projects / platform / framework / web / crosswalk.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
- add sources.
[platform/framework/web/crosswalk.git] / src / chrome / browser / extensions / sandboxed_unpacker.cc
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/extensions/sandboxed_unpacker.h"
6
7 #include <set>
8
9 #include "base/base64.h"
10 #include "base/bind.h"
11 #include "base/command_line.h"
12 #include "base/file_util.h"
13 #include "base/files/file_util_proxy.h"
14 #include "base/json/json_string_value_serializer.h"
15 #include "base/memory/scoped_handle.h"
16 #include "base/message_loop/message_loop.h"
17 #include "base/metrics/histogram.h"
18 #include "base/path_service.h"
19 #include "base/safe_numerics.h"
20 #include "base/sequenced_task_runner.h"
21 #include "base/strings/utf_string_conversions.h"
22 #include "base/threading/sequenced_worker_pool.h"
23 #include "chrome/browser/extensions/extension_service.h"
24 #include "chrome/common/chrome_paths.h"
25 #include "chrome/common/chrome_switches.h"
26 #include "chrome/common/chrome_utility_messages.h"
27 #include "chrome/common/extensions/extension.h"
28 #include "chrome/common/extensions/extension_file_util.h"
29 #include "chrome/common/extensions/extension_l10n_util.h"
30 #include "chrome/common/extensions/manifest_handlers/icons_handler.h"
31 #include "content/public/browser/browser_thread.h"
32 #include "content/public/browser/utility_process_host.h"
33 #include "content/public/common/common_param_traits.h"
34 #include "crypto/signature_verifier.h"
35 #include "extensions/common/constants.h"
36 #include "extensions/common/crx_file.h"
37 #include "extensions/common/id_util.h"
38 #include "extensions/common/manifest_constants.h"
39 #include "grit/generated_resources.h"
40 #include "third_party/skia/include/core/SkBitmap.h"
41 #include "ui/base/l10n/l10n_util.h"
42 #include "ui/gfx/codec/png_codec.h"
43
44 using content::BrowserThread;
45 using content::UtilityProcessHost;
46
47 // The following macro makes histograms that record the length of paths
48 // in this file much easier to read.
49 // Windows has a short max path length. If the path length to a
50 // file being unpacked from a CRX exceeds the max length, we might
51 // fail to install. To see if this is happening, see how long the
52 // path to the temp unpack directory is. See crbug.com/69693 .
53 #define PATH_LENGTH_HISTOGRAM(name, path) \
54     UMA_HISTOGRAM_CUSTOM_COUNTS(name, path.value().length(), 0, 500, 100)
55
56 // Record a rate (kB per second) at which extensions are unpacked.
57 // Range from 1kB/s to 100mB/s.
58 #define UNPACK_RATE_HISTOGRAM(name, rate) \
59     UMA_HISTOGRAM_CUSTOM_COUNTS(name, rate, 1, 100000, 100);
60
61 namespace extensions {
62 namespace {
63
64 void RecordSuccessfulUnpackTimeHistograms(
65     const base::FilePath& crx_path, const base::TimeDelta unpack_time) {
66
67   const int64 kBytesPerKb = 1024;
68   const int64 kBytesPerMb = 1024 * 1024;
69
70   UMA_HISTOGRAM_TIMES("Extensions.SandboxUnpackSuccessTime", unpack_time);
71
72   // To get a sense of how CRX size impacts unpack time, record unpack
73   // time for several increments of CRX size.
74   int64 crx_file_size;
75   if (!file_util::GetFileSize(crx_path, &crx_file_size)) {
76     UMA_HISTOGRAM_COUNTS("Extensions.SandboxUnpackSuccessCantGetCrxSize", 1);
77     return;
78   }
79
80   // Cast is safe as long as the number of bytes in the CRX is less than
81   // 2^31 * 2^10.
82   int crx_file_size_kb = static_cast<int>(crx_file_size / kBytesPerKb);
83   UMA_HISTOGRAM_COUNTS(
84       "Extensions.SandboxUnpackSuccessCrxSize", crx_file_size_kb);
85
86   // We have time in seconds and file size in bytes.  We want the rate bytes are
87   // unpacked in kB/s.
