// Copyright (c) 2010 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "chrome/browser/extensions/crx_installer.h" #include #include "app/l10n_util.h" #include "app/resource_bundle.h" #include "base/file_util.h" #include "base/lazy_instance.h" #include "base/path_service.h" #include "base/scoped_temp_dir.h" #include "base/stl_util-inl.h" #include "base/stringprintf.h" #include "base/time.h" #include "base/task.h" #include "base/thread_restrictions.h" #include "base/utf_string_conversions.h" #include "base/version.h" #include "chrome/browser/browser_process.h" #include "chrome/browser/browser_thread.h" #include "chrome/browser/extensions/convert_user_script.h" #include "chrome/browser/extensions/convert_web_app.h" #include "chrome/browser/extensions/extension_service.h" #include "chrome/browser/extensions/extension_error_reporter.h" #include "chrome/browser/shell_integration.h" #include "chrome/browser/web_applications/web_app.h" #include "chrome/common/chrome_paths.h" #include "chrome/common/extensions/extension_file_util.h" #include "chrome/common/extensions/extension_constants.h" #include "chrome/common/notification_service.h" #include "chrome/common/notification_type.h" #include "grit/chromium_strings.h" #include "grit/generated_resources.h" #include "grit/theme_resources.h" #include "third_party/skia/include/core/SkBitmap.h" namespace { // Helper function to delete files. This is used to avoid ugly casts which // would be necessary with PostMessage since file_util::Delete is overloaded. static void DeleteFileHelper(const FilePath& path, bool recursive) { file_util::Delete(path, recursive); } struct WhitelistedInstallData { WhitelistedInstallData() {} std::set ids; }; static base::LazyInstance g_whitelisted_install_data(base::LINKER_INITIALIZED); } // namespace // static void CrxInstaller::SetWhitelistedInstallId(const std::string& id) { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); g_whitelisted_install_data.Get().ids.insert(id); } // static bool CrxInstaller::IsIdWhitelisted(const std::string& id) { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); std::set& ids = g_whitelisted_install_data.Get().ids; return ContainsKey(ids, id); } // static bool CrxInstaller::ClearWhitelistedInstallId(const std::string& id) { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); std::set& ids = g_whitelisted_install_data.Get().ids; if (ContainsKey(ids, id)) { ids.erase(id); return true; } return false; } CrxInstaller::CrxInstaller(ExtensionService* frontend, ExtensionInstallUI* client) : install_directory_(frontend->install_directory()), install_source_(Extension::INTERNAL), extensions_enabled_(frontend->extensions_enabled()), delete_source_(false), is_gallery_install_(false), create_app_shortcut_(false), frontend_(frontend), client_(client), apps_require_extension_mime_type_(false), allow_silent_install_(false) { } CrxInstaller::~CrxInstaller() { // Delete the temp directory and crx file as necessary. Note that the // destructor might be called on any thread, so we post a task to the file // thread to make sure the delete happens there. if (!temp_dir_.value().empty()) { BrowserThread::PostTask( BrowserThread::FILE, FROM_HERE, NewRunnableFunction(&DeleteFileHelper, temp_dir_, true)); } if (delete_source_) { BrowserThread::PostTask( BrowserThread::FILE, FROM_HERE, NewRunnableFunction(&DeleteFileHelper, source_file_, false)); } // Make sure the UI is deleted on the ui thread. BrowserThread::DeleteSoon(BrowserThread::UI, FROM_HERE, client_); client_ = NULL; } void CrxInstaller::InstallCrx(const FilePath& source_file) { source_file_ = source_file; FilePath user_data_temp_dir; { // We shouldn't be doing disk IO on the UI thread. // http://code.google.com/p/chromium/issues/detail?id=60634 base::ThreadRestrictions::ScopedAllowIO allow_io; CHECK(PathService::Get(chrome::DIR_USER_DATA_TEMP, &user_data_temp_dir)); } scoped_refptr unpacker( new SandboxedExtensionUnpacker( source_file, user_data_temp_dir, g_browser_process->resource_dispatcher_host(), this)); BrowserThread::PostTask( BrowserThread::FILE, FROM_HERE, NewRunnableMethod( unpacker.get(), &SandboxedExtensionUnpacker::Start)); } void CrxInstaller::InstallUserScript(const FilePath& source_file, const GURL& original_url) { DCHECK(!original_url.is_empty()); source_file_ = source_file; original_url_ = original_url; BrowserThread::PostTask( BrowserThread::FILE, FROM_HERE, NewRunnableMethod(this, &CrxInstaller::ConvertUserScriptOnFileThread)); } void