Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(542)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/common/permissions/permissions_data.h

Issue 2499493004: Communicate ExtensionSettings policy to renderers (Closed)
Patch Set: Fixed static non-pod, removed default params, fixed formatting, fixed nits, simplified code Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/extensions/permissions_updater.cc ('K') | « extensions/common/extension_messages.cc ('k') | extensions/common/permissions/permissions_data.cc » ('j') | extensions/common/permissions/permissions_data.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/common/permissions/permissions_data.h
diff --git a/extensions/common/permissions/permissions_data.h b/extensions/common/permissions/permissions_data.h
index 3b87e79bc393161819710e7d8cca9703cc0857e2..6ce278b85811c6644d13121c75fdd66383beeb03 100644
--- a/extensions/common/permissions/permissions_data.h
+++ b/extensions/common/permissions/permissions_data.h
@@ -82,6 +82,10 @@ class PermissionsData {
const Extension* extension,
std::string* error);
+ // Is this extension using the default scope for runtime_blocked_hosts and
+ // runtime_allowed_hosts of the ExtensionSettings policy.
+ bool UsesDefaultPolicyHostRestrictions() const;
+
// Locks the permissions data to the current thread. We don't do this on
// construction, since extensions are initialized across multiple threads.
void BindToCurrentThread() const;
@@ -91,6 +95,22 @@ class PermissionsData {
void SetPermissions(std::unique_ptr<const PermissionSet> active,
std::unique_ptr<const PermissionSet> withheld) const;
+ // Applies restrictions from enterprise policy limiting which URLs this
+ // extension can interact with. The same policy can also define a default set
+ // of URL restrictions using SetDefaultPolicyHostRestrictions. This function
+ // overrides any default host restriction policy.
+ void SetPolicyHostRestrictions(
+ const URLPatternSet runtime_blocked_hosts,
+ const URLPatternSet runtime_allowed_hosts,
+ const bool is_default_runtime_blocked_allowed_hosts) const;
+
+ // Applies restrictions from enterprise policy limiting which URLs all
+ // extensions can interact with. This restriction can be overridden on a
+ // per-extnsion basis with SetPolicyHostRestrictions.
+ static void SetDefaultPolicyHostRestrictions(
+ const URLPatternSet default_runtime_blocked_hosts,
+ const URLPatternSet default_runtime_allowed_hosts);
+
// Sets the active permissions, leaving withheld the same.
void SetActivePermissions(std::unique_ptr<const PermissionSet> active) const;
@@ -201,6 +221,20 @@ class PermissionsData {
return *withheld_permissions_unsafe_;
}
+ // Returns list of hosts this extension may not interact with by policy.
+ static const URLPatternSet& default_runtime_blocked_hosts();
+
+ // Returns list of hosts this extension may interact with regardless of
+ // what is defined by runtime_blocked_hosts().
+ static const URLPatternSet& default_runtime_allowed_hosts();
+
+ // Returns list of hosts this extension may not interact with by policy.
+ const URLPatternSet& runtime_blocked_hosts() const;
+
+ // Returns list of hosts this extension may interact with regardless of
+ // what is defined by runtime_blocked_hosts().
+ const URLPatternSet& runtime_allowed_hosts() const;
+
#if defined(UNIT_TEST)
const PermissionSet* GetTabSpecificPermissionsForTesting(int tab_id) const {
base::AutoLock auto_lock(runtime_lock_);
@@ -233,6 +267,9 @@ class PermissionsData {
const URLPatternSet& withheld_url_patterns,
std::string* error) const;
+ // Check if a specific URL is blocked by policy from extension use at runtime.
+ bool IsRuntimeBlockedHost(const GURL& url) const;
+
// The associated extension's id.
std::string extension_id_;
@@ -255,6 +292,20 @@ class PermissionsData {
// withheld_permissions() accessor.
mutable std::unique_ptr<const PermissionSet> withheld_permissions_unsafe_;
+ // The list of hosts an extension may not interact with by policy.
+ // Unless you need to change |runtime_blocked_hosts_unsafe_|, use the (safe)
+ // runtime_blocked_hosts() accessor.
+ mutable URLPatternSet runtime_blocked_hosts_unsafe_;
+
+ // The exclusive list of hosts an extension may interact with by policy.
+ // Unless you need to change |runtime_allowed_hosts_unsafe_|, use the (safe)
+ // runtime_allowed_hosts() accessor.
+ mutable URLPatternSet runtime_allowed_hosts_unsafe_;
+
+ // If the ExtensionSettings policy is not being used, or no per-extension
+ // exception to the default policy was declared for this extension.
+ mutable bool uses_default_policy_host_restrictions_ = true;
+
mutable TabPermissionsMap tab_specific_permissions_;
mutable std::unique_ptr<base::ThreadChecker> thread_checker_;
« chrome/browser/extensions/permissions_updater.cc ('K') | « extensions/common/extension_messages.cc ('k') | extensions/common/permissions/permissions_data.cc » ('j') | extensions/common/permissions/permissions_data.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698