Move UpdateActivePermissions from ExtensionService to PermissionsUpdater

chrome/browser/extensions/permissions_updater.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/permissions_updater.h"
 
 #include "base/json/json_writer.h"
 #include "base/memory/ref_counted.h"
 #include "base/values.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/extensions/api/permissions/permissions_api_helpers.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/extensions/api/permissions.h"
 #include "content/public/browser/notification_observer.h"
 #include "content/public/browser/notification_registrar.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/render_process_host.h"
 #include "extensions/browser/event_router.h"
 #include "extensions/browser/extension_prefs.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/extension_messages.h"
+#include "extensions/common/manifest_handlers/permissions_parser.h"
+#include "extensions/common/permissions/permission_set.h"
 #include "extensions/common/permissions/permissions_data.h"
 
 using content::RenderProcessHost;
 using extensions::permissions_api_helpers::PackPermissionSet;
 
 namespace extensions {
 
 namespace permissions = api::permissions;
 
-PermissionsUpdater::PermissionsUpdater(Profile* profile)
-    : profile_(profile) {}
+PermissionsUpdater::PermissionsUpdater(content::BrowserContext* browser_context)
+    : browser_context_(browser_context) {
+}
 
 PermissionsUpdater::~PermissionsUpdater() {}
 
 void PermissionsUpdater::AddPermissions(
     const Extension* extension, const PermissionSet* permissions) {
   scoped_refptr<const PermissionSet> existing(
       extension->permissions_data()->active_permissions());
   scoped_refptr<PermissionSet> total(
       PermissionSet::CreateUnion(existing.get(), permissions));
   scoped_refptr<PermissionSet> added(
       PermissionSet::CreateDifference(total.get(), existing.get()));
 
-  UpdateActivePermissions(extension, total.get());
+  SetActivePermissions(extension, total.get());
 
   // Update the granted permissions so we don't auto-disable the extension.
   GrantActivePermissions(extension);
 
   NotifyPermissionsUpdated(ADDED, extension, added.get());
 }
 
 void PermissionsUpdater::RemovePermissions(
     const Extension* extension, const PermissionSet* permissions) {
   scoped_refptr<const PermissionSet> existing(
       extension->permissions_data()->active_permissions());
   scoped_refptr<PermissionSet> total(
       PermissionSet::CreateDifference(existing.get(), permissions));
   scoped_refptr<PermissionSet> removed(
       PermissionSet::CreateDifference(existing.get(), total.get()));
 
   // We update the active permissions, and not the granted permissions, because
   // the extension, not the user, removed the permissions. This allows the
   // extension to add them again without prompting the user.
-  UpdateActivePermissions(extension, total.get());
+  SetActivePermissions(extension, total.get());
 
   NotifyPermissionsUpdated(REMOVED, extension, removed.get());
 }
 
 void PermissionsUpdater::GrantActivePermissions(const Extension* extension) {
   CHECK(extension);
 
   // We only maintain the granted permissions prefs for INTERNAL and LOAD
   // extensions.
   if (!Manifest::IsUnpackedLocation(extension->location()) &&
       extension->location() != Manifest::INTERNAL)
     return;
 
-  ExtensionPrefs::Get(profile_)->AddGrantedPermissions(
+  ExtensionPrefs::Get(browser_context_)->AddGrantedPermissions(
       extension->id(),
       extension->permissions_data()->active_permissions().get());
 }
 
-void PermissionsUpdater::UpdateActivePermissions(
+void PermissionsUpdater::UpdateActivePermissions(const Extension* extension) {
+  // If the extension has used the optional permissions API, it will have a
+  // custom set of active permissions defined in the extension prefs. Here,
+  // we update the extension's active permissions based on the prefs.
+  scoped_refptr<PermissionSet> active_permissions =
+      ExtensionPrefs::Get(browser_context_)->GetActivePermissions(
+          extension->id());
+  if (!active_permissions)
+    return;
+
+  // We restrict the active permissions to be within the bounds defined in the
+  // extension's manifest.
+  //  a) active permissions must be a subset of optional + default permissions
+  //  b) active permissions must contains all default permissions
+  scoped_refptr<PermissionSet> total_permissions = PermissionSet::CreateUnion(
+      PermissionsParser::GetRequiredPermissions(extension),
+      PermissionsParser::GetOptionalPermissions(extension));
+
+  // Make sure the active permissions contain no more than optional + default.
+  scoped_refptr<PermissionSet> adjusted_active =
+      PermissionSet::CreateIntersection(total_permissions, active_permissions);
+
+  // Make sure the active permissions contain the default permissions.
+  adjusted_active = PermissionSet::CreateUnion(
+      PermissionsParser::GetRequiredPermissions(extension),
+      adjusted_active);
+
+  SetActivePermissions(extension, adjusted_active);
+}
+
+void PermissionsUpdater::SetActivePermissions(
     const Extension* extension, const PermissionSet* permissions) {
-  ExtensionPrefs::Get(profile_)->SetActivePermissions(
+  ExtensionPrefs::Get(browser_context_)->SetActivePermissions(
       extension->id(), permissions);
   extension->permissions_data()->SetActivePermissions(permissions);
 }
 
