Chromium Code Reviews Chromium Code Reviews
Issue 2499493004:
Communicate ExtensionSettings policy to renderers (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/permissions_updater.h" | 5 #include "chrome/browser/extensions/permissions_updater.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/memory/ref_counted.h" | 9 #include "base/memory/ref_counted.h" |
| 10 #include "base/values.h" | 10 #include "base/values.h" |
| (...skipping 118 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 129 // not the user, removed the permissions. This allows the extension to add | 129 // not the user, removed the permissions. This allows the extension to add |
| 130 // them again without prompting the user. | 130 // them again without prompting the user. |
| 131 if (remove_type == REMOVE_HARD) { | 131 if (remove_type == REMOVE_HARD) { |
| 132 ExtensionPrefs::Get(browser_context_) | 132 ExtensionPrefs::Get(browser_context_) |
| 133 ->RemoveGrantedPermissions(extension->id(), to_remove); | 133 ->RemoveGrantedPermissions(extension->id(), to_remove); |
| 134 } | 134 } |
| 135 | 135 |
| 136 NotifyPermissionsUpdated(REMOVED, extension, to_remove); | 136 NotifyPermissionsUpdated(REMOVED, extension, to_remove); |
| 137 } | 137 } |
| 138 | 138 |
| 139 void PermissionsUpdater::SetPolicyHostRestrictions( | |
| 140 const Extension* extension, | |
| 141 const URLPatternSet& runtime_blocked_hosts, | |
|
Devlin
2017/03/29 21:36:50
See comment in permissions_data.h, but same thing
nrpeter
2017/03/30 00:06:06
Done.
| |
| 142 const URLPatternSet& runtime_allowed_hosts, | |
| 143 bool is_default) { | |
| 144 // Keep track of runtime blocked and hosts for this extension in the browser | |
| 145 // process. We'll pull from here to populate when a new renderer is created. | |
| 146 extension->permissions_data()->SetPolicyHostRestrictions( | |
| 147 runtime_blocked_hosts, runtime_allowed_hosts, is_default); | |
| 148 | |
| 149 // Send notification to the currently running renderers of the runtime block | |
| 150 // hosts settings. | |
| 151 const PermissionSet perms; | |
| 152 NotifyPermissionsUpdated(POLICY, extension, perms); | |
| 153 } | |
| 154 | |
| 155 void PermissionsUpdater::SetDefaultPolicyHostRestrictions( | |
| 156 const URLPatternSet& default_runtime_blocked_hosts, | |
| 157 const URLPatternSet& default_runtime_allowed_hosts) { | |
| 158 // Keep track of runtime blocked and hosts for extensions without an | |
| 159 // individual policy. We'll pull from here when a new renderer is created. | |
| 160 PermissionsData::SetDefaultPolicyHostRestrictions( | |
| 161 default_runtime_blocked_hosts, default_runtime_allowed_hosts); | |
| 162 | |
| 163 // Send notification to the currently running renderers of the runtime block | |
| 164 // hosts settings. | |
| 165 NotifyDefaultPolicyHostRestrictionsUpdated(default_runtime_blocked_hosts, | |
| 166 default_runtime_allowed_hosts); | |
| 167 } | |
| 168 | |
| 139 void PermissionsUpdater::RemovePermissionsUnsafe( | 169 void PermissionsUpdater::RemovePermissionsUnsafe( |
| 140 const Extension* extension, | 170 const Extension* extension, |
| 141 const PermissionSet& to_remove) { | 171 const PermissionSet& to_remove) { |
| 142 const PermissionSet& active = | 172 const PermissionSet& active = |
| 143 extension->permissions_data()->active_permissions(); | 173 extension->permissions_data()->active_permissions(); |
| 144 std::unique_ptr<const PermissionSet> total = | 174 std::unique_ptr<const PermissionSet> total = |
| 145 PermissionSet::CreateDifference(active, to_remove); | 175 PermissionSet::CreateDifference(active, to_remove); |
| 146 // |successfully_removed| might not equal |to_remove| if |to_remove| contains | 176 // |successfully_removed| might not equal |to_remove| if |to_remove| contains |
