Implement unlimitedStorage content capability

chrome/browser/extensions/extension_special_storage_policy.cc

Index: chrome/browser/extensions/extension_special_storage_policy.cc
diff --git a/chrome/browser/extensions/extension_special_storage_policy.cc b/chrome/browser/extensions/extension_special_storage_policy.cc
index 79d06547fd0cb242787cb8fe637ae4b7dd8a28fd..3f8de179106ee938c621b2151e043ee82001d99b 100644
--- a/chrome/browser/extensions/extension_special_storage_policy.cc
+++ b/chrome/browser/extensions/extension_special_storage_policy.cc
@@ -25,6 +25,7 @@
 #include "extensions/common/constants.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/extension_set.h"
+#include "extensions/common/manifest_handlers/content_capabilities_handler.h"
 #include "extensions/common/permissions/permissions_data.h"
 #include "storage/browser/quota/quota_manager.h"
 #include "storage/common/quota/quota_status_code.h"
@@ -96,7 +97,8 @@ bool ExtensionSpecialStoragePolicy::IsStorageUnlimited(const GURL& origin) {
     return true;
 
   base::AutoLock locker(lock_);
-  return unlimited_extensions_.Contains(origin);
+  return unlimited_extensions_.Contains(origin) ||
+      unlimited_extensions_.GrantsCapabilitiesTo(origin);
 }
 
 bool ExtensionSpecialStoragePolicy::IsStorageSessionOnly(const GURL& origin) {
@@ -152,18 +154,21 @@ void ExtensionSpecialStoragePolicy::GrantRightsForExtension(
     const extensions::Extension* extension,
     content::BrowserContext* browser_context) {
   DCHECK(extension);
-  if (!(NeedsProtection(extension) ||
+
+  int change_flags = 0;
+  if (extensions::ContentCapabilitiesInfo::Get(extension).permissions.count(

[not at google - send to devlin, 2014/12/12 16:33:40]

Am I missing something; what guarantees the extension has a non-null
ContentCapabilitiesInfo?

[Ken Rockot(use gerrit already), 2014/12/12 16:39:07]

It's lazily constructed as needed. An extension without a content_capabilities
manifest entry will just have a CCI with empty permissions and empty
url_patterns.

[not at google - send to devlin, 2014/12/12 17:35:39]

Is that always the way these things work?

[Ken Rockot(use gerrit already), 2014/12/12 20:51:13]

It's the way some of them work. Others may be OK returning NULL.

I think I'd rather have a sane default object created lazily though.

+          APIPermission::kUnlimitedStorage) > 0) {
+    unlimited_extensions_.Add(extension);

[not at google - send to devlin, 2014/12/12 16:33:40]

I'm not sure; am I reading this correctly, and does this mean that I can do:

{
  "permissions": ["storage"],  // for example
  "content_capabilities": {
    "matches": ["https://google.com"],
    "permissions": ["unlimitedStorage"]
  }
}

and get unlimited storage for my own extension, in addition to for google.com?

[Ken Rockot(use gerrit already), 2014/12/12 16:39:08]

This only adds the extension to the unlimited_extensions_ set. Actual granting
of unlimited storage still happens per-origin according to the logic in
IsStorageUnlimited.

The presence of a content capability for unlimitedStorage at an origin will not
make IsStorageUnlimited("chrome-extension://foo/") pass.

Good test case though, so I'll add a test for reassurance.

[not at google - send to devlin, 2014/12/12 17:35:39]

Oh, I see. So unlimited extensions is just some kind of optimisation rather than
checking the installed extension set every time. Lame, ok. Test would be nice.

[Ken Rockot(use gerrit already), 2014/12/12 20:51:13]

It was pretty ugly, so I changed it. There's a separate set to track content
capabilities grantors now. More tests added for privilege boundaries.

+    change_flags |= SpecialStoragePolicy::STORAGE_UNLIMITED;
+  }
+
+  if (NeedsProtection(extension) ||
         extension->permissions_data()->HasAPIPermission(
             APIPermission::kUnlimitedStorage) ||
         extension->permissions_data()->HasAPIPermission(
             APIPermission::kFileBrowserHandler) ||
         extensions::AppIsolationInfo::HasIsolatedStorage(extension) ||
-        extension->is_app())) {
-    return;
-  }
-
-  int change_flags = 0;
-  {
+        extension->is_app()) {
     base::AutoLock locker(lock_);
     if (NeedsProtection(extension) && protected_apps_.Add(extension))
       change_flags |= SpecialStoragePolicy::STORAGE_PROTECTED;
@@ -172,11 +177,10 @@ void ExtensionSpecialStoragePolicy::GrantRightsForExtension(
       installed_apps_.Add(extension);
 
     if (extension->permissions_data()->HasAPIPermission(
-            APIPermission::kUnlimitedStorage) &&
+          APIPermission::kUnlimitedStorage) &&
         unlimited_extensions_.Add(extension)) {
       if (extension->is_hosted_app())
         LogHostedAppUnlimitedStorageUsage(extension, browser_context);
-
       change_flags |= SpecialStoragePolicy::STORAGE_UNLIMITED;
     }
 
@@ -298,6 +302,17 @@ bool ExtensionSpecialStoragePolicy::SpecialCollection::Contains(
   return !ExtensionsContaining(origin)->is_empty();
 }
 
+bool ExtensionSpecialStoragePolicy::SpecialCollection::GrantsCapabilitiesTo(
+    const GURL& origin) {
+  for (scoped_refptr<const Extension> extension : extensions_) {
+    if (extensions::ContentCapabilitiesInfo::Get(extension.get()).url_patterns
+            .MatchesURL(origin)) {
+      return true;
+    }
+  }
+  return false;
+}
+
 const extensions::ExtensionSet*
 ExtensionSpecialStoragePolicy::SpecialCollection::ExtensionsContaining(
     const GURL& origin) {