88   double file_size_kb =
89       static_cast<double>(crx_file_size) / static_cast<double>(kBytesPerKb);
90   int unpack_rate_kb_per_s =
91       static_cast<int>(file_size_kb / unpack_time.InSecondsF());
92   UNPACK_RATE_HISTOGRAM("Extensions.SandboxUnpackRate", unpack_rate_kb_per_s);
93
94   if (crx_file_size < 50.0 * kBytesPerKb) {
95     UNPACK_RATE_HISTOGRAM(
96         "Extensions.SandboxUnpackRateUnder50kB", unpack_rate_kb_per_s);
97
98   } else if (crx_file_size < 1 * kBytesPerMb) {
99     UNPACK_RATE_HISTOGRAM(
100         "Extensions.SandboxUnpackRate50kBTo1mB", unpack_rate_kb_per_s);
101
102   } else if (crx_file_size < 2 * kBytesPerMb) {
103     UNPACK_RATE_HISTOGRAM(
104         "Extensions.SandboxUnpackRate1To2mB", unpack_rate_kb_per_s);
105
106   } else if (crx_file_size < 5 * kBytesPerMb) {
107     UNPACK_RATE_HISTOGRAM(
108         "Extensions.SandboxUnpackRate2To5mB", unpack_rate_kb_per_s);
109
110   } else if (crx_file_size < 10 * kBytesPerMb) {
111     UNPACK_RATE_HISTOGRAM(
112         "Extensions.SandboxUnpackRate5To10mB", unpack_rate_kb_per_s);
113
114   } else {
115     UNPACK_RATE_HISTOGRAM(
116         "Extensions.SandboxUnpackRateOver10mB", unpack_rate_kb_per_s);
117   }
118 }
119
120 // Work horse for FindWritableTempLocation. Creates a temp file in the folder
121 // and uses NormalizeFilePath to check if the path is junction free.
122 bool VerifyJunctionFreeLocation(base::FilePath* temp_dir) {
123   if (temp_dir->empty())
124     return false;
125
126   base::FilePath temp_file;
127   if (!file_util::CreateTemporaryFileInDir(*temp_dir, &temp_file)) {
128     LOG(ERROR) << temp_dir->value() << " is not writable";
129     return false;
130   }
131   // NormalizeFilePath requires a non-empty file, so write some data.
132   // If you change the exit points of this function please make sure all
133   // exit points delete this temp file!
134   if (file_util::WriteFile(temp_file, ".", 1) != 1)
135     return false;
136
137   base::FilePath normalized_temp_file;
138   bool normalized =
139       file_util::NormalizeFilePath(temp_file, &normalized_temp_file);
140   if (!normalized) {
141     // If |temp_file| contains a link, the sandbox will block al file system
142     // operations, and the install will fail.
143     LOG(ERROR) << temp_dir->value() << " seem to be on remote drive.";
144   } else {
145     *temp_dir = normalized_temp_file.DirName();
146   }
147   // Clean up the temp file.
148   base::DeleteFile(temp_file, false);
149
150   return normalized;
151 }
152
153 // This function tries to find a location for unpacking the extension archive
154 // that is writable and does not lie on a shared drive so that the sandboxed
155 // unpacking process can write there. If no such location exists we can not
156 // proceed and should fail.
157 // The result will be written to |temp_dir|. The function will write to this
158 // parameter even if it returns false.
159 bool FindWritableTempLocation(const base::FilePath& extensions_dir,
160                               base::FilePath* temp_dir) {
161 // On ChromeOS, we will only attempt to unpack extension in cryptohome (profile)
162 // directory to provide additional security/privacy and speed up the rest of
163 // the extension install process.
164 #if !defined(OS_CHROMEOS)
165   PathService::Get(base::DIR_TEMP, temp_dir);
166   if (VerifyJunctionFreeLocation(temp_dir))
167     return true;
168 #endif
169
170   *temp_dir = extension_file_util::GetInstallTempDir(extensions_dir);
171   if (VerifyJunctionFreeLocation(temp_dir))
172     return true;
173   // Neither paths is link free chances are good installation will fail.
174   LOG(ERROR) << "Both the %TEMP% folder and the profile seem to be on "
175              << "remote drives or read-only. Installation can not complete!";
176   return false;
177 }
178
179 // Read the decoded images back from the file we saved them to.
180 // |extension_path| is the path to the extension we unpacked that wrote the
181 // data. Returns true on success.
182 bool ReadImagesFromFile(const base::FilePath& extension_path,
183                         DecodedImages* images) {
184   base::FilePath path =
185       extension_path.AppendASCII(kDecodedImagesFilename);
186   std::string file_str;
187   if (!base::ReadFileToString(path, &file_str))
188     return false;
189
190   IPC::Message pickle(file_str.data(), file_str.size());
191   PickleIterator iter(pickle);
192   return IPC::ReadParam(&pickle, &iter, images);
193 }
194
195 // Read the decoded message catalogs back from the file we saved them to.
