Implement embargo in PermissionDecisionAutoBlocker

chrome/browser/permissions/permission_decision_auto_blocker.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/permissions/permission_decision_auto_blocker.h"
 
 #include <memory>
 
 #include "base/feature_list.h"
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
 #include "base/strings/string_number_conversions.h"
+#include "base/time/time.h"
 #include "base/values.h"
 #include "chrome/browser/content_settings/host_content_settings_map_factory.h"
+#include "chrome/browser/permissions/permission_blacklist_client.h"
 #include "chrome/browser/permissions/permission_util.h"
 #include "chrome/common/chrome_features.h"
 #include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "components/variations/variations_associated_data.h"
 #include "content/public/browser/permission_type.h"
+#include "content/public/browser/web_contents.h"
 #include "url/gurl.h"
 
 namespace {
 
 // The number of times that users may explicitly dismiss a permission prompt
 // from an origin before it is automatically blocked.
 int g_prompt_dismissals_before_block = 3;
 
+// The number of days that an origin will stay under embargo for a requested
+// permission.
+int g_embargo_days = 7;
+
 std::unique_ptr<base::DictionaryValue> GetOriginDict(
     HostContentSettingsMap* settings,
     const GURL& origin_url) {
   std::unique_ptr<base::DictionaryValue> dict =
       base::DictionaryValue::From(settings->GetWebsiteSetting(
-          origin_url, origin_url,
-          CONTENT_SETTINGS_TYPE_PROMPT_NO_DECISION_COUNT, std::string(),
-          nullptr));
+          origin_url, GURL(), CONTENT_SETTINGS_TYPE_PROMPT_NO_DECISION_COUNT,
+          std::string(), nullptr));
   if (!dict)
     return base::MakeUnique<base::DictionaryValue>();
 
   return dict;
 }
 
 base::DictionaryValue* GetOrCreatePermissionDict(
     base::DictionaryValue* origin_dict,
     const std::string& permission) {
   base::DictionaryValue* permission_dict = nullptr;
@@ skipping 29 matching lines @@
   return current_count;
 }
 
 int GetActionCount(const GURL& url,
                    content::PermissionType permission,
                    const char* key,
                    Profile* profile) {
   HostContentSettingsMap* map =
       HostContentSettingsMapFactory::GetForProfile(profile);
   std::unique_ptr<base::DictionaryValue> dict = GetOriginDict(map, url);
-
   base::DictionaryValue* permission_dict = GetOrCreatePermissionDict(
       dict.get(), PermissionUtil::GetPermissionString(permission));
 
   int current_count = 0;
   permission_dict->GetInteger(key, &current_count);
   return current_count;
 }
 
 }  // namespace
 
 // static
 const char PermissionDecisionAutoBlocker::kPromptDismissCountKey[] =
     "dismiss_count";
 
 // static
 const char PermissionDecisionAutoBlocker::kPromptIgnoreCountKey[] =
     "ignore_count";
 
 // static
+const char PermissionDecisionAutoBlocker::kPermissionOriginEmbargoKey[] =
+    "embargo_days";
+
+// static
 void PermissionDecisionAutoBlocker::RemoveCountsByUrl(
     Profile* profile,
     base::Callback<bool(const GURL& url)> filter) {
   HostContentSettingsMap* map =
       HostContentSettingsMapFactory::GetForProfile(profile);
 
   std::unique_ptr<ContentSettingsForOneType> settings(
       new ContentSettingsForOneType);
   map->GetSettingsForOneType(CONTENT_SETTINGS_TYPE_PROMPT_NO_DECISION_COUNT,
                              std::string(), settings.get());
@@ skipping 52 matching lines @@
 
   if (!base::FeatureList::IsEnabled(features::kBlockPromptsIfDismissedOften))
     return false;
 
   return current_dismissal_count >= g_prompt_dismissals_before_block;
 }
 
 // static
 void PermissionDecisionAutoBlocker::UpdateFromVariations() {
   int prompt_dismissals = -1;
-  std::string value = variations::GetVariationParamValueByFeature(
+  int embargo_days = -1;
+  std::string dismissals_value = variations::GetVariationParamValueByFeature(
       features::kBlockPromptsIfDismissedOften, kPromptDismissCountKey);
+  std::string embargo_value = variations::GetVariationParamValueByFeature(
+      features::kPermissionsBlacklist, kPermissionOriginEmbargoKey);
+  // If converting the value fails, stick with the current value.
+  if (base::StringToInt(dismissals_value, &prompt_dismissals) &&
+      prompt_dismissals > 0)
+    g_prompt_dismissals_before_block = prompt_dismissals;
+  if (base::StringToInt(embargo_value, &embargo_days) && embargo_days > 0)
+    g_embargo_days = embargo_days;
+}
 
