[Extensions] Rename RuntimeBlockedHosts to PolicyBlockedHosts
Enterprise policy allows for blocking extension access to a set of
hosts (defined by URLPatterns). In the code, these are referred to
frequently as RuntimeBlockedHosts; however, this is confusing with
the RuntimeHostPermissions feature. Instead, name the enterprise
policy-restricted hosts PolicyBlockedHosts to avoid ambiguity.
Leave the string entry in the policy the same for backwards
compatibility.
Bug: None
Change-Id: Icfa455e2912e3c05da58f0a0b0b8e53395d4e103
Reviewed-on: https://chromium-review.googlesource.com/1060526
Commit-Queue: Devlin <[email protected]>
Reviewed-by: Karan Bhatia <[email protected]>
Cr-Commit-Position: refs/heads/master@{#559160}diff --git a/chrome/browser/extensions/api/web_request/web_request_apitest.cc b/chrome/browser/extensions/api/web_request/web_request_apitest.cc
index 245fcde..28eaeff 100644
--- a/chrome/browser/extensions/api/web_request/web_request_apitest.cc
+++ b/chrome/browser/extensions/api/web_request/web_request_apitest.cc
@@ -1594,7 +1594,7 @@
// means that the request to example.com will be seen by the extension.
{
ExtensionManagementPolicyUpdater pref(&policy_provider_);
- pref.AddRuntimeBlockedHost("*", "*://notexample.com");
+ pref.AddPolicyBlockedHost("*", "*://notexample.com");
}
ASSERT_TRUE(StartEmbeddedTestServer());
@@ -1649,7 +1649,7 @@
// will not be seen by the extension.
{
ExtensionManagementPolicyUpdater pref(&policy_provider_);
- pref.AddRuntimeBlockedHost("*", "*://" + example_com);
+ pref.AddPolicyBlockedHost("*", "*://" + example_com);
}
// Wait until all remote Javascript files have been pulled down.
@@ -1675,7 +1675,7 @@
{
ExtensionManagementPolicyUpdater pref(&policy_provider_);
- pref.AddRuntimeBlockedHost("*", "*://" + protected_domain);
+ pref.AddPolicyBlockedHost("*", "*://" + protected_domain);
}
ASSERT_TRUE(StartEmbeddedTestServer());
@@ -1731,7 +1731,7 @@
{
ExtensionManagementPolicyUpdater pref(&policy_provider_);
- pref.AddRuntimeBlockedHost("*", "*://" + protected_domain);
+ pref.AddPolicyBlockedHost("*", "*://" + protected_domain);
}
ASSERT_TRUE(StartEmbeddedTestServer());
diff --git a/chrome/browser/extensions/content_script_apitest.cc b/chrome/browser/extensions/content_script_apitest.cc
index 7af0f6e..6139066 100644
--- a/chrome/browser/extensions/content_script_apitest.cc
+++ b/chrome/browser/extensions/content_script_apitest.cc
@@ -402,7 +402,7 @@
// Set enterprise policy to block injection to policy specified host.
{
ExtensionManagementPolicyUpdater pref(&policy_provider_);
- pref.AddRuntimeBlockedHost("*", "*://example.com");
+ pref.AddPolicyBlockedHost("*", "*://example.com");
}
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/policy")) << message_;
@@ -414,7 +414,7 @@
// Set enterprise policy to block injection to policy specified hosts.
{
ExtensionManagementPolicyUpdater pref(&policy_provider_);
- pref.AddRuntimeBlockedHost("*", "*://example.*");
+ pref.AddPolicyBlockedHost("*", "*://example.*");
}
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/policy")) << message_;
@@ -441,7 +441,7 @@
// specified host.
