OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/permissions/permission_context_base.h" | 5 #include "chrome/browser/permissions/permission_context_base.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | |
9 #include <set> | |
10 #include <string> | |
8 #include <utility> | 11 #include <utility> |
9 | 12 |
10 #include "base/callback.h" | 13 #include "base/callback.h" |
11 #include "base/logging.h" | 14 #include "base/logging.h" |
12 #include "base/memory/ptr_util.h" | 15 #include "base/memory/ptr_util.h" |
13 #include "base/strings/stringprintf.h" | 16 #include "base/strings/stringprintf.h" |
14 #include "build/build_config.h" | 17 #include "build/build_config.h" |
18 #include "chrome/browser/browser_process.h" | |
15 #include "chrome/browser/content_settings/host_content_settings_map_factory.h" | 19 #include "chrome/browser/content_settings/host_content_settings_map_factory.h" |
16 #include "chrome/browser/permissions/permission_decision_auto_blocker.h" | 20 #include "chrome/browser/permissions/permission_decision_auto_blocker.h" |
17 #include "chrome/browser/permissions/permission_request.h" | 21 #include "chrome/browser/permissions/permission_request.h" |
18 #include "chrome/browser/permissions/permission_request_id.h" | 22 #include "chrome/browser/permissions/permission_request_id.h" |
19 #include "chrome/browser/permissions/permission_request_impl.h" | 23 #include "chrome/browser/permissions/permission_request_impl.h" |
20 #include "chrome/browser/permissions/permission_request_manager.h" | 24 #include "chrome/browser/permissions/permission_request_manager.h" |
21 #include "chrome/browser/permissions/permission_uma_util.h" | 25 #include "chrome/browser/permissions/permission_uma_util.h" |
22 #include "chrome/browser/permissions/permission_util.h" | 26 #include "chrome/browser/permissions/permission_util.h" |
23 #include "chrome/browser/profiles/profile.h" | 27 #include "chrome/browser/profiles/profile.h" |
28 #include "chrome/browser/safe_browsing/safe_browsing_service.h" | |
29 #include "chrome/common/chrome_features.h" | |
24 #include "chrome/common/pref_names.h" | 30 #include "chrome/common/pref_names.h" |
25 #include "components/content_settings/core/browser/host_content_settings_map.h" | 31 #include "components/content_settings/core/browser/host_content_settings_map.h" |
26 #include "components/content_settings/core/browser/website_settings_registry.h" | 32 #include "components/content_settings/core/browser/website_settings_registry.h" |
27 #include "components/prefs/pref_service.h" | 33 #include "components/prefs/pref_service.h" |
34 #include "components/safe_browsing_db/database_manager.h" | |
28 #include "components/variations/variations_associated_data.h" | 35 #include "components/variations/variations_associated_data.h" |
29 #include "content/public/browser/browser_thread.h" | 36 #include "content/public/browser/browser_thread.h" |
30 #include "content/public/browser/render_frame_host.h" | 37 #include "content/public/browser/render_frame_host.h" |
31 #include "content/public/browser/web_contents.h" | 38 #include "content/public/browser/web_contents.h" |
32 #include "content/public/common/origin_util.h" | 39 #include "content/public/common/origin_util.h" |
33 #include "url/gurl.h" | 40 #include "url/gurl.h" |
34 | 41 |
35 #if defined(OS_ANDROID) | 42 #if defined(OS_ANDROID) |
36 #include "chrome/browser/permissions/permission_queue_controller.h" | 43 #include "chrome/browser/permissions/permission_queue_controller.h" |
37 #endif | 44 #endif |
38 | 45 |
39 // static | 46 // static |
40 const char PermissionContextBase::kPermissionsKillSwitchFieldStudy[] = | 47 const char PermissionContextBase::kPermissionsKillSwitchFieldStudy[] = |
41 "PermissionsKillSwitch"; | 48 "PermissionsKillSwitch"; |
42 // static | 49 // static |
43 const char PermissionContextBase::kPermissionsKillSwitchBlockedValue[] = | 50 const char PermissionContextBase::kPermissionsKillSwitchBlockedValue[] = |
44 "blocked"; | 51 "blocked"; |
45 | 52 |
53 // The client used when checking whether a permission has been blacklisted by | |
54 // Safe Browsing. The check is done asynchronously as no state can be stored in | |
55 // PermissionContextBase while it is in flight (since additional permission | |
56 // requests may be made). Hence, the client is heap allocated and is responsible | |
57 // for deleting itself when it is finished. | |
58 class PermissionsBlacklistSBClientImpl | |
59 : public safe_browsing::SafeBrowsingDatabaseManager::Client { | |
60 public: | |
61 PermissionsBlacklistSBClientImpl( | |
62 content::PermissionType permission_type, | |
63 const GURL& request_origin, | |
64 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager, | |
65 base::Callback<void(bool)> callback) | |
66 : permission_type_(permission_type), callback_(callback) { | |
67 content::BrowserThread::PostTask( | |
68 content::BrowserThread::IO, FROM_HERE, | |
69 base::Bind(&PermissionsBlacklistSBClientImpl::StartCheck, | |
70 base::Unretained(this), db_manager, request_origin)); | |
71 } | |
72 | |
73 private: | |
74 void StartCheck( | |
Nathan Parker
2016/12/12 19:02:25
Do this code properly handle the case where the we
meredithl
2016/12/15 00:15:44
Done.
