Communicate ExtensionSettings policy to renderers

extensions/renderer/dispatcher.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/renderer/dispatcher.h"
 
 #include <stddef.h>
 
 #include <memory>
 #include <utility>
@@ skipping 916 matching lines @@
   IPC_MESSAGE_HANDLER(ExtensionMsg_SetScriptingWhitelist,
                       OnSetScriptingWhitelist)
   IPC_MESSAGE_HANDLER(ExtensionMsg_SetSystemFont, OnSetSystemFont)
   IPC_MESSAGE_HANDLER(ExtensionMsg_SetWebViewPartitionID,
                       OnSetWebViewPartitionID)
   IPC_MESSAGE_HANDLER(ExtensionMsg_ShouldSuspend, OnShouldSuspend)
   IPC_MESSAGE_HANDLER(ExtensionMsg_Suspend, OnSuspend)
   IPC_MESSAGE_HANDLER(ExtensionMsg_TransferBlobs, OnTransferBlobs)
   IPC_MESSAGE_HANDLER(ExtensionMsg_Unloaded, OnUnloaded)
   IPC_MESSAGE_HANDLER(ExtensionMsg_UpdatePermissions, OnUpdatePermissions)
+  IPC_MESSAGE_HANDLER(ExtensionMsg_UpdateDefaultPolicyHostRestrictions,
+                      OnUpdateDefaultPolicyHostRestrictions)
   IPC_MESSAGE_HANDLER(ExtensionMsg_UpdateTabSpecificPermissions,
                       OnUpdateTabSpecificPermissions)
   IPC_MESSAGE_HANDLER(ExtensionMsg_ClearTabSpecificPermissions,
                       OnClearTabSpecificPermissions)
   IPC_MESSAGE_HANDLER(ExtensionMsg_SetActivityLoggingEnabled,
                       OnSetActivityLoggingEnabled)
   IPC_MESSAGE_FORWARD(ExtensionMsg_WatchPages,
                       content_watcher_.get(),
                       ContentWatcher::OnWatchPages)
   IPC_MESSAGE_UNHANDLED(handled = false)
@@ skipping 109 matching lines @@
   for (const auto& param : loaded_extensions) {
     std::string error;
     scoped_refptr<const Extension> extension = param.ConvertToExtension(&error);
     if (!extension.get()) {
       NOTREACHED() << error;
       // Note: in tests |param.id| has been observed to be empty (see comment
       // just below) so this isn't all that reliable.
       extension_load_errors_[param.id] = error;
       continue;
     }
-
     RendererExtensionRegistry* extension_registry =
         RendererExtensionRegistry::Get();
     // TODO(kalman): This test is deliberately not a CHECK (though I wish it
     // could be) and uses extension->id() not params.id:
     // 1. For some reason params.id can be empty. I've only seen it with
     //    the webstore extension, in tests, and I've spent some time trying to
     //    figure out why - but cost/benefit won.
     // 2. The browser only sends this IPC to RenderProcessHosts once, but the
     //    Dispatcher is attached to a RenderThread. Presumably there is a
     //    mismatch there. In theory one would think it's possible for the
     //    browser to figure this out itself - but again, cost/benefit.
     if (!extension_registry->Insert(extension)) {
       // TODO(devlin): This may be fixed by crbug.com/528026. Monitor, and
       // consider making this a release CHECK.
       NOTREACHED();
     }
+    URLPatternSet runtime_blocked_hosts = param.runtime_blocked_hosts;

[dcheng, 2017/02/06 07:05:29]

const URLPatternSet& here and below (the current implementation will copy twice
instead of just once)

[nrpeter, 2017/02/06 22:53:15]

Done.

+    URLPatternSet runtime_allowed_hosts = param.runtime_allowed_hosts;
+    extension->permissions_data()->SetPolicyHostRestrictions(
+        runtime_blocked_hosts, runtime_allowed_hosts,
+        param.is_default_runtime_blocked_allowed_hosts);
   }
 
   // Update the available bindings for all contexts. These may have changed if
   // an externally_connectable extension was loaded that can connect to an
   // open webpage.
   UpdateBindings("");
 }
 
 void Dispatcher::OnMessageInvoke(const std::string& extension_id,
                                  const std::string& module_name,
@@ skipping 87 matching lines @@
 
   // Invalidates the messages map for the extension in case the extension is
   // reloaded with a new messages map.
   EraseL10nMessagesMap(id);
 
   // We don't do anything with existing platform-app stylesheets. They will
   // stay resident, but the URL pattern corresponding to the unloaded
   // extension's URL just won't match anything anymore.
 }
 
+void Dispatcher::OnUpdateDefaultPolicyHostRestrictions(
+    const ExtensionMsg_UpdateDefaultPolicyHostRestrictions_Params& params) {
+  URLPatternSet blocked = params.default_runtime_blocked_hosts;
+  URLPatternSet allowed = params.default_runtime_allowed_hosts;
+  PermissionsData::SetDefaultPolicyHostRestrictions(blocked, allowed);
+  UpdateBindings("");

[dcheng, 2017/02/06 07:05:29]

Nit: std::string() rather than ""

[nrpeter, 2017/02/06 22:53:15]

Done.

FYI: Everywhere else in the file that we use UpdateBindings with an empty
string, it uses "".

[dcheng, 2017/02/07 07:47:12]

Yeah, it's more about long-term consistency here. "" is a bit sad; with
libstdc++, you get a heap allocation... to hold an empty string.

With SSO, it's a bit better, but it's even cheaper to not memcpy an empty string
to begin with.

[nrpeter, 2017/03/22 23:47:38]

Done.

+}
+
 void Dispatcher::OnUpdatePermissions(
     const ExtensionMsg_UpdatePermissions_Params& params) {
   const Extension* extension =
       RendererExtensionRegistry::Get()->GetByID(params.extension_id);
   if (!extension)
     return;
 
   std::unique_ptr<const PermissionSet> active =
       params.active_permissions.ToPermissionSet();
   std::unique_ptr<const PermissionSet> withheld =
       params.withheld_permissions.ToPermissionSet();
 
   UpdateOriginPermissions(
       extension->url(),
       extension->permissions_data()->GetEffectiveHostPermissions(),
       active->effective_hosts());
 
   extension->permissions_data()->SetPermissions(std::move(active),
                                                 std::move(withheld));
+  URLPatternSet runtime_blocked_hosts;
+  URLPatternSet runtime_allowed_hosts;
+  if (!params.uses_default_policy_host_restrictions) {
+    runtime_blocked_hosts = params.runtime_blocked_hosts;
+    runtime_allowed_hosts = params.runtime_allowed_hosts;
+  }
+  extension->permissions_data()->SetPolicyHostRestrictions(
+      runtime_blocked_hosts, runtime_allowed_hosts,
+      params.uses_default_policy_host_restrictions);
   UpdateBindings(extension->id());
 }
 
 void Dispatcher::OnUpdateTabSpecificPermissions(const GURL& visible_url,
                                                 const std::string& extension_id,
                                                 const URLPatternSet& new_hosts,
                                                 bool update_origin_whitelist,
                                                 int tab_id) {
   const Extension* extension =
       RendererExtensionRegistry::Get()->GetByID(extension_id);
@@ skipping 431 matching lines @@
   // The "guestViewDeny" module must always be loaded last. It registers
   // error-providing custom elements for the GuestView types that are not
   // available, and thus all of those types must have been checked and loaded
   // (or not loaded) beforehand.
   if (context_type == Feature::BLESSED_EXTENSION_CONTEXT) {
     module_system->Require("guestViewDeny");
   }
 }
 
 }  // namespace extensions