Respect the clipboardRead and clipboardWrite permissions in content scripts.

chrome/renderer/content_settings_observer.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/renderer/content_settings_observer.h"
 
 #include "base/command_line.h"
 #include "base/metrics/histogram.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/render_messages.h"
 #include "chrome/common/url_constants.h"
 #include "content/public/renderer/document_state.h"
 #include "content/public/renderer/navigation_state.h"
 #include "content/public/renderer/render_frame.h"
 #include "content/public/renderer/render_view.h"
 #include "third_party/WebKit/public/platform/WebPermissionCallbacks.h"
 #include "third_party/WebKit/public/platform/WebURL.h"
 #include "third_party/WebKit/public/web/WebDataSource.h"
 #include "third_party/WebKit/public/web/WebDocument.h"
 #include "third_party/WebKit/public/web/WebFrame.h"
 #include "third_party/WebKit/public/web/WebFrameClient.h"
 #include "third_party/WebKit/public/web/WebSecurityOrigin.h"
 #include "third_party/WebKit/public/web/WebView.h"
 
 #if defined(ENABLE_EXTENSIONS)
 #include "chrome/common/extensions/chrome_extension_messages.h"
 #include "extensions/common/constants.h"
 #include "extensions/common/extension.h"
+#include "extensions/common/permissions/api_permission.h"
+#include "extensions/common/permissions/permissions_data.h"
 #include "extensions/renderer/dispatcher.h"
 #endif
 
 using blink::WebDataSource;
 using blink::WebDocument;
 using blink::WebFrame;
 using blink::WebPermissionCallbacks;
 using blink::WebSecurityOrigin;
 using blink::WebString;
 using blink::WebURL;
@@ skipping 364 matching lines @@
       routing_id(), GURL(frame->document().securityOrigin().toString()),
       GURL(frame->top()->document().securityOrigin().toString()),
       local, &result));
   cached_storage_permissions_[key] = result;
   return result;
 }
 
 bool ContentSettingsObserver::allowReadFromClipboard(bool default_value) {
   bool allowed = false;
 #if defined(ENABLE_EXTENSIONS)
-  WebFrame* frame = render_frame()->GetWebFrame();
-  // TODO(dcheng): Should we consider a toURL() method on WebSecurityOrigin?
-  Send(new ChromeViewHostMsg_CanTriggerClipboardRead(
-      GURL(frame->document().securityOrigin().toString()), &allowed));
+  extensions::ScriptContext* calling_context =
+      extension_dispatcher_->script_context_set().GetCalling();
+  if (calling_context) {
+    const extensions::Extension* extension =
+        calling_context->effective_extension();
+    allowed = extension &&
+              extension->permissions_data()->HasAPIPermission(
+                  extensions::APIPermission::kClipboardRead);
+  }
 #endif
   return allowed;
 }
 
 bool ContentSettingsObserver::allowWriteToClipboard(bool default_value) {
   bool allowed = false;
 #if defined(ENABLE_EXTENSIONS)
-  WebFrame* frame = render_frame()->GetWebFrame();
-  Send(new ChromeViewHostMsg_CanTriggerClipboardWrite(
-      GURL(frame->document().securityOrigin().toString()), &allowed));
+  // See comment in allowReadFromClipboard.

[Devlin, 2014/09/04 19:15:11]

There's no comment there anymore. :)

[Marijn Kruisselbrink, 2014/09/04 23:41:11]

Done.

+  // Additionally, since all blessed extension pages could historically write
+  // to the clipboard, preserve it for compatibility.
+  extensions::ScriptContext* calling_context =
+      extension_dispatcher_->script_context_set().GetCalling();
+  if (calling_context) {

[Devlin, 2014/09/04 19:15:11]

nit: I'd maybe consolidate this and the above a bit to improve
readability/changability.  Something like

bool CallingExtensionHasPermission(ScriptContext* calling_context,
                                   APIPermission permission) {
  const Extension* extension =
      calling_context ? calling_context->effective_extension() : NULL;
  return extension &&
         extension->permissions_data()->HasAPIPermission(permission)
}

But I don't feel strongly about it, so up to you.

[Marijn Kruisselbrink, 2014/09/04 23:41:11]

It would maybe be nice to have this as a ScriptContext::HasAPIPermission method,
but that might get a bit ugly with the separate extension() and
effective_extension() bits. It would either need to hardcode which one to use
for which permission, or have some kind of flag/separate method for either one,
and neither of those options seem particularly appealing. So I think for now
I'll just leave it as is.

+    if (calling_context->effective_context_type() ==
+        extensions::Feature::BLESSED_EXTENSION_CONTEXT) {
+      allowed = true;
+    } else {
+      const extensions::Extension* extension =
+          calling_context->effective_extension();
+      allowed = extension &&
+                extension->permissions_data()->HasAPIPermission(
+                    extensions::APIPermission::kClipboardWrite);
+    }
+  }
 #endif
   return allowed;
 }
 
 bool ContentSettingsObserver::allowMutationEvents(bool default_value) {
   return IsPlatformApp() ? false : default_value;
 }
 
 bool ContentSettingsObserver::allowPushState() {
   return !IsPlatformApp();
@@ skipping 258 matching lines @@
 
   // If the scheme is file:, an empty file name indicates a directory listing,
   // which requires JavaScript to function properly.
   if (EqualsASCII(origin.protocol(), url::kFileScheme)) {
     return document_url.SchemeIs(url::kFileScheme) &&
            document_url.ExtractFileName().empty();
   }
 
   return false;
 }