Split browsing data masks between content and embedder

chrome/browser/browsing_data/chrome_browsing_data_remover_delegate.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/browsing_data/chrome_browsing_data_remover_delegate.h"
 
 #include <set>
 #include <string>
 #include <utility>
 
@@ skipping 56 matching lines @@
 #include "components/translate/core/browser/language_model.h"
 #include "content/public/browser/browsing_data_filter_builder.h"
 #include "content/public/browser/plugin_data_remover.h"
 #include "content/public/browser/ssl_host_state_delegate.h"
 #include "content/public/browser/storage_partition.h"
 #include "content/public/browser/user_metrics.h"
 #include "net/cookies/cookie_store.h"
 #include "net/http/http_transaction_factory.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_context_getter.h"
+#include "url/url_util.h"
 
 #if defined(OS_ANDROID)
 #include "chrome/browser/android/offline_pages/offline_page_model_factory.h"
 #include "chrome/browser/android/webapps/webapp_registry.h"
 #include "chrome/browser/precache/precache_manager_factory.h"
 #include "components/offline_pages/core/offline_page_feature.h"
 #include "components/offline_pages/core/offline_page_model.h"
 #include "components/precache/content/precache_manager.h"
 #endif
 
 #if BUILDFLAG(ENABLE_EXTENSIONS)
 #include "chrome/browser/extensions/activity_log/activity_log.h"
 #include "extensions/browser/extension_prefs.h"
+#include "extensions/common/constants.h"
 #endif
 
 #if BUILDFLAG(ENABLE_SESSION_SERVICE)
 #include "chrome/browser/sessions/session_service.h"
 #include "chrome/browser/sessions/session_service_factory.h"
 #endif
 
 #if defined(OS_CHROMEOS)
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chromeos/attestation/attestation_constants.h"
@@ skipping 201 matching lines @@
 #if defined(OS_ANDROID)
       webapp_registry_(new WebappRegistry()),
 #endif
       weak_ptr_factory_(this) {}
 
 ChromeBrowsingDataRemoverDelegate::~ChromeBrowsingDataRemoverDelegate() {
   history_task_tracker_.TryCancelAll();
   template_url_sub_.reset();
 }
 
+bool ChromeBrowsingDataRemoverDelegate::DoesOriginMatchEmbedderMask(
+    int origin_type_mask,
+    const GURL& origin,
+    storage::SpecialStoragePolicy* policy) const {
+  DCHECK_EQ(0, origin_type_mask & (ORIGIN_TYPE_EMBEDDER_BEGIN - 1))
+      << "|origin_type_mask| can only contain origin types defined in "
+      << "the embedder.";
+
+#if BUILDFLAG(ENABLE_EXTENSIONS)
+  // Packaged apps and extensions match iff EXTENSION.
+  if ((origin.GetOrigin().scheme() == extensions::kExtensionScheme) &&
+      (origin_type_mask & ORIGIN_TYPE_EXTENSION)) {
+    return true;
+  }
+  origin_type_mask &= ~ORIGIN_TYPE_EXTENSION;
+#endif
+
+  DCHECK(!origin_type_mask) <<
+      "DoesOriginMatchEmbedderMask must handle all origin types.";
+
+  return false;
+}
+
 void ChromeBrowsingDataRemoverDelegate::RemoveEmbedderData(
     const base::Time& delete_begin,
     const base::Time& delete_end,
     int remove_mask,
     const BrowsingDataFilterBuilder& filter_builder,
     int origin_type_mask,
     const base::Closure& callback) {
+  DCHECK(((remove_mask & ~FILTERABLE_DATA_TYPES) == 0) ||
+         filter_builder.IsEmptyBlacklist());
+
+  if (origin_type_mask & ORIGIN_TYPE_UNPROTECTED_WEB) {
+    content::RecordAction(
+        UserMetricsAction("ClearBrowsingData_MaskContainsUnprotectedWeb"));
+  }
+  if (origin_type_mask & ORIGIN_TYPE_PROTECTED_WEB) {
+    content::RecordAction(
+        UserMetricsAction("ClearBrowsingData_MaskContainsProtectedWeb"));
+  }
+#if BUILDFLAG(ENABLE_EXTENSIONS)
+  if (origin_type_mask & ORIGIN_TYPE_EXTENSION) {
+    content::RecordAction(
+        UserMetricsAction("ClearBrowsingData_MaskContainsExtension"));
+  }
+#endif
+  // If this fires, we added a new BrowsingDataHelper::OriginTypeMask without
+  // updating the user metrics above.
+  static_assert(
+      ALL_ORIGIN_TYPES == (ORIGIN_TYPE_UNPROTECTED_WEB |
+#if BUILDFLAG(ENABLE_EXTENSIONS)
+                           ORIGIN_TYPE_EXTENSION |
+#endif
+                           ORIGIN_TYPE_PROTECTED_WEB),
+      "OriginTypeMask has been updated without updating user metrics");
+
   //////////////////////////////////////////////////////////////////////////////
   // INITIALIZATION
   synchronous_clear_operations_.Start();
   callback_ = callback;
 