{
ExtensionManagementPolicyUpdater pref(&policy_provider_);
- pref.AddRuntimeBlockedHost(extension_id, "*://example.com");
+ pref.AddPolicyBlockedHost(extension_id, "*://example.com");
}
// Some policy updating operations are performed asynchronuosly. Wait for them
// to complete before installing extension.
diff --git a/chrome/browser/extensions/extension_management.cc b/chrome/browser/extensions/extension_management.cc
index bc6fe02..eec107b 100644
--- a/chrome/browser/extensions/extension_management.cc
+++ b/chrome/browser/extensions/extension_management.cc
@@ -196,43 +196,41 @@
return default_settings_->blocked_permissions;
}
-const URLPatternSet& ExtensionManagement::GetDefaultRuntimeBlockedHosts()
- const {
- return default_settings_->runtime_blocked_hosts;
+const URLPatternSet& ExtensionManagement::GetDefaultPolicyBlockedHosts() const {
+ return default_settings_->policy_blocked_hosts;
}
-const URLPatternSet& ExtensionManagement::GetDefaultRuntimeAllowedHosts()
- const {
- return default_settings_->runtime_allowed_hosts;
+const URLPatternSet& ExtensionManagement::GetDefaultPolicyAllowedHosts() const {
+ return default_settings_->policy_allowed_hosts;
}
-const URLPatternSet& ExtensionManagement::GetRuntimeBlockedHosts(
+const URLPatternSet& ExtensionManagement::GetPolicyBlockedHosts(
const Extension* extension) const {
auto iter_id = settings_by_id_.find(extension->id());
if (iter_id != settings_by_id_.end())
- return iter_id->second->runtime_blocked_hosts;
- return default_settings_->runtime_blocked_hosts;
+ return iter_id->second->policy_blocked_hosts;
+ return default_settings_->policy_blocked_hosts;
}
-const URLPatternSet& ExtensionManagement::GetRuntimeAllowedHosts(
+const URLPatternSet& ExtensionManagement::GetPolicyAllowedHosts(
const Extension* extension) const {
auto iter_id = settings_by_id_.find(extension->id());
if (iter_id != settings_by_id_.end())
- return iter_id->second->runtime_allowed_hosts;
- return default_settings_->runtime_allowed_hosts;
+ return iter_id->second->policy_allowed_hosts;
+ return default_settings_->policy_allowed_hosts;
}
-bool ExtensionManagement::UsesDefaultRuntimeHostRestrictions(
+bool ExtensionManagement::UsesDefaultPolicyHostRestrictions(
const Extension* extension) const {
return settings_by_id_.find(extension->id()) == settings_by_id_.end();
}
-bool ExtensionManagement::IsRuntimeBlockedHost(const Extension* extension,
- const GURL& url) const {
+bool ExtensionManagement::IsPolicyBlockedHost(const Extension* extension,
+ const GURL& url) const {
auto iter_id = settings_by_id_.find(extension->id());
if (iter_id != settings_by_id_.end())
- return iter_id->second->runtime_blocked_hosts.MatchesURL(url);
- return default_settings_->runtime_blocked_hosts.MatchesURL(url);
+ return iter_id->second->policy_blocked_hosts.MatchesURL(url);
+ return default_settings_->policy_blocked_hosts.MatchesURL(url);
}
std::unique_ptr<const PermissionSet> ExtensionManagement::GetBlockedPermissions(
diff --git a/chrome/browser/extensions/extension_management.h b/chrome/browser/extensions/extension_management.h
index d7ffea9..e1899f5 100644
--- a/chrome/browser/extensions/extension_management.h
+++ b/chrome/browser/extensions/extension_management.h
@@ -115,32 +115,32 @@
APIPermissionSet GetBlockedAPIPermissions(const Extension* extension) const;
// Returns the list of hosts blocked by policy for |extension|.
- const URLPatternSet& GetRuntimeBlockedHosts(const Extension* extension) const;
+ const URLPatternSet& GetPolicyBlockedHosts(const Extension* extension) const;
- // Returns the hosts exempted by policy from the RuntimeBlockedHosts for
+ // Returns the hosts exempted by policy from the PolicyBlockedHosts for
// |extension|.
- const URLPatternSet& GetRuntimeAllowedHosts(const Extension* extension) const;
+ const URLPatternSet& GetPolicyAllowedHosts(const Extension* extension) const;
// Returns the list of hosts blocked by policy for Default scope. This can be
- // overridden by an invividual scope which is queried via
- // GetRuntimeBlockedHosts.
