[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "chrome/browser/extensions/permissions_updater.h" |
| 6 | |
Ivan Sandrk | e2b20c6 | 2018-09-10 16:23:53 | [diff] [blame] | 7 | #include <set> |
dcheng | 1fc00f1 | 2015-12-26 22:18:03 | [diff] [blame] | 8 | #include <utility> |
Takashi Toyoshima | 52f2467 | 2019-03-05 05:36:36 | [diff] [blame] | 9 | #include <vector> |
dcheng | 1fc00f1 | 2015-12-26 22:18:03 | [diff] [blame] | 10 | |
Takashi Toyoshima | 52f2467 | 2019-03-05 05:36:36 | [diff] [blame] | 11 | #include "base/barrier_closure.h" |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 12 | #include "base/bind.h" |
| 13 | #include "base/bind_helpers.h" |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 14 | #include "base/feature_list.h" |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 15 | #include "base/memory/ref_counted.h" |
Ivan Sandrk | e2b20c6 | 2018-09-10 16:23:53 | [diff] [blame] | 16 | #include "base/no_destructor.h" |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 17 | #include "base/values.h" |
[email protected] | 76aeb177 | 2012-01-20 22:14:16 | [diff] [blame] | 18 | #include "chrome/browser/extensions/api/permissions/permissions_api_helpers.h" |
Oleg Maximenko | 8fddbf8b | 2017-08-29 14:19:48 | [diff] [blame] | 19 | #include "chrome/browser/extensions/extension_management.h" |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 20 | #include "chrome/browser/extensions/extension_system_factory.h" |
rdevlin.cronin | cb9f86e | 2015-10-15 15:13:42 | [diff] [blame] | 21 | #include "chrome/browser/extensions/scripting_permissions_modifier.h" |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 22 | #include "chrome/browser/profiles/profile.h" |
[email protected] | 6386cf5 | 2012-09-07 04:26:37 | [diff] [blame] | 23 | #include "chrome/common/extensions/api/permissions.h" |
Lei Zhang | 1e913aa | 2019-02-08 18:59:23 | [diff] [blame] | 24 | #include "chrome/common/webui_url_constants.h" |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 25 | #include "components/keyed_service/content/browser_context_keyed_service_shutdown_notifier_factory.h" |
| 26 | #include "components/keyed_service/core/keyed_service_shutdown_notifier.h" |
| 27 | #include "content/public/browser/browser_context.h" |
[email protected] | c97496b | 2012-10-01 16:20:19 | [diff] [blame] | 28 | #include "content/public/browser/notification_observer.h" |
| 29 | #include "content/public/browser/notification_registrar.h" |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 30 | #include "content/public/browser/notification_service.h" |
| 31 | #include "content/public/browser/render_process_host.h" |
Lei Zhang | 1e913aa | 2019-02-08 18:59:23 | [diff] [blame] | 32 | #include "content/public/common/url_constants.h" |
[email protected] | 3442353 | 2013-11-21 18:13:10 | [diff] [blame] | 33 | #include "extensions/browser/event_router.h" |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 34 | #include "extensions/browser/event_router_factory.h" |
[email protected] | 489db084 | 2014-01-22 18:20:03 | [diff] [blame] | 35 | #include "extensions/browser/extension_prefs.h" |
Takashi Toyoshima | 52f2467 | 2019-03-05 05:36:36 | [diff] [blame] | 36 | #include "extensions/browser/extension_registry.h" |
limasdf | d006992 | 2015-10-20 17:07:15 | [diff] [blame] | 37 | #include "extensions/browser/notification_types.h" |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 38 | #include "extensions/common/cors_util.h" |
[email protected] | e4452d3 | 2013-11-15 23:07:41 | [diff] [blame] | 39 | #include "extensions/common/extension.h" |
[email protected] | fb820c0 | 2014-03-13 15:07:08 | [diff] [blame] | 40 | #include "extensions/common/extension_messages.h" |
[email protected] | 8d42db5 | 2014-06-20 21:50:50 | [diff] [blame] | 41 | #include "extensions/common/manifest_handlers/permissions_parser.h" |
| 42 | #include "extensions/common/permissions/permission_set.h" |
[email protected] | e4452d3 | 2013-11-15 23:07:41 | [diff] [blame] | 43 | #include "extensions/common/permissions/permissions_data.h" |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 44 | |
| 45 | using content::RenderProcessHost; |
[email protected] | 15f08dd | 2012-01-27 07:29:48 | [diff] [blame] | 46 | using extensions::permissions_api_helpers::PackPermissionSet; |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 47 | |
| 48 | namespace extensions { |
| 49 | |
[email protected] | e054ea1 | 2013-08-20 00:41:57 | [diff] [blame] | 50 | namespace permissions = api::permissions; |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 51 | |
[email protected] | 23a8536 | 2014-07-07 23:26:19 | [diff] [blame] | 52 | namespace { |
| 53 | |
| 54 | // Returns a PermissionSet that has the active permissions of the extension, |
| 55 | // bounded to its current manifest. |
dcheng | c963c714 | 2016-04-08 03:55:22 | [diff] [blame] | 56 | std::unique_ptr<const PermissionSet> GetBoundedActivePermissions( |
[email protected] | e167058 | 2014-08-15 23:05:41 | [diff] [blame] | 57 | const Extension* extension, |
rdevlin.cronin | e2d0fd0 | 2015-09-24 22:35:49 | [diff] [blame] | 58 | const PermissionSet* active_permissions) { |
[email protected] | 23a8536 | 2014-07-07 23:26:19 | [diff] [blame] | 59 | // If the extension has used the optional permissions API, it will have a |
| 60 | // custom set of active permissions defined in the extension prefs. Here, |
| 61 | // we update the extension's active permissions based on the prefs. |
rdevlin.cronin | e2d0fd0 | 2015-09-24 22:35:49 | [diff] [blame] | 62 | if (!active_permissions) |
rdevlin.cronin | d630c30 | 2015-09-30 20:19:33 | [diff] [blame] | 63 | return extension->permissions_data()->active_permissions().Clone(); |
[email protected] | 23a8536 | 2014-07-07 23:26:19 | [diff] [blame] | 64 | |
rdevlin.cronin | d630c30 | 2015-09-30 20:19:33 | [diff] [blame] | 65 | const PermissionSet& required_permissions = |
[email protected] | 23a8536 | 2014-07-07 23:26:19 | [diff] [blame] | 66 | PermissionsParser::GetRequiredPermissions(extension); |
| 67 | |
| 68 | // We restrict the active permissions to be within the bounds defined in the |
| 69 | // extension's manifest. |
| 70 | // a) active permissions must be a subset of optional + default permissions |
| 71 | // b) active permissions must contains all default permissions |
dcheng | c963c714 | 2016-04-08 03:55:22 | [diff] [blame] | 72 | std::unique_ptr<const PermissionSet> total_permissions = |
rdevlin.cronin | e01ec2c | 2015-09-17 21:27:28 | [diff] [blame] | 73 | PermissionSet::CreateUnion( |
rdevlin.cronin | d630c30 | 2015-09-30 20:19:33 | [diff] [blame] | 74 | required_permissions, |
| 75 | PermissionsParser::GetOptionalPermissions(extension)); |
[email protected] | 23a8536 | 2014-07-07 23:26:19 | [diff] [blame] | 76 | |
