1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/common/extensions/chrome_extensions_client.h"
7 #include "base/command_line.h"
8 #include "base/strings/string_util.h"
9 #include "chrome/common/chrome_switches.h"
10 #include "chrome/common/chrome_version_info.h"
11 #include "chrome/common/extensions/api/generated_schemas.h"
12 #include "chrome/common/extensions/chrome_manifest_handlers.h"
13 #include "chrome/common/extensions/extension_constants.h"
14 #include "chrome/common/extensions/features/chrome_channel_feature_filter.h"
15 #include "chrome/common/extensions/features/feature_channel.h"
16 #include "chrome/common/url_constants.h"
17 #include "chrome/grit/chromium_strings.h"
18 #include "chrome/grit/common_resources.h"
19 #include "chrome/grit/extensions_api_resources.h"
20 #include "chrome/grit/generated_resources.h"
21 #include "content/public/common/url_constants.h"
22 #include "extensions/common/api/generated_schemas.h"
23 #include "extensions/common/common_manifest_handlers.h"
24 #include "extensions/common/extension.h"
25 #include "extensions/common/extension_api.h"
26 #include "extensions/common/extension_urls.h"
27 #include "extensions/common/features/api_feature.h"
28 #include "extensions/common/features/base_feature_provider.h"
29 #include "extensions/common/features/feature_provider.h"
30 #include "extensions/common/features/json_feature_provider_source.h"
31 #include "extensions/common/features/manifest_feature.h"
32 #include "extensions/common/features/permission_feature.h"
33 #include "extensions/common/features/simple_feature.h"
34 #include "extensions/common/manifest_constants.h"
35 #include "extensions/common/manifest_handler.h"
36 #include "extensions/common/permissions/api_permission_set.h"
37 #include "extensions/common/permissions/permission_message.h"
38 #include "extensions/common/permissions/permissions_info.h"
39 #include "extensions/common/url_pattern.h"
40 #include "extensions/common/url_pattern_set.h"
41 #include "extensions/grit/extensions_resources.h"
42 #include "ui/base/l10n/l10n_util.h"
45 namespace extensions {
49 // TODO(battre): Delete the HTTP URL once the blacklist is downloaded via HTTPS.
50 const char kExtensionBlocklistUrlPrefix[] =
51 "http://www.gstatic.com/chrome/extensions/blacklist";
52 const char kExtensionBlocklistHttpsUrlPrefix[] =
53 "https://www.gstatic.com/chrome/extensions/blacklist";
55 const char kThumbsWhiteListedExtension[] = "khopmbdjffemhegeeobelklnbglcdgfh";
57 template <class FeatureClass>
58 SimpleFeature* CreateFeature() {
59 SimpleFeature* feature = new FeatureClass;
61 scoped_ptr<SimpleFeatureFilter>(new ChromeChannelFeatureFilter(feature)));
67 static base::LazyInstance<ChromeExtensionsClient> g_client =
68 LAZY_INSTANCE_INITIALIZER;
70 ChromeExtensionsClient::ChromeExtensionsClient()
71 : chrome_api_permissions_(ChromeAPIPermissions()),
72 extensions_api_permissions_(ExtensionsAPIPermissions()) {
75 ChromeExtensionsClient::~ChromeExtensionsClient() {
78 void ChromeExtensionsClient::Initialize() {
79 // Registration could already be finalized in unit tests, where the utility
80 // thread runs in-process.
81 if (!ManifestHandler::IsRegistrationFinalized()) {
82 RegisterCommonManifestHandlers();
83 RegisterChromeManifestHandlers();
84 ManifestHandler::FinalizeRegistration();
87 // Set up permissions.
88 PermissionsInfo::GetInstance()->AddProvider(chrome_api_permissions_);
89 PermissionsInfo::GetInstance()->AddProvider(extensions_api_permissions_);
91 // Set up the scripting whitelist.
92 // Whitelist ChromeVox, an accessibility extension from Google that needs
93 // the ability to script webui pages. This is temporary and is not
94 // meant to be a general solution.
95 // TODO(dmazzoni): remove this once we have an extension API that
96 // allows any extension to request read-only access to webui pages.
