Support "always allow" for runtime script execution

chrome/browser/extensions/permissions_updater.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/permissions_updater.h"
 
 #include "base/json/json_writer.h"
 #include "base/memory/ref_counted.h"
 #include "base/values.h"
 #include "chrome/browser/chrome_notification_types.h"
@@ skipping 18 matching lines @@
 
 using content::RenderProcessHost;
 using extensions::permissions_api_helpers::PackPermissionSet;
 
 namespace extensions {
 
 namespace permissions = api::permissions;
 
 namespace {
 
+URLPatternSet FilterSingleOriginPermissions(const URLPatternSet& permissions) {
+  URLPatternSet single_origin_permissions;
+  for (URLPatternSet::const_iterator iter = permissions.begin();
+       iter != permissions.end();
+       ++iter) {
+    if (iter->MatchesSingleOrigin())
+      single_origin_permissions.AddPattern(*iter);
+  }
+  return single_origin_permissions;
+}
+
 // Returns a PermissionSet that has the active permissions of the extension,
 // bounded to its current manifest.
 scoped_refptr<const PermissionSet> GetBoundedActivePermissions(
-    const Extension* extension, ExtensionPrefs* extension_prefs) {
+    const Extension* extension, const PermissionSet* active_permissions) {
   // If the extension has used the optional permissions API, it will have a
   // custom set of active permissions defined in the extension prefs. Here,
   // we update the extension's active permissions based on the prefs.
-  scoped_refptr<const PermissionSet> active_permissions =
-      extension_prefs->GetActivePermissions(extension->id());
   if (!active_permissions)
     return extension->permissions_data()->active_permissions();
 
   scoped_refptr<const PermissionSet> required_permissions =
       PermissionsParser::GetRequiredPermissions(extension);
 
   // We restrict the active permissions to be within the bounds defined in the
   // extension's manifest.
   //  a) active permissions must be a subset of optional + default permissions
   //  b) active permissions must contains all default permissions
@@ skipping 79 matching lines @@
   if (!Manifest::IsUnpackedLocation(extension->location()) &&
       extension->location() != Manifest::INTERNAL)
     return;
 
   ExtensionPrefs::Get(browser_context_)->AddGrantedPermissions(
       extension->id(),
       extension->permissions_data()->active_permissions().get());
 }
 
 void PermissionsUpdater::InitializePermissions(const Extension* extension) {
+  scoped_refptr<const PermissionSet> active_permissions = ExtensionPrefs::Get(
+      browser_context_)->GetActivePermissions(extension->id());
   scoped_refptr<const PermissionSet> bounded_active =
-      GetBoundedActivePermissions(extension,
-                                  ExtensionPrefs::Get(browser_context_));
+      GetBoundedActivePermissions(extension, active_permissions);

[not at google - send to devlin, 2014/08/12 23:13:18]

active_permissions.get() ?

[gpdavis, 2014/08/13 00:08:24]

Ah, oops, missed that.  Looks like the compiler knows how to convert the smart
pointer, but there's no reason not to be concise.  Done.

[not at google - send to devlin, 2014/08/13 01:02:59]

Wow, what platform are you compiling on?

[gpdavis, 2014/08/13 01:14:50]

Ubuntu 12.04.  I didn't even get a compiler warning about it *shrug*

 
   // We withhold permissions iff the switch to do so is enabled, the extension
   // shows up in chrome:extensions (so the user can grant withheld permissions),
   // the extension is not part of chrome or corporate policy, and also not on
   // the scripting whitelist. Additionally, we don't withhold if the extension
   // has the preference to allow scripting on all urls.
   bool should_withhold_permissions =
       FeatureSwitch::scripts_require_action()->IsEnabled() &&
       extension->ShouldDisplayInExtensionSettings() &&
       !Manifest::IsPolicyLocation(extension->location()) &&
       !Manifest::IsComponentLocation(extension->location()) &&
       !PermissionsData::CanExecuteScriptEverywhere(extension) &&
       !util::AllowedScriptingOnAllUrls(extension->id(), browser_context_);
 
   URLPatternSet granted_explicit_hosts;
   URLPatternSet withheld_explicit_hosts;
   SegregateUrlPermissions(bounded_active->explicit_hosts(),
                           should_withhold_permissions,
                           &granted_explicit_hosts,
                           &withheld_explicit_hosts);
 
   URLPatternSet granted_scriptable_hosts;
   URLPatternSet withheld_scriptable_hosts;
   SegregateUrlPermissions(bounded_active->scriptable_hosts(),
                           should_withhold_permissions,
                           &granted_scriptable_hosts,
                           &withheld_scriptable_hosts);
 
+  // After withholding permissions, add back any origins to the active set that
+  // may have been lost during the set operations that would have dropped them.
+  // For example, the union of <all_urls> and <anything> is <all_urls>, so we
+  // may lose the <anything>. However, that <anything> is important once
+  // <all_urls> is stripped during withholding.
+  if (active_permissions) {
+    URLPatternSet::CreateUnion(
+        FilterSingleOriginPermissions(active_permissions->explicit_hosts()),
+        granted_explicit_hosts,
+        &granted_explicit_hosts);

[not at google - send to devlin, 2014/08/12 23:13:18]

I'm not so sure about writing the union to one of the inputs :\ i.e. the fact
that |granted_explicit_hosts| is used both as an in-param and an out-param looks
problematic.

Luckily, you can write this much nicer anyway:

granted_explicit_hosts.AddPatterns(FilterSingleOriginPermissions(..));
granted_scriptable_hosts...

[gpdavis, 2014/08/13 00:08:24]

Fair enough.  That is much simpler anyway.

+    URLPatternSet::CreateUnion(
+        FilterSingleOriginPermissions(active_permissions->scriptable_hosts()),
+        granted_scriptable_hosts,
+        &granted_scriptable_hosts);
+  }
+
   bounded_active = new PermissionSet(bounded_active->apis(),
                                      bounded_active->manifest_permissions(),
                                      granted_explicit_hosts,
                                      granted_scriptable_hosts);
 
   scoped_refptr<const PermissionSet> withheld =
       new PermissionSet(APIPermissionSet(),
                         ManifestPermissionSet(),
                         withheld_explicit_hosts,
                         withheld_scriptable_hosts);
@@ skipping 133 matching lines @@
             Profile::FromBrowserContext(host->GetBrowserContext()))) {
       host->Send(new ExtensionMsg_UpdatePermissions(params));
     }
   }
 
   // Trigger the onAdded and onRemoved events in the extension.
   DispatchEvent(extension->id(), event_name, changed);
 }
 
 }  // namespace extensions