   delete_begin_ = delete_begin;
   delete_end_ = delete_end;
 
   base::Callback<bool(const GURL& url)> filter =
       filter_builder.BuildGeneralFilter();
 
   // Some backends support a filter that |is_null()| to make complete deletion
   // more efficient.
   base::Callback<bool(const GURL&)> nullable_filter =
       filter_builder.IsEmptyBlacklist() ? base::Callback<bool(const GURL&)>()
                                         : filter;
 
   // Managed devices and supervised users can have restrictions on history
   // deletion.
   PrefService* prefs = profile_->GetPrefs();
   bool may_delete_history = prefs->GetBoolean(
       prefs::kAllowDeletingBrowserHistory);
 
   // All the UI entry points into the BrowsingDataRemoverImpl should be
   // disabled, but this will fire if something was missed or added.
   DCHECK(may_delete_history ||
-         (remove_mask & BrowsingDataRemover::REMOVE_NOCHECKS) ||
-         (!(remove_mask & BrowsingDataRemover::REMOVE_HISTORY) &&
-          !(remove_mask & BrowsingDataRemover::REMOVE_DOWNLOADS)));
+         (remove_mask & DATA_TYPE_NO_CHECKS) ||
+         (!(remove_mask & DATA_TYPE_HISTORY) &&
+          !(remove_mask & DATA_TYPE_DOWNLOADS)));
 
   //////////////////////////////////////////////////////////////////////////////
-  // REMOVE_HISTORY
-  if ((remove_mask & BrowsingDataRemover::REMOVE_HISTORY) &&
+  // DATA_TYPE_HISTORY
+  if ((remove_mask & DATA_TYPE_HISTORY) &&
       may_delete_history) {
     history::HistoryService* history_service =
         HistoryServiceFactory::GetForProfile(
             profile_, ServiceAccessType::EXPLICIT_ACCESS);
     if (history_service) {
       // TODO(dmurph): Support all backends with filter (crbug.com/113621).
       content::RecordAction(UserMetricsAction("ClearBrowsingData_History"));
       clear_history_.Start();
       history_service->ExpireLocalAndRemoteHistoryBetween(
           WebHistoryServiceFactory::GetForProfile(profile_), std::set<GURL>(),
@@ skipping 204 matching lines @@
     // Rename the method to indicate its more general usage.
     if (profile_->GetSSLHostStateDelegate()) {
       profile_->GetSSLHostStateDelegate()->Clear(
           filter_builder.IsEmptyBlacklist()
               ? base::Callback<bool(const std::string&)>()
               : filter_builder.BuildPluginFilter());
     }
   }
 
   //////////////////////////////////////////////////////////////////////////////
-  // REMOVE_DOWNLOADS
-  if ((remove_mask & BrowsingDataRemover::REMOVE_DOWNLOADS) &&
+  // DATA_TYPE_DOWNLOADS
+  if ((remove_mask & DATA_TYPE_DOWNLOADS) &&
       may_delete_history) {
     DownloadPrefs* download_prefs = DownloadPrefs::FromDownloadManager(
         BrowserContext::GetDownloadManager(profile_));
     download_prefs->SetSaveFilePath(download_prefs->DownloadPath());
   }
 
