Support "always allow" for runtime script execution

chrome/browser/extensions/permissions_updater.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/permissions_updater.h"
 
 #include "base/json/json_writer.h"
 #include "base/memory/ref_counted.h"
 #include "base/values.h"
 #include "chrome/browser/chrome_notification_types.h"
@@ skipping 18 matching lines @@
 
 using content::RenderProcessHost;
 using extensions::permissions_api_helpers::PackPermissionSet;
 
 namespace extensions {
 
 namespace permissions = api::permissions;
 
 namespace {
 
+URLPatternSet FilterSingleOriginPermissions(URLPatternSet permissions) {

[not at google - send to devlin, 2014/08/12 19:49:27]

const URLPatternSet& permissions

[gpdavis, 2014/08/12 21:19:55]

Done.

+  URLPatternSet single_origin_permissions;
+  for (URLPatternSet::const_iterator iter = permissions.begin();
+       iter != permissions.end();
+       ++iter) {
+    if (iter->MatchesSingleOrigin())
+      single_origin_permissions.AddPattern(*iter);
+  }
+  return single_origin_permissions;
+}
+
 // Returns a PermissionSet that has the active permissions of the extension,
 // bounded to its current manifest.
 scoped_refptr<const PermissionSet> GetBoundedActivePermissions(
     const Extension* extension, ExtensionPrefs* extension_prefs) {
   // If the extension has used the optional permissions API, it will have a
   // custom set of active permissions defined in the extension prefs. Here,
   // we update the extension's active permissions based on the prefs.
   scoped_refptr<const PermissionSet> active_permissions =
       extension_prefs->GetActivePermissions(extension->id());
   if (!active_permissions)
@@ skipping 11 matching lines @@
       PermissionsParser::GetOptionalPermissions(extension));
 
   // Make sure the active permissions contain no more than optional + default.
   scoped_refptr<PermissionSet> adjusted_active =
       PermissionSet::CreateIntersection(total_permissions, active_permissions);
 
   // Make sure the active permissions contain the default permissions.
   adjusted_active =
       PermissionSet::CreateUnion(required_permissions, adjusted_active);
 
+  // Re-add any active permissions that only match a single origin in order
+  // to persist "always run" script injection hosts. These permissions get
+  // filtered out because single origin permissions are not recognized as a
+  // subset of all-host permissions.
+  adjusted_active = PermissionSet::CreateUnion(
+      adjusted_active,
+      new PermissionSet(
+          APIPermissionSet(),
+          ManifestPermissionSet(),
+          FilterSingleOriginPermissions(active_permissions->explicit_hosts()),
+          FilterSingleOriginPermissions(
+              active_permissions->scriptable_hosts())));
+
   return adjusted_active;
 }
 
 // Divvy up the |url patterns| between those we grant and those we do not. If
 // |withhold_permissions| is false (because the requisite feature is not
 // enabled), no permissions are withheld.
 void SegregateUrlPermissions(const URLPatternSet& url_patterns,
                              bool withhold_permissions,
                              URLPatternSet* granted,
                              URLPatternSet* withheld) {
@@ skipping 91 matching lines @@
   URLPatternSet granted_scriptable_hosts;
   URLPatternSet withheld_scriptable_hosts;
   SegregateUrlPermissions(bounded_active->scriptable_hosts(),
                           should_withhold_permissions,
                           &granted_scriptable_hosts,
                           &withheld_scriptable_hosts);
 
   bounded_active = new PermissionSet(bounded_active->apis(),
                                      bounded_active->manifest_permissions(),
                                      granted_explicit_hosts,
                                      granted_scriptable_hosts);

[not at google - send to devlin, 2014/08/12 19:49:27]

I actually think this would be a better place to add those single origin
permissions back - even though it's effectively the same, it makes more sense in
context here. Then you could add a comment like:

// After withholding permissions, add back any origins to the active set that
may have been lost during the set operations that would have dropped them. For
example, the union of <all_urls> and <anything> is <all_urls>, so we may lose
the <anything>. However, that <anything> is important once <all_urls> is
stripped during withholding.

Now - there is a slight problem that only GetBoundedActivePermissions knows
about the permissions it needs to re-add. You can fix that by changing
GetBoundedActivePermissions to be passed the active permission set rather than
the extension prefs, then move it in here.

[gpdavis, 2014/08/12 21:19:55]

Done.

 
   scoped_refptr<const PermissionSet> withheld =
       new PermissionSet(APIPermissionSet(),
                         ManifestPermissionSet(),
                         withheld_explicit_hosts,
                         withheld_scriptable_hosts);
   SetPermissions(extension, bounded_active, withheld);
 }
 
 void PermissionsUpdater::WithholdImpliedAllHosts(const Extension* extension) {
@@ skipping 129 matching lines @@
             Profile::FromBrowserContext(host->GetBrowserContext()))) {
       host->Send(new ExtensionMsg_UpdatePermissions(params));
     }
   }
 
   // Trigger the onAdded and onRemoved events in the extension.
   DispatchEvent(extension->id(), event_name, changed);
 }
 
 }  // namespace extensions