| 77 | // Make sure the active permissions contain no more than optional + default. |
dcheng | c963c714 | 2016-04-08 03:55:22 | [diff] [blame] | 78 | std::unique_ptr<const PermissionSet> adjusted_active = |
rdevlin.cronin | e01ec2c | 2015-09-17 21:27:28 | [diff] [blame] | 79 | PermissionSet::CreateIntersection(*total_permissions, |
| 80 | *active_permissions); |
[email protected] | 23a8536 | 2014-07-07 23:26:19 | [diff] [blame] | 81 | |
| 82 | // Make sure the active permissions contain the default permissions. |
rdevlin.cronin | e01ec2c | 2015-09-17 21:27:28 | [diff] [blame] | 83 | adjusted_active = |
rdevlin.cronin | d630c30 | 2015-09-30 20:19:33 | [diff] [blame] | 84 | PermissionSet::CreateUnion(required_permissions, *adjusted_active); |
[email protected] | 23a8536 | 2014-07-07 23:26:19 | [diff] [blame] | 85 | |
| 86 | return adjusted_active; |
| 87 | } |
| 88 | |
Ivan Sandrk | e2b20c6 | 2018-09-10 16:23:53 | [diff] [blame] | 89 | std::unique_ptr<PermissionsUpdater::Delegate>& GetDelegateWrapper() { |
| 90 | static base::NoDestructor<std::unique_ptr<PermissionsUpdater::Delegate>> |
| 91 | delegate_wrapper; |
| 92 | return *delegate_wrapper; |
| 93 | } |
| 94 | |
| 95 | PermissionsUpdater::Delegate* GetDelegate() { |
| 96 | return GetDelegateWrapper().get(); |
| 97 | } |
isandrk | 80e3eb9 | 2017-04-12 15:22:14 | [diff] [blame] | 98 | |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 99 | // A helper class to watch profile lifetime. |
| 100 | class PermissionsUpdaterShutdownNotifierFactory |
| 101 | : public BrowserContextKeyedServiceShutdownNotifierFactory { |
| 102 | public: |
| 103 | static PermissionsUpdaterShutdownNotifierFactory* GetInstance() { |
| 104 | static base::NoDestructor<PermissionsUpdaterShutdownNotifierFactory> |
| 105 | factory; |
| 106 | return factory.get(); |
| 107 | } |
| 108 | |
| 109 | private: |
| 110 | friend class base::NoDestructor<PermissionsUpdaterShutdownNotifierFactory>; |
| 111 | |
| 112 | PermissionsUpdaterShutdownNotifierFactory() |
| 113 | : BrowserContextKeyedServiceShutdownNotifierFactory( |
| 114 | "PermissionsUpdaterShutdownFactory") { |
| 115 | DependsOn(EventRouterFactory::GetInstance()); |
| 116 | DependsOn(ExtensionSystemFactory::GetInstance()); |
| 117 | } |
| 118 | ~PermissionsUpdaterShutdownNotifierFactory() override {} |
| 119 | |
| 120 | DISALLOW_COPY_AND_ASSIGN(PermissionsUpdaterShutdownNotifierFactory); |
| 121 | }; |
| 122 | |
[email protected] | 23a8536 | 2014-07-07 23:26:19 | [diff] [blame] | 123 | } // namespace |
| 124 | |
Takashi Toyoshima | 52f2467 | 2019-03-05 05:36:36 | [diff] [blame] | 125 | // A helper class to asynchronously dispatch the event to notify policy host |
| 126 | // restrictions or permissions once they have been updated. This will fire the |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 127 | // event if and only if the BrowserContext is still valid. |
| 128 | // This class manages its own lifetime and deletes itself when either the |
| 129 | // permissions updated event is fired, or the BrowserContext is shut down |
| 130 | // (whichever happens first). |
| 131 | class PermissionsUpdater::NetworkPermissionsUpdateHelper { |
| 132 | public: |
Takashi Toyoshima | 52f2467 | 2019-03-05 05:36:36 | [diff] [blame] | 133 | static void UpdatePermissions(content::BrowserContext* browser_context, |
| 134 | EventType event_type, |
| 135 | scoped_refptr<const Extension> extension, |
| 136 | const PermissionSet& changed, |
| 137 | base::OnceClosure completion_callback); |
| 138 | |
| 139 | static void UpdateDefaultPolicyHostRestrictions( |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 140 | content::BrowserContext* browser_context, |
Takashi Toyoshima | 52f2467 | 2019-03-05 05:36:36 | [diff] [blame] | 141 | const URLPatternSet& default_runtime_blocked_hosts, |
| 142 | const URLPatternSet& default_runtime_allowed_hosts); |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 143 | |
| 144 | private: |
| 145 | // This class manages its own lifetime. |
| 146 | NetworkPermissionsUpdateHelper(content::BrowserContext* browser_context, |
| 147 | base::OnceClosure dispatch_event); |
| 148 | ~NetworkPermissionsUpdateHelper(); |
| 149 | |
| 150 | void OnShutdown(); |
| 151 | void OnOriginAccessUpdated(); |
| 152 | |
| 153 | base::OnceClosure dispatch_event_; |
| 154 | std::unique_ptr<KeyedServiceShutdownNotifier::Subscription> |
| 155 | shutdown_subscription_; |
Jeremy Roman | 495db68 | 2019-07-12 16:03:24 | [diff] [blame] | 156 | base::WeakPtrFactory<NetworkPermissionsUpdateHelper> weak_factory_{this}; |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 157 | |
| 158 | DISALLOW_COPY_AND_ASSIGN(NetworkPermissionsUpdateHelper); |
| 159 | }; |
| 160 | |
| 161 | // static |
Takashi Toyoshima | 52f2467 | 2019-03-05 05:36:36 | [diff] [blame] | 162 | void PermissionsUpdater::NetworkPermissionsUpdateHelper::UpdatePermissions( |
| 163 | content::BrowserContext* browser_context, |
| 164 | EventType event_type, |
| 165 | scoped_refptr<const Extension> extension, |
| 166 | const PermissionSet& changed, |
| 167 | base::OnceClosure completion_callback) { |
| 168 | // If there is no difference in allowlist/blocklist for the extension, we can |
| 169 | // synchronously finish it without updating the CORS access list. |
| 170 | // We do not apply this optimization for POLICY event_type, since callers do |
| 171 | // not pass effective |changed| argument. |
| 172 | if (event_type != POLICY && changed.effective_hosts().is_empty()) { |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 173 | PermissionsUpdater::NotifyPermissionsUpdated( |
| 174 | browser_context, event_type, std::move(extension), changed.Clone(), |
| 175 | std::move(completion_callback)); |
| 176 | return; |
| 177 | } |
| 178 | |
| 179 | std::vector<network::mojom::CorsOriginPatternPtr> allow_list = |
Takashi Toyoshima | 20c20cf | 2019-02-27 07:39:23 | [diff] [blame] | 180 | CreateCorsOriginAccessAllowList( |
| 181 | *extension, |
| 182 | PermissionsData::EffectiveHostPermissionsMode::kOmitTabSpecific); |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 183 | |
| 184 | NetworkPermissionsUpdateHelper* helper = new NetworkPermissionsUpdateHelper( |
| 185 | browser_context, |
| 186 | base::BindOnce(&PermissionsUpdater::NotifyPermissionsUpdated, |
| 187 | browser_context, event_type, extension, |
| 188 | changed.Clone(), std::move(completion_callback))); |
| 189 | |
| 190 | // After an asynchronous call below, the helper will call |
| 191 | // NotifyPermissionsUpdated if the profile is still valid. |
Takashi Toyoshima | 0190a3b | 2019-01-21 07:39:06 | [diff] [blame] | 192 | browser_context->SetCorsOriginAccessListForOrigin( |
| 193 | url::Origin::Create(extension->url()), std::move(allow_list), |
