// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "chrome/browser/extensions/crx_installer.h" #include #include #include "base/file_util.h" #include "base/lazy_instance.h" #include "base/metrics/histogram.h" #include "base/path_service.h" #include "base/scoped_temp_dir.h" #include "base/stl_util-inl.h" #include "base/stringprintf.h" #include "base/task.h" #include "base/threading/thread_restrictions.h" #include "base/time.h" #include "base/utf_string_conversions.h" #include "base/version.h" #include "chrome/browser/browser_process.h" #include "chrome/browser/extensions/convert_user_script.h" #include "chrome/browser/extensions/convert_web_app.h" #include "chrome/browser/extensions/extension_error_reporter.h" #include "chrome/browser/extensions/extension_service.h" #include "chrome/browser/shell_integration.h" #include "chrome/browser/web_applications/web_app.h" #include "chrome/common/chrome_paths.h" #include "chrome/common/extensions/extension_constants.h" #include "chrome/common/extensions/extension_file_util.h" #include "content/browser/browser_thread.h" #include "content/common/notification_service.h" #include "content/common/notification_type.h" #include "grit/chromium_strings.h" #include "grit/generated_resources.h" #include "grit/theme_resources.h" #include "third_party/skia/include/core/SkBitmap.h" #include "ui/base/l10n/l10n_util.h" #include "ui/base/resource/resource_bundle.h" namespace { struct Whitelist { Whitelist() {} std::set ids; std::map > entries; }; static base::LazyInstance g_whitelisted_install_data(base::LINKER_INITIALIZED); } // namespace CrxInstaller::WhitelistEntry::WhitelistEntry() {} CrxInstaller::WhitelistEntry::~WhitelistEntry() {} // static void CrxInstaller::SetWhitelistedInstallId(const std::string& id) { CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); g_whitelisted_install_data.Get().ids.insert(id); } // static void CrxInstaller::SetWhitelistEntry(const std::string& id, CrxInstaller::WhitelistEntry* entry) { CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); Whitelist& data = g_whitelisted_install_data.Get(); data.entries[id] = linked_ptr(entry); } // static const CrxInstaller::WhitelistEntry* CrxInstaller::GetWhitelistEntry( const std::string& id) { CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); Whitelist& data = g_whitelisted_install_data.Get(); if (ContainsKey(data.entries, id)) return data.entries[id].get(); else return NULL; } // static CrxInstaller::WhitelistEntry* CrxInstaller::RemoveWhitelistEntry( const std::string& id) { CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); Whitelist& data = g_whitelisted_install_data.Get(); if (ContainsKey(data.entries, id)) { CrxInstaller::WhitelistEntry* entry = data.entries[id].release(); data.entries.erase(id); return entry; } return NULL; } // static bool CrxInstaller::IsIdWhitelisted(const std::string& id) { CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); std::set& ids = g_whitelisted_install_data.Get().ids; return ContainsKey(ids, id); } // static bool CrxInstaller::ClearWhitelistedInstallId(const std::string& id) { CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); std::set& ids = g_whitelisted_install_data.Get().ids; if (ContainsKey(ids, id)) { ids.erase(id); return true; } return false; } CrxInstaller::CrxInstaller(base::WeakPtr frontend_weak, ExtensionInstallUI* client) : install_directory_(frontend_weak->install_directory()), install_source_(Extension::INTERNAL), extensions_enabled_(frontend_weak->extensions_enabled()), delete_source_(false), is_gallery_install_(false), create_app_shortcut_(false), frontend_weak_(frontend_weak), client_(client), apps_require_extension_mime_type_(false), allow_silent_install_(false), install_cause_(extension_misc::INSTALL_CAUSE_UNSET) { } CrxInstaller::~CrxInstaller() { // Delete the temp directory and crx file as necessary. Note that the // destructor might be called on any thread, so we post a task to the file // thread to make sure the delete happens there. if (!temp_dir_.value().empty()) { if (!BrowserThread::PostTask( BrowserThread::FILE, FROM_HERE, NewRunnableFunction( &extension_file_util::DeleteFile, temp_dir_, true))) NOTREACHED(); } if (delete_source_) { if (!BrowserThread::PostTask( BrowserThread::FILE, FROM_HERE, NewRunnableFunction( &extension_file_util::DeleteFile, source_file_, false))) NOTREACHED(); } // Make sure the UI is deleted on the ui thread. BrowserThread::DeleteSoon(BrowserThread::UI, FROM_HERE, client_); client_ = NULL; } void CrxInstaller::InstallCrx(const FilePath& source_file) { source_file_ = source_file; scoped_refptr unpacker( new SandboxedExtensionUnpacker( source_file, g_browser_process->resource_dispatcher_host(), this)); if (!BrowserThread::PostTask( BrowserThread::FILE, FROM_HERE, NewRunnableMethod( unpacker.get(), &SandboxedExtensionUnpacker::Start))) NOTREACHED(); } void CrxInstaller::InstallUserScript(const FilePath& source_file, const GURL& original_url) { DCHECK(!original_url.is_empty()); source_file_ = source_file; original_url_ = original_url; if (!BrowserThread::PostTask( BrowserThread::FILE, FROM_HERE, NewRunnableMethod(this, &CrxInstaller::ConvertUserScriptOnFileThread))) NOTREACHED(); } void CrxInstaller::ConvertUserScriptOnFileThread() { std::string error; scoped_refptr extension = ConvertUserScriptToExtension(source_file_, original_url_, &error); if (!extension) { ReportFailureFromFileThread(error); return; } OnUnpackSuccess(extension->path(), extension->path(), NULL, extension); } void CrxInstaller::InstallWebApp(const WebApplicationInfo& web_app) { if (!BrowserThread::PostTask( BrowserThread::FILE, FROM_HERE, NewRunnableMethod(this, &CrxInstaller::ConvertWebAppOnFileThread, web_app))) NOTREACHED(); } void CrxInstaller::ConvertWebAppOnFileThread( const WebApplicationInfo& web_app) { std::string error; scoped_refptr extension( ConvertWebAppToExtension(web_app, base::Time::Now())); if (!extension) { // Validation should have stopped any potential errors before getting here. NOTREACHED() << "Could not convert web app to extension."; return; } // TODO(aa): conversion data gets lost here :( OnUnpackSuccess(extension->path(), extension->path(), NULL, extension); } bool CrxInstaller::AllowInstall(const Extension* extension, std::string* error) { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); DCHECK(error); // Make sure the expected id matches. if (!expected_id_.empty() && expected_id_ != extension->id()) { *error = base::StringPrintf( "ID in new CRX manifest (%s) does not match expected id (%s)", extension->id().c_str(), expected_id_.c_str()); return false; } if (expected_version_.get() && !expected_version_->Equals(*extension->version())) { *error = base::StringPrintf( "Version in new CRX %s manifest (%s) does not match expected " "version (%s)", extension->id().c_str(), expected_version_->GetString().c_str(), extension->version()->GetString().c_str()); return false; } // The checks below are skipped for themes and external installs. if (extension->is_theme() || Extension::IsExternalLocation(install_source_)) return true; if (!extensions_enabled_) { *error = "Extensions are not enabled."; return false; } if (extension_->is_app()) { // If the app was downloaded, apps_require_extension_mime_type_ // will be set. In this case, check that it was served with the // right mime type. Make an exception for file URLs, which come // from the users computer and have no headers. if (!original_url_.SchemeIsFile() && apps_require_extension_mime_type_ && original_mime_type_ != Extension::kMimeType) { *error = base::StringPrintf( "Apps must be served with content type %s.", Extension::kMimeType); return false; } // If the client_ is NULL, then the app is either being installed via // an internal mechanism like sync, external_extensions, or default apps. // In that case, we don't want to enforce things like the install origin. if (!is_gallery_install_ && client_) { // For apps with a gallery update URL, require that they be installed // from the gallery. // TODO(erikkay) Apply this rule for paid extensions and themes as well. if (extension->UpdatesFromGallery()) { *error = l10n_util::GetStringFUTF8( IDS_EXTENSION_DISALLOW_NON_DOWNLOADED_GALLERY_INSTALLS, l10n_util::GetStringUTF16(IDS_EXTENSION_WEB_STORE_TITLE)); return false; } // For self-hosted apps, verify that the entire extent is on the same // host (or a subdomain of the host) the download happened from. There's // no way