196 // |extension_path| is the path to the extension we unpacked that wrote the
197 // data. Returns true on success.
198 bool ReadMessageCatalogsFromFile(const base::FilePath& extension_path,
199                                  base::DictionaryValue* catalogs) {
200   base::FilePath path = extension_path.AppendASCII(
201       kDecodedMessageCatalogsFilename);
202   std::string file_str;
203   if (!base::ReadFileToString(path, &file_str))
204     return false;
205
206   IPC::Message pickle(file_str.data(), file_str.size());
207   PickleIterator iter(pickle);
208   return IPC::ReadParam(&pickle, &iter, catalogs);
209 }
210
211 }  // namespace
212
213 SandboxedUnpacker::SandboxedUnpacker(
214     const base::FilePath& crx_path,
215     Manifest::Location location,
216     int creation_flags,
217     const base::FilePath& extensions_dir,
218     base::SequencedTaskRunner* unpacker_io_task_runner,
219     SandboxedUnpackerClient* client)
220     : crx_path_(crx_path),
221       client_(client),
222       extensions_dir_(extensions_dir),
223       got_response_(false),
224       location_(location),
225       creation_flags_(creation_flags),
226       unpacker_io_task_runner_(unpacker_io_task_runner) {
227 }
228
229 bool SandboxedUnpacker::CreateTempDirectory() {
230   CHECK(unpacker_io_task_runner_->RunsTasksOnCurrentThread());
231
232   base::FilePath temp_dir;
233   if (!FindWritableTempLocation(extensions_dir_, &temp_dir)) {
234     ReportFailure(
235         COULD_NOT_GET_TEMP_DIRECTORY,
236         l10n_util::GetStringFUTF16(
237             IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
238             ASCIIToUTF16("COULD_NOT_GET_TEMP_DIRECTORY")));
239     return false;
240   }
241
242   if (!temp_dir_.CreateUniqueTempDirUnderPath(temp_dir)) {
243     ReportFailure(
244         COULD_NOT_CREATE_TEMP_DIRECTORY,
245         l10n_util::GetStringFUTF16(
246             IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
247             ASCIIToUTF16("COULD_NOT_CREATE_TEMP_DIRECTORY")));
248     return false;
249   }
250
251   return true;
252 }
253
254 void SandboxedUnpacker::Start() {
255   // We assume that we are started on the thread that the client wants us to do
256   // file IO on.
257   CHECK(unpacker_io_task_runner_->RunsTasksOnCurrentThread());
258
259   unpack_start_time_ = base::TimeTicks::Now();
260
261   PATH_LENGTH_HISTOGRAM("Extensions.SandboxUnpackInitialCrxPathLength",
262                         crx_path_);
263   if (!CreateTempDirectory())
264     return;  // ReportFailure() already called.
265
266   // Initialize the path that will eventually contain the unpacked extension.
267   extension_root_ = temp_dir_.path().AppendASCII(kTempExtensionName);
268   PATH_LENGTH_HISTOGRAM("Extensions.SandboxUnpackUnpackedCrxPathLength",
269                         extension_root_);
270
271   // Extract the public key and validate the package.
272   if (!ValidateSignature())
273     return;  // ValidateSignature() already reported the error.
274
275   // Copy the crx file into our working directory.
276   base::FilePath temp_crx_path = temp_dir_.path().Append(crx_path_.BaseName());
277   PATH_LENGTH_HISTOGRAM("Extensions.SandboxUnpackTempCrxPathLength",
278                         temp_crx_path);
279
280   if (!base::CopyFile(crx_path_, temp_crx_path)) {
281     // Failed to copy extension file to temporary directory.
282     ReportFailure(
283         FAILED_TO_COPY_EXTENSION_FILE_TO_TEMP_DIRECTORY,
284         l10n_util::GetStringFUTF16(
285             IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
286             ASCIIToUTF16("FAILED_TO_COPY_EXTENSION_FILE_TO_TEMP_DIRECTORY")));
287     return;
288   }
289
290   // The utility process will have access to the directory passed to
291   // SandboxedUnpacker.  That directory should not contain a symlink or NTFS
292   // reparse point.  When the path is used, following the link/reparse point
293   // will cause file system access outside the sandbox path, and the sandbox
294   // will deny the operation.
