From e6ba241000ba3d0ba7335cf6ffb0b1c9fcf9bdd1 Mon Sep 17 00:00:00 2001
From: "aa@chromium.org" <aa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Wed, 11 Aug 2010 17:38:56 +0000
Subject: Forbid hybrid apps.

BUG=49234

Review URL: http://codereview.chromium.org/3123004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55750 0039d316-1c4b-4281-b951-d872f2087c98
---
 chrome/common/extensions/extension.cc              | 68 +++++++++++++---------
 chrome/common/extensions/extension.h               |  1 +
 chrome/common/extensions/extension_constants.cc    |  2 +
 chrome/common/extensions/extension_constants.h     |  1 +
 .../extensions/extension_manifests_unittest.cc     |  7 +++
 5 files changed, 52 insertions(+), 27 deletions(-)

(limited to 'chrome/common')

diff --git a/chrome/common/extensions/extension.cc b/chrome/common/extensions/extension.cc
index 902eab4..f0e9683 100644
--- a/chrome/common/extensions/extension.cc
+++ b/chrome/common/extensions/extension.cc
@@ -71,28 +71,37 @@ static void ConvertHexadecimalToIDAlphabet(std::string* id) {
 const int kValidWebExtentSchemes =
     URLPattern::SCHEME_HTTP | URLPattern::SCHEME_HTTPS;
 
-}  // namespace
-
-const FilePath::CharType Extension::kManifestFilename[] =
-    FILE_PATH_LITERAL("manifest.json");
-const FilePath::CharType Extension::kLocaleFolder[] =
-    FILE_PATH_LITERAL("_locales");
-const FilePath::CharType Extension::kMessagesFilename[] =
-    FILE_PATH_LITERAL("messages.json");
-
-// A list of all the keys allowed by themes.
-static const wchar_t* kValidThemeKeys[] = {
+// These keys are allowed by all crx files (apps, extensions, themes, etc).
+static const wchar_t* kBaseCrxKeys[] = {
   keys::kCurrentLocale,
   keys::kDefaultLocale,
   keys::kDescription,
+  keys::kIcons,
   keys::kName,
   keys::kPublicKey,
   keys::kSignature,
-  keys::kTheme,
   keys::kVersion,
   keys::kUpdateURL
 };
 
+bool IsBaseCrxKey(const std::wstring& key) {
+  for (size_t i = 0; i < arraysize(kBaseCrxKeys); ++i) {
+    if (key == kBaseCrxKeys[i])
+      return true;
+  }
+
+  return false;
+}
+
+}  // namespace
+
+const FilePath::CharType Extension::kManifestFilename[] =
+    FILE_PATH_LITERAL("manifest.json");
+const FilePath::CharType Extension::kLocaleFolder[] =
+    FILE_PATH_LITERAL("_locales");
+const FilePath::CharType Extension::kMessagesFilename[] =
+    FILE_PATH_LITERAL("messages.json");
+
 #if defined(OS_WIN)
 const char* Extension::kExtensionRegistryPath =
     "Software\\Google\\Chrome\\Extensions";
@@ -514,23 +523,10 @@ ExtensionAction* Extension::LoadExtensionActionHelper(
 }
 
 bool Extension::ContainsNonThemeKeys(const DictionaryValue& source) {
-  // Generate a map of allowable keys
-  static std::map<std::string, bool> theme_keys;
-  static bool theme_key_mapped = false;
-  if (!theme_key_mapped) {
-    for (size_t i = 0; i < arraysize(kValidThemeKeys); ++i) {
-      // TODO(viettrungluu): Make the constants |char*|s and avoid converting.
-      theme_keys[WideToUTF8(kValidThemeKeys[i])] = true;
-    }
-    theme_key_mapped = true;
-  }
-
-  // Go through all the root level keys and verify that they're in the map
-  // of keys allowable by themes. If they're not, then make a not of it for
-  // later.
   for (DictionaryValue::key_iterator iter = source.begin_keys();
        iter != source.end_keys(); ++iter) {
-    if (theme_keys.find(*iter) == theme_keys.end())
+    std::wstring key = ASCIIToWide(*iter);
+    if (!IsBaseCrxKey(key) && key != keys::kTheme)
       return true;
   }
   return false;
@@ -725,6 +721,23 @@ bool Extension::LoadLaunchFullscreen(const DictionaryValue* manifest,
   return true;
 }
 
