Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/permissions/permission_context_base.h" | 5 #include "chrome/browser/permissions/permission_context_base.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | |
| 9 #include <set> | |
| 10 #include <string> | |
| 8 #include <utility> | 11 #include <utility> |
| 9 | 12 |
| 10 #include "base/callback.h" | 13 #include "base/callback.h" |
| 11 #include "base/logging.h" | 14 #include "base/logging.h" |
| 12 #include "base/memory/ptr_util.h" | 15 #include "base/memory/ptr_util.h" |
| 13 #include "base/strings/stringprintf.h" | 16 #include "base/strings/stringprintf.h" |
| 14 #include "build/build_config.h" | 17 #include "build/build_config.h" |
| 18 #include "chrome/browser/browser_process.h" | |
| 15 #include "chrome/browser/content_settings/host_content_settings_map_factory.h" | 19 #include "chrome/browser/content_settings/host_content_settings_map_factory.h" |
| 16 #include "chrome/browser/permissions/permission_decision_auto_blocker.h" | 20 #include "chrome/browser/permissions/permission_decision_auto_blocker.h" |
| 17 #include "chrome/browser/permissions/permission_request.h" | 21 #include "chrome/browser/permissions/permission_request.h" |
| 18 #include "chrome/browser/permissions/permission_request_id.h" | 22 #include "chrome/browser/permissions/permission_request_id.h" |
| 19 #include "chrome/browser/permissions/permission_request_impl.h" | 23 #include "chrome/browser/permissions/permission_request_impl.h" |
| 20 #include "chrome/browser/permissions/permission_request_manager.h" | 24 #include "chrome/browser/permissions/permission_request_manager.h" |
| 21 #include "chrome/browser/permissions/permission_uma_util.h" | 25 #include "chrome/browser/permissions/permission_uma_util.h" |
| 22 #include "chrome/browser/permissions/permission_util.h" | 26 #include "chrome/browser/permissions/permission_util.h" |
| 23 #include "chrome/browser/profiles/profile.h" | 27 #include "chrome/browser/profiles/profile.h" |
| 28 #include "chrome/browser/safe_browsing/safe_browsing_service.h" | |
| 29 #include "chrome/common/chrome_features.h" | |
| 24 #include "chrome/common/pref_names.h" | 30 #include "chrome/common/pref_names.h" |
| 25 #include "components/content_settings/core/browser/host_content_settings_map.h" | 31 #include "components/content_settings/core/browser/host_content_settings_map.h" |
| 26 #include "components/content_settings/core/browser/website_settings_registry.h" | 32 #include "components/content_settings/core/browser/website_settings_registry.h" |
| 27 #include "components/prefs/pref_service.h" | 33 #include "components/prefs/pref_service.h" |
| 34 #include "components/safe_browsing_db/database_manager.h" | |
| 28 #include "components/variations/variations_associated_data.h" | 35 #include "components/variations/variations_associated_data.h" |
| 29 #include "content/public/browser/browser_thread.h" | 36 #include "content/public/browser/browser_thread.h" |
| 30 #include "content/public/browser/render_frame_host.h" | 37 #include "content/public/browser/render_frame_host.h" |
| 31 #include "content/public/browser/web_contents.h" | 38 #include "content/public/browser/web_contents.h" |
| 32 #include "content/public/common/origin_util.h" | 39 #include "content/public/common/origin_util.h" |
| 33 #include "url/gurl.h" | 40 #include "url/gurl.h" |
| 34 | 41 |
| 35 #if defined(OS_ANDROID) | 42 #if defined(OS_ANDROID) |
| 36 #include "chrome/browser/permissions/permission_queue_controller.h" | 43 #include "chrome/browser/permissions/permission_queue_controller.h" |
| 37 #endif | 44 #endif |
| 38 | 45 |
| 39 // static | 46 // static |
| 40 const char PermissionContextBase::kPermissionsKillSwitchFieldStudy[] = | 47 const char PermissionContextBase::kPermissionsKillSwitchFieldStudy[] = |
| 41 "PermissionsKillSwitch"; | 48 "PermissionsKillSwitch"; |
| 42 // static | 49 // static |
| 43 const char PermissionContextBase::kPermissionsKillSwitchBlockedValue[] = | 50 const char PermissionContextBase::kPermissionsKillSwitchBlockedValue[] = |
| 44 "blocked"; | 51 "blocked"; |
| 45 | 52 |
| 53 // The client used when checking whether a permission has been blacklisted by | |
