Create withheld permissions

extensions/renderer/dispatcher.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/renderer/dispatcher.h"
 
 #include "base/bind.h"
 #include "base/callback.h"
 #include "base/command_line.h"
 #include "base/debug/alias.h"
@@ skipping 253 matching lines @@
                                 frame->document().securityOrigin());
 
   ScriptContext* context =
       delegate_->CreateScriptContext(v8_context, frame, extension, context_type)
           .release();
   script_context_set_.Add(context);
 
   // Initialize origin permissions for content scripts, which can't be
   // initialized in |OnActivateExtension|.
   if (context_type == Feature::CONTENT_SCRIPT_CONTEXT)
-    InitOriginPermissions(extension);
+    UpdateOriginPermissions(extension);
 
   {
     scoped_ptr<ModuleSystem> module_system(
         new ModuleSystem(context, &source_map_));
     context->set_module_system(module_system.Pass());
   }
   ModuleSystem* module_system = context->module_system();
 
   // Enable natives in startup.
   ModuleSystem::NativesEnabledScope natives_enabled_scope(module_system);
@@ skipping 214 matching lines @@
   }
 
   // Initialize host permissions for any extensions that were activated before
   // WebKit was initialized.
   for (std::set<std::string>::iterator iter = active_extension_ids_.begin();
        iter != active_extension_ids_.end();
        ++iter) {
     const Extension* extension = extensions_.GetByID(*iter);
     CHECK(extension);
 
-    InitOriginPermissions(extension);
+    UpdateOriginPermissions(extension);
   }
 
   EnableCustomElementWhiteList();
 
   is_webkit_initialized_ = true;
 }
 
 void Dispatcher::IdleNotification() {
   if (is_extension_process_ && forced_idle_timer_) {
     // Dampen the forced delay as well if the extension stays idle for long
@@ skipping 38 matching lines @@
   active_extension_ids_.insert(extension_id);
 
   // This is called when starting a new extension page, so start the idle
   // handler ticking.
   RenderThread::Get()->ScheduleIdleHandler(kInitialExtensionIdleHandlerDelayMs);
 
   if (is_webkit_initialized_) {
     extensions::DOMActivityLogger::AttachToWorld(
         extensions::DOMActivityLogger::kMainWorldId, extension_id);
 
-    InitOriginPermissions(extension);
+    UpdateOriginPermissions(extension);
   }
 
   UpdateActiveExtensions();
 }
 
 void Dispatcher::OnCancelSuspend(const std::string& extension_id) {
   DispatchEvent(extension_id, kOnSuspendCanceledEvent);
 }
 
 void Dispatcher::OnClearTabSpecificPermissions(
@@ skipping 146 matching lines @@
   // reloaded with a new messages map.
   EraseL10nMessagesMap(id);
 
   // We don't do anything with existing platform-app stylesheets. They will
   // stay resident, but the URL pattern corresponding to the unloaded
   // extension's URL just won't match anything anymore.
 }
 
 void Dispatcher::OnUpdatePermissions(
     const ExtensionMsg_UpdatePermissions_Params& params) {
-  int reason_id = params.reason_id;
-  const std::string& extension_id = params.extension_id;
-  const APIPermissionSet& apis = params.apis;
-  const ManifestPermissionSet& manifest_permissions =
-      params.manifest_permissions;
-  const URLPatternSet& explicit_hosts = params.explicit_hosts;
-  const URLPatternSet& scriptable_hosts = params.scriptable_hosts;
-
-  const Extension* extension = extensions_.GetByID(extension_id);
+  const Extension* extension = extensions_.GetByID(params.extension_id);
   if (!extension)
     return;
 
-  scoped_refptr<const PermissionSet> delta = new PermissionSet(
-      apis, manifest_permissions, explicit_hosts, scriptable_hosts);
-  scoped_refptr<const PermissionSet> old_active =
-      extension->permissions_data()->active_permissions();
-  UpdatedExtensionPermissionsInfo::Reason reason =
-      static_cast<UpdatedExtensionPermissionsInfo::Reason>(reason_id);
+  scoped_refptr<const PermissionSet> active =
+      params.active_permissions.ToPermissionSet();
+  scoped_refptr<const PermissionSet> withheld =
+      params.withheld_permissions.ToPermissionSet();
 
