[Extensions] Propagate activeTab hosts to extension background pages

extensions/common/permissions/permissions_data.h

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef EXTENSIONS_COMMON_PERMISSIONS_PERMISSIONS_DATA_H_
 #define EXTENSIONS_COMMON_PERMISSIONS_PERMISSIONS_DATA_H_
 
 #include <map>
 #include <string>
 #include <vector>
@@ skipping 25 matching lines @@
 class PermissionsData {
  public:
   // The possible types of access for a given frame.
   enum AccessType {
     ACCESS_DENIED,   // The extension is not allowed to access the given page.
     ACCESS_ALLOWED,  // The extension is allowed to access the given page.
     ACCESS_WITHHELD  // The browser must determine if the extension can access
                      // the given page.
   };
 
+  using TabPermissionsMap = std::map<int, scoped_refptr<const PermissionSet>>;
+
   // Delegate class to allow different contexts (e.g. browser vs renderer) to
   // have control over policy decisions.
   class PolicyDelegate {
    public:
     virtual ~PolicyDelegate() {}
 
     // Returns false if script access should be blocked on this page.
     // Otherwise, default policy should decide.
     virtual bool CanExecuteScriptOnPage(const Extension* extension,
                                         const GURL& document_url,
@@ skipping 52 matching lines @@
   // Note this does not include APIs with no corresponding permission, like
   // "runtime" or "browserAction".
   // TODO(mpcomplete): drop the "API" from these names, it's confusing.
   bool HasAPIPermission(APIPermission::ID permission) const;
   bool HasAPIPermission(const std::string& permission_name) const;
   bool HasAPIPermissionForTab(int tab_id, APIPermission::ID permission) const;
   bool CheckAPIPermissionWithParam(
       APIPermission::ID permission,
       const APIPermission::CheckParam* param) const;
 
-  // TODO(rdevlin.cronin): GetEffectiveHostPermissions(), HasHostPermission(),
-  // and HasEffectiveAccessToAllHosts() are just forwards for the active
+  // Returns the hosts this extension effectively has access to, including
+  // explicit and scriptable hosts, and any hosts on tabs the extension has
+  // active tab permissions for.
+  URLPatternSet GetEffectiveHostPermissions() const;
+
+  // TODO(rdevlin.cronin): HasHostPermission() and
+  // HasEffectiveAccessToAllHosts() are just forwards for the active
   // permissions. We should either get rid of these, and have callers use
   // active_permissions(), or should get rid of active_permissions(), and make
   // callers use PermissionsData for everything. We should not do both.
 
-  // Returns the effective hosts associated with the active permissions.
-  const URLPatternSet& GetEffectiveHostPermissions() const;
-
   // Whether the extension has access to the given |url|.
   bool HasHostPermission(const GURL& url) const;
 
   // Whether the extension has effective access to all hosts. This is true if
   // there is a content script that matches all hosts, if there is a host
   // permission grants access to all hosts (like <all_urls>) or an api
   // permission that effectively grants access to all hosts (e.g. proxy,
   // network, etc.)
   bool HasEffectiveAccessToAllHosts() const;
 
@@ skipping 57 matching lines @@
                                     int process_id,
                                     std::string* error) const;
 
   // Returns true if extension is allowed to obtain the contents of a page as
   // an image. Since a page may contain sensitive information, this is
   // restricted to the extension's host permissions as well as the extension
   // page itself.
   bool CanCaptureVisiblePage(int tab_id, std::string* error) const;
 
   const scoped_refptr<const PermissionSet>& active_permissions() const {
-    // TODO(dcheng): What is the point of this lock?
+    // We lock so that we can't also be setting the permissions while returning.
     base::AutoLock auto_lock(runtime_lock_);
     return active_permissions_unsafe_;
   }
 
   const scoped_refptr<const PermissionSet>& withheld_permissions() const {
-    // TODO(dcheng): What is the point of this lock?
+    // We lock so that we can't also be setting the permissions while returning.
+    base::AutoLock auto_lock(runtime_lock_);
     return withheld_permissions_unsafe_;
   }
 
+  const TabPermissionsMap& tab_specific_permissions() const {
+    // We lock so that we can't also be setting the permissions while returning.
+    base::AutoLock auto_lock(runtime_lock_);
+    return tab_specific_permissions_;
+  }
+
 #if defined(UNIT_TEST)
   scoped_refptr<const PermissionSet> GetTabSpecificPermissionsForTesting(
       int tab_id) const {
     return GetTabSpecificPermissions(tab_id);
   }
 #endif
 
  private:
-  typedef std::map<int, scoped_refptr<const PermissionSet> > TabPermissionsMap;
-
   // Gets the tab-specific host permissions of |tab_id|, or NULL if there
   // aren't any.
   scoped_refptr<const PermissionSet> GetTabSpecificPermissions(
       int tab_id) const;
 
   // Returns true if the |extension| has tab-specific permission to operate on
   // the tab specified by |tab_id| with the given |url|.
   // Note that if this returns false, it doesn't mean the extension can't run on
   // the given tab, only that it does not have tab-specific permission to do so.
   bool HasTabSpecificPermissionToExecuteScript(int tab_id,
@@ skipping 34 matching lines @@
   mutable scoped_refptr<const PermissionSet> withheld_permissions_unsafe_;
 
   mutable TabPermissionsMap tab_specific_permissions_;
 
   DISALLOW_COPY_AND_ASSIGN(PermissionsData);
 };
 
 }  // namespace extensions
 
 #endif  // EXTENSIONS_COMMON_PERMISSIONS_PERMISSIONS_DATA_H_