for us to verify that the app controls any other hosts. URLPattern pattern(UserScript::kValidUserScriptSchemes); pattern.set_host(original_url_.host()); pattern.set_match_subdomains(true); URLPatternList patterns = extension_->web_extent().patterns(); for (size_t i = 0; i < patterns.size(); ++i) { if (!pattern.MatchesHost(patterns[i].host())) { *error = base::StringPrintf( "Apps must be served from the host that they affect."); return false; } } } } return true; } void CrxInstaller::OnUnpackFailure(const std::string& error_message) { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); UMA_HISTOGRAM_ENUMERATION("Extensions.UnpackFailureInstallSource", install_source(), Extension::NUM_LOCATIONS); UMA_HISTOGRAM_ENUMERATION("Extensions.UnpackFailureInstallCause", install_cause(), extension_misc::NUM_INSTALL_CAUSES); ReportFailureFromFileThread(error_message); } void CrxInstaller::OnUnpackSuccess(const FilePath& temp_dir, const FilePath& extension_dir, const DictionaryValue* original_manifest, const Extension* extension) { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); UMA_HISTOGRAM_ENUMERATION("Extensions.UnpackSuccessInstallSource", install_source(), Extension::NUM_LOCATIONS); UMA_HISTOGRAM_ENUMERATION("Extensions.UnpackSuccessInstallCause", install_cause(), extension_misc::NUM_INSTALL_CAUSES); // Note: We take ownership of |extension| and |temp_dir|. extension_ = extension; temp_dir_ = temp_dir; if (original_manifest) original_manifest_.reset(original_manifest->DeepCopy()); // We don't have to delete the unpack dir explicity since it is a child of // the temp dir. unpacked_extension_root_ = extension_dir; std::string error; if (!AllowInstall(extension, &error)) { ReportFailureFromFileThread(error); return; } if (client_) { Extension::DecodeIcon(extension_.get(), Extension::EXTENSION_ICON_LARGE, &install_icon_); } if (!BrowserThread::PostTask( BrowserThread::UI, FROM_HERE, NewRunnableMethod(this, &CrxInstaller::ConfirmInstall))) NOTREACHED(); } void CrxInstaller::ConfirmInstall() { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); if (!frontend_weak_.get()) return; if (frontend_weak_->extension_prefs() ->IsExtensionBlacklisted(extension_->id())) { VLOG(1) << "This extension: " << extension_->id() << " is blacklisted. Install failed."; ReportFailureFromUIThread( l10n_util::GetStringUTF8(IDS_EXTENSION_CANT_INSTALL_BLACKLISTED)); return; } if (!frontend_weak_->extension_prefs()->IsExtensionAllowedByPolicy( extension_->id())) { ReportFailureFromUIThread( l10n_util::GetStringUTF8(IDS_EXTENSION_CANT_INSTALL_POLICY_BLACKLIST)); return; } GURL overlapping_url; const Extension* overlapping_extension = frontend_weak_-> GetExtensionByOverlappingWebExtent(extension_->web_extent()); if (overlapping_extension && overlapping_extension->id() != extension_->id()) { ReportFailureFromUIThread(l10n_util::GetStringFUTF8( IDS_EXTENSION_OVERLAPPING_WEB_EXTENT, UTF8ToUTF16(overlapping_extension->name()))); return; } current_version_ = frontend_weak_->extension_prefs()->GetVersionString(extension_->id()); // First see if it's whitelisted by id (the old mechanism). bool whitelisted = ClearWhitelistedInstallId(extension_->id()) && extension_->plugins().empty() && is_gallery_install_; // Now check if there's a WhitelistEntry. scoped_ptr entry( RemoveWhitelistEntry(extension_->id())); if (is_gallery_install_ && entry.get() && original_manifest_.get()) { if (!(original_manifest_->Equals(entry->parsed_manifest.get()))) { ReportFailureFromUIThread( l10n_util::GetStringUTF8(IDS_EXTENSION_MANIFEST_INVALID)); return; } whitelisted = true; } if (client_ && (!allow_silent_install_ || !whitelisted)) { AddRef(); // Balanced in Proceed() and Abort(). client_->ConfirmInstall(this, extension_.get()); } else { if (!BrowserThread::PostTask( BrowserThread::FILE, FROM_HERE, NewRunnableMethod(this, &CrxInstaller::CompleteInstall))) NOTREACHED(); } return; } void CrxInstaller::InstallUIProceed() { if (!BrowserThread::PostTask( BrowserThread::FILE, FROM_HERE, NewRunnableMethod(this, &CrxInstaller::CompleteInstall))) NOTREACHED(); Release(); // balanced in ConfirmInstall(). } void CrxInstaller::InstallUIAbort() { // Technically, this can be called for other reasons than the user