Communicate ExtensionSettings policy to renderers

extensions/renderer/dispatcher.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/renderer/dispatcher.h"
 
 #include <stddef.h>
 
 #include <memory>
 #include <utility>
@@ skipping 916 matching lines @@
   IPC_MESSAGE_HANDLER(ExtensionMsg_SetScriptingWhitelist,
                       OnSetScriptingWhitelist)
   IPC_MESSAGE_HANDLER(ExtensionMsg_SetSystemFont, OnSetSystemFont)
   IPC_MESSAGE_HANDLER(ExtensionMsg_SetWebViewPartitionID,
                       OnSetWebViewPartitionID)
   IPC_MESSAGE_HANDLER(ExtensionMsg_ShouldSuspend, OnShouldSuspend)
   IPC_MESSAGE_HANDLER(ExtensionMsg_Suspend, OnSuspend)
   IPC_MESSAGE_HANDLER(ExtensionMsg_TransferBlobs, OnTransferBlobs)
   IPC_MESSAGE_HANDLER(ExtensionMsg_Unloaded, OnUnloaded)
   IPC_MESSAGE_HANDLER(ExtensionMsg_UpdatePermissions, OnUpdatePermissions)
+  IPC_MESSAGE_HANDLER(ExtensionMsg_UpdateAllowedAndBlockedHosts,
+                      OnUpdateAllowedAndBlockedHosts)
+  IPC_MESSAGE_HANDLER(ExtensionMsg_UpdateDefaultAllowedAndBlockedHosts,
+                      OnUpdateDefaultAllowedAndBlockedHosts)
   IPC_MESSAGE_HANDLER(ExtensionMsg_UpdateTabSpecificPermissions,
                       OnUpdateTabSpecificPermissions)
   IPC_MESSAGE_HANDLER(ExtensionMsg_ClearTabSpecificPermissions,
                       OnClearTabSpecificPermissions)
   IPC_MESSAGE_HANDLER(ExtensionMsg_SetActivityLoggingEnabled,
                       OnSetActivityLoggingEnabled)
   IPC_MESSAGE_FORWARD(ExtensionMsg_WatchPages,
                       content_watcher_.get(),
                       ContentWatcher::OnWatchPages)
   IPC_MESSAGE_UNHANDLED(handled = false)
@@ skipping 126 matching lines @@
     //    figure out why - but cost/benefit won.
     // 2. The browser only sends this IPC to RenderProcessHosts once, but the
     //    Dispatcher is attached to a RenderThread. Presumably there is a
     //    mismatch there. In theory one would think it's possible for the
     //    browser to figure this out itself - but again, cost/benefit.
     if (!extension_registry->Insert(extension)) {
       // TODO(devlin): This may be fixed by crbug.com/528026. Monitor, and
       // consider making this a release CHECK.
       NOTREACHED();
     }
+    URLPatternSet runtime_allowed_hosts;
+    URLPatternSet runtime_blocked_hosts;
+    if (!param.is_default_runtime_blocked_allowed_hosts) {
+      if (!base::SharedMemory::IsHandleValid(param.hosts.hosts))
+        return;
+      param.hosts.Unpickle(&runtime_blocked_hosts, &runtime_allowed_hosts);
+    }
+    extension->permissions_data()->SetRuntimeBlockedAllowedHosts(
+        runtime_blocked_hosts, runtime_allowed_hosts,
+        param.is_default_runtime_blocked_allowed_hosts);
   }
 
   // Update the available bindings for all contexts. These may have changed if
   // an externally_connectable extension was loaded that can connect to an
   // open webpage.
   UpdateBindings("");
 }
 
 void Dispatcher::OnMessageInvoke(const std::string& extension_id,
                                  const std::string& module_name,
@@ skipping 87 matching lines @@
 
   // Invalidates the messages map for the extension in case the extension is
   // reloaded with a new messages map.
   EraseL10nMessagesMap(id);
 
   // We don't do anything with existing platform-app stylesheets. They will
   // stay resident, but the URL pattern corresponding to the unloaded
   // extension's URL just won't match anything anymore.
 }
 
+void Dispatcher::OnUpdateAllowedAndBlockedHosts(
+    const ExtensionMsg_UpdateAllowedAndBlockedHosts_Params& params) {
+  const Extension* extension =
+      RendererExtensionRegistry::Get()->GetByID(params.extension_id);
+  if (!extension)
+    return;
+
+  URLPatternSet runtime_allowed_hosts;
+  URLPatternSet runtime_blocked_hosts;
+  // We don't bother mapping memory if extension uses default
+  if (!params.is_default) {
+    if (!base::SharedMemory::IsHandleValid(params.hosts.hosts))
+      return;
+    params.hosts.Unpickle(&runtime_blocked_hosts, &runtime_allowed_hosts);
+  }
+
+  extension->permissions_data()->SetRuntimeBlockedAllowedHosts(

[Devlin, 2017/01/09 23:30:57]

Do we need to be able to support runtime extension permission changes?  Or could
this just happen on startup, in which case we can just send these over as part
of the initial extension state?

[nrpeter, 2017/01/10 17:48:05]

We do need to support changes to the policy during runtime. There are a number
of situations where this is necessary (blacklisting an extension, granting an
exception, fixing a policy mistake, etc.). 

+      runtime_blocked_hosts, runtime_allowed_hosts, params.is_default);
+
+  UpdateBindings(extension->id());
+}
+
+void Dispatcher::OnUpdateDefaultAllowedAndBlockedHosts(
+    const ExtensionMsg_RuntimeBlockedAllowedHostsStruct& params) {
+  URLPatternSet default_runtime_allowed_hosts;
+  URLPatternSet default_runtime_blocked_hosts;
+  if (!base::SharedMemory::IsHandleValid(params.hosts))
+    return;
+  params.Unpickle(&default_runtime_blocked_hosts,
+                  &default_runtime_allowed_hosts);
+  PermissionsData::SetDefaultRuntimeBlockedAllowedHosts(
+      default_runtime_blocked_hosts, default_runtime_allowed_hosts);
+
+  UpdateBindings("");
+}
+
 void Dispatcher::OnUpdatePermissions(
     const ExtensionMsg_UpdatePermissions_Params& params) {
   const Extension* extension =
       RendererExtensionRegistry::Get()->GetByID(params.extension_id);
   if (!extension)
     return;
 
   std::unique_ptr<const PermissionSet> active =
       params.active_permissions.ToPermissionSet();
   std::unique_ptr<const PermissionSet> withheld =
@@ skipping 450 matching lines @@
   // The "guestViewDeny" module must always be loaded last. It registers
   // error-providing custom elements for the GuestView types that are not
   // available, and thus all of those types must have been checked and loaded
   // (or not loaded) beforehand.
   if (context_type == Feature::BLESSED_EXTENSION_CONTEXT) {
     module_system->Require("guestViewDeny");
   }
 }
 
 }  // namespace extensions