meredithl
2016/12/15 00:15:45
Updated the client to inherit from WebContentsObse
| |
75 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager, | |
76 const GURL& request_origin) { | |
77 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); | |
78 db_manager->CheckApiBlacklistUrl(request_origin, this); | |
79 } | |
80 | |
81 void OnCheckApiBlacklistUrlResult( | |
82 const GURL& url, | |
83 const safe_browsing::ThreatMetadata& metadata) override { | |
84 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); | |
85 bool permission_blocked = | |
86 metadata.api_permissions.find(PermissionUtil::GetPermissionString( | |
87 permission_type_)) != metadata.api_permissions.end(); | |
88 content::BrowserThread::PostTask(content::BrowserThread::UI, FROM_HERE, | |
89 base::Bind(callback_, permission_blocked)); | |
90 // The result has been received, so the object can now delete itself. | |
91 delete this; | |
Nathan Parker
2016/12/12 19:02:25
If you're going to have this obj own itself, you s
meredithl
2016/12/15 00:15:45
Done.
| |
92 } | |
93 | |
94 ~PermissionsBlacklistSBClientImpl() override {} | |
95 | |
96 content::PermissionType permission_type_; | |
97 base::Callback<void(bool)> callback_; | |
98 // add timer as member | |
99 }; | |
100 | |
46 PermissionContextBase::PermissionContextBase( | 101 PermissionContextBase::PermissionContextBase( |
47 Profile* profile, | 102 Profile* profile, |
48 const content::PermissionType permission_type, | 103 const content::PermissionType permission_type, |
49 const ContentSettingsType content_settings_type) | 104 const ContentSettingsType content_settings_type) |
50 : profile_(profile), | 105 : profile_(profile), |
51 permission_type_(permission_type), | 106 permission_type_(permission_type), |
52 content_settings_type_(content_settings_type), | 107 content_settings_type_(content_settings_type), |
53 weak_factory_(this) { | 108 weak_factory_(this) { |
54 #if defined(OS_ANDROID) | 109 #if defined(OS_ANDROID) |
55 permission_queue_controller_.reset(new PermissionQueueController( | 110 permission_queue_controller_.reset(new PermissionQueueController( |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
94 | 149 |
95 DVLOG(1) << "Attempt to use " << type_name | 150 DVLOG(1) << "Attempt to use " << type_name |
96 << " from an invalid URL: " << requesting_origin << "," | 151 << " from an invalid URL: " << requesting_origin << "," |
97 << embedding_origin << " (" << type_name | 152 << embedding_origin << " (" << type_name |
98 << " is not supported in popups)"; | 153 << " is not supported in popups)"; |
99 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, | 154 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
100 false /* persist */, CONTENT_SETTING_BLOCK); | 155 false /* persist */, CONTENT_SETTING_BLOCK); |
101 return; | 156 return; |
102 } | 157 } |
103 | 158 |
159 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> database_manager = | |
160 GetSafeBrowsingDatabaseManager(); | |
161 if (base::FeatureList::IsEnabled(features::kPermissionsBlacklist) && | |
162 database_manager) { | |
163 // The client will contact Safe Browsing, and invoke the callback with the | |
164 // result. This object will be freed once Safe Browsing has returned the | |
165 // results. | |
166 // TODO(meredithl): Check if Safe Browsing Service has timed out | |
167 new PermissionsBlacklistSBClientImpl( | |
Nathan Parker
2016/12/12 19:02:25
A new'd bare pointer is kind of a red flag to me h
kcarattini
2016/12/13 01:49:51
I don't disagree with you. Could PermissionContext
meredithl
2016/12/15 00:15:44
We went with the static request to instantiate a n
meredithl
2016/12/15 00:15:45
Dom and I decided it was better to encapsulate as
| |
168 permission_type_, requesting_origin, database_manager, | |
169 base::Bind(&PermissionContextBase::CheckPermissionsBlacklistResult, | |
