OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/permissions/permission_context_base.h" | 5 #include "chrome/browser/permissions/permission_context_base.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | |
9 #include <set> | |
10 #include <string> | |
8 #include <utility> | 11 #include <utility> |
9 | 12 |
10 #include "base/callback.h" | 13 #include "base/callback.h" |
11 #include "base/logging.h" | 14 #include "base/logging.h" |
12 #include "base/memory/ptr_util.h" | 15 #include "base/memory/ptr_util.h" |
13 #include "base/strings/stringprintf.h" | 16 #include "base/strings/stringprintf.h" |
14 #include "build/build_config.h" | 17 #include "build/build_config.h" |
18 #include "chrome/browser/browser_process.h" | |
15 #include "chrome/browser/content_settings/host_content_settings_map_factory.h" | 19 #include "chrome/browser/content_settings/host_content_settings_map_factory.h" |
16 #include "chrome/browser/permissions/permission_decision_auto_blocker.h" | 20 #include "chrome/browser/permissions/permission_decision_auto_blocker.h" |
17 #include "chrome/browser/permissions/permission_request.h" | 21 #include "chrome/browser/permissions/permission_request.h" |
18 #include "chrome/browser/permissions/permission_request_id.h" | 22 #include "chrome/browser/permissions/permission_request_id.h" |
19 #include "chrome/browser/permissions/permission_request_impl.h" | 23 #include "chrome/browser/permissions/permission_request_impl.h" |
20 #include "chrome/browser/permissions/permission_request_manager.h" | 24 #include "chrome/browser/permissions/permission_request_manager.h" |
21 #include "chrome/browser/permissions/permission_uma_util.h" | 25 #include "chrome/browser/permissions/permission_uma_util.h" |
22 #include "chrome/browser/permissions/permission_util.h" | 26 #include "chrome/browser/permissions/permission_util.h" |
23 #include "chrome/browser/profiles/profile.h" | 27 #include "chrome/browser/profiles/profile.h" |
28 #include "chrome/browser/safe_browsing/safe_browsing_service.h" | |
29 #include "chrome/common/chrome_features.h" | |
24 #include "chrome/common/pref_names.h" | 30 #include "chrome/common/pref_names.h" |
25 #include "components/content_settings/core/browser/host_content_settings_map.h" | 31 #include "components/content_settings/core/browser/host_content_settings_map.h" |
26 #include "components/content_settings/core/browser/website_settings_registry.h" | 32 #include "components/content_settings/core/browser/website_settings_registry.h" |
27 #include "components/prefs/pref_service.h" | 33 #include "components/prefs/pref_service.h" |
34 #include "components/safe_browsing_db/database_manager.h" | |
28 #include "components/variations/variations_associated_data.h" | 35 #include "components/variations/variations_associated_data.h" |
29 #include "content/public/browser/browser_thread.h" | 36 #include "content/public/browser/browser_thread.h" |
30 #include "content/public/browser/render_frame_host.h" | 37 #include "content/public/browser/render_frame_host.h" |
31 #include "content/public/browser/web_contents.h" | 38 #include "content/public/browser/web_contents.h" |
32 #include "content/public/common/origin_util.h" | 39 #include "content/public/common/origin_util.h" |
33 #include "url/gurl.h" | 40 #include "url/gurl.h" |
34 | 41 |
35 #if defined(OS_ANDROID) | 42 #if defined(OS_ANDROID) |
36 #include "chrome/browser/permissions/permission_queue_controller.h" | 43 #include "chrome/browser/permissions/permission_queue_controller.h" |
37 #endif | 44 #endif |
38 | 45 |
39 // static | 46 // static |
40 const char PermissionContextBase::kPermissionsKillSwitchFieldStudy[] = | 47 const char PermissionContextBase::kPermissionsKillSwitchFieldStudy[] = |
41 "PermissionsKillSwitch"; | 48 "PermissionsKillSwitch"; |
42 // static | 49 // static |
43 const char PermissionContextBase::kPermissionsKillSwitchBlockedValue[] = | 50 const char PermissionContextBase::kPermissionsKillSwitchBlockedValue[] = |
44 "blocked"; | 51 "blocked"; |
45 | 52 |
53 // The client used when checking whether a permission has been blacklisted by | |