| 194 | CreateCorsOriginAccessBlockList(*extension), |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 195 | base::BindOnce(&NetworkPermissionsUpdateHelper::OnOriginAccessUpdated, |
| 196 | helper->weak_factory_.GetWeakPtr())); |
gpdavis.chromium | 0fbac4d | 2014-09-19 20:57:54 | [diff] [blame] | 197 | } |
| 198 | |
Takashi Toyoshima | 52f2467 | 2019-03-05 05:36:36 | [diff] [blame] | 199 | // static |
| 200 | void PermissionsUpdater::NetworkPermissionsUpdateHelper:: |
| 201 | UpdateDefaultPolicyHostRestrictions( |
| 202 | content::BrowserContext* browser_context, |
| 203 | const URLPatternSet& default_runtime_blocked_hosts, |
| 204 | const URLPatternSet& default_runtime_allowed_hosts) { |
| 205 | NetworkPermissionsUpdateHelper* helper = new NetworkPermissionsUpdateHelper( |
| 206 | browser_context, |
| 207 | base::BindOnce( |
| 208 | &PermissionsUpdater::NotifyDefaultPolicyHostRestrictionsUpdated, |
| 209 | browser_context, default_runtime_blocked_hosts.Clone(), |
| 210 | default_runtime_allowed_hosts.Clone())); |
| 211 | |
| 212 | const ExtensionSet& extensions = |
| 213 | ExtensionRegistry::Get(browser_context)->enabled_extensions(); |
| 214 | base::RepeatingClosure barrier_closure = base::BarrierClosure( |
| 215 | extensions.size(), |
| 216 | base::BindOnce(&NetworkPermissionsUpdateHelper::OnOriginAccessUpdated, |
| 217 | helper->weak_factory_.GetWeakPtr())); |
| 218 | |
| 219 | for (const auto& extension : extensions) { |
| 220 | std::vector<network::mojom::CorsOriginPatternPtr> allow_list = |
| 221 | CreateCorsOriginAccessAllowList( |
| 222 | *extension, |
| 223 | PermissionsData::EffectiveHostPermissionsMode::kOmitTabSpecific); |
Takashi Toyoshima | 52f2467 | 2019-03-05 05:36:36 | [diff] [blame] | 224 | browser_context->SetCorsOriginAccessListForOrigin( |
| 225 | url::Origin::Create(extension->url()), std::move(allow_list), |
| 226 | CreateCorsOriginAccessBlockList(*extension), barrier_closure); |
| 227 | } |
| 228 | } |
| 229 | |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 230 | PermissionsUpdater::NetworkPermissionsUpdateHelper:: |
| 231 | NetworkPermissionsUpdateHelper(content::BrowserContext* browser_context, |
| 232 | base::OnceClosure dispatch_event) |
| 233 | : dispatch_event_(std::move(dispatch_event)), |
| 234 | shutdown_subscription_( |
| 235 | PermissionsUpdaterShutdownNotifierFactory::GetInstance() |
| 236 | ->Get(browser_context) |
| 237 | ->Subscribe( |
| 238 | base::Bind(&NetworkPermissionsUpdateHelper::OnShutdown, |
Jeremy Roman | 495db68 | 2019-07-12 16:03:24 | [diff] [blame] | 239 | base::Unretained(this)))) {} |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 240 | |
| 241 | PermissionsUpdater::NetworkPermissionsUpdateHelper:: |
| 242 | ~NetworkPermissionsUpdateHelper() {} |
| 243 | |
| 244 | void PermissionsUpdater::NetworkPermissionsUpdateHelper::OnShutdown() { |
| 245 | // The profile is shutting down. Don't dispatch the permissions updated |
| 246 | // event, and clean up the dangling references. |
| 247 | delete this; |
| 248 | } |
| 249 | |
| 250 | void PermissionsUpdater::NetworkPermissionsUpdateHelper:: |
| 251 | OnOriginAccessUpdated() { |
| 252 | // The origin access list was successfully updated; dispatch the event |
| 253 | // and clean up dangling references. |
| 254 | std::move(dispatch_event_).Run(); |
| 255 | delete this; |
| 256 | } |
| 257 | |
| 258 | PermissionsUpdater::PermissionsUpdater(content::BrowserContext* browser_context) |
| 259 | : PermissionsUpdater(browser_context, INIT_FLAG_NONE) {} |
| 260 | |
gpdavis.chromium | 0fbac4d | 2014-09-19 20:57:54 | [diff] [blame] | 261 | PermissionsUpdater::PermissionsUpdater(content::BrowserContext* browser_context, |
| 262 | InitFlag init_flag) |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 263 | : browser_context_(browser_context), init_flag_(init_flag) {} |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 264 | |
| 265 | PermissionsUpdater::~PermissionsUpdater() {} |
| 266 | |
isandrk | 80e3eb9 | 2017-04-12 15:22:14 | [diff] [blame] | 267 | // static |
Ivan Sandrk | e2b20c6 | 2018-09-10 16:23:53 | [diff] [blame] | 268 | void PermissionsUpdater::SetPlatformDelegate( |
| 269 | std::unique_ptr<Delegate> delegate) { |
| 270 | GetDelegateWrapper() = std::move(delegate); |
isandrk | 80e3eb9 | 2017-04-12 15:22:14 | [diff] [blame] | 271 | } |
| 272 | |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 273 | void PermissionsUpdater::GrantOptionalPermissions( |
| 274 | const Extension& extension, |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 275 | const PermissionSet& permissions, |
| 276 | base::OnceClosure completion_callback) { |
Devlin Cronin | f8cde09 | 2018-11-30 22:17:13 | [diff] [blame] | 277 | CHECK(PermissionsParser::GetOptionalPermissions(&extension) |
| 278 | .Contains(permissions)) |
| 279 | << "Cannot add optional permissions that are not " |
| 280 | << "specified in the manifest."; |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 281 | |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 282 | // Granted optional permissions are stored in both the granted permissions (so |
| 283 | // we don't later disable the extension when we check the active permissions |
| 284 | // against the granted set to determine if there's a permissions increase) and |
| 285 | // the granted runtime permissions (so they don't get withheld with runtime |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 286 | // host permissions enabled). They're also added to the active set, which is |
| 287 | // the permission set stored in preferences representing the extension's |
| 288 | // currently-desired permission state. |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 289 | constexpr int permissions_store_mask = |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 290 | kActivePermissions | kGrantedPermissions | kRuntimeGrantedPermissions; |
| 291 | AddPermissionsImpl(extension, permissions, permissions_store_mask, |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 292 | permissions, std::move(completion_callback)); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 293 | } |
| 294 | |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 295 | void PermissionsUpdater::GrantRuntimePermissions( |
| 296 | const Extension& extension, |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 297 | const PermissionSet& permissions, |
| 298 | base::OnceClosure completion_callback) { |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 299 | // We don't want to grant the extension object/process more privilege than it |
| 300 | // requested, even if the user grants additional permission. For instance, if |
| 301 | // the extension requests https://maps.google.com and the user grants |
