Avoid calling into the ContentBrowserClient interface from ResourceDispatcherHostImpl to determine …

chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/chrome_content_browser_client_extensions_part.h"
 
 #include <stddef.h>
 
 #include <set>
 
 #include "base/command_line.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/extensions/extension_web_ui.h"
 #include "chrome/browser/extensions/extension_webkit_preferences.h"
 #include "chrome/browser/media_galleries/fileapi/media_file_system_backend.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_io_data.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/renderer_host/chrome_extension_message_filter.h"
 #include "chrome/browser/sync_file_system/local/sync_file_system_backend.h"
 #include "chrome/common/chrome_constants.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/extensions/extension_process_policy.h"
 #include "components/guest_view/browser/guest_view_message_filter.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/browser_url_handler.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
+#include "content/public/browser/resource_dispatcher_host.h"
 #include "content/public/browser/site_instance.h"
 #include "content/public/browser/vpn_service_proxy.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/content_switches.h"
 #include "extensions/browser/api/web_request/web_request_api.h"
 #include "extensions/browser/api/web_request/web_request_api_helpers.h"
+#include "extensions/browser/bad_message.h"
 #include "extensions/browser/extension_host.h"
 #include "extensions/browser/extension_message_filter.h"
 #include "extensions/browser/extension_registry.h"
 #include "extensions/browser/extension_service_worker_message_filter.h"
 #include "extensions/browser/extension_system.h"
 #include "extensions/browser/guest_view/extensions_guest_view_message_filter.h"
 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h"
 #include "extensions/browser/info_map.h"
 #include "extensions/browser/io_thread_extension_message_filter.h"
 #include "extensions/browser/view_type_utils.h"
@@ skipping 72 matching lines @@
         registry->enabled_extensions().GetByID(extension_id);
     if (extension && AppIsolationInfo::HasIsolatedStorage(extension))
       return PRIV_ISOLATED;
     if (extension && extension->is_hosted_app())
       return PRIV_HOSTED;
   }
 
   return PRIV_EXTENSION;
 }
 
+// Determines whether the extension |origin| passed in can be committed by
+// the process identified by |child_id| and returns true or false
+// accordingly. Please refer to the implementation for more information.
+bool IsIllegalOrigin(content::ResourceContext* resource_context,
+                     int child_id,
+                     const GURL& origin) {
+  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+
+  // Consider non-extension URLs safe; they will be checked elsewhere.
+  if (!origin.SchemeIs(kExtensionScheme))
+    return false;
+
+  // If there is no extension installed for the URL, it couldn't have
+  // committed.

[Charlie Reis, 2016/08/10 20:44:01]

nit: Does "committed" fit on the previous line?  It did before.

+  // (If the extension was recently uninstalled, the tab would have closed.)
+  ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context);
+  InfoMap* extension_info_map = io_data->GetExtensionInfoMap();
+  const Extension* extension =
+      extension_info_map->extensions().GetExtensionOrAppByURL(origin);
+  if (!extension)
+    return true;
+
+  // Check for platform app origins.  These can only be committed by the app
+  // itself, or by one if its guests if there are accessible_resources.
+  const ProcessMap& process_map = extension_info_map->process_map();
+  if (extension->is_platform_app() &&
+      !process_map.Contains(extension->id(), child_id)) {
+    // This is a platform app origin not in the app's own process.  If there
+    // are

[Charlie Reis, 2016/08/10 20:44:02]

nit: Fix line wrap.

+    // no accessible resources, this is illegal.
+    if (!extension->GetManifestData(manifest_keys::kWebviewAccessibleResources))
+      return true;
+
+    // If there are accessible resources, the origin is only legal if the
+    // given

[Charlie Reis, 2016/08/10 20:44:01]

Same.

+    // process is a guest of the app.
+    std::string owner_extension_id;
+    int owner_process_id;
+    WebViewRendererState::GetInstance()->GetOwnerInfo(
+        child_id, &owner_process_id, &owner_extension_id);
+    const Extension* owner_extension =
+        extension_info_map->extensions().GetByID(owner_extension_id);
+    return !owner_extension || owner_extension != extension;
+  }
+
+  // With only the origin and not the full URL, we don't have enough
+  // information

[Charlie Reis, 2016/08/10 20:44:02]

Same.

