|  | // Copyright 2013 The Chromium Authors. All rights reserved. | 
|  | // Use of this source code is governed by a BSD-style license that can be | 
|  | // found in the LICENSE file. | 
|  |  | 
|  | #include "chrome/browser/extensions/extension_util.h" | 
|  |  | 
|  | #include <vector> | 
|  |  | 
|  | #include "base/command_line.h" | 
|  | #include "base/feature_list.h" | 
|  | #include "base/logging.h" | 
|  | #include "base/metrics/field_trial.h" | 
|  | #include "base/values.h" | 
|  | #include "build/build_config.h" | 
|  | #include "chrome/browser/extensions/extension_service.h" | 
|  | #include "chrome/browser/extensions/extension_sync_service.h" | 
|  | #include "chrome/browser/extensions/permissions_updater.h" | 
|  | #include "chrome/browser/extensions/scripting_permissions_modifier.h" | 
|  | #include "chrome/browser/extensions/shared_module_service.h" | 
|  | #include "chrome/browser/profiles/profile.h" | 
|  | #include "chrome/browser/ui/webui/extensions/extension_icon_source.h" | 
|  | #include "chrome/common/chrome_features.h" | 
|  | #include "chrome/common/chrome_switches.h" | 
|  | #include "chrome/common/extensions/sync_helper.h" | 
|  | #include "components/variations/variations_associated_data.h" | 
|  | #include "content/public/browser/site_instance.h" | 
|  | #include "extensions/browser/extension_prefs.h" | 
|  | #include "extensions/browser/extension_registry.h" | 
|  | #include "extensions/browser/extension_system.h" | 
|  | #include "extensions/browser/extension_util.h" | 
|  | #include "extensions/common/extension.h" | 
|  | #include "extensions/common/extension_icon_set.h" | 
|  | #include "extensions/common/manifest.h" | 
|  | #include "extensions/common/manifest_handlers/app_isolation_info.h" | 
|  | #include "extensions/common/manifest_handlers/incognito_info.h" | 
|  | #include "extensions/common/permissions/permissions_data.h" | 
|  | #include "extensions/grit/extensions_browser_resources.h" | 
|  | #include "ui/base/resource/resource_bundle.h" | 
|  | #include "url/gurl.h" | 
|  |  | 
|  | #if defined(OS_CHROMEOS) | 
|  | #include "chrome/browser/chromeos/file_manager/app_id.h" | 
|  | #endif | 
|  |  | 
|  | namespace extensions { | 
|  | namespace util { | 
|  |  | 
|  | namespace { | 
|  | // The entry into the prefs used to flag an extension as installed by custodian. | 
|  | // It is relevant only for supervised users. | 
|  | const char kWasInstalledByCustodianPrefName[] = "was_installed_by_custodian"; | 
|  |  | 
|  | // Returns |extension_id|. See note below. | 
|  | std::string ReloadExtensionIfEnabled(const std::string& extension_id, | 
|  | content::BrowserContext* context) { | 
|  | ExtensionRegistry* registry = ExtensionRegistry::Get(context); | 
|  | bool extension_is_enabled = | 
|  | registry->enabled_extensions().Contains(extension_id); | 
|  |  | 
|  | if (!extension_is_enabled) | 
|  | return extension_id; | 
|  |  | 
|  | // When we reload the extension the ID may be invalidated if we've passed it | 
|  | // by const ref everywhere. Make a copy to be safe. http://crbug.com/103762 | 
|  | std::string id = extension_id; | 
|  | ExtensionService* service = | 
|  | ExtensionSystem::Get(context)->extension_service(); | 
|  | CHECK(service); | 
|  | service->ReloadExtension(id); | 
|  | return id; | 
|  | } | 
|  |  | 
|  | }  // namespace | 
|  |  | 
|  | void SetIsIncognitoEnabled(const std::string& extension_id, | 
