +1034,9 @@ TEST_F(ExtensionsServiceTest, InstallApps) {
   ValidatePrefKeyCount(++pref_count);
 
   // A third app whose extent overlaps the first. Should fail.
-  PackAndInstallExtension(extensions_path.AppendASCII("app3"), false);
-  ValidatePrefKeyCount(pref_count);
+  // TODO(aa): bring this back when overlap is fixed. http://crbug.com/47445.
+  // PackAndInstallExtension(extensions_path.AppendASCII("app3"), false);
+  // ValidatePrefKeyCount(pref_count);
 }
 
 // Test that when an extension version is reinstalled, nothing happens.
diff --git a/chrome/browser/extensions/sandboxed_extension_unpacker.cc b/chrome/browser/extensions/sandboxed_extension_unpacker.cc
index ab72325..eda5e3f 100644
--- a/chrome/browser/extensions/sandboxed_extension_unpacker.cc
+++ b/chrome/browser/extensions/sandboxed_extension_unpacker.cc
@@ -34,8 +34,7 @@ SandboxedExtensionUnpacker::SandboxedExtensionUnpacker(
     SandboxedExtensionUnpackerClient* client)
     : crx_path_(crx_path), temp_path_(temp_path),
       thread_identifier_(ChromeThread::ID_COUNT),
-      rdh_(rdh), client_(client), got_response_(false),
-      force_web_origin_override_(false) {
+      rdh_(rdh), client_(client), got_response_(false) {
 }
 
 void SandboxedExtensionUnpacker::Start() {
@@ -276,29 +275,6 @@ DictionaryValue* SandboxedExtensionUnpacker::RewriteManifestFile(
       static_cast<DictionaryValue*>(manifest.DeepCopy()));
   final_manifest->SetString(extension_manifest_keys::kPublicKey, public_key_);
 
-  if (final_manifest->HasKey(extension_manifest_keys::kApp)) {
-    bool has_web_origin =
-        final_manifest->Get(extension_manifest_keys::kWebOrigin, NULL);
-    if (force_web_origin_override_) {
-      if (has_web_origin) {
-        ReportFailure("Error: untrusted extension should have no web_origin.");
-        return NULL;
-      }
-      if (!web_origin_override_.is_valid() ||
-          web_origin_override_.SchemeIsFile()) {
-        ReportFailure(
-            "Error: untrusted extension has an invalid download origin.");
-        return NULL;
-      }
-
-      final_manifest->SetString(extension_manifest_keys::kWebOrigin,
-                                web_origin_override_.spec());
-    } else if (!has_web_origin) {
-      ReportFailure("Error: trusted extension should have a web_origin.");
-      return NULL;
-    }
-  }
-
   std::string manifest_json;
   JSONStringValueSerializer serializer(&manifest_json);
   serializer.set_pretty_print(true);
diff --git a/chrome/browser/extensions/sandboxed_extension_unpacker.h b/chrome/browser/extensions/sandboxed_extension_unpacker.h
index 4c89082..60d02a9 100644
--- a/chrome/browser/extensions/sandboxed_extension_unpacker.h
+++ b/chrome/browser/extensions/sandboxed_extension_unpacker.h
@@ -97,12 +97,6 @@ class SandboxedExtensionUnpacker : public UtilityProcessHost::Client {
                              ResourceDispatcherHost* rdh,
                              SandboxedExtensionUnpackerClient* cilent);
 
-  const GURL& web_origin() const { return web_origin_override_; }
-  void set_web_origin(const GURL& val) {
-    web_origin_override_ = val;
-    force_web_origin_override_ = true;
-  }
-
   // Start unpacking the extension. The client is called with the results.
   void Start();
 
@@ -173,15 +167,6 @@ class SandboxedExtensionUnpacker : public UtilityProcessHost::Client {
 
   // The public key that was extracted from the CRX header.
   std::string public_key_;
-
-  // If the app uses web content, its origin will be set to this value. This is
-  // used when an app is self-hosted. The only valid origin is the origin it is
-  // served from.
-  GURL web_origin_override_;
-
-  // If true, we require the web_origin field to be empty in the manifest.
-  // Instead, we use the one given in web_origin_override_. Defaults to false.
-  bool force_web_origin_override_;
 };
 
 #endif  // CHROME_BROWSER_EXTENSIONS_SANDBOXED_EXTENSION_UNPACKER_H_