| 54 // Safe Browsing. The check is done asynchronously as no state can be stored in | |
| 55 // PermissionContextBase while it is in flight (since additional permission | |
| 56 // requests may be made). Hence, the client is heap allocated and is responsible | |
| 57 // for deleting itself when it is finished. | |
| 58 class PermissionsBlacklistSBClientImpl | |
| 59 : public safe_browsing::SafeBrowsingDatabaseManager::Client { | |
| 60 public: | |
| 61 PermissionsBlacklistSBClientImpl( | |
| 62 content::PermissionType permission_type, | |
| 63 const GURL& request_origin, | |
| 64 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager, | |
| 65 base::Callback<void(bool)> callback) | |
| 66 : permission_type_(permission_type), callback_(callback) { | |
| 67 content::BrowserThread::PostTask( | |
| 68 content::BrowserThread::IO, FROM_HERE, | |
| 69 base::Bind(&PermissionsBlacklistSBClientImpl::StartCheck, | |
| 70 base::Unretained(this), db_manager, request_origin)); | |
| 71 } | |
| 72 | |
| 73 private: | |
| 74 void StartCheck( | |
| 75 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager, | |
| 76 const GURL& request_origin) { | |
| 77 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); | |
| 78 db_manager->CheckApiBlacklistUrl(request_origin, this); | |
| 79 } | |
| 80 | |
| 81 void OnCheckApiBlacklistUrlResult( | |
| 82 const GURL& url, | |
| 83 const safe_browsing::ThreatMetadata& metadata) override { | |
| 84 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); | |
| 85 bool permission_blocked = | |
| 86 metadata.api_permissions.find(PermissionUtil::GetPermissionString( | |
| 87 permission_type_)) != metadata.api_permissions.end(); | |
| 88 content::BrowserThread::PostTask(content::BrowserThread::UI, FROM_HERE, | |
| 89 base::Bind(callback_, permission_blocked)); | |
| 90 // result has been received, so the object can now delete itself | |
|
dominickn
2016/12/08 00:04:03
Nit: "The result...", then full stop.
meredithl
2016/12/08 01:25:29
Done.
| |
| 91 delete this; | |
| 92 } | |
| 93 | |
| 94 ~PermissionsBlacklistSBClientImpl() override {} | |
| 95 | |
| 96 content::PermissionType permission_type_; | |
| 97 base::Callback<void(bool)> callback_; | |
| 98 }; | |
| 99 | |
| 46 PermissionContextBase::PermissionContextBase( | 100 PermissionContextBase::PermissionContextBase( |
| 47 Profile* profile, | 101 Profile* profile, |
| 48 const content::PermissionType permission_type, | 102 const content::PermissionType permission_type, |
| 49 const ContentSettingsType content_settings_type) | 103 const ContentSettingsType content_settings_type) |
| 50 : profile_(profile), | 104 : profile_(profile), |
| 51 permission_type_(permission_type), | 105 permission_type_(permission_type), |
| 52 content_settings_type_(content_settings_type), | 106 content_settings_type_(content_settings_type), |
| 53 weak_factory_(this) { | 107 weak_factory_(this) { |
| 54 #if defined(OS_ANDROID) | 108 #if defined(OS_ANDROID) |
| 55 permission_queue_controller_.reset(new PermissionQueueController( | 109 permission_queue_controller_.reset(new PermissionQueueController( |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 94 | 148 |
| 95 DVLOG(1) << "Attempt to use " << type_name | 149 DVLOG(1) << "Attempt to use " << type_name |
| 96 << " from an invalid URL: " << requesting_origin << "," | 150 << " from an invalid URL: " << requesting_origin << "," |
| 97 << embedding_origin << " (" << type_name | 151 << embedding_origin << " (" << type_name |
| 98 << " is not supported in popups)"; | 152 << " is not supported in popups)"; |
| 99 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, | 153 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
| 100 false /* persist */, CONTENT_SETTING_BLOCK); | 154 false /* persist */, CONTENT_SETTING_BLOCK); |
| 101 return; | 155 return; |
| 102 } | 156 } |
| 103 | 157 |
| 158 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> database_manager = | |
| 159 GetSafeBrowsingDatabaseManager(); | |
| 160 if (base::FeatureList::IsEnabled(features::kPermissionsBlacklist) && | |
| 161 database_manager) { | |
| 162 // The client will contact Safe Browsing, and invoke the callback with the | |
