// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/351564777): Remove this and convert code to safer constructs. #pragma allow_unsafe_buffers #endif #include "extensions/browser/sandboxed_unpacker.h" #include <stddef.h> #include <stdint.h> #include <set> #include <string_view> #include <tuple> #include <utility> #include <vector> #include "base/command_line.h" #include "base/files/file_enumerator.h" #include "base/files/file_util.h" #include "base/functional/bind.h" #include "base/i18n/rtl.h" #include "base/json/json_string_value_serializer.h" #include "base/metrics/histogram_macros.h" #include "base/path_service.h" #include "base/strings/string_number_conversions.h" #include "base/strings/utf_string_conversions.h" #include "base/task/sequenced_task_runner.h" #include "base/timer/elapsed_timer.h" #include "build/build_config.h" #include "build/chromeos_buildflags.h" #include "components/crx_file/crx_verifier.h" #include "content/public/browser/browser_task_traits.h" #include "content/public/browser/browser_thread.h" #include "extensions/browser/api/declarative_net_request/file_backed_ruleset_source.h" #include "extensions/browser/api/declarative_net_request/install_index_helper.h" #include "extensions/browser/api/declarative_net_request/ruleset_source.h" #include "extensions/browser/computed_hashes.h" #include "extensions/browser/content_verifier/content_verifier_key.h" #include "extensions/browser/extension_file_task_runner.h" #include "extensions/browser/install/crx_install_error.h" #include "extensions/browser/install/sandboxed_unpacker_failure_reason.h" #include "extensions/browser/install_stage.h" #include "extensions/browser/ruleset_parse_result.h" #include "extensions/browser/verified_contents.h" #include "extensions/browser/zipfile_installer.h" #include "extensions/common/api/declarative_net_request/dnr_manifest_data.h" #include "extensions/common/constants.h" #include "extensions/common/extension.h" #include "extensions/common/extension_id.h" #include "extensions/common/extension_l10n_util.h" #include "extensions/common/extension_resource_path_normalizer.h" #include "extensions/common/extension_utility_types.h" #include "extensions/common/extensions_client.h" #include "extensions/common/features/feature_channel.h" #include "extensions/common/file_util.h" #include "extensions/common/manifest_constants.h" #include "extensions/common/manifest_handlers/default_locale_handler.h" #include "extensions/common/manifest_handlers/icons_handler.h" #include "extensions/common/switches.h" #include "extensions/strings/grit/extensions_strings.h" #include "third_party/skia/include/core/SkBitmap.h" #include "ui/base/l10n/l10n_util.h" #include "ui/gfx/codec/png_codec.h" ASCIIToUTF16; BrowserThread; namespace extensions { namespace { // Work horse for FindWritableTempLocation. Creates a temp file in the folder // and uses NormalizeFilePath to check if the path is junction free. bool VerifyJunctionFreeLocation(base::FilePath* temp_dir) { … } // This function tries to find a location for unpacking the extension archive // that is writable and does not lie on a shared drive so that the sandboxed // unpacking process can write there. If no such location exists we can not // proceed and should fail. // The result will be written to |temp_dir|. The function will write to this // parameter even if it returns false. bool FindWritableTempLocation(const base::FilePath& extensions_dir, base::FilePath* temp_dir) { … } std::set<base::FilePath> GetMessageCatalogPathsToBeSanitized( const base::FilePath& locales_path) { … } // Callback for ComputedHashes::Create, compute hashes for all files except // _metadata directory (e.g. computed_hashes.json itself). bool ShouldComputeHashesForResource( const base::FilePath& relative_resource_path) { … } std::optional<crx_file::VerifierFormat> g_verifier_format_override_for_test; } // namespace class