| 302 | // https://*.google.com, we only want to grant the extension itself |
| 303 | // https://maps.google.com. Since we updated the prefs with the exact |
| 304 | // granted permissions (*.google.com), if the extension later requests |
| 305 | // increased permissions that are already covered, they will be auto-granted. |
| 306 | |
| 307 | // Determine which permissions to add to the extension. |
| 308 | const PermissionSet& withheld = |
| 309 | extension.permissions_data()->withheld_permissions(); |
| 310 | |
| 311 | // We add the intersection of any permissions that were withheld and the |
| 312 | // permissions that were granted. Since these might not be directly |
| 313 | // overlapping, we need to use a detailed intersection behavior here. |
| 314 | std::unique_ptr<const PermissionSet> active_permissions_to_add = |
| 315 | PermissionSet::CreateIntersection( |
| 316 | withheld, permissions, |
| 317 | URLPatternSet::IntersectionBehavior::kDetailed); |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 318 | CHECK(extension.permissions_data()->withheld_permissions().Contains( |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 319 | *active_permissions_to_add)) |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 320 | << "Cannot add runtime granted permissions that were not withheld."; |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 321 | |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 322 | // Adding runtime granted permissions does not add permissions to the |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 323 | // granted or active permissions store, so that behavior taken with the |
| 324 | // runtime host permissions feature is confined to when the experiment is |
| 325 | // enabled. |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 326 | constexpr int permissions_store_mask = kRuntimeGrantedPermissions; |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 327 | AddPermissionsImpl(extension, *active_permissions_to_add, |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 328 | permissions_store_mask, permissions, |
| 329 | std::move(completion_callback)); |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 330 | } |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 331 | |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 332 | void PermissionsUpdater::RevokeOptionalPermissions( |
| 333 | const Extension& extension, |
| 334 | const PermissionSet& permissions, |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 335 | RemoveType remove_type, |
| 336 | base::OnceClosure completion_callback) { |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 337 | // TODO(devlin): Ideally, we'd have this CHECK in place, but unit tests are |
| 338 | // currently violating it. |
Devlin Cronin | f8cde09 | 2018-11-30 22:17:13 | [diff] [blame] | 339 | CHECK(PermissionsParser::GetOptionalPermissions(&extension) |
| 340 | .Contains(permissions)) |
| 341 | << "Cannot remove optional permissions that are not " |
| 342 | << "specified in the manifest."; |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 343 | |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 344 | // Revoked optional permissions are removed from granted and runtime-granted |
| 345 | // permissions only if the user, and not the extension, removed them. This |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 346 | // allows the extension to add them again without prompting the user. They are |
| 347 | // always removed from the active set, which is the set of permissions the |
| 348 | // the extension currently requests. |
| 349 | int permissions_store_mask = kActivePermissions; |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 350 | if (remove_type == REMOVE_HARD) |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 351 | permissions_store_mask |= kGrantedPermissions | kRuntimeGrantedPermissions; |
| 352 | |
| 353 | RemovePermissionsImpl(extension, permissions, permissions_store_mask, |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 354 | permissions, std::move(completion_callback)); |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 355 | } |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 356 | |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 357 | void PermissionsUpdater::RevokeRuntimePermissions( |
| 358 | const Extension& extension, |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 359 | const PermissionSet& permissions, |
| 360 | base::OnceClosure completion_callback) { |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 361 | // Similar to the process in adding permissions, we might be revoking more |
| 362 | // permissions than the extension currently has explicit access to. For |
| 363 | // instance, we might be revoking https://*.google.com/* even if the extension |
| 364 | // only has https://maps.google.com/*. |
| 365 | const PermissionSet& active = |
| 366 | extension.permissions_data()->active_permissions(); |
| 367 | // Unlike adding permissions, we should know that any permissions we remove |
| 368 | // are a superset of the permissions the extension has active (because we only |
| 369 | // allow removal origins and the extension can't have a broader origin than |
| 370 | // what it has granted). |
| 371 | std::unique_ptr<const PermissionSet> active_permissions_to_remove = |
| 372 | PermissionSet::CreateIntersection( |
| 373 | active, permissions, |
| 374 | URLPatternSet::IntersectionBehavior::kPatternsContainedByBoth); |
| 375 | // One exception: If we're revoking a permission like "<all_urls>", we need |
| 376 | // to make sure it doesn't revoke the included chrome://favicon permission. |
| 377 | std::set<URLPattern> removable_explicit_hosts; |
| 378 | bool needs_adjustment = false; |
| 379 | for (const auto& pattern : active_permissions_to_remove->explicit_hosts()) { |
Lei Zhang | 1e913aa | 2019-02-08 18:59:23 | [diff] [blame] | 380 | bool is_chrome_favicon = pattern.scheme() == content::kChromeUIScheme && |
| 381 | pattern.host() == chrome::kChromeUIFaviconHost; |
| 382 | if (is_chrome_favicon) |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 383 | needs_adjustment = true; |
| 384 | else |
| 385 | removable_explicit_hosts.insert(pattern); |
| 386 | } |
| 387 | if (needs_adjustment) { |
| 388 | // Tedious, because PermissionSets are const. :( |
| 389 | active_permissions_to_remove = std::make_unique<PermissionSet>( |
Devlin Cronin | 32708b0 | 2018-12-05 17:58:04 | [diff] [blame] | 390 | active_permissions_to_remove->apis().Clone(), |
| 391 | active_permissions_to_remove->manifest_permissions().Clone(), |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 392 | URLPatternSet(removable_explicit_hosts), |
