Communicate ExtensionSettings policy to renderers

chrome/browser/extensions/permissions_updater.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/permissions_updater.h"
 
 #include <utility>
 
 #include "base/memory/ref_counted.h"
 #include "base/values.h"
@@ skipping 118 matching lines @@
   // not the user, removed the permissions. This allows the extension to add
   // them again without prompting the user.
   if (remove_type == REMOVE_HARD) {
     ExtensionPrefs::Get(browser_context_)
         ->RemoveGrantedPermissions(extension->id(), to_remove);
   }
 
   NotifyPermissionsUpdated(REMOVED, extension, to_remove);
 }
 
+void PermissionsUpdater::SetPolicyHostRestrictions(
+    const Extension* extension,
+    const URLPatternSet& runtime_blocked_hosts,
+    const URLPatternSet& runtime_allowed_hosts,
+    bool is_default) {
+  // Keep track of runtime blocked and hosts for this extension in the browser
+  // process. We'll pull from here to populate when a new renderer is created.
+  extension->permissions_data()->SetPolicyHostRestrictions(
+      std::move(runtime_blocked_hosts), std::move(runtime_allowed_hosts),

[Devlin, 2017/01/26 22:47:39]

std::move() casts to a &&, and const && are pretty useless. :)

[nrpeter, 2017/02/03 19:32:24]

Done.

+      is_default);
+
+  // Send notification to the currently running renderers of the runtime block
+  // hosts settings.
+  const PermissionSet perms;
+  NotifyPermissionsUpdated(POLICY, extension, perms);
+}
+
+void PermissionsUpdater::SetDefaultPolicyHostRestrictions(
+    const URLPatternSet& default_runtime_blocked_hosts,
+    const URLPatternSet& default_runtime_allowed_hosts) {
+  // Keep track of runtime blocked and hosts for this extension in the browser
+  // process. We'll pull from here to populate when a new renderer is created.
+  PermissionsData::SetDefaultPolicyHostRestrictions(
+      std::move(default_runtime_blocked_hosts),
+      std::move(default_runtime_allowed_hosts));
+
+  // Send notification to the currently running renderers of the runtime block
+  // hosts settings.
+  NotifyDefaultPolicyHostRestrictionsUpdated(default_runtime_blocked_hosts,
+                                                 default_runtime_allowed_hosts);
+}
+
 void PermissionsUpdater::RemovePermissionsUnsafe(
     const Extension* extension,
     const PermissionSet& to_remove) {
   const PermissionSet& active =
       extension->permissions_data()->active_permissions();
   std::unique_ptr<const PermissionSet> total =
       PermissionSet::CreateDifference(active, to_remove);
   // |successfully_removed| might not equal |to_remove| if |to_remove| contains
   // permissions the extension didn't have.
   std::unique_ptr<const PermissionSet> successfully_removed =
@@ skipping 88 matching lines @@
       new Event(histogram_value, event_name, std::move(value)));
   event->restrict_to_browser_context = browser_context_;
   event_router->DispatchEventToExtension(extension_id, std::move(event));
 }
 
 void PermissionsUpdater::NotifyPermissionsUpdated(
     EventType event_type,
     const Extension* extension,
     const PermissionSet& changed) {
   DCHECK((init_flag_ & INIT_FLAG_TRANSIENT) == 0);
-  if (changed.IsEmpty())
-    return;
 
   UpdatedExtensionPermissionsInfo::Reason reason;
   events::HistogramValue histogram_value;
   const char* event_name = NULL;
+  Profile* profile = Profile::FromBrowserContext(browser_context_);
 
