// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/extensions/crx_installer.h"
#include <map>
#include <set>
#include "base/file_util.h"
#include "base/lazy_instance.h"
#include "base/memory/scoped_temp_dir.h"
#include "base/metrics/histogram.h"
#include "base/path_service.h"
#include "base/stl_util-inl.h"
#include "base/stringprintf.h"
#include "base/task.h"
#include "base/threading/thread_restrictions.h"
#include "base/time.h"
#include "base/utf_string_conversions.h"
#include "base/version.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/extensions/convert_user_script.h"
#include "chrome/browser/extensions/convert_web_app.h"
#include "chrome/browser/extensions/extension_error_reporter.h"
#include "chrome/browser/extensions/extension_service.h"
#include "chrome/browser/shell_integration.h"
#include "chrome/browser/web_applications/web_app.h"
#include "chrome/common/chrome_paths.h"
#include "chrome/common/extensions/extension_constants.h"
#include "chrome/common/extensions/extension_file_util.h"
#include "content/browser/browser_thread.h"
#include "content/common/notification_service.h"
#include "content/common/notification_type.h"
#include "grit/chromium_strings.h"
#include "grit/generated_resources.h"
#include "grit/theme_resources.h"
#include "third_party/skia/include/core/SkBitmap.h"
#include "ui/base/l10n/l10n_util.h"
#include "ui/base/resource/resource_bundle.h"
namespace {
struct WhitelistedInstallData {
WhitelistedInstallData() {}
std::set<std::string> ids;
std::map<std::string, linked_ptr<DictionaryValue> > manifests;
};
static base::LazyInstance<WhitelistedInstallData>
g_whitelisted_install_data(base::LINKER_INITIALIZED);
} // namespace
// static
void CrxInstaller::SetWhitelistedInstallId(const std::string& id) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
g_whitelisted_install_data.Get().ids.insert(id);
}
// static
void CrxInstaller::SetWhitelistedManifest(const std::string& id,
DictionaryValue* parsed_manifest) {
CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
WhitelistedInstallData& data = g_whitelisted_install_data.Get();
data.manifests[id] = linked_ptr<DictionaryValue>(parsed_manifest);
}
// static
const DictionaryValue* CrxInstaller::GetWhitelistedManifest(
const std::string& id) {
WhitelistedInstallData& data = g_whitelisted_install_data.Get();
if (ContainsKey(data.manifests, id))
return data.manifests[id].get();
else
return NULL;
}
// static
DictionaryValue* CrxInstaller::RemoveWhitelistedManifest(
const std::string& id) {
WhitelistedInstallData& data = g_whitelisted_install_data.Get();
if (ContainsKey(data.manifests, id)) {
DictionaryValue* manifest = data.manifests[id].release();
data.manifests.erase(id);
return manifest;
}
return NULL;
}
// static
bool CrxInstaller::IsIdWhitelisted(const std::string& id) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
std::set<std::string>& ids = g_whitelisted_install_data.Get().ids;
return ContainsKey(ids, id);
}
// static
bool CrxInstaller::ClearWhitelistedInstallId(const std::string& id) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
std::set<std::string>& ids = g_whitelisted_install_data.Get().ids;
if (ContainsKey(ids, id)) {
ids.erase(id);
return true;
}
return false;
}
CrxInstaller::CrxInstaller(ExtensionService* frontend,
ExtensionInstallUI* client)
: install_directory_(frontend->install_directory()),
install_source_(Extension::INTERNAL),
extensions_enabled_(frontend->extensions_enabled()),
delete_source_(false),
is_gallery_install_(false),
create_app_shortcut_(false),
frontend_(frontend),
client_(client),
apps_require_extension_mime_type_(false),
allow_silent_install_(false) {
}
CrxInstaller::~CrxInstaller() {
// Delete the temp directory and crx file as necessary. Note that the
// destructor might be called on any thread, so we post a task to the file
// thread to make sure the delete happens there.
if (!temp_dir_.value().empty()) {
BrowserThread::PostTask(
BrowserThread::FILE, FROM_HERE,
NewRunnableFunction(
&extension_file_util::DeleteFile, temp_dir_, true));
}
if (delete_source_) {
BrowserThread::PostTask(
BrowserThread::FILE, FROM_HERE,
NewRunnableFunction(
&extension_file_util::DeleteFile, source_file_, false));
}
// Make sure the UI is deleted on the ui thread.
