Chromium Code Reviews Chromium Code Reviews
Issue 1164603003:
Remove ExtensionPrefs::SetDidExtensionEscalatePermissions (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@sync_permission_approval| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/extension_service.h" | 5 #include "chrome/browser/extensions/extension_service.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <iterator> | 8 #include <iterator> |
| 9 #include <set> | 9 #include <set> |
| 10 | 10 |
| (...skipping 984 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 995 for (const scoped_refptr<const Extension>& extension : *to_unblock) { | 995 for (const scoped_refptr<const Extension>& extension : *to_unblock) { |
| 996 registry_->RemoveBlocked(extension->id()); | 996 registry_->RemoveBlocked(extension->id()); |
| 997 AddExtension(extension.get()); | 997 AddExtension(extension.get()); |
| 998 } | 998 } |
| 999 } | 999 } |
| 1000 | 1000 |
| 1001 void ExtensionService::GrantPermissionsAndEnableExtension( | 1001 void ExtensionService::GrantPermissionsAndEnableExtension( |
| 1002 const Extension* extension) { | 1002 const Extension* extension) { |
| 1003 GrantPermissions(extension); | 1003 GrantPermissions(extension); |
| 1004 RecordPermissionMessagesHistogram(extension, "ReEnable"); | 1004 RecordPermissionMessagesHistogram(extension, "ReEnable"); |
| 1005 extension_prefs_->SetDidExtensionEscalatePermissions(extension, false); | |
| 1006 EnableExtension(extension->id()); | 1005 EnableExtension(extension->id()); |
| 1007 } | 1006 } |
| 1008 | 1007 |
| 1009 void ExtensionService::GrantPermissions(const Extension* extension) { | 1008 void ExtensionService::GrantPermissions(const Extension* extension) { |
| 1010 CHECK(extension); | 1009 CHECK(extension); |
| 1011 extensions::PermissionsUpdater(profile()).GrantActivePermissions(extension); | 1010 extensions::PermissionsUpdater(profile()).GrantActivePermissions(extension); |
| 1012 } | 1011 } |
| 1013 | 1012 |
| 1014 // static | 1013 // static |
| 1015 void ExtensionService::RecordPermissionMessagesHistogram( | 1014 void ExtensionService::RecordPermissionMessagesHistogram( |
| (...skipping 661 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1677 disable_reasons |= Extension::DISABLE_USER_ACTION; | 1676 disable_reasons |= Extension::DISABLE_USER_ACTION; |
| 1678 } | 1677 } |
| 1679 disable_reasons &= ~Extension::DISABLE_UNKNOWN_FROM_SYNC; | 1678 disable_reasons &= ~Extension::DISABLE_UNKNOWN_FROM_SYNC; |
| 1680 } | 1679 } |
| 1681 | 1680 |
| 1682 // Extension has changed permissions significantly. Disable it. A | 1681 // Extension has changed permissions significantly. Disable it. A |
| 1683 // notification should be sent by the caller. If the extension is already | 1682 // notification should be sent by the caller. If the extension is already |
| 1684 // disabled because it was installed remotely, don't add another disable | 1683 // disabled because it was installed remotely, don't add another disable |
| 1685 // reason, but instead always set the "did escalate permissions" flag, to | 1684 // reason, but instead always set the "did escalate permissions" flag, to |
| 1686 // ensure enabling it will always show a warning. | 1685 // ensure enabling it will always show a warning. |
| 1687 if (disable_reasons == Extension::DISABLE_REMOTE_INSTALL) { | 1686 if (disable_reasons == Extension::DISABLE_REMOTE_INSTALL) { |
|
not at google - send to devlin
2015/06/03 15:24:58
You should be able to remove this check/branch ent
Marc Treib
2015/06/09 12:21:50
I've removed the empty branch (durr), but kept the
not at google - send to devlin
2015/06/09 20:15:39
Yeah tough call. It both is, and isn't, a permissi
Marc Treib
2015/06/10 08:34:16
I'm not sure, so I've opted to keep the current be
