1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
// Copyright 2024 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROMEOS_ASH_COMPONENTS_BOCA_ON_TASK_ON_TASK_BLOCKLIST_H_
#define CHROMEOS_ASH_COMPONENTS_BOCA_ON_TASK_ON_TASK_BLOCKLIST_H_
#include <map>
#include <memory>
#include "base/memory/singleton.h"
#include "base/memory/weak_ptr.h"
#include "chromeos/ash/components/boca/proto/bundle.pb.h"
#include "components/policy/core/browser/url_blocklist_manager.h"
#include "components/sessions/core/session_id.h"
#include "content/public/browser/web_contents.h"
#include "url/gurl.h"
// The OnTaskBlocklist is responsible for setting the appropriate url navigation
// restrictions for each tab.
class OnTaskBlocklist {
public:
// BlocklistSource implementation that blocks all traffic with the
// exception of URLs specified by the teacher's navigation restriction level.
// Note that this implementation only supports one observer at a time. Adding
// a new observer will remove the previous one. These should only be called
// from the main thread.
class OnTaskBlocklistSource : public policy::BlocklistSource {
public:
OnTaskBlocklistSource(
const GURL& url,
::boca::LockedNavigationOptions::NavigationType restriction_type);
OnTaskBlocklistSource(const OnTaskBlocklistSource&) = delete;
OnTaskBlocklistSource& operator=(const OnTaskBlocklistSource&) = delete;
~OnTaskBlocklistSource() override = default;
const base::Value::List* GetBlocklistSpec() const override;
const base::Value::List* GetAllowlistSpec() const override;
void SetBlocklistObserver(base::RepeatingClosure observer) override {}
private:
base::Value::List blocklist_;
base::Value::List allowlist_;
};
explicit OnTaskBlocklist(
std::unique_ptr<policy::URLBlocklistManager> url_blocklist_manager);
OnTaskBlocklist(const OnTaskBlocklist&) = delete;
OnTaskBlocklist& operator=(const OnTaskBlocklist&) = delete;
~OnTaskBlocklist();
// Returns whether the `url` is in the same domain as `domain_url` (including
// sub-domains). This should ideally be a standalone util method, but we leave
// this in here for now so we can reuse domain level filters from the domain
// nav restriction setup.
static bool IsURLInDomain(const GURL& url, const GURL& domain_url);
// Returns the URLBlocklistState for the given url.
policy::URLBlocklist::URLBlocklistState GetURLBlocklistState(
const GURL& url) const;
// Sets the url restrictions for the given `url` with `restriction_level`.
// This is different from `SetParentURLRestrictionLevel` since this can be
// called on newly navigated urls not sent by the boca producer. True
// represents we are able to set the restrictions for the tab, false
// otherwise. It should only be true if it's a new tab.
bool MaybeSetURLRestrictionLevel(
content::WebContents* tab,
const GURL& url,
::boca::LockedNavigationOptions::NavigationType restriction_level);
// Sets the url restrictions for the given `url` with `restriction_level`.
// Should only be called for the set of urls sent by the boca producer.
void SetParentURLRestrictionLevel(
content::WebContents* tab,
const GURL& url,
::boca::LockedNavigationOptions::NavigationType restriction_level);
// Updates the blocklist that is associated with the given `tab`. This is
// triggered on an active tab change or when the current tab changes.
void RefreshForUrlBlocklist(content::WebContents* tab);
// Remove the `tab` from the `parent_tab_to_nav_filters_`;
void RemoveParentFilter(content::WebContents* tab);
// Remove the `tab` from the `child_tab_to_nav_filters_`;
void RemoveChildFilter(content::WebContents* tab);
void CleanupBlocklist();
// Returns true if the tab can perform one level deep. If the current
// restriction level is not `kOneLevelDeepNavigation`, then this will return
// false. This should only be called in a block that checks that the current
// restriction level is for one level deep navigation.
bool CanPerformOneLevelNavigation(content::WebContents* tab);
bool IsCurrentRestrictionOneLevelDeep();
// Returns true if the `tab` is a parent tab. A parent tab is any tab that was
// sent as part of a session bundle. Any other tab created (either via
// ctrl+left click or a link click that sets itself to open in a new window)
// during the session by the user is a child tab. Parent tabs should not
// be closed during any point of an ongoing session.
bool IsParentTab(content::WebContents* tab);
content::WebContents* previous_tab();
const policy::URLBlocklistManager* url_blocklist_manager();
std::map<SessionID, ::boca::LockedNavigationOptions::NavigationType>
parent_tab_to_nav_filters();
std::map<SessionID, ::boca::LockedNavigationOptions::NavigationType>
child_tab_to_nav_filters();
std::map<SessionID, GURL> one_level_deep_original_url();
::boca::LockedNavigationOptions::NavigationType
current_page_restriction_level();
private:
::boca::LockedNavigationOptions::NavigationType
current_page_restriction_level_ =
::boca::LockedNavigationOptions::OPEN_NAVIGATION;
base::WeakPtr<content::WebContents> previous_tab_;
GURL previous_url_;
std::map<SessionID, ::boca::LockedNavigationOptions::NavigationType>
parent_tab_to_nav_filters_;
std::map<SessionID, ::boca::LockedNavigationOptions::NavigationType>
child_tab_to_nav_filters_;
std::map<SessionID, GURL> one_level_deep_original_url_;
const std::unique_ptr<policy::URLBlocklistManager> url_blocklist_manager_;
base::WeakPtrFactory<OnTaskBlocklist> weak_pointer_factory_{this};
};
#endif // CHROMEOS_ASH_COMPONENTS_BOCA_ON_TASK_ON_TASK_BLOCKLIST_H_
|