BrowserThread::DeleteSoon(BrowserThread::UI, FROM_HERE, client_);
client_ = NULL;
}
void CrxInstaller::InstallCrx(const FilePath& source_file) {
source_file_ = source_file;
scoped_refptr<SandboxedExtensionUnpacker> unpacker(
new SandboxedExtensionUnpacker(
source_file,
g_browser_process->resource_dispatcher_host(),
this));
BrowserThread::PostTask(
BrowserThread::FILE, FROM_HERE,
NewRunnableMethod(
unpacker.get(), &SandboxedExtensionUnpacker::Start));
}
void CrxInstaller::InstallUserScript(const FilePath& source_file,
const GURL& original_url) {
DCHECK(!original_url.is_empty());
source_file_ = source_file;
original_url_ = original_url;
BrowserThread::PostTask(
BrowserThread::FILE, FROM_HERE,
NewRunnableMethod(this, &CrxInstaller::ConvertUserScriptOnFileThread));
}
void CrxInstaller::ConvertUserScriptOnFileThread() {
std::string error;
scoped_refptr<Extension> extension =
ConvertUserScriptToExtension(source_file_, original_url_, &error);
if (!extension) {
ReportFailureFromFileThread(error);
return;
}
OnUnpackSuccess(extension->path(), extension->path(), extension);
}
void CrxInstaller::InstallWebApp(const WebApplicationInfo& web_app) {
BrowserThread::PostTask(
BrowserThread::FILE, FROM_HERE,
NewRunnableMethod(this, &CrxInstaller::ConvertWebAppOnFileThread,
web_app));
}
void CrxInstaller::ConvertWebAppOnFileThread(
const WebApplicationInfo& web_app) {
std::string error;
scoped_refptr<Extension> extension(
ConvertWebAppToExtension(web_app, base::Time::Now()));
if (!extension) {
// Validation should have stopped any potential errors before getting here.
NOTREACHED() << "Could not convert web app to extension.";
return;
}
// TODO(aa): conversion data gets lost here :(
OnUnpackSuccess(extension->path(), extension->path(), extension);
}
bool CrxInstaller::AllowInstall(const Extension* extension,
std::string* error) {
DCHECK(error);
// Make sure the expected id matches.
if (!expected_id_.empty() && expected_id_ != extension->id()) {
*error = base::StringPrintf(
"ID in new CRX manifest (%s) does not match expected id (%s)",
extension->id().c_str(),
expected_id_.c_str());
return false;
}
if (expected_version_.get() &&
!expected_version_->Equals(*extension->version())) {
*error = base::StringPrintf(
"Version in new CRX %s manifest (%s) does not match expected "
"version (%s)",
extension->id().c_str(),
expected_version_->GetString().c_str(),
extension->version()->GetString().c_str());
return false;
}
// The checks below are skipped for themes and external installs.
if (extension->is_theme() || Extension::IsExternalLocation(install_source_))
return true;
if (!extensions_enabled_) {
*error = "Extensions are not enabled.";
return false;
}
if (extension_->is_app()) {
// If the app was downloaded, apps_require_extension_mime_type_
// will be set. In this case, check that it was served with the
// right mime type. Make an exception for file URLs, which come
// from the users computer and have no headers.
if (!original_url_.SchemeIsFile() &&
apps_require_extension_mime_type_ &&
original_mime_type_ != Extension::kMimeType) {
*error = base::StringPrintf(
"Apps must be served with content type %s.",
Extension::kMimeType);
return false;
}
// If the client_ is NULL, then the app is either being installed via
// an internal mechanism like sync, external_extensions, or default apps.
// In that case, we don't want to enforce things like the install origin.
if (!is_gallery_install_ && client_) {
// For apps with a gallery update URL, require that they be installed
// from the gallery.
