Chromium Code Reviews Chromium Code Reviews
Issue 2499493004:
Communicate ExtensionSettings policy to renderers (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/permissions_updater.h" | 5 #include "chrome/browser/extensions/permissions_updater.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/memory/ref_counted.h" | 9 #include "base/memory/ref_counted.h" |
| 10 #include "base/values.h" | 10 #include "base/values.h" |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 139 // not the user, removed the permissions. This allows the extension to add | 139 // not the user, removed the permissions. This allows the extension to add |
| 140 // them again without prompting the user. | 140 // them again without prompting the user. |
| 141 if (remove_type == REMOVE_HARD) { | 141 if (remove_type == REMOVE_HARD) { |
| 142 ExtensionPrefs::Get(browser_context_) | 142 ExtensionPrefs::Get(browser_context_) |
| 143 ->RemoveGrantedPermissions(extension->id(), to_remove); | 143 ->RemoveGrantedPermissions(extension->id(), to_remove); |
| 144 } | 144 } |
| 145 | 145 |
| 146 NotifyPermissionsUpdated(REMOVED, extension, to_remove); | 146 NotifyPermissionsUpdated(REMOVED, extension, to_remove); |
| 147 } | 147 } |
| 148 | 148 |
| 149 void PermissionsUpdater::SetPolicyHostRestrictions( | |
| 150 const Extension* extension, | |
| 151 const URLPatternSet& runtime_blocked_hosts, | |
| 152 const URLPatternSet& runtime_allowed_hosts) { | |
| 153 extension->permissions_data()->SetPolicyHostRestrictions( | |
| 154 runtime_blocked_hosts, runtime_allowed_hosts); | |
| 155 | |
| 156 // Send notification to the currently running renderers of the runtime block | |
| 157 // hosts settings. | |
| 158 const PermissionSet perms; | |
| 159 NotifyPermissionsUpdated(POLICY, extension, perms); | |
| 160 } | |
| 161 | |
| 162 void PermissionsUpdater::SetUsesDefaultHostRestrictions( | |
| 163 const Extension* extension) { | |
| 164 extension->permissions_data()->SetUsesDefaultHostRestrictions(); | |
| 165 const PermissionSet perms; | |
| 166 NotifyPermissionsUpdated(POLICY, extension, perms); | |
| 167 } | |
| 168 | |
| 169 void PermissionsUpdater::SetDefaultPolicyHostRestrictions( | |
| 170 const URLPatternSet& default_runtime_blocked_hosts, | |
| 171 const URLPatternSet& default_runtime_allowed_hosts) { | |
| 172 PermissionsData::SetDefaultPolicyHostRestrictions( | |
| 173 default_runtime_blocked_hosts, default_runtime_allowed_hosts); | |
| 174 | |
| 175 // Send notification to the currently running renderers of the runtime block | |
| 176 // hosts settings. | |
| 177 NotifyDefaultPolicyHostRestrictionsUpdated(default_runtime_blocked_hosts, | |
| 178 default_runtime_allowed_hosts); | |
| 179 } | |
| 180 | |
| 149 void PermissionsUpdater::RemovePermissionsUnsafe( | 181 void PermissionsUpdater::RemovePermissionsUnsafe( |
| 150 const Extension* extension, | 182 const Extension* extension, |
| 151 const PermissionSet& to_remove) { | 183 const PermissionSet& to_remove) { |
| 152 const PermissionSet& active = | 184 const PermissionSet& active = |
| 153 extension->permissions_data()->active_permissions(); | 185 extension->permissions_data()->active_permissions(); |
| 154 std::unique_ptr<const PermissionSet> total = | 186 std::unique_ptr<const PermissionSet> total = |
| 155 PermissionSet::CreateDifference(active, to_remove); | 187 PermissionSet::CreateDifference(active, to_remove); |
| 156 // |successfully_removed| might not equal |to_remove| if |to_remove| contains | 188 // |successfully_removed| might not equal |to_remove| if |to_remove| contains |
| 157 // permissions the extension didn't have. | 189 // permissions the extension didn't have. |
| 158 std::unique_ptr<const PermissionSet> successfully_removed = | 190 std::unique_ptr<const PermissionSet> successfully_removed = |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 249 std::unique_ptr<Event> event( | 281 std::unique_ptr<Event> event( |
| 250 new Event(histogram_value, event_name, std::move(value))); | 282 new Event(histogram_value, event_name, std::move(value))); |
| 251 event->restrict_to_browser_context = browser_context_; | 283 event->restrict_to_browser_context = browser_context_; |
| 252 event_router->DispatchEventToExtension(extension_id, std::move(event)); | 284 event_router->DispatchEventToExtension(extension_id, std::move(event)); |
| 253 } | 285 } |
| 254 | 286 |
| 255 void PermissionsUpdater::NotifyPermissionsUpdated( | 287 void PermissionsUpdater::NotifyPermissionsUpdated( |
| 256 EventType event_type, | 288 EventType event_type, |
| 257 const Extension* extension, | 289 const Extension* extension, |
| 258 const PermissionSet& changed) { | 290 const PermissionSet& changed) { |
| 259 DCHECK_EQ(0, init_flag_ & INIT_FLAG_TRANSIENT); | 291 DCHECK((init_flag_ & INIT_FLAG_TRANSIENT) == 0); |
|
Devlin
2017/04/17 16:29:38
this shouldn't change.