97 scripting_whitelist_.push_back(extension_misc::kChromeVoxExtensionId);
99 // Whitelist "Discover DevTools Companion" extension from Google that
100 // needs the ability to script DevTools pages. Companion will assist
101 // online courses and will be needed while the online educational programs
103 scripting_whitelist_.push_back("angkfkebojeancgemegoedelbnjgcgme");
106 const PermissionMessageProvider&
107 ChromeExtensionsClient::GetPermissionMessageProvider() const {
108 return permission_message_provider_;
111 const std::string ChromeExtensionsClient::GetProductName() {
112 return l10n_util::GetStringUTF8(IDS_PRODUCT_NAME);
115 scoped_ptr<FeatureProvider> ChromeExtensionsClient::CreateFeatureProvider(
116 const std::string& name) const {
117 scoped_ptr<FeatureProvider> provider;
118 scoped_ptr<JSONFeatureProviderSource> source(
119 CreateFeatureProviderSource(name));
121 provider.reset(new BaseFeatureProvider(source->dictionary(),
122 CreateFeature<APIFeature>));
123 } else if (name == "manifest") {
124 provider.reset(new BaseFeatureProvider(source->dictionary(),
125 CreateFeature<ManifestFeature>));
126 } else if (name == "permission") {
127 provider.reset(new BaseFeatureProvider(source->dictionary(),
128 CreateFeature<PermissionFeature>));
132 return provider.Pass();
135 scoped_ptr<JSONFeatureProviderSource>
136 ChromeExtensionsClient::CreateFeatureProviderSource(
137 const std::string& name) const {
138 scoped_ptr<JSONFeatureProviderSource> source(
139 new JSONFeatureProviderSource(name));
141 source->LoadJSON(IDR_EXTENSION_API_FEATURES);
142 source->LoadJSON(IDR_CHROME_EXTENSION_API_FEATURES);
143 } else if (name == "manifest") {
144 source->LoadJSON(IDR_EXTENSION_MANIFEST_FEATURES);
145 source->LoadJSON(IDR_CHROME_EXTENSION_MANIFEST_FEATURES);
146 } else if (name == "permission") {
147 source->LoadJSON(IDR_EXTENSION_PERMISSION_FEATURES);
148 source->LoadJSON(IDR_CHROME_EXTENSION_PERMISSION_FEATURES);
153 return source.Pass();
156 void ChromeExtensionsClient::FilterHostPermissions(
157 const URLPatternSet& hosts,
158 URLPatternSet* new_hosts,
159 std::set<PermissionMessage>* messages) const {
160 for (URLPatternSet::const_iterator i = hosts.begin();
161 i != hosts.end(); ++i) {
162 // Filters out every URL pattern that matches chrome:// scheme.
163 if (i->scheme() == content::kChromeUIScheme) {
164 // chrome://favicon is the only URL for chrome:// scheme that we
165 // want to support. We want to deprecate the "chrome" scheme.
166 // We should not add any additional "host" here.
167 if (GURL(chrome::kChromeUIFaviconURL).host() != i->host())
169 messages->insert(PermissionMessage(
170 PermissionMessage::kFavicon,
171 l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_FAVICON)));
173 new_hosts->AddPattern(*i);
178 void ChromeExtensionsClient::SetScriptingWhitelist(
179 const ExtensionsClient::ScriptingWhitelist& whitelist) {
180 scripting_whitelist_ = whitelist;
183 const ExtensionsClient::ScriptingWhitelist&
184 ChromeExtensionsClient::GetScriptingWhitelist() const {
185 return scripting_whitelist_;
188 URLPatternSet ChromeExtensionsClient::GetPermittedChromeSchemeHosts(
189 const Extension* extension,
190 const APIPermissionSet& api_permissions) const {
192 // Regular extensions are only allowed access to chrome://favicon.
193 hosts.AddPattern(URLPattern(URLPattern::SCHEME_CHROMEUI,
194 chrome::kChromeUIFaviconURL));
196 // Experimental extensions are also allowed chrome://thumb.
198 // TODO: A public API should be created for retrieving thumbnails.
199 // See http://crbug.com/222856. A temporary hack is implemented here to
200 // make chrome://thumbs available to NTP Russia extension as
202 if ((api_permissions.find(APIPermission::kExperimental) !=
203 api_permissions.end()) ||
204 (extension->id() == kThumbsWhiteListedExtension &&
205 extension->from_webstore())) {
206 hosts.AddPattern(URLPattern(URLPattern::SCHEME_CHROMEUI,
207 chrome::kChromeUIThumbnailURL));
212 bool ChromeExtensionsClient::IsScriptableURL(
213 const GURL& url, std::string* error) const {
214 // The gallery is special-cased as a restricted URL for scripting to prevent
215 // access to special JS bindings we expose to the gallery (and avoid things
216 // like extensions removing the "report abuse" link).
217 // TODO(erikkay): This seems like the wrong test. Shouldn't we we testing
218 // against the store app extent?
219 GURL store_url(extension_urls::GetWebstoreLaunchURL());
220 if (url.host() == store_url.host()) {
222 *error = manifest_errors::kCannotScriptGallery;
228 bool ChromeExtensionsClient::IsAPISchemaGenerated(
229 const std::string& name) const {
230 // Test from most common to least common.