|  | content::BrowserContext* context, | 
|  | bool enabled) { | 
|  | ExtensionRegistry* registry = ExtensionRegistry::Get(context); | 
|  | const Extension* extension = | 
|  | registry->GetExtensionById(extension_id, ExtensionRegistry::EVERYTHING); | 
|  |  | 
|  | if (extension) { | 
|  | if (!util::CanBeIncognitoEnabled(extension)) | 
|  | return; | 
|  |  | 
|  | // TODO(treib,kalman): Should this be Manifest::IsComponentLocation(..)? | 
|  | // (which also checks for EXTERNAL_COMPONENT). | 
|  | if (extension->location() == Manifest::COMPONENT) { | 
|  | // This shouldn't be called for component extensions unless it is called | 
|  | // by sync, for syncable component extensions. | 
|  | // See http://crbug.com/112290 and associated CLs for the sordid history. | 
|  | bool syncable = sync_helper::IsSyncableComponentExtension(extension); | 
|  | #if defined(OS_CHROMEOS) | 
|  | // For some users, the file manager app somehow ended up being synced even | 
|  | // though it's supposed to be unsyncable; see crbug.com/576964. If the bad | 
|  | // data ever gets cleaned up, this hack should be removed. | 
|  | syncable = syncable || extension->id() == file_manager::kFileManagerAppId; | 
|  | #endif | 
|  | DCHECK(syncable); | 
|  |  | 
|  | // If we are here, make sure the we aren't trying to change the value. | 
|  | DCHECK_EQ(enabled, IsIncognitoEnabled(extension_id, context)); | 
|  | return; | 
|  | } | 
|  | } | 
|  |  | 
|  | ExtensionPrefs* extension_prefs = ExtensionPrefs::Get(context); | 
|  | // Broadcast unloaded and loaded events to update browser state. Only bother | 
|  | // if the value changed and the extension is actually enabled, since there is | 
|  | // no UI otherwise. | 
|  | bool old_enabled = extension_prefs->IsIncognitoEnabled(extension_id); | 
|  | if (enabled == old_enabled) | 
|  | return; | 
|  |  | 
|  | extension_prefs->SetIsIncognitoEnabled(extension_id, enabled); | 
|  |  | 
|  | std::string id = ReloadExtensionIfEnabled(extension_id, context); | 
|  |  | 
|  | // Reloading the extension invalidates the |extension| pointer. | 
|  | extension = registry->GetExtensionById(id, ExtensionRegistry::EVERYTHING); | 
|  | if (extension) { | 
|  | Profile* profile = Profile::FromBrowserContext(context); | 
|  | ExtensionSyncService::Get(profile)->SyncExtensionChangeIfNeeded(*extension); | 
|  | } | 
|  | } | 
|  |  | 
|  | bool CanCrossIncognito(const Extension* extension, | 
|  | content::BrowserContext* context) { | 
|  | // We allow the extension to see events and data from another profile iff it | 
|  | // uses "spanning" behavior and it has incognito access. "split" mode | 
|  | // extensions only see events for a matching profile. | 
|  | CHECK(extension); | 
|  | return IsIncognitoEnabled(extension->id(), context) && | 
|  | !IncognitoInfo::IsSplitMode(extension); | 
|  | } | 
|  |  | 
|  | bool CanLoadInIncognito(const Extension* extension, | 
|  | content::BrowserContext* context) { | 
|  | CHECK(extension); | 
|  | if (extension->is_hosted_app()) | 
|  | return true; | 
|  | // Packaged apps and regular extensions need to be enabled specifically for | 
|  | // incognito (and split mode should be set). | 
|  | return IncognitoInfo::IsSplitMode(extension) && | 
|  | IsIncognitoEnabled(extension->id(), context); | 
|  | } | 
|  |  | 
|  | bool AllowFileAccess(const std::string& extension_id, | 