nrpeter
2017/04/17 17:17:59
Thanks, missed that during the merge.
| |
| 260 if (changed.IsEmpty()) | 292 |
| 293 if (changed.IsEmpty() && event_type != POLICY) | |
| 261 return; | 294 return; |
| 262 | 295 |
| 263 UpdatedExtensionPermissionsInfo::Reason reason; | 296 UpdatedExtensionPermissionsInfo::Reason reason; |
| 264 events::HistogramValue histogram_value; | 297 events::HistogramValue histogram_value = events::UNKNOWN; |
| 265 const char* event_name = NULL; | 298 const char* event_name = NULL; |
| 299 Profile* profile = Profile::FromBrowserContext(browser_context_); | |
| 266 | 300 |
| 267 if (event_type == REMOVED) { | 301 if (event_type == REMOVED) { |
| 268 reason = UpdatedExtensionPermissionsInfo::REMOVED; | 302 reason = UpdatedExtensionPermissionsInfo::REMOVED; |
| 269 histogram_value = events::PERMISSIONS_ON_REMOVED; | 303 histogram_value = events::PERMISSIONS_ON_REMOVED; |
| 270 event_name = permissions::OnRemoved::kEventName; | 304 event_name = permissions::OnRemoved::kEventName; |
| 271 } else { | 305 } else if (event_type == ADDED) { |
| 272 CHECK_EQ(ADDED, event_type); | |
| 273 reason = UpdatedExtensionPermissionsInfo::ADDED; | 306 reason = UpdatedExtensionPermissionsInfo::ADDED; |
| 274 histogram_value = events::PERMISSIONS_ON_ADDED; | 307 histogram_value = events::PERMISSIONS_ON_ADDED; |
| 275 event_name = permissions::OnAdded::kEventName; | 308 event_name = permissions::OnAdded::kEventName; |
| 309 } else { | |
| 310 DCHECK_EQ(POLICY, event_type); | |
| 311 reason = UpdatedExtensionPermissionsInfo::POLICY; | |
| 276 } | 312 } |
| 277 | 313 |
| 278 // Notify other APIs or interested parties. | 314 // Notify other APIs or interested parties. |
| 279 UpdatedExtensionPermissionsInfo info = UpdatedExtensionPermissionsInfo( | 315 UpdatedExtensionPermissionsInfo info = |
| 280 extension, changed, reason); | 316 UpdatedExtensionPermissionsInfo(extension, changed, reason); |
| 281 Profile* profile = Profile::FromBrowserContext(browser_context_); | |
| 282 content::NotificationService::current()->Notify( | 317 content::NotificationService::current()->Notify( |
| 283 extensions::NOTIFICATION_EXTENSION_PERMISSIONS_UPDATED, | 318 extensions::NOTIFICATION_EXTENSION_PERMISSIONS_UPDATED, |
| 284 content::Source<Profile>(profile), | 319 content::Source<Profile>(profile), |
| 285 content::Details<UpdatedExtensionPermissionsInfo>(&info)); | 320 content::Details<UpdatedExtensionPermissionsInfo>(&info)); |
| 286 | 321 |
| 287 ExtensionMsg_UpdatePermissions_Params params; | 322 ExtensionMsg_UpdatePermissions_Params params; |
| 288 params.extension_id = extension->id(); | 323 params.extension_id = extension->id(); |
| 289 params.active_permissions = ExtensionMsg_PermissionSetStruct( | 324 params.active_permissions = ExtensionMsg_PermissionSetStruct( |
| 290 extension->permissions_data()->active_permissions()); | 325 extension->permissions_data()->active_permissions()); |
| 291 params.withheld_permissions = ExtensionMsg_PermissionSetStruct( | 326 params.withheld_permissions = ExtensionMsg_PermissionSetStruct( |
| 292 extension->permissions_data()->withheld_permissions()); | 327 extension->permissions_data()->withheld_permissions()); |
