1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/extensions/sandboxed_unpacker.h"
9 #include "base/base64.h"
10 #include "base/bind.h"
11 #include "base/command_line.h"
12 #include "base/file_util.h"
13 #include "base/files/file_util_proxy.h"
14 #include "base/json/json_string_value_serializer.h"
15 #include "base/memory/scoped_handle.h"
16 #include "base/message_loop/message_loop.h"
17 #include "base/metrics/histogram.h"
18 #include "base/path_service.h"
19 #include "base/safe_numerics.h"
20 #include "base/sequenced_task_runner.h"
21 #include "base/strings/utf_string_conversions.h"
22 #include "base/threading/sequenced_worker_pool.h"
23 #include "chrome/browser/extensions/extension_service.h"
24 #include "chrome/common/chrome_paths.h"
25 #include "chrome/common/chrome_switches.h"
26 #include "chrome/common/chrome_utility_messages.h"
27 #include "chrome/common/extensions/extension.h"
28 #include "chrome/common/extensions/extension_file_util.h"
29 #include "chrome/common/extensions/extension_l10n_util.h"
30 #include "chrome/common/extensions/manifest_handlers/icons_handler.h"
31 #include "content/public/browser/browser_thread.h"
32 #include "content/public/browser/utility_process_host.h"
33 #include "content/public/common/common_param_traits.h"
34 #include "crypto/signature_verifier.h"
35 #include "extensions/common/constants.h"
36 #include "extensions/common/crx_file.h"
37 #include "extensions/common/id_util.h"
38 #include "extensions/common/manifest_constants.h"
39 #include "grit/generated_resources.h"
40 #include "third_party/skia/include/core/SkBitmap.h"
41 #include "ui/base/l10n/l10n_util.h"
42 #include "ui/gfx/codec/png_codec.h"
44 using content::BrowserThread
;
45 using content::UtilityProcessHost
;
47 // The following macro makes histograms that record the length of paths
48 // in this file much easier to read.
49 // Windows has a short max path length. If the path length to a
50 // file being unpacked from a CRX exceeds the max length, we might
51 // fail to install. To see if this is happening, see how long the
52 // path to the temp unpack directory is. See crbug.com/69693 .
53 #define PATH_LENGTH_HISTOGRAM(name, path) \
54 UMA_HISTOGRAM_CUSTOM_COUNTS(name, path.value().length(), 0, 500, 100)
56 // Record a rate (kB per second) at which extensions are unpacked.
57 // Range from 1kB/s to 100mB/s.
58 #define UNPACK_RATE_HISTOGRAM(name, rate) \
59 UMA_HISTOGRAM_CUSTOM_COUNTS(name, rate, 1, 100000, 100);
61 namespace extensions
{
64 void RecordSuccessfulUnpackTimeHistograms(
65 const base::FilePath
& crx_path
, const base::TimeDelta unpack_time
) {
67 const int64 kBytesPerKb
= 1024;
68 const int64 kBytesPerMb
= 1024 * 1024;
70 UMA_HISTOGRAM_TIMES("Extensions.SandboxUnpackSuccessTime", unpack_time
);
72 // To get a sense of how CRX size impacts unpack time, record unpack
73 // time for several increments of CRX size.