Devlin Cronin | 2db2bd4 | 2019-02-25 19:43:47 | [diff] [blame] | 393 | active_permissions_to_remove->scriptable_hosts().Clone()); |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 394 | } |
| 395 | |
| 396 | CHECK(extension.permissions_data()->active_permissions().Contains( |
| 397 | *active_permissions_to_remove)) |
| 398 | << "Cannot remove permissions that are not active."; |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 399 | CHECK(GetRevokablePermissions(&extension)->Contains(permissions)) |
| 400 | << "Cannot remove non-revokable permissions."; |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 401 | |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 402 | // Removing runtime-granted permissions does not remove permissions from |
| 403 | // the granted permissions store. This is done to ensure behavior taken with |
| 404 | // the runtime host permissions feature is confined to when the experiment is |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 405 | // enabled. Similarly, since the runtime-granted permissions were never added |
| 406 | // to the active permissions stored in prefs, they are also not removed. |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 407 | constexpr int permissions_store_mask = kRuntimeGrantedPermissions; |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 408 | RemovePermissionsImpl(extension, *active_permissions_to_remove, |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 409 | permissions_store_mask, permissions, |
| 410 | std::move(completion_callback)); |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 411 | } |
| 412 | |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 413 | void PermissionsUpdater::SetPolicyHostRestrictions( |
| 414 | const Extension* extension, |
| 415 | const URLPatternSet& runtime_blocked_hosts, |
| 416 | const URLPatternSet& runtime_allowed_hosts) { |
| 417 | extension->permissions_data()->SetPolicyHostRestrictions( |
| 418 | runtime_blocked_hosts, runtime_allowed_hosts); |
| 419 | |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 420 | // Update the BrowserContext origin lists, and send notification to the |
| 421 | // currently running renderers of the runtime block hosts settings. |
Takashi Toyoshima | 52f2467 | 2019-03-05 05:36:36 | [diff] [blame] | 422 | NetworkPermissionsUpdateHelper::UpdatePermissions(browser_context_, POLICY, |
| 423 | extension, PermissionSet(), |
| 424 | base::DoNothing::Once()); |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 425 | } |
| 426 | |
| 427 | void PermissionsUpdater::SetUsesDefaultHostRestrictions( |
| 428 | const Extension* extension) { |
| 429 | extension->permissions_data()->SetUsesDefaultHostRestrictions(); |
Takashi Toyoshima | 52f2467 | 2019-03-05 05:36:36 | [diff] [blame] | 430 | NetworkPermissionsUpdateHelper::UpdatePermissions(browser_context_, POLICY, |
| 431 | extension, PermissionSet(), |
| 432 | base::DoNothing::Once()); |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 433 | } |
| 434 | |
| 435 | void PermissionsUpdater::SetDefaultPolicyHostRestrictions( |
| 436 | const URLPatternSet& default_runtime_blocked_hosts, |
| 437 | const URLPatternSet& default_runtime_allowed_hosts) { |
Takashi Toyoshima | 52f2467 | 2019-03-05 05:36:36 | [diff] [blame] | 438 | DCHECK_EQ(0, init_flag_ & INIT_FLAG_TRANSIENT); |
| 439 | |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 440 | PermissionsData::SetDefaultPolicyHostRestrictions( |
| 441 | default_runtime_blocked_hosts, default_runtime_allowed_hosts); |
| 442 | |
Takashi Toyoshima | 52f2467 | 2019-03-05 05:36:36 | [diff] [blame] | 443 | // Update the BrowserContext origin lists, and send notification to the |
| 444 | // currently running renderers of the runtime block hosts settings. |
| 445 | NetworkPermissionsUpdateHelper::UpdateDefaultPolicyHostRestrictions( |
| 446 | browser_context_, default_runtime_blocked_hosts, |
| 447 | default_runtime_allowed_hosts); |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 448 | } |
| 449 | |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 450 | void PermissionsUpdater::RemovePermissionsUnsafe( |
| 451 | const Extension* extension, |
rdevlin.cronin | d630c30 | 2015-09-30 20:19:33 | [diff] [blame] | 452 | const PermissionSet& to_remove) { |
| 453 | const PermissionSet& active = |
rdevlin.cronin | e2d0fd0 | 2015-09-24 22:35:49 | [diff] [blame] | 454 | extension->permissions_data()->active_permissions(); |
dcheng | c963c714 | 2016-04-08 03:55:22 | [diff] [blame] | 455 | std::unique_ptr<const PermissionSet> total = |
rdevlin.cronin | d630c30 | 2015-09-30 20:19:33 | [diff] [blame] | 456 | PermissionSet::CreateDifference(active, to_remove); |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 457 | // |successfully_removed| might not equal |to_remove| if |to_remove| contains |
| 458 | // permissions the extension didn't have. |
dcheng | c963c714 | 2016-04-08 03:55:22 | [diff] [blame] | 459 | std::unique_ptr<const PermissionSet> successfully_removed = |
rdevlin.cronin | d630c30 | 2015-09-30 20:19:33 | [diff] [blame] | 460 | PermissionSet::CreateDifference(active, *total); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 461 | |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 462 | // TODO(devlin): This seems wrong. Since these permissions are being removed |
| 463 | // by enterprise policy, we should not update the active permissions set in |
| 464 | // preferences. That way, if the enterprise policy is changed, the removed |
| 465 | // permissions would be re-added. |
| 466 | constexpr bool update_active_prefs = true; |
| 467 | SetPermissions(extension, std::move(total), update_active_prefs); |
Takashi Toyoshima | 52f2467 | 2019-03-05 05:36:36 | [diff] [blame] | 468 | NetworkPermissionsUpdateHelper::UpdatePermissions( |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 469 | browser_context_, REMOVED, extension, *successfully_removed, |
| 470 | base::DoNothing::Once()); |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 471 | } |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 472 | |
dcheng | c963c714 | 2016-04-08 03:55:22 | [diff] [blame] | 473 | std::unique_ptr<const PermissionSet> |
| 474 | PermissionsUpdater::GetRevokablePermissions(const Extension* extension) const { |
Devlin Cronin | f355f1de | 2018-05-14 15:27:24 | [diff] [blame] | 475 | // Any permissions not required by the extension are revokable. |
rdevlin.cronin | cb9f86e | 2015-10-15 15:13:42 | [diff] [blame] | 476 | const PermissionSet& required = |
| 477 | PermissionsParser::GetRequiredPermissions(extension); |
Devlin Cronin | f355f1de | 2018-05-14 15:27:24 | [diff] [blame] | 478 | std::unique_ptr<const PermissionSet> revokable_permissions = |
| 479 | PermissionSet::CreateDifference( |
| 480 | extension->permissions_data()->active_permissions(), required); |
