Chromium Code Reviews Chromium Code Reviews
Issue 2555913002:
Implement origin specific Permissions Blacklisting. (Closed)
| Index: chrome/browser/permissions/permission_context_base.cc |
| diff --git a/chrome/browser/permissions/permission_context_base.cc b/chrome/browser/permissions/permission_context_base.cc |
| index 5c99fbd3668796176b5a1b073fa2f16d013f9c3b..a461ab34566cc6c76f4987f5061c96c7e50e8521 100644 |
| --- a/chrome/browser/permissions/permission_context_base.cc |
| +++ b/chrome/browser/permissions/permission_context_base.cc |
| @@ -5,6 +5,9 @@ |
| #include "chrome/browser/permissions/permission_context_base.h" |
| #include <stddef.h> |
| + |
| +#include <set> |
| +#include <string> |
| #include <utility> |
| #include "base/callback.h" |
| @@ -12,6 +15,7 @@ |
| #include "base/memory/ptr_util.h" |
| #include "base/strings/stringprintf.h" |
| #include "build/build_config.h" |
| +#include "chrome/browser/browser_process.h" |
| #include "chrome/browser/content_settings/host_content_settings_map_factory.h" |
| #include "chrome/browser/permissions/permission_decision_auto_blocker.h" |
| #include "chrome/browser/permissions/permission_request.h" |
| @@ -21,10 +25,13 @@ |
| #include "chrome/browser/permissions/permission_uma_util.h" |
| #include "chrome/browser/permissions/permission_util.h" |
| #include "chrome/browser/profiles/profile.h" |
| +#include "chrome/browser/safe_browsing/safe_browsing_service.h" |
| +#include "chrome/common/chrome_features.h" |
| #include "chrome/common/pref_names.h" |
| #include "components/content_settings/core/browser/host_content_settings_map.h" |
| #include "components/content_settings/core/browser/website_settings_registry.h" |
| #include "components/prefs/pref_service.h" |
| +#include "components/safe_browsing_db/database_manager.h" |
| #include "components/variations/variations_associated_data.h" |
| #include "content/public/browser/browser_thread.h" |
| #include "content/public/browser/render_frame_host.h" |
| @@ -43,6 +50,54 @@ const char PermissionContextBase::kPermissionsKillSwitchFieldStudy[] = |
| const char PermissionContextBase::kPermissionsKillSwitchBlockedValue[] = |
| "blocked"; |
| +// The client used when checking whether a permission has been blacklisted by |
| +// Safe Browsing. The check is done asynchronously as no state can be stored in |
| +// PermissionContextBase while it is in flight (since additional permission |
| +// requests may be made). Hence, the client is heap allocated and is responsible |
| +// for deleting itself when it is finished. |
| +class PermissionsBlacklistSBClientImpl |
| + : public safe_browsing::SafeBrowsingDatabaseManager::Client { |
| + public: |
| + PermissionsBlacklistSBClientImpl( |
| + content::PermissionType permission_type, |
| + const GURL& request_origin, |
| + scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager, |
| + base::Callback<void(bool)> callback) |
| + : permission_type_(permission_type), callback_(callback) { |
| + content::BrowserThread::PostTask( |
| + content::BrowserThread::IO, FROM_HERE, |
| + base::Bind(&PermissionsBlacklistSBClientImpl::StartCheck, |
| + base::Unretained(this), db_manager, request_origin)); |
| + } |
| + |
| + private: |
| + void StartCheck( |
|
Nathan Parker
2016/12/12 19:02:25
Do this code properly handle the case where the we
meredithl
2016/12/15 00:15:44
Done.
meredithl
2016/12/15 00:15:45
Updated the client to inherit from WebContentsObse
|
| + scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager, |
| + const GURL& request_origin) { |
| + DCHECK_CURRENTLY_ON(content::BrowserThread::IO); |
| + db_manager->CheckApiBlacklistUrl(request_origin, this); |
| + } |
| + |
| + void OnCheckApiBlacklistUrlResult( |
| + const GURL& url, |
| + const safe_browsing::ThreatMetadata& metadata) override { |
| + DCHECK_CURRENTLY_ON(content::BrowserThread::IO); |
| + bool permission_blocked = |
| + metadata.api_permissions.find(PermissionUtil::GetPermissionString( |
| + permission_type_)) != metadata.api_permissions.end(); |
| + content::BrowserThread::PostTask(content::BrowserThread::UI, FROM_HERE, |
| + base::Bind(callback_, permission_blocked)); |
| + // The result has been received, so the object can now delete itself. |
| + delete this; |
|
Nathan Parker
2016/12/12 19:02:25
If you're going to have this obj own itself, you s
meredithl
2016/12/15 00:15:45
Done.
