1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
|
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_EXTENSIONS_EXTENSION_FUNCTION_H_
#define CHROME_BROWSER_EXTENSIONS_EXTENSION_FUNCTION_H_
#pragma once
#include <list>
#include <string>
#include "base/compiler_specific.h"
#include "base/memory/ref_counted.h"
#include "base/memory/scoped_ptr.h"
#include "base/memory/weak_ptr.h"
#include "base/message_loop_helpers.h"
#include "base/process.h"
#include "chrome/browser/extensions/extension_info_map.h"
#include "chrome/common/extensions/extension.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/notification_observer.h"
#include "content/public/browser/notification_registrar.h"
#include "content/public/browser/render_view_host_observer.h"
#include "ipc/ipc_message.h"
class Browser;
class ChromeRenderMessageFilter;
class ExtensionFunction;
class ExtensionFunctionDispatcher;
class UIThreadExtensionFunction;
class IOThreadExtensionFunction;
class Profile;
class QuotaLimitHeuristic;
class RenderViewHost;
namespace base {
class ListValue;
class Value;
}
#define EXTENSION_FUNCTION_VALIDATE(test) do { \
if (!(test)) { \
bad_message_ = true; \
return false; \
} \
} while (0)
#define EXTENSION_FUNCTION_ERROR(error) do { \
error_ = error; \
bad_message_ = true; \
return false; \
} while (0)
#define DECLARE_EXTENSION_FUNCTION_NAME(name) \
public: static const char* function_name() { return name; }
// Traits that describe how ExtensionFunction should be deleted. This just calls
// the virtual "Destruct" method on ExtensionFunction, allowing derived classes
// to override the behavior.
struct ExtensionFunctionDeleteTraits {
public:
static void Destruct(const ExtensionFunction* x);
};
// Abstract base class for extension functions the ExtensionFunctionDispatcher
// knows how to dispatch to.
class ExtensionFunction
: public base::RefCountedThreadSafe<ExtensionFunction,
ExtensionFunctionDeleteTraits> {
public:
ExtensionFunction();
virtual UIThreadExtensionFunction* AsUIThreadExtensionFunction();
virtual IOThreadExtensionFunction* AsIOThreadExtensionFunction();
// Execute the API. Clients should initialize the ExtensionFunction using
// SetArgs(), set_request_id(), and the other setters before calling this
// method. Derived classes should be ready to return GetResult() and
// GetError() before returning from this function.
// Note that once Run() returns, dispatcher() can be NULL, so be sure to
// NULL-check.
virtual void Run();
// Returns a quota limit heuristic suitable for this function.
// No quota limiting by default.
virtual void GetQuotaLimitHeuristics(
QuotaLimitHeuristics* heuristics) const {}
// Called when the quota limit has been exceeded. The default implementation
// returns an error.
virtual void OnQuotaExceeded();
// Specifies the raw arguments to the function, as a JSON value.
virtual void SetArgs(const base::ListValue* args);
// Retrieves the results of the function as a JSON-encoded string (may
// be empty).
virtual const std::string GetResult();
// Retrieves the results of the function as a Value.
base::Value* GetResultValue();
// Retrieves any error string from the function.
virtual const std::string GetError();
// Sets the function's error string.
virtual void SetError(const std::string& error);
// Specifies the name of the function.
void set_name(const std::string& name) { name_ = name; }
const std::string& name() const { return name_; }
void set_profile_id(void* profile_id) { profile_id_ = profile_id; }
void* profile_id() const { return profile_id_; }
void set_extension(const Extension* extension) { extension_ = extension; }
const Extension* GetExtension() const { return extension_.get(); }
const std::string& extension_id() const { return extension_->id(); }
void set_request_id(int request_id) { request_id_ = request_id; }
int request_id() { return request_id_; }
void set_source_url(const GURL& source_url) { source_url_ = source_url; }
const GURL& source_url() { return source_url_; }
void set_has_callback(bool has_callback) { has_callback_ = has_callback; }
bool has_callback() { return has_callback_; }
void set_include_incognito(bool include) { include_incognito_ = include; }
bool include_incognito() { return include_incognito_; }
void set_user_gesture(bool user_gesture) { user_gesture_ = user_gesture; }
bool user_gesture() const { return user_gesture_; }
protected:
friend struct ExtensionFunctionDeleteTraits;
virtual ~ExtensionFunction();
// Helper method for ExtensionFunctionDeleteTraits. Deletes this object.