295   base::FilePath link_free_crx_path;
296   if (!file_util::NormalizeFilePath(temp_crx_path, &link_free_crx_path)) {
297     LOG(ERROR) << "Could not get the normalized path of "
298                << temp_crx_path.value();
299     ReportFailure(
300         COULD_NOT_GET_SANDBOX_FRIENDLY_PATH,
301         l10n_util::GetStringUTF16(IDS_EXTENSION_UNPACK_FAILED));
302     return;
303   }
304   PATH_LENGTH_HISTOGRAM("Extensions.SandboxUnpackLinkFreeCrxPathLength",
305                         link_free_crx_path);
306
307   BrowserThread::PostTask(
308       BrowserThread::IO, FROM_HERE,
309       base::Bind(
310           &SandboxedUnpacker::StartProcessOnIOThread,
311           this,
312           link_free_crx_path));
313 }
314
315 SandboxedUnpacker::~SandboxedUnpacker() {
316 }
317
318 bool SandboxedUnpacker::OnMessageReceived(const IPC::Message& message) {
319   bool handled = true;
320   IPC_BEGIN_MESSAGE_MAP(SandboxedUnpacker, message)
321     IPC_MESSAGE_HANDLER(ChromeUtilityHostMsg_UnpackExtension_Succeeded,
322                         OnUnpackExtensionSucceeded)
323     IPC_MESSAGE_HANDLER(ChromeUtilityHostMsg_UnpackExtension_Failed,
324                         OnUnpackExtensionFailed)
325     IPC_MESSAGE_UNHANDLED(handled = false)
326   IPC_END_MESSAGE_MAP()
327   return handled;
328 }
329
330 void SandboxedUnpacker::OnProcessCrashed(int exit_code) {
331   // Don't report crashes if they happen after we got a response.
332   if (got_response_)
333     return;
334
335   // Utility process crashed while trying to install.
336   ReportFailure(
337      UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL,
338      l10n_util::GetStringFUTF16(
339          IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
340          ASCIIToUTF16("UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL")));
341 }
342
343 void SandboxedUnpacker::StartProcessOnIOThread(
344     const base::FilePath& temp_crx_path) {
345   UtilityProcessHost* host =
346       UtilityProcessHost::Create(this, unpacker_io_task_runner_.get());
347   // Grant the subprocess access to the entire subdir the extension file is
348   // in, so that it can unpack to that dir.
349   host->SetExposedDir(temp_crx_path.DirName());
350   host->Send(
351       new ChromeUtilityMsg_UnpackExtension(
352           temp_crx_path, extension_id_, location_, creation_flags_));
353 }
354
355 void SandboxedUnpacker::OnUnpackExtensionSucceeded(
356     const DictionaryValue& manifest) {
357   CHECK(unpacker_io_task_runner_->RunsTasksOnCurrentThread());
358   got_response_ = true;
359
360   scoped_ptr<DictionaryValue> final_manifest(RewriteManifestFile(manifest));
361   if (!final_manifest)
362     return;
363
364   // Create an extension object that refers to the temporary location the
365   // extension was unpacked to. We use this until the extension is finally
366   // installed. For example, the install UI shows images from inside the
367   // extension.
368
369   // Localize manifest now, so confirm UI gets correct extension name.
370
371   // TODO(rdevlin.cronin): Continue removing std::string errors and replacing
372   // with string16
373   std::string utf8_error;
374   if (!extension_l10n_util::LocalizeExtension(extension_root_,
375                                               final_manifest.get(),
376                                               &utf8_error)) {
377     ReportFailure(
378         COULD_NOT_LOCALIZE_EXTENSION,
379         l10n_util::GetStringFUTF16(
380             IDS_EXTENSION_PACKAGE_ERROR_MESSAGE,
381             UTF8ToUTF16(utf8_error)));
382     return;
383   }
384
385   extension_ = Extension::Create(
386       extension_root_,
387       location_,
388       *final_manifest,
389       Extension::REQUIRE_KEY | creation_flags_,
390       &utf8_error);
391
392   if (!extension_.get()) {
393     ReportFailure(INVALID_MANIFEST,
394                   ASCIIToUTF16("Manifest is invalid: " + utf8_error));
395     return;
396   }
397
398   SkBitmap install_icon;
399   if (!RewriteImageFiles(&install_icon))
400     return;
401
402   if (!RewriteCatalogFiles())
403     return;
404
405   ReportSuccess(manifest, install_icon);
406 }
407
408 void SandboxedUnpacker::OnUnpackExtensionFailed(const string16& error) {
409   CHECK(unpacker_io_task_runner_->RunsTasksOnCurrentThread());
410   got_response_ = true;
411   ReportFailure(
412       UNPACKER_CLIENT_FAILED,
413       l10n_util::GetStringFUTF16(
414            IDS_EXTENSION_PACKAGE_ERROR_MESSAGE,
415            error));
416 }
417
418 bool SandboxedUnpacker::ValidateSignature() {
419   ScopedStdioHandle file(file_util::OpenFile(crx_path_, "rb"));
420
421   if (!file.get()) {
422     // Could not open crx file for reading.
