diff options
Diffstat (limited to 'chrome/browser/extensions/api/declarative_webrequest')
8 files changed, 82 insertions, 59 deletions
diff --git a/chrome/browser/extensions/api/declarative_webrequest/webrequest_action.cc b/chrome/browser/extensions/api/declarative_webrequest/webrequest_action.cc index 4a01ff0..9301dc0 100644 --- a/chrome/browser/extensions/api/declarative_webrequest/webrequest_action.cc +++ b/chrome/browser/extensions/api/declarative_webrequest/webrequest_action.cc @@ -15,6 +15,7 @@ #include "chrome/browser/extensions/api/declarative_webrequest/request_stages.h" #include "chrome/browser/extensions/api/declarative_webrequest/webrequest_constants.h" #include "chrome/browser/extensions/api/web_request/web_request_api_helpers.h" +#include "chrome/browser/extensions/api/web_request/web_request_permissions.h" #include "chrome/browser/extensions/extension_info_map.h" #include "chrome/common/extensions/extension.h" #include "net/url_request/url_request.h" @@ -198,19 +199,24 @@ int WebRequestAction::GetMinimumPriority() const { return std::numeric_limits<int>::min(); } -bool WebRequestAction::HasPermission(const extensions::Extension* extension, - const net::URLRequest* request) const { - // TODO(battre): Consider the permission to access requests from the incognito - // profile. - // TODO(battre): There should be a single place to check permissions for both - // the WebRequest API and the Declarative WebRequest API. - if (helpers::HideRequest(request)) +bool WebRequestAction::HasPermission(const ExtensionInfoMap* extension_info_map, + const std::string& extension_id, + const net::URLRequest* request, + bool crosses_incognito) const { + if (WebRequestPermissions::HideRequest(request)) return false; - if (extension && !helpers::CanExtensionAccessURL(extension, request->url())) - return false; - // System requests are passed to extensions without host permissions. - // This is the same behavior as found in - // ExtensionWebRequestEventRouter::GetMatchingListenersImpl. + + // In unit tests we don't have an extension_info_map object here and skip host + // permission checks. + if (!extension_info_map) + return true; + + return WebRequestPermissions::CanExtensionAccessURL( + extension_info_map, extension_id, request->url(), crosses_incognito, + ShouldEnforceHostPermissions()); +} + +bool WebRequestAction::ShouldEnforceHostPermissions() const { return true; } @@ -272,15 +278,17 @@ scoped_ptr<WebRequestActionSet> WebRequestActionSet::Create( } std::list<LinkedPtrEventResponseDelta> WebRequestActionSet::CreateDeltas( - const extensions::Extension* extension, + const ExtensionInfoMap* extension_info_map, + const std::string& extension_id, net::URLRequest* request, + bool crosses_incognito, RequestStages request_stage, const WebRequestRule::OptionalRequestData& optional_request_data, - const std::string& extension_id, const base::Time& extension_install_time) const { std::list<LinkedPtrEventResponseDelta> result; for (Actions::const_iterator i = actions_.begin(); i != actions_.end(); ++i) { - if (!(*i)->HasPermission(extension, request)) + if (!(*i)->HasPermission(extension_info_map, extension_id, request, + crosses_incognito)) continue; if ((*i)->GetStages() & request_stage) { LinkedPtrEventResponseDelta delta = (*i)->CreateDelta(request, @@ -382,12 +390,9 @@ WebRequestRedirectToTransparentImageAction::GetType() const { return WebRequestAction::ACTION_REDIRECT_TO_TRANSPARENT_IMAGE; } -bool WebRequestRedirectToTransparentImageAction::HasPermission( - const extensions::Extension* extension, - const net::URLRequest* request) const { - // TODO(battre): Consider the permission to access requests from the incognito - // profile. - return true; +bool WebRequestRedirectToTransparentImageAction::ShouldEnforceHostPermissions() + const { + return false; } LinkedPtrEventResponseDelta @@ -423,10 +428,9 @@ WebRequestRedirectToEmptyDocumentAction::GetType() const { return WebRequestAction::ACTION_REDIRECT_TO_EMPTY_DOCUMENT; } -bool WebRequestRedirectToEmptyDocumentAction::HasPermission( - const extensions::Extension* extension, - const net::URLRequest* request) const { - return true; +bool +WebRequestRedirectToEmptyDocumentAction::ShouldEnforceHostPermissions() const { + return false; } LinkedPtrEventResponseDelta @@ -744,10 +748,8 @@ int WebRequestIgnoreRulesAction::GetMinimumPriority() const { return minimum_priority_; } -bool