Implement origin specific Permissions Blacklisting.

chrome/browser/permissions/permission_context_base.cc

Index: chrome/browser/permissions/permission_context_base.cc
diff --git a/chrome/browser/permissions/permission_context_base.cc b/chrome/browser/permissions/permission_context_base.cc
index 5c99fbd3668796176b5a1b073fa2f16d013f9c3b..cb28f3587d944a5304b40999111b483c4e320da3 100644
--- a/chrome/browser/permissions/permission_context_base.cc
+++ b/chrome/browser/permissions/permission_context_base.cc
@@ -5,6 +5,9 @@
 #include "chrome/browser/permissions/permission_context_base.h"
 
 #include <stddef.h>
+
+#include <set>
+#include <string>
 #include <utility>
 
 #include "base/callback.h"
@@ -12,6 +15,7 @@
 #include "base/memory/ptr_util.h"
 #include "base/strings/stringprintf.h"
 #include "build/build_config.h"
+#include "chrome/browser/browser_process.h"
 #include "chrome/browser/content_settings/host_content_settings_map_factory.h"
 #include "chrome/browser/permissions/permission_decision_auto_blocker.h"
 #include "chrome/browser/permissions/permission_request.h"
@@ -21,10 +25,13 @@
 #include "chrome/browser/permissions/permission_uma_util.h"
 #include "chrome/browser/permissions/permission_util.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/safe_browsing/safe_browsing_service.h"
+#include "chrome/common/chrome_features.h"
 #include "chrome/common/pref_names.h"
 #include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "components/content_settings/core/browser/website_settings_registry.h"
 #include "components/prefs/pref_service.h"
+#include "components/safe_browsing_db/database_manager.h"
 #include "components/variations/variations_associated_data.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/render_frame_host.h"
@@ -43,6 +50,49 @@ const char PermissionContextBase::kPermissionsKillSwitchFieldStudy[] =
 const char PermissionContextBase::kPermissionsKillSwitchBlockedValue[] =
     "blocked";
 
+class PermissionsBlacklistSBClientImpl

[dominickn, 2016/12/07 04:34:29]

Add a comment above this class:

"The client used when checking whether a permission has been blacklisted by Safe
Browsing. The check is asynchronous and no state can be stored in
PermissionContextBase while it is in flight (since additional permission
requests may be made). Hence, the client is allocated on the heap and is
responsible for deleting itself when it is finished.

[meredithl, 2016/12/07 06:37:10]

Done.

+    : public safe_browsing::SafeBrowsingDatabaseManager::Client {
+ public:
+  PermissionsBlacklistSBClientImpl(
+      content::PermissionType permission_type,
+      const GURL& request_origin,
+      scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager,
+      base::Callback<void(bool)> callback)
+      : permission_type_(permission_type), callback_(callback) {
+    content::BrowserThread::PostTask(
+        content::BrowserThread::IO, FROM_HERE,
+        base::Bind(&PermissionsBlacklistSBClientImpl::StartCheck,
+                   base::Unretained(this), db_manager, request_origin));
+  }
+
+ private:
+  void StartCheck(
+      scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager,
+      const GURL& request_origin) {
+    DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+    db_manager->CheckApiBlacklistUrl(request_origin, this);
+  }
+
+  void OnCheckApiBlacklistUrlResult(
+      const GURL& url,
+      const safe_browsing::ThreatMetadata& metadata) override {
+    DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+    bool permission_blocked =
+        metadata.api_permissions.find(PermissionUtil::GetPermissionString(

[dominickn, 2016/12/07 04:34:29]

We need to verify that PermissionUtil::GetPermissionString has the right string.
Can you ping awoz@ again?

+            permission_type_)) != metadata.api_permissions.end();
+    // return to the callback with the result

[dominickn, 2016/12/07 04:34:29]

Nit: you can probably remove this comment.

[meredithl, 2016/12/07 06:37:10]

Done.

+    content::BrowserThread::PostTask(content::BrowserThread::UI, FROM_HERE,
+                                     base::Bind(callback_, permission_blocked));
+    // result has been received and posted, the client can now free itself

[dominickn, 2016/12/07 04:34:29]

Nit: "The result has been received, so this object can now delete itself"

[meredithl, 2016/12/07 06:37:10]

Done.

