Fix the origin access whitelist for extensions

extensions/renderer/dispatcher.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/renderer/dispatcher.h"
 
 #include "base/bind.h"
 #include "base/callback.h"
 #include "base/command_line.h"
 #include "base/debug/alias.h"
@@ skipping 253 matching lines @@
                                 frame->document().securityOrigin());
 
   ScriptContext* context =
       delegate_->CreateScriptContext(v8_context, frame, extension, context_type)
           .release();
   script_context_set_.Add(context);
 
   // Initialize origin permissions for content scripts, which can't be
   // initialized in |OnActivateExtension|.
   if (context_type == Feature::CONTENT_SCRIPT_CONTEXT)
-    UpdateOriginPermissions(extension);
+    InitOriginPermissions(extension);
 
   {
     scoped_ptr<ModuleSystem> module_system(
         new ModuleSystem(context, &source_map_));
     context->set_module_system(module_system.Pass());
   }
   ModuleSystem* module_system = context->module_system();
 
   // Enable natives in startup.
   ModuleSystem::NativesEnabledScope natives_enabled_scope(module_system);
@@ skipping 214 matching lines @@
   }
 
   // Initialize host permissions for any extensions that were activated before
   // WebKit was initialized.
   for (std::set<std::string>::iterator iter = active_extension_ids_.begin();
        iter != active_extension_ids_.end();
        ++iter) {
     const Extension* extension = extensions_.GetByID(*iter);
     CHECK(extension);
 
-    UpdateOriginPermissions(extension);
+    InitOriginPermissions(extension);
   }
 
   EnableCustomElementWhiteList();
 
   is_webkit_initialized_ = true;
 }
 
 void Dispatcher::IdleNotification() {
   if (is_extension_process_ && forced_idle_timer_) {
     // Dampen the forced delay as well if the extension stays idle for long
@@ skipping 38 matching lines @@
   active_extension_ids_.insert(extension_id);
 
   // This is called when starting a new extension page, so start the idle
   // handler ticking.
   RenderThread::Get()->ScheduleIdleHandler(kInitialExtensionIdleHandlerDelayMs);
 
   if (is_webkit_initialized_) {
     extensions::DOMActivityLogger::AttachToWorld(
         extensions::DOMActivityLogger::kMainWorldId, extension_id);
 
-    UpdateOriginPermissions(extension);
+    InitOriginPermissions(extension);
   }
 
   UpdateActiveExtensions();
 }
 
 void Dispatcher::OnCancelSuspend(const std::string& extension_id) {
   DispatchEvent(extension_id, kOnSuspendCanceledEvent);
 }
 
 void Dispatcher::OnClearTabSpecificPermissions(
@@ skipping 155 matching lines @@
     const ExtensionMsg_UpdatePermissions_Params& params) {
   const Extension* extension = extensions_.GetByID(params.extension_id);
   if (!extension)
     return;
 
   scoped_refptr<const PermissionSet> active =
       params.active_permissions.ToPermissionSet();
   scoped_refptr<const PermissionSet> withheld =
       params.withheld_permissions.ToPermissionSet();
 
+  // If webkit isn't initialized, this will be done when it finishes starting

[not at google - send to devlin, 2014/07/23 01:18:54]

s/webkit/blink/

though I think the comment isn't really necessary

[Devlin, 2014/07/23 15:41:51]

Done.

+  // up.
+  if (is_webkit_initialized_) {
+    bool was_added = params.was_added;

[not at google - send to devlin, 2014/07/23 01:18:54]

this alias seems like overkill.

[Devlin, 2014/07/23 15:41:51]

Done.

+    URLPatternSet difference;
+    if (was_added) {
+      URLPatternSet::CreateDifference(
+          active->effective_hosts(),
+          extension->permissions_data()->GetEffectiveHostPermissions(),
+          &difference);
+    } else {
+      URLPatternSet::CreateDifference(
+          extension->permissions_data()->GetEffectiveHostPermissions(),
+          active->effective_hosts(),
+          &difference);
+    }
+
+    UpdateOriginPermissions(extension, was_added, difference);
+  }
+
   extension->permissions_data()->SetPermissions(active, withheld);
-  UpdateOriginPermissions(extension);
   UpdateBindings(extension->id());
 }
 
 void Dispatcher::OnUpdateTabSpecificPermissions(
     const GURL& url,
     int tab_id,
     const std::string& extension_id,
     const URLPatternSet& origin_set) {
   delegate_->UpdateTabSpecificPermissions(
       this, url, tab_id, extension_id, origin_set);
 }
 
 void Dispatcher::OnUsingWebRequestAPI(bool webrequest_used) {
   delegate_->HandleWebRequestAPIUsage(webrequest_used);
 }
 
 void Dispatcher::OnUserScriptsUpdated(
       const std::set<std::string>& changed_extensions,
       const std::vector<UserScript*>& scripts) {
   UpdateActiveExtensions();
 }
 
 void Dispatcher::UpdateActiveExtensions() {
   std::set<std::string> active_extensions = active_extension_ids_;
   user_script_set_->GetActiveExtensionIds(&active_extensions);
   delegate_->OnActiveExtensionsUpdated(active_extensions);
 }
 
