[HBD] Blanket BLOCK on all non-HTTP(s) and non-FILE URLs for Flash.

chrome/browser/plugins/plugin_info_message_filter.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/plugins/plugin_info_message_filter.h"
 
 #include <stddef.h>
 
 #include <algorithm>
 #include <memory>
@@ skipping 24 matching lines @@
 #include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "components/content_settings/core/common/content_settings.h"
 #include "components/prefs/pref_service.h"
 #include "components/rappor/rappor_service.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/plugin_service.h"
 #include "content/public/browser/plugin_service_filter.h"
 #include "content/public/common/content_constants.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "url/gurl.h"
+#include "url/origin.h"
 #include "widevine_cdm_version.h"  // In SHARED_INTERMEDIATE_DIR.
 
 #if defined(ENABLE_EXTENSIONS)
 #include "components/guest_view/browser/guest_view_base.h"
 #include "extensions/browser/extension_registry.h"
 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h"
 #include "extensions/common/constants.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/manifest_handlers/webview_info.h"
 #endif
@@ skipping 27 matching lines @@
                             status, PLUGIN_AVAILABILITY_STATUS_MAX);
 #endif  // defined(WIDEVINE_CDM_AVAILABLE)
 }
 
 #endif  // defined(ENABLE_PEPPER_CDMS)
 
 // Report usage metrics for Silverlight and Flash plugin instantiations to the
 // RAPPOR service.
 void ReportMetrics(const std::string& mime_type,
                    const GURL& url,
-                   const GURL& origin_url) {
+                   const url::Origin& main_frame_origin) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
 
   if (chrome::IsIncognitoSessionActive())
     return;
   rappor::RapporService* rappor_service = g_browser_process->rappor_service();
   if (!rappor_service)
     return;
+  if (main_frame_origin.unique())
+    return;
 
   if (mime_type == content::kFlashPluginSwfMimeType ||
       mime_type == content::kFlashPluginSplMimeType) {
     rappor_service->RecordSample(
         "Plugins.FlashOriginUrl", rappor::ETLD_PLUS_ONE_RAPPOR_TYPE,
         net::registry_controlled_domains::GetDomainAndRegistry(
-            origin_url,
+            GURL(main_frame_origin.Serialize()),

[nasko, 2016/10/05 21:14:31]

main_frame_origin.GetURL()

[tommycli, 2016/10/05 21:41:22]

Done.

             net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES));
     rappor_service->RecordSample(
         "Plugins.FlashUrl", rappor::ETLD_PLUS_ONE_RAPPOR_TYPE,
         net::registry_controlled_domains::GetDomainAndRegistry(
             url,
             net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES));
   }
 }
 
 #if defined(ENABLE_EXTENSIONS)
@@ skipping 83 matching lines @@
 
   // Destroy on the UI thread because we contain a |PrefMember|.
   content::BrowserThread::DeleteOnUIThread::Destruct(this);
 }
 
 PluginInfoMessageFilter::~PluginInfoMessageFilter() {}
 
 struct PluginInfoMessageFilter::GetPluginInfo_Params {
   int render_frame_id;
   GURL url;
-  GURL top_origin_url;
+  url::Origin main_frame_origin;
   std::string mime_type;
 };
 
 void PluginInfoMessageFilter::OnGetPluginInfo(
     int render_frame_id,
     const GURL& url,
-    const GURL& top_origin_url,
+    const url::Origin& main_frame_origin,
     const std::string& mime_type,
     IPC::Message* reply_msg) {
-  GetPluginInfo_Params params = {
-    render_frame_id,
-    url,
-    top_origin_url,
-    mime_type
-  };
+  GetPluginInfo_Params params = {render_frame_id, url, main_frame_origin,
+                                 mime_type};
   PluginService::GetInstance()->GetPlugins(
       base::Bind(&PluginInfoMessageFilter::PluginsLoaded,
                  weak_ptr_factory_.GetWeakPtr(),
                  params, reply_msg));
 }
 
 void PluginInfoMessageFilter::PluginsLoaded(
     const GetPluginInfo_Params& params,
     IPC::Message* reply_msg,
     const std::vector<WebPluginInfo>& plugins) {
   std::unique_ptr<ChromeViewHostMsg_GetPluginInfo_Output> output(
       new ChromeViewHostMsg_GetPluginInfo_Output());
   // This also fills in |actual_mime_type|.
   std::unique_ptr<PluginMetadata> plugin_metadata;
   if (context_.FindEnabledPlugin(params.render_frame_id, params.url,
-                                 params.top_origin_url, params.mime_type,
+                                 params.main_frame_origin, params.mime_type,
                                  &output->status, &output->plugin,
                                  &output->actual_mime_type, &plugin_metadata)) {
     context_.DecidePluginStatus(params, output->plugin, plugin_metadata.get(),
                                 &output->status);
   }
 
   if (output->status == ChromeViewHostMsg_GetPluginInfo_Status::kNotFound) {
     // Check to see if the component updater can fetch an implementation.
     base::PostTaskAndReplyWithResult(
         main_thread_task_runner_.get(), FROM_HERE,
@@ skipping 60 matching lines @@
     *status = ChromeViewHostMsg_GetPluginInfo_Status::kAllowed;
     return;
   }
 
