Communicate ExtensionSettings policy to renderers

chrome/browser/extensions/permissions_updater.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/permissions_updater.h"
 
 #include <utility>
 
 #include "base/memory/ref_counted.h"
 #include "base/values.h"
@@ skipping 118 matching lines @@
   // not the user, removed the permissions. This allows the extension to add
   // them again without prompting the user.
   if (remove_type == REMOVE_HARD) {
     ExtensionPrefs::Get(browser_context_)
         ->RemoveGrantedPermissions(extension->id(), to_remove);
   }
 
   NotifyPermissionsUpdated(REMOVED, extension, to_remove);
 }
 
+void PermissionsUpdater::SetPolicyHostRestrictions(
+    const Extension* extension,
+    const URLPatternSet& runtime_blocked_hosts,
+    const URLPatternSet& runtime_allowed_hosts,
+    bool is_default) {
+  // Keep track of runtime blocked and hosts for this extension in the browser
+  // process. We'll pull from here to populate when a new renderer is created.
+  extension->permissions_data()->SetPolicyHostRestrictions(
+      runtime_blocked_hosts, runtime_allowed_hosts, is_default);
+
+  // Send notification to the currently running renderers of the runtime block
+  // hosts settings.
+  const PermissionSet perms;
+  NotifyPermissionsUpdated(POLICY, extension, perms);
+}
+
+void PermissionsUpdater::SetDefaultPolicyHostRestrictions(
+    const URLPatternSet& default_runtime_blocked_hosts,
+    const URLPatternSet& default_runtime_allowed_hosts) {
+  // Keep track of runtime blocked and hosts for this extension in the browser

[Devlin, 2017/02/14 23:17:10]

which extension?

[nrpeter, 2017/03/22 23:47:39]

This applies to multiple extensions, I've updated the note to reflect this.

+  // process. We'll pull from here to populate when a new renderer is created.
+  PermissionsData::SetDefaultPolicyHostRestrictions(
+      default_runtime_blocked_hosts, default_runtime_allowed_hosts);
+
+  // Send notification to the currently running renderers of the runtime block
+  // hosts settings.
+  NotifyDefaultPolicyHostRestrictionsUpdated(default_runtime_blocked_hosts,
+                                             default_runtime_allowed_hosts);
+}
+
 void PermissionsUpdater::RemovePermissionsUnsafe(
     const Extension* extension,
     const PermissionSet& to_remove) {
   const PermissionSet& active =
       extension->permissions_data()->active_permissions();
   std::unique_ptr<const PermissionSet> total =
       PermissionSet::CreateDifference(active, to_remove);
   // |successfully_removed| might not equal |to_remove| if |to_remove| contains
   // permissions the extension didn't have.
   std::unique_ptr<const PermissionSet> successfully_removed =
@@ skipping 88 matching lines @@
       new Event(histogram_value, event_name, std::move(value)));
   event->restrict_to_browser_context = browser_context_;
   event_router->DispatchEventToExtension(extension_id, std::move(event));
 }
 
 void PermissionsUpdater::NotifyPermissionsUpdated(
     EventType event_type,
     const Extension* extension,
     const PermissionSet& changed) {
   DCHECK((init_flag_ & INIT_FLAG_TRANSIENT) == 0);
-  if (changed.IsEmpty())
-    return;
 
   UpdatedExtensionPermissionsInfo::Reason reason;
   events::HistogramValue histogram_value;
   const char* event_name = NULL;
+  Profile* profile = Profile::FromBrowserContext(browser_context_);
 
-  if (event_type == REMOVED) {
-    reason = UpdatedExtensionPermissionsInfo::REMOVED;
-    histogram_value = events::PERMISSIONS_ON_REMOVED;
-    event_name = permissions::OnRemoved::kEventName;
-  } else {
-    CHECK_EQ(ADDED, event_type);
-    reason = UpdatedExtensionPermissionsInfo::ADDED;
-    histogram_value = events::PERMISSIONS_ON_ADDED;
-    event_name = permissions::OnAdded::kEventName;
+  if (changed.IsEmpty() && event_type != POLICY)
+    return;
+
+  // Policy isn't exposed via JS API.
+  if (event_type != POLICY) {
+    if (event_type == REMOVED) {
+      reason = UpdatedExtensionPermissionsInfo::REMOVED;
+      histogram_value = events::PERMISSIONS_ON_REMOVED;
+      event_name = permissions::OnRemoved::kEventName;
+    } else {
+      CHECK_EQ(ADDED, event_type);
+      reason = UpdatedExtensionPermissionsInfo::ADDED;
+      histogram_value = events::PERMISSIONS_ON_ADDED;
+      event_name = permissions::OnAdded::kEventName;
+    }
+
+    // Notify other APIs or interested parties.
+    UpdatedExtensionPermissionsInfo info =
+        UpdatedExtensionPermissionsInfo(extension, changed, reason);
+    content::NotificationService::current()->Notify(

[Devlin, 2017/02/14 23:17:10]

We should still notify the rest of chrome when we change permissions.

