OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/permissions/permission_context_base.h" | 5 #include "chrome/browser/permissions/permission_context_base.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | 8 |
9 #include <string> | 9 #include <string> |
10 #include <utility> | 10 #include <utility> |
11 | 11 |
12 #include "base/callback.h" | 12 #include "base/callback.h" |
13 #include "base/logging.h" | 13 #include "base/logging.h" |
14 #include "base/memory/ptr_util.h" | 14 #include "base/memory/ptr_util.h" |
15 #include "base/strings/stringprintf.h" | 15 #include "base/strings/stringprintf.h" |
16 #include "build/build_config.h" | 16 #include "build/build_config.h" |
17 #include "chrome/browser/browser_process.h" | 17 #include "chrome/browser/browser_process.h" |
18 #include "chrome/browser/content_settings/host_content_settings_map_factory.h" | 18 #include "chrome/browser/content_settings/host_content_settings_map_factory.h" |
19 #include "chrome/browser/permissions/permission_blacklist_client.h" | |
20 #include "chrome/browser/permissions/permission_decision_auto_blocker.h" | 19 #include "chrome/browser/permissions/permission_decision_auto_blocker.h" |
21 #include "chrome/browser/permissions/permission_request.h" | 20 #include "chrome/browser/permissions/permission_request.h" |
22 #include "chrome/browser/permissions/permission_request_id.h" | 21 #include "chrome/browser/permissions/permission_request_id.h" |
23 #include "chrome/browser/permissions/permission_request_impl.h" | 22 #include "chrome/browser/permissions/permission_request_impl.h" |
24 #include "chrome/browser/permissions/permission_request_manager.h" | 23 #include "chrome/browser/permissions/permission_request_manager.h" |
25 #include "chrome/browser/permissions/permission_uma_util.h" | 24 #include "chrome/browser/permissions/permission_uma_util.h" |
26 #include "chrome/browser/permissions/permission_util.h" | 25 #include "chrome/browser/permissions/permission_util.h" |
27 #include "chrome/browser/profiles/profile.h" | 26 #include "chrome/browser/profiles/profile.h" |
28 #include "chrome/browser/safe_browsing/safe_browsing_service.h" | 27 #include "chrome/browser/safe_browsing/safe_browsing_service.h" |
29 #include "chrome/common/chrome_features.h" | 28 #include "chrome/common/chrome_features.h" |
30 #include "chrome/common/pref_names.h" | 29 #include "chrome/common/pref_names.h" |
31 #include "components/content_settings/core/browser/host_content_settings_map.h" | 30 #include "components/content_settings/core/browser/host_content_settings_map.h" |
32 #include "components/content_settings/core/browser/website_settings_registry.h" | 31 #include "components/content_settings/core/browser/website_settings_registry.h" |
33 #include "components/prefs/pref_service.h" | 32 #include "components/prefs/pref_service.h" |
| 33 #include "components/safe_browsing_db/database_manager.h" |
34 #include "components/variations/variations_associated_data.h" | 34 #include "components/variations/variations_associated_data.h" |
35 #include "content/public/browser/browser_thread.h" | 35 #include "content/public/browser/browser_thread.h" |
36 #include "content/public/browser/render_frame_host.h" | 36 #include "content/public/browser/render_frame_host.h" |
37 #include "content/public/browser/web_contents.h" | 37 #include "content/public/browser/web_contents.h" |
38 #include "content/public/common/origin_util.h" | 38 #include "content/public/common/origin_util.h" |
39 #include "url/gurl.h" | 39 #include "url/gurl.h" |
40 | 40 |
41 #if defined(OS_ANDROID) | 41 #if defined(OS_ANDROID) |
42 #include "chrome/browser/permissions/permission_queue_controller.h" | 42 #include "chrome/browser/permissions/permission_queue_controller.h" |