-  if (event_type == REMOVED) {
-    reason = UpdatedExtensionPermissionsInfo::REMOVED;
-    histogram_value = events::PERMISSIONS_ON_REMOVED;
-    event_name = permissions::OnRemoved::kEventName;
-  } else {
-    CHECK_EQ(ADDED, event_type);
-    reason = UpdatedExtensionPermissionsInfo::ADDED;
-    histogram_value = events::PERMISSIONS_ON_ADDED;
-    event_name = permissions::OnAdded::kEventName;
+  if (changed.IsEmpty() && event_type != POLICY)
+    return;
+
+  // Policy isn't exposed via JS API.
+  if (event_type != POLICY) {
+    if (event_type == REMOVED) {
+      reason = UpdatedExtensionPermissionsInfo::REMOVED;
+      histogram_value = events::PERMISSIONS_ON_REMOVED;
+      event_name = permissions::OnRemoved::kEventName;
+    } else {
+      CHECK_EQ(ADDED, event_type);
+      reason = UpdatedExtensionPermissionsInfo::ADDED;
+      histogram_value = events::PERMISSIONS_ON_ADDED;
+      event_name = permissions::OnAdded::kEventName;
+    }
+
+    // Notify other APIs or interested parties.
+    UpdatedExtensionPermissionsInfo info = UpdatedExtensionPermissionsInfo(
+        extension, changed, reason);
+    content::NotificationService::current()->Notify(
+        extensions::NOTIFICATION_EXTENSION_PERMISSIONS_UPDATED,
+        content::Source<Profile>(profile),
+        content::Details<UpdatedExtensionPermissionsInfo>(&info));
   }
 
-  // Notify other APIs or interested parties.
-  UpdatedExtensionPermissionsInfo info = UpdatedExtensionPermissionsInfo(
-      extension, changed, reason);
-  Profile* profile = Profile::FromBrowserContext(browser_context_);
-  content::NotificationService::current()->Notify(
-      extensions::NOTIFICATION_EXTENSION_PERMISSIONS_UPDATED,
-      content::Source<Profile>(profile),
-      content::Details<UpdatedExtensionPermissionsInfo>(&info));
-
   ExtensionMsg_UpdatePermissions_Params params;
   params.extension_id = extension->id();
   params.active_permissions = ExtensionMsg_PermissionSetStruct(
       extension->permissions_data()->active_permissions());
   params.withheld_permissions = ExtensionMsg_PermissionSetStruct(
       extension->permissions_data()->withheld_permissions());
+  params.uses_default_policy_host_restrictions =
+      extension->permissions_data()->UsesDefaultPolicyHostRestrictions();
+  if (!params.uses_default_policy_host_restrictions) {
+    params.runtime_blocked_hosts =
+      extension->permissions_data()->runtime_blocked_hosts();
+    params.runtime_allowed_hosts =
+        extension->permissions_data()->runtime_allowed_hosts();
+  }
 
   // Send the new permissions to the renderers.
   for (RenderProcessHost::iterator i(RenderProcessHost::AllHostsIterator());
        !i.IsAtEnd(); i.Advance()) {
     RenderProcessHost* host = i.GetCurrentValue();
     if (profile->IsSameProfile(
             Profile::FromBrowserContext(host->GetBrowserContext()))) {
       host->Send(new ExtensionMsg_UpdatePermissions(params));
     }
   }
 
   // Trigger the onAdded and onRemoved events in the extension.
-  DispatchEvent(extension->id(), histogram_value, event_name, changed);
+  if (event_name != NULL)
+    DispatchEvent(extension->id(), histogram_value, event_name, changed);
+}
+
+// Notify the renderers that extension policy (runtime_blocked_hosts) is updated
+// and provide new set of hosts.
+void PermissionsUpdater::NotifyDefaultPolicyHostRestrictionsUpdated(
+    const URLPatternSet& default_runtime_blocked_hosts,
+    const URLPatternSet& default_runtime_allowed_hosts) {
+  DCHECK((init_flag_ & INIT_FLAG_TRANSIENT) == 0);
+
+  Profile* profile = Profile::FromBrowserContext(browser_context_);
+
+  // Send the new policy to the renderers.
+  for (RenderProcessHost::iterator host_iterator(
+      RenderProcessHost::AllHostsIterator()); !host_iterator.IsAtEnd();
+       host_iterator.Advance()) {
+    RenderProcessHost* host = host_iterator.GetCurrentValue();
+    if (profile->IsSameProfile(
+            Profile::FromBrowserContext(host->GetBrowserContext()))) {
+      ExtensionMsg_UpdateDefaultPolicyHostRestrictions_Params params;
+      params.default_runtime_blocked_hosts = default_runtime_blocked_hosts;
+      params.default_runtime_allowed_hosts = default_runtime_allowed_hosts;
+      host->Send(new ExtensionMsg_UpdateDefaultPolicyHostRestrictions(params));
+    }
+  }
 }
 
 }  // namespace extensions