|  | content::BrowserContext* context) { | 
|  | return base::CommandLine::ForCurrentProcess()->HasSwitch( | 
|  | switches::kDisableExtensionsFileAccessCheck) || | 
|  | ExtensionPrefs::Get(context)->AllowFileAccess(extension_id); | 
|  | } | 
|  |  | 
|  | void SetAllowFileAccess(const std::string& extension_id, | 
|  | content::BrowserContext* context, | 
|  | bool allow) { | 
|  | // Reload to update browser state. Only bother if the value changed and the | 
|  | // extension is actually enabled, since there is no UI otherwise. | 
|  | if (allow == AllowFileAccess(extension_id, context)) | 
|  | return; | 
|  |  | 
|  | ExtensionPrefs::Get(context)->SetAllowFileAccess(extension_id, allow); | 
|  |  | 
|  | ReloadExtensionIfEnabled(extension_id, context); | 
|  | } | 
|  |  | 
|  | void SetWasInstalledByCustodian(const std::string& extension_id, | 
|  | content::BrowserContext* context, | 
|  | bool installed_by_custodian) { | 
|  | if (installed_by_custodian == WasInstalledByCustodian(extension_id, context)) | 
|  | return; | 
|  |  | 
|  | ExtensionPrefs::Get(context)->UpdateExtensionPref( | 
|  | extension_id, kWasInstalledByCustodianPrefName, | 
|  | installed_by_custodian ? base::MakeUnique<base::Value>(true) : nullptr); | 
|  | ExtensionService* service = | 
|  | ExtensionSystem::Get(context)->extension_service(); | 
|  |  | 
|  | if (!installed_by_custodian) { | 
|  | // If installed_by_custodian changes to false, the extension may need to | 
|  | // be unloaded now. | 
|  | service->ReloadExtension(extension_id); | 
|  | return; | 
|  | } | 
|  |  | 
|  | ExtensionRegistry* registry = ExtensionRegistry::Get(context); | 
|  | // If it is already enabled, do nothing. | 
|  | if (registry->enabled_extensions().Contains(extension_id)) | 
|  | return; | 
|  |  | 
|  | // If the extension is not loaded, it may need to be reloaded. | 
|  | // Example is a pre-installed extension that was unloaded when a | 
|  | // supervised user flag has been received. | 
|  | if (!registry->GetInstalledExtension(extension_id)) { | 
|  | service->ReloadExtension(extension_id); | 
|  | } | 
|  | } | 
|  |  | 
|  | bool WasInstalledByCustodian(const std::string& extension_id, | 
|  | content::BrowserContext* context) { | 
|  | bool installed_by_custodian = false; | 
|  | ExtensionPrefs* prefs = ExtensionPrefs::Get(context); | 
|  | prefs->ReadPrefAsBoolean(extension_id, kWasInstalledByCustodianPrefName, | 
|  | &installed_by_custodian); | 
|  | return installed_by_custodian; | 
|  | } | 
|  |  | 
|  | bool IsAppLaunchable(const std::string& extension_id, | 
|  | content::BrowserContext* context) { | 
|  | int reason = ExtensionPrefs::Get(context)->GetDisableReasons(extension_id); | 
|  | return !((reason & Extension::DISABLE_UNSUPPORTED_REQUIREMENT) || | 
|  | (reason & Extension::DISABLE_CORRUPTED)); | 
|  | } | 
|  |  | 
|  | bool IsAppLaunchableWithoutEnabling(const std::string& extension_id, | 
|  | content::BrowserContext* context) { | 
|  | return ExtensionRegistry::Get(context)->GetExtensionById( | 
|  | extension_id, ExtensionRegistry::ENABLED) != NULL; | 
|  | } | 
|  |  | 
|  | bool ShouldSync(const Extension* extension, | 
|  | content::BrowserContext* context) { | 
|  | return sync_helper::IsSyncable(extension) && | 
|  | !ExtensionPrefs::Get(context)->DoNotSync(extension->id()); | 
|  | } | 
|  |  | 
|  | bool IsExtensionIdle(const std::string& extension_id, | 