43 #endif | 43 #endif |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
106 | 106 |
107 DVLOG(1) << "Attempt to use " << type_name | 107 DVLOG(1) << "Attempt to use " << type_name |
108 << " from an invalid URL: " << requesting_origin << "," | 108 << " from an invalid URL: " << requesting_origin << "," |
109 << embedding_origin << " (" << type_name | 109 << embedding_origin << " (" << type_name |
110 << " is not supported in popups)"; | 110 << " is not supported in popups)"; |
111 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, | 111 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
112 false /* persist */, CONTENT_SETTING_BLOCK); | 112 false /* persist */, CONTENT_SETTING_BLOCK); |
113 return; | 113 return; |
114 } | 114 } |
115 | 115 |
116 if (base::FeatureList::IsEnabled(features::kPermissionsBlacklist)) { | 116 // Synchronously check the content setting to see if the user has already made |
117 if (!db_manager_) { | 117 // a decision, or if the origin is under embargo. If so, respect that |
118 safe_browsing::SafeBrowsingService* sb_service = | 118 // decision. |
119 g_browser_process->safe_browsing_service(); | 119 ContentSetting content_setting = |
120 if (sb_service) | 120 GetPermissionStatus(requesting_origin, embedding_origin); |
121 db_manager_ = sb_service->database_manager(); | 121 if (content_setting == CONTENT_SETTING_ALLOW) { |
122 } | 122 HostContentSettingsMapFactory::GetForProfile(profile_)->UpdateLastUsage( |
| 123 requesting_origin, embedding_origin, content_settings_type_); |
| 124 } |
123 | 125 |
124 // The client contacts Safe Browsing, and runs the callback with the result. | 126 if (content_setting == CONTENT_SETTING_ALLOW || |
125 PermissionBlacklistClient::CheckSafeBrowsingBlacklist( | 127 content_setting == CONTENT_SETTING_BLOCK) { |
126 db_manager_, permission_type_, requesting_origin, web_contents, | 128 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
127 safe_browsing_timeout_, | 129 false /* persist */, content_setting); |
128 base::Bind(&PermissionContextBase::ContinueRequestPermission, | 130 return; |
129 weak_factory_.GetWeakPtr(), web_contents, id, | |
130 requesting_origin, embedding_origin, user_gesture, | |
131 callback)); | |
132 } else { | |
133 // TODO(meredithl): Add UMA metrics here. | |
134 ContinueRequestPermission(web_contents, id, requesting_origin, | |
135 embedding_origin, user_gesture, callback, | |
136 false /* permission blocked */); | |
137 } | 131 } |
| 132 |
| 133 if (!db_manager_) { |
| 134 safe_browsing::SafeBrowsingService* sb_service = |
| 135 g_browser_process->safe_browsing_service(); |
| 136 if (sb_service) |
| 137 db_manager_ = sb_service->database_manager(); |
| 138 } |
| 139 |
| 140 // Asynchronously check whether the origin should be blocked from making this |
| 141 // permission request. It may be on the Safe Browsing API blacklist, or it may |
| 142 // have been dismissed too many times in a row. If the origin is allowed to |
| 143 // request, that request will be made to ContinueRequestPermission(). |
| 144 PermissionDecisionAutoBlocker::ShouldAutomaticallyBlock( |
| 145 db_manager_, permission_type_, requesting_origin, web_contents, |
| 146 safe_browsing_timeout_, profile_, base::Time::Now(), |
| 147 base::Bind(&PermissionContextBase::ContinueRequestPermission, |
| 148 weak_factory_.GetWeakPtr(), web_contents, id, |
| 149 requesting_origin, embedding_origin, user_gesture, callback)); |
138 } | 150 } |
139 | 151 |
140 void PermissionContextBase::ContinueRequestPermission( | 152 void PermissionContextBase::ContinueRequestPermission( |
141 content::WebContents* web_contents, | 153 content::WebContents* web_contents, |
142 const PermissionRequestID& id, | 154 const PermissionRequestID& id, |