// TODO(erikkay) Apply this rule for paid extensions and themes as well.
if (extension->UpdatesFromGallery()) {
*error = l10n_util::GetStringFUTF8(
IDS_EXTENSION_DISALLOW_NON_DOWNLOADED_GALLERY_INSTALLS,
l10n_util::GetStringUTF16(IDS_EXTENSION_WEB_STORE_TITLE));
return false;
}
// For self-hosted apps, verify that the entire extent is on the same
// host (or a subdomain of the host) the download happened from. There's
// no way for us to verify that the app controls any other hosts.
URLPattern pattern(UserScript::kValidUserScriptSchemes);
pattern.set_host(original_url_.host());
pattern.set_match_subdomains(true);
ExtensionExtent::PatternList patterns =
extension_->web_extent().patterns();
for (size_t i = 0; i < patterns.size(); ++i) {
if (!pattern.MatchesHost(patterns[i].host())) {
*error = base::StringPrintf(
"Apps must be served from the host that they affect.");
return false;
}
}
}
}
return true;
}
void CrxInstaller::OnUnpackFailure(const std::string& error_message) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE));
ReportFailureFromFileThread(error_message);
}
void CrxInstaller::OnUnpackSuccess(const FilePath& temp_dir,
const FilePath& extension_dir,
const Extension* extension) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE));
// Note: We take ownership of |extension| and |temp_dir|.
extension_ = extension;
temp_dir_ = temp_dir;
// We don't have to delete the unpack dir explicity since it is a child of
// the temp dir.
unpacked_extension_root_ = extension_dir;
std::string error;
if (!AllowInstall(extension, &error)) {
ReportFailureFromFileThread(error);
return;
}
if (client_) {
Extension::DecodeIcon(extension_.get(), Extension::EXTENSION_ICON_LARGE,
&install_icon_);
}
BrowserThread::PostTask(
BrowserThread::UI, FROM_HERE,
NewRunnableMethod(this, &CrxInstaller::ConfirmInstall));
}
// Helper method to let us compare a whitelisted manifest with the actual
// downloaded extension's manifest, but ignoring the kPublicKey since the
// whitelisted manifest doesn't have that value.
static bool EqualsIgnoringPublicKey(
const DictionaryValue& extension_manifest,
const DictionaryValue& whitelisted_manifest) {
scoped_ptr<DictionaryValue> manifest_copy(extension_manifest.DeepCopy());
manifest_copy->Remove(extension_manifest_keys::kPublicKey, NULL);
return manifest_copy->Equals(&whitelisted_manifest);
}
void CrxInstaller::ConfirmInstall() {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
if (frontend_->extension_prefs()->IsExtensionBlacklisted(extension_->id())) {
VLOG(1) << "This extension: " << extension_->id()
<< " is blacklisted. Install failed.";
ReportFailureFromUIThread("This extension is blacklisted.");
return;
}
if (!frontend_->extension_prefs()->IsExtensionAllowedByPolicy(
extension_->id())) {
ReportFailureFromUIThread("This extension is blacklisted by admin policy.");
return;
}
GURL overlapping_url;
const Extension* overlapping_extension =
frontend_->GetExtensionByOverlappingWebExtent(extension_->web_extent());
if (overlapping_extension &&
overlapping_extension->id() != extension_->id()) {
ReportFailureFromUIThread(l10n_util::GetStringFUTF8(
IDS_EXTENSION_OVERLAPPING_WEB_EXTENT,
UTF8ToUTF16(overlapping_extension->name())));
return;
}
current_version_ =
frontend_->extension_prefs()->GetVersionString(extension_->id());
// First see if it's whitelisted by id (the old mechanism).
bool whitelisted = ClearWhitelistedInstallId(extension_->id()) &&
extension_->plugins().empty() && is_gallery_install_;
// Now check if it's whitelisted by manifest.
scoped_ptr<DictionaryValue> whitelisted_manifest(
RemoveWhitelistedManifest(extension_->id()));
if (is_gallery_install_ && whitelisted_manifest.get()) {
if (!EqualsIgnoringPublicKey(*extension_->manifest_value(),
*whitelisted_manifest)) {
ReportFailureFromUIThread(
l10n_util::GetStringUTF8(IDS_EXTENSION_MANIFEST_INVALID));
return;
}
whitelisted = true;
}
if (client_ &&
(!allow_silent_install_ || !whitelisted)) {
AddRef(); // Balanced in Proceed() and Abort().
client_->ConfirmInstall(this, extension_.get());
} else {
BrowserThread::PostTask(
BrowserThread::FILE, FROM_HERE,
NewRunnableMethod(this, &CrxInstaller::CompleteInstall));
}
return;
}
void CrxInstaller::InstallUIProceed() {
BrowserThread::PostTask(
BrowserThread::FILE, FROM_HERE,
NewRunnableMethod(this, &CrxInstaller::CompleteInstall));
Release(); // balanced in ConfirmInstall().
