Chromium Code Reviews Chromium Code Reviews
Issue 2499493004:
Communicate ExtensionSettings policy to renderers (Closed)
| Index: chrome/browser/extensions/permissions_updater.cc |
| diff --git a/chrome/browser/extensions/permissions_updater.cc b/chrome/browser/extensions/permissions_updater.cc |
| index 26730a999aaa4510a01500c6c3bab92db4b18f12..67e023f1d22469963480352823d2557f39bfa7f2 100644 |
| --- a/chrome/browser/extensions/permissions_updater.cc |
| +++ b/chrome/browser/extensions/permissions_updater.cc |
| @@ -136,6 +136,36 @@ void PermissionsUpdater::RemovePermissions(const Extension* extension, |
| NotifyPermissionsUpdated(REMOVED, extension, to_remove); |
| } |
| +void PermissionsUpdater::SetPolicyHostRestrictions( |
| + const Extension* extension, |
| + const URLPatternSet& runtime_blocked_hosts, |
|
Devlin
2017/03/29 21:36:50
See comment in permissions_data.h, but same thing
nrpeter
2017/03/30 00:06:06
Done.
|
| + const URLPatternSet& runtime_allowed_hosts, |
| + bool is_default) { |
| + // Keep track of runtime blocked and hosts for this extension in the browser |
| + // process. We'll pull from here to populate when a new renderer is created. |
| + extension->permissions_data()->SetPolicyHostRestrictions( |
| + runtime_blocked_hosts, runtime_allowed_hosts, is_default); |
| + |
| + // Send notification to the currently running renderers of the runtime block |
| + // hosts settings. |
| + const PermissionSet perms; |
| + NotifyPermissionsUpdated(POLICY, extension, perms); |
| +} |
| + |
| +void PermissionsUpdater::SetDefaultPolicyHostRestrictions( |
| + const URLPatternSet& default_runtime_blocked_hosts, |
| + const URLPatternSet& default_runtime_allowed_hosts) { |
| + // Keep track of runtime blocked and hosts for extensions without an |
| + // individual policy. We'll pull from here when a new renderer is created. |
| + PermissionsData::SetDefaultPolicyHostRestrictions( |
| + default_runtime_blocked_hosts, default_runtime_allowed_hosts); |
| + |
| + // Send notification to the currently running renderers of the runtime block |
| + // hosts settings. |
| + NotifyDefaultPolicyHostRestrictionsUpdated(default_runtime_blocked_hosts, |
| + default_runtime_allowed_hosts); |
| +} |
| + |
| void PermissionsUpdater::RemovePermissionsUnsafe( |
| const Extension* extension, |
| const PermissionSet& to_remove) { |
| @@ -244,32 +274,36 @@ void PermissionsUpdater::NotifyPermissionsUpdated( |
| const Extension* extension, |
| const PermissionSet& changed) { |
| DCHECK((init_flag_ & INIT_FLAG_TRANSIENT) == 0); |
| - if (changed.IsEmpty()) |
| - return; |
| UpdatedExtensionPermissionsInfo::Reason reason; |
| events::HistogramValue histogram_value; |
| const char* event_name = NULL; |
| + Profile* profile = Profile::FromBrowserContext(browser_context_); |
| - if (event_type == REMOVED) { |
| - reason = UpdatedExtensionPermissionsInfo::REMOVED; |
| - histogram_value = events::PERMISSIONS_ON_REMOVED; |
| - event_name = permissions::OnRemoved::kEventName; |
| - } else { |
| - CHECK_EQ(ADDED, event_type); |
| - reason = UpdatedExtensionPermissionsInfo::ADDED; |
| - histogram_value = events::PERMISSIONS_ON_ADDED; |
| - event_name = permissions::OnAdded::kEventName; |
| - } |
| + if (changed.IsEmpty() && event_type != POLICY) |
| + return; |
| - // Notify other APIs or interested parties. |
| - UpdatedExtensionPermissionsInfo info = UpdatedExtensionPermissionsInfo( |
| - extension, changed, reason); |
| - Profile* profile = Profile::FromBrowserContext(browser_context_); |
| - content::NotificationService::current()->Notify( |
| - extensions::NOTIFICATION_EXTENSION_PERMISSIONS_UPDATED, |
| - content::Source<Profile>(profile), |
| - content::Details<UpdatedExtensionPermissionsInfo>(&info)); |
| + // Policy isn't exposed via JS API. |
|
Devlin
2017/03/29 21:36:50
What is this comment referring to?