143 const GURL& requesting_origin, | 155 const GURL& requesting_origin, |
144 const GURL& embedding_origin, | 156 const GURL& embedding_origin, |
145 bool user_gesture, | 157 bool user_gesture, |
146 const BrowserPermissionCallback& callback, | 158 const BrowserPermissionCallback& callback, |
147 bool permission_blocked) { | 159 bool permission_blocked) { |
148 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | 160 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
149 if (permission_blocked) { | 161 if (permission_blocked) { |
150 // TODO(meredithl): Add UMA metrics here. | 162 // TODO(meredithl): Add UMA metrics here. |
151 web_contents->GetMainFrame()->AddMessageToConsole( | 163 web_contents->GetMainFrame()->AddMessageToConsole( |
152 content::CONSOLE_MESSAGE_LEVEL_LOG, | 164 content::CONSOLE_MESSAGE_LEVEL_LOG, |
153 base::StringPrintf( | 165 base::StringPrintf( |
154 "%s permission has been auto-blocked.", | 166 "%s permission has been auto-blocked.", |
155 PermissionUtil::GetPermissionString(permission_type_).c_str())); | 167 PermissionUtil::GetPermissionString(permission_type_).c_str())); |
156 // Permission has been blacklisted, block the request. | 168 // Permission has been blacklisted, block the request. |
157 // TODO(meredithl): Consider setting the content setting and persisting | 169 // TODO(meredithl): Consider setting the content setting and persisting |
158 // the decision to block. | 170 // the decision to block. |
159 callback.Run(CONTENT_SETTING_BLOCK); | 171 callback.Run(CONTENT_SETTING_BLOCK); |
160 return; | 172 return; |
161 } | 173 } |
| 174 |
162 // Site is not blacklisted by Safe Browsing for the requested permission. | 175 // Site is not blacklisted by Safe Browsing for the requested permission. |
163 ContentSetting content_setting = | |
164 GetPermissionStatus(requesting_origin, embedding_origin); | |
165 if (content_setting == CONTENT_SETTING_ALLOW) { | |
166 HostContentSettingsMapFactory::GetForProfile(profile_)->UpdateLastUsage( | |
167 requesting_origin, embedding_origin, content_settings_type_); | |
168 } | |
169 | |
170 if (content_setting == CONTENT_SETTING_ALLOW || | |
171 content_setting == CONTENT_SETTING_BLOCK) { | |
172 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, | |
173 false /* persist */, content_setting); | |
174 return; | |
175 } | |
176 | |
177 PermissionUmaUtil::PermissionRequested(permission_type_, requesting_origin, | 176 PermissionUmaUtil::PermissionRequested(permission_type_, requesting_origin, |
178 embedding_origin, profile_); | 177 embedding_origin, profile_); |
179 | 178 |
180 DecidePermission(web_contents, id, requesting_origin, embedding_origin, | 179 DecidePermission(web_contents, id, requesting_origin, embedding_origin, |
181 user_gesture, callback); | 180 user_gesture, callback); |
182 } | 181 } |
183 | 182 |
184 ContentSetting PermissionContextBase::GetPermissionStatus( | 183 ContentSetting PermissionContextBase::GetPermissionStatus( |
185 const GURL& requesting_origin, | 184 const GURL& requesting_origin, |
186 const GURL& embedding_origin) const { | 185 const GURL& embedding_origin) const { |
187 // If the permission has been disabled through Finch, block all requests. | 186 // If the permission has been disabled through Finch, block all requests. |
188 if (IsPermissionKillSwitchOn()) | 187 if (IsPermissionKillSwitchOn()) |
189 return CONTENT_SETTING_BLOCK; | 188 return CONTENT_SETTING_BLOCK; |
190 | 189 |
191 if (IsRestrictedToSecureOrigins() && | 190 if (IsRestrictedToSecureOrigins() && |
192 !content::IsOriginSecure(requesting_origin)) { | 191 !content::IsOriginSecure(requesting_origin)) { |
193 return CONTENT_SETTING_BLOCK; | 192 return CONTENT_SETTING_BLOCK; |