- const URLPatternSet& GetDefaultRuntimeBlockedHosts() const;
+ // overridden by an individual scope which is queried via
+ // GetPolicyBlockedHosts.
+ const URLPatternSet& GetDefaultPolicyBlockedHosts() const;
- // Returns the hosts exempted by policy from RuntimeBlockedHosts for
+ // Returns the hosts exempted by policy from PolicyBlockedHosts for
// the default scope. This can be overridden by an individual scope which is
- // queries via GetRuntimeAllowedHosts. This should only be used to
+ // queries via GetPolicyAllowedHosts. This should only be used to
// initialize a new renderer.
- const URLPatternSet& GetDefaultRuntimeAllowedHosts() const;
+ const URLPatternSet& GetDefaultPolicyAllowedHosts() const;
// Checks if an |extension| has its own runtime_blocked_hosts or
// runtime_allowed_hosts defined in the individual scope of the
// ExtensionSettings policy.
// Returns false if an individual scoped setting isn't defined.
- bool UsesDefaultRuntimeHostRestrictions(const Extension* extension) const;
+ bool UsesDefaultPolicyHostRestrictions(const Extension* extension) const;
// Checks if a URL is on the blocked host permissions list for a specific
// extension.
- bool IsRuntimeBlockedHost(const Extension* extension, const GURL& url) const;
+ bool IsPolicyBlockedHost(const Extension* extension, const GURL& url) const;
// Returns blocked permission set for |extension|.
std::unique_ptr<const PermissionSet> GetBlockedPermissions(
diff --git a/chrome/browser/extensions/extension_management_constants.cc b/chrome/browser/extensions/extension_management_constants.cc
index 1377308..46638ff 100644
--- a/chrome/browser/extensions/extension_management_constants.cc
+++ b/chrome/browser/extensions/extension_management_constants.cc
@@ -20,8 +20,8 @@
const char kBlockedPermissions[] = "blocked_permissions";
const char kAllowedPermissions[] = "allowed_permissions";
-const char kRuntimeBlockedHosts[] = "runtime_blocked_hosts";
-const char kRuntimeAllowedHosts[] = "runtime_allowed_hosts";
+const char kPolicyBlockedHosts[] = "runtime_blocked_hosts";
+const char kPolicyAllowedHosts[] = "runtime_allowed_hosts";
const size_t kMaxItemsURLPatternSet = 100;
const char kUpdateUrl[] = "update_url";
diff --git a/chrome/browser/extensions/extension_management_constants.h b/chrome/browser/extensions/extension_management_constants.h
index ae27652..421e6d2 100644
--- a/chrome/browser/extensions/extension_management_constants.h
+++ b/chrome/browser/extensions/extension_management_constants.h
@@ -25,8 +25,8 @@
extern const char kBlockedPermissions[];
extern const char kAllowedPermissions[];
-extern const char kRuntimeBlockedHosts[];
-extern const char kRuntimeAllowedHosts[];
+extern const char kPolicyBlockedHosts[];
+extern const char kPolicyAllowedHosts[];
extern const size_t kMaxItemsURLPatternSet;
extern const char kUpdateUrl[];
diff --git a/chrome/browser/extensions/extension_management_internal.cc b/chrome/browser/extensions/extension_management_internal.cc
index 3a1e4211f..df1030d0 100644
--- a/chrome/browser/extensions/extension_management_internal.cc
+++ b/chrome/browser/extensions/extension_management_internal.cc
@@ -149,12 +149,12 @@
return true;
};
- if (!parse_url_pattern_set(dict, schema_constants::kRuntimeBlockedHosts,
- &runtime_blocked_hosts))
+ if (!parse_url_pattern_set(dict, schema_constants::kPolicyBlockedHosts,
+ &policy_blocked_hosts))
return false;
- if (!parse_url_pattern_set(dict, schema_constants::kRuntimeAllowedHosts,
- &runtime_allowed_hosts))
+ if (!parse_url_pattern_set(dict, schema_constants::kPolicyAllowedHosts,
+ &policy_allowed_hosts))
return false;
// Parses the minimum version settings.