   ContentSetting plugin_setting = CONTENT_SETTING_DEFAULT;
   bool uses_default_content_setting = true;
   bool is_managed = false;
   // Check plugin content settings. The primary URL is the top origin URL and
   // the secondary URL is the plugin URL.
   PluginUtils::GetPluginContentSetting(
-      host_content_settings_map_, plugin, params.top_origin_url, params.url,
+      host_content_settings_map_, plugin, params.main_frame_origin, params.url,
       plugin_metadata->identifier(), &plugin_setting,
       &uses_default_content_setting, &is_managed);
 
   // TODO(tommycli): Remove once we deprecate the plugin ASK policy.
   bool legacy_ask_user = plugin_setting == CONTENT_SETTING_ASK;
   plugin_setting = PluginsFieldTrial::EffectiveContentSetting(
       CONTENT_SETTINGS_TYPE_PLUGINS, plugin_setting);
 
   DCHECK(plugin_setting != CONTENT_SETTING_DEFAULT);
   DCHECK(plugin_setting != CONTENT_SETTING_ASK);
@@ skipping 57 matching lines @@
     if (extensions::WebViewRendererState::GetInstance()->IsGuest(
             render_process_id_))
       *status = ChromeViewHostMsg_GetPluginInfo_Status::kUnauthorized;
   }
 #endif
 }
 
 bool PluginInfoMessageFilter::Context::FindEnabledPlugin(
     int render_frame_id,
     const GURL& url,
-    const GURL& top_origin_url,
+    const url::Origin& main_frame_origin,
     const std::string& mime_type,
     ChromeViewHostMsg_GetPluginInfo_Status* status,
     WebPluginInfo* plugin,
     std::string* actual_mime_type,
     std::unique_ptr<PluginMetadata>* plugin_metadata) const {
   *status = ChromeViewHostMsg_GetPluginInfo_Status::kAllowed;
 
   bool allow_wildcard = true;
   std::vector<WebPluginInfo> matching_plugins;
   std::vector<std::string> mime_types;
@@ skipping 12 matching lines @@
 #endif  // defined(GOOGLE_CHROME_BUILD)
   if (matching_plugins.empty()) {
     *status = ChromeViewHostMsg_GetPluginInfo_Status::kNotFound;
     return false;
   }
 
   content::PluginServiceFilter* filter =
       PluginService::GetInstance()->GetFilter();
   size_t i = 0;
   for (; i < matching_plugins.size(); ++i) {
-    if (!filter || filter->IsPluginAvailable(render_process_id_,
-                                             render_frame_id,
-                                             resource_context_,
-                                             url,
-                                             top_origin_url,
-                                             &matching_plugins[i])) {
+    if (!filter ||
+        filter->IsPluginAvailable(render_process_id_, render_frame_id,
+                                  resource_context_, url, main_frame_origin,
+                                  &matching_plugins[i])) {
       break;
     }
   }
 
   // If we broke out of the loop, we have found an enabled plugin.
   bool enabled = i < matching_plugins.size();
   if (!enabled) {
     // Otherwise, we only found disabled plugins, so we take the first one.
     i = 0;
     *status = ChromeViewHostMsg_GetPluginInfo_Status::kDisabled;
@@ skipping 43 matching lines @@
     output->group_name = plugin_metadata->name();
   }
 
   context_.MaybeGrantAccess(output->status, output->plugin.path);
 
   ChromeViewHostMsg_GetPluginInfo::WriteReplyParams(reply_msg, *output);
   Send(reply_msg);
   if (output->status != ChromeViewHostMsg_GetPluginInfo_Status::kNotFound) {
     main_thread_task_runner_->PostTask(
         FROM_HERE, base::Bind(&ReportMetrics, output->actual_mime_type,
-                              params.url, params.top_origin_url));
+                              params.url, params.main_frame_origin));
   }
 }
 
 void PluginInfoMessageFilter::Context::MaybeGrantAccess(
     ChromeViewHostMsg_GetPluginInfo_Status status,
     const base::FilePath& path) const {
   if (status == ChromeViewHostMsg_GetPluginInfo_Status::kAllowed ||
       status == ChromeViewHostMsg_GetPluginInfo_Status::kPlayImportantContent) {
     ChromePluginServiceFilter::GetInstance()->AuthorizePlugin(
         render_process_id_, path);
   }
 }
 
 bool PluginInfoMessageFilter::Context::IsPluginEnabled(
     const content::WebPluginInfo& plugin) const {
   return plugin_prefs_->IsPluginEnabled(plugin);
 }