+  // to validate hosted apps or web_accessible_resources in normal extensions.
+  // Assume they're legal.
+  return false;
+}
+
+// This callback is registered on the ResourceDispatcherHost for the chrome
+// extension Origin scheme. We determine whether the extension origin is
+// valid. Please see the IsIllegalOrigin() function.
+void OnHttpHeaderReceived(const std::string& header,
+                          const std::string& value,
+                          int child_id,
+                          content::ResourceContext* resource_context,
+                          content::OnHeaderProcessedCallback callback) {
+  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+
+  GURL origin(value);
+  DCHECK(origin.SchemeIs(extensions::kExtensionScheme));
+
+  if (IsIllegalOrigin(resource_context, child_id, origin)) {
+    callback.Run(false, bad_message::INVALID_ORIGIN);
+  } else {
+    callback.Run(true, 0);
+  }
+}
+
 }  // namespace
 
 ChromeContentBrowserClientExtensionsPart::
     ChromeContentBrowserClientExtensionsPart() {
 }
 
 ChromeContentBrowserClientExtensionsPart::
     ~ChromeContentBrowserClientExtensionsPart() {
 }
 
@@ skipping 127 matching lines @@
       registry->enabled_extensions().GetExtensionOrAppByURL(url);
   if (new_extension && new_extension->is_hosted_app() &&
       new_extension->id() == kWebStoreAppId &&
       !ProcessMap::Get(process_host->GetBrowserContext())
            ->Contains(new_extension->id(), process_host->GetID())) {
     return false;
   }
   return true;
 }
 
-bool ChromeContentBrowserClientExtensionsPart::IsIllegalOrigin(
-    content::ResourceContext* resource_context,
-    int child_process_id,
-    const GURL& origin) {
-  DCHECK_CURRENTLY_ON(BrowserThread::IO);
-
-  // Consider non-extension URLs safe; they will be checked elsewhere.
-  if (!origin.SchemeIs(kExtensionScheme))
-    return false;
-
-  // If there is no extension installed for the URL, it couldn't have committed.
-  // (If the extension was recently uninstalled, the tab would have closed.)
-  ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context);
-  InfoMap* extension_info_map = io_data->GetExtensionInfoMap();
-  const Extension* extension =
-      extension_info_map->extensions().GetExtensionOrAppByURL(origin);
-  if (!extension)
-    return true;
-
-  // Check for platform app origins.  These can only be committed by the app
-  // itself, or by one if its guests if there are accessible_resources.
-  const ProcessMap& process_map = extension_info_map->process_map();
-  if (extension->is_platform_app() &&
-      !process_map.Contains(extension->id(), child_process_id)) {
-    // This is a platform app origin not in the app's own process.  If there are
-    // no accessible resources, this is illegal.
-    if (!extension->GetManifestData(manifest_keys::kWebviewAccessibleResources))
-      return true;
-
-    // If there are accessible resources, the origin is only legal if the given
-    // process is a guest of the app.
-    std::string owner_extension_id;
-    int owner_process_id;
-    WebViewRendererState::GetInstance()->GetOwnerInfo(
-        child_process_id, &owner_process_id, &owner_extension_id);
-    const Extension* owner_extension =
-        extension_info_map->extensions().GetByID(owner_extension_id);
-    return !owner_extension || owner_extension != extension;
-  }
-
-  // With only the origin and not the full URL, we don't have enough information
-  // to validate hosted apps or web_accessible_resources in normal extensions.
-  // Assume they're legal.
-  return false;
-}
-
 // static
 bool ChromeContentBrowserClientExtensionsPart::IsSuitableHost(
     Profile* profile,
     content::RenderProcessHost* process_host,
     const GURL& site_url) {
   DCHECK(profile);
 
   ExtensionRegistry* registry = ExtensionRegistry::Get(profile);
   ProcessMap* process_map = ProcessMap::Get(profile);
 
@@ skipping 324 matching lines @@
 #if defined(ENABLE_WEBRTC)
     command_line->AppendSwitch(::switches::kEnableWebRtcHWH264Encoding);
 #endif
     if (base::CommandLine::ForCurrentProcess()->HasSwitch(
             switches::kEnableMojoSerialService)) {
       command_line->AppendSwitch(switches::kEnableMojoSerialService);
     }
   }
 }
 
+void ChromeContentBrowserClientExtensionsPart::ResourceDispatcherHostCreated() {
+  content::ResourceDispatcherHost::Get()->RegisterInterceptor(
+      "Origin", kExtensionScheme, base::Bind(&OnHttpHeaderReceived));
+}
+
 }  // namespace extensions