Communicate ExtensionSettings policy to renderers

chrome/browser/extensions/permissions_updater.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/permissions_updater.h"
 
 #include <utility>
 
 #include "base/memory/ref_counted.h"
 #include "base/values.h"
@@ skipping 118 matching lines @@
   // not the user, removed the permissions. This allows the extension to add
   // them again without prompting the user.
   if (remove_type == REMOVE_HARD) {
     ExtensionPrefs::Get(browser_context_)
         ->RemoveGrantedPermissions(extension->id(), to_remove);
   }
 
   NotifyPermissionsUpdated(REMOVED, extension, to_remove);
 }
 
+void PermissionsUpdater::SetPolicyHostRestrictions(
+    const Extension* extension,
+    const URLPatternSet& runtime_blocked_hosts,
+    const URLPatternSet& runtime_allowed_hosts) {
+  // Keep track of runtime blocked and hosts for this extension in the browser
+  // process. We'll pull from here to populate when a new renderer is created.
+  extension->permissions_data()->SetPolicyHostRestrictions(
+      runtime_blocked_hosts, runtime_allowed_hosts);
+
+  // Send notification to the currently running renderers of the runtime block
+  // hosts settings.
+  const PermissionSet perms;
+  NotifyPermissionsUpdated(POLICY, extension, perms);
+}
+
+void PermissionsUpdater::SetUsesDefaultHostRestrictions(
+    const Extension* extension,
+    bool uses_default_restrictions) {
+  extension->permissions_data()->SetUsesDefaultHostRestrictions(
+      uses_default_restrictions);

[Devlin, 2017/04/03 15:52:23]

If we don't notify the renderer, how do we update extension permissions?

(This also indicates there's a gap in our testing; please see my comment from
March 30 requesting more unit tests)

[nrpeter, 2017/04/03 22:35:48]

Fixed this issue, but I hear the need for more unit tests. I'll start working on
those, but want to get these fixes addressed first.

+}
+
+void PermissionsUpdater::SetDefaultPolicyHostRestrictions(
+    const URLPatternSet& default_runtime_blocked_hosts,
+    const URLPatternSet& default_runtime_allowed_hosts) {
+  // Keep track of runtime blocked and hosts for extensions without an
+  // individual policy. We'll pull from here when a new renderer is created.
+  PermissionsData::SetDefaultPolicyHostRestrictions(
+      default_runtime_blocked_hosts, default_runtime_allowed_hosts);
+
+  // Send notification to the currently running renderers of the runtime block
+  // hosts settings.
+  NotifyDefaultPolicyHostRestrictionsUpdated(default_runtime_blocked_hosts,
+                                             default_runtime_allowed_hosts);
+}
+
 void PermissionsUpdater::RemovePermissionsUnsafe(
     const Extension* extension,
     const PermissionSet& to_remove) {
   const PermissionSet& active =
       extension->permissions_data()->active_permissions();
   std::unique_ptr<const PermissionSet> total =
       PermissionSet::CreateDifference(active, to_remove);
   // |successfully_removed| might not equal |to_remove| if |to_remove| contains
   // permissions the extension didn't have.
   std::unique_ptr<const PermissionSet> successfully_removed =
@@ skipping 88 matching lines @@
       new Event(histogram_value, event_name, std::move(value)));
   event->restrict_to_browser_context = browser_context_;
   event_router->DispatchEventToExtension(extension_id, std::move(event));
 }
 
 void PermissionsUpdater::NotifyPermissionsUpdated(
     EventType event_type,
     const Extension* extension,
     const PermissionSet& changed) {
   DCHECK((init_flag_ & INIT_FLAG_TRANSIENT) == 0);
-  if (changed.IsEmpty())

[Devlin, 2017/04/03 15:52:23]

Why move the early return?

[nrpeter, 2017/04/03 22:35:48]

Done.