@@ -189,8 +189,8 @@
installation_mode = ExtensionManagement::INSTALLATION_ALLOWED;
update_url.clear();
blocked_permissions.clear();
- runtime_blocked_hosts.ClearPatterns();
- runtime_allowed_hosts.ClearPatterns();
+ policy_blocked_hosts.ClearPatterns();
+ policy_allowed_hosts.ClearPatterns();
blocked_install_message.clear();
}
diff --git a/chrome/browser/extensions/extension_management_internal.h b/chrome/browser/extensions/extension_management_internal.h
index 411705f..4dafdb3a 100644
--- a/chrome/browser/extensions/extension_management_internal.h
+++ b/chrome/browser/extensions/extension_management_internal.h
@@ -92,34 +92,34 @@
// This setting will provide a list of hosts that are blocked for each
// extension at runtime. That is, if an extension attempts to use an API
- // call which requires a host permission specified in runtime_blocked_hosts
+ // call which requires a host permission specified in policy_blocked_hosts
// it will fail no matter which host permissions are declared in the
// extension manifest. This setting will NOT merge from the default settings.
// Either the default settings will be applied, or an extension specific
// setting.
- // If a URL is specified in the runtime_allowed_hosts, and in the
- // runtime_blocked_hosts, the runtime_allowed_hosts wins and the call will be
+ // If a URL is specified in the policy_allowed_hosts, and in the
+ // policy_blocked_hosts, the policy_allowed_hosts wins and the call will be
// allowed.
// This setting is only supported per-extensions or default
// (per-update-url not supported)
- URLPatternSet runtime_blocked_hosts;
+ URLPatternSet policy_blocked_hosts;
// This setting will provide a list of hosts that are exempted from the
- // runtime_blocked_hosts setting and may be used at runtime. That is,
+ // policy_blocked_hosts setting and may be used at runtime. That is,
// if an extension attempts to use an API call which requires a host
- // permission that was blocked using runtime_blocked_hosts it will
+ // permission that was blocked using policy_blocked_hosts it will
// fail unless also declared here.
- // A generic pattern may be declared in runtime_blocked_hosts and a
+ // A generic pattern may be declared in policy_blocked_hosts and a
// more specific pattern declared here. For example, if we block
- // "*://*.example.com/*" with runtime_blocked_hosts we can then
- // allow "http://good.example.com/*" in runtime_allowed_hosts.
+ // "*://*.example.com/*" with policy_blocked_hosts we can then
+ // allow "http://good.example.com/*" in policy_allowed_hosts.
// This setting will NOT merge from the default settings. Either the
// default settings will be applied, or an extension specific setting.
- // If a URL is specified in runtime_blocked_hosts, and in
- // runtime_allowed_hosts, the allowed list wins.
+ // If a URL is specified in policy_blocked_hosts, and in
+ // policy_allowed_hosts, the allowed list wins.
// This setting is only supported per-extensions or default
// (per-update-url not supported)
- URLPatternSet runtime_allowed_hosts;
+ URLPatternSet policy_allowed_hosts;
// Minimum version required for an extensions, applies to per-extension
// settings only. Extension (with specified extension ID) with version older
diff --git a/chrome/browser/extensions/extension_management_test_util.cc b/chrome/browser/extensions/extension_management_test_util.cc
index a4dca0f..21b667b 100644
--- a/chrome/browser/extensions/extension_management_test_util.cc
