OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/permissions/permission_context_base.h" | 5 #include "chrome/browser/permissions/permission_context_base.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | |
9 #include <set> | |
10 #include <string> | |
8 #include <utility> | 11 #include <utility> |
9 | 12 |
10 #include "base/callback.h" | 13 #include "base/callback.h" |
11 #include "base/logging.h" | 14 #include "base/logging.h" |
12 #include "base/memory/ptr_util.h" | 15 #include "base/memory/ptr_util.h" |
13 #include "base/strings/stringprintf.h" | 16 #include "base/strings/stringprintf.h" |
14 #include "build/build_config.h" | 17 #include "build/build_config.h" |
18 #include "chrome/browser/browser_process.h" | |
15 #include "chrome/browser/content_settings/host_content_settings_map_factory.h" | 19 #include "chrome/browser/content_settings/host_content_settings_map_factory.h" |
16 #include "chrome/browser/permissions/permission_decision_auto_blocker.h" | 20 #include "chrome/browser/permissions/permission_decision_auto_blocker.h" |
17 #include "chrome/browser/permissions/permission_request.h" | 21 #include "chrome/browser/permissions/permission_request.h" |
18 #include "chrome/browser/permissions/permission_request_id.h" | 22 #include "chrome/browser/permissions/permission_request_id.h" |
19 #include "chrome/browser/permissions/permission_request_impl.h" | 23 #include "chrome/browser/permissions/permission_request_impl.h" |
20 #include "chrome/browser/permissions/permission_request_manager.h" | 24 #include "chrome/browser/permissions/permission_request_manager.h" |
21 #include "chrome/browser/permissions/permission_uma_util.h" | 25 #include "chrome/browser/permissions/permission_uma_util.h" |
22 #include "chrome/browser/permissions/permission_util.h" | 26 #include "chrome/browser/permissions/permission_util.h" |
23 #include "chrome/browser/profiles/profile.h" | 27 #include "chrome/browser/profiles/profile.h" |
28 #include "chrome/browser/safe_browsing/safe_browsing_service.h" | |
29 #include "chrome/common/chrome_features.h" | |
24 #include "chrome/common/pref_names.h" | 30 #include "chrome/common/pref_names.h" |
25 #include "components/content_settings/core/browser/host_content_settings_map.h" | 31 #include "components/content_settings/core/browser/host_content_settings_map.h" |
26 #include "components/content_settings/core/browser/website_settings_registry.h" | 32 #include "components/content_settings/core/browser/website_settings_registry.h" |
27 #include "components/prefs/pref_service.h" | 33 #include "components/prefs/pref_service.h" |
34 #include "components/safe_browsing_db/database_manager.h" | |
28 #include "components/variations/variations_associated_data.h" | 35 #include "components/variations/variations_associated_data.h" |
29 #include "content/public/browser/browser_thread.h" | 36 #include "content/public/browser/browser_thread.h" |
30 #include "content/public/browser/render_frame_host.h" | 37 #include "content/public/browser/render_frame_host.h" |
31 #include "content/public/browser/web_contents.h" | 38 #include "content/public/browser/web_contents.h" |
32 #include "content/public/common/origin_util.h" | 39 #include "content/public/common/origin_util.h" |
33 #include "url/gurl.h" | 40 #include "url/gurl.h" |
34 | 41 |
35 #if defined(OS_ANDROID) | 42 #if defined(OS_ANDROID) |
36 #include "chrome/browser/permissions/permission_queue_controller.h" | 43 #include "chrome/browser/permissions/permission_queue_controller.h" |
37 #endif | 44 #endif |
38 | 45 |
39 // static | 46 // static |
40 const char PermissionContextBase::kPermissionsKillSwitchFieldStudy[] = | 47 const char PermissionContextBase::kPermissionsKillSwitchFieldStudy[] = |
41 "PermissionsKillSwitch"; | 48 "PermissionsKillSwitch"; |
42 // static | 49 // static |
43 const char PermissionContextBase::kPermissionsKillSwitchBlockedValue[] = | 50 const char PermissionContextBase::kPermissionsKillSwitchBlockedValue[] = |
44 "blocked"; | 51 "blocked"; |
45 | 52 |
53 class PermissionsBlacklistSBClientImpl | |
dominickn
2016/12/07 04:34:29
Add a comment above this class:
"The client used
meredithl
2016/12/07 06:37:10
Done.