   //////////////////////////////////////////////////////////////////////////////
-  // REMOVE_COOKIES
-  // We ignore the REMOVE_COOKIES request if UNPROTECTED_WEB is not set,
-  // so that callers who request REMOVE_SITE_DATA with PROTECTED_WEB
+  // DATA_TYPE_COOKIES
+  // We ignore the DATA_TYPE_COOKIES request if UNPROTECTED_WEB is not set,
+  // so that callers who request DATA_TYPE_SITE_DATA with PROTECTED_WEB
   // don't accidentally remove the cookies that are associated with the
   // UNPROTECTED_WEB origin. This is necessary because cookies are not separated
   // between UNPROTECTED_WEB and PROTECTED_WEB.
-  if (remove_mask & BrowsingDataRemover::REMOVE_COOKIES &&
-      origin_type_mask & BrowsingDataHelper::UNPROTECTED_WEB) {
+  if (remove_mask & DATA_TYPE_COOKIES &&
+      origin_type_mask & ORIGIN_TYPE_UNPROTECTED_WEB) {
     content::RecordAction(UserMetricsAction("ClearBrowsingData_Cookies"));
 
     // Clear the safebrowsing cookies only if time period is for "all time".  It
     // doesn't make sense to apply the time period of deleting in the last X
     // hours/days to the safebrowsing cookies since they aren't the result of
     // any user action.
     if (delete_begin_ == base::Time()) {
       safe_browsing::SafeBrowsingService* sb_service =
           g_browser_process->safe_browsing_service();
       if (sb_service) {
@@ skipping 22 matching lines @@
                           &ChromeBrowsingDataRemoverDelegate::OnClearedCookies,
                           weak_ptr_factory_.GetWeakPtr()))));
         }
       }
     }
 
     MediaDeviceIDSalt::Reset(profile_->GetPrefs());
   }
 
   //////////////////////////////////////////////////////////////////////////////
-  // REMOVE_DURABLE_PERMISSION
-  if (remove_mask & BrowsingDataRemover::REMOVE_DURABLE_PERMISSION) {
+  // DATA_TYPE_DURABLE_PERMISSION
+  if (remove_mask & DATA_TYPE_DURABLE_PERMISSION) {
     HostContentSettingsMapFactory::GetForProfile(profile_)
         ->ClearSettingsForOneTypeWithPredicate(
             CONTENT_SETTINGS_TYPE_DURABLE_STORAGE,
             base::Bind(&WebsiteSettingsFilterAdapter, filter));
   }
 
   //////////////////////////////////////////////////////////////////////////////
-  // REMOVE_SITE_USAGE_DATA
-  if (remove_mask & BrowsingDataRemover::REMOVE_SITE_USAGE_DATA) {
+  // DATA_TYPE_SITE_USAGE_DATA
+  if (remove_mask & DATA_TYPE_SITE_USAGE_DATA) {
     HostContentSettingsMapFactory::GetForProfile(profile_)
         ->ClearSettingsForOneTypeWithPredicate(
             CONTENT_SETTINGS_TYPE_SITE_ENGAGEMENT,
             base::Bind(&WebsiteSettingsFilterAdapter, filter));
   }
 
-  if ((remove_mask & BrowsingDataRemover::REMOVE_SITE_USAGE_DATA) ||
-      (remove_mask & BrowsingDataRemover::REMOVE_HISTORY)) {
+  if ((remove_mask & DATA_TYPE_SITE_USAGE_DATA) ||
+      (remove_mask & DATA_TYPE_HISTORY)) {
     HostContentSettingsMapFactory::GetForProfile(profile_)
         ->ClearSettingsForOneTypeWithPredicate(
             CONTENT_SETTINGS_TYPE_APP_BANNER,
             base::Bind(&WebsiteSettingsFilterAdapter, filter));
 