| 481 | |
| 482 | // Additionally, some required permissions may be revokable if they can be |
| 483 | // withheld by the ScriptingPermissionsModifier. |
| 484 | std::unique_ptr<const PermissionSet> revokable_scripting_permissions = |
| 485 | ScriptingPermissionsModifier(browser_context_, |
| 486 | base::WrapRefCounted(extension)) |
| 487 | .GetRevokablePermissions(); |
| 488 | |
| 489 | if (revokable_scripting_permissions) { |
| 490 | revokable_permissions = PermissionSet::CreateUnion( |
| 491 | *revokable_permissions, *revokable_scripting_permissions); |
| 492 | } |
| 493 | return revokable_permissions; |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 494 | } |
| 495 | |
[email protected] | 009633c | 2013-03-07 22:08:28 | [diff] [blame] | 496 | void PermissionsUpdater::GrantActivePermissions(const Extension* extension) { |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 497 | CHECK(extension); |
| 498 | |
rdevlin.cronin | e2d0fd0 | 2015-09-24 22:35:49 | [diff] [blame] | 499 | ExtensionPrefs::Get(browser_context_) |
| 500 | ->AddGrantedPermissions( |
| 501 | extension->id(), extension->permissions_data()->active_permissions()); |
[email protected] | f746b3f | 2012-07-03 17:53:37 | [diff] [blame] | 502 | } |
| 503 | |
[email protected] | 23a8536 | 2014-07-07 23:26:19 | [diff] [blame] | 504 | void PermissionsUpdater::InitializePermissions(const Extension* extension) { |
dcheng | c963c714 | 2016-04-08 03:55:22 | [diff] [blame] | 505 | std::unique_ptr<const PermissionSet> bounded_wrapper; |
rdevlin.cronin | e2d0fd0 | 2015-09-24 22:35:49 | [diff] [blame] | 506 | const PermissionSet* bounded_active = nullptr; |
Devlin Cronin | 582db61d | 2018-05-17 00:38:31 | [diff] [blame] | 507 | ExtensionPrefs* prefs = ExtensionPrefs::Get(browser_context_); |
gpdavis.chromium | 0fbac4d | 2014-09-19 20:57:54 | [diff] [blame] | 508 | // If |extension| is a transient dummy extension, we do not want to look for |
| 509 | // it in preferences. |
| 510 | if (init_flag_ & INIT_FLAG_TRANSIENT) { |
rdevlin.cronin | cb9f86e | 2015-10-15 15:13:42 | [diff] [blame] | 511 | bounded_active = &extension->permissions_data()->active_permissions(); |
gpdavis.chromium | 0fbac4d | 2014-09-19 20:57:54 | [diff] [blame] | 512 | } else { |
dcheng | c963c714 | 2016-04-08 03:55:22 | [diff] [blame] | 513 | std::unique_ptr<const PermissionSet> active_permissions = |
Devlin Cronin | 582db61d | 2018-05-17 00:38:31 | [diff] [blame] | 514 | prefs->GetActivePermissions(extension->id()); |
rdevlin.cronin | e2d0fd0 | 2015-09-24 22:35:49 | [diff] [blame] | 515 | bounded_wrapper = |
rdevlin.cronin | cb9f86e | 2015-10-15 15:13:42 | [diff] [blame] | 516 | GetBoundedActivePermissions(extension, active_permissions.get()); |
rdevlin.cronin | e2d0fd0 | 2015-09-24 22:35:49 | [diff] [blame] | 517 | bounded_active = bounded_wrapper.get(); |
gpdavis.chromium | 0fbac4d | 2014-09-19 20:57:54 | [diff] [blame] | 518 | } |
[email protected] | 8d42db5 | 2014-06-20 21:50:50 | [diff] [blame] | 519 | |
Tim Judkins | 6c4b230 | 2019-08-21 02:00:21 | [diff] [blame] | 520 | std::unique_ptr<const PermissionSet> granted_permissions = |
| 521 | ScriptingPermissionsModifier::WithholdPermissionsIfNecessary( |
| 522 | *extension, *prefs, *bounded_active); |
[email protected] | 8d42db5 | 2014-06-20 21:50:50 | [diff] [blame] | 523 | |
Ivan Sandrk | e2b20c6 | 2018-09-10 16:23:53 | [diff] [blame] | 524 | if (GetDelegate()) |
| 525 | GetDelegate()->InitializePermissions(extension, &granted_permissions); |
isandrk | 80e3eb9 | 2017-04-12 15:22:14 | [diff] [blame] | 526 | |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 527 | bool update_active_permissions = false; |
Oleg Maximenko | 8fddbf8b | 2017-08-29 14:19:48 | [diff] [blame] | 528 | if ((init_flag_ & INIT_FLAG_TRANSIENT) == 0) { |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 529 | update_active_permissions = true; |
Oleg Maximenko | 8fddbf8b | 2017-08-29 14:19:48 | [diff] [blame] | 530 | // Apply per-extension policy if set. |
| 531 | ExtensionManagement* management = |
| 532 | ExtensionManagementFactory::GetForBrowserContext(browser_context_); |
Devlin Cronin | 7e0f41ff | 2018-05-16 17:19:36 | [diff] [blame] | 533 | if (!management->UsesDefaultPolicyHostRestrictions(extension)) { |
Oleg Maximenko | 8fddbf8b | 2017-08-29 14:19:48 | [diff] [blame] | 534 | SetPolicyHostRestrictions(extension, |
Devlin Cronin | 7e0f41ff | 2018-05-16 17:19:36 | [diff] [blame] | 535 | management->GetPolicyBlockedHosts(extension), |
| 536 | management->GetPolicyAllowedHosts(extension)); |
Oleg Maximenko | 8fddbf8b | 2017-08-29 14:19:48 | [diff] [blame] | 537 | } |
| 538 | } |
| 539 | |
dcheng | 1fc00f1 | 2015-12-26 22:18:03 | [diff] [blame] | 540 | SetPermissions(extension, std::move(granted_permissions), |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 541 | update_active_permissions); |
[email protected] | 23a8536 | 2014-07-07 23:26:19 | [diff] [blame] | 542 | } |
| 543 | |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 544 | void PermissionsUpdater::AddPermissionsForTesting( |
| 545 | const Extension& extension, |
| 546 | const PermissionSet& permissions) { |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 547 | AddPermissionsImpl(extension, permissions, kNone, permissions, |
| 548 | base::DoNothing::Once()); |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 549 | } |
| 550 | |
[email protected] | 23a8536 | 2014-07-07 23:26:19 | [diff] [blame] | 551 | void PermissionsUpdater::SetPermissions( |
| 552 | const Extension* extension, |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 553 | std::unique_ptr<const PermissionSet> new_active, |
| 554 | bool update_prefs) { |
| 555 | // Calculate the withheld permissions as any permissions that were required, |
| 556 | // but are not in the active set. |
| 557 | const PermissionSet& required = |
| 558 | PermissionsParser::GetRequiredPermissions(extension); |
| 559 | // TODO(https://crbug.com/869403): Currently, withheld permissions should only |
| 560 | // contain permissions withheld by the runtime host permissions feature. |
| 561 | // However, there could possibly be API permissions that were removed from the |
| 562 | // active set by enterprise policy. These shouldn't go in the withheld |
| 563 | // permission set, since withheld permissions are generally supposed to be |
| 564 | // grantable. Currently, we can deal with this because all permissions |
| 565 | // withheld by runtime host permissions are explicit or scriptable hosts, and |
| 566 | // all permissions blocked by enterprise are API permissions. So to get the |
| 567 | // set of runtime-hosts-withheld permissions, we just look at the delta in the |
| 568 | // URLPatternSets. However, this is very fragile, and should be dealt with |
