Revert of Communicate ExtensionSettings policy to renderers

extensions/common/permissions/permissions_data.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/common/permissions/permissions_data.h"
 
 #include <algorithm>
 #include <utility>
 
 #include "base/command_line.h"
-#include "base/lazy_instance.h"
 #include "base/macros.h"
 #include "content/public/common/url_constants.h"
 #include "extensions/common/constants.h"
 #include "extensions/common/error_utils.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/extensions_client.h"
 #include "extensions/common/manifest.h"
 #include "extensions/common/manifest_constants.h"
 #include "extensions/common/manifest_handlers/permissions_parser.h"
 #include "extensions/common/permissions/api_permission.h"
 #include "extensions/common/permissions/permission_message_provider.h"
 #include "extensions/common/switches.h"
 #include "extensions/common/url_pattern_set.h"
 #include "url/gurl.h"
 #include "url/url_constants.h"
 
 namespace extensions {
 
 namespace {
 
 PermissionsData::PolicyDelegate* g_policy_delegate = nullptr;
 
-struct DefaultRuntimePolicy {
-  URLPatternSet blocked_hosts;
-  URLPatternSet allowed_hosts;
-};
-
-// URLs an extension can't interact with. An extension can override these
-// settings by declaring its own list of blocked and allowed hosts using
-// policy_blocked_hosts and policy_allowed_hosts.
-base::LazyInstance<DefaultRuntimePolicy>::Leaky default_runtime_policy =
-    LAZY_INSTANCE_INITIALIZER;
-
 class AutoLockOnValidThread {
  public:
   AutoLockOnValidThread(base::Lock& lock, base::ThreadChecker* thread_checker)
       : auto_lock_(lock) {
     DCHECK(!thread_checker || thread_checker->CalledOnValidThread());
   }
 
  private:
   base::AutoLock auto_lock_;
 
@@ skipping 77 matching lines @@
   if (extension && document_url.SchemeIs(kExtensionScheme) &&
       document_url.host() != extension->id() && !allow_on_chrome_urls) {
     if (error)
       *error = manifest_errors::kCannotAccessExtensionUrl;
     return true;
   }
 
   return false;
 }
 
-bool PermissionsData::UsesDefaultPolicyHostRestrictions() const {
-  DCHECK(!thread_checker_ || thread_checker_->CalledOnValidThread());
-  return uses_default_policy_host_restrictions;
-}
-
-const URLPatternSet& PermissionsData::default_policy_blocked_hosts() {
-  return default_runtime_policy.Get().blocked_hosts;
-}
-
-const URLPatternSet& PermissionsData::default_policy_allowed_hosts() {
-  return default_runtime_policy.Get().allowed_hosts;
-}
-
-const URLPatternSet PermissionsData::policy_blocked_hosts() const {
-  base::AutoLock auto_lock(runtime_lock_);
-  return PolicyBlockedHostsUnsafe();
-}
-
-const URLPatternSet& PermissionsData::PolicyBlockedHostsUnsafe() const {
-  DCHECK(!thread_checker_ || thread_checker_->CalledOnValidThread());
-  if (uses_default_policy_host_restrictions)
-    return default_policy_blocked_hosts();
-  runtime_lock_.AssertAcquired();
-  return policy_blocked_hosts_unsafe_;
-}
-
-const URLPatternSet PermissionsData::policy_allowed_hosts() const {
-  base::AutoLock auto_lock(runtime_lock_);
-  return PolicyAllowedHostsUnsafe();
-}
-
-const URLPatternSet& PermissionsData::PolicyAllowedHostsUnsafe() const {
-  DCHECK(!thread_checker_ || thread_checker_->CalledOnValidThread());
-  if (uses_default_policy_host_restrictions)
-    return default_policy_allowed_hosts();
-  runtime_lock_.AssertAcquired();
-  return policy_allowed_hosts_unsafe_;
-}
-
 void PermissionsData::BindToCurrentThread() const {
   DCHECK(!thread_checker_);
   thread_checker_.reset(new base::ThreadChecker());
 }
 
 void PermissionsData::SetPermissions(
     std::unique_ptr<const PermissionSet> active,
     std::unique_ptr<const PermissionSet> withheld) const {
   AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get());
   active_permissions_unsafe_ = std::move(active);
   withheld_permissions_unsafe_ = std::move(withheld);
 }
 