|  | content::BrowserContext* context) { | 
|  | std::vector<std::string> ids_to_check; | 
|  | ids_to_check.push_back(extension_id); | 
|  |  | 
|  | const Extension* extension = | 
|  | ExtensionRegistry::Get(context) | 
|  | ->GetExtensionById(extension_id, ExtensionRegistry::ENABLED); | 
|  | if (extension && extension->is_shared_module()) { | 
|  | // We have to check all the extensions that use this shared module for idle | 
|  | // to tell whether it is really 'idle'. | 
|  | SharedModuleService* service = ExtensionSystem::Get(context) | 
|  | ->extension_service() | 
|  | ->shared_module_service(); | 
|  | std::unique_ptr<ExtensionSet> dependents = | 
|  | service->GetDependentExtensions(extension); | 
|  | for (ExtensionSet::const_iterator i = dependents->begin(); | 
|  | i != dependents->end(); | 
|  | i++) { | 
|  | ids_to_check.push_back((*i)->id()); | 
|  | } | 
|  | } | 
|  |  | 
|  | ProcessManager* process_manager = ProcessManager::Get(context); | 
|  | for (std::vector<std::string>::const_iterator i = ids_to_check.begin(); | 
|  | i != ids_to_check.end(); | 
|  | i++) { | 
|  | const std::string id = (*i); | 
|  | ExtensionHost* host = process_manager->GetBackgroundHostForExtension(id); | 
|  | if (host) | 
|  | return false; | 
|  |  | 
|  | scoped_refptr<content::SiteInstance> site_instance = | 
|  | process_manager->GetSiteInstanceForURL( | 
|  | Extension::GetBaseURLFromExtensionId(id)); | 
|  | if (site_instance && site_instance->HasProcess()) | 
|  | return false; | 
|  |  | 
|  | if (!process_manager->GetRenderFrameHostsForExtension(id).empty()) | 
|  | return false; | 
|  | } | 
|  | return true; | 
|  | } | 
|  |  | 
|  | std::unique_ptr<base::DictionaryValue> GetExtensionInfo( | 
|  | const Extension* extension) { | 
|  | DCHECK(extension); | 
|  | std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue); | 
|  |  | 
|  | dict->SetString("id", extension->id()); | 
|  | dict->SetString("name", extension->name()); | 
|  |  | 
|  | GURL icon = extensions::ExtensionIconSource::GetIconURL( | 
|  | extension, extension_misc::EXTENSION_ICON_SMALLISH, | 
|  | ExtensionIconSet::MATCH_BIGGER, | 
|  | false);  // Not grayscale. | 
|  | dict->SetString("icon", icon.spec()); | 
|  |  | 
|  | return dict; | 
|  | } | 
|  |  | 
|  | const gfx::ImageSkia& GetDefaultAppIcon() { | 
|  | return *ResourceBundle::GetSharedInstance().GetImageSkiaNamed( | 
|  | IDR_APP_DEFAULT_ICON); | 
|  | } | 
|  |  | 
|  | const gfx::ImageSkia& GetDefaultExtensionIcon() { | 
|  | return *ResourceBundle::GetSharedInstance().GetImageSkiaNamed( | 
|  | IDR_EXTENSION_DEFAULT_ICON); | 
|  | } | 
|  |  | 
|  | bool IsNewBookmarkAppsEnabled() { | 
|  | #if defined(OS_MACOSX) | 
|  | return base::FeatureList::IsEnabled(features::kBookmarkApps); | 
|  | #else | 
|  | return true; | 
|  | #endif | 
|  | } | 
|  |  | 
|  | bool CanHostedAppsOpenInWindows() { | 
|  | #if defined(OS_MACOSX) | 
|  | return base::CommandLine::ForCurrentProcess()->HasSwitch( | 
|  | switches::kEnableHostedAppsInWindows); | 
|  | #else | 
|  | return true; | 
|  | #endif | 
|  | } | 
|  |  | 
|  | bool IsExtensionSupervised(const Extension* extension, Profile* profile) { | 
|  | return WasInstalledByCustodian(extension->id(), profile) && | 
|  | profile->IsSupervised(); | 
|  | } | 
|  |  | 
|  | }  // namespace util | 
|  | }  // namespace extensions |