[nrpeter, 2017/03/22 23:47:39]

For privacy reasons, we avoid disclosing the list of sites that were added or
removed from this list. We could send a blank message to Chrome saying
permissions were updated, but not including what was updated. I'm not sure how
helpful that would be though... thoughts?

[Devlin, 2017/03/29 21:36:49]

... I'm confused.  Chrome is responsible for enforcing these permissions, and
trivially and requisitely knows what they are.  Any object in chrome that
*really* wanted to know could, hypothetically, continuously poll
ExtensionManagement and look for changes.  What exactly are we trying to
prevent?

[nrpeter, 2017/03/30 00:06:05]

I'm not worried about another part of Chrome viewing this list. We'd like to
avoid disclosing the list of URLPatterns to extensions via permissions.onAdded
and permissions.onRemoved. IIUC, those events are triggered by this code, is
that not the case?

[Devlin, 2017/03/30 00:33:52]

Nope, events are dispatched from the DispatchEvent() method.

[nrpeter, 2017/03/31 21:43:34]

Done.

+        extensions::NOTIFICATION_EXTENSION_PERMISSIONS_UPDATED,
+        content::Source<Profile>(profile),
+        content::Details<UpdatedExtensionPermissionsInfo>(&info));
   }
 
-  // Notify other APIs or interested parties.
-  UpdatedExtensionPermissionsInfo info = UpdatedExtensionPermissionsInfo(
-      extension, changed, reason);
-  Profile* profile = Profile::FromBrowserContext(browser_context_);
-  content::NotificationService::current()->Notify(
-      extensions::NOTIFICATION_EXTENSION_PERMISSIONS_UPDATED,
-      content::Source<Profile>(profile),
-      content::Details<UpdatedExtensionPermissionsInfo>(&info));
-
   ExtensionMsg_UpdatePermissions_Params params;
   params.extension_id = extension->id();
   params.active_permissions = ExtensionMsg_PermissionSetStruct(
       extension->permissions_data()->active_permissions());
   params.withheld_permissions = ExtensionMsg_PermissionSetStruct(
       extension->permissions_data()->withheld_permissions());
+  params.uses_default_policy_host_restrictions =
+      extension->permissions_data()->UsesDefaultPolicyHostRestrictions();
+  if (!params.uses_default_policy_host_restrictions) {
+    params.runtime_blocked_hosts =
+        extension->permissions_data()->runtime_blocked_hosts();
+    params.runtime_allowed_hosts =
+        extension->permissions_data()->runtime_allowed_hosts();
+  }
 
   // Send the new permissions to the renderers.
   for (RenderProcessHost::iterator i(RenderProcessHost::AllHostsIterator());
        !i.IsAtEnd(); i.Advance()) {
     RenderProcessHost* host = i.GetCurrentValue();
     if (profile->IsSameProfile(
             Profile::FromBrowserContext(host->GetBrowserContext()))) {
       host->Send(new ExtensionMsg_UpdatePermissions(params));
     }
   }
 
   // Trigger the onAdded and onRemoved events in the extension.
-  DispatchEvent(extension->id(), histogram_value, event_name, changed);
+  if (event_name)
+    DispatchEvent(extension->id(), histogram_value, event_name, changed);
+}
+
+// Notify the renderers that extension policy (runtime_blocked_hosts) is updated
+// and provide new set of hosts.
+void PermissionsUpdater::NotifyDefaultPolicyHostRestrictionsUpdated(
+    const URLPatternSet& default_runtime_blocked_hosts,
+    const URLPatternSet& default_runtime_allowed_hosts) {
+  DCHECK((init_flag_ & INIT_FLAG_TRANSIENT) == 0);
+
+  Profile* profile = Profile::FromBrowserContext(browser_context_);
+
+  // Send the new policy to the renderers.
+  for (RenderProcessHost::iterator host_iterator(
+           RenderProcessHost::AllHostsIterator());
+       !host_iterator.IsAtEnd(); host_iterator.Advance()) {
+    RenderProcessHost* host = host_iterator.GetCurrentValue();
+    if (profile->IsSameProfile(
+            Profile::FromBrowserContext(host->GetBrowserContext()))) {
+      ExtensionMsg_UpdateDefaultPolicyHostRestrictions_Params params;
+      params.default_runtime_blocked_hosts = default_runtime_blocked_hosts;
+      params.default_runtime_allowed_hosts = default_runtime_allowed_hosts;
+      host->Send(new ExtensionMsg_UpdateDefaultPolicyHostRestrictions(params));
+    }
+  }
 }
 
 }  // namespace extensions