chrome/browser/permissions/permission_context_base.cc - Issue 2622983003: Implement embargo in PermissionDecisionAutoBlocker

Side by Side Diff: chrome/browser/permissions/permission_context_base.cc

Issue 2622983003: Implement embargo in PermissionDecisionAutoBlocker (Closed)

Patch Set: Created 3 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/permissions/permission_context_base.h"	5 #include "chrome/browser/permissions/permission_context_base.h"

6	6

7 #include <stddef.h>	7 #include <stddef.h>

8	8

9 #include <string>	9 #include <string>

10 #include <utility>	10 #include <utility>

11	11

12 #include "base/callback.h"	12 #include "base/callback.h"

13 #include "base/logging.h"	13 #include "base/logging.h"

14 #include "base/memory/ptr_util.h"	14 #include "base/memory/ptr_util.h"

15 #include "base/strings/stringprintf.h"	15 #include "base/strings/stringprintf.h"

	16 #include "base/time/time.h"
	dominickn 2017/01/11 07:52:13 This include isn't used This include isn't used meredithl 2017/01/11 23:22:28 Done. Show quoted text On 2017/01/11 07:52:13, dominickn wrote: > This include isn't used Done.
16 #include "build/build_config.h"	17 #include "build/build_config.h"

17 #include "chrome/browser/browser_process.h"	18 #include "chrome/browser/browser_process.h"

18 #include "chrome/browser/content_settings/host_content_settings_map_factory.h"	19 #include "chrome/browser/content_settings/host_content_settings_map_factory.h"

19 #include "chrome/browser/permissions/permission_blacklist_client.h"

20 #include "chrome/browser/permissions/permission_decision_auto_blocker.h"	20 #include "chrome/browser/permissions/permission_decision_auto_blocker.h"

21 #include "chrome/browser/permissions/permission_request.h"	21 #include "chrome/browser/permissions/permission_request.h"

22 #include "chrome/browser/permissions/permission_request_id.h"	22 #include "chrome/browser/permissions/permission_request_id.h"

23 #include "chrome/browser/permissions/permission_request_impl.h"	23 #include "chrome/browser/permissions/permission_request_impl.h"

24 #include "chrome/browser/permissions/permission_request_manager.h"	24 #include "chrome/browser/permissions/permission_request_manager.h"

25 #include "chrome/browser/permissions/permission_uma_util.h"	25 #include "chrome/browser/permissions/permission_uma_util.h"

26 #include "chrome/browser/permissions/permission_util.h"	26 #include "chrome/browser/permissions/permission_util.h"

27 #include "chrome/browser/profiles/profile.h"	27 #include "chrome/browser/profiles/profile.h"

28 #include "chrome/browser/safe_browsing/safe_browsing_service.h"	28 #include "chrome/browser/safe_browsing/safe_browsing_service.h"

29 #include "chrome/common/chrome_features.h"	29 #include "chrome/common/chrome_features.h"

30 #include "chrome/common/pref_names.h"	30 #include "chrome/common/pref_names.h"

31 #include "components/content_settings/core/browser/host_content_settings_map.h"	31 #include "components/content_settings/core/browser/host_content_settings_map.h"

32 #include "components/content_settings/core/browser/website_settings_registry.h"	32 #include "components/content_settings/core/browser/website_settings_registry.h"

33 #include "components/prefs/pref_service.h"	33 #include "components/prefs/pref_service.h"

	34 #include "components/safe_browsing_db/database_manager.h"

34 #include "components/variations/variations_associated_data.h"	35 #include "components/variations/variations_associated_data.h"

35 #include "content/public/browser/browser_thread.h"	36 #include "content/public/browser/browser_thread.h"

36 #include "content/public/browser/render_frame_host.h"	37 #include "content/public/browser/render_frame_host.h"

37 #include "content/public/browser/web_contents.h"	38 #include "content/public/browser/web_contents.h"

38 #include "content/public/common/origin_util.h"	39 #include "content/public/common/origin_util.h"

39 #include "url/gurl.h"	40 #include "url/gurl.h"

40	41

41 #if defined(OS_ANDROID)	42 #if defined(OS_ANDROID)

42 #include "chrome/browser/permissions/permission_queue_controller.h"	43 #include "chrome/browser/permissions/permission_queue_controller.h"

43 #endif	44 #endif

(...skipping 29 matching lines...) Expand all Loading...
73 PermissionContextBase::~PermissionContextBase() {	74 PermissionContextBase::~PermissionContextBase() {

74 DCHECK_CURRENTLY_ON(content::BrowserThread::UI);	75 DCHECK_CURRENTLY_ON(content::BrowserThread::UI);

75 }	76 }

76	77

77 void PermissionContextBase::RequestPermission(	78 void PermissionContextBase::RequestPermission(

