From acb745927d79ed309bcbc0fd286b3e14ec88e52a Mon Sep 17 00:00:00 2001 From: "rdevlin.cronin" Date: Wed, 17 Feb 2016 12:37:44 -0800 Subject: [Extensions] Wire in the ActiveScriptController with WebRequest Finish the process of wiring up webRequest with the rest of the blocked actions by notifying the ActiveScriptController of a webRequest that was withheld. BUG=460306 Review URL: https://codereview.chromium.org/1694973002 Cr-Commit-Position: refs/heads/master@{#375968} --- .../declarative_webrequest/webrequest_action.cc | 5 ++-- .../browser/api/web_request/web_request_api.cc | 19 ++++++++----- .../web_request_event_router_delegate.h | 6 +++++ .../api/web_request/web_request_permissions.cc | 31 ++++++++++++---------- .../api/web_request/web_request_permissions.h | 3 ++- 5 files changed, 41 insertions(+), 23 deletions(-) (limited to 'extensions/browser/api') diff --git a/extensions/browser/api/declarative_webrequest/webrequest_action.cc b/extensions/browser/api/declarative_webrequest/webrequest_action.cc index c5dad854..6cf0dbb 100644 --- a/extensions/browser/api/declarative_webrequest/webrequest_action.cc +++ b/extensions/browser/api/declarative_webrequest/webrequest_action.cc @@ -509,8 +509,9 @@ bool WebRequestAction::HasPermission(const InfoMap* extension_info_map, } // TODO(devlin): Pass in the real tab id here. return WebRequestPermissions::CanExtensionAccessURL( - extension_info_map, extension_id, request->url(), -1, crosses_incognito, - permission_check); + extension_info_map, extension_id, request->url(), -1, + crosses_incognito, + permission_check) == PermissionsData::ACCESS_ALLOWED; } // static diff --git a/extensions/browser/api/web_request/web_request_api.cc b/extensions/browser/api/web_request/web_request_api.cc index ddec87c5..a43d14a 100644 --- a/extensions/browser/api/web_request/web_request_api.cc +++ b/extensions/browser/api/web_request/web_request_api.cc @@ -1352,12 +1352,19 @@ void ExtensionWebRequestEventRouter::GetMatchingListenersImpl( render_process_id, render_frame_id, &frame_data)) { tab_id = frame_data.tab_id; } - if (!is_web_view_guest && - !WebRequestPermissions::CanExtensionAccessURL( - extension_info_map, listener.extension_id, url, tab_id, - crosses_incognito, - WebRequestPermissions::REQUIRE_HOST_PERMISSION)) { - continue; + if (!is_web_view_guest) { + PermissionsData::AccessType access = + WebRequestPermissions::CanExtensionAccessURL( + extension_info_map, listener.extension_id, url, tab_id, + crosses_incognito, + WebRequestPermissions::REQUIRE_HOST_PERMISSION); + if (access != PermissionsData::ACCESS_ALLOWED) { + if (access == PermissionsData::ACCESS_WITHHELD) { + web_request_event_router_delegate_->NotifyWebRequestWithheld( + render_process_id, render_frame_id, listener.extension_id); + } + continue; + } } bool blocking_listener = diff --git a/extensions/browser/api/web_request/web_request_event_router_delegate.h b/extensions/browser/api/web_request/web_request_event_router_delegate.h index 35f3dbb..212f0b7 100644 --- a/extensions/browser/api/web_request/web_request_event_router_delegate.h +++ b/extensions/browser/api/web_request/web_request_event_router_delegate.h @@ -54,6 +54,12 @@ class WebRequestEventRouterDelegate { scoped_ptr details) { } + // Notifies that a webRequest event that normally would be forwarded to a + // listener was instead blocked because of withheld permissions. + virtual void NotifyWebRequestWithheld(int render_process_id, + int render_frame_id, + const std::string& extension_id) {} + private: DISALLOW_COPY_AND_ASSIGN(WebRequestEventRouterDelegate); }; diff --git a/extensions/browser/api/web_request/web_request_permissions.cc b/extensions/browser/api/web_request/web_request_permissions.cc index 78ab323..f213890 100644 --- a/extensions/browser/api/web_request/web_request_permissions.cc +++ b/extensions/browser/api/web_request/web_request_permissions.cc @@ -18,6 +18,7 @@ #include "url/origin.h" using content::ResourceRequestInfo; +using extensions::PermissionsData; namespace { @@ -104,7 +105,7 @@ bool WebRequestPermissions::HideRequest( } // static -bool WebRequestPermissions::CanExtensionAccessURL( +PermissionsData::AccessType WebRequestPermissions::CanExtensionAccessURL( const extensions::InfoMap* extension_info_map, const std::string& extension_id, const GURL& url, @@ -113,37 +114,39 @@ bool WebRequestPermissions::CanExtensionAccessURL( HostPermissionsCheck host_permissions_check) { // extension_info_map can be NULL in testing. if (!extension_info_map) - return true; + return PermissionsData::ACCESS_ALLOWED; const extensions::Extension* extension = extension_info_map->extensions().GetByID(extension_id); if (!extension) - return false; + return PermissionsData::ACCESS_DENIED; // Check if this event crosses incognito boundaries when it shouldn't. if (crosses_incognito && !extension_info_map->CanCrossIncognito(extension)) - return false; + return PermissionsData::ACCESS_DENIED; + PermissionsData::AccessType access = PermissionsData::ACCESS_DENIED; switch (host_permissions_check) { case DO_NOT_CHECK_HOST: + access = PermissionsData::ACCESS_ALLOWED; break; case REQUIRE_HOST_PERMISSION: // about: URLs are not covered in host permissions, but are allowed // anyway. - if (!url.SchemeIs(url::kAboutScheme) && - !url::IsSameOriginWith(url, extension->url())) { - extensions::PermissionsData::AccessType access = - extension->permissions_data()->GetPageAccess(extension, url, tab_id, - nullptr); - if (access != extensions::PermissionsData::ACCESS_ALLOWED) - return false; + if (url.SchemeIs(url::kAboutScheme) || + url::IsSameOriginWith(url, extension->url())) { + access = PermissionsData::ACCESS_ALLOWED; + break; } + access = extension->permissions_data()->GetPageAccess(extension, url, + tab_id, nullptr); break; case REQUIRE_ALL_URLS: - if (!extension->permissions_data()->HasEffectiveAccessToAllHosts()) - return false; + if (extension->permissions_data()->HasEffectiveAccessToAllHosts()) + access = PermissionsData::ACCESS_ALLOWED; + // else ACCESS_DENIED break; } - return true; + return access; } diff --git a/extensions/browser/api/web_request/web_request_permissions.h b/extensions/browser/api/web_request/web_request_permissions.h index 2153183..f24b019 100644 --- a/extensions/browser/api/web_request/web_request_permissions.h +++ b/extensions/browser/api/web_request/web_request_permissions.h @@ -9,6 +9,7 @@ #include #include "base/macros.h" +#include "extensions/common/permissions/permissions_data.h" class GURL; @@ -36,7 +37,7 @@ class WebRequestPermissions { // |host_permission_check| controls how permissions are checked with regard to // |url|. - static bool CanExtensionAccessURL( + static extensions::PermissionsData::AccessType CanExtensionAccessURL( const extensions::InfoMap* extension_info_map, const std::string& extension_id, const GURL& url, -- cgit v1.1