Index: extensions/common/permissions/permissions_data.cc |
diff --git a/extensions/common/permissions/permissions_data.cc b/extensions/common/permissions/permissions_data.cc |
index 1b160cab003c68e23a2895efa2b72a5bd5e01b12..73afe4373fbc9bbca9f5bca1b34f53e8504cd6e9 100644 |
--- a/extensions/common/permissions/permissions_data.cc |
+++ b/extensions/common/permissions/permissions_data.cc |
@@ -43,6 +43,7 @@ PermissionsData::PermissionsData(const Extension* extension) |
required_permissions->manifest_permissions(), |
required_permissions->explicit_hosts(), |
required_permissions->scriptable_hosts()); |
+ withheld_permissions_unsafe_ = new PermissionSet(); |
} |
PermissionsData::~PermissionsData() { |
@@ -113,10 +114,12 @@ bool PermissionsData::IsRestrictedUrl(const GURL& document_url, |
return false; |
} |
-void PermissionsData::SetActivePermissions( |
- const PermissionSet* permissions) const { |
+void PermissionsData::SetPermissions( |
+ const scoped_refptr<const PermissionSet>& active, |
+ const scoped_refptr<const PermissionSet>& withheld) const { |
base::AutoLock auto_lock(runtime_lock_); |
- active_permissions_unsafe_ = permissions; |
+ active_permissions_unsafe_ = active; |
+ withheld_permissions_unsafe_ = withheld; |
} |
void PermissionsData::UpdateTabSpecificPermissions( |
@@ -204,18 +207,45 @@ PermissionsData::GetPermissionMessageDetailsStrings() const { |
active_permissions(), manifest_type_); |
} |
+bool PermissionsData::HasWithheldImpliedAllHosts() const { |
+ // Since we currently only withhold all_hosts, it's sufficient to check |
+ // that either set is not empty. |
+ return !withheld_permissions()->explicit_hosts().is_empty() || |
+ !withheld_permissions()->scriptable_hosts().is_empty(); |
+} |
+ |
bool PermissionsData::CanAccessPage(const Extension* extension, |
const GURL& document_url, |
const GURL& top_frame_url, |
int tab_id, |
int process_id, |
std::string* error) const { |
+ AccessType result = CanRunOnPage(extension, |
+ document_url, |
+ top_frame_url, |
+ tab_id, |
+ process_id, |
+ active_permissions()->explicit_hosts(), |
+ withheld_permissions()->explicit_hosts(), |
+ error); |
+ // TODO(rdevlin.cronin) Update callers so that they only need ACCESS_ALLOWED. |
+ return result == ACCESS_ALLOWED || result == ACCESS_WITHHELD; |
+} |
+ |
+PermissionsData::AccessType PermissionsData::GetPageAccess( |
+ const Extension* extension, |
+ const GURL& document_url, |
+ const GURL& top_frame_url, |
+ int tab_id, |
+ int process_id, |
+ std::string* error) const { |
return CanRunOnPage(extension, |
document_url, |
top_frame_url, |
tab_id, |
process_id, |
active_permissions()->explicit_hosts(), |
+ withheld_permissions()->explicit_hosts(), |
error); |
} |
@@ -225,12 +255,32 @@ bool PermissionsData::CanRunContentScriptOnPage(const Extension* extension, |
int tab_id, |
int process_id, |
std::string* error) const { |
+ AccessType result = CanRunOnPage(extension, |
+ document_url, |
+ top_frame_url, |
+ tab_id, |
+ process_id, |
+ active_permissions()->scriptable_hosts(), |
+ withheld_permissions()->scriptable_hosts(), |
+ error); |
+ // TODO(rdevlin.cronin) Update callers so that they only need ACCESS_ALLOWED. |
+ return result == ACCESS_ALLOWED || result == ACCESS_WITHHELD; |
+} |
+ |
+PermissionsData::AccessType PermissionsData::GetContentScriptAccess( |
+ const Extension* extension, |
+ const GURL& document_url, |
+ const GURL& top_frame_url, |
+ int tab_id, |
+ int process_id, |
+ std::string* error) const { |
return CanRunOnPage(extension, |
document_url, |
top_frame_url, |
tab_id, |
process_id, |
active_permissions()->scriptable_hosts(), |
+ withheld_permissions()->scriptable_hosts(), |
error); |
} |
@@ -259,37 +309,6 @@ bool PermissionsData::CanCaptureVisiblePage(int tab_id, |
return false; |
} |
-// static |
-bool PermissionsData::RequiresActionForScriptExecution( |
- const Extension* extension) const { |
- return RequiresActionForScriptExecution(extension, -1, GURL()); |
-} |
- |
-// static |
-bool PermissionsData::RequiresActionForScriptExecution( |
- const Extension* extension, |
- int tab_id, |
- const GURL& url) const { |
- // For now, the user should be notified when an extension with all hosts |
- // permission tries to execute a script on a page. Exceptions for policy- |
- // enabled and component extensions, and extensions which are whitelisted to |
- // execute scripts everywhere. |
- if (!extension->ShouldDisplayInExtensionSettings() || |
- Manifest::IsPolicyLocation(extension->location()) || |
- Manifest::IsComponentLocation(extension->location()) || |
- CanExecuteScriptEverywhere(extension) || |
- !active_permissions()->ShouldWarnAllHosts()) { |
- return false; |
- } |
- |
- // If the extension has explicit permission to run on the given tab, then |
- // we don't need to alert the user. |
- if (HasTabSpecificPermissionToExecuteScript(tab_id, url)) |
- return false; |
- |
- return true; |
-} |
- |
scoped_refptr<const PermissionSet> PermissionsData::GetTabSpecificPermissions( |
int tab_id) const { |
base::AutoLock auto_lock(runtime_lock_); |
@@ -313,33 +332,38 @@ bool PermissionsData::HasTabSpecificPermissionToExecuteScript( |
return false; |
} |
-bool PermissionsData::CanRunOnPage(const Extension* extension, |
- const GURL& document_url, |
- const GURL& top_frame_url, |
- int tab_id, |
- int process_id, |
- const URLPatternSet& permitted_url_patterns, |
- std::string* error) const { |
+PermissionsData::AccessType PermissionsData::CanRunOnPage( |
+ const Extension* extension, |
+ const GURL& document_url, |
+ const GURL& top_frame_url, |
+ int tab_id, |
+ int process_id, |
+ const URLPatternSet& permitted_url_patterns, |
+ const URLPatternSet& withheld_url_patterns, |
+ std::string* error) const { |
if (g_policy_delegate && |
!g_policy_delegate->CanExecuteScriptOnPage( |
extension, document_url, top_frame_url, tab_id, process_id, error)) { |
- return false; |
+ return ACCESS_DENIED; |
} |
if (IsRestrictedUrl(document_url, top_frame_url, extension, error)) |
- return false; |
+ return ACCESS_DENIED; |
if (HasTabSpecificPermissionToExecuteScript(tab_id, top_frame_url)) |
- return true; |
+ return ACCESS_ALLOWED; |
+ |
+ if (permitted_url_patterns.MatchesURL(document_url)) |
+ return ACCESS_ALLOWED; |
- bool can_access = permitted_url_patterns.MatchesURL(document_url); |
+ if (withheld_url_patterns.MatchesURL(document_url)) |
+ return ACCESS_WITHHELD; |
- if (!can_access && error) { |
+ if (error) { |
*error = ErrorUtils::FormatErrorMessage(manifest_errors::kCannotAccessPage, |
document_url.spec()); |
} |
- |
- return can_access; |
+ return ACCESS_DENIED; |
} |
} // namespace extensions |