Chromium Code Reviews Chromium Code Reviews
Issue 2558843002:
Public Sessions - prompt the user for tabCapture requests (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/extensions/device_local_account_management_pol icy_provider.h" | 5 #include "chrome/browser/chromeos/extensions/device_local_account_management_pol icy_provider.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <cstddef> | 9 #include <cstddef> |
| 10 #include <string> | 10 #include <string> |
| (...skipping 433 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 444 // This would provie access to auth cookies, so needs to be blocked. | 444 // This would provie access to auth cookies, so needs to be blocked. |
| 445 // "cookies", | 445 // "cookies", |
| 446 | 446 |
| 447 // Provides access to the DOM, so block. | 447 // Provides access to the DOM, so block. |
| 448 // "debugger", | 448 // "debugger", |
| 449 | 449 |
| 450 // This is mostly fine, but has a RequestContentScript action that'd allow | 450 // This is mostly fine, but has a RequestContentScript action that'd allow |
| 451 // access to page content, which we can't allow. | 451 // access to page content, which we can't allow. |
| 452 // "declarativeContent", | 452 // "declarativeContent", |
| 453 | 453 |
| 454 // Allow, but either (1) ask user for confirmation or (2) return blank | 454 // User is prompted when an extension requests desktopCapture whether they |
| 455 // capture. | 455 // want to allow it. The request is made through |
| 456 // "desktopCapture", | 456 // chrome.desktopCapture.chooseDesktopMedia call. |
| 457 "desktopCapture", | |
|
Sergey Ulanov
2016/12/08 05:10:35
Please mention this change in the CL description.
Ivan Šandrk
2016/12/08 14:10:25
Done.
| |
| 457 | 458 |
| 458 // Haven't checked in detail what this does, but messing with devtools | 459 // Haven't checked in detail what this does, but messing with devtools |
| 459 // usually comes with the ability to access page content. | 460 // usually comes with the ability to access page content. |
| 460 // "devtools", | 461 // "devtools", |
| 461 | 462 |
| 462 // I think it's fine to allow this as it should be obvious to users that | 463 // I think it's fine to allow this as it should be obvious to users that |
| 463 // scanning a document on the scanner will make it available to the | 464 // scanning a document on the scanner will make it available to the |
| 464 // organization (placing a document in the scanner implies user consent). | 465 // organization (placing a document in the scanner implies user consent). |
| 465 "documentScan", | 466 "documentScan", |
| 466 | 467 |
| (...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 619 | 620 |
| 620 // Memory parameters access. | 621 // Memory parameters access. |
| 621 "system.memory", | 622 "system.memory", |
| 622 | 623 |
| 623 // Enumerates network interfaces. | 624 // Enumerates network interfaces. |
| 624 "system.network", | 625 "system.network", |
| 625 | 626 |
| 626 // Enumerates removable storage. | 627 // Enumerates removable storage. |
| 627 "system.storage", | 628 "system.storage", |
| 628 | 629 |
| 629 // Provides access to screen contents, so block. Alternatively, (1) prompt | 630 // User is prompted (allow/deny) when an extension requests tabCapture. The |
| 630 // for user consent or (2) return blank capture. | 631 // request is made via chrome.tabCapture.capture call. |
| 631 // "tabCapture", | 632 "tabCapture", |
| 632 | 633 |
| 633 // Privacy sensitive URL access. | 634 // Privacy sensitive URL access. |
| 634 // "tabs", | 635 // "tabs", |
| 635 | 636 |
| 636 // Privacy sensitive URL access. | 637 // Privacy sensitive URL access. |
| 637 // "topSites", | 638 // "topSites", |
| 638 | 639 |
| 639 // Allows to generate TTS, but no content access. Just UX. | 640 // Allows to generate TTS, but no content access. Just UX. |
| 640 "tts", | 641 "tts", |
| 641 | 642 |
| (...skipping 291 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 933 if (error) { | 934 if (error) { |
| 934 *error = l10n_util::GetStringFUTF16( | 935 *error = l10n_util::GetStringFUTF16( |
| 935 IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT, | 936 IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT, |
| 936 base::UTF8ToUTF16(extension->name()), | 937 base::UTF8ToUTF16(extension->name()), |
| 937 base::UTF8ToUTF16(extension->id())); | 938 base::UTF8ToUTF16(extension->id())); |
| 938 } | 939 } |
| 939 return false; | 940 return false; |
| 940 } | 941 } |
| 941 | 942 |
| 942 } // namespace chromeos | 943 } // namespace chromeos |
| OLD | NEW |
