| // Copyright 2013 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "chrome/common/extensions/chrome_extensions_client.h" |
| |
| #include "apps/common/api/generated_schemas.h" |
| #include "base/command_line.h" |
| #include "chrome/common/chrome_version_info.h" |
| #include "chrome/common/extensions/api/generated_schemas.h" |
| #include "chrome/common/extensions/chrome_manifest_handlers.h" |
| #include "chrome/common/extensions/extension_constants.h" |
| #include "chrome/common/extensions/features/chrome_channel_feature_filter.h" |
| #include "chrome/common/extensions/features/feature_channel.h" |
| #include "chrome/common/url_constants.h" |
| #include "content/public/common/url_constants.h" |
| #include "extensions/common/api/generated_schemas.h" |
| #include "extensions/common/common_manifest_handlers.h" |
| #include "extensions/common/extension.h" |
| #include "extensions/common/features/api_feature.h" |
| #include "extensions/common/features/base_feature_provider.h" |
| #include "extensions/common/features/json_feature_provider_source.h" |
| #include "extensions/common/features/manifest_feature.h" |
| #include "extensions/common/features/permission_feature.h" |
| #include "extensions/common/features/simple_feature.h" |
| #include "extensions/common/manifest_constants.h" |
| #include "extensions/common/manifest_handler.h" |
| #include "extensions/common/permissions/api_permission_set.h" |
| #include "extensions/common/permissions/permission_message.h" |
| #include "extensions/common/switches.h" |
| #include "extensions/common/url_pattern.h" |
| #include "extensions/common/url_pattern_set.h" |
| #include "grit/common_resources.h" |
| #include "grit/extensions_resources.h" |
| #include "grit/generated_resources.h" |
| #include "ui/base/l10n/l10n_util.h" |
| #include "url/gurl.h" |
| |
| namespace extensions { |
| |
| namespace { |
| |
| const char kThumbsWhiteListedExtension[] = "khopmbdjffemhegeeobelklnbglcdgfh"; |
| |
| template <class FeatureClass> |
| SimpleFeature* CreateFeature() { |
| SimpleFeature* feature = new FeatureClass; |
| feature->AddFilter( |
| scoped_ptr<SimpleFeatureFilter>(new ChromeChannelFeatureFilter(feature))); |
| return feature; |
| } |
| |
| } // namespace |
| |
| static base::LazyInstance<ChromeExtensionsClient> g_client = |
| LAZY_INSTANCE_INITIALIZER; |
| |
| ChromeExtensionsClient::ChromeExtensionsClient() |
| : chrome_api_permissions_(ChromeAPIPermissions()) { |
| } |
| |
| ChromeExtensionsClient::~ChromeExtensionsClient() { |
| } |
| |
| void ChromeExtensionsClient::Initialize() { |
| // Registration could already be finalized in unit tests, where the utility |
| // thread runs in-process. |
| if (!ManifestHandler::IsRegistrationFinalized()) { |
| RegisterCommonManifestHandlers(); |
| RegisterChromeManifestHandlers(); |
| ManifestHandler::FinalizeRegistration(); |
| } |
| |
| // Set up the scripting whitelist. |
| // Whitelist ChromeVox, an accessibility extension from Google that needs |
| // the ability to script webui pages. This is temporary and is not |
| // meant to be a general solution. |
| // TODO(dmazzoni): remove this once we have an extension API that |
| // allows any extension to request read-only access to webui pages. |
| scripting_whitelist_.push_back(extension_misc::kChromeVoxExtensionId); |
| |
| // Whitelist "Discover DevTools Companion" extension from Google that |
| // needs the ability to script DevTools pages. Companion will assist |
| // online courses and will be needed while the online educational programs |
| // are in place. |
| scripting_whitelist_.push_back("angkfkebojeancgemegoedelbnjgcgme"); |
| } |
| |
| const PermissionsProvider& |
| ChromeExtensionsClient::GetPermissionsProvider() const { |
| return chrome_api_permissions_; |
| } |
| |
| const PermissionMessageProvider& |
| ChromeExtensionsClient::GetPermissionMessageProvider() const { |
| return permission_message_provider_; |
| } |
| |
| scoped_ptr<FeatureProvider> ChromeExtensionsClient::CreateFeatureProvider( |
| const std::string& name) const { |
| JSONFeatureProviderSource source(name); |
| if (name == "api") { |
| source.LoadJSON(IDR_EXTENSION_API_FEATURES); |
| source.LoadJSON(IDR_CHROME_EXTENSION_API_FEATURES); |
| return scoped_ptr<FeatureProvider>(new BaseFeatureProvider( |
| source.dictionary(), CreateFeature<APIFeature>)); |
| } else if (name == "manifest") { |
| source.LoadJSON(IDR_EXTENSION_MANIFEST_FEATURES); |