nrpeter
2017/03/30 00:06:06
AFAIK, notification here are exposed to extensions
|
| + if (event_type != POLICY) { |
| + if (event_type == REMOVED) { |
| + reason = UpdatedExtensionPermissionsInfo::REMOVED; |
| + histogram_value = events::PERMISSIONS_ON_REMOVED; |
| + event_name = permissions::OnRemoved::kEventName; |
| + } else { |
| + CHECK_EQ(ADDED, event_type); |
| + reason = UpdatedExtensionPermissionsInfo::ADDED; |
| + histogram_value = events::PERMISSIONS_ON_ADDED; |
| + event_name = permissions::OnAdded::kEventName; |
| + } |
| + |
| + // Notify other APIs or interested parties. |
| + UpdatedExtensionPermissionsInfo info = |
| + UpdatedExtensionPermissionsInfo(extension, changed, reason); |
| + content::NotificationService::current()->Notify( |
| + extensions::NOTIFICATION_EXTENSION_PERMISSIONS_UPDATED, |
| + content::Source<Profile>(profile), |
| + content::Details<UpdatedExtensionPermissionsInfo>(&info)); |
| + } |
| ExtensionMsg_UpdatePermissions_Params params; |
| params.extension_id = extension->id(); |
| @@ -277,6 +311,14 @@ void PermissionsUpdater::NotifyPermissionsUpdated( |
| extension->permissions_data()->active_permissions()); |
| params.withheld_permissions = ExtensionMsg_PermissionSetStruct( |
| extension->permissions_data()->withheld_permissions()); |
| + params.uses_default_policy_host_restrictions = |
| + extension->permissions_data()->UsesDefaultPolicyHostRestrictions(); |
| + if (!params.uses_default_policy_host_restrictions) { |
| + params.policy_blocked_hosts = |
| + extension->permissions_data()->policy_blocked_hosts(); |
| + params.policy_allowed_hosts = |
| + extension->permissions_data()->policy_allowed_hosts(); |
| + } |
| // Send the new permissions to the renderers. |
| for (RenderProcessHost::iterator i(RenderProcessHost::AllHostsIterator()); |
| @@ -289,7 +331,32 @@ void PermissionsUpdater::NotifyPermissionsUpdated( |
| } |
| // Trigger the onAdded and onRemoved events in the extension. |
| - DispatchEvent(extension->id(), histogram_value, event_name, changed); |
| + if (event_name) |
| + DispatchEvent(extension->id(), histogram_value, event_name, changed); |
| +} |
| + |
| +// Notify the renderers that extension policy (policy_blocked_hosts) is updated |
| +// and provide new set of hosts. |
| +void PermissionsUpdater::NotifyDefaultPolicyHostRestrictionsUpdated( |
| + const URLPatternSet& default_runtime_blocked_hosts, |
| + const URLPatternSet& default_runtime_allowed_hosts) { |
| + DCHECK((init_flag_ & INIT_FLAG_TRANSIENT) == 0); |
| + |
| + Profile* profile = Profile::FromBrowserContext(browser_context_); |
| + |
| + // Send the new policy to the renderers. |
| + for (RenderProcessHost::iterator host_iterator( |
| + RenderProcessHost::AllHostsIterator()); |
| + !host_iterator.IsAtEnd(); host_iterator.Advance()) { |
| + RenderProcessHost* host = host_iterator.GetCurrentValue(); |
| + if (profile->IsSameProfile( |
| + Profile::FromBrowserContext(host->GetBrowserContext()))) { |
| + ExtensionMsg_UpdateDefaultPolicyHostRestrictions_Params params; |
| + params.default_policy_blocked_hosts = default_runtime_blocked_hosts; |
| + params.default_policy_allowed_hosts = default_runtime_allowed_hosts; |
| + host->Send(new ExtensionMsg_UpdateDefaultPolicyHostRestrictions(params)); |
| + } |
| + } |
| } |
| } // namespace extensions |