| 147 // permissions the extension didn't have. | 177 // permissions the extension didn't have. |
| 148 std::unique_ptr<const PermissionSet> successfully_removed = | 178 std::unique_ptr<const PermissionSet> successfully_removed = |
| (...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 237 new Event(histogram_value, event_name, std::move(value))); | 267 new Event(histogram_value, event_name, std::move(value))); |
| 238 event->restrict_to_browser_context = browser_context_; | 268 event->restrict_to_browser_context = browser_context_; |
| 239 event_router->DispatchEventToExtension(extension_id, std::move(event)); | 269 event_router->DispatchEventToExtension(extension_id, std::move(event)); |
| 240 } | 270 } |
| 241 | 271 |
| 242 void PermissionsUpdater::NotifyPermissionsUpdated( | 272 void PermissionsUpdater::NotifyPermissionsUpdated( |
| 243 EventType event_type, | 273 EventType event_type, |
| 244 const Extension* extension, | 274 const Extension* extension, |
| 245 const PermissionSet& changed) { | 275 const PermissionSet& changed) { |
| 246 DCHECK((init_flag_ & INIT_FLAG_TRANSIENT) == 0); | 276 DCHECK((init_flag_ & INIT_FLAG_TRANSIENT) == 0); |
| 247 if (changed.IsEmpty()) | |
| 248 return; | |
| 249 | 277 |
| 250 UpdatedExtensionPermissionsInfo::Reason reason; | 278 UpdatedExtensionPermissionsInfo::Reason reason; |
| 251 events::HistogramValue histogram_value; | 279 events::HistogramValue histogram_value; |
| 252 const char* event_name = NULL; | 280 const char* event_name = NULL; |
| 281 Profile* profile = Profile::FromBrowserContext(browser_context_); | |
| 253 | 282 |
| 254 if (event_type == REMOVED) { | 283 if (changed.IsEmpty() && event_type != POLICY) |
| 255 reason = UpdatedExtensionPermissionsInfo::REMOVED; | 284 return; |
| 256 histogram_value = events::PERMISSIONS_ON_REMOVED; | 285 |
| 257 event_name = permissions::OnRemoved::kEventName; | 286 // Policy isn't exposed via JS API. |
|
Devlin
2017/03/29 21:36:50
What is this comment referring to?
nrpeter
2017/03/30 00:06:06
AFAIK, notification here are exposed to extensions
| |
| 258 } else { | 287 if (event_type != POLICY) { |
| 259 CHECK_EQ(ADDED, event_type); | 288 if (event_type == REMOVED) { |
| 260 reason = UpdatedExtensionPermissionsInfo::ADDED; | 289 reason = UpdatedExtensionPermissionsInfo::REMOVED; |
| 261 histogram_value = events::PERMISSIONS_ON_ADDED; | 290 histogram_value = events::PERMISSIONS_ON_REMOVED; |
| 262 event_name = permissions::OnAdded::kEventName; | 291 event_name = permissions::OnRemoved::kEventName; |
| 292 } else { | |
| 293 CHECK_EQ(ADDED, event_type); | |
| 294 reason = UpdatedExtensionPermissionsInfo::ADDED; | |
| 295 histogram_value = events::PERMISSIONS_ON_ADDED; | |
| 296 event_name = permissions::OnAdded::kEventName; | |
| 297 } | |
| 298 | |
| 299 // Notify other APIs or interested parties. | |
| 300 UpdatedExtensionPermissionsInfo info = | |
| 301 UpdatedExtensionPermissionsInfo(extension, changed, reason); | |
| 302 content::NotificationService::current()->Notify( | |
| 303 extensions::NOTIFICATION_EXTENSION_PERMISSIONS_UPDATED, | |
| 304 content::Source<Profile>(profile), | |
| 305 content::Details<UpdatedExtensionPermissionsInfo>(&info)); | |
| 263 } | 306 } |
| 264 | 307 |
| 265 // Notify other APIs or interested parties. | |
| 266 UpdatedExtensionPermissionsInfo info = UpdatedExtensionPermissionsInfo( | |
| 267 extension, changed, reason); | |
| 268 Profile* profile = Profile::FromBrowserContext(browser_context_); | |
| 269 content::NotificationService::current()->Notify( | |
| 270 extensions::NOTIFICATION_EXTENSION_PERMISSIONS_UPDATED, | |
| 271 content::Source<Profile>(profile), | |