-void Dispatcher::UpdateOriginPermissions(const Extension* extension) {
-  const URLPatternSet& hosts =
-      extension->permissions_data()->GetEffectiveHostPermissions();
-  WebSecurityPolicy::resetOriginAccessWhitelists();

[Devlin, 2014/07/22 21:56:47]

This was introduced in https://codereview.chromium.org/348313003, when I for
some inexplicable reason thought this would only clear the extension's origin
whitelist.  Clearly, this isn't the case, and results in us clearing the
whitelist for extensions obscenely frequently.

[not at google - send to devlin, 2014/07/23 01:18:54]

right... good point.

This would be such a simpler change if we just added a
clearOriginAccessWhitelist method which takes the origin. doesn't look very
hard, but blink changes... eh.

though a only-slightly-less-complicated change in the vein of what you had
before would be to remove the existing permissions then add the new ones.

[Devlin, 2014/07/23 15:41:51]

But to add the new ones, we add the new ones for _each existing extension_ which
seems bad.  Also, this would definitely mean updating callers of this to make
sure we aren't doing what we're doing now - which is calling this for each
extension when a new renderer is created.  Overall, to me, that sounds like a
slightly more invasive change... WDYT?

[not at google - send to devlin, 2014/07/23 15:45:35]

I don't think so? add/remove take the origin which is unique for every extension
(takes extension->url()). Maybe I'm misunderstanding.
I was imagining a method like SetOriginPermissions instead of
UpdateOriginPermissions (or still call it UpdateOriginPermissions... whatever).
instead of taking a was_added boolean it'd take the old permissions. in the case
of InitOriginPermissions the old permissions would be an empty set.

[Devlin, 2014/07/23 16:14:01]

Ahhh, I see, I misunderstood (thought you meant still use
resetOriginAccessWhitelists(), and then re-add everything).  Yes, that will
work. :)

+void Dispatcher::InitOriginPermissions(const Extension* extension) {
   delegate_->InitOriginPermissions(extension,
                                    IsExtensionActive(extension->id()));
-  for (URLPatternSet::const_iterator iter = hosts.begin(); iter != hosts.end();
-       ++iter) {
-    const char* schemes[] = {
-        url::kHttpScheme,
-        url::kHttpsScheme,
-        url::kFileScheme,
-        content::kChromeUIScheme,
-        url::kFtpScheme,
-    };
+  UpdateOriginPermissions(
+      extension,
+      true,  // was added
+      extension->permissions_data()->GetEffectiveHostPermissions());
+}
+
+void Dispatcher::UpdateOriginPermissions(
+    const Extension* extension,
+    bool was_added,
+    const URLPatternSet& patterns) {
+  static const char* schemes[] = {

[not at google - send to devlin, 2014/07/23 01:18:55]

kSchemes?

[Devlin, 2014/07/23 15:41:51]

Done.

+      url::kHttpScheme,
+      url::kHttpsScheme,
+      url::kFileScheme,
+      content::kChromeUIScheme,
+      url::kFtpScheme,
+  };
+  for (URLPatternSet::const_iterator iter = patterns.begin();
+       iter != patterns.end(); ++iter) {
     for (size_t j = 0; j < arraysize(schemes); ++j) {
       if (iter->MatchesScheme(schemes[j])) {
-        WebSecurityPolicy::addOriginAccessWhitelistEntry(
+        (was_added ? WebSecurityPolicy::addOriginAccessWhitelistEntry
+                   : WebSecurityPolicy::removeOriginAccessWhitelistEntry)(
             extension->url(),
             WebString::fromUTF8(schemes[j]),
             WebString::fromUTF8(iter->host()),
             iter->match_subdomains());
       }
     }
   }
 }
 
 void Dispatcher::EnableCustomElementWhiteList() {
@@ skipping 395 matching lines @@
     return v8::Handle<v8::Object>();
 
   if (bind_name)
     *bind_name = split.back();
 
   return bind_object.IsEmpty() ? AsObjectOrEmpty(GetOrCreateChrome(context))
                                : bind_object;
 }
 
 }  // namespace extensions