PS - Adjusting webRequest API for use in Public Sessions

extensions/browser/api/web_request/web_request_permissions.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/browser/api/web_request/web_request_permissions.h"
 
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
+#include "chromeos/login/login_state.h"
 #include "content/public/browser/resource_request_info.h"
 #include "extensions/browser/extension_navigation_ui_data.h"
 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h"
 #include "extensions/browser/info_map.h"
 #include "extensions/common/constants.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/extension_urls.h"
 #include "extensions/common/permissions/permissions_data.h"
 #include "net/url_request/url_request.h"
 #include "url/gurl.h"
@@ skipping 99 matching lines @@
     HostPermissionsCheck host_permissions_check) {
   // extension_info_map can be NULL in testing.
   if (!extension_info_map)
     return PermissionsData::ACCESS_ALLOWED;
 
   const extensions::Extension* extension =
       extension_info_map->extensions().GetByID(extension_id);
   if (!extension)
     return PermissionsData::ACCESS_DENIED;
 
+  // When we are in a Public Session, allow all URL's for webRequests initiated
+  // by a regular extension.
+#if defined(OS_CHROMEOS)
+  if (chromeos::LoginState::IsInitialized() &&
+      chromeos::LoginState::Get()->IsPublicSessionUser() &&
+      extension->is_extension()) {
+    CHECK(extensions::Manifest::IsPolicyLocation(extension->location()));

[Andrew T Wilson (Slow), 2016/11/09 08:36:00]

Document what this check is verifying (i.e. if someone hits this check, explain
what has gone wrong).

[Ivan Šandrk, 2016/11/09 12:12:13]

Done.

+    return PermissionsData::ACCESS_ALLOWED;
+  }
+#endif
+
   // Check if this event crosses incognito boundaries when it shouldn't.
   if (crosses_incognito && !extension_info_map->CanCrossIncognito(extension))
     return PermissionsData::ACCESS_DENIED;
 
   PermissionsData::AccessType access = PermissionsData::ACCESS_DENIED;
   switch (host_permissions_check) {
     case DO_NOT_CHECK_HOST:
       access = PermissionsData::ACCESS_ALLOWED;
       break;
     case REQUIRE_HOST_PERMISSION:
       // about: URLs are not covered in host permissions, but are allowed
       // anyway.
       if (url.SchemeIs(url::kAboutScheme) ||
           url::IsSameOriginWith(url, extension->url())) {
         access = PermissionsData::ACCESS_ALLOWED;
         break;
       }
       access = extension->permissions_data()->GetPageAccess(extension, url,
                                                             tab_id, nullptr);
       break;
     case REQUIRE_ALL_URLS:
       if (extension->permissions_data()->HasEffectiveAccessToAllHosts())
         access = PermissionsData::ACCESS_ALLOWED;
       // else ACCESS_DENIED
       break;
   }
 
   return access;
 }