| source.LoadJSON(IDR_CHROME_EXTENSION_MANIFEST_FEATURES); |
| return scoped_ptr<FeatureProvider>(new BaseFeatureProvider( |
| source.dictionary(), CreateFeature<ManifestFeature>)); |
| } else if (name == "permission") { |
| source.LoadJSON(IDR_EXTENSION_PERMISSION_FEATURES); |
| source.LoadJSON(IDR_CHROME_EXTENSION_PERMISSION_FEATURES); |
| return scoped_ptr<FeatureProvider>(new BaseFeatureProvider( |
| source.dictionary(), CreateFeature<PermissionFeature>)); |
| } else { |
| NOTREACHED(); |
| } |
| return scoped_ptr<FeatureProvider>(); |
| } |
| |
| void ChromeExtensionsClient::FilterHostPermissions( |
| const URLPatternSet& hosts, |
| URLPatternSet* new_hosts, |
| std::set<PermissionMessage>* messages) const { |
| for (URLPatternSet::const_iterator i = hosts.begin(); |
| i != hosts.end(); ++i) { |
| // Filters out every URL pattern that matches chrome:// scheme. |
| if (i->scheme() == content::kChromeUIScheme) { |
| // chrome://favicon is the only URL for chrome:// scheme that we |
| // want to support. We want to deprecate the "chrome" scheme. |
| // We should not add any additional "host" here. |
| if (GURL(chrome::kChromeUIFaviconURL).host() != i->host()) |
| continue; |
| messages->insert(PermissionMessage( |
| PermissionMessage::kFavicon, |
| l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_FAVICON))); |
| } else { |
| new_hosts->AddPattern(*i); |
| } |
| } |
| } |
| |
| void ChromeExtensionsClient::SetScriptingWhitelist( |
| const ExtensionsClient::ScriptingWhitelist& whitelist) { |
| scripting_whitelist_ = whitelist; |
| } |
| |
| const ExtensionsClient::ScriptingWhitelist& |
| ChromeExtensionsClient::GetScriptingWhitelist() const { |
| return scripting_whitelist_; |
| } |
| |
| URLPatternSet ChromeExtensionsClient::GetPermittedChromeSchemeHosts( |
| const Extension* extension, |
| const APIPermissionSet& api_permissions) const { |
| URLPatternSet hosts; |
| // Regular extensions are only allowed access to chrome://favicon. |
| hosts.AddPattern(URLPattern(URLPattern::SCHEME_CHROMEUI, |
| chrome::kChromeUIFaviconURL)); |
| |
| // Experimental extensions are also allowed chrome://thumb. |
| // |
| // TODO: A public API should be created for retrieving thumbnails. |
| // See http://crbug.com/222856. A temporary hack is implemented here to |
| // make chrome://thumbs available to NTP Russia extension as |
| // non-experimental. |
| if ((api_permissions.find(APIPermission::kExperimental) != |
| api_permissions.end()) || |
| (extension->id() == kThumbsWhiteListedExtension && |
| extension->from_webstore())) { |
| hosts.AddPattern(URLPattern(URLPattern::SCHEME_CHROMEUI, |
| chrome::kChromeUIThumbnailURL)); |
| } |
| return hosts; |
| } |
| |
| bool ChromeExtensionsClient::IsScriptableURL( |
| const GURL& url, std::string* error) const { |
| // The gallery is special-cased as a restricted URL for scripting to prevent |
| // access to special JS bindings we expose to the gallery (and avoid things |
| // like extensions removing the "report abuse" link). |
| // TODO(erikkay): This seems like the wrong test. Shouldn't we we testing |
| // against the store app extent? |
| GURL store_url(extension_urls::GetWebstoreLaunchURL()); |
| if (url.host() == store_url.host()) { |
| if (error) |
| *error = manifest_errors::kCannotScriptGallery; |
| return false; |
| } |
| return true; |
| } |
| |
| bool ChromeExtensionsClient::IsAPISchemaGenerated( |
| const std::string& name) const { |
| // Test from most common to least common. |
| return api::GeneratedSchemas::IsGenerated(name) || |
| core_api::GeneratedSchemas::IsGenerated(name) || |
| apps::api::GeneratedSchemas::IsGenerated(name); |
| } |
| |
| base::StringPiece ChromeExtensionsClient::GetAPISchema( |
| const std::string& name) const { |
| // Test from most common to least common. |
| if (api::GeneratedSchemas::IsGenerated(name)) |
| return api::GeneratedSchemas::Get(name); |
| |
| if (core_api::GeneratedSchemas::IsGenerated(name)) |
| return core_api::GeneratedSchemas::Get(name); |
| |
| return apps::api::GeneratedSchemas::Get(name); |
| } |
| |
| bool ChromeExtensionsClient::ShouldSuppressFatalErrors() const { |
| // <= dev means dev, canary, and trunk. |
| return GetCurrentChannel() <= chrome::VersionInfo::CHANNEL_DEV; |
| } |
| |
| // static |
| ChromeExtensionsClient* ChromeExtensionsClient::GetInstance() { |
| return g_client.Pointer(); |
| } |
| |
| } // namespace extensions |