Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(42)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/extensions/permissions_updater.cc

Issue 2794803003: PS - Remove Clipboard Read permission from extensions in Public Sessions (except for whitelisted on… (Closed)
Patch Set: Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.cc ('k') | chrome/browser/extensions/scripting_permissions_modifier.h » ('j') | chrome/browser/extensions/scripting_permissions_modifier.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/extensions/permissions_updater.h" 5 #include "chrome/browser/extensions/permissions_updater.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/memory/ref_counted.h" 9 #include "base/memory/ref_counted.h"
10 #include "base/values.h" 10 #include "base/values.h"
11 #include "chrome/browser/extensions/api/permissions/permissions_api_helpers.h" 11 #include "chrome/browser/extensions/api/permissions/permissions_api_helpers.h"
12 #include "chrome/browser/extensions/scripting_permissions_modifier.h" 12 #include "chrome/browser/extensions/scripting_permissions_modifier.h"
13 #include "chrome/browser/profiles/profile.h" 13 #include "chrome/browser/profiles/profile.h"
14 #include "chrome/browser/profiles/profiles_state.h"
14 #include "chrome/common/extensions/api/permissions.h" 15 #include "chrome/common/extensions/api/permissions.h"
15 #include "content/public/browser/notification_observer.h" 16 #include "content/public/browser/notification_observer.h"
16 #include "content/public/browser/notification_registrar.h" 17 #include "content/public/browser/notification_registrar.h"
17 #include "content/public/browser/notification_service.h" 18 #include "content/public/browser/notification_service.h"
18 #include "content/public/browser/render_process_host.h" 19 #include "content/public/browser/render_process_host.h"
19 #include "extensions/browser/event_router.h" 20 #include "extensions/browser/event_router.h"
20 #include "extensions/browser/extension_prefs.h" 21 #include "extensions/browser/extension_prefs.h"
21 #include "extensions/browser/notification_types.h" 22 #include "extensions/browser/notification_types.h"
22 #include "extensions/common/extension.h" 23 #include "extensions/common/extension.h"
23 #include "extensions/common/extension_messages.h" 24 #include "extensions/common/extension_messages.h"
24 #include "extensions/common/manifest_handlers/permissions_parser.h" 25 #include "extensions/common/manifest_handlers/permissions_parser.h"
25 #include "extensions/common/permissions/permission_set.h" 26 #include "extensions/common/permissions/permission_set.h"
26 #include "extensions/common/permissions/permissions_data.h" 27 #include "extensions/common/permissions/permissions_data.h"
27 28
29 #if defined(OS_CHROMEOS)
30 #include "chrome/browser/chromeos/extensions/device_local_account_management_pol icy_provider.h"
31 #endif
32
28 using content::RenderProcessHost; 33 using content::RenderProcessHost;
29 using extensions::permissions_api_helpers::PackPermissionSet; 34 using extensions::permissions_api_helpers::PackPermissionSet;
30 35
31 namespace extensions { 36 namespace extensions {
32 37
33 namespace permissions = api::permissions; 38 namespace permissions = api::permissions;
34 39
35 namespace { 40 namespace {
36 41
37 // Returns a PermissionSet that has the active permissions of the extension, 42 // Returns a PermissionSet that has the active permissions of the extension,
(...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after
192 197
193 std::unique_ptr<const PermissionSet> granted_permissions; 198 std::unique_ptr<const PermissionSet> granted_permissions;
194 std::unique_ptr<const PermissionSet> withheld_permissions; 199 std::unique_ptr<const PermissionSet> withheld_permissions;
195 ScriptingPermissionsModifier(browser_context_, make_scoped_refptr(extension)) 200 ScriptingPermissionsModifier(browser_context_, make_scoped_refptr(extension))
196 .WithholdPermissions(*bounded_active, &granted_permissions, 201 .WithholdPermissions(*bounded_active, &granted_permissions,
197 &withheld_permissions, 202 &withheld_permissions,
198 (init_flag_ & INIT_FLAG_TRANSIENT) != 0); 203 (init_flag_ & INIT_FLAG_TRANSIENT) != 0);
199 204
200 SetPermissions(extension, std::move(granted_permissions), 205 SetPermissions(extension, std::move(granted_permissions),
201 std::move(withheld_permissions)); 206 std::move(withheld_permissions));
207
208 #if defined(OS_CHROMEOS)
Devlin 2017/04/03 20:39:20 I'd like to avoid adding so many #ifdefs and chrom
209 // In Public Sessions, apps and extensions are force-installed by admin policy
210 // so the user does not get a chance to review the permissions for these apps.
211 // This is not acceptable from a security standpoint, so we remove
212 // ClipboardRead permission from them (except for whitelisted ones - eg.
213 // remote desktop clients). This forceful removal of permission is safe since
214 // the clipboard pasting code checks for this permission before doing the
215 // paste.
216 if (profiles::IsPublicSession() &&
217 !chromeos::DeviceLocalAccountManagementPolicyProvider::IsWhitelisted(
218 extension)) {
219 ScriptingPermissionsModifier(browser_context_,
220 make_scoped_refptr(extension))
221 .WithholdClipboardRead();
222 }
223 #endif
202 } 224 }
203 225
204 void PermissionsUpdater::SetPermissions( 226 void PermissionsUpdater::SetPermissions(
205 const Extension* extension, 227 const Extension* extension,
206 std::unique_ptr<const PermissionSet> active, 228 std::unique_ptr<const PermissionSet> active,
207 std::unique_ptr<const PermissionSet> withheld) { 229 std::unique_ptr<const PermissionSet> withheld) {
208 DCHECK(active); 230 DCHECK(active);
209 const PermissionSet& active_weak = *active; 231 const PermissionSet& active_weak = *active;
210 if (withheld) { 232 if (withheld) {
211 extension->permissions_data()->SetPermissions(std::move(active), 233 extension->permissions_data()->SetPermissions(std::move(active),
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after
286 Profile::FromBrowserContext(host->GetBrowserContext()))) { 308 Profile::FromBrowserContext(host->GetBrowserContext()))) {
287 host->Send(new ExtensionMsg_UpdatePermissions(params)); 309 host->Send(new ExtensionMsg_UpdatePermissions(params));
288 } 310 }
289 } 311 }
290 312
291 // Trigger the onAdded and onRemoved events in the extension. 313 // Trigger the onAdded and onRemoved events in the extension.
292 DispatchEvent(extension->id(), histogram_value, event_name, changed); 314 DispatchEvent(extension->id(), histogram_value, event_name, changed);
293 } 315 }
294 316
295 } // namespace extensions 317 } // namespace extensions
OLDNEW
« no previous file with comments | « chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.cc ('k') | chrome/browser/extensions/scripting_permissions_modifier.h » ('j') | chrome/browser/extensions/scripting_permissions_modifier.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698