 void PermissionsUpdater::DispatchEvent(
     const std::string& extension_id,
     const char* event_name,
     const PermissionSet* changed_permissions) {
-  if (!profile_ || !EventRouter::Get(profile_))
+  EventRouter* event_router = EventRouter::Get(browser_context_);
+  if (!event_router)
     return;
 
   scoped_ptr<base::ListValue> value(new base::ListValue());
   scoped_ptr<api::permissions::Permissions> permissions =
       PackPermissionSet(changed_permissions);
   value->Append(permissions->ToValue().release());
   scoped_ptr<Event> event(new Event(event_name, value.Pass()));
-  event->restrict_to_browser_context = profile_;
-  EventRouter::Get(profile_)
-      ->DispatchEventToExtension(extension_id, event.Pass());
+  event->restrict_to_browser_context = browser_context_;
+  event_router->DispatchEventToExtension(extension_id, event.Pass());
 }
 
 void PermissionsUpdater::NotifyPermissionsUpdated(
     EventType event_type,
     const Extension* extension,
     const PermissionSet* changed) {
   if (!changed || changed->IsEmpty())
     return;
 
   UpdatedExtensionPermissionsInfo::Reason reason;
   const char* event_name = NULL;
 
   if (event_type == REMOVED) {
     reason = UpdatedExtensionPermissionsInfo::REMOVED;
     event_name = permissions::OnRemoved::kEventName;
   } else {
     CHECK_EQ(ADDED, event_type);
     reason = UpdatedExtensionPermissionsInfo::ADDED;
     event_name = permissions::OnAdded::kEventName;
   }
 
   // Notify other APIs or interested parties.
   UpdatedExtensionPermissionsInfo info = UpdatedExtensionPermissionsInfo(
       extension, changed, reason);
+  Profile* profile = Profile::FromBrowserContext(browser_context_);
   content::NotificationService::current()->Notify(
       chrome::NOTIFICATION_EXTENSION_PERMISSIONS_UPDATED,
-      content::Source<Profile>(profile_),
+      content::Source<Profile>(profile),
       content::Details<UpdatedExtensionPermissionsInfo>(&info));
 
+  ExtensionMsg_UpdatePermissions_Params params;
+  params.reason_id = static_cast<int>(reason);
+  params.extension_id = extension->id();
+  params.apis = changed->apis();
+  params.manifest_permissions = changed->manifest_permissions();
+  params.explicit_hosts = changed->explicit_hosts();
+  params.scriptable_hosts = changed->scriptable_hosts();
+
   // Send the new permissions to the renderers.
   for (RenderProcessHost::iterator i(RenderProcessHost::AllHostsIterator());
        !i.IsAtEnd(); i.Advance()) {
     RenderProcessHost* host = i.GetCurrentValue();
-    Profile* profile = Profile::FromBrowserContext(host->GetBrowserContext());
-    if (profile_->IsSameProfile(profile)) {
-      ExtensionMsg_UpdatePermissions_Params info;
-      info.reason_id = static_cast<int>(reason);
-      info.extension_id = extension->id();
-      info.apis = changed->apis();
-      info.manifest_permissions = changed->manifest_permissions();
-      info.explicit_hosts = changed->explicit_hosts();
-      info.scriptable_hosts = changed->scriptable_hosts();
-      host->Send(new ExtensionMsg_UpdatePermissions(info));
+    if (profile->IsSameProfile(
+            Profile::FromBrowserContext(host->GetBrowserContext()))) {
+      host->Send(new ExtensionMsg_UpdatePermissions(params));
     }
   }
 
   // Trigger the onAdded and onRemoved events in the extension.
   DispatchEvent(extension->id(), event_name, changed);
 }
 
 }  // namespace extensions