extension_host: Add capability for downloading files (#35141)

This PR adds a new capability for downloading files in extensions. Currently all file downloads are allowed. Release Notes: - N/A
2025-07-26 17:33:16 -04:00 · 2025-07-26 17:33:16 -04:00 · 6a9a539b10
commit 6a9a539b10
parent d7b403e981
6 changed files with 165 additions and 12 deletions
--- a/crates/extension_host/src/capability_granter.rs
+++ b/crates/extension_host/src/capability_granter.rs
@ -2,6 +2,7 @@ use std::sync::Arc;

 use anyhow::{Result, bail};
 use extension::{ExtensionCapability, ExtensionManifest};
+use url::Url;

 pub struct CapabilityGranter {
    granted_capabilities: Vec<ExtensionCapability>,
@ -33,6 +34,7 @@ impl CapabilityGranter {
                ExtensionCapability::ProcessExec(capability) => {
                    capability.allows(desired_command, desired_args)
                }
+                _ => false,
            });

        if !is_allowed {
@ -43,6 +45,24 @@ impl CapabilityGranter {

        Ok(())
    }
+
+    pub fn grant_download_file(&self, desired_url: &Url) -> Result<()> {
+        let is_allowed = self
+            .granted_capabilities
+            .iter()
+            .any(|capability| match capability {
+                ExtensionCapability::DownloadFile(capability) => capability.allows(desired_url),
+                _ => false,
+            });
+
+        if !is_allowed {
+            bail!(
+                "capability for download_file {desired_url} is not granted by the extension host",
+            );
+        }
+
+        Ok(())
+    }
 }

 #[cfg(test)]