}
void CrxInstaller::InstallUIAbort() {
// Technically, this can be called for other reasons than the user hitting
// cancel, but they're rare.
ExtensionService::RecordPermissionMessagesHistogram(
extension_, "Extensions.Permissions_InstallCancel");
// Kill the theme loading bubble.
NotificationService* service = NotificationService::current();
service->Notify(NotificationType::NO_THEME_DETECTED,
Source<CrxInstaller>(this),
NotificationService::NoDetails());
Release(); // balanced in ConfirmInstall().
// We're done. Since we don't post any more tasks to ourself, our ref count
// should go to zero and we die. The destructor will clean up the temp dir.
}
void CrxInstaller::CompleteInstall() {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE));
if (!current_version_.empty()) {
scoped_ptr<Version> current_version(
Version::GetVersionFromString(current_version_));
if (current_version->CompareTo(*(extension_->version())) > 0) {
ReportFailureFromFileThread("Attempted to downgrade extension.");
return;
}
}
// See how long extension install paths are. This is important on
// windows, because file operations may fail if the path to a file
// exceeds a small constant. See crbug.com/69693 .
UMA_HISTOGRAM_CUSTOM_COUNTS(
"Extensions.CrxInstallDirPathLength",
install_directory_.value().length(), 0, 500, 100);
FilePath version_dir = extension_file_util::InstallExtension(
unpacked_extension_root_,
extension_->id(),
extension_->VersionString(),
install_directory_);
if (version_dir.empty()) {
ReportFailureFromFileThread(
l10n_util::GetStringUTF8(
IDS_EXTENSION_MOVE_DIRECTORY_TO_PROFILE_FAILED));
return;
}
// This is lame, but we must reload the extension because absolute paths
// inside the content scripts are established inside InitFromValue() and we
// just moved the extension.
// TODO(aa): All paths to resources inside extensions should be created
// lazily and based on the Extension's root path at that moment.
std::string error;
extension_ = extension_file_util::LoadExtension(
version_dir,
install_source_,
Extension::REQUIRE_KEY,
&error);
CHECK(error.empty()) << error;
ReportSuccessFromFileThread();
}
void CrxInstaller::ReportFailureFromFileThread(const std::string& error) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE));
BrowserThread::PostTask(
BrowserThread::UI, FROM_HERE,
NewRunnableMethod(this, &CrxInstaller::ReportFailureFromUIThread, error));
}
void CrxInstaller::ReportFailureFromUIThread(const std::string& error) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
NotificationService* service = NotificationService::current();
service->Notify(NotificationType::EXTENSION_INSTALL_ERROR,
Source<CrxInstaller>(this),
Details<const std::string>(&error));
// This isn't really necessary, it is only used because unit tests expect to
// see errors get reported via this interface.
//
// TODO(aa): Need to go through unit tests and clean them up too, probably get
// rid of this line.
ExtensionErrorReporter::GetInstance()->ReportError(error, false); // quiet
if (client_)
client_->OnInstallFailure(error);
}
void CrxInstaller::ReportSuccessFromFileThread() {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE));
BrowserThread::PostTask(
BrowserThread::UI, FROM_HERE,
NewRunnableMethod(this, &CrxInstaller::ReportSuccessFromUIThread));
}
void CrxInstaller::ReportSuccessFromUIThread() {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
// If there is a client, tell the client about installation.
if (client_)
client_->OnInstallSuccess(extension_.get(), install_icon_.get());
// Tell the frontend about the installation and hand off ownership of
// extension_ to it.
frontend_->OnExtensionInstalled(extension_);
extension_ = NULL;
// We're done. We don't post any more tasks to ourselves so we are deleted
// soon.
}