| 569 | // more robustly. |
| 570 | std::unique_ptr<const PermissionSet> new_withheld = |
| 571 | PermissionSet::CreateDifference( |
| 572 | PermissionSet(APIPermissionSet(), ManifestPermissionSet(), |
Devlin Cronin | 2db2bd4 | 2019-02-25 19:43:47 | [diff] [blame] | 573 | required.explicit_hosts().Clone(), |
| 574 | required.scriptable_hosts().Clone()), |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 575 | *new_active); |
rdevlin.cronin | e2d0fd0 | 2015-09-24 22:35:49 | [diff] [blame] | 576 | |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 577 | extension->permissions_data()->SetPermissions(std::move(new_active), |
| 578 | std::move(new_withheld)); |
| 579 | |
| 580 | if (update_prefs) { |
gpdavis.chromium | 0fbac4d | 2014-09-19 20:57:54 | [diff] [blame] | 581 | ExtensionPrefs::Get(browser_context_) |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 582 | ->SetActivePermissions( |
| 583 | extension->id(), |
| 584 | extension->permissions_data()->active_permissions()); |
gpdavis.chromium | 0fbac4d | 2014-09-19 20:57:54 | [diff] [blame] | 585 | } |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 586 | } |
| 587 | |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 588 | // static |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 589 | void PermissionsUpdater::NotifyPermissionsUpdated( |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 590 | content::BrowserContext* browser_context, |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 591 | EventType event_type, |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 592 | scoped_refptr<const Extension> extension, |
| 593 | std::unique_ptr<const PermissionSet> changed, |
| 594 | base::OnceClosure completion_callback) { |
| 595 | if (changed->IsEmpty() && event_type != POLICY) { |
| 596 | std::move(completion_callback).Run(); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 597 | return; |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 598 | } |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 599 | |
| 600 | UpdatedExtensionPermissionsInfo::Reason reason; |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 601 | events::HistogramValue histogram_value = events::UNKNOWN; |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 602 | const char* event_name = NULL; |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 603 | Profile* profile = Profile::FromBrowserContext(browser_context); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 604 | |
| 605 | if (event_type == REMOVED) { |
| 606 | reason = UpdatedExtensionPermissionsInfo::REMOVED; |
kalman | ef20c65 | 2015-07-06 22:18:33 | [diff] [blame] | 607 | histogram_value = events::PERMISSIONS_ON_REMOVED; |
[email protected] | e054ea1 | 2013-08-20 00:41:57 | [diff] [blame] | 608 | event_name = permissions::OnRemoved::kEventName; |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 609 | } else if (event_type == ADDED) { |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 610 | reason = UpdatedExtensionPermissionsInfo::ADDED; |
kalman | ef20c65 | 2015-07-06 22:18:33 | [diff] [blame] | 611 | histogram_value = events::PERMISSIONS_ON_ADDED; |
[email protected] | e054ea1 | 2013-08-20 00:41:57 | [diff] [blame] | 612 | event_name = permissions::OnAdded::kEventName; |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 613 | } else { |
| 614 | DCHECK_EQ(POLICY, event_type); |
| 615 | reason = UpdatedExtensionPermissionsInfo::POLICY; |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 616 | } |
| 617 | |
| 618 | // Notify other APIs or interested parties. |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 619 | UpdatedExtensionPermissionsInfo info = |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 620 | UpdatedExtensionPermissionsInfo(extension.get(), *changed, reason); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 621 | content::NotificationService::current()->Notify( |
[email protected] | adf5a10 | 2014-07-31 12:44:06 | [diff] [blame] | 622 | extensions::NOTIFICATION_EXTENSION_PERMISSIONS_UPDATED, |
[email protected] | 8d42db5 | 2014-06-20 21:50:50 | [diff] [blame] | 623 | content::Source<Profile>(profile), |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 624 | content::Details<UpdatedExtensionPermissionsInfo>(&info)); |
| 625 | |
[email protected] | 8d42db5 | 2014-06-20 21:50:50 | [diff] [blame] | 626 | ExtensionMsg_UpdatePermissions_Params params; |
[email protected] | 8d42db5 | 2014-06-20 21:50:50 | [diff] [blame] | 627 | params.extension_id = extension->id(); |
[email protected] | 23a8536 | 2014-07-07 23:26:19 | [diff] [blame] | 628 | params.active_permissions = ExtensionMsg_PermissionSetStruct( |
rdevlin.cronin | d630c30 | 2015-09-30 20:19:33 | [diff] [blame] | 629 | extension->permissions_data()->active_permissions()); |
[email protected] | 23a8536 | 2014-07-07 23:26:19 | [diff] [blame] | 630 | params.withheld_permissions = ExtensionMsg_PermissionSetStruct( |
rdevlin.cronin | d630c30 | 2015-09-30 20:19:33 | [diff] [blame] | 631 | extension->permissions_data()->withheld_permissions()); |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 632 | params.uses_default_policy_host_restrictions = |
| 633 | extension->permissions_data()->UsesDefaultPolicyHostRestrictions(); |
| 634 | if (!params.uses_default_policy_host_restrictions) { |
| 635 | params.policy_blocked_hosts = |
Devlin Cronin | 11860c98 | 2018-12-14 20:18:27 | [diff] [blame] | 636 | extension->permissions_data()->policy_blocked_hosts().Clone(); |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 637 | params.policy_allowed_hosts = |
Devlin Cronin | 11860c98 | 2018-12-14 20:18:27 | [diff] [blame] | 638 | extension->permissions_data()->policy_allowed_hosts().Clone(); |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 639 | } |
[email protected] | 8d42db5 | 2014-06-20 21:50:50 | [diff] [blame] | 640 | |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 641 | // Send the new permissions to the renderers. |
| 642 | for (RenderProcessHost::iterator i(RenderProcessHost::AllHostsIterator()); |
| 643 | !i.IsAtEnd(); i.Advance()) { |
| 644 | RenderProcessHost* host = i.GetCurrentValue(); |
[email protected] | 8d42db5 | 2014-06-20 21:50:50 | [diff] [blame] | 645 | if (profile->IsSameProfile( |
| 646 | Profile::FromBrowserContext(host->GetBrowserContext()))) { |
| 647 | host->Send(new ExtensionMsg_UpdatePermissions(params)); |
[email protected] | e737c44 | 2013-11-15 15:55:24 | [diff] [blame] | 648 | } |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 649 | } |
| 650 | |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 651 | // Trigger the onAdded and onRemoved events in the extension. We explicitly |