| 163 // result. This object will be freed once Safe Browsing has returned the | |
| 164 // results. | |
| 165 // TODO(meredithl): Check if Safe Browsing Service has timed out | |
| 166 new PermissionsBlacklistSBClientImpl( | |
| 167 permission_type_, requesting_origin, database_manager, | |
| 168 base::Bind(&PermissionContextBase::CheckPermissionsBlacklistResult, | |
| 169 base::Unretained(this), web_contents, id, requesting_origin, | |
| 170 embedding_origin, user_gesture, callback)); | |
| 171 } else { | |
| 172 CheckPermissionsBlacklistResult(web_contents, id, requesting_origin, | |
| 173 embedding_origin, user_gesture, callback, | |
| 174 false); | |
| 175 } | |
| 176 } | |
| 177 | |
| 178 void PermissionContextBase::CheckPermissionsBlacklistResult( | |
| 179 content::WebContents* web_contents, | |
| 180 const PermissionRequestID& id, | |
| 181 const GURL& requesting_origin, | |
| 182 const GURL& embedding_origin, | |
| 183 bool user_gesture, | |
| 184 const BrowserPermissionCallback& callback, | |
| 185 bool permission_blocked) { | |
| 186 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | |
| 187 if (permission_blocked) { | |
| 188 web_contents->GetMainFrame()->AddMessageToConsole( | |
| 189 content::CONSOLE_MESSAGE_LEVEL_LOG, | |
| 190 base::StringPrintf( | |
| 191 "%s permission has been auto-blocked.", | |
| 192 PermissionUtil::GetPermissionString(permission_type_).c_str())); | |
| 193 // Permission has been blacklisted, block the request. | |
| 194 callback.Run(CONTENT_SETTING_BLOCK); | |
| 195 return; | |
| 196 } | |
| 197 | |
| 198 // Site is not blacklisted by Safe Browsing for the requested permission. | |
| 104 ContentSetting content_setting = | 199 ContentSetting content_setting = |
| 105 GetPermissionStatus(requesting_origin, embedding_origin); | 200 GetPermissionStatus(requesting_origin, embedding_origin); |
| 106 if (content_setting == CONTENT_SETTING_ALLOW) { | 201 if (content_setting == CONTENT_SETTING_ALLOW) { |
| 107 HostContentSettingsMapFactory::GetForProfile(profile_)->UpdateLastUsage( | 202 HostContentSettingsMapFactory::GetForProfile(profile_)->UpdateLastUsage( |
| 108 requesting_origin, embedding_origin, content_settings_type_); | 203 requesting_origin, embedding_origin, content_settings_type_); |
| 109 } | 204 } |
| 205 | |
| 110 if (content_setting == CONTENT_SETTING_ALLOW || | 206 if (content_setting == CONTENT_SETTING_ALLOW || |
| 111 content_setting == CONTENT_SETTING_BLOCK) { | 207 content_setting == CONTENT_SETTING_BLOCK) { |
| 112 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, | 208 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
| 113 false /* persist */, content_setting); | 209 false /* persist */, content_setting); |
| 114 return; | 210 return; |
| 115 } | 211 } |
| 116 | 212 |
| 117 PermissionUmaUtil::PermissionRequested(permission_type_, requesting_origin, | 213 PermissionUmaUtil::PermissionRequested(permission_type_, requesting_origin, |
| 118 embedding_origin, profile_); | 214 embedding_origin, profile_); |
| 119 | 215 |
| (...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 311 content_setting); | 407 content_setting); |
| 312 } | 408 } |
| 313 | 409 |
| 314 bool PermissionContextBase::IsPermissionKillSwitchOn() const { | 410 bool PermissionContextBase::IsPermissionKillSwitchOn() const { |
| 315 const std::string param = variations::GetVariationParamValue( | 411 const std::string param = variations::GetVariationParamValue( |
| 316 kPermissionsKillSwitchFieldStudy, | 412 kPermissionsKillSwitchFieldStudy, |
| 317 PermissionUtil::GetPermissionString(permission_type_)); | 413 PermissionUtil::GetPermissionString(permission_type_)); |
| 318 | 414 |
| 319 return param == kPermissionsKillSwitchBlockedValue; | 415 return param == kPermissionsKillSwitchBlockedValue; |
| 320 } | 416 } |
| 417 | |
| 418 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> | |
| 419 PermissionContextBase::GetSafeBrowsingDatabaseManager() { | |
| 420 safe_browsing::SafeBrowsingService* sb_service = | |
| 421 g_browser_process->safe_browsing_service(); | |
| 422 return sb_service ? sb_service->database_manager() : nullptr; | |
| 423 } | |
| OLD | NEW |