75 if (!file_util::GetFileSize(crx_path
, &crx_file_size
)) {
76 UMA_HISTOGRAM_COUNTS("Extensions.SandboxUnpackSuccessCantGetCrxSize", 1);
80 // Cast is safe as long as the number of bytes in the CRX is less than
82 int crx_file_size_kb
= static_cast<int>(crx_file_size
/ kBytesPerKb
);
84 "Extensions.SandboxUnpackSuccessCrxSize", crx_file_size_kb
);
86 // We have time in seconds and file size in bytes. We want the rate bytes are
89 static_cast<double>(crx_file_size
) / static_cast<double>(kBytesPerKb
);
90 int unpack_rate_kb_per_s
=
91 static_cast<int>(file_size_kb
/ unpack_time
.InSecondsF());
92 UNPACK_RATE_HISTOGRAM("Extensions.SandboxUnpackRate", unpack_rate_kb_per_s
);
94 if (crx_file_size
< 50.0 * kBytesPerKb
) {
95 UNPACK_RATE_HISTOGRAM(
96 "Extensions.SandboxUnpackRateUnder50kB", unpack_rate_kb_per_s
);
98 } else if (crx_file_size
< 1 * kBytesPerMb
) {
99 UNPACK_RATE_HISTOGRAM(
100 "Extensions.SandboxUnpackRate50kBTo1mB", unpack_rate_kb_per_s
);
102 } else if (crx_file_size
< 2 * kBytesPerMb
) {
103 UNPACK_RATE_HISTOGRAM(
104 "Extensions.SandboxUnpackRate1To2mB", unpack_rate_kb_per_s
);
106 } else if (crx_file_size
< 5 * kBytesPerMb
) {
107 UNPACK_RATE_HISTOGRAM(
108 "Extensions.SandboxUnpackRate2To5mB", unpack_rate_kb_per_s
);
110 } else if (crx_file_size
< 10 * kBytesPerMb
) {
111 UNPACK_RATE_HISTOGRAM(
112 "Extensions.SandboxUnpackRate5To10mB", unpack_rate_kb_per_s
);
115 UNPACK_RATE_HISTOGRAM(
116 "Extensions.SandboxUnpackRateOver10mB", unpack_rate_kb_per_s
);
120 // Work horse for FindWritableTempLocation. Creates a temp file in the folder
121 // and uses NormalizeFilePath to check if the path is junction free.
122 bool VerifyJunctionFreeLocation(base::FilePath
* temp_dir
) {
123 if (temp_dir
->empty())
126 base::FilePath temp_file
;
127 if (!file_util::CreateTemporaryFileInDir(*temp_dir
, &temp_file
)) {
128 LOG(ERROR
) << temp_dir
->value() << " is not writable";
131 // NormalizeFilePath requires a non-empty file, so write some data.
132 // If you change the exit points of this function please make sure all
133 // exit points delete this temp file!
134 if (file_util::WriteFile(temp_file
, ".", 1) != 1)
137 base::FilePath normalized_temp_file
;
139 file_util::NormalizeFilePath(temp_file
, &normalized_temp_file
);
141 // If |temp_file| contains a link, the sandbox will block al file system
142 // operations, and the install will fail.
143 LOG(ERROR
) << temp_dir
->value() << " seem to be on remote drive.";
145 *temp_dir
= normalized_temp_file
.DirName();
147 // Clean up the temp file.
148 base::DeleteFile(temp_file
, false);
153 // This function tries to find a location for unpacking the extension archive
154 // that is writable and does not lie on a shared drive so that the sandboxed
155 // unpacking process can write there. If no such location exists we can not
156 // proceed and should fail.
157 // The result will be written to |temp_dir|. The function will write to this
158 // parameter even if it returns false.
159 bool FindWritableTempLocation(const base::FilePath
& extensions_dir
,
160 base::FilePath
* temp_dir
) {
161 // On ChromeOS, we will only attempt to unpack extension in cryptohome (profile)
162 // directory to provide additional security/privacy and speed up the rest of
163 // the extension install process.
164 #if !defined(OS_CHROMEOS)
165 PathService::Get(base::DIR_TEMP
, temp_dir
);
166 if (VerifyJunctionFreeLocation(temp_dir
))
170 *temp_dir
= extension_file_util::GetInstallTempDir(extensions_dir
);
171 if (VerifyJunctionFreeLocation(temp_dir
))
173 // Neither paths is link free chances are good installation will fail.
174 LOG(ERROR
) << "Both the %TEMP% folder and the profile seem to be on "
175 << "remote drives or read-only. Installation can not complete!";
179 // Read the decoded images back from the file we saved them to.
180 // |extension_path| is the path to the extension we unpacked that wrote the
181 // data. Returns true on success.
182 bool ReadImagesFromFile(const base::FilePath
& extension_path
,
183 DecodedImages
* images
) {
184 base::FilePath path
=
185 extension_path
.AppendASCII(kDecodedImagesFilename
);
186 std::string file_str
;
187 if (!base::ReadFileToString(path
, &file_str
))
190 IPC::Message
pickle(file_str
.data(), file_str
.size());
191 PickleIterator
iter(pickle
);
192 return IPC::ReadParam(&pickle
, &iter
, images
);
195 // Read the decoded message catalogs back from the file we saved them to.
196 // |extension_path| is the path to the extension we unpacked that wrote the
197 // data. Returns true on success.