| 652 | // don't do this for policy-related events. |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 653 | EventRouter* event_router = |
| 654 | event_name ? EventRouter::Get(browser_context) : nullptr; |
| 655 | if (event_router) { |
| 656 | std::unique_ptr<base::ListValue> value(new base::ListValue()); |
| 657 | std::unique_ptr<api::permissions::Permissions> permissions = |
| 658 | PackPermissionSet(*changed); |
| 659 | value->Append(permissions->ToValue()); |
| 660 | auto event = std::make_unique<Event>(histogram_value, event_name, |
| 661 | std::move(value), browser_context); |
| 662 | event_router->DispatchEventToExtension(extension->id(), std::move(event)); |
| 663 | } |
| 664 | |
| 665 | std::move(completion_callback).Run(); |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 666 | } |
| 667 | |
Takashi Toyoshima | 52f2467 | 2019-03-05 05:36:36 | [diff] [blame] | 668 | // static |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 669 | void PermissionsUpdater::NotifyDefaultPolicyHostRestrictionsUpdated( |
Takashi Toyoshima | 52f2467 | 2019-03-05 05:36:36 | [diff] [blame] | 670 | content::BrowserContext* browser_context, |
| 671 | const URLPatternSet default_runtime_blocked_hosts, |
| 672 | const URLPatternSet default_runtime_allowed_hosts) { |
| 673 | Profile* profile = Profile::FromBrowserContext(browser_context); |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 674 | |
| 675 | ExtensionMsg_UpdateDefaultPolicyHostRestrictions_Params params; |
Devlin Cronin | 11860c98 | 2018-12-14 20:18:27 | [diff] [blame] | 676 | params.default_policy_blocked_hosts = default_runtime_blocked_hosts.Clone(); |
| 677 | params.default_policy_allowed_hosts = default_runtime_allowed_hosts.Clone(); |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 678 | |
| 679 | // Send the new policy to the renderers. |
| 680 | for (RenderProcessHost::iterator host_iterator( |
| 681 | RenderProcessHost::AllHostsIterator()); |
| 682 | !host_iterator.IsAtEnd(); host_iterator.Advance()) { |
| 683 | RenderProcessHost* host = host_iterator.GetCurrentValue(); |
| 684 | if (profile->IsSameProfile( |
| 685 | Profile::FromBrowserContext(host->GetBrowserContext()))) { |
| 686 | host->Send(new ExtensionMsg_UpdateDefaultPolicyHostRestrictions(params)); |
| 687 | } |
| 688 | } |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 689 | } |
| 690 | |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 691 | void PermissionsUpdater::AddPermissionsImpl( |
| 692 | const Extension& extension, |
| 693 | const PermissionSet& active_permissions_to_add, |
| 694 | int permissions_store_mask, |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 695 | const PermissionSet& prefs_permissions_to_add, |
| 696 | base::OnceClosure completion_callback) { |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 697 | std::unique_ptr<const PermissionSet> new_active = PermissionSet::CreateUnion( |
| 698 | active_permissions_to_add, |
| 699 | extension.permissions_data()->active_permissions()); |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 700 | |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 701 | bool update_active_prefs = (permissions_store_mask & kActivePermissions) != 0; |
| 702 | SetPermissions(&extension, std::move(new_active), update_active_prefs); |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 703 | |
| 704 | if ((permissions_store_mask & kGrantedPermissions) != 0) { |
| 705 | // TODO(devlin): Could we only grant |permissions|, rather than all those |
| 706 | // in the active permissions? In theory, all other active permissions have |
| 707 | // already been granted. |
| 708 | GrantActivePermissions(&extension); |
| 709 | } |
| 710 | |
| 711 | if ((permissions_store_mask & kRuntimeGrantedPermissions) != 0) { |
| 712 | ExtensionPrefs::Get(browser_context_) |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 713 | ->AddRuntimeGrantedPermissions(extension.id(), |
| 714 | prefs_permissions_to_add); |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 715 | } |
| 716 | |
Takashi Toyoshima | 52f2467 | 2019-03-05 05:36:36 | [diff] [blame] | 717 | NetworkPermissionsUpdateHelper::UpdatePermissions( |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 718 | browser_context_, ADDED, &extension, active_permissions_to_add, |
| 719 | std::move(completion_callback)); |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 720 | } |
| 721 | |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 722 | void PermissionsUpdater::RemovePermissionsImpl( |
| 723 | const Extension& extension, |
| 724 | const PermissionSet& active_permissions_to_remove, |
| 725 | int permissions_store_mask, |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 726 | const PermissionSet& prefs_permissions_to_remove, |
| 727 | base::OnceClosure completion_callback) { |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 728 | std::unique_ptr<const PermissionSet> new_active = |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 729 | PermissionSet::CreateDifference( |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 730 | extension.permissions_data()->active_permissions(), |
| 731 | active_permissions_to_remove); |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 732 | |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 733 | bool update_active_prefs = (permissions_store_mask & kActivePermissions) != 0; |
| 734 | SetPermissions(&extension, std::move(new_active), update_active_prefs); |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 735 | |
| 736 | ExtensionPrefs* prefs = ExtensionPrefs::Get(browser_context_); |
| 737 | // NOTE: Currently, this code path is only reached in unit tests. See comment |
| 738 | // above REMOVE_HARD in the header file. |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 739 | if ((permissions_store_mask & kGrantedPermissions) != 0) { |
| 740 | prefs->RemoveGrantedPermissions(extension.id(), |
| 741 | prefs_permissions_to_remove); |
| 742 | } |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 743 | |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 744 | if ((permissions_store_mask & kRuntimeGrantedPermissions) != 0) { |
| 745 | prefs->RemoveRuntimeGrantedPermissions(extension.id(), |
| 746 | prefs_permissions_to_remove); |
| 747 | } |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 748 | |
Takashi Toyoshima | 52f2467 | 2019-03-05 05:36:36 | [diff] [blame] | 749 | NetworkPermissionsUpdateHelper::UpdatePermissions( |
Takashi Toyoshima | 6957907 | 2018-11-19 07:10:50 | [diff] [blame] | 750 | browser_context_, REMOVED, &extension, active_permissions_to_remove, |
| 751 | std::move(completion_callback)); |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 752 | } |
| 753 | |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 754 | } // namespace extensions |