Add a whitelist check for nacl-nonsfi mode

Also add an explicit check for whitelisting pepper/nacl
permissions based on importing a shared module, so a shared
module can potentially limit allowing import of its resources
and permissions its allowed.

You can still use nonsfi mode for Linux or ChromeOS by
passing in --enable-nacl-nonsfi-mode, but it is on for a
whitelisted set of extensions for ChromeOS without flags.

BUG=355141
TEST=deploy_chrome to daisy, test app which includes whitelisted module

Review URL: https://codereview.chromium.org/264923011

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@269626 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 134 insertions, 0 deletions

diff --git a/chrome/common/pepper_permission_util_unittest.cc b/chrome/common/pepper_permission_util_unittest.cc
new file mode 100644
index 0000000..32b3b05
--- /dev/null
+++ b/chrome/common/pepper_permission_util_unittest.cc
@@ -0,0 +1,134 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/common/pepper_permission_util.h"
+
+#include <set>
+#include <string>
+
+#include "chrome/common/extensions/features/feature_channel.h"
+#include "extensions/common/extension_builder.h"
+#include "extensions/common/extension_set.h"
+#include "extensions/common/id_util.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+using chrome::IsExtensionOrSharedModuleWhitelisted;
+
+namespace extensions {
+
+namespace {
+
+// Return an extension with |id| which imports a module with the given
+// |import_id|.
+scoped_refptr<Extension> CreateExtensionImportingModule(
+    const std::string& import_id,
+    const std::string& id) {
+  scoped_ptr<base::DictionaryValue> manifest =
+      DictionaryBuilder()
+          .Set("name", "Has Dependent Modules")
+          .Set("version", "1.0")
+          .Set("manifest_version", 2)
+          .Set("import",
+               ListBuilder().Append(DictionaryBuilder().Set("id", import_id)))
+          .Build();
+
+  return ExtensionBuilder()
+      .SetManifest(manifest.Pass())
+      .AddFlags(Extension::FROM_WEBSTORE)
+      .SetID(id)
+      .Build();
+}
+
+}  // namespace
+
+TEST(PepperPermissionUtilTest, ExtensionWhitelisting) {
+  ScopedCurrentChannel current_channel(chrome::VersionInfo::CHANNEL_UNKNOWN);
+  ExtensionSet extensions;
+  std::string whitelisted_id = id_util::GenerateId("whitelisted_extension");
+  scoped_ptr<base::DictionaryValue> manifest =
+      DictionaryBuilder()
+          .Set("name", "Whitelisted Extension")
+          .Set("version", "1.0")
+          .Set("manifest_version", 2)
+          .Build();
+  scoped_refptr<Extension> ext = ExtensionBuilder()
+                                     .SetManifest(manifest.Pass())
+                                     .SetID(whitelisted_id)
+                                     .Build();
+  extensions.Insert(ext);
+  std::set<std::string> whitelist;
+  std::string url = std::string("chrome-extension://") + whitelisted_id +
+                    std::string("/manifest.nmf");
+  std::string bad_scheme_url =
+      std::string("http://") + whitelisted_id + std::string("/manifest.nmf");
+  std::string bad_host_url =
+      std::string("chrome-extension://") + id_util::GenerateId("bad_host");
+  std::string("/manifest.nmf");
+
+  EXPECT_FALSE(
+      IsExtensionOrSharedModuleWhitelisted(GURL(url), &extensions, whitelist));
+  whitelist.insert(whitelisted_id);
+  EXPECT_TRUE(
+      IsExtensionOrSharedModuleWhitelisted(GURL(url), &extensions, whitelist));
+  EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(
+      GURL(bad_scheme_url), &extensions, whitelist));
+  EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(
+      GURL(bad_host_url), &extensions, whitelist));
+}
+
+TEST(PepperPermissionUtilTest, SharedModuleWhitelisting) {
+  ScopedCurrentChannel current_channel(chrome::VersionInfo::CHANNEL_UNKNOWN);
+  ExtensionSet extensions;
+  std::string whitelisted_id = id_util::GenerateId("extension_id");
+  std::string bad_id = id_util::GenerateId("bad_id");
+
+  scoped_ptr<base::DictionaryValue> shared_module_manifest =
+      DictionaryBuilder()
+          .Set("name", "Whitelisted Shared Module")
+          .Set("version", "1.0")
+          .Set("manifest_version", 2)
+          .Set("export",
+               DictionaryBuilder()
+                   .Set("resources", ListBuilder().Append("*"))
+                   // Add the extension to the whitelist.  This
+                   // restricts import to |whitelisted_id| only.
+                   .Set("whitelist", ListBuilder().Append(whitelisted_id)))
+          .Build();
+  scoped_refptr<Extension> shared_module =
+      ExtensionBuilder().SetManifest(shared_module_manifest.Pass()).Build();
+
+  scoped_refptr<Extension> ext =
+      CreateExtensionImportingModule(shared_module->id(), whitelisted_id);
+  std::string extension_url =
+      std::string("chrome-extension://") + ext->id() + std::string("/foo.html");
+
+  std::set<std::string> whitelist;
+  // Important: whitelist *only* the shared module.
+  whitelist.insert(shared_module->id());
+
+  extensions.Insert(ext);
+  // This should fail because shared_module is not in the set of extensions.
+  EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(
+      GURL(extension_url), &extensions, whitelist));
+  extensions.Insert(shared_module);
+  EXPECT_TRUE(IsExtensionOrSharedModuleWhitelisted(
+      GURL(extension_url), &extensions, whitelist));
+  scoped_refptr<Extension> bad_ext =
+      CreateExtensionImportingModule(shared_module->id(), bad_id);
+  std::string bad_extension_url = std::string("chrome-extension://") +
+                                  bad_ext->id() + std::string("/foo.html");
+
+  extensions.Insert(bad_ext);
+  // This should fail because bad_ext is not whitelisted to use shared_module.
+  EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(
+      GURL(bad_extension_url), &extensions, whitelist));
+
+  // Note that the whitelist should be empty after this call, so tests checking
+  // for failure to import will fail because of this.
+  whitelist.erase(shared_module->id());
+  EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(
+      GURL(extension_url), &extensions, whitelist));
+}
+
+}  // namespace extensions