-  // If converting the value fails, stick with the current value.
-  if (base::StringToInt(value, &prompt_dismissals) && prompt_dismissals > 0)
-    g_prompt_dismissals_before_block = prompt_dismissals;
+// static
+// TODO(meredithl): Have PermissionDecisionAutoBlocker handle the database
+// manager, rather than passing it in.
+void PermissionDecisionAutoBlocker::ShouldAutomaticallyBlock(
+    scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager,
+    content::PermissionType permission,
+    const GURL& request_origin,
+    content::WebContents* web_contents,
+    int timeout,
+    Profile* profile,
+    base::Time current_time,
+    base::Callback<void(bool)> callback) {
+  if (!base::FeatureList::IsEnabled(features::kPermissionsBlacklist)) {
+    callback.Run(false /* permission blocked */);
+  } else if (IsUnderEmbargo(permission, profile, request_origin,
+                            current_time)) {
+    callback.Run(true /* permission blocked */);
+  } else if (!db_manager) {
+    callback.Run(false /* permission blocked */);
+  } else {
+    // Request origin is not yet under embargo, so we check it with Safe
+    // Browsing.
+    PermissionBlacklistClient::CheckSafeBrowsingBlacklist(
+        db_manager, permission, request_origin, web_contents, timeout,
+        base::Bind(&PermissionDecisionAutoBlocker::CheckSafeBrowsingResult,
+                   permission, profile, request_origin, current_time,
+                   callback));
+  }
 }
+
+// static
+void PermissionDecisionAutoBlocker::CheckSafeBrowsingResult(
+    content::PermissionType permission,
+    Profile* profile,
+    const GURL& request_origin,
+    base::Time current_time,
+    base::Callback<void(bool)> callback,
+    bool should_be_embargoed) {
+  if (should_be_embargoed) {
+    // Requesting site is blacklisted for this permission, update the content
+    // setting to place it under embargo.
+    PlaceUnderEmbargo(permission, request_origin,
+                      HostContentSettingsMapFactory::GetForProfile(profile),
+                      current_time);
+  }
+  callback.Run(should_be_embargoed /* permission blocked */);
+}
+
+// static
+bool PermissionDecisionAutoBlocker::IsUnderEmbargo(
+    content::PermissionType permission,
+    Profile* profile,
+    const GURL& request_origin,
+    base::Time current_time) {
+  HostContentSettingsMap* map =
+      HostContentSettingsMapFactory::GetForProfile(profile);
+  std::unique_ptr<base::DictionaryValue> dict =
+      GetOriginDict(map, request_origin);
+  base::DictionaryValue* permission_dict = GetOrCreatePermissionDict(
+      dict.get(), PermissionUtil::GetPermissionString(permission));
+  double embargo_date = -1;
+  if ((permission_dict->GetDouble(kPermissionOriginEmbargoKey,
+                                  &embargo_date))) {
+    if (current_time < base::Time::FromInternalValue(embargo_date) +
+                           base::TimeDelta::FromDays(g_embargo_days))
+      return true;
+  }
+  return false;
+}
+
+// static
+void PermissionDecisionAutoBlocker::PlaceUnderEmbargo(
+    content::PermissionType permission,
+    const GURL& request_origin,
+    HostContentSettingsMap* map,
+    base::Time current_time) {
+  std::unique_ptr<base::DictionaryValue> dict =
+      GetOriginDict(map, request_origin);
+  base::DictionaryValue* permission_dict = GetOrCreatePermissionDict(
+      dict.get(), PermissionUtil::GetPermissionString(permission));
+  permission_dict->SetDouble(kPermissionOriginEmbargoKey,
+                             current_time.ToInternalValue());
+  map->SetWebsiteSettingDefaultScope(
+      request_origin, GURL(), CONTENT_SETTINGS_TYPE_PROMPT_NO_DECISION_COUNT,

[raymes, 2017/01/16 02:23:42]

We need to decide what to do about this pref. It doesn't seem good to store this
new data in there right now, since it's so unrelated to the name. And once you
start storing pref data somewhere you can't easily change it later. Perhaps we
can discuss the options tomorrow morning too.

[meredithl, 2017/01/16 04:28:20]

Sgtm. The original plan was to rename it, but if that's too difficult then happy
to do something else.

+      std::string(), std::move(dict));
+}