+++ b/chrome/browser/extensions/extension_management_test_util.cc
@@ -172,30 +172,30 @@
// Helper functions for 'runtime_blocked_hosts' manipulation ------------------
-void ExtensionManagementPrefUpdaterBase::UnsetRuntimeBlockedHosts(
+void ExtensionManagementPrefUpdaterBase::UnsetPolicyBlockedHosts(
const std::string& prefix) {
DCHECK(prefix == schema::kWildcard || crx_file::id_util::IdIsValid(prefix));
- pref_->Remove(make_path(prefix, schema::kRuntimeBlockedHosts), nullptr);
+ pref_->Remove(make_path(prefix, schema::kPolicyBlockedHosts), nullptr);
}
-void ExtensionManagementPrefUpdaterBase::ClearRuntimeBlockedHosts(
+void ExtensionManagementPrefUpdaterBase::ClearPolicyBlockedHosts(
const std::string& prefix) {
DCHECK(prefix == schema::kWildcard || crx_file::id_util::IdIsValid(prefix));
- ClearList(make_path(prefix, schema::kRuntimeBlockedHosts));
+ ClearList(make_path(prefix, schema::kPolicyBlockedHosts));
}
-void ExtensionManagementPrefUpdaterBase::AddRuntimeBlockedHost(
+void ExtensionManagementPrefUpdaterBase::AddPolicyBlockedHost(
const std::string& prefix,
const std::string& host) {
DCHECK(prefix == schema::kWildcard || crx_file::id_util::IdIsValid(prefix));
- AddStringToList(make_path(prefix, schema::kRuntimeBlockedHosts), host);
+ AddStringToList(make_path(prefix, schema::kPolicyBlockedHosts), host);
}
-void ExtensionManagementPrefUpdaterBase::RemoveRuntimeBlockedHost(
+void ExtensionManagementPrefUpdaterBase::RemovePolicyBlockedHost(
const std::string& prefix,
const std::string& host) {
DCHECK(prefix == schema::kWildcard || crx_file::id_util::IdIsValid(prefix));
- RemoveStringFromList(make_path(prefix, schema::kRuntimeBlockedHosts), host);
+ RemoveStringFromList(make_path(prefix, schema::kPolicyBlockedHosts), host);
}
// Helper functions for 'allowed_permissions' manipulation ---------------------
diff --git a/chrome/browser/extensions/extension_management_test_util.h b/chrome/browser/extensions/extension_management_test_util.h
index e6f8dfd2..dd05cc1 100644
--- a/chrome/browser/extensions/extension_management_test_util.h
+++ b/chrome/browser/extensions/extension_management_test_util.h
@@ -68,12 +68,11 @@
// Helper functions for 'runtime_blocked_hosts' manipulation. |prefix| can be
// kWildCard or a valid extension ID.
- void UnsetRuntimeBlockedHosts(const std::string& prefix);
- void ClearRuntimeBlockedHosts(const std::string& prefix);
- void AddRuntimeBlockedHost(const std::string& prefix,
- const std::string& host);
- void RemoveRuntimeBlockedHost(const std::string& prefix,
- const std::string& host);
+ void UnsetPolicyBlockedHosts(const std::string& prefix);
+ void ClearPolicyBlockedHosts(const std::string& prefix);
+ void AddPolicyBlockedHost(const std::string& prefix, const std::string& host);
+ void RemovePolicyBlockedHost(const std::string& prefix,
+ const std::string& host);
// Helper functions for 'allowed_permissions' manipulation. |id| must be a
// valid extension ID.
diff --git a/chrome/browser/extensions/extension_management_unittest.cc b/chrome/browser/extensions/extension_management_unittest.cc
index d0bdc45..14eb5d9 100644
--- a/chrome/browser/extensions/extension_management_unittest.cc
+++ b/chrome/browser/extensions/extension_management_unittest.cc
@@ -185,12 +185,12 @@
return extension_management_->GetInstallationMode(extension.get());
}
- // Wrapper of ExtensionManagement::GetRuntimeBlockedHosts, |id| is used
+ // Wrapper of ExtensionManagement::GetPolicyBlockedHosts, |id| is used
// to construct an Extension for testing.