-void PermissionsData::SetPolicyHostRestrictions(
-    const URLPatternSet& runtime_blocked_hosts,
-    const URLPatternSet& runtime_allowed_hosts) const {
-  AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get());
-  policy_blocked_hosts_unsafe_ = runtime_blocked_hosts;
-  policy_allowed_hosts_unsafe_ = runtime_allowed_hosts;
-  uses_default_policy_host_restrictions = false;
-}
-
-void PermissionsData::SetUsesDefaultHostRestrictions() const {
-  AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get());
-  uses_default_policy_host_restrictions = true;
-}
-
-// static
-void PermissionsData::SetDefaultPolicyHostRestrictions(
-    const URLPatternSet& default_runtime_blocked_hosts,
-    const URLPatternSet& default_runtime_allowed_hosts) {
-  default_runtime_policy.Get().blocked_hosts = default_runtime_blocked_hosts;
-  default_runtime_policy.Get().allowed_hosts = default_runtime_allowed_hosts;
-}
-
 void PermissionsData::SetActivePermissions(
     std::unique_ptr<const PermissionSet> active) const {
   AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get());
   active_permissions_unsafe_ = std::move(active);
 }
 
 void PermissionsData::UpdateTabSpecificPermissions(
     int tab_id,
     const PermissionSet& permissions) const {
   AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get());
@@ skipping 48 matching lines @@
 URLPatternSet PermissionsData::GetEffectiveHostPermissions() const {
   base::AutoLock auto_lock(runtime_lock_);
   URLPatternSet effective_hosts = active_permissions_unsafe_->effective_hosts();
   for (const auto& val : tab_specific_permissions_)
     effective_hosts.AddPatterns(val.second->effective_hosts());
   return effective_hosts;
 }
 
 bool PermissionsData::HasHostPermission(const GURL& url) const {
   base::AutoLock auto_lock(runtime_lock_);
-  return active_permissions_unsafe_->HasExplicitAccessToOrigin(url) &&
-         !IsRuntimeBlockedHost(url);
+  return active_permissions_unsafe_->HasExplicitAccessToOrigin(url);
 }
 
 bool PermissionsData::HasEffectiveAccessToAllHosts() const {
   base::AutoLock auto_lock(runtime_lock_);
   return active_permissions_unsafe_->HasEffectiveAccessToAllHosts();
 }
 
 PermissionMessages PermissionsData::GetPermissionMessages() const {
   base::AutoLock auto_lock(runtime_lock_);
   return PermissionMessageProvider::Get()->GetPermissionMessages(
@@ skipping 98 matching lines @@
   if (tab_id >= 0) {
     const PermissionSet* tab_permissions = GetTabSpecificPermissions(tab_id);
     if (tab_permissions &&
         tab_permissions->explicit_hosts().MatchesSecurityOrigin(url)) {
       return true;
     }
   }
   return false;
 }
 
-bool PermissionsData::IsRuntimeBlockedHost(const GURL& url) const {
-  runtime_lock_.AssertAcquired();
-  return PolicyBlockedHostsUnsafe().MatchesURL(url) &&
-         !PolicyAllowedHostsUnsafe().MatchesURL(url);
-}
-
 PermissionsData::AccessType PermissionsData::CanRunOnPage(
     const Extension* extension,
     const GURL& document_url,
     int tab_id,
     const URLPatternSet& permitted_url_patterns,
     const URLPatternSet& withheld_url_patterns,
     std::string* error) const {
   runtime_lock_.AssertAcquired();
-  if (g_policy_delegate && !g_policy_delegate->CanExecuteScriptOnPage(
-                               extension, document_url, tab_id, error))
-    return ACCESS_DENIED;
-
-  if (extension->location() != Manifest::COMPONENT &&
-      extension->permissions_data()->IsRuntimeBlockedHost(document_url)) {
-    if (error)
-      *error = extension_misc::kPolicyBlockedScripting;
+  if (g_policy_delegate &&
+      !g_policy_delegate->CanExecuteScriptOnPage(extension, document_url,
+                                                 tab_id, error)) {
     return ACCESS_DENIED;
   }
 
   if (IsRestrictedUrl(document_url, extension, error))
     return ACCESS_DENIED;
 
   if (HasTabSpecificPermissionToExecuteScript(tab_id, document_url))
     return ACCESS_ALLOWED;
 
   if (permitted_url_patterns.MatchesURL(document_url))
     return ACCESS_ALLOWED;
 
   if (withheld_url_patterns.MatchesURL(document_url))
     return ACCESS_WITHHELD;
 
   if (error) {
     if (extension->permissions_data()->active_permissions().HasAPIPermission(
             APIPermission::kTab)) {
       *error = ErrorUtils::FormatErrorMessage(
           manifest_errors::kCannotAccessPageWithUrl, document_url.spec());
     } else {
       *error = manifest_errors::kCannotAccessPage;
     }
   }
 
   return ACCESS_DENIED;
 }
 
 }  // namespace extensions