170 base::Unretained(this), web_contents, id, requesting_origin, | |
171 embedding_origin, user_gesture, callback)); | |
172 } else { | |
173 // TODO(meredithl) : add UMA metrics here. | |
174 CheckPermissionsBlacklistResult(web_contents, id, requesting_origin, | |
175 embedding_origin, user_gesture, callback, | |
176 false); | |
177 } | |
178 } | |
179 | |
180 void PermissionContextBase::CheckPermissionsBlacklistResult( | |
181 content::WebContents* web_contents, | |
182 const PermissionRequestID& id, | |
183 const GURL& requesting_origin, | |
184 const GURL& embedding_origin, | |
185 bool user_gesture, | |
186 const BrowserPermissionCallback& callback, | |
187 bool permission_blocked) { | |
188 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | |
189 if (permission_blocked) { | |
190 // TODO(meredithl) : add UMA metrics here. | |
191 web_contents->GetMainFrame()->AddMessageToConsole( | |
192 content::CONSOLE_MESSAGE_LEVEL_LOG, | |
193 base::StringPrintf( | |
194 "%s permission has been auto-blocked.", | |
195 PermissionUtil::GetPermissionString(permission_type_).c_str())); | |
196 // Permission has been blacklisted, block the request. | |
197 // TODO(meredithl) : consider setting the content setting and persisting the | |
198 // decision to block. | |
199 callback.Run(CONTENT_SETTING_BLOCK); | |
200 return; | |
201 } | |
202 | |
203 // Site is not blacklisted by Safe Browsing for the requested permission. | |
104 ContentSetting content_setting = | 204 ContentSetting content_setting = |
105 GetPermissionStatus(requesting_origin, embedding_origin); | 205 GetPermissionStatus(requesting_origin, embedding_origin); |
106 if (content_setting == CONTENT_SETTING_ALLOW) { | 206 if (content_setting == CONTENT_SETTING_ALLOW) { |
107 HostContentSettingsMapFactory::GetForProfile(profile_)->UpdateLastUsage( | 207 HostContentSettingsMapFactory::GetForProfile(profile_)->UpdateLastUsage( |
108 requesting_origin, embedding_origin, content_settings_type_); | 208 requesting_origin, embedding_origin, content_settings_type_); |
109 } | 209 } |
210 | |
110 if (content_setting == CONTENT_SETTING_ALLOW || | 211 if (content_setting == CONTENT_SETTING_ALLOW || |
111 content_setting == CONTENT_SETTING_BLOCK) { | 212 content_setting == CONTENT_SETTING_BLOCK) { |
112 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, | 213 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
113 false /* persist */, content_setting); | 214 false /* persist */, content_setting); |
114 return; | 215 return; |
115 } | 216 } |
116 | 217 |
117 PermissionUmaUtil::PermissionRequested(permission_type_, requesting_origin, | 218 PermissionUmaUtil::PermissionRequested(permission_type_, requesting_origin, |
118 embedding_origin, profile_); | 219 embedding_origin, profile_); |
119 | 220 |
(...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
311 content_setting); | 412 content_setting); |
312 } | 413 } |
313 | 414 |
314 bool PermissionContextBase::IsPermissionKillSwitchOn() const { | 415 bool PermissionContextBase::IsPermissionKillSwitchOn() const { |
315 const std::string param = variations::GetVariationParamValue( | 416 const std::string param = variations::GetVariationParamValue( |
316 kPermissionsKillSwitchFieldStudy, | 417 kPermissionsKillSwitchFieldStudy, |
317 PermissionUtil::GetPermissionString(permission_type_)); | 418 PermissionUtil::GetPermissionString(permission_type_)); |
318 | 419 |
319 return param == kPermissionsKillSwitchBlockedValue; | 420 return param == kPermissionsKillSwitchBlockedValue; |
320 } | 421 } |
422 | |
423 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> | |
424 PermissionContextBase::GetSafeBrowsingDatabaseManager() { | |
425 safe_browsing::SafeBrowsingService* sb_service = | |
426 g_browser_process->safe_browsing_service(); | |
427 return sb_service ? sb_service->database_manager() : nullptr; | |
428 } | |
OLD | NEW |