- URLPatternSet GetRuntimeBlockedHosts(const std::string& id) {
+ URLPatternSet GetPolicyBlockedHosts(const std::string& id) {
scoped_refptr<const Extension> extension =
CreateExtension(Manifest::UNPACKED, "0.1", id, kNonExistingUpdateUrl);
- return extension_management_->GetRuntimeBlockedHosts(extension.get());
+ return extension_management_->GetPolicyBlockedHosts(extension.get());
}
// Wrapper of ExtensionManagement::BlockedInstallMessage, |id| is used
@@ -454,10 +454,10 @@
ExtensionManagement::INSTALLATION_BLOCKED);
EXPECT_EQ(GetInstallationModeByUpdateUrl(kExampleUpdateUrl),
ExtensionManagement::INSTALLATION_ALLOWED);
- EXPECT_TRUE(GetRuntimeBlockedHosts(kTargetExtension).is_empty());
- EXPECT_TRUE(GetRuntimeBlockedHosts(kTargetExtension4)
+ EXPECT_TRUE(GetPolicyBlockedHosts(kTargetExtension).is_empty());
+ EXPECT_TRUE(GetPolicyBlockedHosts(kTargetExtension4)
.MatchesURL(GURL("http://test.foo.com/test")));
- EXPECT_TRUE(GetRuntimeBlockedHosts(kTargetExtension4)
+ EXPECT_TRUE(GetPolicyBlockedHosts(kTargetExtension4)
.MatchesURL(GURL("https://bar.org/test")));
EXPECT_TRUE(GetBlockedInstallMessage(kTargetExtension).empty());
EXPECT_EQ("Custom Error Extension4",
@@ -471,7 +471,7 @@
EXPECT_EQ(allowed_sites.size(), 1u);
EXPECT_TRUE(allowed_sites.MatchesURL(GURL("http://foo.com/entry")));
EXPECT_FALSE(allowed_sites.MatchesURL(GURL("http://bar.com/entry")));
- EXPECT_TRUE(GetRuntimeBlockedHosts(kNonExistingExtension)
+ EXPECT_TRUE(GetPolicyBlockedHosts(kNonExistingExtension)
.MatchesURL(GURL("http://example.com/default")));
EXPECT_TRUE(ReadGlobalSettings()->has_restricted_allowed_types);
diff --git a/chrome/browser/extensions/extension_service.cc b/chrome/browser/extensions/extension_service.cc
index de88ce5..30e3aa4 100644
--- a/chrome/browser/extensions/extension_service.cc
+++ b/chrome/browser/extensions/extension_service.cc
@@ -982,18 +982,18 @@
extensions::ExtensionManagement* management =
extensions::ExtensionManagementFactory::GetForBrowserContext(profile());
extensions::PermissionsUpdater(profile()).SetDefaultPolicyHostRestrictions(
- management->GetDefaultRuntimeBlockedHosts(),
- management->GetDefaultRuntimeAllowedHosts());
+ management->GetDefaultPolicyBlockedHosts(),
+ management->GetDefaultPolicyAllowedHosts());
for (const auto& extension : registry_->enabled_extensions()) {
bool uses_default =
- management->UsesDefaultRuntimeHostRestrictions(extension.get());
+ management->UsesDefaultPolicyHostRestrictions(extension.get());
if (uses_default) {
extensions::PermissionsUpdater(profile()).SetUsesDefaultHostRestrictions(
extension.get());
} else {
extensions::PermissionsUpdater(profile()).SetPolicyHostRestrictions(
- extension.get(), management->GetRuntimeBlockedHosts(extension.get()),
- management->GetRuntimeAllowedHosts(extension.get()));
+ extension.get(), management->GetPolicyBlockedHosts(extension.get()),
+ management->GetPolicyAllowedHosts(extension.get()));
}
}
diff --git a/chrome/browser/extensions/permissions_updater.cc b/chrome/browser/extensions/permissions_updater.cc
index 42705ea..6eaf151b9 100644
--- a/chrome/browser/extensions/permissions_updater.cc
+++ b/chrome/browser/extensions/permissions_updater.cc
@@ -256,10 +256,10 @@
// Apply per-extension policy if set.
ExtensionManagement* management =
ExtensionManagementFactory::GetForBrowserContext(browser_context_);
- if (!management->UsesDefaultRuntimeHostRestrictions(extension)) {
+ if (!management->UsesDefaultPolicyHostRestrictions(extension)) {
SetPolicyHostRestrictions(extension,
- management->GetRuntimeBlockedHosts(extension),
- management->GetRuntimeAllowedHosts(extension));
+ management->GetPolicyBlockedHosts(extension),
+ management->GetPolicyAllowedHosts(extension));
}
}
diff --git a/chrome/browser/extensions/policy_handlers.cc b/chrome/browser/extensions/policy_handlers.cc
index 6050a47..4fb60d0 100644
--- a/chrome/browser/extensions/policy_handlers.cc
+++ b/chrome/browser/extensions/policy_handlers.cc
@@ -293,8 +293,8 @@
}
}
// Host keys that don't support user defined paths.