virtual void Destruct() const = 0;
// Derived classes should implement this method to do their work and return
// success/failure.
virtual bool RunImpl() = 0;
// Sends the result back to the extension.
virtual void SendResponse(bool success) = 0;
// Common implementation for SendResponse.
void SendResponseImpl(base::ProcessHandle process,
IPC::Message::Sender* ipc_sender,
int routing_id,
bool success);
// Called when we receive an extension api request that is invalid in a way
// that JSON validation in the renderer should have caught. This should never
// happen and could be an attacker trying to exploit the browser, so we crash
// the renderer instead.
void HandleBadMessage(base::ProcessHandle process);
// Return true if the argument to this function at |index| was provided and
// is non-null.
bool HasOptionalArgument(size_t index);
// Id of this request, used to map the response back to the caller.
int request_id_;
// The Profile of this function's extension.
void* profile_id_;
// The extension that called this function.
scoped_refptr<const Extension> extension_;
// The name of this function.
std::string name_;
// The URL of the frame which is making this request
GURL source_url_;
// True if the js caller provides a callback function to receive the response
// of this call.
bool has_callback_;
// True if this callback should include information from incognito contexts
// even if our profile_ is non-incognito. Note that in the case of a "split"
// mode extension, this will always be false, and we will limit access to
// data from within the same profile_ (either incognito or not).
bool include_incognito_;
// True if the call was made in response of user gesture.
bool user_gesture_;
// The arguments to the API. Only non-null if argument were specified.
scoped_ptr<base::ListValue> args_;
// The result of the API. This should be populated by the derived class before
// SendResponse() is called.
scoped_ptr<base::Value> result_;
// Any detailed error from the API. This should be populated by the derived
// class before Run() returns.
std::string error_;
// Any class that gets a malformed message should set this to true before
// returning. The calling renderer process will be killed.
bool bad_message_;
DISALLOW_COPY_AND_ASSIGN(ExtensionFunction);
};
// Extension functions that run on the UI thread. Most functions fall into
// this category.
class UIThreadExtensionFunction : public ExtensionFunction {
public:
// A delegate for use in testing, to intercept the call to SendResponse.
class DelegateForTests {
public:
virtual void OnSendResponse(UIThreadExtensionFunction* function,
bool success) = 0;
};
UIThreadExtensionFunction();
virtual UIThreadExtensionFunction* AsUIThreadExtensionFunction() OVERRIDE;
void set_test_delegate(DelegateForTests* delegate) {
delegate_ = delegate;
}
// Called when a message was received.
// Should return true if it processed the message.
virtual bool OnMessageReceivedFromRenderView(const IPC::Message& message);
// Set the profile which contains the extension that has originated this
// function call.
void set_profile(Profile* profile) { profile_ = profile; }
Profile* profile() const { return profile_; }
void SetRenderViewHost(RenderViewHost* render_view_host);
RenderViewHost* render_view_host() const { return render_view_host_; }
void set_dispatcher(
const base::WeakPtr<ExtensionFunctionDispatcher>& dispatcher) {
dispatcher_ = dispatcher;
}
ExtensionFunctionDispatcher* dispatcher() const {
return dispatcher_.get();
}
// Gets the "current" browser, if any.
//
// Many extension APIs operate relative to the current browser, which is the
// browser the calling code is running inside of. For example, popups, tabs,
// and infobars all have a containing browser, but background pages and
// notification bubbles do not.
//
// If there is no containing window, the current browser defaults to the
// foremost one.
//
// Incognito browsers are not considered unless the calling extension has
// incognito access enabled.
//
// This method can return NULL if there is no matching browser, which can
// happen if only incognito windows are open, or early in startup or shutdown
// shutdown when there are no active windows.
Browser* GetCurrentBrowser();
protected:
friend struct content::BrowserThread::DeleteOnThread<
content::BrowserThread::UI>;
friend class base::DeleteHelper<UIThreadExtensionFunction>;
virtual ~UIThreadExtensionFunction();
virtual void SendResponse(bool success) OVERRIDE;
// The dispatcher that will service this extension function call.
base::WeakPtr<ExtensionFunctionDispatcher> dispatcher_;
// The RenderViewHost we will send responses too.
