extensions/renderer/extension_injection_host.cc

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "extensions/renderer/extension_injection_host.h"
   6
   7 #include "content/public/renderer/render_frame.h"
   8 #include "extensions/common/constants.h"
   9 #include "extensions/common/extension_set.h"
  10 #include "extensions/common/manifest_handlers/csp_info.h"
  11 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h"
  12 #include "third_party/WebKit/public/web/WebLocalFrame.h"
  13
  14 namespace extensions {
  15
  16 ExtensionInjectionHost::ExtensionInjectionHost(
  17     const Extension* extension)
  18     : InjectionHost(HostID(HostID::EXTENSIONS, extension->id())),
  19       extension_(extension) {
  20 }
  21
  22 ExtensionInjectionHost::~ExtensionInjectionHost() {
  23 }
  24
  25 // static
  26 scoped_ptr<const InjectionHost> ExtensionInjectionHost::Create(
  27     const std::string& extension_id,
  28     const ExtensionSet* extensions) {
  29   const Extension* extension = extensions->GetByID(extension_id);
  30   if (!extension)
  31     return scoped_ptr<const ExtensionInjectionHost>();
  32   return scoped_ptr<const ExtensionInjectionHost>(
  33       new ExtensionInjectionHost(extension));
  34 }
  35
  36 std::string ExtensionInjectionHost::GetContentSecurityPolicy() const {
  37   return CSPInfo::GetContentSecurityPolicy(extension_);
  38 }
  39
  40 const GURL& ExtensionInjectionHost::url() const {
  41   return extension_->url();
  42 }
  43
  44 const std::string& ExtensionInjectionHost::name() const {
  45   return extension_->name();
  46 }
  47
  48 PermissionsData::AccessType ExtensionInjectionHost::CanExecuteOnFrame(
  49     const GURL& document_url,
  50     content::RenderFrame* render_frame,
  51     int tab_id,
  52     bool is_declarative) const {
  53   // If we don't have a tab id, we have no UI surface to ask for user consent.
  54   // For now, we treat this as an automatic allow.
  55   if (tab_id == -1)
  56     return PermissionsData::ACCESS_ALLOWED;
  57
  58   blink::WebSecurityOrigin top_frame_security_origin =
  59       render_frame->GetWebFrame()->top()->securityOrigin();
  60   if (top_frame_security_origin.protocol().utf8() == kExtensionScheme &&
  61       top_frame_security_origin.host().utf8() != extension_->id())
  62     return PermissionsData::ACCESS_DENIED;
  63
  64   // Declarative user scripts use "page access" (from "permissions" section in
  65   // manifest) whereas non-declarative user scripts use custom
  66   // "content script access" logic.
  67   if (is_declarative) {
  68     return extension_->permissions_data()->GetPageAccess(
  69         extension_,
  70         document_url,
  71         tab_id,
  72         -1,  // no process id
  73         nullptr /* ignore error */);
  74   } else {
  75     return extension_->permissions_data()->GetContentScriptAccess(
  76         extension_,
  77         document_url,
  78         tab_id,
  79         -1,  // no process id
  80         nullptr /* ignore error */);
  81   }
  82 }
  83
  84 bool ExtensionInjectionHost::ShouldNotifyBrowserOfInjection() const {
  85   // We notify the browser of any injection if the extension has no withheld
  86   // permissions (i.e., the permissions weren't restricted), but would have
  87   // otherwise been affected by the scripts-require-action feature.
  88   return extension_->permissions_data()->withheld_permissions()->IsEmpty() &&
  89          PermissionsData::ScriptsMayRequireActionForExtension(
  90              extension_,
  91              extension_->permissions_data()->active_permissions().get());
  92 }
  93
  94 }  // namespace extensions