|
| + } |
| + |
| + ~PermissionsBlacklistSBClientImpl() override {} |
| + |
| + content::PermissionType permission_type_; |
| + base::Callback<void(bool)> callback_; |
| + // add timer as member |
| +}; |
| + |
| PermissionContextBase::PermissionContextBase( |
| Profile* profile, |
| const content::PermissionType permission_type, |
| @@ -101,12 +156,58 @@ void PermissionContextBase::RequestPermission( |
| return; |
| } |
| + scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> database_manager = |
| + GetSafeBrowsingDatabaseManager(); |
| + if (base::FeatureList::IsEnabled(features::kPermissionsBlacklist) && |
| + database_manager) { |
| + // The client will contact Safe Browsing, and invoke the callback with the |
| + // result. This object will be freed once Safe Browsing has returned the |
| + // results. |
| + // TODO(meredithl): Check if Safe Browsing Service has timed out |
| + new PermissionsBlacklistSBClientImpl( |
|
Nathan Parker
2016/12/12 19:02:25
A new'd bare pointer is kind of a red flag to me h
kcarattini
2016/12/13 01:49:51
I don't disagree with you. Could PermissionContext
meredithl
2016/12/15 00:15:44
We went with the static request to instantiate a n
meredithl
2016/12/15 00:15:45
Dom and I decided it was better to encapsulate as
|
| + permission_type_, requesting_origin, database_manager, |
| + base::Bind(&PermissionContextBase::CheckPermissionsBlacklistResult, |
| + base::Unretained(this), web_contents, id, requesting_origin, |
| + embedding_origin, user_gesture, callback)); |
| + } else { |
| + // TODO(meredithl) : add UMA metrics here. |
| + CheckPermissionsBlacklistResult(web_contents, id, requesting_origin, |
| + embedding_origin, user_gesture, callback, |
| + false); |
| + } |
| +} |
| + |
| +void PermissionContextBase::CheckPermissionsBlacklistResult( |
| + content::WebContents* web_contents, |
| + const PermissionRequestID& id, |
| + const GURL& requesting_origin, |
| + const GURL& embedding_origin, |
| + bool user_gesture, |
| + const BrowserPermissionCallback& callback, |
| + bool permission_blocked) { |
| + DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| + if (permission_blocked) { |
| + // TODO(meredithl) : add UMA metrics here. |
| + web_contents->GetMainFrame()->AddMessageToConsole( |
| + content::CONSOLE_MESSAGE_LEVEL_LOG, |
| + base::StringPrintf( |
| + "%s permission has been auto-blocked.", |
| + PermissionUtil::GetPermissionString(permission_type_).c_str())); |
| + // Permission has been blacklisted, block the request. |
| + // TODO(meredithl) : consider setting the content setting and persisting the |
| + // decision to block. |
| + callback.Run(CONTENT_SETTING_BLOCK); |
| + return; |
| + } |
| + |
| + // Site is not blacklisted by Safe Browsing for the requested permission. |
| ContentSetting content_setting = |
| GetPermissionStatus(requesting_origin, embedding_origin); |
| if (content_setting == CONTENT_SETTING_ALLOW) { |
| HostContentSettingsMapFactory::GetForProfile(profile_)->UpdateLastUsage( |
| requesting_origin, embedding_origin, content_settings_type_); |
| } |
| + |
| if (content_setting == CONTENT_SETTING_ALLOW || |
| content_setting == CONTENT_SETTING_BLOCK) { |
| NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
| @@ -318,3 +419,10 @@ bool PermissionContextBase::IsPermissionKillSwitchOn() const { |
| return param == kPermissionsKillSwitchBlockedValue; |
| } |
| + |
| +scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> |
| +PermissionContextBase::GetSafeBrowsingDatabaseManager() { |
| + safe_browsing::SafeBrowsingService* sb_service = |
| + g_browser_process->safe_browsing_service(); |
| + return sb_service ? sb_service->database_manager() : nullptr; |
| +} |