-    return;
 
   UpdatedExtensionPermissionsInfo::Reason reason;
   events::HistogramValue histogram_value;
   const char* event_name = NULL;
+  Profile* profile = Profile::FromBrowserContext(browser_context_);
+
+  if (changed.IsEmpty() && event_type != POLICY)
+    return;
 
   if (event_type == REMOVED) {
     reason = UpdatedExtensionPermissionsInfo::REMOVED;
     histogram_value = events::PERMISSIONS_ON_REMOVED;
     event_name = permissions::OnRemoved::kEventName;
-  } else {
-    CHECK_EQ(ADDED, event_type);
+  } else if (event_type == ADDED) {
     reason = UpdatedExtensionPermissionsInfo::ADDED;
     histogram_value = events::PERMISSIONS_ON_ADDED;
     event_name = permissions::OnAdded::kEventName;
+  } else {
+    CHECK_EQ(POLICY, event_type);
+    reason = UpdatedExtensionPermissionsInfo::POLICY;
   }
 
   // Notify other APIs or interested parties.
-  UpdatedExtensionPermissionsInfo info = UpdatedExtensionPermissionsInfo(
-      extension, changed, reason);
-  Profile* profile = Profile::FromBrowserContext(browser_context_);
+  UpdatedExtensionPermissionsInfo info =
+      UpdatedExtensionPermissionsInfo(extension, changed, reason);
   content::NotificationService::current()->Notify(
       extensions::NOTIFICATION_EXTENSION_PERMISSIONS_UPDATED,
       content::Source<Profile>(profile),
       content::Details<UpdatedExtensionPermissionsInfo>(&info));
 
   ExtensionMsg_UpdatePermissions_Params params;
   params.extension_id = extension->id();
   params.active_permissions = ExtensionMsg_PermissionSetStruct(
       extension->permissions_data()->active_permissions());
   params.withheld_permissions = ExtensionMsg_PermissionSetStruct(
       extension->permissions_data()->withheld_permissions());
+  params.uses_default_policy_host_restrictions =
+      extension->permissions_data()->UsesDefaultPolicyHostRestrictions();
+  if (!params.uses_default_policy_host_restrictions) {
+    params.policy_blocked_hosts =
+        extension->permissions_data()->policy_blocked_hosts();
+    params.policy_allowed_hosts =
+        extension->permissions_data()->policy_allowed_hosts();
+  }
 
   // Send the new permissions to the renderers.
   for (RenderProcessHost::iterator i(RenderProcessHost::AllHostsIterator());
        !i.IsAtEnd(); i.Advance()) {
     RenderProcessHost* host = i.GetCurrentValue();
     if (profile->IsSameProfile(
             Profile::FromBrowserContext(host->GetBrowserContext()))) {
       host->Send(new ExtensionMsg_UpdatePermissions(params));
     }
   }
 
   // Trigger the onAdded and onRemoved events in the extension.
-  DispatchEvent(extension->id(), histogram_value, event_name, changed);
+  if (event_name)
+    DispatchEvent(extension->id(), histogram_value, event_name, changed);
+}
+
+// Notify the renderers that extension policy (policy_blocked_hosts) is updated
+// and provide new set of hosts.
+void PermissionsUpdater::NotifyDefaultPolicyHostRestrictionsUpdated(
+    const URLPatternSet& default_runtime_blocked_hosts,
+    const URLPatternSet& default_runtime_allowed_hosts) {
+  DCHECK((init_flag_ & INIT_FLAG_TRANSIENT) == 0);
+
+  Profile* profile = Profile::FromBrowserContext(browser_context_);
+
+  // Send the new policy to the renderers.
+  for (RenderProcessHost::iterator host_iterator(
+           RenderProcessHost::AllHostsIterator());
+       !host_iterator.IsAtEnd(); host_iterator.Advance()) {
+    RenderProcessHost* host = host_iterator.GetCurrentValue();
+    if (profile->IsSameProfile(
+            Profile::FromBrowserContext(host->GetBrowserContext()))) {
+      ExtensionMsg_UpdateDefaultPolicyHostRestrictions_Params params;
+      params.default_policy_blocked_hosts = default_runtime_blocked_hosts;

[Devlin, 2017/04/03 15:52:23]

This performs extra copies (because I don't think the compiler is smart enough
to implicitly move these into the IPC message). Prefer reusing the same struct,
as we do in the other notification method.

[nrpeter, 2017/04/03 22:35:48]

Done.

+      params.default_policy_allowed_hosts = default_runtime_allowed_hosts;
+      host->Send(new ExtensionMsg_UpdateDefaultPolicyHostRestrictions(params));
+    }
+  }
 }
 
 }  // namespace extensions