198 bool ReadMessageCatalogsFromFile(const base::FilePath
& extension_path
,
199 base::DictionaryValue
* catalogs
) {
200 base::FilePath path
= extension_path
.AppendASCII(
201 kDecodedMessageCatalogsFilename
);
202 std::string file_str
;
203 if (!base::ReadFileToString(path
, &file_str
))
206 IPC::Message
pickle(file_str
.data(), file_str
.size());
207 PickleIterator
iter(pickle
);
208 return IPC::ReadParam(&pickle
, &iter
, catalogs
);
213 SandboxedUnpacker::SandboxedUnpacker(
214 const base::FilePath
& crx_path
,
215 Manifest::Location location
,
217 const base::FilePath
& extensions_dir
,
218 base::SequencedTaskRunner
* unpacker_io_task_runner
,
219 SandboxedUnpackerClient
* client
)
220 : crx_path_(crx_path
),
222 extensions_dir_(extensions_dir
),
223 got_response_(false),
225 creation_flags_(creation_flags
),
226 unpacker_io_task_runner_(unpacker_io_task_runner
) {
229 bool SandboxedUnpacker::CreateTempDirectory() {
230 CHECK(unpacker_io_task_runner_
->RunsTasksOnCurrentThread());
232 base::FilePath temp_dir
;
233 if (!FindWritableTempLocation(extensions_dir_
, &temp_dir
)) {
235 COULD_NOT_GET_TEMP_DIRECTORY
,
236 l10n_util::GetStringFUTF16(
237 IDS_EXTENSION_PACKAGE_INSTALL_ERROR
,
238 ASCIIToUTF16("COULD_NOT_GET_TEMP_DIRECTORY")));
242 if (!temp_dir_
.CreateUniqueTempDirUnderPath(temp_dir
)) {
244 COULD_NOT_CREATE_TEMP_DIRECTORY
,
245 l10n_util::GetStringFUTF16(
246 IDS_EXTENSION_PACKAGE_INSTALL_ERROR
,
247 ASCIIToUTF16("COULD_NOT_CREATE_TEMP_DIRECTORY")));
254 void SandboxedUnpacker::Start() {
255 // We assume that we are started on the thread that the client wants us to do
257 CHECK(unpacker_io_task_runner_
->RunsTasksOnCurrentThread());
259 unpack_start_time_
= base::TimeTicks::Now();
261 PATH_LENGTH_HISTOGRAM("Extensions.SandboxUnpackInitialCrxPathLength",
263 if (!CreateTempDirectory())
264 return; // ReportFailure() already called.
266 // Initialize the path that will eventually contain the unpacked extension.
267 extension_root_
= temp_dir_
.path().AppendASCII(kTempExtensionName
);
268 PATH_LENGTH_HISTOGRAM("Extensions.SandboxUnpackUnpackedCrxPathLength",
271 // Extract the public key and validate the package.
272 if (!ValidateSignature())
273 return; // ValidateSignature() already reported the error.
275 // Copy the crx file into our working directory.
276 base::FilePath temp_crx_path
= temp_dir_
.path().Append(crx_path_
.BaseName());
277 PATH_LENGTH_HISTOGRAM("Extensions.SandboxUnpackTempCrxPathLength",
280 if (!base::CopyFile(crx_path_
, temp_crx_path
)) {
281 // Failed to copy extension file to temporary directory.
283 FAILED_TO_COPY_EXTENSION_FILE_TO_TEMP_DIRECTORY
,
284 l10n_util::GetStringFUTF16(
285 IDS_EXTENSION_PACKAGE_INSTALL_ERROR
,
286 ASCIIToUTF16("FAILED_TO_COPY_EXTENSION_FILE_TO_TEMP_DIRECTORY")));
290 // The utility process will have access to the directory passed to
291 // SandboxedUnpacker. That directory should not contain a symlink or NTFS
292 // reparse point. When the path is used, following the link/reparse point
293 // will cause file system access outside the sandbox path, and the sandbox
294 // will deny the operation.
