diff options
Diffstat (limited to 'chrome/common')
| -rw-r--r-- | chrome/common/extensions/extension.cc | 27 | ||||
| -rw-r--r-- | chrome/common/extensions/extension.h | 8 | ||||
| -rw-r--r-- | chrome/common/extensions/extension_unittest.cc | 34 |
3 files changed, 35 insertions, 34 deletions
diff --git a/chrome/common/extensions/extension.cc b/chrome/common/extensions/extension.cc index 134ee3f..c826c07 100644 --- a/chrome/common/extensions/extension.cc +++ b/chrome/common/extensions/extension.cc @@ -531,21 +531,22 @@ bool Extension::FormatPEMForFileOutput(const std::string input, // extensions that require less permissions than the current version, but then // we don't silently allow them to go back. In order to fix this, we would need // to remember the max set of permissions we ever granted a single extension. -bool Extension::AllowSilentUpgrade(Extension* old_extension, - Extension* new_extension) { +bool Extension::IsPrivilegeIncrease(Extension* old_extension, + Extension* new_extension) { // If the old extension had native code access, we don't need to go any // further. Things can't get any worse. if (old_extension->plugins().size() > 0) - return true; + return false; - // Otherwise, if the new extension has a plugin, no silent upgrade. + // Otherwise, if the new extension has a plugin, it's a privilege increase. if (new_extension->plugins().size() > 0) - return false; + return true; - // If we are increasing the set of hosts we have access to, no silent upgrade. + // If we are increasing the set of hosts we have access to, it's a privilege + // increase. if (!old_extension->HasAccessToAllHosts()) { if (new_extension->HasAccessToAllHosts()) - return false; + return true; std::set<std::string> old_hosts = old_extension->GetEffectiveHostPermissions(); @@ -558,17 +559,17 @@ bool Extension::AllowSilentUpgrade(Extension* old_extension, std::insert_iterator<std::set<std::string> >( difference, difference.end())); if (difference.size() > 0) - return false; + return true; } - // If we're going from not having api permissions to having them, no silent - // upgrade. + // If we're going from not having api permissions to having them, it's a + // privilege increase. if (old_extension->api_permissions().size() == 0 && new_extension->api_permissions().size() > 0) - return false; + return true; - // Nothing much has changed. Allow the silent upgrade. - return true; + // Nothing much has changed. + return false; } bool Extension::InitFromValue(const DictionaryValue& source, bool require_id, diff --git a/chrome/common/extensions/extension.h b/chrome/common/extensions/extension.h index ab68d60..6e7215f 100644 --- a/chrome/common/extensions/extension.h +++ b/chrome/common/extensions/extension.h @@ -168,10 +168,10 @@ class Extension { static bool FormatPEMForFileOutput(const std::string input, std::string* output, bool is_public); - // Determine whether we should allow a silent upgrade from |old_extension| to - // |new_extension|. If not, the user will have to approve the upgrade. - static bool AllowSilentUpgrade(Extension* old_extension, - Extension* new_extension); + // Determine whether |new_extension| has increased privileges compared to + // |old_extension|. + static bool IsPrivilegeIncrease(Extension* old_extension, + Extension* new_extension); // Initialize the extension from a parsed manifest. // If |require_id| is true, will return an error if the "id" key is missing diff --git a/chrome/common/extensions/extension_unittest.cc b/chrome/common/extensions/extension_unittest.cc index 8f1b69b..fb40330 100644 --- a/chrome/common/extensions/extension_unittest.cc +++ b/chrome/common/extensions/extension_unittest.cc @@ -582,25 +582,25 @@ TEST(ExtensionTest, EffectiveHostPermissions) { EXPECT_TRUE(extension->HasAccessToAllHosts()); } -TEST(ExtensionTest, AllowSilentUpgrade) { +TEST(ExtensionTest, IsPrivilegeIncrease) { const struct { const char* base_name; bool expect_success; } kTests[] = { - { "allhosts1", true }, // all -> all - { "allhosts2", true }, // all -> one - { "allhosts3", false }, // one -> all - { "hosts1", true }, // http://a,http://b -> http://a,http://b - { "hosts2", true }, // http://a,http://b -> https://a,http://*.b - { "hosts3", true }, // http://a,http://b -> http://a - { "hosts4", false }, // http://a -> http://a,http://b - { "permissions1", true}, // tabs -> tabs - { "permissions2", true}, // tabs -> tabs,bookmarks - { "permissions3", false}, // http://a -> http://a,tabs - { "permissions4", true}, // plugin -> plugin,tabs - { "plugin1", true}, // plugin -> plugin - { "plugin2", true}, // plugin -> none - { "plugin3", false} // none -> plugin + { "allhosts1", false }, // all -> all + { "allhosts2", false }, // all -> one + { "allhosts3", true }, // one -> all + { "hosts1", false }, // http://a,http://b -> http://a,http://b + { "hosts2", false }, // http://a,http://b -> https://a,http://*.b + { "hosts3", false }, // http://a,http://b -> http://a + { "hosts4", true }, // http://a -> http://a,http://b + { "permissions1", false }, // tabs -> tabs + { "permissions2", false }, // tabs -> tabs,bookmarks + { "permissions3", true }, // http://a -> http://a,tabs + { "permissions4", false }, // plugin -> plugin,tabs + { "plugin1", false }, // plugin -> plugin + { "plugin2", false }, // plugin -> none + { "plugin3", true } // none -> plugin }; for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) { @@ -612,8 +612,8 @@ TEST(ExtensionTest, AllowSilentUpgrade) { std::string(kTests[i].base_name) + "_new.json")); EXPECT_EQ(kTests[i].expect_success, - Extension::AllowSilentUpgrade(old_extension.get(), - new_extension.get())) + Extension::IsPrivilegeIncrease(old_extension.get(), + new_extension.get())) << kTests[i].base_name; } } |