78 content::WebContents* web_contents,	79 content::WebContents* web_contents,

79 const PermissionRequestID& id,	80 const PermissionRequestID& id,

80 const GURL& requesting_frame,	81 const GURL& requesting_frame,

81 bool user_gesture,	82 bool user_gesture,

82 const BrowserPermissionCallback& callback) {	83 const BrowserPermissionCallback& callback) {

83 DCHECK_CURRENTLY_ON(content::BrowserThread::UI);	84 DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
	dominickn 2017/01/11 07:52:13 Nit: probably can leave this new line. Nit: probably can leave this new line. meredithl 2017/01/11 23:22:28 Done. Show quoted text On 2017/01/11 07:52:13, dominickn wrote: > Nit: probably can leave this new line. Done.
84

85 // First check if this permission has been disabled.	85 // First check if this permission has been disabled.

86 if (IsPermissionKillSwitchOn()) {	86 if (IsPermissionKillSwitchOn()) {

87 // Log to the developer console.	87 // Log to the developer console.

88 web_contents->GetMainFrame()->AddMessageToConsole(	88 web_contents->GetMainFrame()->AddMessageToConsole(

89 content::CONSOLE_MESSAGE_LEVEL_LOG,	89 content::CONSOLE_MESSAGE_LEVEL_LOG,

90 base::StringPrintf(	90 base::StringPrintf(

91 "%s permission has been blocked.",	91 "%s permission has been blocked.",

92 PermissionUtil::GetPermissionString(permission_type_).c_str()));	92 PermissionUtil::GetPermissionString(permission_type_).c_str()));

93 // The kill switch is enabled for this permission; Block all requests.	93 // The kill switch is enabled for this permission; Block all requests.

94 callback.Run(CONTENT_SETTING_BLOCK);	94 callback.Run(CONTENT_SETTING_BLOCK);

95 return;	95 return;

96 }	96 }

97	97

98 GURL requesting_origin = requesting_frame.GetOrigin();	98 GURL requesting_origin = requesting_frame.GetOrigin();

99 GURL embedding_origin = web_contents->GetLastCommittedURL().GetOrigin();	99 GURL embedding_origin = web_contents->GetLastCommittedURL().GetOrigin();
	dominickn 2017/01/11 07:52:13 Nit: probably can leave this new line. Nit: probably can leave this new line. meredithl 2017/01/11 23:22:28 Done. Show quoted text On 2017/01/11 07:52:13, dominickn wrote: > Nit: probably can leave this new line. Done.
100

101 if (!requesting_origin.is_valid() \|\| !embedding_origin.is_valid()) {	100 if (!requesting_origin.is_valid() \|\| !embedding_origin.is_valid()) {

102 std::string type_name =	101 std::string type_name =

103 content_settings::WebsiteSettingsRegistry::GetInstance()	102 content_settings::WebsiteSettingsRegistry::GetInstance()

104 ->Get(content_settings_type_)	103 ->Get(content_settings_type_)

105 ->name();	104 ->name();

106	105

107 DVLOG(1) << "Attempt to use " << type_name	106 DVLOG(1) << "Attempt to use " << type_name

108 << " from an invalid URL: " << requesting_origin << ","	107 << " from an invalid URL: " << requesting_origin << ","

109 << embedding_origin << " (" << type_name	108 << embedding_origin << " (" << type_name

110 << " is not supported in popups)";	109 << " is not supported in popups)";

111 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback,	110 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback,

112 false /* persist */, CONTENT_SETTING_BLOCK);	111 false /* persist */, CONTENT_SETTING_BLOCK);

113 return;	112 return;

114 }	113 }

115	114

116 if (base::FeatureList::IsEnabled(features::kPermissionsBlacklist)) {	115 // Check the content setting first before autoblocking.
	dominickn 2017/01/11 07:52:13 Remove "before autoblocking" - it's a bit misleadi Remove "before autoblocking" - it's a bit misleading. Instead, write it out in more detail: 1. Synchronously check the content setting to see if the user has made a decision, or if the origin is under embargo. If so, respect that decision. 2. Asynchronously check whether the origin should be blocked from making a request. It may be on the Safe Browsing API blacklist, or it may have been dismissed too many times in a row. If the origin is allowed to request, that request will be made in ContinueRequestPermission meredithl 2017/01/11 23:22:28 Done. Show quoted text On 2017/01/11 07:52:13, dominickn wrote: > Remove "before autoblocking" - it's a bit misleading. > > Instead, write it out in more detail: > > 1. Synchronously check the content setting to see if the user has made a > decision, or if the origin is under embargo. If so, respect that decision. > > 2. Asynchronously check whether the origin should be blocked from making a > request. It may be on the Safe Browsing API blacklist, or it may have been > dismissed too many times in a row. If the origin is allowed to request, that > request will be made in ContinueRequestPermission Done.
117 if (!db_manager_) {	116 ContentSetting content_setting =