295 base::FilePath link_free_crx_path
;
296 if (!file_util::NormalizeFilePath(temp_crx_path
, &link_free_crx_path
)) {
297 LOG(ERROR
) << "Could not get the normalized path of "
298 << temp_crx_path
.value();
300 COULD_NOT_GET_SANDBOX_FRIENDLY_PATH
,
301 l10n_util::GetStringUTF16(IDS_EXTENSION_UNPACK_FAILED
));
304 PATH_LENGTH_HISTOGRAM("Extensions.SandboxUnpackLinkFreeCrxPathLength",
307 BrowserThread::PostTask(
308 BrowserThread::IO
, FROM_HERE
,
310 &SandboxedUnpacker::StartProcessOnIOThread
,
312 link_free_crx_path
));
315 SandboxedUnpacker::~SandboxedUnpacker() {
318 bool SandboxedUnpacker::OnMessageReceived(const IPC::Message
& message
) {
320 IPC_BEGIN_MESSAGE_MAP(SandboxedUnpacker
, message
)
321 IPC_MESSAGE_HANDLER(ChromeUtilityHostMsg_UnpackExtension_Succeeded
,
322 OnUnpackExtensionSucceeded
)
323 IPC_MESSAGE_HANDLER(ChromeUtilityHostMsg_UnpackExtension_Failed
,
324 OnUnpackExtensionFailed
)
325 IPC_MESSAGE_UNHANDLED(handled
= false)
326 IPC_END_MESSAGE_MAP()
330 void SandboxedUnpacker::OnProcessCrashed(int exit_code
) {
331 // Don't report crashes if they happen after we got a response.
335 // Utility process crashed while trying to install.
337 UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL
,
338 l10n_util::GetStringFUTF16(
339 IDS_EXTENSION_PACKAGE_INSTALL_ERROR
,
340 ASCIIToUTF16("UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL")));
343 void SandboxedUnpacker::StartProcessOnIOThread(
344 const base::FilePath
& temp_crx_path
) {
345 UtilityProcessHost
* host
=
346 UtilityProcessHost::Create(this, unpacker_io_task_runner_
.get());
347 // Grant the subprocess access to the entire subdir the extension file is
348 // in, so that it can unpack to that dir.
349 host
->SetExposedDir(temp_crx_path
.DirName());
351 new ChromeUtilityMsg_UnpackExtension(
352 temp_crx_path
, extension_id_
, location_
, creation_flags_
));
355 void SandboxedUnpacker::OnUnpackExtensionSucceeded(
356 const DictionaryValue
& manifest
) {
357 CHECK(unpacker_io_task_runner_
->RunsTasksOnCurrentThread());
358 got_response_
= true;
360 scoped_ptr
<DictionaryValue
> final_manifest(RewriteManifestFile(manifest
));
364 // Create an extension object that refers to the temporary location the
365 // extension was unpacked to. We use this until the extension is finally
366 // installed. For example, the install UI shows images from inside the
369 // Localize manifest now, so confirm UI gets correct extension name.
371 // TODO(rdevlin.cronin): Continue removing std::string errors and replacing
373 std::string utf8_error
;
374 if (!extension_l10n_util::LocalizeExtension(extension_root_
,
375 final_manifest
.get(),
378 COULD_NOT_LOCALIZE_EXTENSION
,
379 l10n_util::GetStringFUTF16(
380 IDS_EXTENSION_PACKAGE_ERROR_MESSAGE
,
381 UTF8ToUTF16(utf8_error
)));
385 extension_
= Extension::Create(
389 Extension::REQUIRE_KEY
| creation_flags_
,
392 if (!extension_
.get()) {
393 ReportFailure(INVALID_MANIFEST
,
394 ASCIIToUTF16("Manifest is invalid: " + utf8_error
));
398 SkBitmap install_icon
;
399 if (!RewriteImageFiles(&install_icon
))
402 if (!RewriteCatalogFiles())
405 ReportSuccess(manifest
, install_icon
);
408 void SandboxedUnpacker::OnUnpackExtensionFailed(const string16
& error
) {
409 CHECK(unpacker_io_task_runner_
->RunsTasksOnCurrentThread());
410 got_response_
= true;
412 UNPACKER_CLIENT_FAILED
,
413 l10n_util::GetStringFUTF16(
414 IDS_EXTENSION_PACKAGE_ERROR_MESSAGE
,
418 bool SandboxedUnpacker::ValidateSignature() {
419 ScopedStdioHandle
file(file_util::OpenFile(crx_path_
, "rb"));
422 // Could not open crx file for reading.
424 // On windows, get the error code.
