Collecting statistics on iframe permissions use.

chrome/browser/content_settings/permission_context_uma_util.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/metrics/histogram_macros.h"
 #include "base/strings/stringprintf.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/content_settings/permission_context_uma_util.h"
+#include "chrome/browser/permissions/permission_manager.h"
+#include "chrome/browser/profiles/profile.h"
 #include "components/rappor/rappor_utils.h"
 #include "content/public/browser/permission_type.h"
 #include "content/public/common/origin_util.h"
 #include "url/gurl.h"
 
 // UMA keys need to be statically initialized so plain function would not
 // work. Use a Macro instead.
 #define PERMISSION_ACTION_UMA(secure_origin, permission, permission_secure, \
                               permission_insecure, action)                  \
   UMA_HISTOGRAM_ENUMERATION(permission, action, PERMISSION_ACTION_NUM);     \
@@ skipping 113 matching lines @@
         NOTREACHED() << "PERMISSION " << permission << " not accounted for";
     }
 
     const std::string& rappor_metric = GetRapporMetric(permission, action);
     if (!rappor_metric.empty())
       rappor::SampleDomainAndRegistryFromGURL(
           g_browser_process->rappor_service(), rappor_metric,
           requesting_origin);
 }
 
+std::string PermissionTypeToString(PermissionType permission_type) {
+  switch (permission_type) {
+    case PermissionType::MIDI_SYSEX:
+      return "MidiSysex";
+    case PermissionType::PUSH_MESSAGING:
+      return "PushMessaging";
+    case PermissionType::NOTIFICATIONS:
+      return "Notifications";
+    case PermissionType::GEOLOCATION:
+      return "Geolocation";
+    case PermissionType::PROTECTED_MEDIA_IDENTIFIER:
+      return "ProtectedMediaIdentifier";
+    case PermissionType::NUM:
+      break;
+  }
+  return std::string();
+  NOTREACHED();

[jww, 2015/07/07 18:41:46]

This NOTREACHED will, well, never be reached :-) The NOTREACHED should be before
the return statement above it. If possible, remove the return statement
entirely, although I'm not sure that will compile.

[keenanb, 2015/07/07 21:02:59]

oh, derp. done.

+}
+
 void RecordPermissionRequest(ContentSettingsType permission,
-                             const GURL& requesting_origin) {
+                             const GURL& requesting_origin,
+                             const GURL& embedding_origin,
+                             Profile* profile) {
   bool secure_origin = content::IsOriginSecure(requesting_origin);
   PermissionType type;
   switch (permission) {
     case CONTENT_SETTINGS_TYPE_GEOLOCATION:
       type = PermissionType::GEOLOCATION;
       rappor::SampleDomainAndRegistryFromGURL(
           g_browser_process->rappor_service(),
           "ContentSettings.PermissionRequested.Geolocation.Url",
           requesting_origin);
       break;
@@ skipping 27 matching lines @@
     UMA_HISTOGRAM_ENUMERATION(
         "ContentSettings.PermissionRequested_SecureOrigin",
         static_cast<base::HistogramBase::Sample>(type),
         static_cast<base::HistogramBase::Sample>(PermissionType::NUM));
   } else {
     UMA_HISTOGRAM_ENUMERATION(
         "ContentSettings.PermissionRequested_InsecureOrigin",
         static_cast<base::HistogramBase::Sample>(type),
         static_cast<base::HistogramBase::Sample>(PermissionType::NUM));
   }
+
+  // In order to gauge the compatibility risk of implementing an improved
+  // iframe permissions security model, we would like to know the ratio of
+  // same-origin to cross-origin permission requests. Our estimate of this
+  // ratio could be somewhat biased by repeated requests coming from a
+  // single frame, but we expect this to be insignificant.
+  if (requesting_origin.GetOrigin() != embedding_origin.GetOrigin()) {
+    content::PermissionStatus embedding_permission_status =
+        profile->GetPermissionManager()->GetPermissionStatus(
+            type, embedding_origin, embedding_origin);
+    UMA_HISTOGRAM_ENUMERATION(
+        "Permissions.Requested.CrossOrigin_" + PermissionTypeToString(type),
+        embedding_permission_status, content::PERMISSION_STATUS_NUM);
+  } else {
+    UMA_HISTOGRAM_ENUMERATION(
+        "Permissions.Requested.SameOrigin",
+        static_cast<base::HistogramBase::Sample>(type),
+        static_cast<base::HistogramBase::Sample>(PermissionType::NUM));
+  }
 }
 
 } // namespace
 
 // Make sure you update histograms.xml permission histogram_suffix if you
 // add new permission
 void PermissionContextUmaUtil::PermissionRequested(
-    ContentSettingsType permission, const GURL& requesting_origin) {
-  RecordPermissionRequest(permission, requesting_origin);
+    ContentSettingsType permission,
+    const GURL& requesting_origin,
+    const GURL& embedding_origin,
+    Profile* profile) {
+  RecordPermissionRequest(permission, requesting_origin, embedding_origin,
+                          profile);
 }
 
 void PermissionContextUmaUtil::PermissionGranted(
     ContentSettingsType permission, const GURL& requesting_origin) {
   RecordPermissionAction(permission, GRANTED, requesting_origin);
 }
 
 void PermissionContextUmaUtil::PermissionDenied(
     ContentSettingsType permission, const GURL& requesting_origin) {
   RecordPermissionAction(permission, DENIED, requesting_origin);
 }
 
 void PermissionContextUmaUtil::PermissionDismissed(
     ContentSettingsType permission, const GURL& requesting_origin) {
   RecordPermissionAction(permission, DISMISSED, requesting_origin);
 }
 
 void PermissionContextUmaUtil::PermissionIgnored(
     ContentSettingsType permission, const GURL& requesting_origin) {
   RecordPermissionAction(permission, IGNORED, requesting_origin);
 }