Implement unlimitedStorage content capability

chrome/browser/extensions/extension_special_storage_policy.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/extension_special_storage_policy.h"
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "base/memory/ref_counted.h"
 #include "base/metrics/histogram.h"
 #include "base/stl_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/browser/content_settings/cookie_settings.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/extensions/manifest_handlers/app_isolation_info.h"
 #include "chrome/common/extensions/manifest_handlers/app_launch_info.h"
 #include "chrome/common/url_constants.h"
 #include "components/content_settings/core/common/content_settings.h"
 #include "components/content_settings/core/common/content_settings_types.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/storage_partition.h"
 #include "content/public/common/url_constants.h"
 #include "extensions/common/constants.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/extension_set.h"
+#include "extensions/common/manifest_handlers/content_capabilities_handler.h"
 #include "extensions/common/permissions/permissions_data.h"
 #include "storage/browser/quota/quota_manager.h"
 #include "storage/common/quota/quota_status_code.h"
 #include "storage/common/quota/quota_types.h"
 
 using content::BrowserThread;
 using extensions::APIPermission;
 using extensions::Extension;
 using storage::SpecialStoragePolicy;
 
@@ skipping 51 matching lines @@
 
 bool ExtensionSpecialStoragePolicy::IsStorageUnlimited(const GURL& origin) {
   if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kUnlimitedStorage))
     return true;
 
   if (origin.SchemeIs(content::kChromeDevToolsScheme) &&
       origin.host() == chrome::kChromeUIDevToolsHost)
     return true;
 
   base::AutoLock locker(lock_);
-  return unlimited_extensions_.Contains(origin);
+  return unlimited_extensions_.Contains(origin) ||
+      unlimited_extensions_.GrantsCapabilitiesTo(origin);
 }
 
 bool ExtensionSpecialStoragePolicy::IsStorageSessionOnly(const GURL& origin) {
   if (cookie_settings_.get() == NULL)
     return false;
   return cookie_settings_->IsCookieSessionOnly(origin);
 }
 
 bool ExtensionSpecialStoragePolicy::CanQueryDiskSize(const GURL& origin) {
   base::AutoLock locker(lock_);
@@ skipping 35 matching lines @@
 ExtensionSpecialStoragePolicy::ExtensionsProtectingOrigin(
     const GURL& origin) {
   base::AutoLock locker(lock_);
   return protected_apps_.ExtensionsContaining(origin);
 }
 
 void ExtensionSpecialStoragePolicy::GrantRightsForExtension(
     const extensions::Extension* extension,
     content::BrowserContext* browser_context) {
   DCHECK(extension);
-  if (!(NeedsProtection(extension) ||
+
+  int change_flags = 0;
+  if (extensions::ContentCapabilitiesInfo::Get(extension).permissions.count(

[not at google - send to devlin, 2014/12/12 16:33:40]

Am I missing something; what guarantees the extension has a non-null
ContentCapabilitiesInfo?

[Ken Rockot(use gerrit already), 2014/12/12 16:39:07]

It's lazily constructed as needed. An extension without a content_capabilities
manifest entry will just have a CCI with empty permissions and empty
url_patterns.

[not at google - send to devlin, 2014/12/12 17:35:39]

Is that always the way these things work?

[Ken Rockot(use gerrit already), 2014/12/12 20:51:13]

It's the way some of them work. Others may be OK returning NULL.

I think I'd rather have a sane default object created lazily though.

+          APIPermission::kUnlimitedStorage) > 0) {
+    unlimited_extensions_.Add(extension);

[not at google - send to devlin, 2014/12/12 16:33:40]

I'm not sure; am I reading this correctly, and does this mean that I can do:

{
  "permissions": ["storage"],  // for example
  "content_capabilities": {
    "matches": ["https://google.com"],
    "permissions": ["unlimitedStorage"]
  }
}

and get unlimited storage for my own extension, in addition to for google.com?