     PermissionDecisionAutoBlocker::GetForProfile(profile_)->RemoveCountsByUrl(
         filter);
   }
 
   //////////////////////////////////////////////////////////////////////////////
   // Password manager
-  if (remove_mask & BrowsingDataRemover::REMOVE_PASSWORDS) {
+  if (remove_mask & DATA_TYPE_PASSWORDS) {
     content::RecordAction(UserMetricsAction("ClearBrowsingData_Passwords"));
     password_manager::PasswordStore* password_store =
         PasswordStoreFactory::GetForProfile(
             profile_, ServiceAccessType::EXPLICIT_ACCESS).get();
 
     if (password_store) {
       clear_passwords_.Start();
       password_store->RemoveLoginsByURLAndTime(
           filter, delete_begin_, delete_end_,
           clear_passwords_.GetCompletionCallback());
     }
 
     scoped_refptr<net::URLRequestContextGetter> request_context =
         BrowserContext::GetDefaultStoragePartition(profile_)
             ->GetURLRequestContext();
     clear_http_auth_cache_.Start();
     BrowserThread::PostTaskAndReply(
         BrowserThread::IO, FROM_HERE,
         base::Bind(&ClearHttpAuthCacheOnIOThread, std::move(request_context),
                    delete_begin_),
         clear_http_auth_cache_.GetCompletionCallback());
   }
 
-  if (remove_mask & BrowsingDataRemover::REMOVE_COOKIES) {
+  if (remove_mask & DATA_TYPE_COOKIES) {
     password_manager::PasswordStore* password_store =
         PasswordStoreFactory::GetForProfile(profile_,
                                             ServiceAccessType::EXPLICIT_ACCESS)
             .get();
 
     if (password_store) {
       clear_auto_sign_in_.Start();
       password_store->DisableAutoSignInForOrigins(
           filter, clear_auto_sign_in_.GetCompletionCallback());
     }
   }
 
-  if (remove_mask & BrowsingDataRemover::REMOVE_HISTORY) {
+  if (remove_mask & DATA_TYPE_HISTORY) {
     password_manager::PasswordStore* password_store =
         PasswordStoreFactory::GetForProfile(
             profile_, ServiceAccessType::EXPLICIT_ACCESS).get();
 
     if (password_store) {
       clear_passwords_stats_.Start();
       password_store->RemoveStatisticsByOriginAndTime(
           nullable_filter, delete_begin_, delete_end_,
           clear_passwords_stats_.GetCompletionCallback());
     }
   }
 
   //////////////////////////////////////////////////////////////////////////////
-  // REMOVE_FORM_DATA
+  // DATA_TYPE_FORM_DATA
   // TODO(dmurph): Support all backends with filter (crbug.com/113621).
-  if (remove_mask & BrowsingDataRemover::REMOVE_FORM_DATA) {
+  if (remove_mask & DATA_TYPE_FORM_DATA) {
     content::RecordAction(UserMetricsAction("ClearBrowsingData_Autofill"));
     scoped_refptr<autofill::AutofillWebDataService> web_data_service =
         WebDataServiceFactory::GetAutofillWebDataForProfile(
             profile_, ServiceAccessType::EXPLICIT_ACCESS);
 
     if (web_data_service.get()) {
       clear_form_.Start();
       web_data_service->RemoveFormElementsAddedBetween(delete_begin_,
           delete_end_);
       web_data_service->RemoveAutofillDataModifiedBetween(
           delete_begin_, delete_end_);
       // The above calls are done on the UI thread but do their work on the DB
       // thread. So wait for it.
       BrowserThread::PostTaskAndReply(
           BrowserThread::DB, FROM_HERE, base::Bind(&base::DoNothing),
           clear_form_.GetCompletionCallback());
 
       autofill::PersonalDataManager* data_manager =
           autofill::PersonalDataManagerFactory::GetForProfile(profile_);
       if (data_manager)
         data_manager->Refresh();
     }
   }
 
