Public Sessions - prompt the user for pageCapture requests

chrome/browser/extensions/api/page_capture/page_capture_api.cc

Index: chrome/browser/extensions/api/page_capture/page_capture_api.cc
diff --git a/chrome/browser/extensions/api/page_capture/page_capture_api.cc b/chrome/browser/extensions/api/page_capture/page_capture_api.cc
index 1e7c549d533f94e0f6f1c53a883d9c5680c85049..57c54abcb0c49ff88b169324171acdd5a008c3b1 100644
--- a/chrome/browser/extensions/api/page_capture/page_capture_api.cc
+++ b/chrome/browser/extensions/api/page_capture/page_capture_api.cc
@@ -8,10 +8,13 @@
 #include <memory>
 
 #include "base/bind.h"
+#include "base/bind_helpers.h"
 #include "base/files/file_util.h"
 #include "chrome/browser/browser_process.h"
+#include "chrome/browser/extensions/api/page_capture/page_capture_permission_helper.h"
 #include "chrome/browser/extensions/extension_tab_util.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chromeos/login/login_state.h"
 #include "content/public/browser/child_process_security_policy.h"
 #include "content/public/browser/notification_details.h"
 #include "content/public/browser/notification_source.h"
@@ -37,6 +40,13 @@ const char kMHTMLGenerationFailedError[] = "Failed to generate MHTML.";
 const char kTemporaryFileError[] = "Failed to create a temporary file.";
 const char kTabClosedError[] = "Cannot find the tab for this request.";
 
+#if defined(OS_CHROMEOS)
+bool IsPublicSession() {
+  return chromeos::LoginState::IsInitialized() &&
+         chromeos::LoginState::Get()->IsPublicSessionUser();
+}
+#endif
+
 }  // namespace
 
 static PageCaptureSaveAsMHTMLFunction::TestDelegate* test_delegate_ = NULL;
@@ -63,6 +73,31 @@ bool PageCaptureSaveAsMHTMLFunction::RunAsync() {
 
   AddRef();  // Balanced in ReturnFailure/ReturnSuccess()
 
+  // In Public Sessions, extensions (and apps) are force-installed by admin
+  // policy so the user does not get a chance to review the permissions for
+  // these extensions. This is not acceptable from a security/privacy
+  // standpoint, so when an extension uses the PageCapture API for the first
+  // time, we show the user a dialog where they can choose whether to allow the
+  // extension access to the API.
+#if defined(OS_CHROMEOS)
+  if (IsPublicSession()) {
+    auto success_callback = base::Bind(
+        base::IgnoreResult(&BrowserThread::PostTask), BrowserThread::FILE,
+        FROM_HERE,
+        base::Bind(&PageCaptureSaveAsMHTMLFunction::CreateTemporaryFile, this));
+    auto failure_callback =
+        base::Bind(&PageCaptureSaveAsMHTMLFunction::ReturnFailure, this);
+    permission_helper_.reset(new PageCapturePermissionHelper(

[Devlin, 2017/01/06 20:45:49]

nit: prefer base::MakeUnique<>

[Ivan Šandrk, 2017/01/09 13:14:55]

Done.

+        extension(),
+        // OffTheRecordPrefs are used here because the pref must not be
+        // persistent across user sessions.
+        GetProfile()->GetOffTheRecordPrefs(), success_callback,
+        failure_callback));
+    permission_helper_->HandlePermissionRequest(GetWebContents());
+    return true;
+  }
+#endif
+
   BrowserThread::PostTask(
       BrowserThread::FILE, FROM_HERE,
       base::Bind(&PageCaptureSaveAsMHTMLFunction::CreateTemporaryFile, this));