423 #if defined (OS_WIN)
424     // On windows, get the error code.
425     uint32 error_code = ::GetLastError();
426     // TODO(skerner): Use this histogram to understand why so many
427     // windows users hit this error.  crbug.com/69693
428
429     // Windows errors are unit32s, but all of likely errors are in
430     // [1, 1000].  See winerror.h for the meaning of specific values.
431     // Clip errors outside the expected range to a single extra value.
432     // If there are errors in that extra bucket, we will know to expand
433     // the range.
434     const uint32 kMaxErrorToSend = 1001;
435     error_code = std::min(error_code, kMaxErrorToSend);
436     UMA_HISTOGRAM_ENUMERATION("Extensions.ErrorCodeFromCrxOpen",
437                               error_code, kMaxErrorToSend);
438 #endif
439
440     ReportFailure(
441         CRX_FILE_NOT_READABLE,
442         l10n_util::GetStringFUTF16(
443             IDS_EXTENSION_PACKAGE_ERROR_CODE,
444             ASCIIToUTF16("CRX_FILE_NOT_READABLE")));
445     return false;
446   }
447
448   // Read and verify the header.
449   // TODO(erikkay): Yuck.  I'm not a big fan of this kind of code, but it
450   // appears that we don't have any endian/alignment aware serialization
451   // code in the code base.  So for now, this assumes that we're running
452   // on a little endian machine with 4 byte alignment.
453   CrxFile::Header header;
454   size_t len = fread(&header, 1, sizeof(header), file.get());
455   if (len < sizeof(header)) {
456     // Invalid crx header
457     ReportFailure(
458         CRX_HEADER_INVALID,
459         l10n_util::GetStringFUTF16(
460             IDS_EXTENSION_PACKAGE_ERROR_CODE,
461             ASCIIToUTF16("CRX_HEADER_INVALID")));
462     return false;
463   }
464
465   CrxFile::Error error;
466   scoped_ptr<CrxFile> crx(CrxFile::Parse(header, &error));
467   if (!crx) {
468     switch (error) {
469       case CrxFile::kWrongMagic:
470         ReportFailure(
471             CRX_MAGIC_NUMBER_INVALID,
472             l10n_util::GetStringFUTF16(
473                 IDS_EXTENSION_PACKAGE_ERROR_CODE,
474                 ASCIIToUTF16("CRX_MAGIC_NUMBER_INVALID")));
475         break;
476       case CrxFile::kInvalidVersion:
477         // Bad version numer
478         ReportFailure(
479             CRX_VERSION_NUMBER_INVALID,
480             l10n_util::GetStringFUTF16(
481                 IDS_EXTENSION_PACKAGE_ERROR_CODE,
482                 ASCIIToUTF16("CRX_VERSION_NUMBER_INVALID")));
483         break;
484       case CrxFile::kInvalidKeyTooLarge:
485       case CrxFile::kInvalidSignatureTooLarge:
486         // Excessively large key or signature
487         ReportFailure(
488             CRX_EXCESSIVELY_LARGE_KEY_OR_SIGNATURE,
489             l10n_util::GetStringFUTF16(
490                 IDS_EXTENSION_PACKAGE_ERROR_CODE,
491                 ASCIIToUTF16("CRX_EXCESSIVELY_LARGE_KEY_OR_SIGNATURE")));
492         break;
493       case CrxFile::kInvalidKeyTooSmall:
494         // Key length is zero
495         ReportFailure(
496             CRX_ZERO_KEY_LENGTH,
497             l10n_util::GetStringFUTF16(
498                 IDS_EXTENSION_PACKAGE_ERROR_CODE,
499                 ASCIIToUTF16("CRX_ZERO_KEY_LENGTH")));
500         break;
501       case CrxFile::kInvalidSignatureTooSmall:
502         // Signature length is zero
503         ReportFailure(
504             CRX_ZERO_SIGNATURE_LENGTH,
505             l10n_util::GetStringFUTF16(
506                 IDS_EXTENSION_PACKAGE_ERROR_CODE,
507                 ASCIIToUTF16("CRX_ZERO_SIGNATURE_LENGTH")));
508         break;
509     }
510     return false;
511   }
512
513   std::vector<uint8> key;
514   key.resize(header.key_size);
515   len = fread(&key.front(), sizeof(uint8), header.key_size, file.get());
516   if (len < header.key_size) {
517     // Invalid public key
518     ReportFailure(
519         CRX_PUBLIC_KEY_INVALID,
520         l10n_util::GetStringFUTF16(