   //////////////////////////////////////////////////////////////////////////////
-  // REMOVE_CACHE
-  if (remove_mask & BrowsingDataRemover::REMOVE_CACHE) {
+  // DATA_TYPE_CACHE
+  if (remove_mask & DATA_TYPE_CACHE) {
 #if !defined(DISABLE_NACL)
     clear_nacl_cache_.Start();
 
     BrowserThread::PostTask(
         BrowserThread::IO, FROM_HERE,
         base::Bind(&ClearNaClCacheOnIOThread,
                    UIThreadTrampoline(
                        clear_nacl_cache_.GetCompletionCallback())));
 
     clear_pnacl_cache_.Start();
@@ skipping 35 matching lines @@
       // Network Quality Estimator (NQE) stores the quality (RTT, bandwidth
       // etc.) of different networks in prefs. The stored quality is not
       // broken down by URLs or timestamps, so clearing the cache should
       // completely clear the prefs.
       ui_nqe_service->ClearPrefs();
     }
 
 #if defined(OS_ANDROID)
     // For now we're considering offline pages as cache, so if we're removing
     // cache we should remove offline pages as well.
-    if ((remove_mask & BrowsingDataRemover::REMOVE_CACHE)) {
+    if ((remove_mask & DATA_TYPE_CACHE)) {
       clear_offline_page_data_.Start();
       offline_pages::OfflinePageModelFactory::GetForBrowserContext(profile_)
           ->DeleteCachedPagesByURLPredicate(
               filter,
               IgnoreArgument<offline_pages::OfflinePageModel::DeletePageResult>(
                   clear_offline_page_data_.GetCompletionCallback()));
     }
 #endif
   }
 
   //////////////////////////////////////////////////////////////////////////////
-  // REMOVE_PLUGINS
+  // DATA_TYPE_PLUGINS
   // Plugins are known to //content and their bulk deletion is implemented in
   // PluginDataRemover. However, the filtered deletion uses
   // BrowsingDataFlashLSOHelper which (currently) has strong dependencies
   // on //chrome.
   // TODO(msramek): Investigate these dependencies and move the plugin deletion
   // to BrowsingDataRemoverImpl in //content. Note that code in //content
   // can simply take advantage of PluginDataRemover directly to delete plugin
   // data in bulk.
 #if BUILDFLAG(ENABLE_PLUGINS)
   // Plugin is data not separated for protected and unprotected web origins. We
   // check the origin_type_mask_ to prevent unintended deletion.
-  if (remove_mask & BrowsingDataRemover::REMOVE_PLUGIN_DATA &&
-      origin_type_mask & BrowsingDataHelper::UNPROTECTED_WEB) {
+  if (remove_mask & DATA_TYPE_PLUGIN_DATA &&
+      origin_type_mask & ORIGIN_TYPE_UNPROTECTED_WEB) {
     content::RecordAction(UserMetricsAction("ClearBrowsingData_LSOData"));
     clear_plugin_data_count_ = 1;
 
     if (filter_builder.IsEmptyBlacklist()) {
       DCHECK(!plugin_data_remover_);
       plugin_data_remover_.reset(
           content::PluginDataRemover::Create(profile_));
       base::WaitableEvent* event =
           plugin_data_remover_->StartRemoving(delete_begin_);
 
       base::WaitableEventWatcher::EventCallback watcher_callback = base::Bind(
           &ChromeBrowsingDataRemoverDelegate::OnWaitableEventSignaled,
           weak_ptr_factory_.GetWeakPtr());
       watcher_.StartWatching(event, watcher_callback);
     } else {
       // TODO(msramek): Store filters from the currently executed task on the
       // object to avoid having to copy them to callback methods.
       flash_lso_helper_->StartFetching(base::Bind(
           &ChromeBrowsingDataRemoverDelegate::OnSitesWithFlashDataFetched,
           weak_ptr_factory_.GetWeakPtr(),
           filter_builder.BuildPluginFilter()));
     }
   }
 #endif
 