231 return api::GeneratedSchemas::IsGenerated(name) ||
232 core_api::GeneratedSchemas::IsGenerated(name);
235 base::StringPiece ChromeExtensionsClient::GetAPISchema(
236 const std::string& name) const {
237 // Test from most common to least common.
238 if (api::GeneratedSchemas::IsGenerated(name))
239 return api::GeneratedSchemas::Get(name);
241 return core_api::GeneratedSchemas::Get(name);
244 void ChromeExtensionsClient::RegisterAPISchemaResources(
245 ExtensionAPI* api) const {
246 api->RegisterSchemaResource("accessibilityPrivate",
247 IDR_EXTENSION_API_JSON_ACCESSIBILITYPRIVATE);
248 api->RegisterSchemaResource("app", IDR_EXTENSION_API_JSON_APP);
249 api->RegisterSchemaResource("browserAction",
250 IDR_EXTENSION_API_JSON_BROWSERACTION);
251 api->RegisterSchemaResource("commands", IDR_EXTENSION_API_JSON_COMMANDS);
252 api->RegisterSchemaResource("declarativeContent",
253 IDR_EXTENSION_API_JSON_DECLARATIVE_CONTENT);
254 api->RegisterSchemaResource("fileBrowserHandler",
255 IDR_EXTENSION_API_JSON_FILEBROWSERHANDLER);
256 api->RegisterSchemaResource("inputMethodPrivate",
257 IDR_EXTENSION_API_JSON_INPUTMETHODPRIVATE);
258 api->RegisterSchemaResource("pageAction", IDR_EXTENSION_API_JSON_PAGEACTION);
259 api->RegisterSchemaResource("privacy", IDR_EXTENSION_API_JSON_PRIVACY);
260 api->RegisterSchemaResource("processes", IDR_EXTENSION_API_JSON_PROCESSES);
261 api->RegisterSchemaResource("proxy", IDR_EXTENSION_API_JSON_PROXY);
262 api->RegisterSchemaResource("scriptBadge",
263 IDR_EXTENSION_API_JSON_SCRIPTBADGE);
264 api->RegisterSchemaResource("ttsEngine", IDR_EXTENSION_API_JSON_TTSENGINE);
265 api->RegisterSchemaResource("tts", IDR_EXTENSION_API_JSON_TTS);
266 api->RegisterSchemaResource("types", IDR_EXTENSION_API_JSON_TYPES);
267 api->RegisterSchemaResource("types.private",
268 IDR_EXTENSION_API_JSON_TYPES_PRIVATE);
269 api->RegisterSchemaResource("webstore", IDR_EXTENSION_API_JSON_WEBSTORE);
272 bool ChromeExtensionsClient::ShouldSuppressFatalErrors() const {
273 // Suppress fatal errors only on beta and stable channels.
274 return GetCurrentChannel() > chrome::VersionInfo::CHANNEL_DEV;
277 std::string ChromeExtensionsClient::GetWebstoreBaseURL() const {
278 std::string gallery_prefix = extension_urls::kChromeWebstoreBaseURL;
279 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kAppsGalleryURL))
280 gallery_prefix = CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
281 switches::kAppsGalleryURL);
282 if (EndsWith(gallery_prefix, "/", true))
283 gallery_prefix = gallery_prefix.substr(0, gallery_prefix.length() - 1);
284 return gallery_prefix;
287 std::string ChromeExtensionsClient::GetWebstoreUpdateURL() const {
288 CommandLine* cmdline = CommandLine::ForCurrentProcess();
289 if (cmdline->HasSwitch(switches::kAppsGalleryUpdateURL))
290 return cmdline->GetSwitchValueASCII(switches::kAppsGalleryUpdateURL);
292 return extension_urls::GetDefaultWebstoreUpdateUrl().spec();
295 bool ChromeExtensionsClient::IsBlacklistUpdateURL(const GURL& url) const {
296 // The extension blacklist URL is returned from the update service and
297 // therefore not determined by Chromium. If the location of the blacklist file
298 // ever changes, we need to update this function. A DCHECK in the
299 // ExtensionUpdater ensures that we notice a change. This is the full URL
301 // http://www.gstatic.com/chrome/extensions/blacklist/l_0_0_0_7.txt
302 return StartsWithASCII(url.spec(), kExtensionBlocklistUrlPrefix, true) ||
303 StartsWithASCII(url.spec(), kExtensionBlocklistHttpsUrlPrefix, true);
307 ChromeExtensionsClient* ChromeExtensionsClient::GetInstance() {
308 return g_client.Pointer();
311 } // namespace extensions