54 // Safe Browsing. The check is done asynchronously as no state can be stored in | |
55 // PermissionContextBase while it is in flight (since additional permission | |
56 // requests may be made). Hence, the client is heap allocated and is responsible | |
57 // for deleting itself when it is finished. | |
58 class PermissionsBlacklistSBClientImpl | |
59 : public safe_browsing::SafeBrowsingDatabaseManager::Client { | |
60 public: | |
61 PermissionsBlacklistSBClientImpl( | |
62 content::PermissionType permission_type, | |
63 const GURL& request_origin, | |
64 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager, | |
65 base::Callback<void(bool)> callback) | |
66 : permission_type_(permission_type), callback_(callback) { | |
67 content::BrowserThread::PostTask( | |
68 content::BrowserThread::IO, FROM_HERE, | |
69 base::Bind(&PermissionsBlacklistSBClientImpl::StartCheck, | |
70 base::Unretained(this), db_manager, request_origin)); | |
71 } | |
72 | |
73 private: | |
74 void StartCheck( | |
75 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager, | |
76 const GURL& request_origin) { | |
77 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); | |
78 db_manager->CheckApiBlacklistUrl(request_origin, this); | |
79 } | |
80 | |
81 void OnCheckApiBlacklistUrlResult( | |
82 const GURL& url, | |
83 const safe_browsing::ThreatMetadata& metadata) override { | |
84 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); | |
85 bool permission_blocked = | |
86 metadata.api_permissions.find(PermissionUtil::GetPermissionString( | |
87 permission_type_)) != metadata.api_permissions.end(); | |
88 content::BrowserThread::PostTask(content::BrowserThread::UI, FROM_HERE, | |
89 base::Bind(callback_, permission_blocked)); | |
90 // result has been received, so the object can now delete itself | |
dominickn
2016/12/08 00:04:03
Nit: "The result...", then full stop.
meredithl
2016/12/08 01:25:29
Done.
| |
91 delete this; | |
92 } | |
93 | |
94 ~PermissionsBlacklistSBClientImpl() override {} | |
95 | |
96 content::PermissionType permission_type_; | |
97 base::Callback<void(bool)> callback_; | |
98 }; | |
99 | |
46 PermissionContextBase::PermissionContextBase( | 100 PermissionContextBase::PermissionContextBase( |
47 Profile* profile, | 101 Profile* profile, |
48 const content::PermissionType permission_type, | 102 const content::PermissionType permission_type, |
49 const ContentSettingsType content_settings_type) | 103 const ContentSettingsType content_settings_type) |
50 : profile_(profile), | 104 : profile_(profile), |
51 permission_type_(permission_type), | 105 permission_type_(permission_type), |
52 content_settings_type_(content_settings_type), | 106 content_settings_type_(content_settings_type), |
53 weak_factory_(this) { | 107 weak_factory_(this) { |
54 #if defined(OS_ANDROID) | 108 #if defined(OS_ANDROID) |
55 permission_queue_controller_.reset(new PermissionQueueController( | 109 permission_queue_controller_.reset(new PermissionQueueController( |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
94 | 148 |
95 DVLOG(1) << "Attempt to use " << type_name | 149 DVLOG(1) << "Attempt to use " << type_name |
96 << " from an invalid URL: " << requesting_origin << "," | 150 << " from an invalid URL: " << requesting_origin << "," |
97 << embedding_origin << " (" << type_name | 151 << embedding_origin << " (" << type_name |
98 << " is not supported in popups)"; | 152 << " is not supported in popups)"; |
99 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, | 153 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
100 false /* persist */, CONTENT_SETTING_BLOCK); | 154 false /* persist */, CONTENT_SETTING_BLOCK); |
101 return; | 155 return; |
102 } | 156 } |
103 | 157 |
158 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> database_manager = | |
159 GetSafeBrowsingDatabaseManager(); | |
160 if (base::FeatureList::IsEnabled(features::kPermissionsBlacklist) && | |
161 database_manager) { | |
162 // The client will contact Safe Browsing, and invoke the callback with the | |
