Public Sessions - prompt the user for pageCapture requests

chrome/browser/extensions/api/page_capture/page_capture_api.cc

Index: chrome/browser/extensions/api/page_capture/page_capture_api.cc
diff --git a/chrome/browser/extensions/api/page_capture/page_capture_api.cc b/chrome/browser/extensions/api/page_capture/page_capture_api.cc
index 1e7c549d533f94e0f6f1c53a883d9c5680c85049..0495f3f7a2802a74f1eaa6a8302800026bc9064d 100644
--- a/chrome/browser/extensions/api/page_capture/page_capture_api.cc
+++ b/chrome/browser/extensions/api/page_capture/page_capture_api.cc
@@ -8,10 +8,13 @@
 #include <memory>
 
 #include "base/bind.h"
+#include "base/bind_helpers.h"
 #include "base/files/file_util.h"
+#include "base/memory/ptr_util.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/extensions/extension_tab_util.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/profiles/profiles_state.h"
 #include "content/public/browser/child_process_security_policy.h"
 #include "content/public/browser/notification_details.h"
 #include "content/public/browser/notification_source.h"
@@ -22,6 +25,10 @@
 #include "content/public/common/mhtml_generation_params.h"
 #include "extensions/common/extension_messages.h"
 
+#if defined (OS_CHROMEOS)
+#include "chrome/browser/chromeos/extensions/public_session_permission_helper.h"
+#endif
+
 using content::BrowserThread;
 using content::ChildProcessSecurityPolicy;
 using content::WebContents;
@@ -36,6 +43,9 @@ const char kFileTooBigError[] = "The MHTML file generated is too big.";
 const char kMHTMLGenerationFailedError[] = "Failed to generate MHTML.";
 const char kTemporaryFileError[] = "Failed to create a temporary file.";
 const char kTabClosedError[] = "Cannot find the tab for this request.";
+#if defined(OS_CHROMEOS)
+const char kUserDenied[] = "User denied request.";
+#endif
 
 }  // namespace
 
@@ -63,6 +73,34 @@ bool PageCaptureSaveAsMHTMLFunction::RunAsync() {
 
   AddRef();  // Balanced in ReturnFailure/ReturnSuccess()
 
+  // In Public Sessions, extensions (and apps) are force-installed by admin
+  // policy so the user does not get a chance to review the permissions for
+  // these extensions. This is not acceptable from a security/privacy
+  // standpoint, so when an extension uses the PageCapture API for the first
+  // time, we show the user a dialog where they can choose whether to allow the
+  // extension access to the API.
+#if defined(OS_CHROMEOS)
+  if (profiles::IsPublicSession()) {
+    WebContents* web_contents = GetWebContents();
+    if (!web_contents) {
+      ReturnFailure(kTabClosedError);
+      return true;
+    }
+    auto success_callback = base::Bind(
+        base::IgnoreResult(&BrowserThread::PostTask), BrowserThread::FILE,
+        FROM_HERE,
+        base::Bind(&PageCaptureSaveAsMHTMLFunction::CreateTemporaryFile,
+                   base::Unretained(this)));

[Devlin, 2017/01/30 17:04:17]

explain why the unretained()s are safe.

Alternatively, ExtensionFunctions are ref-counted, so you could just pass |this|
directly.

[Ivan Šandrk, 2017/01/30 18:14:20]

Done.

+    auto failure_callback =
+        base::Bind(&PageCaptureSaveAsMHTMLFunction::ReturnFailure,
+                   base::Unretained(this), kUserDenied);
+    extensions::PublicSessionPermissionHelper::HandlePermissionRequest(
+        *extension(), {APIPermission::kPageCapture}, web_contents,
+        success_callback, failure_callback);
+    return true;
+  }
+#endif
+
   BrowserThread::PostTask(
       BrowserThread::FILE, FROM_HERE,
       base::Bind(&PageCaptureSaveAsMHTMLFunction::CreateTemporaryFile, this));