| |
| 1688 extension_prefs_->SetDidExtensionEscalatePermissions(extension, true); | |
| 1689 } else if (is_privilege_increase) { | 1687 } else if (is_privilege_increase) { |
| 1690 disable_reasons |= Extension::DISABLE_PERMISSIONS_INCREASE; | 1688 disable_reasons |= Extension::DISABLE_PERMISSIONS_INCREASE; |
| 1691 if (!extension_prefs_->DidExtensionEscalatePermissions(extension->id())) { | 1689 if (!extension_prefs_->DidExtensionEscalatePermissions(extension->id())) { |
| 1692 RecordPermissionMessagesHistogram(extension, "AutoDisable"); | 1690 RecordPermissionMessagesHistogram(extension, "AutoDisable"); |
| 1693 } | 1691 } |
| 1694 extension_prefs_->SetExtensionState(extension->id(), Extension::DISABLED); | 1692 extension_prefs_->SetExtensionState(extension->id(), Extension::DISABLED); |
| 1695 extension_prefs_->SetDidExtensionEscalatePermissions(extension, true); | |
| 1696 | 1693 |
| 1697 #if defined(ENABLE_SUPERVISED_USERS) | 1694 #if defined(ENABLE_SUPERVISED_USERS) |
| 1698 // If a custodian-installed extension is disabled for a supervised user due | 1695 // If a custodian-installed extension is disabled for a supervised user due |
| 1699 // to a permissions increase, send a request to the custodian, since the | 1696 // to a permissions increase, send a request to the custodian, since the |
| 1700 // supervised user themselves can't re-enable the extension. | 1697 // supervised user themselves can't re-enable the extension. |
| 1701 if (extensions::util::IsExtensionSupervised(extension, profile_)) { | 1698 if (extensions::util::IsExtensionSupervised(extension, profile_)) { |
| 1702 SupervisedUserService* supervised_user_service = | 1699 SupervisedUserService* supervised_user_service = |
| 1703 SupervisedUserServiceFactory::GetForProfile(profile_); | 1700 SupervisedUserServiceFactory::GetForProfile(profile_); |
| 1704 supervised_user_service->AddExtensionUpdateRequest( | 1701 supervised_user_service->AddExtensionUpdateRequest( |
| 1705 extension->id(), *extension->version(), | 1702 extension->id(), *extension->version(), |
| (...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1792 // And remove the corresponding disable reason. | 1789 // And remove the corresponding disable reason. |
| 1793 extension_prefs_->RemoveDisableReason( | 1790 extension_prefs_->RemoveDisableReason( |
| 1794 id, Extension::DISABLE_UPDATE_REQUIRED_BY_POLICY); | 1791 id, Extension::DISABLE_UPDATE_REQUIRED_BY_POLICY); |
| 1795 disable_reasons &= ~Extension::DISABLE_UPDATE_REQUIRED_BY_POLICY; | 1792 disable_reasons &= ~Extension::DISABLE_UPDATE_REQUIRED_BY_POLICY; |
| 1796 } | 1793 } |
| 1797 | 1794 |
| 1798 if (install_flags & extensions::kInstallFlagIsBlacklistedForMalware) { | 1795 if (install_flags & extensions::kInstallFlagIsBlacklistedForMalware) { |
| 1799 // Installation of a blacklisted extension can happen from sync, policy, | 1796 // Installation of a blacklisted extension can happen from sync, policy, |
| 1800 // etc, where to maintain consistency we need to install it, just never | 1797 // etc, where to maintain consistency we need to install it, just never |
| 1801 // load it (see AddExtension). Usually it should be the job of callers to | 1798 // load it (see AddExtension). Usually it should be the job of callers to |
| 1802 // incercept blacklisted extension earlier (e.g. CrxInstaller, before even | 1799 // intercept blacklisted extensions earlier (e.g. CrxInstaller, before even |
| 1803 // showing the install dialogue). | 1800 // showing the install dialogue). |
| 1804 extension_prefs_->AcknowledgeBlacklistedExtension(id); | 1801 extension_prefs_->AcknowledgeBlacklistedExtension(id); |
| 1805 UMA_HISTOGRAM_ENUMERATION("ExtensionBlacklist.SilentInstall", | 1802 UMA_HISTOGRAM_ENUMERATION("ExtensionBlacklist.SilentInstall", |