-  const PermissionSet* new_active = NULL;
-  switch (reason) {
-    case UpdatedExtensionPermissionsInfo::ADDED:
-      new_active = PermissionSet::CreateUnion(old_active.get(), delta.get());
-      break;
-    case UpdatedExtensionPermissionsInfo::REMOVED:
-      new_active =
-          PermissionSet::CreateDifference(old_active.get(), delta.get());
-      break;
-  }
-
-  extension->permissions_data()->SetActivePermissions(new_active);
-  UpdateOriginPermissions(reason, extension, explicit_hosts);
+  extension->permissions_data()->SetPermissions(active, withheld);
+  UpdateOriginPermissions(extension);
   UpdateBindings(extension->id());
 }
 
 void Dispatcher::OnUpdateTabSpecificPermissions(
     int page_id,
     int tab_id,
     const std::string& extension_id,
     const URLPatternSet& origin_set) {
   delegate_->UpdateTabSpecificPermissions(
       this, page_id, tab_id, extension_id, origin_set);
 }
 
 void Dispatcher::OnUsingWebRequestAPI(bool webrequest_used) {
   delegate_->HandleWebRequestAPIUsage(webrequest_used);
 }
 
 void Dispatcher::OnUserScriptsUpdated(
       const std::set<std::string>& changed_extensions,
       const std::vector<UserScript*>& scripts) {
   UpdateActiveExtensions();
 }
 
 void Dispatcher::UpdateActiveExtensions() {
   std::set<std::string> active_extensions = active_extension_ids_;
   user_script_set_->GetActiveExtensionIds(&active_extensions);
   delegate_->OnActiveExtensionsUpdated(active_extensions);
 }
 
-void Dispatcher::InitOriginPermissions(const Extension* extension) {
+void Dispatcher::UpdateOriginPermissions(const Extension* extension) {
+  const URLPatternSet& hosts =
+      extension->permissions_data()->GetEffectiveHostPermissions();
+  WebSecurityPolicy::resetOriginAccessWhitelists();
   delegate_->InitOriginPermissions(extension,
                                    IsExtensionActive(extension->id()));
-  UpdateOriginPermissions(
-      UpdatedExtensionPermissionsInfo::ADDED,
-      extension,
-      extension->permissions_data()->GetEffectiveHostPermissions());
-}
-
-void Dispatcher::UpdateOriginPermissions(
-    UpdatedExtensionPermissionsInfo::Reason reason,
-    const Extension* extension,
-    const URLPatternSet& origins) {
-  for (URLPatternSet::const_iterator i = origins.begin(); i != origins.end();
-       ++i) {
+  for (URLPatternSet::const_iterator iter = hosts.begin(); iter != hosts.end();
+       ++iter) {
     const char* schemes[] = {
         url::kHttpScheme,
         url::kHttpsScheme,
         url::kFileScheme,
         content::kChromeUIScheme,
         url::kFtpScheme,
     };
     for (size_t j = 0; j < arraysize(schemes); ++j) {
-      if (i->MatchesScheme(schemes[j])) {
-        ((reason == UpdatedExtensionPermissionsInfo::REMOVED)
-             ? WebSecurityPolicy::removeOriginAccessWhitelistEntry
-             : WebSecurityPolicy::addOriginAccessWhitelistEntry)(
+      if (iter->MatchesScheme(schemes[j])) {
+        WebSecurityPolicy::addOriginAccessWhitelistEntry(
             extension->url(),
             WebString::fromUTF8(schemes[j]),
-            WebString::fromUTF8(i->host()),
-            i->match_subdomains());
+            WebString::fromUTF8(iter->host()),
+            iter->match_subdomains());
       }
     }
   }
 }
 
 void Dispatcher::EnableCustomElementWhiteList() {
   blink::WebCustomElement::addEmbedderCustomElementName("webview");
   blink::WebCustomElement::addEmbedderCustomElementName("browser-plugin");
 }
 
@@ skipping 389 matching lines @@
     return v8::Handle<v8::Object>();
 
   if (bind_name)
     *bind_name = split.back();
 
   return bind_object.IsEmpty() ? AsObjectOrEmpty(GetOrCreateChrome(context))
                                : bind_object;
 }
 
 }  // namespace extensions