| |
54 : public safe_browsing::SafeBrowsingDatabaseManager::Client { | |
55 public: | |
56 PermissionsBlacklistSBClientImpl( | |
57 content::PermissionType permission_type, | |
58 const GURL& request_origin, | |
59 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager, | |
60 base::Callback<void(bool)> callback) | |
61 : permission_type_(permission_type), callback_(callback) { | |
62 content::BrowserThread::PostTask( | |
63 content::BrowserThread::IO, FROM_HERE, | |
64 base::Bind(&PermissionsBlacklistSBClientImpl::StartCheck, | |
65 base::Unretained(this), db_manager, request_origin)); | |
66 } | |
67 | |
68 private: | |
69 void StartCheck( | |
70 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager, | |
71 const GURL& request_origin) { | |
72 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); | |
73 db_manager->CheckApiBlacklistUrl(request_origin, this); | |
74 } | |
75 | |
76 void OnCheckApiBlacklistUrlResult( | |
77 const GURL& url, | |
78 const safe_browsing::ThreatMetadata& metadata) override { | |
79 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); | |
80 bool permission_blocked = | |
81 metadata.api_permissions.find(PermissionUtil::GetPermissionString( | |
dominickn
2016/12/07 04:34:29
We need to verify that PermissionUtil::GetPermissi
| |
82 permission_type_)) != metadata.api_permissions.end(); | |
83 // return to the callback with the result | |
dominickn
2016/12/07 04:34:29
Nit: you can probably remove this comment.
meredithl
2016/12/07 06:37:10
Done.
| |
84 content::BrowserThread::PostTask(content::BrowserThread::UI, FROM_HERE, | |
85 base::Bind(callback_, permission_blocked)); | |
86 // result has been received and posted, the client can now free itself | |
dominickn
2016/12/07 04:34:29
Nit: "The result has been received, so this object
meredithl
2016/12/07 06:37:10
Done.
| |
87 delete this; | |
88 } | |
89 | |
90 ~PermissionsBlacklistSBClientImpl() override {} | |
91 | |
92 content::PermissionType permission_type_; | |
93 base::Callback<void(bool)> callback_; | |
94 }; | |
95 | |
46 PermissionContextBase::PermissionContextBase( | 96 PermissionContextBase::PermissionContextBase( |
47 Profile* profile, | 97 Profile* profile, |
48 const content::PermissionType permission_type, | 98 const content::PermissionType permission_type, |
49 const ContentSettingsType content_settings_type) | 99 const ContentSettingsType content_settings_type) |
50 : profile_(profile), | 100 : profile_(profile), |
51 permission_type_(permission_type), | 101 permission_type_(permission_type), |
52 content_settings_type_(content_settings_type), | 102 content_settings_type_(content_settings_type), |
53 weak_factory_(this) { | 103 weak_factory_(this) { |
54 #if defined(OS_ANDROID) | 104 #if defined(OS_ANDROID) |
55 permission_queue_controller_.reset(new PermissionQueueController( | 105 permission_queue_controller_.reset(new PermissionQueueController( |
56 profile_, permission_type_, content_settings_type_)); | 106 profile_, permission_type_, content_settings_type_)); |
57 #endif | 107 #endif |
58 PermissionDecisionAutoBlocker::UpdateFromVariations(); | 108 PermissionDecisionAutoBlocker::UpdateFromVariations(); |
59 } | 109 } |
60 | 110 |
61 PermissionContextBase::~PermissionContextBase() { | 111 PermissionContextBase::~PermissionContextBase() { |
62 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | 112 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
63 } | 113 } |
64 | 114 |