| 1806 extension->location(), | 1803 extension->location(), |
| 1807 Manifest::NUM_LOCATIONS); | 1804 Manifest::NUM_LOCATIONS); |
| 1808 } | 1805 } |
| 1809 | 1806 |
| 1810 if (!GetInstalledExtension(extension->id())) { | 1807 if (!GetInstalledExtension(extension->id())) { |
| 1811 UMA_HISTOGRAM_ENUMERATION("Extensions.InstallType", | 1808 UMA_HISTOGRAM_ENUMERATION("Extensions.InstallType", |
| 1812 extension->GetType(), 100); | 1809 extension->GetType(), 100); |
| 1813 UMA_HISTOGRAM_ENUMERATION("Extensions.InstallSource", | 1810 UMA_HISTOGRAM_ENUMERATION("Extensions.InstallSource", |
| 1814 extension->location(), Manifest::NUM_LOCATIONS); | 1811 extension->location(), Manifest::NUM_LOCATIONS); |
| 1815 RecordPermissionMessagesHistogram(extension, "Install"); | 1812 RecordPermissionMessagesHistogram(extension, "Install"); |
| 1816 } else { | 1813 } else { |
| 1817 UMA_HISTOGRAM_ENUMERATION("Extensions.UpdateType", | 1814 UMA_HISTOGRAM_ENUMERATION("Extensions.UpdateType", |
| 1818 extension->GetType(), 100); | 1815 extension->GetType(), 100); |
| 1819 UMA_HISTOGRAM_ENUMERATION("Extensions.UpdateSource", | 1816 UMA_HISTOGRAM_ENUMERATION("Extensions.UpdateSource", |
| 1820 extension->location(), Manifest::NUM_LOCATIONS); | 1817 extension->location(), Manifest::NUM_LOCATIONS); |
| 1821 | 1818 |
| 1822 // A fully installed app cannot be demoted to an ephemeral app. | 1819 // A fully installed app cannot be demoted to an ephemeral app. |
| 1823 if ((install_flags & extensions::kInstallFlagIsEphemeral) && | 1820 if ((install_flags & extensions::kInstallFlagIsEphemeral) && |
| 1824 !extension_prefs_->IsEphemeralApp(id)) { | 1821 !extension_prefs_->IsEphemeralApp(id)) { |
| 1825 install_flags &= ~static_cast<int>(extensions::kInstallFlagIsEphemeral); | 1822 install_flags &= ~static_cast<int>(extensions::kInstallFlagIsEphemeral); |
| 1826 } | 1823 } |
| 1827 } | 1824 } |
| 1828 | 1825 |
| 1829 if (disable_reasons) | 1826 if (disable_reasons) |
| 1830 extension_prefs_->AddDisableReason(id, | 1827 extension_prefs_->AddDisableReasons(id, disable_reasons); |
| 1831 static_cast<Extension::DisableReason>(disable_reasons)); | |
| 1832 | 1828 |
| 1833 const Extension::State initial_state = | 1829 const Extension::State initial_state = |
| 1834 disable_reasons == Extension::DISABLE_NONE ? Extension::ENABLED | 1830 disable_reasons == Extension::DISABLE_NONE ? Extension::ENABLED |
| 1835 : Extension::DISABLED; | 1831 : Extension::DISABLED; |
| 1836 | 1832 |
| 1837 if (ShouldDelayExtensionUpdate( | 1833 if (ShouldDelayExtensionUpdate( |
| 1838 id, | 1834 id, |
| 1839 !!(install_flags & extensions::kInstallFlagInstallImmediately))) { | 1835 !!(install_flags & extensions::kInstallFlagInstallImmediately))) { |
| 1840 extension_prefs_->SetDelayedInstallInfo( | 1836 extension_prefs_->SetDelayedInstallInfo( |
| 1841 extension, | 1837 extension, |
| (...skipping 762 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2604 } | 2600 } |
| 2605 | 2601 |
| 2606 void ExtensionService::OnProfileDestructionStarted() { | 2602 void ExtensionService::OnProfileDestructionStarted() { |
| 2607 ExtensionIdSet ids_to_unload = registry_->enabled_extensions().GetIDs(); | 2603 ExtensionIdSet ids_to_unload = registry_->enabled_extensions().GetIDs(); |
| 2608 for (ExtensionIdSet::iterator it = ids_to_unload.begin(); | 2604 for (ExtensionIdSet::iterator it = ids_to_unload.begin(); |
| 2609 it != ids_to_unload.end(); | 2605 it != ids_to_unload.end(); |
| 2610 ++it) { | 2606 ++it) { |
| 2611 UnloadExtension(*it, UnloadedExtensionInfo::REASON_PROFILE_SHUTDOWN); | 2607 UnloadExtension(*it, UnloadedExtensionInfo::REASON_PROFILE_SHUTDOWN); |
| 2612 } | 2608 } |
| 2613 } | 2609 } |
| OLD | NEW |