CrxInstaller::ConvertUserScriptOnFileThread() { std::string error; scoped_refptr extension = ConvertUserScriptToExtension(source_file_, original_url_, &error); if (!extension) { ReportFailureFromFileThread(error); return; } OnUnpackSuccess(extension->path(), extension->path(), extension); } void CrxInstaller::InstallWebApp(const WebApplicationInfo& web_app) { BrowserThread::PostTask( BrowserThread::FILE, FROM_HERE, NewRunnableMethod(this, &CrxInstaller::ConvertWebAppOnFileThread, web_app)); } void CrxInstaller::ConvertWebAppOnFileThread( const WebApplicationInfo& web_app) { std::string error; scoped_refptr extension( ConvertWebAppToExtension(web_app, base::Time::Now())); if (!extension) { // Validation should have stopped any potential errors before getting here. NOTREACHED() << "Could not convert web app to extension."; return; } // TODO(aa): conversion data gets lost here :( OnUnpackSuccess(extension->path(), extension->path(), extension); } bool CrxInstaller::AllowInstall(const Extension* extension, std::string* error) { DCHECK(error); // We always allow themes and external installs. if (extension->is_theme() || Extension::IsExternalLocation(install_source_)) return true; if (!extensions_enabled_) { *error = "Extensions are not enabled."; return false; } // Make sure the expected id matches. // TODO(aa): Also support expected version? if (!expected_id_.empty() && expected_id_ != extension->id()) { *error = base::StringPrintf( "ID in new extension manifest (%s) does not match expected id (%s)", extension->id().c_str(), expected_id_.c_str()); return false; } if (extension_->is_app()) { // If the app was downloaded, apps_require_extension_mime_type_ // will be set. In this case, check that it was served with the // right mime type. Make an exception for file URLs, which come // from the users computer and have no headers. if (!original_url_.SchemeIsFile() && apps_require_extension_mime_type_ && original_mime_type_ != Extension::kMimeType) { *error = base::StringPrintf( "Apps must be served with content type %s.", Extension::kMimeType); return false; } // If the client_ is NULL, then the app is either being installed via // an internal mechanism like sync, external_extensions, or default apps. // In that case, we don't want to enforce things like the install origin. if (!is_gallery_install_ && client_) { // For apps with a gallery update URL, require that they be installed // from the gallery. // TODO(erikkay) Apply this rule for paid extensions and themes as well. if (extension->UpdatesFromGallery()) { *error = l10n_util::GetStringFUTF8( IDS_EXTENSION_DISALLOW_NON_DOWNLOADED_GALLERY_INSTALLS, l10n_util::GetStringUTF16(IDS_EXTENSION_WEB_STORE_TITLE)); return false; } // For self-hosted apps, verify that the entire extent is on the same // host (or a subdomain of the host) the download happened from. There's // no way for us to verify that the app controls any other hosts. URLPattern pattern(UserScript::kValidUserScriptSchemes); pattern.set_host(original_url_.host()); pattern.set_match_subdomains(true); ExtensionExtent::PatternList patterns = extension_->web_extent().patterns(); for (size_t i = 0; i < patterns.size(); ++i) { if (!pattern.MatchesHost(patterns[i].host())) { *error = base::StringPrintf( "Apps must be served from the host that they affect."); return false; } } } } return true; } void CrxInstaller::OnUnpackFailure(const std::string& error_message) { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); ReportFailureFromFileThread(error_message); } void CrxInstaller::OnUnpackSuccess(const FilePath& temp_dir, const FilePath& extension_dir, const Extension* extension) { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); // Note: We take ownership of |extension| and |temp_dir|. extension_ = extension; temp_dir_ = temp_dir; // We don't have to delete the unpack dir explicity since it is a child of // the temp dir. unpacked_extension_root_ = extension_dir; std::string error; if (!AllowInstall(extension, &error)) { ReportFailureFromFileThread(error); return; } if (client_) { Extension::DecodeIcon(extension_.get(), Extension::EXTENSION_ICON_LARGE, &install_icon_); } BrowserThread::PostTask( BrowserThread::UI, FROM_HERE, NewRunnableMethod(this, &CrxInstaller::ConfirmInstall)); } void CrxInstaller::ConfirmInstall() { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); if (frontend_->extension_prefs()->IsExtensionBlacklisted(extension_->id())) { VLOG(1) << "This extension: " << extension_->id() << " is blacklisted. Install failed."; ReportFailureFromUIThread("This extension is blacklisted."); return; } if (!frontend_->extension_prefs()->IsExtensionAllowedByPolicy( extension_->id())) { ReportFailureFromUIThread("This extension is blacklisted by admin policy."); return; } GURL overlapping_url; const Extension* overlapping_extension = frontend_->GetExtensionByOverlappingWebExtent(extension_->web_extent()); if (overlapping_extension) { ReportFailureFromUIThread(l10n_util::GetStringFUTF8( IDS_EXTENSION_OVERLAPPING_WEB_EXTENT, UTF8ToUTF16(overlapping_extension->name()))); return; } current_version_ = frontend_->extension_prefs()->GetVersionString(extension_->id()); bool whitelisted = ClearWhitelistedInstallId(extension_->id()) && extension_->plugins().empty() && is_gallery_install_; if (client_ && (!allow_silent_install_ || !whitelisted)) { AddRef(); // Balanced in Proceed() and Abort(). client_->ConfirmInstall(this, extension_.get()); } else { BrowserThread::PostTask( BrowserThread::FILE, FROM_HERE, NewRunnableMethod(this, &CrxInstaller::CompleteInstall)); } return; } void CrxInstaller::InstallUIProceed() { BrowserThread::PostTask( BrowserThread::FILE, FROM_HERE, NewRunnableMethod(this, &CrxInstaller::CompleteInstall)); Release(); // balanced in ConfirmInstall(). } void CrxInstaller::InstallUIAbort() { // Kill the theme loading bubble. NotificationService* service = NotificationService::current(); service->Notify(NotificationType::NO_THEME_DETECTED, Source(this), NotificationService::NoDetails()); Release(); // balanced in ConfirmInstall(). // We're done. Since we don't post any more tasks to ourself, our ref count // should go to zero and we die. The destructor will clean up the temp dir. } void CrxInstaller::CompleteInstall() { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); if (!current_version_.empty()) { scoped_ptr current_version( Version::GetVersionFromString(current_version_)); if (current_version->CompareTo(*(extension_->version())) > 0) { ReportFailureFromFileThread("Attempted to downgrade extension."); return; } } FilePath version_dir = extension_file_util::InstallExtension( unpacked_extension_root_, extension_->id(), extension_->VersionString(), install_directory_); if (version_dir.empty()) { ReportFailureFromFileThread( l10n_util::GetStringUTF8( IDS_EXTENSION_MOVE_DIRECTORY_TO_PROFILE_FAILED)); return; } // This is lame, but we must reload the extension because absolute paths // inside the content scripts are established inside InitFromValue() and we // just moved the extension. // TODO(aa): All paths to resources inside extensions should be created // lazily and based on the Extension's root path at that moment. std::string error; extension_ = extension_file_util::LoadExtension( version_dir, install_source_, true, &error); CHECK(error.empty()) << error; ReportSuccessFromFileThread(); } void CrxInstaller::ReportFailureFromFileThread(const std::string& error) { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); BrowserThread::PostTask( BrowserThread::UI, FROM_HERE, NewRunnableMethod(this, &CrxInstaller::ReportFailureFromUIThread, error)); } void CrxInstaller::ReportFailureFromUIThread(const std::string& error) { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); NotificationService* service = NotificationService::current(); service->Notify(NotificationType::EXTENSION_INSTALL_ERROR, Source(this), Details(&error)); // This isn't really necessary, it is only used because unit tests expect to // see errors get reported via this interface. // // TODO(aa): Need to go through unit tests and clean them up too, probably get // rid of this line. ExtensionErrorReporter::GetInstance()->ReportError(error, false); // quiet if (client_) client_->OnInstallFailure(error); } void CrxInstaller::ReportSuccessFromFileThread() { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); BrowserThread::PostTask( BrowserThread::UI, FROM_HERE, NewRunnableMethod(this, &CrxInstaller::ReportSuccessFromUIThread)); } void CrxInstaller::ReportSuccessFromUIThread() { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); // If there is a client, tell the client about installation. if (client_) client_->OnInstallSuccess(extension_.get(), install_icon_.get()); // Tell the frontend about the installation and hand off ownership of // extension_ to it. frontend_->OnExtensionInstalled(extension_); extension_ = NULL; // We're done. We don't post any more tasks to ourselves so we are deleted // soon. }