65 void PermissionContextBase::RequestPermission( | 115 void PermissionContextBase::RequestPermission( |
66 content::WebContents* web_contents, | 116 content::WebContents* web_contents, |
67 const PermissionRequestID& id, | 117 const PermissionRequestID& id, |
68 const GURL& requesting_frame, | 118 const GURL& requesting_frame, |
69 bool user_gesture, | 119 bool user_gesture, |
70 const BrowserPermissionCallback& callback) { | 120 const BrowserPermissionCallback& callback) { |
71 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | 121 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
dominickn
2016/12/07 04:34:29
Nit: put these newlines back in. :)
| |
72 | |
73 // First check if this permission has been disabled. | 122 // First check if this permission has been disabled. |
74 if (IsPermissionKillSwitchOn()) { | 123 if (IsPermissionKillSwitchOn()) { |
75 // Log to the developer console. | 124 // Log to the developer console. |
76 web_contents->GetMainFrame()->AddMessageToConsole( | 125 web_contents->GetMainFrame()->AddMessageToConsole( |
77 content::CONSOLE_MESSAGE_LEVEL_LOG, | 126 content::CONSOLE_MESSAGE_LEVEL_LOG, |
78 base::StringPrintf( | 127 base::StringPrintf( |
79 "%s permission has been blocked.", | 128 "%s permission has been blocked.", |
80 PermissionUtil::GetPermissionString(permission_type_).c_str())); | 129 PermissionUtil::GetPermissionString(permission_type_).c_str())); |
81 // The kill switch is enabled for this permission; Block all requests. | 130 // The kill switch is enabled for this permission; Block all requests. |
82 callback.Run(CONTENT_SETTING_BLOCK); | 131 callback.Run(CONTENT_SETTING_BLOCK); |
83 return; | 132 return; |
84 } | 133 } |
85 | 134 |
86 GURL requesting_origin = requesting_frame.GetOrigin(); | 135 GURL requesting_origin = requesting_frame.GetOrigin(); |
87 GURL embedding_origin = web_contents->GetLastCommittedURL().GetOrigin(); | 136 GURL embedding_origin = web_contents->GetLastCommittedURL().GetOrigin(); |
88 | |
89 if (!requesting_origin.is_valid() || !embedding_origin.is_valid()) { | 137 if (!requesting_origin.is_valid() || !embedding_origin.is_valid()) { |
90 std::string type_name = | 138 std::string type_name = |
91 content_settings::WebsiteSettingsRegistry::GetInstance() | 139 content_settings::WebsiteSettingsRegistry::GetInstance() |
92 ->Get(content_settings_type_) | 140 ->Get(content_settings_type_) |
93 ->name(); | 141 ->name(); |
94 | 142 |
95 DVLOG(1) << "Attempt to use " << type_name | 143 DVLOG(1) << "Attempt to use " << type_name |
96 << " from an invalid URL: " << requesting_origin << "," | 144 << " from an invalid URL: " << requesting_origin << "," |
97 << embedding_origin << " (" << type_name | 145 << embedding_origin << " (" << type_name |
98 << " is not supported in popups)"; | 146 << " is not supported in popups)"; |
99 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, | 147 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
100 false /* persist */, CONTENT_SETTING_BLOCK); | 148 false /* persist */, CONTENT_SETTING_BLOCK); |
101 return; | 149 return; |
102 } | 150 } |
103 | 151 |
152 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> database_manager = | |
153 GetSafeBrowsingDatabaseManager(); | |
154 if (base::FeatureList::IsEnabled(features::kPermissionsBlacklist) && | |
155 database_manager) { | |
156 // The client will contact safe browsing, and invoke the callback with the | |
dominickn
2016/12/07 04:34:29
Nit: "Safe Browsing"
meredithl
2016/12/07 06:37:11
Done.