hitting // cancel, but they're rare. ExtensionService::RecordPermissionMessagesHistogram( extension_, "Extensions.Permissions_InstallCancel"); // Kill the theme loading bubble. NotificationService* service = NotificationService::current(); service->Notify(NotificationType::NO_THEME_DETECTED, Source(this), NotificationService::NoDetails()); Release(); // balanced in ConfirmInstall(). // We're done. Since we don't post any more tasks to ourself, our ref count // should go to zero and we die. The destructor will clean up the temp dir. } void CrxInstaller::CompleteInstall() { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); if (!current_version_.empty()) { scoped_ptr current_version( Version::GetVersionFromString(current_version_)); if (current_version->CompareTo(*(extension_->version())) > 0) { ReportFailureFromFileThread( l10n_util::GetStringUTF8(IDS_EXTENSION_CANT_DOWNGRADE_VERSION)); return; } } // See how long extension install paths are. This is important on // windows, because file operations may fail if the path to a file // exceeds a small constant. See crbug.com/69693 . UMA_HISTOGRAM_CUSTOM_COUNTS( "Extensions.CrxInstallDirPathLength", install_directory_.value().length(), 0, 500, 100); FilePath version_dir = extension_file_util::InstallExtension( unpacked_extension_root_, extension_->id(), extension_->VersionString(), install_directory_); if (version_dir.empty()) { ReportFailureFromFileThread( l10n_util::GetStringUTF8( IDS_EXTENSION_MOVE_DIRECTORY_TO_PROFILE_FAILED)); return; } // This is lame, but we must reload the extension because absolute paths // inside the content scripts are established inside InitFromValue() and we // just moved the extension. // TODO(aa): All paths to resources inside extensions should be created // lazily and based on the Extension's root path at that moment. std::string error; extension_ = extension_file_util::LoadExtension( version_dir, install_source_, Extension::REQUIRE_KEY, &error); CHECK(error.empty()) << error; ReportSuccessFromFileThread(); } void CrxInstaller::ReportFailureFromFileThread(const std::string& error) { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); if (!BrowserThread::PostTask( BrowserThread::UI, FROM_HERE, NewRunnableMethod(this, &CrxInstaller::ReportFailureFromUIThread, error))) NOTREACHED(); } void CrxInstaller::ReportFailureFromUIThread(const std::string& error) { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); NotificationService* service = NotificationService::current(); service->Notify(NotificationType::EXTENSION_INSTALL_ERROR, Source(this), Details(&error)); // This isn't really necessary, it is only used because unit tests expect to // see errors get reported via this interface. // // TODO(aa): Need to go through unit tests and clean them up too, probably get // rid of this line. ExtensionErrorReporter::GetInstance()->ReportError(error, false); // quiet if (client_) client_->OnInstallFailure(error); NotifyCrxInstallComplete(); } void CrxInstaller::ReportSuccessFromFileThread() { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); if (!BrowserThread::PostTask( BrowserThread::UI, FROM_HERE, NewRunnableMethod(this, &CrxInstaller::ReportSuccessFromUIThread))) NOTREACHED(); } void CrxInstaller::ReportSuccessFromUIThread() { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); if (!frontend_weak_.get()) return; // If there is a client, tell the client about installation. if (client_) client_->OnInstallSuccess(extension_.get(), install_icon_.get()); // Tell the frontend about the installation and hand off ownership of // extension_ to it. frontend_weak_->OnExtensionInstalled(extension_); extension_ = NULL; NotifyCrxInstallComplete(); // We're done. We don't post any more tasks to ourselves so we are deleted // soon. } void CrxInstaller::NotifyCrxInstallComplete() { // Some users (such as the download shelf) need to know when a // CRXInstaller is done. Listening for the EXTENSION_* events // is problematic because they don't know anything about the // extension before it is unpacked, so they can not filter based // on the extension. NotificationService::current()->Notify( NotificationType::CRX_INSTALLER_DONE, Source(this), NotificationService::NoDetails()); }