194 } | 193 } |
195 | 194 |
196 return GetPermissionStatusInternal(requesting_origin, embedding_origin); | 195 ContentSetting content_setting = |
| 196 GetPermissionStatusInternal(requesting_origin, embedding_origin); |
| 197 if (content_setting == CONTENT_SETTING_ASK && |
| 198 PermissionDecisionAutoBlocker::IsUnderEmbargo( |
| 199 permission_type_, profile_, requesting_origin, base::Time::Now())) { |
| 200 return CONTENT_SETTING_BLOCK; |
| 201 } |
| 202 return content_setting; |
197 } | 203 } |
198 | 204 |
199 void PermissionContextBase::ResetPermission( | 205 void PermissionContextBase::ResetPermission( |
200 const GURL& requesting_origin, | 206 const GURL& requesting_origin, |
201 const GURL& embedding_origin) { | 207 const GURL& embedding_origin) { |
202 HostContentSettingsMapFactory::GetForProfile(profile_) | 208 HostContentSettingsMapFactory::GetForProfile(profile_) |
203 ->SetContentSettingDefaultScope(requesting_origin, embedding_origin, | 209 ->SetContentSettingDefaultScope(requesting_origin, embedding_origin, |
204 content_settings_type_, std::string(), | 210 content_settings_type_, std::string(), |
205 CONTENT_SETTING_DEFAULT); | 211 CONTENT_SETTING_DEFAULT); |
206 } | 212 } |
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
315 PermissionUmaUtil::PermissionDenied(permission_type_, gesture_type, | 321 PermissionUmaUtil::PermissionDenied(permission_type_, gesture_type, |
316 requesting_origin, profile_); | 322 requesting_origin, profile_); |
317 } else { | 323 } else { |
318 PermissionUmaUtil::PermissionDismissed(permission_type_, gesture_type, | 324 PermissionUmaUtil::PermissionDismissed(permission_type_, gesture_type, |
319 requesting_origin, profile_); | 325 requesting_origin, profile_); |
320 } | 326 } |
321 } | 327 } |
322 | 328 |
323 // Check if we should convert a dismiss decision into a block decision. This | 329 // Check if we should convert a dismiss decision into a block decision. This |
324 // is gated on enabling the kBlockPromptsIfDismissedOften feature. | 330 // is gated on enabling the kBlockPromptsIfDismissedOften feature. |
| 331 // TODO(meredithl): Replace with call to |
| 332 // PermissionDecisionAutoBlocker::RecordDismiss, move conversion into |
| 333 // PermissionDecisionAutoBlocker::ShouldAutomaticallyBlock(). |
325 if (content_setting == CONTENT_SETTING_DEFAULT && | 334 if (content_setting == CONTENT_SETTING_DEFAULT && |
326 PermissionDecisionAutoBlocker::ShouldChangeDismissalToBlock( | 335 PermissionDecisionAutoBlocker::ShouldChangeDismissalToBlock( |
327 requesting_origin, permission_type_, profile_)) { | 336 requesting_origin, permission_type_, profile_)) { |
328 persist = true; | 337 persist = true; |
329 content_setting = CONTENT_SETTING_BLOCK; | 338 content_setting = CONTENT_SETTING_BLOCK; |
330 } | 339 } |
331 | 340 |
332 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, | 341 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
333 persist, content_setting); | 342 persist, content_setting); |
334 } | 343 } |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
385 content_settings_type_, std::string(), | 394 content_settings_type_, std::string(), |
386 content_setting); | 395 content_setting); |
387 } | 396 } |
388 | 397 |
389 void PermissionContextBase::SetSafeBrowsingDatabaseManagerAndTimeoutForTest( | 398 void PermissionContextBase::SetSafeBrowsingDatabaseManagerAndTimeoutForTest( |
390 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager, | 399 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager, |
391 int timeout) { | 400 int timeout) { |
392 db_manager_ = db_manager; | 401 db_manager_ = db_manager; |
393 safe_browsing_timeout_ = timeout; | 402 safe_browsing_timeout_ = timeout; |
394 } | 403 } |
OLD | NEW |