| 272 content::Details<UpdatedExtensionPermissionsInfo>(&info)); | |
| 273 | |
| 274 ExtensionMsg_UpdatePermissions_Params params; | 308 ExtensionMsg_UpdatePermissions_Params params; |
| 275 params.extension_id = extension->id(); | 309 params.extension_id = extension->id(); |
| 276 params.active_permissions = ExtensionMsg_PermissionSetStruct( | 310 params.active_permissions = ExtensionMsg_PermissionSetStruct( |
| 277 extension->permissions_data()->active_permissions()); | 311 extension->permissions_data()->active_permissions()); |
| 278 params.withheld_permissions = ExtensionMsg_PermissionSetStruct( | 312 params.withheld_permissions = ExtensionMsg_PermissionSetStruct( |
| 279 extension->permissions_data()->withheld_permissions()); | 313 extension->permissions_data()->withheld_permissions()); |
| 314 params.uses_default_policy_host_restrictions = | |
| 315 extension->permissions_data()->UsesDefaultPolicyHostRestrictions(); | |
| 316 if (!params.uses_default_policy_host_restrictions) { | |
| 317 params.policy_blocked_hosts = | |
| 318 extension->permissions_data()->policy_blocked_hosts(); | |
| 319 params.policy_allowed_hosts = | |
| 320 extension->permissions_data()->policy_allowed_hosts(); | |
| 321 } | |
| 280 | 322 |
| 281 // Send the new permissions to the renderers. | 323 // Send the new permissions to the renderers. |
| 282 for (RenderProcessHost::iterator i(RenderProcessHost::AllHostsIterator()); | 324 for (RenderProcessHost::iterator i(RenderProcessHost::AllHostsIterator()); |
| 283 !i.IsAtEnd(); i.Advance()) { | 325 !i.IsAtEnd(); i.Advance()) { |
| 284 RenderProcessHost* host = i.GetCurrentValue(); | 326 RenderProcessHost* host = i.GetCurrentValue(); |
| 285 if (profile->IsSameProfile( | 327 if (profile->IsSameProfile( |
| 286 Profile::FromBrowserContext(host->GetBrowserContext()))) { | 328 Profile::FromBrowserContext(host->GetBrowserContext()))) { |
| 287 host->Send(new ExtensionMsg_UpdatePermissions(params)); | 329 host->Send(new ExtensionMsg_UpdatePermissions(params)); |
| 288 } | 330 } |
| 289 } | 331 } |
| 290 | 332 |
| 291 // Trigger the onAdded and onRemoved events in the extension. | 333 // Trigger the onAdded and onRemoved events in the extension. |
| 292 DispatchEvent(extension->id(), histogram_value, event_name, changed); | 334 if (event_name) |
| 335 DispatchEvent(extension->id(), histogram_value, event_name, changed); | |
| 336 } | |
| 337 | |
| 338 // Notify the renderers that extension policy (policy_blocked_hosts) is updated | |
| 339 // and provide new set of hosts. | |
| 340 void PermissionsUpdater::NotifyDefaultPolicyHostRestrictionsUpdated( | |
| 341 const URLPatternSet& default_runtime_blocked_hosts, | |
| 342 const URLPatternSet& default_runtime_allowed_hosts) { | |
| 343 DCHECK((init_flag_ & INIT_FLAG_TRANSIENT) == 0); | |
| 344 | |
| 345 Profile* profile = Profile::FromBrowserContext(browser_context_); | |
| 346 | |
| 347 // Send the new policy to the renderers. | |
| 348 for (RenderProcessHost::iterator host_iterator( | |
| 349 RenderProcessHost::AllHostsIterator()); | |
| 350 !host_iterator.IsAtEnd(); host_iterator.Advance()) { | |
| 351 RenderProcessHost* host = host_iterator.GetCurrentValue(); | |
| 352 if (profile->IsSameProfile( | |
| 353 Profile::FromBrowserContext(host->GetBrowserContext()))) { | |
| 354 ExtensionMsg_UpdateDefaultPolicyHostRestrictions_Params params; | |
| 355 params.default_policy_blocked_hosts = default_runtime_blocked_hosts; | |
| 356 params.default_policy_allowed_hosts = default_runtime_allowed_hosts; | |
| 357 host->Send(new ExtensionMsg_UpdateDefaultPolicyHostRestrictions(params)); | |
| 358 } | |
| 359 } | |
| 293 } | 360 } |
| 294 | 361 |
| 295 } // namespace extensions | 362 } // namespace extensions |
| OLD | NEW |
