Make ActiveScriptController use Active Tab-style permissions

extensions/common/permissions/permissions_data.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/common/permissions/permissions_data.h"
 
 #include "base/command_line.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/strings/string16.h"
 #include "base/strings/string_number_conversions.h"
@@ skipping 220 matching lines @@
 
   return true;
 }
 
 // Returns true if this extension id is from a trusted provider.
 bool IsTrustedId(const std::string& extension_id) {
   // See http://b/4946060 for more details.
   return extension_id == std::string("nckgahadagoaajjgafhacjanaoiihapd");
 }
 
+// Returns true if the |extension| has tab-specific permission to operate on
+// the tab specified by |tab_id| with the given |url|.
+// Note that if this returns false, it doesn't mean the extension can't run on
+// the given tab, only that it does not have tab-specific permission to do so.
+bool HasTabSpecificPermissionToExecuteScript(
+    const Extension* extension,
+    int tab_id,
+    const GURL& url) {
+  if (tab_id >= 0) {
+    scoped_refptr<const PermissionSet> tab_permissions =
+        PermissionsData::GetTabSpecificPermissions(extension, tab_id);
+    if (tab_permissions.get() &&
+        tab_permissions->explicit_hosts().MatchesSecurityOrigin(url)) {
+      return true;
+    }
+  }
+  return false;
+}
+
 }  // namespace
 
 struct PermissionsData::InitialPermissions {
   APIPermissionSet api_permissions;
   ManifestPermissionSet manifest_permissions;
   URLPatternSet host_permissions;
   URLPatternSet scriptable_hosts;
 };
 
 PermissionsData::PermissionsData() {
@@ skipping 156 matching lines @@
   return GetActivePermissions(extension)->HasExplicitAccessToOrigin(url);
 }
 
 // static
 bool PermissionsData::HasEffectiveAccessToAllHosts(const Extension* extension) {
   base::AutoLock auto_lock(extension->permissions_data()->runtime_lock_);
   return GetActivePermissions(extension)->HasEffectiveAccessToAllHosts();
 }
 
 // static
+bool PermissionsData::ShouldWarnAllHosts(const Extension* extension) {
+  base::AutoLock auto_lock(extension->permissions_data()->runtime_lock_);
+  return GetActivePermissions(extension)->ShouldWarnAllHosts();
+}
+
+// static
 PermissionMessages PermissionsData::GetPermissionMessages(
     const Extension* extension) {
   base::AutoLock auto_lock(extension->permissions_data()->runtime_lock_);
   if (ShouldSkipPermissionWarnings(extension)) {
     return PermissionMessages();
   } else {
     return PermissionMessageProvider::Get()->GetPermissionMessages(
         GetActivePermissions(extension), extension->GetType());
   }
 }
@@ skipping 56 matching lines @@
 
   if (top_frame_url.SchemeIs(extensions::kExtensionScheme) &&
       top_frame_url.GetOrigin() !=
           Extension::GetBaseURLFromExtensionId(extension->id()).GetOrigin() &&
       !can_execute_everywhere) {
     if (error)
       *error = errors::kCannotAccessExtensionUrl;
     return false;
   }
 
-  // If a tab ID is specified, try the tab-specific permissions.
-  if (tab_id >= 0) {
-    scoped_refptr<const PermissionSet> tab_permissions =
-        GetTabSpecificPermissions(extension, tab_id);
-    if (tab_permissions.get() &&
-        tab_permissions->explicit_hosts().MatchesSecurityOrigin(document_url)) {
-      return true;
-    }
-  }
+  if (HasTabSpecificPermissionToExecuteScript(extension, tab_id, top_frame_url))
+    return true;
 
   bool can_access = false;
 
   if (script) {
     // If a script is specified, use its matches.
     can_access = script->MatchesURL(document_url);
   } else {
     // Otherwise, see if this extension has permission to execute script
     // programmatically on pages.
     can_access = GetActivePermissions(extension)->
@@ skipping 43 matching lines @@
     return false;
   }
 
   if (error)
     *error = errors::kAllURLOrActiveTabNeeded;
   return false;
 }
 
 // static
 bool PermissionsData::RequiresActionForScriptExecution(
-    const Extension* extension) {
+    const Extension* extension,
+    int tab_id,
+    const GURL& url) {
   // For now, the user should be notified when an extension with all hosts
-  // permission tries to execute a script on a page. Exceptions for policy-
-  // enabled and component extensions.
-  return extension->ShouldDisplayInExtensionSettings() &&
-         !Manifest::IsPolicyLocation(extension->location()) &&
-         !Manifest::IsComponentLocation(extension->location()) &&
-         HasEffectiveAccessToAllHosts(extension);
+  // permission tries to execute a script on a page, with exceptions for policy-
+  // enabled and component extensions. If this doesn't meet those criteria,
+  // return immediately.
+  if (!extension->ShouldDisplayInExtensionSettings() ||
+      Manifest::IsPolicyLocation(extension->location()) ||
+      Manifest::IsComponentLocation(extension->location()) ||
+      !ShouldWarnAllHosts(extension)) {
+    return false;
+  }
+
+  // If the extension has explicit permission to run on the given tab, then
+  // we don't need to alert the user.
+  if (HasTabSpecificPermissionToExecuteScript(extension, tab_id, url))
+    return false;
+
+  return true;
 }
 
 bool PermissionsData::ParsePermissions(Extension* extension,
                                        base::string16* error) {
   initial_required_permissions_.reset(new InitialPermissions);
   if (!ParseHelper(extension,
                    keys::kPermissions,
                    &initial_required_permissions_->api_permissions,
                    &initial_required_permissions_->host_permissions,
                    error)) {
@@ skipping 34 matching lines @@
       initial_optional_permissions_->api_permissions,
       initial_optional_permissions_->manifest_permissions,
       initial_optional_permissions_->host_permissions,
       URLPatternSet());
 
   initial_required_permissions_.reset();
   initial_optional_permissions_.reset();
 }
 
 }  // namespace extensions