Allow CFBundles to load based on a whitelist by bundle ID.

This is a test to allow a single bundle ID to load. This bundle ID is already
permitted in Chrome 14. Subsequently, I will land a change that also loads
bundles that have a specific key set in their Info.plist.

BUG=95045
TEST=Google Authenticator BT works in Chrome
Review URL: http://codereview.chromium.org/7870004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@100714 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 10 insertions, 3 deletions

diff --git a/chrome/common/mac/cfbundle_blocker.mm b/chrome/common/mac/cfbundle_blocker.mm
index d917bd7..1c3ff9b 100644
--- a/chrome/common/mac/cfbundle_blocker.mm
+++ b/chrome/common/mac/cfbundle_blocker.mm
@@ -146,6 +146,12 @@ bool IsBundlePathBlocked(NSString* bundle_path) {
   return false;
 }
 
+// Returns true if bundle_id identifies a bundle that is allowed to be loaded
+// even when found in a blocked directory.
+bool IsBundleIDAllowed(NSString* bundle_id) {
+  return [bundle_id isEqualToString:@"com.google.osax.Google_Authenticator_BT"];
+}
+
 typedef Boolean (*_CFBundleLoadExecutableAndReturnError_Type)(CFBundleRef,
                                                               Boolean,
                                                               CFErrorRef*);
@@ -167,9 +173,10 @@ Boolean ChromeCFBundleLoadExecutableAndReturnError(CFBundleRef bundle,
       CFURLCopyFileSystemPath(url_cf, kCFURLPOSIXPathStyle));
   NSString* path_ns = base::mac::CFToNSCast(path_cf);
 
-  if (IsBundlePathBlocked(path_ns)) {
-    CFStringRef identifier_cf = CFBundleGetIdentifier(bundle);
-    NSString* identifier_ns = base::mac::CFToNSCast(identifier_cf);
+  CFStringRef identifier_cf = CFBundleGetIdentifier(bundle);
+  NSString* identifier_ns = base::mac::CFToNSCast(identifier_cf);
+
+  if (IsBundlePathBlocked(path_ns) && !IsBundleIDAllowed(identifier_ns)) {
     NSString* identifier_ns_print = identifier_ns ? identifier_ns : @"(nil)";
 
     LOG(INFO) << "Blocking attempt to load bundle "