425 uint32 error_code
= ::GetLastError();
426 // TODO(skerner): Use this histogram to understand why so many
427 // windows users hit this error. crbug.com/69693
429 // Windows errors are unit32s, but all of likely errors are in
430 // [1, 1000]. See winerror.h for the meaning of specific values.
431 // Clip errors outside the expected range to a single extra value.
432 // If there are errors in that extra bucket, we will know to expand
434 const uint32 kMaxErrorToSend
= 1001;
435 error_code
= std::min(error_code
, kMaxErrorToSend
);
436 UMA_HISTOGRAM_ENUMERATION("Extensions.ErrorCodeFromCrxOpen",
437 error_code
, kMaxErrorToSend
);
441 CRX_FILE_NOT_READABLE
,
442 l10n_util::GetStringFUTF16(
443 IDS_EXTENSION_PACKAGE_ERROR_CODE
,
444 ASCIIToUTF16("CRX_FILE_NOT_READABLE")));
448 // Read and verify the header.
449 // TODO(erikkay): Yuck. I'm not a big fan of this kind of code, but it
450 // appears that we don't have any endian/alignment aware serialization
451 // code in the code base. So for now, this assumes that we're running
452 // on a little endian machine with 4 byte alignment.
453 CrxFile::Header header
;
454 size_t len
= fread(&header
, 1, sizeof(header
), file
.get());
455 if (len
< sizeof(header
)) {
456 // Invalid crx header
459 l10n_util::GetStringFUTF16(
460 IDS_EXTENSION_PACKAGE_ERROR_CODE
,
461 ASCIIToUTF16("CRX_HEADER_INVALID")));
465 CrxFile::Error error
;
466 scoped_ptr
<CrxFile
> crx(CrxFile::Parse(header
, &error
));
469 case CrxFile::kWrongMagic
:
471 CRX_MAGIC_NUMBER_INVALID
,
472 l10n_util::GetStringFUTF16(
473 IDS_EXTENSION_PACKAGE_ERROR_CODE
,
474 ASCIIToUTF16("CRX_MAGIC_NUMBER_INVALID")));
476 case CrxFile::kInvalidVersion
:
479 CRX_VERSION_NUMBER_INVALID
,
480 l10n_util::GetStringFUTF16(
481 IDS_EXTENSION_PACKAGE_ERROR_CODE
,
482 ASCIIToUTF16("CRX_VERSION_NUMBER_INVALID")));
484 case CrxFile::kInvalidKeyTooLarge
:
485 case CrxFile::kInvalidSignatureTooLarge
:
486 // Excessively large key or signature
488 CRX_EXCESSIVELY_LARGE_KEY_OR_SIGNATURE
,
489 l10n_util::GetStringFUTF16(
490 IDS_EXTENSION_PACKAGE_ERROR_CODE
,
491 ASCIIToUTF16("CRX_EXCESSIVELY_LARGE_KEY_OR_SIGNATURE")));
493 case CrxFile::kInvalidKeyTooSmall
:
494 // Key length is zero
497 l10n_util::GetStringFUTF16(
498 IDS_EXTENSION_PACKAGE_ERROR_CODE
,
499 ASCIIToUTF16("CRX_ZERO_KEY_LENGTH")));
501 case CrxFile::kInvalidSignatureTooSmall
:
502 // Signature length is zero
504 CRX_ZERO_SIGNATURE_LENGTH
,
505 l10n_util::GetStringFUTF16(
506 IDS_EXTENSION_PACKAGE_ERROR_CODE
,
507 ASCIIToUTF16("CRX_ZERO_SIGNATURE_LENGTH")));
513 std::vector
<uint8
> key
;
514 key
.resize(header
.key_size
);
515 len
= fread(&key
.front(), sizeof(uint8
), header
.key_size
, file
.get());
516 if (len
< header
.key_size
) {
517 // Invalid public key
519 CRX_PUBLIC_KEY_INVALID
,
520 l10n_util::GetStringFUTF16(
521 IDS_EXTENSION_PACKAGE_ERROR_CODE
,
522 ASCIIToUTF16("CRX_PUBLIC_KEY_INVALID")));
526 std::vector
<uint8
> signature
;
527 signature
.resize(header
.signature_size
);
528 len
= fread(&signature
.front(), sizeof(uint8
), header
.signature_size
,
530 if (len
< header
.signature_size
) {
533 CRX_SIGNATURE_INVALID
,
534 l10n_util::GetStringFUTF16(
535 IDS_EXTENSION_PACKAGE_ERROR_CODE
,
536 ASCIIToUTF16("CRX_SIGNATURE_INVALID")));
540 crypto::SignatureVerifier verifier
;
541 if (!verifier
.VerifyInit(extension_misc::kSignatureAlgorithm
,
542 sizeof(extension_misc::kSignatureAlgorithm
),
547 // Signature verification initialization failed. This is most likely
548 // caused by a public key in the wrong format (should encode algorithm).