RenderViewHost* render_view_host_;
// The Profile of this function's extension.
Profile* profile_;
private:
// Helper class to track the lifetime of ExtensionFunction's RenderViewHost
// pointer and NULL it out when it dies. It also allows us to filter IPC
// messages comming from the RenderViewHost. We use this separate class
// (instead of implementing NotificationObserver on ExtensionFunction) because
// it is/ common for subclasses of ExtensionFunction to be
// NotificationObservers, and it would be an easy error to forget to call the
// base class's Observe() method.
class RenderViewHostTracker : public content::NotificationObserver,
public content::RenderViewHostObserver {
public:
RenderViewHostTracker(UIThreadExtensionFunction* function,
RenderViewHost* render_view_host);
private:
virtual void Observe(int type,
const content::NotificationSource& source,
const content::NotificationDetails& details) OVERRIDE;
virtual void RenderViewHostDestroyed(
RenderViewHost* render_view_host) OVERRIDE;
virtual bool OnMessageReceived(const IPC::Message& message) OVERRIDE;
UIThreadExtensionFunction* function_;
content::NotificationRegistrar registrar_;
DISALLOW_COPY_AND_ASSIGN(RenderViewHostTracker);
};
virtual void Destruct() const OVERRIDE;
scoped_ptr<RenderViewHostTracker> tracker_;
DelegateForTests* delegate_;
};
// Extension functions that run on the IO thread. This type of function avoids
// a roundtrip to and from the UI thread (because communication with the
// extension process happens on the IO thread). It's intended to be used when
// performance is critical (e.g. the webRequest API which can block network
// requests). Generally, UIThreadExtensionFunction is more appropriate and will
// be easier to use and interface with the rest of the browser.
class IOThreadExtensionFunction : public ExtensionFunction {
public:
IOThreadExtensionFunction();
virtual IOThreadExtensionFunction* AsIOThreadExtensionFunction() OVERRIDE;
void set_ipc_sender(base::WeakPtr<ChromeRenderMessageFilter> ipc_sender,
int routing_id) {
ipc_sender_ = ipc_sender;
routing_id_ = routing_id;
}
ChromeRenderMessageFilter* ipc_sender() const { return ipc_sender_.get(); }
int routing_id() const { return routing_id_; }
base::WeakPtr<ChromeRenderMessageFilter> ipc_sender_weak() const {
return ipc_sender_;
}
void set_extension_info_map(const ExtensionInfoMap* extension_info_map) {
extension_info_map_ = extension_info_map;
}
const ExtensionInfoMap* extension_info_map() const {
return extension_info_map_.get();
}
protected:
friend struct content::BrowserThread::DeleteOnThread<
content::BrowserThread::IO>;
friend class base::DeleteHelper<IOThreadExtensionFunction>;
virtual ~IOThreadExtensionFunction();
virtual void Destruct() const OVERRIDE;
virtual void SendResponse(bool success) OVERRIDE;
private:
base::WeakPtr<ChromeRenderMessageFilter> ipc_sender_;
int routing_id_;
scoped_refptr<const ExtensionInfoMap> extension_info_map_;
};
// Base class for an extension function that runs asynchronously *relative to
// the browser's UI thread*.
class AsyncExtensionFunction : public UIThreadExtensionFunction {
public:
AsyncExtensionFunction();
protected:
virtual ~AsyncExtensionFunction();
};
// A SyncExtensionFunction is an ExtensionFunction that runs synchronously
// *relative to the browser's UI thread*. Note that this has nothing to do with
// running synchronously relative to the extension process. From the extension
// process's point of view, the function is still asynchronous.
//
// This kind of function is convenient for implementing simple APIs that just
// need to interact with things on the browser UI thread.
class SyncExtensionFunction : public UIThreadExtensionFunction {
public:
SyncExtensionFunction();
virtual void Run() OVERRIDE;
protected:
virtual ~SyncExtensionFunction();
};
class SyncIOThreadExtensionFunction : public IOThreadExtensionFunction {
public:
SyncIOThreadExtensionFunction();
virtual void Run() OVERRIDE;
protected:
virtual ~SyncIOThreadExtensionFunction();
};
#endif // CHROME_BROWSER_EXTENSIONS_EXTENSION_FUNCTION_H_
|