SandboxedUnpacker::IOThreadState { … }; SandboxedUnpackerClient::SandboxedUnpackerClient() : … { … } void SandboxedUnpackerClient::ShouldComputeHashesForOffWebstoreExtension( scoped_refptr<const Extension> extension, base::OnceCallback<void(bool)> callback) { … } void SandboxedUnpackerClient::GetContentVerifierKey( base::OnceCallback<void(ContentVerifierKey)> callback) { … } SandboxedUnpacker::ScopedVerifierFormatOverrideForTest:: ScopedVerifierFormatOverrideForTest(crx_file::VerifierFormat format) { … } SandboxedUnpacker::ScopedVerifierFormatOverrideForTest:: ~ScopedVerifierFormatOverrideForTest() { … } SandboxedUnpacker::SandboxedUnpacker( mojom::ManifestLocation location, int creation_flags, const base::FilePath& extensions_dir, const scoped_refptr<base::SequencedTaskRunner>& unpacker_io_task_runner, SandboxedUnpackerClient* client) : … { … } bool SandboxedUnpacker::CreateTempDirectory() { … } void SandboxedUnpacker::StartWithCrx(const CRXFileInfo& crx_info) { … } void SandboxedUnpacker::StartWithDirectory(const ExtensionId& extension_id, const std::string& public_key, const base::FilePath& directory) { … } SandboxedUnpacker::~SandboxedUnpacker() { … } void SandboxedUnpacker::Unzip(const base::FilePath& crx_path, const base::FilePath& unzipped_dir) { … } void SandboxedUnpacker::UnzipDone(const base::FilePath& zip_file, const base::FilePath& unzip_dir, const std::string& error) { … } void SandboxedUnpacker::OnVerifiedContentsUncompressed( const base::FilePath& unzip_dir, base::expected<mojo_base::BigBuffer, std::string> result) { … } void SandboxedUnpacker::StoreVerifiedContentsInExtensionDir( const base::FilePath& unzip_dir, base::span<const uint8_t> verified_contents, ContentVerifierKey content_verifier_key) { … } void SandboxedUnpacker::Unpack(const base::FilePath& directory) { … } void SandboxedUnpacker::ReadManifestDone( std::optional<base::Value> manifest, const std::optional<std::string>& error) { … } void SandboxedUnpacker::UnpackExtensionSucceeded(base::Value::Dict manifest) { … } data_decoder::DataDecoder* SandboxedUnpacker::GetDataDecoder() { … } void SandboxedUnpacker::OnImageDecoded(const base::FilePath& path, SkBitmap image) { … } void SandboxedUnpacker::OnImageSanitizationDone( ImageSanitizer::Status status, const base::FilePath& file_path_for_error) { … } void SandboxedUnpacker::ReadMessageCatalogs() { … } void SandboxedUnpacker::SanitizeMessageCatalogs( const std::set<base::FilePath>& message_catalog_paths) { … } void SandboxedUnpacker::MessageCatalogsSanitized( JsonFileSanitizer::Status status, const std::string& error_msg) { … } void SandboxedUnpacker::IndexAndPersistJSONRulesetsIfNeeded() { … } void SandboxedUnpacker::OnJSONRulesetsIndexed(RulesetParseResult result) { … } void SandboxedUnpacker::CheckComputeHashes() { … } void SandboxedUnpacker::MaybeComputeHashes(bool should_compute) { … } data_decoder::mojom::JsonParser* SandboxedUnpacker::GetJsonParserPtr() { … } void SandboxedUnpacker::ReportUnpackExtensionFailed(std::string_view error) { … } std::u16string SandboxedUnpacker::FailureReasonToString16( const SandboxedUnpackerFailureReason reason) { … } void SandboxedUnpacker::FailWithPackageError( const SandboxedUnpackerFailureReason reason) { … } bool SandboxedUnpacker::ValidateSignature( const base::FilePath& crx_path, const std::string& expected_hash, const crx_file::VerifierFormat required_format) { … } void SandboxedUnpacker::ReportFailure( const SandboxedUnpackerFailureReason reason, const std::u16string& error) { … } void SandboxedUnpacker::ReportSuccess() { … } std::optional<base::Value::Dict> SandboxedUnpacker::RewriteManifestFile( const base::Value::Dict& manifest) { … } void SandboxedUnpacker::Cleanup() { … } void SandboxedUnpacker::ParseJsonFile( const base::FilePath& path, data_decoder::mojom::JsonParser::ParseCallback callback) { … } } // namespace extensions
Codebase Browser
chromium