+    delete this;
+  }
+
+  ~PermissionsBlacklistSBClientImpl() override {}
+
+  content::PermissionType permission_type_;
+  base::Callback<void(bool)> callback_;
+};
+
 PermissionContextBase::PermissionContextBase(
     Profile* profile,
     const content::PermissionType permission_type,
@@ -69,7 +119,6 @@ void PermissionContextBase::RequestPermission(
     bool user_gesture,
     const BrowserPermissionCallback& callback) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);

[dominickn, 2016/12/07 04:34:29]

Nit: put these newlines back in. :)

-
   // First check if this permission has been disabled.
   if (IsPermissionKillSwitchOn()) {
     // Log to the developer console.
@@ -85,7 +134,6 @@ void PermissionContextBase::RequestPermission(
 
   GURL requesting_origin = requesting_frame.GetOrigin();
   GURL embedding_origin = web_contents->GetLastCommittedURL().GetOrigin();
-
   if (!requesting_origin.is_valid() || !embedding_origin.is_valid()) {
     std::string type_name =
         content_settings::WebsiteSettingsRegistry::GetInstance()
@@ -101,12 +149,55 @@ void PermissionContextBase::RequestPermission(
     return;
   }
 
+  scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> database_manager =
+      GetSafeBrowsingDatabaseManager();
+  if (base::FeatureList::IsEnabled(features::kPermissionsBlacklist) &&
+      database_manager) {
+    // The client will contact safe browsing, and invoke the callback with the

[dominickn, 2016/12/07 04:34:29]

Nit: "Safe Browsing"

[meredithl, 2016/12/07 06:37:11]

Done.

+    // result. This object will be freed once Safe Browsing has returned the
+    // results.
+    // TODO(meredithl): Check if Safe Browsing Service has timed out
+    new PermissionsBlacklistSBClientImpl(
+        permission_type_, requesting_origin, database_manager,
+        base::Bind(&PermissionContextBase::CheckPermissionsBlacklistResult,
+                   base::Unretained(this), web_contents, id, requesting_origin,
+                   embedding_origin, user_gesture, callback));
+  } else {
+    CheckPermissionsBlacklistResult(web_contents, id, requesting_origin,
+                                    embedding_origin, user_gesture, callback,
+                                    false);
+  }
+}
+
+void PermissionContextBase::CheckPermissionsBlacklistResult(
+    content::WebContents* web_contents,
+    const PermissionRequestID& id,
+    const GURL& requesting_origin,
+    const GURL& embedding_origin,
+    bool user_gesture,
+    const BrowserPermissionCallback& callback,
+    bool result) {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+  if (result) {
+    // Log to the developer console that this permission is auto blocked.

[dominickn, 2016/12/07 04:34:28]

Nit: the comment here is probably unnecessary.

[meredithl, 2016/12/07 06:37:10]

Done.

+    web_contents->GetMainFrame()->AddMessageToConsole(
+        content::CONSOLE_MESSAGE_LEVEL_LOG,
+        base::StringPrintf(
+            "%s permission has been auto-blocked.",
+            PermissionUtil::GetPermissionString(permission_type_).c_str()));
+    // Permission has been blacklisted, block the request.
+    callback.Run(CONTENT_SETTING_BLOCK);
+    return;
+  }
+
+  // Site is not blacklisted by Safe Browsing for the requested permission.
   ContentSetting content_setting =
       GetPermissionStatus(requesting_origin, embedding_origin);
   if (content_setting == CONTENT_SETTING_ALLOW) {
     HostContentSettingsMapFactory::GetForProfile(profile_)->UpdateLastUsage(
         requesting_origin, embedding_origin, content_settings_type_);
   }
+
   if (content_setting == CONTENT_SETTING_ALLOW ||
       content_setting == CONTENT_SETTING_BLOCK) {
     NotifyPermissionSet(id, requesting_origin, embedding_origin, callback,
@@ -318,3 +409,10 @@ bool PermissionContextBase::IsPermissionKillSwitchOn() const {
 
   return param == kPermissionsKillSwitchBlockedValue;
 }
+
+scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager>
+PermissionContextBase::GetSafeBrowsingDatabaseManager() {
+  safe_browsing::SafeBrowsingService* sb_service =
+      g_browser_process->safe_browsing_service();
+  return sb_service ? sb_service->database_manager() : nullptr;
+}