Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / extensions / extension_management_internal.cc
blobdf1bbe7e51ee722b29e4dffcfba505296e69f6e2
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/extensions/extension_management_internal.h"
7 #include "base/logging.h"
8 #include "base/values.h"
9 #include "base/version.h"
10 #include "chrome/browser/extensions/extension_management_constants.h"
11 #include "extensions/common/url_pattern_set.h"
12 #include "url/gurl.h"
14 namespace extensions {
16 namespace internal {
18 namespace {
19 const char kMalformedPreferenceWarning[] =
20 "Malformed extension management preference.";
21 } // namespace
23 IndividualSettings::IndividualSettings() {
24 Reset();
27 // Initializes from default settings.
28 IndividualSettings::IndividualSettings(
29 const IndividualSettings* default_settings) {
30 installation_mode = default_settings->installation_mode;
31 update_url = default_settings->installation_mode;
32 blocked_permissions = default_settings->blocked_permissions;
33 // We are not initializing |minimum_version_required| from |default_settings|
34 // here since it's not applicable to default settings.
37 IndividualSettings::~IndividualSettings() {
40 bool IndividualSettings::Parse(const base::DictionaryValue* dict,
41 ParsingScope scope) {
42 std::string installation_mode_str;
43 if (dict->GetStringWithoutPathExpansion(schema_constants::kInstallationMode,
44 &installation_mode_str)) {
45 if (installation_mode_str == schema_constants::kAllowed) {
46 installation_mode = ExtensionManagement::INSTALLATION_ALLOWED;
47 } else if (installation_mode_str == schema_constants::kBlocked) {
48 installation_mode = ExtensionManagement::INSTALLATION_BLOCKED;
49 } else if (installation_mode_str == schema_constants::kForceInstalled) {
50 installation_mode = ExtensionManagement::INSTALLATION_FORCED;
51 } else if (installation_mode_str == schema_constants::kNormalInstalled) {
52 installation_mode = ExtensionManagement::INSTALLATION_RECOMMENDED;
53 } else {
54 // Invalid value for 'installation_mode'.
55 LOG(WARNING) << kMalformedPreferenceWarning;
56 return false;
59 // Only proceed to fetch update url if force or recommended install mode
60 // is set.
61 if (installation_mode == ExtensionManagement::INSTALLATION_FORCED ||
62 installation_mode == ExtensionManagement::INSTALLATION_RECOMMENDED) {
63 if (scope != SCOPE_INDIVIDUAL) {
64 // Only individual extensions are allowed to be automatically installed.
65 LOG(WARNING) << kMalformedPreferenceWarning;
66 return false;
68 std::string update_url_str;
69 if (dict->GetStringWithoutPathExpansion(schema_constants::kUpdateUrl,
70 &update_url_str) &&
71 GURL(update_url_str).is_valid()) {
72 update_url = update_url_str;
73 } else {
74 // No valid update URL for extension.
75 LOG(WARNING) << kMalformedPreferenceWarning;
76 return false;
81 // Parses the blocked permission settings.
82 const base::ListValue* list_value = nullptr;
83 base::string16 error;
85 // If applicable, inherit from global block list and remove all explicitly
86 // allowed permissions.
87 if (scope != SCOPE_DEFAULT &&
88 dict->GetListWithoutPathExpansion(schema_constants::kAllowedPermissions,
89 &list_value)) {
90 // It is assumed that Parse() is already called for SCOPE_DEFAULT and
91 // settings specified for |this| is initialized by copying from default
92 // settings, including the |blocked_permissions| setting here.
93 // That is, |blocked_permissions| should be the default block permissions
94 // list settings here.
95 APIPermissionSet globally_blocked_permissions = blocked_permissions;
96 APIPermissionSet explicitly_allowed_permissions;
97 // Reuses code for parsing API permissions from manifest. But note that we
98 // only support list of strings type.
99 if (!APIPermissionSet::ParseFromJSON(
100 list_value,
101 APIPermissionSet::kDisallowInternalPermissions,
102 &explicitly_allowed_permissions,
103 &error,
104 nullptr)) {
105 // There might be unknown permissions, warn and just ignore them;
106 LOG(WARNING) << error;
108 APIPermissionSet::Difference(globally_blocked_permissions,
109 explicitly_allowed_permissions,
110 &blocked_permissions);
113 // Then add all newly blocked permissions to the list.
114 if (dict->GetListWithoutPathExpansion(schema_constants::kBlockedPermissions,
115 &list_value)) {
116 // The |blocked_permissions| might be the result of the routines above,
117 // or remains the same as default block permissions settings.
118 APIPermissionSet permissions_to_merge_from = blocked_permissions;
119 APIPermissionSet permissions_parsed;
120 if (!APIPermissionSet::ParseFromJSON(
121 list_value,
122 APIPermissionSet::kDisallowInternalPermissions,
123 &permissions_parsed,
124 &error,
125 nullptr)) {
126 LOG(WARNING) << error;
128 APIPermissionSet::Union(
129 permissions_to_merge_from, permissions_parsed, &blocked_permissions);
132 // Parses the minimum version settings.
133 std::string minimum_version_required_str;
134 if (scope == SCOPE_INDIVIDUAL &&
135 dict->GetStringWithoutPathExpansion(
136 schema_constants::kMinimumVersionRequired,
137 &minimum_version_required_str)) {
138 scoped_ptr<base::Version> version(
139 new Version(minimum_version_required_str));
140 // We accept a general version string here. Note that count of components in
141 // version string of extensions is limited to 4.
142 if (!version->IsValid())
143 LOG(WARNING) << kMalformedPreferenceWarning;
144 else
145 minimum_version_required = version.Pass();
148 return true;
151 void IndividualSettings::Reset() {
152 installation_mode = ExtensionManagement::INSTALLATION_ALLOWED;
153 update_url.clear();
154 blocked_permissions.clear();
157 GlobalSettings::GlobalSettings() {
158 Reset();
161 GlobalSettings::~GlobalSettings() {
164 void GlobalSettings::Reset() {
165 has_restricted_install_sources = false;
166 install_sources.ClearPatterns();
167 has_restricted_allowed_types = false;
168 allowed_types.clear();
171 } // namespace internal
173 } // namespace extensions