Chromium Code Reviews Chromium Code Reviews
Issue 396033002:
Support "always allow" for runtime script execution (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/extensions/permissions_updater.cc |
| diff --git a/chrome/browser/extensions/permissions_updater.cc b/chrome/browser/extensions/permissions_updater.cc |
| index 5f2f62981d5889f7db19804d7734561aaaac5b9f..3e63c195a47449a1080d9f16bcbc335511d72c76 100644 |
| --- a/chrome/browser/extensions/permissions_updater.cc |
| +++ b/chrome/browser/extensions/permissions_updater.cc |
| @@ -36,15 +36,24 @@ namespace permissions = api::permissions; |
| namespace { |
| +URLPatternSet FilterSingleOriginPermissions(const URLPatternSet& permissions) { |
| + URLPatternSet single_origin_permissions; |
| + for (URLPatternSet::const_iterator iter = permissions.begin(); |
| + iter != permissions.end(); |
| + ++iter) { |
| + if (iter->MatchesSingleOrigin()) |
| + single_origin_permissions.AddPattern(*iter); |
| + } |
| + return single_origin_permissions; |
| +} |
| + |
| // Returns a PermissionSet that has the active permissions of the extension, |
| // bounded to its current manifest. |
| scoped_refptr<const PermissionSet> GetBoundedActivePermissions( |
| - const Extension* extension, ExtensionPrefs* extension_prefs) { |
| + const Extension* extension, const PermissionSet* active_permissions) { |
| // If the extension has used the optional permissions API, it will have a |
| // custom set of active permissions defined in the extension prefs. Here, |
| // we update the extension's active permissions based on the prefs. |
| - scoped_refptr<const PermissionSet> active_permissions = |
| - extension_prefs->GetActivePermissions(extension->id()); |
| if (!active_permissions) |
| return extension->permissions_data()->active_permissions(); |
| @@ -144,9 +153,10 @@ void PermissionsUpdater::GrantActivePermissions(const Extension* extension) { |
| } |
| void PermissionsUpdater::InitializePermissions(const Extension* extension) { |
| + scoped_refptr<const PermissionSet> active_permissions = ExtensionPrefs::Get( |
| + browser_context_)->GetActivePermissions(extension->id()); |
| scoped_refptr<const PermissionSet> bounded_active = |
| - GetBoundedActivePermissions(extension, |
| - ExtensionPrefs::Get(browser_context_)); |
| + GetBoundedActivePermissions(extension, active_permissions); |
|
not at google - send to devlin
2014/08/12 23:13:18
active_permissions.get() ?
gpdavis
2014/08/13 00:08:24
Ah, oops, missed that. Looks like the compiler kn
not at google - send to devlin
2014/08/13 01:02:59
Wow, what platform are you compiling on?
gpdavis
2014/08/13 01:14:50
Ubuntu 12.04. I didn't even get a compiler warnin
|
| // We withhold permissions iff the switch to do so is enabled, the extension |
| // shows up in chrome:extensions (so the user can grant withheld permissions), |
| @@ -175,6 +185,22 @@ void PermissionsUpdater::InitializePermissions(const Extension* extension) { |
| &granted_scriptable_hosts, |
| &withheld_scriptable_hosts); |
| + // After withholding permissions, add back any origins to the active set that |
| + // may have been lost during the set operations that would have dropped them. |
| + // For example, the union of <all_urls> and <anything> is <all_urls>, so we |
| + // may lose the <anything>. However, that <anything> is important once |
| + // <all_urls> is stripped during withholding. |
| + if (active_permissions) { |
| + URLPatternSet::CreateUnion( |
| + FilterSingleOriginPermissions(active_permissions->explicit_hosts()), |
| + granted_explicit_hosts, |
| + &granted_explicit_hosts); |
|
not at google - send to devlin
2014/08/12 23:13:18
I'm not so sure about writing the union to one of
gpdavis
2014/08/13 00:08:24
Fair enough. That is much simpler anyway.
|
| + URLPatternSet::CreateUnion( |
| + FilterSingleOriginPermissions(active_permissions->scriptable_hosts()), |
| + granted_scriptable_hosts, |
| + &granted_scriptable_hosts); |
| + } |
| + |
| bounded_active = new PermissionSet(bounded_active->apis(), |
| bounded_active->manifest_permissions(), |
| granted_explicit_hosts, |