118 safe_browsing::SafeBrowsingService* sb_service =	117 GetPermissionStatus(requesting_origin, embedding_origin);

119 g_browser_process->safe_browsing_service();	118 if (content_setting == CONTENT_SETTING_ALLOW) {

120 if (sb_service)	119 HostContentSettingsMapFactory::GetForProfile(profile_)->UpdateLastUsage(

121 db_manager_ = sb_service->database_manager();	120 requesting_origin, embedding_origin, content_settings_type_);

122 }	121 }

123	122

124 // The client contacts Safe Browsing, and runs the callback with the result.	123 if (content_setting == CONTENT_SETTING_ALLOW \|\|

125 PermissionBlacklistClient::CheckSafeBrowsingBlacklist(	124 content_setting == CONTENT_SETTING_BLOCK) {

126 db_manager_, permission_type_, requesting_origin, web_contents,	125 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback,

127 safe_browsing_timeout_,	126 false /* persist */, content_setting);

128 base::Bind(&PermissionContextBase::ContinueRequestPermission,	127 return;

129 weak_factory_.GetWeakPtr(), web_contents, id,

130 requesting_origin, embedding_origin, user_gesture,

131 callback));

132 } else {

133 // TODO(meredithl): Add UMA metrics here.

134 ContinueRequestPermission(web_contents, id, requesting_origin,

135 embedding_origin, user_gesture, callback,

136 false /* permission blocked */);

137 }	128 }

	129

	130 if (!db_manager_) {

	131 safe_browsing::SafeBrowsingService* sb_service =

	132 g_browser_process->safe_browsing_service();

	133 if (sb_service)

	134 db_manager_ = sb_service->database_manager();

	135 }

	136

	137 PermissionDecisionAutoBlocker::ShouldAutomaticallyBlock(
	dominickn 2017/01/11 07:52:13 db_manager_ could still be null here (e.g. if sb_s db_manager_ could still be null here (e.g. if sb_service is null). I guess ShouldAutomaticallyBlock does null-check it before using it, and your TODO covers moving this from here into the auto blocker (i.e. changing all the tests) meredithl 2017/01/11 23:22:28 For now should I move this inside an if statement Show quoted text On 2017/01/11 07:52:13, dominickn wrote: > db_manager_ could still be null here (e.g. if sb_service is null). I guess > ShouldAutomaticallyBlock does null-check it before using it, and your TODO > covers moving this from here into the auto blocker (i.e. changing all the tests) For now should I move this inside an if statement that does a null check? dominickn 2017/01/12 00:22:33 It should be fine given that this will move soon ( It should be fine given that this will move soon (and the consumer does a null check)
	138 db_manager_, permission_type_, requesting_origin, web_contents,

	139 safe_browsing_timeout_, profile_, base::Time::Now(),

	140 base::Bind(&PermissionContextBase::ContinueRequestPermission,

	141 weak_factory_.GetWeakPtr(), web_contents, id,

	142 requesting_origin, embedding_origin, user_gesture, callback));

138 }	143 }

139	144

140 void PermissionContextBase::ContinueRequestPermission(	145 void PermissionContextBase::ContinueRequestPermission(

141 content::WebContents* web_contents,	146 content::WebContents* web_contents,

142 const PermissionRequestID& id,	147 const PermissionRequestID& id,

143 const GURL& requesting_origin,	148 const GURL& requesting_origin,

144 const GURL& embedding_origin,	149 const GURL& embedding_origin,

145 bool user_gesture,	150 bool user_gesture,

146 const BrowserPermissionCallback& callback,	151 const BrowserPermissionCallback& callback,

147 bool permission_blocked) {	152 bool permission_blocked) {

148 DCHECK_CURRENTLY_ON(content::BrowserThread::UI);	153 DCHECK_CURRENTLY_ON(content::BrowserThread::UI);

149 if (permission_blocked) {	154 if (permission_blocked) {

150 // TODO(meredithl): Add UMA metrics here.	155 // TODO(meredithl): Add UMA metrics here.

151 web_contents->GetMainFrame()->AddMessageToConsole(	156 web_contents->GetMainFrame()->AddMessageToConsole(

152 content::CONSOLE_MESSAGE_LEVEL_LOG,	157 content::CONSOLE_MESSAGE_LEVEL_LOG,

153 base::StringPrintf(	158 base::StringPrintf(

154 "%s permission has been auto-blocked.",	159 "%s permission has been auto-blocked.",

155 PermissionUtil::GetPermissionString(permission_type_).c_str()));	160 PermissionUtil::GetPermissionString(permission_type_).c_str()));

156 // Permission has been blacklisted, block the request.	161 // Permission has been blacklisted, block the request.