163 // result. This object will be freed once Safe Browsing has returned the | |
164 // results. | |
165 // TODO(meredithl): Check if Safe Browsing Service has timed out | |
166 new PermissionsBlacklistSBClientImpl( | |
167 permission_type_, requesting_origin, database_manager, | |
168 base::Bind(&PermissionContextBase::CheckPermissionsBlacklistResult, | |
169 base::Unretained(this), web_contents, id, requesting_origin, | |
170 embedding_origin, user_gesture, callback)); | |
171 } else { | |
172 CheckPermissionsBlacklistResult(web_contents, id, requesting_origin, | |
173 embedding_origin, user_gesture, callback, | |
174 false); | |
175 } | |
176 } | |
177 | |
178 void PermissionContextBase::CheckPermissionsBlacklistResult( | |
179 content::WebContents* web_contents, | |
180 const PermissionRequestID& id, | |
181 const GURL& requesting_origin, | |
182 const GURL& embedding_origin, | |
183 bool user_gesture, | |
184 const BrowserPermissionCallback& callback, | |
185 bool permission_blocked) { | |
186 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | |
187 if (permission_blocked) { | |
188 web_contents->GetMainFrame()->AddMessageToConsole( | |
189 content::CONSOLE_MESSAGE_LEVEL_LOG, | |
190 base::StringPrintf( | |
191 "%s permission has been auto-blocked.", | |
192 PermissionUtil::GetPermissionString(permission_type_).c_str())); | |
193 // Permission has been blacklisted, block the request. | |
194 callback.Run(CONTENT_SETTING_BLOCK); | |
195 return; | |
196 } | |
197 | |
198 // Site is not blacklisted by Safe Browsing for the requested permission. | |
104 ContentSetting content_setting = | 199 ContentSetting content_setting = |
105 GetPermissionStatus(requesting_origin, embedding_origin); | 200 GetPermissionStatus(requesting_origin, embedding_origin); |
106 if (content_setting == CONTENT_SETTING_ALLOW) { | 201 if (content_setting == CONTENT_SETTING_ALLOW) { |
107 HostContentSettingsMapFactory::GetForProfile(profile_)->UpdateLastUsage( | 202 HostContentSettingsMapFactory::GetForProfile(profile_)->UpdateLastUsage( |
108 requesting_origin, embedding_origin, content_settings_type_); | 203 requesting_origin, embedding_origin, content_settings_type_); |
109 } | 204 } |
205 | |
110 if (content_setting == CONTENT_SETTING_ALLOW || | 206 if (content_setting == CONTENT_SETTING_ALLOW || |
111 content_setting == CONTENT_SETTING_BLOCK) { | 207 content_setting == CONTENT_SETTING_BLOCK) { |
112 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, | 208 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
113 false /* persist */, content_setting); | 209 false /* persist */, content_setting); |
114 return; | 210 return; |
115 } | 211 } |
116 | 212 |
117 PermissionUmaUtil::PermissionRequested(permission_type_, requesting_origin, | 213 PermissionUmaUtil::PermissionRequested(permission_type_, requesting_origin, |
118 embedding_origin, profile_); | 214 embedding_origin, profile_); |
119 | 215 |
(...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
311 content_setting); | 407 content_setting); |
312 } | 408 } |
313 | 409 |
314 bool PermissionContextBase::IsPermissionKillSwitchOn() const { | 410 bool PermissionContextBase::IsPermissionKillSwitchOn() const { |
315 const std::string param = variations::GetVariationParamValue( | 411 const std::string param = variations::GetVariationParamValue( |
316 kPermissionsKillSwitchFieldStudy, | 412 kPermissionsKillSwitchFieldStudy, |
317 PermissionUtil::GetPermissionString(permission_type_)); | 413 PermissionUtil::GetPermissionString(permission_type_)); |
318 | 414 |
319 return param == kPermissionsKillSwitchBlockedValue; | 415 return param == kPermissionsKillSwitchBlockedValue; |
320 } | 416 } |
417 | |
418 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> | |
419 PermissionContextBase::GetSafeBrowsingDatabaseManager() { | |
420 safe_browsing::SafeBrowsingService* sb_service = | |
421 g_browser_process->safe_browsing_service(); | |
422 return sb_service ? sb_service->database_manager() : nullptr; | |
423 } | |
OLD | NEW |