Implement origin specific Permissions Blacklisting.

chrome/browser/permissions/permission_context_base.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/permissions/permission_context_base.h"
 
 #include <stddef.h>
+
+#include <set>
+#include <string>
 #include <utility>
 
 #include "base/callback.h"
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
 #include "base/strings/stringprintf.h"
 #include "build/build_config.h"
+#include "chrome/browser/browser_process.h"
 #include "chrome/browser/content_settings/host_content_settings_map_factory.h"
 #include "chrome/browser/permissions/permission_decision_auto_blocker.h"
 #include "chrome/browser/permissions/permission_request.h"
 #include "chrome/browser/permissions/permission_request_id.h"
 #include "chrome/browser/permissions/permission_request_impl.h"
 #include "chrome/browser/permissions/permission_request_manager.h"
 #include "chrome/browser/permissions/permission_uma_util.h"
 #include "chrome/browser/permissions/permission_util.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/safe_browsing/safe_browsing_service.h"
+#include "chrome/common/chrome_features.h"
 #include "chrome/common/pref_names.h"
 #include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "components/content_settings/core/browser/website_settings_registry.h"
 #include "components/prefs/pref_service.h"
+#include "components/safe_browsing_db/database_manager.h"
 #include "components/variations/variations_associated_data.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/origin_util.h"
 #include "url/gurl.h"
 
 #if defined(OS_ANDROID)
 #include "chrome/browser/permissions/permission_queue_controller.h"
 #endif
 
 // static
 const char PermissionContextBase::kPermissionsKillSwitchFieldStudy[] =
     "PermissionsKillSwitch";
 // static
 const char PermissionContextBase::kPermissionsKillSwitchBlockedValue[] =
     "blocked";
 
+class PermissionsBlacklistSBClientImpl

[dominickn, 2016/12/07 04:34:29]

Add a comment above this class:

"The client used when checking whether a permission has been blacklisted by Safe
Browsing. The check is asynchronous and no state can be stored in
PermissionContextBase while it is in flight (since additional permission
requests may be made). Hence, the client is allocated on the heap and is
responsible for deleting itself when it is finished.

[meredithl, 2016/12/07 06:37:10]

Done.

+    : public safe_browsing::SafeBrowsingDatabaseManager::Client {
+ public:
+  PermissionsBlacklistSBClientImpl(
+      content::PermissionType permission_type,
+      const GURL& request_origin,
+      scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager,
+      base::Callback<void(bool)> callback)
+      : permission_type_(permission_type), callback_(callback) {
+    content::BrowserThread::PostTask(
+        content::BrowserThread::IO, FROM_HERE,
+        base::Bind(&PermissionsBlacklistSBClientImpl::StartCheck,
+                   base::Unretained(this), db_manager, request_origin));
+  }
+
+ private:
+  void StartCheck(
+      scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager,
+      const GURL& request_origin) {
+    DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+    db_manager->CheckApiBlacklistUrl(request_origin, this);
+  }
+
+  void OnCheckApiBlacklistUrlResult(
+      const GURL& url,
+      const safe_browsing::ThreatMetadata& metadata) override {
+    DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+    bool permission_blocked =
+        metadata.api_permissions.find(PermissionUtil::GetPermissionString(

[dominickn, 2016/12/07 04:34:29]

We need to verify that PermissionUtil::GetPermissionString has the right string.
Can you ping awoz@ again?

+            permission_type_)) != metadata.api_permissions.end();
+    // return to the callback with the result

[dominickn, 2016/12/07 04:34:29]

Nit: you can probably remove this comment.

[meredithl, 2016/12/07 06:37:10]

Done.

+    content::BrowserThread::PostTask(content::BrowserThread::UI, FROM_HERE,
+                                     base::Bind(callback_, permission_blocked));
+    // result has been received and posted, the client can now free itself

[dominickn, 2016/12/07 04:34:29]

Nit: "The result has been received, so this object can now delete itself"

[meredithl, 2016/12/07 06:37:10]

Done.

+    delete this;
+  }
+
+  ~PermissionsBlacklistSBClientImpl() override {}
+
+  content::PermissionType permission_type_;
+  base::Callback<void(bool)> callback_;
+};
+
 PermissionContextBase::PermissionContextBase(
     Profile* profile,
     const content::PermissionType permission_type,
     const ContentSettingsType content_settings_type)
     : profile_(profile),
       permission_type_(permission_type),
       content_settings_type_(content_settings_type),
       weak_factory_(this) {
 #if defined(OS_ANDROID)
   permission_queue_controller_.reset(new PermissionQueueController(
       profile_, permission_type_, content_settings_type_));
 #endif
   PermissionDecisionAutoBlocker::UpdateFromVariations();
 }
 
 PermissionContextBase::~PermissionContextBase() {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
 }
 
 void PermissionContextBase::RequestPermission(
     content::WebContents* web_contents,
     const PermissionRequestID& id,
     const GURL& requesting_frame,
     bool user_gesture,
     const BrowserPermissionCallback& callback) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);