[Ken Rockot(use gerrit already), 2014/12/12 16:39:08]

This only adds the extension to the unlimited_extensions_ set. Actual granting
of unlimited storage still happens per-origin according to the logic in
IsStorageUnlimited.

The presence of a content capability for unlimitedStorage at an origin will not
make IsStorageUnlimited("chrome-extension://foo/") pass.

Good test case though, so I'll add a test for reassurance.

[not at google - send to devlin, 2014/12/12 17:35:39]

Oh, I see. So unlimited extensions is just some kind of optimisation rather than
checking the installed extension set every time. Lame, ok. Test would be nice.

[Ken Rockot(use gerrit already), 2014/12/12 20:51:13]

It was pretty ugly, so I changed it. There's a separate set to track content
capabilities grantors now. More tests added for privilege boundaries.

+    change_flags |= SpecialStoragePolicy::STORAGE_UNLIMITED;
+  }
+
+  if (NeedsProtection(extension) ||
         extension->permissions_data()->HasAPIPermission(
             APIPermission::kUnlimitedStorage) ||
         extension->permissions_data()->HasAPIPermission(
             APIPermission::kFileBrowserHandler) ||
         extensions::AppIsolationInfo::HasIsolatedStorage(extension) ||
-        extension->is_app())) {
-    return;
-  }
-
-  int change_flags = 0;
-  {
+        extension->is_app()) {
     base::AutoLock locker(lock_);
     if (NeedsProtection(extension) && protected_apps_.Add(extension))
       change_flags |= SpecialStoragePolicy::STORAGE_PROTECTED;
     // FIXME: Does GrantRightsForExtension imply |extension| is installed?
     if (extension->is_app())
       installed_apps_.Add(extension);
 
     if (extension->permissions_data()->HasAPIPermission(
-            APIPermission::kUnlimitedStorage) &&
+          APIPermission::kUnlimitedStorage) &&
         unlimited_extensions_.Add(extension)) {
       if (extension->is_hosted_app())
         LogHostedAppUnlimitedStorageUsage(extension, browser_context);
-
       change_flags |= SpecialStoragePolicy::STORAGE_UNLIMITED;
     }
 
     if (extension->permissions_data()->HasAPIPermission(
             APIPermission::kFileBrowserHandler))
       file_handler_extensions_.Add(extension);
 
     if (extensions::AppIsolationInfo::HasIsolatedStorage(extension))
       isolated_extensions_.Add(extension);
   }
@@ skipping 101 matching lines @@
 
 ExtensionSpecialStoragePolicy::SpecialCollection::~SpecialCollection() {
   STLDeleteValues(&cached_results_);
 }
 
 bool ExtensionSpecialStoragePolicy::SpecialCollection::Contains(
     const GURL& origin) {
   return !ExtensionsContaining(origin)->is_empty();
 }
 
+bool ExtensionSpecialStoragePolicy::SpecialCollection::GrantsCapabilitiesTo(
+    const GURL& origin) {
+  for (scoped_refptr<const Extension> extension : extensions_) {
+    if (extensions::ContentCapabilitiesInfo::Get(extension.get()).url_patterns
+            .MatchesURL(origin)) {
+      return true;
+    }
+  }
+  return false;
+}
+
 const extensions::ExtensionSet*
 ExtensionSpecialStoragePolicy::SpecialCollection::ExtensionsContaining(
     const GURL& origin) {
   CachedResults::const_iterator found = cached_results_.find(origin);
   if (found != cached_results_.end())
     return found->second;
 
   extensions::ExtensionSet* result = new extensions::ExtensionSet();
   for (extensions::ExtensionSet::const_iterator iter = extensions_.begin();
        iter != extensions_.end(); ++iter) {
@@ skipping 23 matching lines @@
 
 void ExtensionSpecialStoragePolicy::SpecialCollection::Clear() {
   ClearCache();
   extensions_.Clear();
 }
 
 void ExtensionSpecialStoragePolicy::SpecialCollection::ClearCache() {
   STLDeleteValues(&cached_results_);
   cached_results_.clear();
 }