Implement embargo in PermissionDecisionAutoBlocker

chrome/browser/permissions/permission_decision_auto_blocker.cc

Index: chrome/browser/permissions/permission_decision_auto_blocker.cc
diff --git a/chrome/browser/permissions/permission_decision_auto_blocker.cc b/chrome/browser/permissions/permission_decision_auto_blocker.cc
index 309f1230eb131912b562c3ba1fad4d67559403ca..59ce520ed5714345bd7ae23de645090999382b36 100644
--- a/chrome/browser/permissions/permission_decision_auto_blocker.cc
+++ b/chrome/browser/permissions/permission_decision_auto_blocker.cc
@@ -10,13 +10,16 @@
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
 #include "base/strings/string_number_conversions.h"
+#include "base/time/time.h"
 #include "base/values.h"
 #include "chrome/browser/content_settings/host_content_settings_map_factory.h"
+#include "chrome/browser/permissions/permission_blacklist_client.h"
 #include "chrome/browser/permissions/permission_util.h"
 #include "chrome/common/chrome_features.h"
 #include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "components/variations/variations_associated_data.h"
 #include "content/public/browser/permission_type.h"
+#include "content/public/browser/web_contents.h"
 #include "url/gurl.h"
 
 namespace {
@@ -25,14 +28,17 @@ namespace {
 // from an origin before it is automatically blocked.
 int g_prompt_dismissals_before_block = 3;
 
+// The number of days that an origin will stay under embargo for a requested
+// permission.
+int g_embargo_days = 7;
+
 std::unique_ptr<base::DictionaryValue> GetOriginDict(
     HostContentSettingsMap* settings,
     const GURL& origin_url) {
   std::unique_ptr<base::DictionaryValue> dict =
       base::DictionaryValue::From(settings->GetWebsiteSetting(
-          origin_url, origin_url,
-          CONTENT_SETTINGS_TYPE_PROMPT_NO_DECISION_COUNT, std::string(),
-          nullptr));
+          origin_url, GURL(), CONTENT_SETTINGS_TYPE_PROMPT_NO_DECISION_COUNT,
+          std::string(), nullptr));
   if (!dict)
     return base::MakeUnique<base::DictionaryValue>();
 
@@ -82,7 +88,6 @@ int GetActionCount(const GURL& url,
   HostContentSettingsMap* map =
       HostContentSettingsMapFactory::GetForProfile(profile);
   std::unique_ptr<base::DictionaryValue> dict = GetOriginDict(map, url);
-
   base::DictionaryValue* permission_dict = GetOrCreatePermissionDict(
       dict.get(), PermissionUtil::GetPermissionString(permission));
 
@@ -102,6 +107,10 @@ const char PermissionDecisionAutoBlocker::kPromptIgnoreCountKey[] =
     "ignore_count";
 