| 328 params.uses_default_policy_host_restrictions = | |
| 329 extension->permissions_data()->UsesDefaultPolicyHostRestrictions(); | |
| 330 if (!params.uses_default_policy_host_restrictions) { | |
| 331 params.policy_blocked_hosts = | |
| 332 extension->permissions_data()->policy_blocked_hosts(); | |
| 333 params.policy_allowed_hosts = | |
| 334 extension->permissions_data()->policy_allowed_hosts(); | |
| 335 } | |
| 293 | 336 |
| 294 // Send the new permissions to the renderers. | 337 // Send the new permissions to the renderers. |
| 295 for (RenderProcessHost::iterator i(RenderProcessHost::AllHostsIterator()); | 338 for (RenderProcessHost::iterator i(RenderProcessHost::AllHostsIterator()); |
| 296 !i.IsAtEnd(); i.Advance()) { | 339 !i.IsAtEnd(); i.Advance()) { |
| 297 RenderProcessHost* host = i.GetCurrentValue(); | 340 RenderProcessHost* host = i.GetCurrentValue(); |
| 298 if (profile->IsSameProfile( | 341 if (profile->IsSameProfile( |
| 299 Profile::FromBrowserContext(host->GetBrowserContext()))) { | 342 Profile::FromBrowserContext(host->GetBrowserContext()))) { |
| 300 host->Send(new ExtensionMsg_UpdatePermissions(params)); | 343 host->Send(new ExtensionMsg_UpdatePermissions(params)); |
| 301 } | 344 } |
| 302 } | 345 } |
| 303 | 346 |
| 304 // Trigger the onAdded and onRemoved events in the extension. | 347 // Trigger the onAdded and onRemoved events in the extension. We explicitly |
| 305 DispatchEvent(extension->id(), histogram_value, event_name, changed); | 348 // don't do this for policy-related events. |
| 349 if (event_name) | |
| 350 DispatchEvent(extension->id(), histogram_value, event_name, changed); | |
| 351 } | |
| 352 | |
| 353 // Notify the renderers that extension policy (policy_blocked_hosts) is updated | |
| 354 // and provide new set of hosts. | |
| 355 void PermissionsUpdater::NotifyDefaultPolicyHostRestrictionsUpdated( | |
| 356 const URLPatternSet& default_runtime_blocked_hosts, | |
| 357 const URLPatternSet& default_runtime_allowed_hosts) { | |
| 358 DCHECK((init_flag_ & INIT_FLAG_TRANSIENT) == 0); | |
|
Devlin
2017/04/17 16:29:38
nit: prefer DCHECK_EQ
nrpeter
2017/04/17 17:17:59
Done.
| |
| 359 | |
| 360 Profile* profile = Profile::FromBrowserContext(browser_context_); | |
| 361 | |
| 362 ExtensionMsg_UpdateDefaultPolicyHostRestrictions_Params params; | |
| 363 params.default_policy_blocked_hosts = default_runtime_blocked_hosts; | |
| 364 params.default_policy_allowed_hosts = default_runtime_allowed_hosts; | |
| 365 | |
| 366 // Send the new policy to the renderers. | |
| 367 for (RenderProcessHost::iterator host_iterator( | |
| 368 RenderProcessHost::AllHostsIterator()); | |
| 369 !host_iterator.IsAtEnd(); host_iterator.Advance()) { | |
| 370 RenderProcessHost* host = host_iterator.GetCurrentValue(); | |
| 371 if (profile->IsSameProfile( | |
| 372 Profile::FromBrowserContext(host->GetBrowserContext()))) { | |
| 373 host->Send(new ExtensionMsg_UpdateDefaultPolicyHostRestrictions(params)); | |
| 374 } | |
| 375 } | |
| 306 } | 376 } |
| 307 | 377 |
| 308 } // namespace extensions | 378 } // namespace extensions |
| OLD | NEW |