WebRequestIgnoreRulesAction::HasPermission( - const extensions::Extension* extension, - const net::URLRequest* request) const { - return true; +bool WebRequestIgnoreRulesAction::ShouldEnforceHostPermissions() const { + return false; } LinkedPtrEventResponseDelta WebRequestIgnoreRulesAction::CreateDelta( diff --git a/chrome/browser/extensions/api/declarative_webrequest/webrequest_action.h b/chrome/browser/extensions/api/declarative_webrequest/webrequest_action.h index 01f7e4a..96d0a3d 100644 --- a/chrome/browser/extensions/api/declarative_webrequest/webrequest_action.h +++ b/chrome/browser/extensions/api/declarative_webrequest/webrequest_action.h @@ -17,6 +17,8 @@ #include "googleurl/src/gurl.h" #include "unicode/regex.h" +class WebRequestPermission; + namespace base { class DictionaryValue; class Time; @@ -72,12 +74,21 @@ class WebRequestAction { // this rule. Defaults to MIN_INT. virtual int GetMinimumPriority() const; - // Returns whether |extension| has permission to execute this action - // on |request|. Defaults to checking the host permission. - // |extension| may only be NULL for during testing, in which case - // host permissions are ignored. - virtual bool HasPermission(const extensions::Extension* extension, - const net::URLRequest* request) const; + // Returns whether the specified extension has permission to execute this + // action on |request|. Checks the host permission if + // ShouldEnforceHostPermissions instructs to do that. + // |extension_info_map| may only be NULL for during testing, in which case + // host permissions are ignored. |crosses_incognito| specifies + // whether the request comes from a different profile than |extension_id| + // but was processed because the extension is in spanning mode. + virtual bool HasPermission(const ExtensionInfoMap* extension_info_map, + const std::string& extension_id, + const net::URLRequest* request, + bool crosses_incognito) const; + + // Returns whether host permissions shall be enforced by this actions. + // Used by the standard implementation of HasPermission. Defaults to true. + virtual bool ShouldEnforceHostPermissions() const; // Factory method that instantiates a concrete WebRequestAction // implementation according to |json_action|, the representation of the @@ -123,11 +134,12 @@ class WebRequestActionSet { // |actions_| that can be executed at |request_stage|. If |extension| // is not NULL, permissions of extensions are checked. std::list<LinkedPtrEventResponseDelta> CreateDeltas( - const extensions::Extension* extension, + const ExtensionInfoMap* extension_info_map, + const std::string& extension_id, net::URLRequest* request, + bool crosses_incognito, RequestStages request_stage, const WebRequestRule::OptionalRequestData& optional_request_data, - const std::string& extension_id, const base::Time& extension_install_time) const; // Returns the minimum priority of rules that may be evaluated after @@ -197,8 +209,7 @@ class WebRequestRedirectToTransparentImageAction : public WebRequestAction { // Implementation of WebRequestAction: virtual int GetStages() const OVERRIDE; virtual Type GetType() const OVERRIDE; - virtual bool HasPermission(const extensions::Extension* extension, - const net::URLRequest* request) const OVERRIDE; + virtual bool ShouldEnforceHostPermissions() const OVERRIDE; virtual LinkedPtrEventResponseDelta CreateDelta( net::URLRequest* request, RequestStages request_stage, @@ -220,8 +231,7 @@ class WebRequestRedirectToEmptyDocumentAction : public WebRequestAction { // Implementation of WebRequestAction: virtual int GetStages() const OVERRIDE; virtual Type GetType() const OVERRIDE; - virtual bool HasPermission(const extensions::Extension* extension, - const net::URLRequest* request) const OVERRIDE; + virtual bool ShouldEnforceHostPermissions() const OVERRIDE; virtual LinkedPtrEventResponseDelta CreateDelta( net::URLRequest* request, RequestStages request_stage, @@ -366,8 +376,7 @@ class WebRequestIgnoreRulesAction : public WebRequestAction { virtual int GetStages() const OVERRIDE; virtual Type GetType() const OVERRIDE; virtual int GetMinimumPriority() const OVERRIDE; - virtual bool HasPermission(const extensions::Extension* extension, - const net::URLRequest* request) const OVERRIDE; + virtual bool ShouldEnforceHostPermissions() const OVERRIDE; virtual LinkedPtrEventResponseDelta CreateDelta( net::URLRequest* request, RequestStages