Reland: Communicate ExtensionSettings policy to renderers

extensions/common/permissions/permissions_data.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/common/permissions/permissions_data.h"
 
 #include <algorithm>
 #include <utility>
 
 #include "base/command_line.h"
+#include "base/lazy_instance.h"
 #include "base/macros.h"
 #include "content/public/common/url_constants.h"
 #include "extensions/common/constants.h"
 #include "extensions/common/error_utils.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/extensions_client.h"
 #include "extensions/common/manifest.h"
 #include "extensions/common/manifest_constants.h"
 #include "extensions/common/manifest_handlers/permissions_parser.h"
 #include "extensions/common/permissions/api_permission.h"
 #include "extensions/common/permissions/permission_message_provider.h"
 #include "extensions/common/switches.h"
 #include "extensions/common/url_pattern_set.h"
 #include "url/gurl.h"
 #include "url/url_constants.h"
 
 namespace extensions {
 
 namespace {
 
 PermissionsData::PolicyDelegate* g_policy_delegate = nullptr;
 
+struct DefaultRuntimePolicy {
+  URLPatternSet blocked_hosts;
+  URLPatternSet allowed_hosts;
+};
+
+// URLs an extension can't interact with. An extension can override these
+// settings by declaring its own list of blocked and allowed hosts using
+// policy_blocked_hosts and policy_allowed_hosts.
+base::LazyInstance<DefaultRuntimePolicy>::Leaky default_runtime_policy =
+    LAZY_INSTANCE_INITIALIZER;
+
 class AutoLockOnValidThread {
  public:
   AutoLockOnValidThread(base::Lock& lock, base::ThreadChecker* thread_checker)
       : auto_lock_(lock) {
     DCHECK(!thread_checker || thread_checker->CalledOnValidThread());
   }
 
  private:
   base::AutoLock auto_lock_;
 
@@ skipping 77 matching lines @@
   if (extension && document_url.SchemeIs(kExtensionScheme) &&
       document_url.host() != extension->id() && !allow_on_chrome_urls) {
     if (error)
       *error = manifest_errors::kCannotAccessExtensionUrl;
     return true;
   }
 
   return false;
 }
 
+bool PermissionsData::UsesDefaultPolicyHostRestrictions() const {
+  DCHECK(!thread_checker_ || thread_checker_->CalledOnValidThread());
+  return uses_default_policy_host_restrictions;
+}
+
+const URLPatternSet& PermissionsData::default_policy_blocked_hosts() {
+  return default_runtime_policy.Get().blocked_hosts;
+}
+
+const URLPatternSet& PermissionsData::default_policy_allowed_hosts() {
+  return default_runtime_policy.Get().allowed_hosts;
+}
+
+const URLPatternSet PermissionsData::policy_blocked_hosts() const {
+  base::AutoLock auto_lock(runtime_lock_);
+  return PolicyBlockedHostsUnsafe();
+}
+
+const URLPatternSet& PermissionsData::PolicyBlockedHostsUnsafe() const {
+  DCHECK(!thread_checker_ || thread_checker_->CalledOnValidThread());
+  if (uses_default_policy_host_restrictions)
+    return default_policy_blocked_hosts();
+  runtime_lock_.AssertAcquired();
+  return policy_blocked_hosts_unsafe_;
+}
+
+const URLPatternSet PermissionsData::policy_allowed_hosts() const {
+  base::AutoLock auto_lock(runtime_lock_);
+  return PolicyAllowedHostsUnsafe();
+}
+
+const URLPatternSet& PermissionsData::PolicyAllowedHostsUnsafe() const {
+  DCHECK(!thread_checker_ || thread_checker_->CalledOnValidThread());
+  if (uses_default_policy_host_restrictions)
+    return default_policy_allowed_hosts();
+  runtime_lock_.AssertAcquired();
+  return policy_allowed_hosts_unsafe_;
+}
+
 void PermissionsData::BindToCurrentThread() const {
   DCHECK(!thread_checker_);
   thread_checker_.reset(new base::ThreadChecker());
 }
 
 void PermissionsData::SetPermissions(
     std::unique_ptr<const PermissionSet> active,
     std::unique_ptr<const PermissionSet> withheld) const {
   AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get());
   active_permissions_unsafe_ = std::move(active);
   withheld_permissions_unsafe_ = std::move(withheld);
 }
 