521             IDS_EXTENSION_PACKAGE_ERROR_CODE,
522             ASCIIToUTF16("CRX_PUBLIC_KEY_INVALID")));
523     return false;
524   }
525
526   std::vector<uint8> signature;
527   signature.resize(header.signature_size);
528   len = fread(&signature.front(), sizeof(uint8), header.signature_size,
529       file.get());
530   if (len < header.signature_size) {
531     // Invalid signature
532     ReportFailure(
533         CRX_SIGNATURE_INVALID,
534         l10n_util::GetStringFUTF16(
535             IDS_EXTENSION_PACKAGE_ERROR_CODE,
536             ASCIIToUTF16("CRX_SIGNATURE_INVALID")));
537     return false;
538   }
539
540   crypto::SignatureVerifier verifier;
541   if (!verifier.VerifyInit(extension_misc::kSignatureAlgorithm,
542                            sizeof(extension_misc::kSignatureAlgorithm),
543                            &signature.front(),
544                            signature.size(),
545                            &key.front(),
546                            key.size())) {
547     // Signature verification initialization failed. This is most likely
548     // caused by a public key in the wrong format (should encode algorithm).
549     ReportFailure(
550         CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED,
551         l10n_util::GetStringFUTF16(
552             IDS_EXTENSION_PACKAGE_ERROR_CODE,
553             ASCIIToUTF16("CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED")));
554     return false;
555   }
556
557   unsigned char buf[1 << 12];
558   while ((len = fread(buf, 1, sizeof(buf), file.get())) > 0)
559     verifier.VerifyUpdate(buf, len);
560
561   if (!verifier.VerifyFinal()) {
562     // Signature verification failed
563     ReportFailure(
564         CRX_SIGNATURE_VERIFICATION_FAILED,
565         l10n_util::GetStringFUTF16(
566             IDS_EXTENSION_PACKAGE_ERROR_CODE,
567             ASCIIToUTF16("CRX_SIGNATURE_VERIFICATION_FAILED")));
568     return false;
569   }
570
571   std::string public_key =
572       std::string(reinterpret_cast<char*>(&key.front()), key.size());
573   base::Base64Encode(public_key, &public_key_);
574
575   extension_id_ = id_util::GenerateId(public_key);
576
577   return true;
578 }
579
580 void SandboxedUnpacker::ReportFailure(FailureReason reason,
581                                       const string16& error) {
582   UMA_HISTOGRAM_ENUMERATION("Extensions.SandboxUnpackFailureReason",
583                             reason, NUM_FAILURE_REASONS);
584   UMA_HISTOGRAM_TIMES("Extensions.SandboxUnpackFailureTime",
585                       base::TimeTicks::Now() - unpack_start_time_);
586   Cleanup();
587   client_->OnUnpackFailure(error);
588 }
589
590 void SandboxedUnpacker::ReportSuccess(
591     const DictionaryValue& original_manifest,
592     const SkBitmap& install_icon) {
593   UMA_HISTOGRAM_COUNTS("Extensions.SandboxUnpackSuccess", 1);
594
595   RecordSuccessfulUnpackTimeHistograms(
596       crx_path_, base::TimeTicks::Now() - unpack_start_time_);
597
598   // Client takes ownership of temporary directory and extension.
599   client_->OnUnpackSuccess(
600       temp_dir_.Take(), extension_root_, &original_manifest, extension_.get(),
601       install_icon);
602   extension_ = NULL;
603 }
604
605 DictionaryValue* SandboxedUnpacker::RewriteManifestFile(
606     const DictionaryValue& manifest) {
607   // Add the public key extracted earlier to the parsed manifest and overwrite
608   // the original manifest. We do this to ensure the manifest doesn't contain an
609   // exploitable bug that could be used to compromise the browser.
610   scoped_ptr<DictionaryValue> final_manifest(manifest.DeepCopy());
611   final_manifest->SetString(manifest_keys::kPublicKey, public_key_);
612
613   std::string manifest_json;
614   JSONStringValueSerializer serializer(&manifest_json);
615   serializer.set_pretty_print(true);
616   if (!serializer.Serialize(*final_manifest)) {
617     // Error serializing manifest.json.