550 CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED
,
551 l10n_util::GetStringFUTF16(
552 IDS_EXTENSION_PACKAGE_ERROR_CODE
,
553 ASCIIToUTF16("CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED")));
557 unsigned char buf
[1 << 12];
558 while ((len
= fread(buf
, 1, sizeof(buf
), file
.get())) > 0)
559 verifier
.VerifyUpdate(buf
, len
);
561 if (!verifier
.VerifyFinal()) {
562 // Signature verification failed
564 CRX_SIGNATURE_VERIFICATION_FAILED
,
565 l10n_util::GetStringFUTF16(
566 IDS_EXTENSION_PACKAGE_ERROR_CODE
,
567 ASCIIToUTF16("CRX_SIGNATURE_VERIFICATION_FAILED")));
571 std::string public_key
=
572 std::string(reinterpret_cast<char*>(&key
.front()), key
.size());
573 base::Base64Encode(public_key
, &public_key_
);
575 extension_id_
= id_util::GenerateId(public_key
);
580 void SandboxedUnpacker::ReportFailure(FailureReason reason
,
581 const string16
& error
) {
582 UMA_HISTOGRAM_ENUMERATION("Extensions.SandboxUnpackFailureReason",
583 reason
, NUM_FAILURE_REASONS
);
584 UMA_HISTOGRAM_TIMES("Extensions.SandboxUnpackFailureTime",
585 base::TimeTicks::Now() - unpack_start_time_
);
587 client_
->OnUnpackFailure(error
);
590 void SandboxedUnpacker::ReportSuccess(
591 const DictionaryValue
& original_manifest
,
592 const SkBitmap
& install_icon
) {
593 UMA_HISTOGRAM_COUNTS("Extensions.SandboxUnpackSuccess", 1);
595 RecordSuccessfulUnpackTimeHistograms(
596 crx_path_
, base::TimeTicks::Now() - unpack_start_time_
);
598 // Client takes ownership of temporary directory and extension.
599 client_
->OnUnpackSuccess(
600 temp_dir_
.Take(), extension_root_
, &original_manifest
, extension_
.get(),
605 DictionaryValue
* SandboxedUnpacker::RewriteManifestFile(
606 const DictionaryValue
& manifest
) {
607 // Add the public key extracted earlier to the parsed manifest and overwrite
608 // the original manifest. We do this to ensure the manifest doesn't contain an
609 // exploitable bug that could be used to compromise the browser.
610 scoped_ptr
<DictionaryValue
> final_manifest(manifest
.DeepCopy());
611 final_manifest
->SetString(manifest_keys::kPublicKey
, public_key_
);
613 std::string manifest_json
;
614 JSONStringValueSerializer
serializer(&manifest_json
);
615 serializer
.set_pretty_print(true);
616 if (!serializer
.Serialize(*final_manifest
)) {
617 // Error serializing manifest.json.
619 ERROR_SERIALIZING_MANIFEST_JSON
,
620 l10n_util::GetStringFUTF16(
621 IDS_EXTENSION_PACKAGE_INSTALL_ERROR
,
622 ASCIIToUTF16("ERROR_SERIALIZING_MANIFEST_JSON")));
626 base::FilePath manifest_path
=
627 extension_root_
.Append(kManifestFilename
);
628 int size
= base::checked_numeric_cast
<int>(manifest_json
.size());
629 if (file_util::WriteFile(manifest_path
, manifest_json
.data(), size
) != size
) {
630 // Error saving manifest.json.