 // static
+const char PermissionDecisionAutoBlocker::kPermissionOriginEmbargoKey[] =
+    "embargo_days";
+
+// static
 void PermissionDecisionAutoBlocker::RemoveCountsByUrl(
     Profile* profile,
     base::Callback<bool(const GURL& url)> filter) {
@@ -174,10 +183,102 @@ bool PermissionDecisionAutoBlocker::ShouldChangeDismissalToBlock(
 // static
 void PermissionDecisionAutoBlocker::UpdateFromVariations() {
   int prompt_dismissals = -1;
-  std::string value = variations::GetVariationParamValueByFeature(
+  int embargo_days = -1;
+  std::string dismissals_value = variations::GetVariationParamValueByFeature(
       features::kBlockPromptsIfDismissedOften, kPromptDismissCountKey);
-
+  std::string embargo_value = variations::GetVariationParamValueByFeature(
+      features::kPermissionsBlacklist, kPermissionOriginEmbargoKey);
   // If converting the value fails, stick with the current value.
-  if (base::StringToInt(value, &prompt_dismissals) && prompt_dismissals > 0)
+  if (base::StringToInt(dismissals_value, &prompt_dismissals) &&
+      prompt_dismissals > 0)
     g_prompt_dismissals_before_block = prompt_dismissals;
+  if (base::StringToInt(embargo_value, &embargo_days) && embargo_days > 0)
+    g_embargo_days = embargo_days;
+}
+
+// static
+// TODO(meredithl): Have PermissionDecisionAutoBlocker handle the database
+// manager, rather than passing it in.
+void PermissionDecisionAutoBlocker::ShouldAutomaticallyBlock(
+    scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> db_manager,
+    content::PermissionType permission,
+    const GURL& request_origin,
+    content::WebContents* web_contents,
+    int timeout,
+    Profile* profile,
+    base::Time current_time,
+    base::Callback<void(bool)> callback) {
+  if (!base::FeatureList::IsEnabled(features::kPermissionsBlacklist)) {
+    callback.Run(false /* permission blocked */);
+  } else if (IsUnderEmbargo(permission, profile, request_origin,
+                            current_time)) {
+    callback.Run(true /* permission blocked */);
+  } else if (!db_manager) {
+    callback.Run(false /* permission blocked */);
+  } else {
+    // Request origin is not yet under embargo, so we check it with Safe
+    // Browsing.
+    PermissionBlacklistClient::CheckSafeBrowsingBlacklist(
+        db_manager, permission, request_origin, web_contents, timeout,
+        base::Bind(&PermissionDecisionAutoBlocker::CheckSafeBrowsingResult,
+                   permission, profile, request_origin, current_time,
+                   callback));
+  }
+}
+
+// static
+void PermissionDecisionAutoBlocker::CheckSafeBrowsingResult(
+    content::PermissionType permission,
+    Profile* profile,
+    const GURL& request_origin,
+    base::Time current_time,
+    base::Callback<void(bool)> callback,
+    bool should_be_embargoed) {
+  if (should_be_embargoed) {
+    // Requesting site is blacklisted for this permission, update the content
+    // setting to place it under embargo.
+    PlaceUnderEmbargo(permission, request_origin,
+                      HostContentSettingsMapFactory::GetForProfile(profile),
+                      current_time);
+  }
+  callback.Run(should_be_embargoed /* permission blocked */);
+}
+
+// static
+bool PermissionDecisionAutoBlocker::IsUnderEmbargo(
+    content::PermissionType permission,
+    Profile* profile,
+    const GURL& request_origin,
+    base::Time current_time) {
+  HostContentSettingsMap* map =
+      HostContentSettingsMapFactory::GetForProfile(profile);
+  std::unique_ptr<base::DictionaryValue> dict =
+      GetOriginDict(map, request_origin);
+  base::DictionaryValue* permission_dict = GetOrCreatePermissionDict(
+      dict.get(), PermissionUtil::GetPermissionString(permission));
+  double embargo_date = -1;
+  if ((permission_dict->GetDouble(kPermissionOriginEmbargoKey,
+                                  &embargo_date))) {
+    if (current_time < base::Time::FromInternalValue(embargo_date) +
+                           base::TimeDelta::FromDays(g_embargo_days))
+      return true;
+  }
+  return false;
+}
+
+// static
+void PermissionDecisionAutoBlocker::PlaceUnderEmbargo(
+    content::PermissionType permission,
+    const GURL& request_origin,
+    HostContentSettingsMap* map,
+    base::Time current_time) {
+  std::unique_ptr<base::DictionaryValue> dict =
+      GetOriginDict(map, request_origin);
+  base::DictionaryValue* permission_dict = GetOrCreatePermissionDict(
+      dict.get(), PermissionUtil::GetPermissionString(permission));
+  permission_dict->SetDouble(kPermissionOriginEmbargoKey,
+                             current_time.ToInternalValue());
+  map->SetWebsiteSettingDefaultScope(
+      request_origin, GURL(), CONTENT_SETTINGS_TYPE_PROMPT_NO_DECISION_COUNT,

[raymes, 2017/01/16 02:23:42]

We need to decide what to do about this pref. It doesn't seem good to store this
new data in there right now, since it's so unrelated to the name. And once you
start storing pref data somewhere you can't easily change it later. Perhaps we
can discuss the options tomorrow morning too.

[meredithl, 2017/01/16 04:28:20]

Sgtm. The original plan was to rename it, but if that's too difficult then happy
to do something else.

+      std::string(), std::move(dict));
 }