mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

fix: ensure extensions w/o a background page have file access (#29123)

Browse source
This commit is contained in:
Shelley Vohr 2021-05-14 14:06:55 +02:00 committed by GitHub
parent b7a23450b7
commit cba6626af8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
shell/browser/electron_browser_client.cc
View file

@ -27,6 +27,7 @@
#include "base/task/post_task.h"
#include "chrome/browser/browser_process.h"
#include "chrome/common/chrome_paths.h"
#include "chrome/common/chrome_switches.h"
#include "chrome/common/chrome_version.h"
#include "components/net_log/chrome_net_log.h"
#include "components/network_hints/common/network_hints.mojom.h"
@ -144,6 +145,7 @@
#include "extensions/browser/extension_message_filter.h"
#include "extensions/browser/extension_navigation_throttle.h"
#include "extensions/browser/extension_navigation_ui_data.h"
#include "extensions/browser/extension_prefs.h"
#include "extensions/browser/extension_protocols.h"
#include "extensions/browser/extension_registry.h"
#include "extensions/browser/extensions_browser_client.h"
@ -225,6 +227,15 @@ enum class RenderProcessHostPrivilege {
kExtension,
};
// Copied from chrome/browser/extensions/extension_util.cc.
bool AllowFileAccess(const std::string& extension_id,
content::BrowserContext* context) {
return base::CommandLine::ForCurrentProcess()->HasSwitch(
::switches::kDisableExtensionsFileAccessCheck) ||
extensions::ExtensionPrefs::Get(context)->AllowFileAccess(
extension_id);
}
RenderProcessHostPrivilege GetPrivilegeRequiredByUrl(
const GURL& url,
extensions::ExtensionRegistry* registry) {
@ -1182,12 +1193,12 @@ void ElectronBrowserClient::RegisterNonNetworkSubresourceURLLoaderFactories(
{content::kChromeUIResourcesHost}));
}
// Extension with a background page get file access that gets approval from
// ChildProcessSecurityPolicy.
extensions::ExtensionHost* host =
extensions::ProcessManager::Get(web_contents->GetBrowserContext())
->GetBackgroundHostForExtension(extension->id());
if (host) {
// Extensions with the necessary permissions get access to file:// URLs that
// gets approval from ChildProcessSecurityPolicy. Keep this logic in sync with
// ExtensionWebContentsObserver::RenderFrameCreated.
extensions::Manifest::Type type = extension->GetType();
if (type == extensions::Manifest::TYPE_EXTENSION &&
AllowFileAccess(extension->id(), web_contents->GetBrowserContext())) {
factories->emplace(url::kFileScheme,
FileURLLoaderFactory::Create(render_process_id));
}