- const char* host_keys[] = {schema_constants::kRuntimeBlockedHosts,
- schema_constants::kRuntimeAllowedHosts};
+ const char* host_keys[] = {schema_constants::kPolicyBlockedHosts,
+ schema_constants::kPolicyAllowedHosts};
const int extension_scheme_mask =
URLPattern::GetValidSchemeMaskForExtensions();
for (const char* key : host_keys) {
diff --git a/extensions/browser/api/web_request/web_request_permissions.cc b/extensions/browser/api/web_request/web_request_permissions.cc
index 025e8e6..aad89d2 100644
--- a/extensions/browser/api/web_request/web_request_permissions.cc
+++ b/extensions/browser/api/web_request/web_request_permissions.cc
@@ -249,7 +249,7 @@
// Prevent viewing / modifying requests initiated by a host protected by
// policy.
if (initiator &&
- extension->permissions_data()->IsRuntimeBlockedHost(initiator->GetURL()))
+ extension->permissions_data()->IsPolicyBlockedHost(initiator->GetURL()))
return PermissionsData::PageAccess::kDenied;
// When we are in a Public Session, allow all URLs for webRequests initiated
diff --git a/extensions/common/permissions/permissions_data.cc b/extensions/common/permissions/permissions_data.cc
index 995ca60..7c710a49 100644
--- a/extensions/common/permissions/permissions_data.cc
+++ b/extensions/common/permissions/permissions_data.cc
@@ -31,7 +31,7 @@
PermissionsData::PolicyDelegate* g_policy_delegate = nullptr;
-struct DefaultRuntimePolicy {
+struct DefaultPolicyRestrictions {
URLPatternSet blocked_hosts;
URLPatternSet allowed_hosts;
};
@@ -39,8 +39,8 @@
// URLs an extension can't interact with. An extension can override these
// settings by declaring its own list of blocked and allowed hosts using
// policy_blocked_hosts and policy_allowed_hosts.
-base::LazyInstance<DefaultRuntimePolicy>::Leaky default_runtime_policy =
- LAZY_INSTANCE_INITIALIZER;
+base::LazyInstance<DefaultPolicyRestrictions>::Leaky
+ default_policy_restrictions = LAZY_INSTANCE_INITIALIZER;
class AutoLockOnValidThread {
public:
@@ -150,11 +150,11 @@
}
const URLPatternSet& PermissionsData::default_policy_blocked_hosts() {
- return default_runtime_policy.Get().blocked_hosts;
+ return default_policy_restrictions.Get().blocked_hosts;
}
const URLPatternSet& PermissionsData::default_policy_allowed_hosts() {
- return default_runtime_policy.Get().allowed_hosts;
+ return default_policy_restrictions.Get().allowed_hosts;
}
const URLPatternSet PermissionsData::policy_blocked_hosts() const {
@@ -195,11 +195,11 @@
}
void PermissionsData::SetPolicyHostRestrictions(
- const URLPatternSet& runtime_blocked_hosts,
- const URLPatternSet& runtime_allowed_hosts) const {
+ const URLPatternSet& policy_blocked_hosts,
+ const URLPatternSet& policy_allowed_hosts) const {
AutoLockOnValidThread lock(runtime_lock_, thread_checker_.get());
- policy_blocked_hosts_unsafe_ = runtime_blocked_hosts;
- policy_allowed_hosts_unsafe_ = runtime_allowed_hosts;
+ policy_blocked_hosts_unsafe_ = policy_blocked_hosts;
+ policy_allowed_hosts_unsafe_ = policy_allowed_hosts;
uses_default_policy_host_restrictions = false;
}
@@ -210,10 +210,12 @@
// static
void PermissionsData::SetDefaultPolicyHostRestrictions(
- const URLPatternSet& default_runtime_blocked_hosts,
- const URLPatternSet& default_runtime_allowed_hosts) {
- default_runtime_policy.Get().blocked_hosts = default_runtime_blocked_hosts;
- default_runtime_policy.Get().allowed_hosts = default_runtime_allowed_hosts;
+ const URLPatternSet& default_policy_blocked_hosts,