+bool Extension::EnsureNotHybridApp(const DictionaryValue* manifest,
+                                   std::string* error) {
+  if (web_extent().is_empty())
+    return true;
+
+  for (DictionaryValue::key_iterator iter = manifest->begin_keys();
+       iter != manifest->end_keys(); ++iter) {
+    std::wstring key = ASCIIToWide(*iter);
+    if (!IsBaseCrxKey(key) && key != keys::kApp && key != keys::kPermissions) {
+      *error = errors::kHostedAppsCannotIncludeExtensionFeatures;
+      return false;
+    }
+  }
+
+  return true;
+}
+
 Extension::Extension(const FilePath& path)
     : converted_from_user_script_(false),
       is_theme_(false),
@@ -1506,6 +1519,7 @@ bool Extension::InitFromValue(const DictionaryValue& source, bool require_key,
       !LoadExtent(manifest_value_.get(), keys::kBrowseURLs, &browse_extent_,
                   errors::kInvalidBrowseURLs, errors::kInvalidBrowseURL,
                   error) ||
+      !EnsureNotHybridApp(manifest_value_.get(), error) ||
       !LoadLaunchURL(manifest_value_.get(), error) ||
       !LoadLaunchContainer(manifest_value_.get(), error) ||
       !LoadLaunchFullscreen(manifest_value_.get(), error)) {
diff --git a/chrome/common/extensions/extension.h b/chrome/common/extensions/extension.h
index 9f3ca6c..432e82c 100644
--- a/chrome/common/extensions/extension.h
+++ b/chrome/common/extensions/extension.h
@@ -424,6 +424,7 @@ class Extension {
   bool LoadLaunchFullscreen(const DictionaryValue* manifest,
                             std::string* error);
   bool LoadLaunchURL(const DictionaryValue* manifest, std::string* error);
+  bool EnsureNotHybridApp(const DictionaryValue* manifest, std::string* error);
 
   // Helper method to load an ExtensionAction from the page_action or
   // browser_action entries in the manifest.
diff --git a/chrome/common/extensions/extension_constants.cc b/chrome/common/extensions/extension_constants.cc
index ce4d74f..8fdeb2e 100644
--- a/chrome/common/extensions/extension_constants.cc
+++ b/chrome/common/extensions/extension_constants.cc
@@ -97,6 +97,8 @@ const char* kDisabledByPolicy =
 const char* kDevToolsExperimental =
     "You must request the 'experimental' permission in order to use the"
     " DevTools API.";
+const char* kHostedAppsCannotIncludeExtensionFeatures =
+    "Hosted apps cannot use extension features.";
 const char* kInvalidAllFrames =
     "Invalid value for 'content_scripts[*].all_frames'.";
 const char* kInvalidBackground =
diff --git a/chrome/common/extensions/extension_constants.h b/chrome/common/extensions/extension_constants.h
index bc85b3c..4027737 100644
--- a/chrome/common/extensions/extension_constants.h
+++ b/chrome/common/extensions/extension_constants.h
@@ -89,6 +89,7 @@ namespace extension_manifest_errors {
   extern const char* kCannotScriptGallery;
   extern const char* kChromeVersionTooLow;
   extern const char* kDevToolsExperimental;
+  extern const char* kHostedAppsCannotIncludeExtensionFeatures;
   extern const char* kInvalidAllFrames;
   extern const char* kInvalidBackground;
   extern const char* kInvalidBrowserAction;
diff --git a/chrome/common/extensions/extension_manifests_unittest.cc b/chrome/common/extensions/extension_manifests_unittest.cc
index 36c4b89..df2dad0 100644
--- a/chrome/common/extensions/extension_manifests_unittest.cc
+++ b/chrome/common/extensions/extension_manifests_unittest.cc
@@ -263,3 +263,10 @@ TEST_F(ManifestTest, DevToolsExtensions) {
             extension->devtools_url().spec());
   *CommandLine::ForCurrentProcess() = old_command_line;
 }
+
+TEST_F(ManifestTest, DisallowHybridApps) {
+  LoadAndExpectError("disallow_hybrid_1.json",
+                     errors::kHostedAppsCannotIncludeExtensionFeatures);
+  LoadAndExpectError("disallow_hybrid_2.json",
+                     errors::kHostedAppsCannotIncludeExtensionFeatures);
+}
-- 
cgit v1.1