Respect the clipboardRead and clipboardWrite permissions in content scripts.

chrome/renderer/content_settings_observer.cc

Index: chrome/renderer/content_settings_observer.cc
diff --git a/chrome/renderer/content_settings_observer.cc b/chrome/renderer/content_settings_observer.cc
index 57de0757f4b3e8869a2f264e1855cbefe7a370b1..d302f45ead26cb2cc22de9c78dca5dc7da5c4c0b 100644
--- a/chrome/renderer/content_settings_observer.cc
+++ b/chrome/renderer/content_settings_observer.cc
@@ -26,6 +26,8 @@
 #include "chrome/common/extensions/chrome_extension_messages.h"
 #include "extensions/common/constants.h"
 #include "extensions/common/extension.h"
+#include "extensions/common/permissions/api_permission.h"
+#include "extensions/common/permissions/permissions_data.h"
 #include "extensions/renderer/dispatcher.h"
 #endif
 
@@ -410,10 +412,15 @@ bool ContentSettingsObserver::allowStorage(bool local) {
 bool ContentSettingsObserver::allowReadFromClipboard(bool default_value) {
   bool allowed = false;
 #if defined(ENABLE_EXTENSIONS)
-  WebFrame* frame = render_frame()->GetWebFrame();
-  // TODO(dcheng): Should we consider a toURL() method on WebSecurityOrigin?
-  Send(new ChromeViewHostMsg_CanTriggerClipboardRead(
-      GURL(frame->document().securityOrigin().toString()), &allowed));
+  extensions::ScriptContext* calling_context =
+      extension_dispatcher_->script_context_set().GetCalling();
+  if (calling_context) {
+    const extensions::Extension* extension =
+        calling_context->effective_extension();
+    allowed = extension &&
+              extension->permissions_data()->HasAPIPermission(
+                  extensions::APIPermission::kClipboardRead);
+  }
 #endif
   return allowed;
 }
@@ -421,9 +428,23 @@ bool ContentSettingsObserver::allowReadFromClipboard(bool default_value) {
 bool ContentSettingsObserver::allowWriteToClipboard(bool default_value) {
   bool allowed = false;
 #if defined(ENABLE_EXTENSIONS)
-  WebFrame* frame = render_frame()->GetWebFrame();
-  Send(new ChromeViewHostMsg_CanTriggerClipboardWrite(
-      GURL(frame->document().securityOrigin().toString()), &allowed));
+  // See comment in allowReadFromClipboard.

[Devlin, 2014/09/04 19:15:11]

There's no comment there anymore. :)

[Marijn Kruisselbrink, 2014/09/04 23:41:11]

Done.

+  // Additionally, since all blessed extension pages could historically write
+  // to the clipboard, preserve it for compatibility.
+  extensions::ScriptContext* calling_context =
+      extension_dispatcher_->script_context_set().GetCalling();
+  if (calling_context) {

[Devlin, 2014/09/04 19:15:11]

nit: I'd maybe consolidate this and the above a bit to improve
readability/changability.  Something like

bool CallingExtensionHasPermission(ScriptContext* calling_context,
                                   APIPermission permission) {
  const Extension* extension =
      calling_context ? calling_context->effective_extension() : NULL;
  return extension &&
         extension->permissions_data()->HasAPIPermission(permission)
}

But I don't feel strongly about it, so up to you.

[Marijn Kruisselbrink, 2014/09/04 23:41:11]

It would maybe be nice to have this as a ScriptContext::HasAPIPermission method,
but that might get a bit ugly with the separate extension() and
effective_extension() bits. It would either need to hardcode which one to use
for which permission, or have some kind of flag/separate method for either one,
and neither of those options seem particularly appealing. So I think for now
I'll just leave it as is.

+    if (calling_context->effective_context_type() ==
+        extensions::Feature::BLESSED_EXTENSION_CONTEXT) {
+      allowed = true;
+    } else {
+      const extensions::Extension* extension =
+          calling_context->effective_extension();
+      allowed = extension &&
+                extension->permissions_data()->HasAPIPermission(
+                    extensions::APIPermission::kClipboardWrite);
+    }
+  }
 #endif
   return allowed;
 }