| |
157 // result. This object will be freed once Safe Browsing has returned the | |
158 // results. | |
159 // TODO(meredithl): Check if Safe Browsing Service has timed out | |
160 new PermissionsBlacklistSBClientImpl( | |
161 permission_type_, requesting_origin, database_manager, | |
162 base::Bind(&PermissionContextBase::CheckPermissionsBlacklistResult, | |
163 base::Unretained(this), web_contents, id, requesting_origin, | |
164 embedding_origin, user_gesture, callback)); | |
165 } else { | |
166 CheckPermissionsBlacklistResult(web_contents, id, requesting_origin, | |
167 embedding_origin, user_gesture, callback, | |
168 false); | |
169 } | |
170 } | |
171 | |
172 void PermissionContextBase::CheckPermissionsBlacklistResult( | |
173 content::WebContents* web_contents, | |
174 const PermissionRequestID& id, | |
175 const GURL& requesting_origin, | |
176 const GURL& embedding_origin, | |
177 bool user_gesture, | |
178 const BrowserPermissionCallback& callback, | |
179 bool result) { | |
180 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | |
181 if (result) { | |
182 // Log to the developer console that this permission is auto blocked. | |
dominickn
2016/12/07 04:34:28
Nit: the comment here is probably unnecessary.
meredithl
2016/12/07 06:37:10
Done.
| |
183 web_contents->GetMainFrame()->AddMessageToConsole( | |
184 content::CONSOLE_MESSAGE_LEVEL_LOG, | |
185 base::StringPrintf( | |
186 "%s permission has been auto-blocked.", | |
187 PermissionUtil::GetPermissionString(permission_type_).c_str())); | |
188 // Permission has been blacklisted, block the request. | |
189 callback.Run(CONTENT_SETTING_BLOCK); | |
190 return; | |
191 } | |
192 | |
193 // Site is not blacklisted by Safe Browsing for the requested permission. | |
104 ContentSetting content_setting = | 194 ContentSetting content_setting = |
105 GetPermissionStatus(requesting_origin, embedding_origin); | 195 GetPermissionStatus(requesting_origin, embedding_origin); |
106 if (content_setting == CONTENT_SETTING_ALLOW) { | 196 if (content_setting == CONTENT_SETTING_ALLOW) { |
107 HostContentSettingsMapFactory::GetForProfile(profile_)->UpdateLastUsage( | 197 HostContentSettingsMapFactory::GetForProfile(profile_)->UpdateLastUsage( |
108 requesting_origin, embedding_origin, content_settings_type_); | 198 requesting_origin, embedding_origin, content_settings_type_); |
109 } | 199 } |
200 | |
110 if (content_setting == CONTENT_SETTING_ALLOW || | 201 if (content_setting == CONTENT_SETTING_ALLOW || |
111 content_setting == CONTENT_SETTING_BLOCK) { | 202 content_setting == CONTENT_SETTING_BLOCK) { |
112 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, | 203 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
113 false /* persist */, content_setting); | 204 false /* persist */, content_setting); |
114 return; | 205 return; |
115 } | 206 } |
116 | 207 |
117 PermissionUmaUtil::PermissionRequested(permission_type_, requesting_origin, | 208 PermissionUmaUtil::PermissionRequested(permission_type_, requesting_origin, |
118 embedding_origin, profile_); | 209 embedding_origin, profile_); |
119 | 210 |
(...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
311 content_setting); | 402 content_setting); |
312 } | 403 } |
313 | 404 |
314 bool PermissionContextBase::IsPermissionKillSwitchOn() const { | 405 bool PermissionContextBase::IsPermissionKillSwitchOn() const { |
315 const std::string param = variations::GetVariationParamValue( | 406 const std::string param = variations::GetVariationParamValue( |
316 kPermissionsKillSwitchFieldStudy, | 407 kPermissionsKillSwitchFieldStudy, |
317 PermissionUtil::GetPermissionString(permission_type_)); | 408 PermissionUtil::GetPermissionString(permission_type_)); |
318 | 409 |
319 return param == kPermissionsKillSwitchBlockedValue; | 410 return param == kPermissionsKillSwitchBlockedValue; |
320 } | 411 } |
412 | |
413 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> | |
414 PermissionContextBase::GetSafeBrowsingDatabaseManager() { | |
415 safe_browsing::SafeBrowsingService* sb_service = | |
416 g_browser_process->safe_browsing_service(); | |
417 return sb_service ? sb_service->database_manager() : nullptr; | |
418 } | |
OLD | NEW |