request_stage, diff --git a/chrome/browser/extensions/api/declarative_webrequest/webrequest_action_unittest.cc b/chrome/browser/extensions/api/declarative_webrequest/webrequest_action_unittest.cc index bb95594..1161258 100644 --- a/chrome/browser/extensions/api/declarative_webrequest/webrequest_action_unittest.cc +++ b/chrome/browser/extensions/api/declarative_webrequest/webrequest_action_unittest.cc @@ -148,14 +148,16 @@ TEST(WebRequestActionTest, TestPermissions) { // Check that redirect works on regular URLs but not on protected URLs. TestURLRequest regular_request(GURL("http://test.com"), NULL, &context); std::list<LinkedPtrEventResponseDelta> deltas = - action_set->CreateDeltas(NULL, ®ular_request, ON_BEFORE_REQUEST, - WebRequestRule::OptionalRequestData(), "ext1", base::Time()); + action_set->CreateDeltas(NULL, "ext1", ®ular_request, false, + ON_BEFORE_REQUEST, WebRequestRule::OptionalRequestData(), + base::Time()); EXPECT_EQ(1u, deltas.size()); TestURLRequest protected_request(GURL(extension_urls::kGalleryBrowsePrefix), NULL, &context); - deltas = action_set->CreateDeltas(NULL, &protected_request, ON_BEFORE_REQUEST, - WebRequestRule::OptionalRequestData(), "ext1", base::Time()); + deltas = action_set->CreateDeltas(NULL, "ext1", &protected_request, false, + ON_BEFORE_REQUEST, WebRequestRule::OptionalRequestData(), + base::Time()); EXPECT_EQ(0u, deltas.size()); } diff --git a/chrome/browser/extensions/api/declarative_webrequest/webrequest_rule.cc b/chrome/browser/extensions/api/declarative_webrequest/webrequest_rule.cc index 1b5ccb747..b7fb22b 100644 --- a/chrome/browser/extensions/api/declarative_webrequest/webrequest_rule.cc +++ b/chrome/browser/extensions/api/declarative_webrequest/webrequest_rule.cc @@ -8,6 +8,8 @@ #include "chrome/browser/extensions/api/declarative_webrequest/webrequest_action.h" #include "chrome/browser/extensions/api/declarative_webrequest/webrequest_condition.h" #include "chrome/browser/extensions/api/web_request/web_request_api_helpers.h" +#include "chrome/browser/extensions/api/web_request/web_request_permissions.h" +#include "chrome/browser/extensions/extension_info_map.h" #include "chrome/common/extensions/extension.h" namespace { @@ -87,12 +89,14 @@ scoped_ptr<WebRequestRule> WebRequestRule::Create( } std::list<LinkedPtrEventResponseDelta> WebRequestRule::CreateDeltas( - const extensions::Extension* extension, + const ExtensionInfoMap* extension_info_map, net::URLRequest* request, + bool crosses_incognito, RequestStages request_stage, const OptionalRequestData& optional_request_data) const { - return actions_->CreateDeltas(extension, request, request_stage, - optional_request_data, id_.first, extension_installation_time_); + return actions_->CreateDeltas(extension_info_map, extension_id(), request, + crosses_incognito, request_stage, optional_request_data, + extension_installation_time_); } int WebRequestRule::GetMinimumPriority() const { diff --git a/chrome/browser/extensions/api/declarative_webrequest/webrequest_rule.h b/chrome/browser/extensions/api/declarative_webrequest/webrequest_rule.h index 40ddae6..d590de7 100644 --- a/chrome/browser/extensions/api/declarative_webrequest/webrequest_rule.h +++ b/chrome/browser/extensions/api/declarative_webrequest/webrequest_rule.h @@ -13,11 +13,14 @@ #include "chrome/browser/extensions/api/declarative/rules_registry.h" #include "chrome/browser/extensions/api/declarative_webrequest/request_stages.h" +class ExtensionInfoMap; +class WebRequestPermissions; + namespace extensions { class Extension; class URLMatcherConditionFactory; -class WebRequestConditionSet; class WebRequestActionSet; +class WebRequestConditionSet; } namespace extension_web_request_api_helpers { @@ -66,6 +69,7 @@ class WebRequestRule { std::string* error); const GlobalRuleId& id() const { return id_; } + const std::string& extension_id() const { return id_.first; } const WebRequestConditionSet& conditions() const { return *conditions_; } const WebRequestActionSet& actions() const { return *actions_; } Priority priority() const { return priority_; } @@ -78,8 +82,9 @@ class WebRequestRule { // have have sufficient permissions to modify the |request|. The returned list // may be empty in this case. std::list<LinkedPtrEventResponseDelta> CreateDeltas( - const extensions::Extension* extension, + const ExtensionInfoMap* extension_info_map, net::URLRequest* request, + bool