618     ReportFailure(
619         ERROR_SERIALIZING_MANIFEST_JSON,
620         l10n_util::GetStringFUTF16(
621             IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
622             ASCIIToUTF16("ERROR_SERIALIZING_MANIFEST_JSON")));
623     return NULL;
624   }
625
626   base::FilePath manifest_path =
627       extension_root_.Append(kManifestFilename);
628   int size = base::checked_numeric_cast<int>(manifest_json.size());
629   if (file_util::WriteFile(manifest_path, manifest_json.data(), size) != size) {
630     // Error saving manifest.json.
631     ReportFailure(
632         ERROR_SAVING_MANIFEST_JSON,
633         l10n_util::GetStringFUTF16(
634             IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
635             ASCIIToUTF16("ERROR_SAVING_MANIFEST_JSON")));
636     return NULL;
637   }
638
639   return final_manifest.release();
640 }
641
642 bool SandboxedUnpacker::RewriteImageFiles(SkBitmap* install_icon) {
643   DecodedImages images;
644   if (!ReadImagesFromFile(temp_dir_.path(), &images)) {
645     // Couldn't read image data from disk.
646     ReportFailure(
647         COULD_NOT_READ_IMAGE_DATA_FROM_DISK,
648         l10n_util::GetStringFUTF16(
649             IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
650             ASCIIToUTF16("COULD_NOT_READ_IMAGE_DATA_FROM_DISK")));
651     return false;
652   }
653
654   // Delete any images that may be used by the browser.  We're going to write
655   // out our own versions of the parsed images, and we want to make sure the
656   // originals are gone for good.
657   std::set<base::FilePath> image_paths =
658       extension_file_util::GetBrowserImagePaths(extension_.get());
659   if (image_paths.size() != images.size()) {
660     // Decoded images don't match what's in the manifest.
661     ReportFailure(
662         DECODED_IMAGES_DO_NOT_MATCH_THE_MANIFEST,
663         l10n_util::GetStringFUTF16(
664             IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
665             ASCIIToUTF16("DECODED_IMAGES_DO_NOT_MATCH_THE_MANIFEST")));
666     return false;
667   }
668
669   for (std::set<base::FilePath>::iterator it = image_paths.begin();
670        it != image_paths.end(); ++it) {
671     base::FilePath path = *it;
672     if (path.IsAbsolute() || path.ReferencesParent()) {
673       // Invalid path for browser image.
674       ReportFailure(
675           INVALID_PATH_FOR_BROWSER_IMAGE,
676           l10n_util::GetStringFUTF16(
677               IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
678               ASCIIToUTF16("INVALID_PATH_FOR_BROWSER_IMAGE")));
679       return false;
680     }
681     if (!base::DeleteFile(extension_root_.Append(path), false)) {
682       // Error removing old image file.
683       ReportFailure(
684           ERROR_REMOVING_OLD_IMAGE_FILE,
685           l10n_util::GetStringFUTF16(
686               IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
687               ASCIIToUTF16("ERROR_REMOVING_OLD_IMAGE_FILE")));
688       return false;
689     }
690   }
691
692   std::string install_icon_path = IconsInfo::GetIcons(extension_).Get(
693       extension_misc::EXTENSION_ICON_LARGE,
694       ExtensionIconSet::MATCH_BIGGER);
695
696   // Write our parsed images back to disk as well.
697   for (size_t i = 0; i < images.size(); ++i) {
698     if (BrowserThread::GetBlockingPool()->IsShutdownInProgress()) {
699       // Abort package installation if shutdown was initiated, crbug.com/235525
700       ReportFailure(
701           ABORTED_DUE_TO_SHUTDOWN,
702           l10n_util::GetStringFUTF16(
703               IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
704               ASCIIToUTF16("ABORTED_DUE_TO_SHUTDOWN")));
705       return false;
706     }
707
708     const SkBitmap& image = images[i].a;
709     base::FilePath path_suffix = images[i].b;
710     if (path_suffix.MaybeAsASCII() == install_icon_path)
711       *install_icon = image;
712
713     if (path_suffix.IsAbsolute() || path_suffix.ReferencesParent()) {
714       // Invalid path for bitmap image.
715       ReportFailure(
716           INVALID_PATH_FOR_BITMAP_IMAGE,
717           l10n_util::GetStringFUTF16(
718               IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
719               ASCIIToUTF16("INVALID_PATH_FOR_BITMAP_IMAGE")));
720       return false;
721     }
722     base::FilePath path = extension_root_.Append(path_suffix);
723
724     std::vector<unsigned char> image_data;
725     // TODO(mpcomplete): It's lame that we're encoding all images as PNG, even
726     // though they may originally be .jpg, etc.  Figure something out.
