Communicate ExtensionSettings policy to renderers

chrome/browser/extensions/permissions_updater.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/permissions_updater.h"
 
 #include <utility>
 
 #include "base/memory/ref_counted.h"
 #include "base/values.h"
@@ skipping 118 matching lines @@
   // not the user, removed the permissions. This allows the extension to add
   // them again without prompting the user.
   if (remove_type == REMOVE_HARD) {
     ExtensionPrefs::Get(browser_context_)
         ->RemoveGrantedPermissions(extension->id(), to_remove);
   }
 
   NotifyPermissionsUpdated(REMOVED, extension, to_remove);
 }
 
+void PermissionsUpdater::SetRuntimeBlockedAllowedHosts(
+    const Extension* extension,
+    const URLPatternSet& runtime_blocked_hosts,
+    const URLPatternSet& runtime_allowed_hosts,
+    bool is_default) {
+  // Keep track of runtime blocked and hosts for this extension in the browser
+  // process. We'll pull from here to populate when a new renderer is created.
+  extension->permissions_data()->SetRuntimeBlockedAllowedHosts(
+      std::move(runtime_blocked_hosts), std::move(runtime_allowed_hosts),
+      is_default);
+
+  // Send notification to the currently running renderers of the runtime block
+  // hosts settings.
+  NotifyRuntimeBlockedAllowedHostsUpdated(extension, runtime_blocked_hosts,
+                                          runtime_allowed_hosts, is_default);
+}
+
+void PermissionsUpdater::SetDefaultRuntimeBlockedAllowedHosts(
+    const URLPatternSet& default_runtime_blocked_hosts,
+    const URLPatternSet& default_runtime_allowed_hosts) {
+  // Keep track of runtime blocked and hosts for this extension in the browser
+  // process. We'll pull from here to populate when a new renderer is created.
+  PermissionsData::SetDefaultRuntimeBlockedAllowedHosts(
+      std::move(default_runtime_blocked_hosts),
+      std::move(default_runtime_allowed_hosts));
+
+  // Send notification to the currently running renderers of the runtime block
+  // hosts settings.
+  NotifyDefaultRuntimeBlockedAllowedHostsUpdated(default_runtime_blocked_hosts,
+                                                 default_runtime_allowed_hosts);
+}
+
 void PermissionsUpdater::RemovePermissionsUnsafe(
     const Extension* extension,
     const PermissionSet& to_remove) {
   const PermissionSet& active =
       extension->permissions_data()->active_permissions();
   std::unique_ptr<const PermissionSet> total =
       PermissionSet::CreateDifference(active, to_remove);
   // |successfully_removed| might not equal |to_remove| if |to_remove| contains
   // permissions the extension didn't have.
   std::unique_ptr<const PermissionSet> successfully_removed =
@@ skipping 136 matching lines @@
     if (profile->IsSameProfile(
             Profile::FromBrowserContext(host->GetBrowserContext()))) {
       host->Send(new ExtensionMsg_UpdatePermissions(params));
     }
   }
 
   // Trigger the onAdded and onRemoved events in the extension.
   DispatchEvent(extension->id(), histogram_value, event_name, changed);
 }
 
+// Notify the renderers that extension policy (runtime_blocked_hosts) is updated
+// and provide new set of hosts.
+void PermissionsUpdater::NotifyRuntimeBlockedAllowedHostsUpdated(
+    const Extension* extension,
+    const URLPatternSet& runtime_blocked_hosts,
+    const URLPatternSet& runtime_allowed_hosts,
+    bool is_default) {
+  DCHECK((init_flag_ & INIT_FLAG_TRANSIENT) == 0);
+
+  Profile* profile = Profile::FromBrowserContext(browser_context_);
+
+  // Send the new policy to the renderers.
+  for (RenderProcessHost::iterator i(RenderProcessHost::AllHostsIterator());
+       !i.IsAtEnd(); i.Advance()) {
+    RenderProcessHost* host = i.GetCurrentValue();
+    if (profile->IsSameProfile(
+            Profile::FromBrowserContext(host->GetBrowserContext()))) {
+      ExtensionMsg_UpdateAllowedAndBlockedHosts_Params params;
+      params.extension_id = extension->id();
+      ExtensionMsg_RuntimeBlockedAllowedHostsStruct hosts(
+          runtime_blocked_hosts, runtime_allowed_hosts, host->GetHandle());
+      params.hosts = hosts;
+      params.is_default = is_default;
+      host->Send(new ExtensionMsg_UpdateAllowedAndBlockedHosts(params));
+    }
+  }
+}
+
+// Notify the renderers that extension policy (runtime_blocked_hosts) is updated
+// and provide new set of hosts.
+void PermissionsUpdater::NotifyDefaultRuntimeBlockedAllowedHostsUpdated(
+    const URLPatternSet& default_runtime_blocked_hosts,
+    const URLPatternSet& default_runtime_allowed_hosts) {
+  DCHECK((init_flag_ & INIT_FLAG_TRANSIENT) == 0);
+
+  Profile* profile = Profile::FromBrowserContext(browser_context_);
+
+  // Send the new policy to the renderers.
+  for (RenderProcessHost::iterator i(RenderProcessHost::AllHostsIterator());

[zmin, 2016/12/22 22:15:39]

Can we use "host_iterator" or some other meaningful name instead of "i" here?

[nrpeter, 2017/01/19 01:50:45]

Done.

+       !i.IsAtEnd(); i.Advance()) {
+    RenderProcessHost* host = i.GetCurrentValue();
+    if (profile->IsSameProfile(
+            Profile::FromBrowserContext(host->GetBrowserContext()))) {
+      ExtensionMsg_RuntimeBlockedAllowedHostsStruct params(
+          default_runtime_blocked_hosts, default_runtime_allowed_hosts,
+          host->GetHandle());
+
+      host->Send(new ExtensionMsg_UpdateDefaultAllowedAndBlockedHosts(params));
+    }
+  }
+}
+
 }  // namespace extensions