157 // TODO(meredithl): Consider setting the content setting and persisting	162 // TODO(meredithl): Consider setting the content setting and persisting

158 // the decision to block.	163 // the decision to block.

159 callback.Run(CONTENT_SETTING_BLOCK);	164 callback.Run(CONTENT_SETTING_BLOCK);

160 return;	165 return;

161 }	166 }

	167

162 // Site is not blacklisted by Safe Browsing for the requested permission.	168 // Site is not blacklisted by Safe Browsing for the requested permission.

163 ContentSetting content_setting =

164 GetPermissionStatus(requesting_origin, embedding_origin);

165 if (content_setting == CONTENT_SETTING_ALLOW) {

166 HostContentSettingsMapFactory::GetForProfile(profile_)->UpdateLastUsage(

167 requesting_origin, embedding_origin, content_settings_type_);

168 }

169

170 if (content_setting == CONTENT_SETTING_ALLOW \|\|

171 content_setting == CONTENT_SETTING_BLOCK) {

172 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback,

173 false /* persist */, content_setting);

174 return;

175 }

176

177 PermissionUmaUtil::PermissionRequested(permission_type_, requesting_origin,	169 PermissionUmaUtil::PermissionRequested(permission_type_, requesting_origin,

178 embedding_origin, profile_);	170 embedding_origin, profile_);

179	171

180 DecidePermission(web_contents, id, requesting_origin, embedding_origin,	172 DecidePermission(web_contents, id, requesting_origin, embedding_origin,

181 user_gesture, callback);	173 user_gesture, callback);

182 }	174 }

183	175

184 ContentSetting PermissionContextBase::GetPermissionStatus(	176 ContentSetting PermissionContextBase::GetPermissionStatus(

185 const GURL& requesting_origin,	177 const GURL& requesting_origin,

186 const GURL& embedding_origin) const {	178 const GURL& embedding_origin) const {

187 // If the permission has been disabled through Finch, block all requests.	179 // If the permission has been disabled through Finch, block all requests.

188 if (IsPermissionKillSwitchOn())	180 if (IsPermissionKillSwitchOn())

189 return CONTENT_SETTING_BLOCK;	181 return CONTENT_SETTING_BLOCK;

190	182

191 if (IsRestrictedToSecureOrigins() &&	183 if (IsRestrictedToSecureOrigins() &&

192 !content::IsOriginSecure(requesting_origin)) {	184 !content::IsOriginSecure(requesting_origin)) {

193 return CONTENT_SETTING_BLOCK;	185 return CONTENT_SETTING_BLOCK;

194 }	186 }

195	187

196 return GetPermissionStatusInternal(requesting_origin, embedding_origin);	188 ContentSetting content_setting =

	189 GetPermissionStatusInternal(requesting_origin, embedding_origin);

	190 if (content_setting == CONTENT_SETTING_ASK) {
	dominickn 2017/01/11 07:52:13 Nit: combine the two if statements using && Nit: combine the two if statements using && meredithl 2017/01/11 23:22:28 Done. Show quoted text On 2017/01/11 07:52:13, dominickn wrote: > Nit: combine the two if statements using && Done.
	191 if (PermissionDecisionAutoBlocker::IsUnderEmbargo(

	192 permission_type_, profile_, requesting_origin, base::Time::Now())) {

	193 return CONTENT_SETTING_BLOCK;

	194 }

	195 }

	196 return content_setting;

197 }	197 }

198	198

199 void PermissionContextBase::ResetPermission(	199 void PermissionContextBase::ResetPermission(

200 const GURL& requesting_origin,	200 const GURL& requesting_origin,

201 const GURL& embedding_origin) {	201 const GURL& embedding_origin) {

202 HostContentSettingsMapFactory::GetForProfile(profile_)	202 HostContentSettingsMapFactory::GetForProfile(profile_)

203 ->SetContentSettingDefaultScope(requesting_origin, embedding_origin,	203 ->SetContentSettingDefaultScope(requesting_origin, embedding_origin,

204 content_settings_type_, std::string(),	204 content_settings_type_, std::string(),

205 CONTENT_SETTING_DEFAULT);	205 CONTENT_SETTING_DEFAULT);

206 }	206 }

(...skipping 178 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
385 content_settings_type_, std::string(),	385 content_settings_type_, std::string(),

386 content_setting);	386 content_setting);

387 }	387 }

388	388

389 void PermissionContextBase::SetSafeBrowsingDatabaseManagerAndTimeoutForTest(	389 void PermissionContextBase::SetSafeBrowsingDatabaseManagerAndTimeoutForTest(

390 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager,	390 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager,

391 int timeout) {	391 int timeout) {

392 db_manager_ = db_manager;	392 db_manager_ = db_manager;

393 safe_browsing_timeout_ = timeout;	393 safe_browsing_timeout_ = timeout;

394 }	394 }

OLD	NEW