727     // http://code.google.com/p/chromium/issues/detail?id=12459
728     if (!gfx::PNGCodec::EncodeBGRASkBitmap(image, false, &image_data)) {
729       // Error re-encoding theme image.
730       ReportFailure(
731           ERROR_RE_ENCODING_THEME_IMAGE,
732           l10n_util::GetStringFUTF16(
733               IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
734               ASCIIToUTF16("ERROR_RE_ENCODING_THEME_IMAGE")));
735       return false;
736     }
737
738     // Note: we're overwriting existing files that the utility process wrote,
739     // so we can be sure the directory exists.
740     const char* image_data_ptr = reinterpret_cast<const char*>(&image_data[0]);
741     int size = base::checked_numeric_cast<int>(image_data.size());
742     if (file_util::WriteFile(path, image_data_ptr, size) != size) {
743       // Error saving theme image.
744       ReportFailure(
745           ERROR_SAVING_THEME_IMAGE,
746           l10n_util::GetStringFUTF16(
747               IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
748               ASCIIToUTF16("ERROR_SAVING_THEME_IMAGE")));
749       return false;
750     }
751   }
752
753   return true;
754 }
755
756 bool SandboxedUnpacker::RewriteCatalogFiles() {
757   DictionaryValue catalogs;
758   if (!ReadMessageCatalogsFromFile(temp_dir_.path(), &catalogs)) {
759     // Could not read catalog data from disk.
760     ReportFailure(
761         COULD_NOT_READ_CATALOG_DATA_FROM_DISK,
762         l10n_util::GetStringFUTF16(
763             IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
764             ASCIIToUTF16("COULD_NOT_READ_CATALOG_DATA_FROM_DISK")));
765     return false;
766   }
767
768   // Write our parsed catalogs back to disk.
769   for (DictionaryValue::Iterator it(catalogs); !it.IsAtEnd(); it.Advance()) {
770     const DictionaryValue* catalog = NULL;
771     if (!it.value().GetAsDictionary(&catalog)) {
772       // Invalid catalog data.
773       ReportFailure(
774           INVALID_CATALOG_DATA,
775           l10n_util::GetStringFUTF16(
776               IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
777               ASCIIToUTF16("INVALID_CATALOG_DATA")));
778       return false;
779     }
780
781     base::FilePath relative_path = base::FilePath::FromUTF8Unsafe(it.key());
782     relative_path = relative_path.Append(kMessagesFilename);
783     if (relative_path.IsAbsolute() || relative_path.ReferencesParent()) {
784       // Invalid path for catalog.
785       ReportFailure(
786           INVALID_PATH_FOR_CATALOG,
787           l10n_util::GetStringFUTF16(
788               IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
789               ASCIIToUTF16("INVALID_PATH_FOR_CATALOG")));
790       return false;
791     }
792     base::FilePath path = extension_root_.Append(relative_path);
793
794     std::string catalog_json;
795     JSONStringValueSerializer serializer(&catalog_json);
796     serializer.set_pretty_print(true);
797     if (!serializer.Serialize(*catalog)) {
798       // Error serializing catalog.
799       ReportFailure(
800           ERROR_SERIALIZING_CATALOG,
801           l10n_util::GetStringFUTF16(
802               IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
803               ASCIIToUTF16("ERROR_SERIALIZING_CATALOG")));
804       return false;
805     }
806
807     // Note: we're overwriting existing files that the utility process read,
808     // so we can be sure the directory exists.
809     int size = base::checked_numeric_cast<int>(catalog_json.size());
810     if (file_util::WriteFile(path, catalog_json.c_str(), size) != size) {
811       // Error saving catalog.
812       ReportFailure(
813           ERROR_SAVING_CATALOG,
814           l10n_util::GetStringFUTF16(
815               IDS_EXTENSION_PACKAGE_INSTALL_ERROR,
816               ASCIIToUTF16("ERROR_SAVING_CATALOG")));
817       return false;
818     }
819   }
820
821   return true;
822 }
823
824 void SandboxedUnpacker::Cleanup() {
825   DCHECK(unpacker_io_task_runner_->RunsTasksOnCurrentThread());
826   if (!temp_dir_.Delete()) {
827     LOG(WARNING) << "Can not delete temp directory at "
828                  << temp_dir_.path().value();
829   }
830 }
831
832 }  // namespace extensions
Domain: Web Framework / Uncategorized;