   //////////////////////////////////////////////////////////////////////////////
-  // REMOVE_MEDIA_LICENSES
-  if (remove_mask & BrowsingDataRemover::REMOVE_MEDIA_LICENSES) {
+  // DATA_TYPE_MEDIA_LICENSES
+  if (remove_mask & DATA_TYPE_MEDIA_LICENSES) {
     // TODO(jrummell): This UMA should be renamed to indicate it is for Media
     // Licenses.
     content::RecordAction(
         UserMetricsAction("ClearBrowsingData_ContentLicenses"));
 
 #if BUILDFLAG(ENABLE_PLUGINS)
     clear_flash_content_licenses_.Start();
     if (!pepper_flash_settings_manager_.get()) {
       pepper_flash_settings_manager_.reset(
           new PepperFlashSettingsManager(this, profile_));
@@ skipping 21 matching lines @@
                   weak_ptr_factory_.GetWeakPtr()));
     }
 #endif  // defined(OS_CHROMEOS)
   }
 
   //////////////////////////////////////////////////////////////////////////////
   // Zero suggest.
   // Remove omnibox zero-suggest cache results. Filtering is not supported.
   // This is not a problem, as deleting more data than necessary will just cause
   // another server round-trip; no data is actually lost.
-  if ((remove_mask & (BrowsingDataRemover::REMOVE_CACHE |
-                      BrowsingDataRemover::REMOVE_COOKIES))) {
+  if ((remove_mask & (DATA_TYPE_CACHE |
+                      DATA_TYPE_COOKIES))) {
     prefs->SetString(omnibox::kZeroSuggestCachedResults, std::string());
   }
 
   //////////////////////////////////////////////////////////////////////////////
   // Domain reliability service.
-  if (remove_mask & (BrowsingDataRemover::REMOVE_COOKIES |
-                     BrowsingDataRemover::REMOVE_HISTORY)) {
+  if (remove_mask & (DATA_TYPE_COOKIES |
+                     DATA_TYPE_HISTORY)) {
     domain_reliability::DomainReliabilityService* service =
       domain_reliability::DomainReliabilityServiceFactory::
           GetForBrowserContext(profile_);
     if (service) {
       domain_reliability::DomainReliabilityClearMode mode;
-      if (remove_mask & BrowsingDataRemover::REMOVE_COOKIES)
+      if (remove_mask & DATA_TYPE_COOKIES)
         mode = domain_reliability::CLEAR_CONTEXTS;
       else
         mode = domain_reliability::CLEAR_BEACONS;
 
       clear_domain_reliability_monitor_.Start();
       service->ClearBrowsingData(
           mode,
           filter,
           clear_domain_reliability_monitor_.GetCompletionCallback());
     }
   }
 
   //////////////////////////////////////////////////////////////////////////////
-  // REMOVE_WEBAPP_DATA
+  // DATA_TYPE_WEB_APP_DATA
 #if defined(OS_ANDROID)
   // Clear all data associated with registered webapps.
-  if (remove_mask & BrowsingDataRemover::REMOVE_WEBAPP_DATA)
+  if (remove_mask & DATA_TYPE_WEB_APP_DATA)
     webapp_registry_->UnregisterWebappsForUrls(filter);
 #endif
 
   //////////////////////////////////////////////////////////////////////////////
   // Remove external protocol data.
-  if (remove_mask & BrowsingDataRemover::REMOVE_EXTERNAL_PROTOCOL_DATA)
+  if (remove_mask & DATA_TYPE_EXTERNAL_PROTOCOL_DATA)
     ExternalProtocolHandler::ClearData(profile_);
 
   synchronous_clear_operations_.GetCompletionCallback().Run();
 }
 
 void ChromeBrowsingDataRemoverDelegate::NotifyIfDone() {
   if (!AllDone())
     return;
 
   DCHECK(!callback_.is_null());
@@ skipping 114 matching lines @@
 }
 
 void ChromeBrowsingDataRemoverDelegate::
 OnDeauthorizeFlashContentLicensesCompleted(
     uint32_t request_id,
     bool /* success */) {
   DCHECK_EQ(request_id, deauthorize_flash_content_licenses_request_id_);
   clear_flash_content_licenses_.GetCompletionCallback().Run();
 }
 #endif