crosses_incognito, RequestStages request_stage, const OptionalRequestData& optional_request_data) const; diff --git a/chrome/browser/extensions/api/declarative_webrequest/webrequest_rules_registry.cc b/chrome/browser/extensions/api/declarative_webrequest/webrequest_rules_registry.cc index ce978b2..ad0348b 100644 --- a/chrome/browser/extensions/api/declarative_webrequest/webrequest_rules_registry.cc +++ b/chrome/browser/extensions/api/declarative_webrequest/webrequest_rules_registry.cc @@ -8,6 +8,7 @@ #include "chrome/browser/extensions/api/declarative_webrequest/webrequest_condition.h" #include "chrome/browser/extensions/api/web_request/web_request_api_helpers.h" +#include "chrome/browser/extensions/api/web_request/web_request_permissions.h" #include "chrome/browser/extensions/extension_system.h" #include "net/url_request/url_request.h" @@ -46,6 +47,7 @@ WebRequestRulesRegistry::GetMatches(net::URLRequest* request, std::list<LinkedPtrEventResponseDelta> WebRequestRulesRegistry::CreateDeltas( const ExtensionInfoMap* extension_info_map, net::URLRequest* request, + bool crosses_incognito, RequestStages request_stage, const WebRequestRule::OptionalRequestData& optional_request_data) { if (webrequest_rules_.empty()) @@ -92,9 +94,6 @@ std::list<LinkedPtrEventResponseDelta> WebRequestRulesRegistry::CreateDeltas( const ExtensionId& extension_id = rule_id.first; const WebRequestRule* rule = webrequest_rules_[rule_id].get(); CHECK(rule); - const extensions::Extension* extension = NULL; - if (extension_info_map) - extension = extension_info_map->extensions().GetByID(extension_id); // Skip rule if a previous rule of this extension instructed to ignore // all rules with a lower priority than min_priorities[extension_id]. @@ -103,8 +102,8 @@ std::list<LinkedPtrEventResponseDelta> WebRequestRulesRegistry::CreateDeltas( continue; std::list<LinkedPtrEventResponseDelta> rule_result = - rule->CreateDeltas(extension, request, request_stage, - optional_request_data); + rule->CreateDeltas(extension_info_map, request, crosses_incognito, + request_stage, optional_request_data); result.splice(result.begin(), rule_result); min_priorities[extension_id] = std::max(current_min_priority, diff --git a/chrome/browser/extensions/api/declarative_webrequest/webrequest_rules_registry.h b/chrome/browser/extensions/api/declarative_webrequest/webrequest_rules_registry.h index 55f0083..cb01240 100644 --- a/chrome/browser/extensions/api/declarative_webrequest/webrequest_rules_registry.h +++ b/chrome/browser/extensions/api/declarative_webrequest/webrequest_rules_registry.h @@ -20,6 +20,7 @@ #include "chrome/common/extensions/matcher/url_matcher.h" class Profile; +class WebRequestPermissions; namespace extension_web_request_api_helpers { struct EventResponseDelta; @@ -76,6 +77,7 @@ class WebRequestRulesRegistry : public RulesRegistryWithCache { std::list<LinkedPtrEventResponseDelta> CreateDeltas( const ExtensionInfoMap* extension_info_map, net::URLRequest* request, + bool crosses_incognito, RequestStages request_stage, const WebRequestRule::OptionalRequestData& optional_request_data); diff --git a/chrome/browser/extensions/api/declarative_webrequest/webrequest_rules_registry_unittest.cc b/chrome/browser/extensions/api/declarative_webrequest/webrequest_rules_registry_unittest.cc index 9253137..9a8f4a1 100644 --- a/chrome/browser/extensions/api/declarative_webrequest/webrequest_rules_registry_unittest.cc +++ b/chrome/browser/extensions/api/declarative_webrequest/webrequest_rules_registry_unittest.cc @@ -338,7 +338,7 @@ TEST_F(WebRequestRulesRegistryTest, Precedences) { TestURLRequestContext context; TestURLRequest request(url, NULL, &context); std::list<LinkedPtrEventResponseDelta> deltas = - registry->CreateDeltas(NULL, &request, ON_BEFORE_REQUEST, + registry->CreateDeltas(NULL, &request, false, ON_BEFORE_REQUEST, WebRequestRule::OptionalRequestData()); // The second extension is installed later and will win for this reason @@ -386,7 +386,7 @@ TEST_F(WebRequestRulesRegistryTest, Priorities) { TestURLRequestContext context; TestURLRequest request(url, NULL, &context); std::list<LinkedPtrEventResponseDelta> deltas = - registry->CreateDeltas(NULL, &request, ON_BEFORE_REQUEST, + registry->CreateDeltas(NULL, &request, false, ON_BEFORE_REQUEST, WebRequestRule::OptionalRequestData()); // The redirect by the first extension is ignored due to the ignore rule. |