+void PermissionsData::SetPolicyHostRestrictions(
+    const URLPatternSet& runtime_blocked_hosts,
+    const URLPatternSet& runtime_allowed_hosts) const {
+  AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get());
+  policy_blocked_hosts_unsafe_ = runtime_blocked_hosts;
+  policy_allowed_hosts_unsafe_ = runtime_allowed_hosts;
+  uses_default_policy_host_restrictions = false;
+}
+
+void PermissionsData::SetUsesDefaultHostRestrictions() const {
+  AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get());
+  uses_default_policy_host_restrictions = true;
+}
+
+// static
+void PermissionsData::SetDefaultPolicyHostRestrictions(
+    const URLPatternSet& default_runtime_blocked_hosts,
+    const URLPatternSet& default_runtime_allowed_hosts) {
+  default_runtime_policy.Get().blocked_hosts = default_runtime_blocked_hosts;
+  default_runtime_policy.Get().allowed_hosts = default_runtime_allowed_hosts;
+}
+
 void PermissionsData::SetActivePermissions(
     std::unique_ptr<const PermissionSet> active) const {
   AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get());
   active_permissions_unsafe_ = std::move(active);
 }
 
 void PermissionsData::UpdateTabSpecificPermissions(
     int tab_id,
     const PermissionSet& permissions) const {
   AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get());
@@ skipping 48 matching lines @@
 URLPatternSet PermissionsData::GetEffectiveHostPermissions() const {
   base::AutoLock auto_lock(runtime_lock_);
   URLPatternSet effective_hosts = active_permissions_unsafe_->effective_hosts();
   for (const auto& val : tab_specific_permissions_)
     effective_hosts.AddPatterns(val.second->effective_hosts());
   return effective_hosts;
 }
 
 bool PermissionsData::HasHostPermission(const GURL& url) const {
   base::AutoLock auto_lock(runtime_lock_);
-  return active_permissions_unsafe_->HasExplicitAccessToOrigin(url);
+  return active_permissions_unsafe_->HasExplicitAccessToOrigin(url) &&
+         !IsRuntimeBlockedHost(url);
 }
 
 bool PermissionsData::HasEffectiveAccessToAllHosts() const {
   base::AutoLock auto_lock(runtime_lock_);
   return active_permissions_unsafe_->HasEffectiveAccessToAllHosts();
 }
 
 PermissionMessages PermissionsData::GetPermissionMessages() const {
   base::AutoLock auto_lock(runtime_lock_);
   return PermissionMessageProvider::Get()->GetPermissionMessages(
@@ skipping 98 matching lines @@
   if (tab_id >= 0) {
     const PermissionSet* tab_permissions = GetTabSpecificPermissions(tab_id);
     if (tab_permissions &&
         tab_permissions->explicit_hosts().MatchesSecurityOrigin(url)) {
       return true;
     }
   }
   return false;
 }
 
+bool PermissionsData::IsRuntimeBlockedHost(const GURL& url) const {
+  runtime_lock_.AssertAcquired();
+  return PolicyBlockedHostsUnsafe().MatchesURL(url) &&
+         !PolicyAllowedHostsUnsafe().MatchesURL(url);
+}
+
 PermissionsData::AccessType PermissionsData::CanRunOnPage(
     const Extension* extension,
     const GURL& document_url,
     int tab_id,
     const URLPatternSet& permitted_url_patterns,
     const URLPatternSet& withheld_url_patterns,
     std::string* error) const {
   runtime_lock_.AssertAcquired();
-  if (g_policy_delegate &&
-      !g_policy_delegate->CanExecuteScriptOnPage(extension, document_url,
-                                                 tab_id, error)) {
+  if (g_policy_delegate && !g_policy_delegate->CanExecuteScriptOnPage(
+                               extension, document_url, tab_id, error))
+    return ACCESS_DENIED;
+
+  if (extension->location() != Manifest::COMPONENT &&
+      extension->permissions_data()->IsRuntimeBlockedHost(document_url)) {
+    if (error)
+      *error = extension_misc::kPolicyBlockedScripting;
     return ACCESS_DENIED;
   }
 
   if (IsRestrictedUrl(document_url, extension, error))
     return ACCESS_DENIED;
 
   if (HasTabSpecificPermissionToExecuteScript(tab_id, document_url))
     return ACCESS_ALLOWED;
 
   if (permitted_url_patterns.MatchesURL(document_url))
     return ACCESS_ALLOWED;
 
   if (withheld_url_patterns.MatchesURL(document_url))
     return ACCESS_WITHHELD;
 
   if (error) {
     if (extension->permissions_data()->active_permissions().HasAPIPermission(
             APIPermission::kTab)) {
       *error = ErrorUtils::FormatErrorMessage(
           manifest_errors::kCannotAccessPageWithUrl, document_url.spec());
     } else {
       *error = manifest_errors::kCannotAccessPage;
     }
   }
 
   return ACCESS_DENIED;
 }
 
 }  // namespace extensions