[dominickn, 2016/12/07 04:34:29]

Nit: put these newlines back in. :)

-
   // First check if this permission has been disabled.
   if (IsPermissionKillSwitchOn()) {
     // Log to the developer console.
     web_contents->GetMainFrame()->AddMessageToConsole(
         content::CONSOLE_MESSAGE_LEVEL_LOG,
         base::StringPrintf(
             "%s permission has been blocked.",
             PermissionUtil::GetPermissionString(permission_type_).c_str()));
     // The kill switch is enabled for this permission; Block all requests.
     callback.Run(CONTENT_SETTING_BLOCK);
     return;
   }
 
   GURL requesting_origin = requesting_frame.GetOrigin();
   GURL embedding_origin = web_contents->GetLastCommittedURL().GetOrigin();
-
   if (!requesting_origin.is_valid() || !embedding_origin.is_valid()) {
     std::string type_name =
         content_settings::WebsiteSettingsRegistry::GetInstance()
             ->Get(content_settings_type_)
             ->name();
 
     DVLOG(1) << "Attempt to use " << type_name
              << " from an invalid URL: " << requesting_origin << ","
              << embedding_origin << " (" << type_name
              << " is not supported in popups)";
     NotifyPermissionSet(id, requesting_origin, embedding_origin, callback,
                         false /* persist */, CONTENT_SETTING_BLOCK);
     return;
   }
 
+  scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> database_manager =
+      GetSafeBrowsingDatabaseManager();
+  if (base::FeatureList::IsEnabled(features::kPermissionsBlacklist) &&
+      database_manager) {
+    // The client will contact safe browsing, and invoke the callback with the

[dominickn, 2016/12/07 04:34:29]

Nit: "Safe Browsing"

[meredithl, 2016/12/07 06:37:11]

Done.

+    // result. This object will be freed once Safe Browsing has returned the
+    // results.
+    // TODO(meredithl): Check if Safe Browsing Service has timed out
+    new PermissionsBlacklistSBClientImpl(
+        permission_type_, requesting_origin, database_manager,
+        base::Bind(&PermissionContextBase::CheckPermissionsBlacklistResult,
+                   base::Unretained(this), web_contents, id, requesting_origin,
+                   embedding_origin, user_gesture, callback));
+  } else {
+    CheckPermissionsBlacklistResult(web_contents, id, requesting_origin,
+                                    embedding_origin, user_gesture, callback,
+                                    false);
+  }
+}
+
+void PermissionContextBase::CheckPermissionsBlacklistResult(
+    content::WebContents* web_contents,
+    const PermissionRequestID& id,
+    const GURL& requesting_origin,
+    const GURL& embedding_origin,
+    bool user_gesture,
+    const BrowserPermissionCallback& callback,
+    bool result) {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+  if (result) {
+    // Log to the developer console that this permission is auto blocked.

[dominickn, 2016/12/07 04:34:28]

Nit: the comment here is probably unnecessary.

[meredithl, 2016/12/07 06:37:10]

Done.

+    web_contents->GetMainFrame()->AddMessageToConsole(
+        content::CONSOLE_MESSAGE_LEVEL_LOG,
+        base::StringPrintf(
+            "%s permission has been auto-blocked.",
+            PermissionUtil::GetPermissionString(permission_type_).c_str()));
+    // Permission has been blacklisted, block the request.
+    callback.Run(CONTENT_SETTING_BLOCK);
+    return;
+  }
+
+  // Site is not blacklisted by Safe Browsing for the requested permission.
   ContentSetting content_setting =
       GetPermissionStatus(requesting_origin, embedding_origin);
   if (content_setting == CONTENT_SETTING_ALLOW) {
     HostContentSettingsMapFactory::GetForProfile(profile_)->UpdateLastUsage(
         requesting_origin, embedding_origin, content_settings_type_);
   }
+
   if (content_setting == CONTENT_SETTING_ALLOW ||
       content_setting == CONTENT_SETTING_BLOCK) {
     NotifyPermissionSet(id, requesting_origin, embedding_origin, callback,
                         false /* persist */, content_setting);
     return;
   }
 
   PermissionUmaUtil::PermissionRequested(permission_type_, requesting_origin,
                                          embedding_origin, profile_);
 
@@ skipping 191 matching lines @@
                                       content_setting);
 }
 
 bool PermissionContextBase::IsPermissionKillSwitchOn() const {
   const std::string param = variations::GetVariationParamValue(
       kPermissionsKillSwitchFieldStudy,
       PermissionUtil::GetPermissionString(permission_type_));
 
   return param == kPermissionsKillSwitchBlockedValue;
 }
+
+scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager>
+PermissionContextBase::GetSafeBrowsingDatabaseManager() {
+  safe_browsing::SafeBrowsingService* sb_service =
+      g_browser_process->safe_browsing_service();
+  return sb_service ? sb_service->database_manager() : nullptr;
+}