+ const URLPatternSet& default_policy_allowed_hosts) {
+ default_policy_restrictions.Get().blocked_hosts =
+ default_policy_blocked_hosts;
+ default_policy_restrictions.Get().allowed_hosts =
+ default_policy_allowed_hosts;
}
void PermissionsData::SetActivePermissions(
@@ -285,7 +287,7 @@
bool PermissionsData::HasHostPermission(const GURL& url) const {
base::AutoLock auto_lock(runtime_lock_);
return active_permissions_unsafe_->HasExplicitAccessToOrigin(url) &&
- !IsRuntimeBlockedHostUnsafe(url);
+ !IsPolicyBlockedHostUnsafe(url);
}
bool PermissionsData::HasEffectiveAccessToAllHosts() const {
@@ -437,7 +439,7 @@
return iter != tab_specific_permissions_.end() ? iter->second.get() : nullptr;
}
-bool PermissionsData::IsRuntimeBlockedHostUnsafe(const GURL& url) const {
+bool PermissionsData::IsPolicyBlockedHostUnsafe(const GURL& url) const {
runtime_lock_.AssertAcquired();
return PolicyBlockedHostsUnsafe().MatchesURL(url) &&
!PolicyAllowedHostsUnsafe().MatchesURL(url);
@@ -453,7 +455,7 @@
std::string* error) const {
runtime_lock_.AssertAcquired();
if (extension->location() != Manifest::COMPONENT &&
- extension->permissions_data()->IsRuntimeBlockedHostUnsafe(document_url)) {
+ extension->permissions_data()->IsPolicyBlockedHostUnsafe(document_url)) {
if (error)
*error = extension_misc::kPolicyBlockedScripting;
return PageAccess::kDenied;
diff --git a/extensions/common/permissions/permissions_data.h b/extensions/common/permissions/permissions_data.h
index 5be5fd2..a7b95f5 100644
--- a/extensions/common/permissions/permissions_data.h
+++ b/extensions/common/permissions/permissions_data.h
@@ -104,8 +104,8 @@
// of URL restrictions using SetDefaultPolicyHostRestrictions. This function
// overrides any default host restriction policy.
void SetPolicyHostRestrictions(
- const URLPatternSet& runtime_blocked_hosts,
- const URLPatternSet& runtime_allowed_hosts) const;
+ const URLPatternSet& policy_blocked_hosts,
+ const URLPatternSet& policy_allowed_hosts) const;
// Marks this extension as using default enterprise policy limiting
// which URLs extensions can interact with. A default policy can be set with
@@ -117,8 +117,8 @@
// extensions can interact with. This restriction can be overridden on a
// per-extension basis with SetPolicyHostRestrictions.
static void SetDefaultPolicyHostRestrictions(
- const URLPatternSet& default_runtime_blocked_hosts,
- const URLPatternSet& default_runtime_allowed_hosts);
+ const URLPatternSet& default_policy_blocked_hosts,
+ const URLPatternSet& default_policy_allowed_hosts);
// Sets the active permissions, leaving withheld the same.
void SetActivePermissions(std::unique_ptr<const PermissionSet> active) const;
@@ -269,9 +269,9 @@
const URLPatternSet policy_allowed_hosts() const;
// Check if a specific URL is blocked by policy from extension use at runtime.
- bool IsRuntimeBlockedHost(const GURL& url) const {
+ bool IsPolicyBlockedHost(const GURL& url) const {
base::AutoLock auto_lock(runtime_lock_);
- return IsRuntimeBlockedHostUnsafe(url);
+ return IsPolicyBlockedHostUnsafe(url);
}
#if defined(UNIT_TEST)
@@ -301,7 +301,7 @@
// Check if a specific URL is blocked by policy from extension use at runtime.
// You must acquire the runtime_lock_ before calling.
- bool IsRuntimeBlockedHostUnsafe(const GURL& url) const;
+ bool IsPolicyBlockedHostUnsafe(const GURL& url) const;
// Same as policy_blocked_hosts but instead returns a reference.
// You must acquire runtime_lock_ before calling this.