632 ERROR_SAVING_MANIFEST_JSON
,
633 l10n_util::GetStringFUTF16(
634 IDS_EXTENSION_PACKAGE_INSTALL_ERROR
,
635 ASCIIToUTF16("ERROR_SAVING_MANIFEST_JSON")));
639 return final_manifest
.release();
642 bool SandboxedUnpacker::RewriteImageFiles(SkBitmap
* install_icon
) {
643 DecodedImages images
;
644 if (!ReadImagesFromFile(temp_dir_
.path(), &images
)) {
645 // Couldn't read image data from disk.
647 COULD_NOT_READ_IMAGE_DATA_FROM_DISK
,
648 l10n_util::GetStringFUTF16(
649 IDS_EXTENSION_PACKAGE_INSTALL_ERROR
,
650 ASCIIToUTF16("COULD_NOT_READ_IMAGE_DATA_FROM_DISK")));
654 // Delete any images that may be used by the browser. We're going to write
655 // out our own versions of the parsed images, and we want to make sure the
656 // originals are gone for good.
657 std::set
<base::FilePath
> image_paths
=
658 extension_file_util::GetBrowserImagePaths(extension_
.get());
659 if (image_paths
.size() != images
.size()) {
660 // Decoded images don't match what's in the manifest.
662 DECODED_IMAGES_DO_NOT_MATCH_THE_MANIFEST
,
663 l10n_util::GetStringFUTF16(
664 IDS_EXTENSION_PACKAGE_INSTALL_ERROR
,
665 ASCIIToUTF16("DECODED_IMAGES_DO_NOT_MATCH_THE_MANIFEST")));
669 for (std::set
<base::FilePath
>::iterator it
= image_paths
.begin();
670 it
!= image_paths
.end(); ++it
) {
671 base::FilePath path
= *it
;
672 if (path
.IsAbsolute() || path
.ReferencesParent()) {
673 // Invalid path for browser image.
675 INVALID_PATH_FOR_BROWSER_IMAGE
,
676 l10n_util::GetStringFUTF16(
677 IDS_EXTENSION_PACKAGE_INSTALL_ERROR
,
678 ASCIIToUTF16("INVALID_PATH_FOR_BROWSER_IMAGE")));
681 if (!base::DeleteFile(extension_root_
.Append(path
), false)) {
682 // Error removing old image file.
684 ERROR_REMOVING_OLD_IMAGE_FILE
,
685 l10n_util::GetStringFUTF16(
686 IDS_EXTENSION_PACKAGE_INSTALL_ERROR
,
687 ASCIIToUTF16("ERROR_REMOVING_OLD_IMAGE_FILE")));
692 std::string install_icon_path
= IconsInfo::GetIcons(extension_
).Get(
693 extension_misc::EXTENSION_ICON_LARGE
,
694 ExtensionIconSet::MATCH_BIGGER
);
696 // Write our parsed images back to disk as well.
697 for (size_t i
= 0; i
< images
.size(); ++i
) {
698 if (BrowserThread::GetBlockingPool()->IsShutdownInProgress()) {
699 // Abort package installation if shutdown was initiated, crbug.com/235525
701 ABORTED_DUE_TO_SHUTDOWN
,
702 l10n_util::GetStringFUTF16(
703 IDS_EXTENSION_PACKAGE_INSTALL_ERROR
,
704 ASCIIToUTF16("ABORTED_DUE_TO_SHUTDOWN")));
708 const SkBitmap
& image
= images
[i
].a
;
709 base::FilePath path_suffix
= images
[i
].b
;
710 if (path_suffix
.MaybeAsASCII() == install_icon_path
)
711 *install_icon
= image
;
713 if (path_suffix
.IsAbsolute() || path_suffix
.ReferencesParent()) {
714 // Invalid path for bitmap image.
716 INVALID_PATH_FOR_BITMAP_IMAGE
,
717 l10n_util::GetStringFUTF16(
718 IDS_EXTENSION_PACKAGE_INSTALL_ERROR
,
719 ASCIIToUTF16("INVALID_PATH_FOR_BITMAP_IMAGE")));
722 base::FilePath path
= extension_root_
.Append(path_suffix
);
724 std::vector
<unsigned char> image_data
;
725 // TODO(mpcomplete): It's lame that we're encoding all images as PNG, even
726 // though they may originally be .jpg, etc. Figure something out.
