Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(991)

Unified Diff: extensions/common/permissions/permissions_data.cc

Issue 348313003: Create withheld permissions (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Kalman's Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: extensions/common/permissions/permissions_data.cc
diff --git a/extensions/common/permissions/permissions_data.cc b/extensions/common/permissions/permissions_data.cc
index 1b160cab003c68e23a2895efa2b72a5bd5e01b12..73afe4373fbc9bbca9f5bca1b34f53e8504cd6e9 100644
--- a/extensions/common/permissions/permissions_data.cc
+++ b/extensions/common/permissions/permissions_data.cc
@@ -43,6 +43,7 @@ PermissionsData::PermissionsData(const Extension* extension)
required_permissions->manifest_permissions(),
required_permissions->explicit_hosts(),
required_permissions->scriptable_hosts());
+ withheld_permissions_unsafe_ = new PermissionSet();
}
PermissionsData::~PermissionsData() {
@@ -113,10 +114,12 @@ bool PermissionsData::IsRestrictedUrl(const GURL& document_url,
return false;
}
-void PermissionsData::SetActivePermissions(
- const PermissionSet* permissions) const {
+void PermissionsData::SetPermissions(
+ const scoped_refptr<const PermissionSet>& active,
+ const scoped_refptr<const PermissionSet>& withheld) const {
base::AutoLock auto_lock(runtime_lock_);
- active_permissions_unsafe_ = permissions;
+ active_permissions_unsafe_ = active;
+ withheld_permissions_unsafe_ = withheld;
}
void PermissionsData::UpdateTabSpecificPermissions(
@@ -204,18 +207,45 @@ PermissionsData::GetPermissionMessageDetailsStrings() const {
active_permissions(), manifest_type_);
}
+bool PermissionsData::HasWithheldImpliedAllHosts() const {
+ // Since we currently only withhold all_hosts, it's sufficient to check
+ // that either set is not empty.
+ return !withheld_permissions()->explicit_hosts().is_empty() ||
+ !withheld_permissions()->scriptable_hosts().is_empty();
+}
+
bool PermissionsData::CanAccessPage(const Extension* extension,
const GURL& document_url,
const GURL& top_frame_url,
int tab_id,
int process_id,
std::string* error) const {
+ AccessType result = CanRunOnPage(extension,
+ document_url,
+ top_frame_url,
+ tab_id,
+ process_id,
+ active_permissions()->explicit_hosts(),
+ withheld_permissions()->explicit_hosts(),
+ error);
+ // TODO(rdevlin.cronin) Update callers so that they only need ACCESS_ALLOWED.
+ return result == ACCESS_ALLOWED || result == ACCESS_WITHHELD;
+}
+
+PermissionsData::AccessType PermissionsData::GetPageAccess(
+ const Extension* extension,
+ const GURL& document_url,
+ const GURL& top_frame_url,
+ int tab_id,
+ int process_id,
+ std::string* error) const {
return CanRunOnPage(extension,
document_url,
top_frame_url,
tab_id,
process_id,
active_permissions()->explicit_hosts(),
+ withheld_permissions()->explicit_hosts(),
error);
}
@@ -225,12 +255,32 @@ bool PermissionsData::CanRunContentScriptOnPage(const Extension* extension,
int tab_id,
int process_id,
std::string* error) const {
+ AccessType result = CanRunOnPage(extension,
+ document_url,
+ top_frame_url,
+ tab_id,
+ process_id,
+ active_permissions()->scriptable_hosts(),
+ withheld_permissions()->scriptable_hosts(),
+ error);
+ // TODO(rdevlin.cronin) Update callers so that they only need ACCESS_ALLOWED.
+ return result == ACCESS_ALLOWED || result == ACCESS_WITHHELD;
+}
+
+PermissionsData::AccessType PermissionsData::GetContentScriptAccess(
+ const Extension* extension,
+ const GURL& document_url,
+ const GURL& top_frame_url,
+ int tab_id,
+ int process_id,
+ std::string* error) const {
return CanRunOnPage(extension,
document_url,
top_frame_url,
tab_id,
process_id,
active_permissions()->scriptable_hosts(),
+ withheld_permissions()->scriptable_hosts(),
error);
}
@@ -259,37 +309,6 @@ bool PermissionsData::CanCaptureVisiblePage(int tab_id,
return false;
}
-// static
-bool PermissionsData::RequiresActionForScriptExecution(
- const Extension* extension) const {
- return RequiresActionForScriptExecution(extension, -1, GURL());
-}
-
-// static
-bool PermissionsData::RequiresActionForScriptExecution(
- const Extension* extension,
- int tab_id,
- const GURL& url) const {
- // For now, the user should be notified when an extension with all hosts
- // permission tries to execute a script on a page. Exceptions for policy-
- // enabled and component extensions, and extensions which are whitelisted to
- // execute scripts everywhere.
- if (!extension->ShouldDisplayInExtensionSettings() ||
- Manifest::IsPolicyLocation(extension->location()) ||
- Manifest::IsComponentLocation(extension->location()) ||
- CanExecuteScriptEverywhere(extension) ||
- !active_permissions()->ShouldWarnAllHosts()) {
- return false;
- }
-
- // If the extension has explicit permission to run on the given tab, then
- // we don't need to alert the user.
- if (HasTabSpecificPermissionToExecuteScript(tab_id, url))
- return false;
-
- return true;
-}
-
scoped_refptr<const PermissionSet> PermissionsData::GetTabSpecificPermissions(
int tab_id) const {
base::AutoLock auto_lock(runtime_lock_);
@@ -313,33 +332,38 @@ bool PermissionsData::HasTabSpecificPermissionToExecuteScript(
return false;
}
-bool PermissionsData::CanRunOnPage(const Extension* extension,
- const GURL& document_url,
- const GURL& top_frame_url,
- int tab_id,
- int process_id,
- const URLPatternSet& permitted_url_patterns,
- std::string* error) const {
+PermissionsData::AccessType PermissionsData::CanRunOnPage(
+ const Extension* extension,
+ const GURL& document_url,
+ const GURL& top_frame_url,
+ int tab_id,
+ int process_id,
+ const URLPatternSet& permitted_url_patterns,
+ const URLPatternSet& withheld_url_patterns,
+ std::string* error) const {
if (g_policy_delegate &&
!g_policy_delegate->CanExecuteScriptOnPage(
extension, document_url, top_frame_url, tab_id, process_id, error)) {
- return false;
+ return ACCESS_DENIED;
}
if (IsRestrictedUrl(document_url, top_frame_url, extension, error))
- return false;
+ return ACCESS_DENIED;
if (HasTabSpecificPermissionToExecuteScript(tab_id, top_frame_url))
- return true;
+ return ACCESS_ALLOWED;
+
+ if (permitted_url_patterns.MatchesURL(document_url))
+ return ACCESS_ALLOWED;
- bool can_access = permitted_url_patterns.MatchesURL(document_url);
+ if (withheld_url_patterns.MatchesURL(document_url))
+ return ACCESS_WITHHELD;
- if (!can_access && error) {
+ if (error) {
*error = ErrorUtils::FormatErrorMessage(manifest_errors::kCannotAccessPage,
document_url.spec());
}
-
- return can_access;
+ return ACCESS_DENIED;
}
} // namespace extensions

Powered by Google App Engine
This is Rietveld 408576698