727 // http://code.google.com/p/chromium/issues/detail?id=12459
728 if (!gfx::PNGCodec::EncodeBGRASkBitmap(image
, false, &image_data
)) {
729 // Error re-encoding theme image.
731 ERROR_RE_ENCODING_THEME_IMAGE
,
732 l10n_util::GetStringFUTF16(
733 IDS_EXTENSION_PACKAGE_INSTALL_ERROR
,
734 ASCIIToUTF16("ERROR_RE_ENCODING_THEME_IMAGE")));
738 // Note: we're overwriting existing files that the utility process wrote,
739 // so we can be sure the directory exists.
740 const char* image_data_ptr
= reinterpret_cast<const char*>(&image_data
[0]);
741 int size
= base::checked_numeric_cast
<int>(image_data
.size());
742 if (file_util::WriteFile(path
, image_data_ptr
, size
) != size
) {
743 // Error saving theme image.
745 ERROR_SAVING_THEME_IMAGE
,
746 l10n_util::GetStringFUTF16(
747 IDS_EXTENSION_PACKAGE_INSTALL_ERROR
,
748 ASCIIToUTF16("ERROR_SAVING_THEME_IMAGE")));
756 bool SandboxedUnpacker::RewriteCatalogFiles() {
757 DictionaryValue catalogs
;
758 if (!ReadMessageCatalogsFromFile(temp_dir_
.path(), &catalogs
)) {
759 // Could not read catalog data from disk.
761 COULD_NOT_READ_CATALOG_DATA_FROM_DISK
,
762 l10n_util::GetStringFUTF16(
763 IDS_EXTENSION_PACKAGE_INSTALL_ERROR
,
764 ASCIIToUTF16("COULD_NOT_READ_CATALOG_DATA_FROM_DISK")));
768 // Write our parsed catalogs back to disk.
769 for (DictionaryValue::Iterator
it(catalogs
); !it
.IsAtEnd(); it
.Advance()) {
770 const DictionaryValue
* catalog
= NULL
;
771 if (!it
.value().GetAsDictionary(&catalog
)) {
772 // Invalid catalog data.
774 INVALID_CATALOG_DATA
,
775 l10n_util::GetStringFUTF16(
776 IDS_EXTENSION_PACKAGE_INSTALL_ERROR
,
777 ASCIIToUTF16("INVALID_CATALOG_DATA")));
781 base::FilePath relative_path
= base::FilePath::FromUTF8Unsafe(it
.key());
782 relative_path
= relative_path
.Append(kMessagesFilename
);
783 if (relative_path
.IsAbsolute() || relative_path
.ReferencesParent()) {
784 // Invalid path for catalog.
786 INVALID_PATH_FOR_CATALOG
,
787 l10n_util::GetStringFUTF16(
788 IDS_EXTENSION_PACKAGE_INSTALL_ERROR
,
789 ASCIIToUTF16("INVALID_PATH_FOR_CATALOG")));
792 base::FilePath path
= extension_root_
.Append(relative_path
);
794 std::string catalog_json
;
795 JSONStringValueSerializer
serializer(&catalog_json
);
796 serializer
.set_pretty_print(true);
797 if (!serializer
.Serialize(*catalog
)) {
798 // Error serializing catalog.
800 ERROR_SERIALIZING_CATALOG
,
801 l10n_util::GetStringFUTF16(
802 IDS_EXTENSION_PACKAGE_INSTALL_ERROR
,
803 ASCIIToUTF16("ERROR_SERIALIZING_CATALOG")));
807 // Note: we're overwriting existing files that the utility process read,
808 // so we can be sure the directory exists.
809 int size
= base::checked_numeric_cast
<int>(catalog_json
.size());
810 if (file_util::WriteFile(path
, catalog_json
.c_str(), size
) != size
) {
811 // Error saving catalog.
813 ERROR_SAVING_CATALOG
,
814 l10n_util::GetStringFUTF16(
815 IDS_EXTENSION_PACKAGE_INSTALL_ERROR
,
816 ASCIIToUTF16("ERROR_SAVING_CATALOG")));
824 void SandboxedUnpacker::Cleanup() {
825 DCHECK(unpacker_io_task_runner_
->RunsTasksOnCurrentThread());
826 if (!temp_dir_
.Delete()) {
827 LOG(WARNING
) << "Can not delete temp directory at "
828 << temp_dir_
.path().value();
832 } // namespace extensions