1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
// Copyright 2015 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_EXTENSIONS_PERMISSIONS_SCRIPTING_PERMISSIONS_MODIFIER_H_
#define CHROME_BROWSER_EXTENSIONS_PERMISSIONS_SCRIPTING_PERMISSIONS_MODIFIER_H_
#include <memory>
#include "base/functional/callback_forward.h"
#include "base/memory/raw_ptr.h"
#include "base/memory/scoped_refptr.h"
#include "extensions/buildflags/buildflags.h"
#include "extensions/common/url_pattern_set.h"
static_assert(BUILDFLAG(ENABLE_EXTENSIONS_CORE));
class GURL;
class URLPattern;
namespace content {
class BrowserContext;
}
namespace extensions {
class Extension;
class ExtensionPrefs;
class PermissionSet;
class PermissionsManager;
class URLPatternSet;
// Responsible for managing the majority of click-to-script features, including
// granting, withholding, and querying host permissions, and determining if an
// extension has been affected by the click-to-script project.
class ScriptingPermissionsModifier {
public:
ScriptingPermissionsModifier(content::BrowserContext* browser_context,
const scoped_refptr<const Extension>& extension);
ScriptingPermissionsModifier(const ScriptingPermissionsModifier&) = delete;
ScriptingPermissionsModifier& operator=(const ScriptingPermissionsModifier&) =
delete;
~ScriptingPermissionsModifier();
// Sets whether Chrome should withhold host permissions from the extension.
// This may only be called for extensions that can be affected (i.e., for
// which CanAffectExtension() returns true). Anything else will DCHECK.
void SetWithholdHostPermissions(bool withhold);
// Grants the extension permission to run on the origin of `url`.
// This may only be called for extensions that can be affected (i.e., for
// which CanAffectExtension() returns true). Anything else will CHECK.
void GrantHostPermission(const GURL& url);
// Grants the extension permission to run on `pattern`.
// This may only be called for extensions that can be affected (i.e., for
// which CanAffectExtension() returns true). Anything else will CHECK.
void GrantHostPermission(const URLPattern& site,
base::OnceClosure done_callback);
// Revokes permission to run on the origin of `url`, including any permissions
// that match or overlap with the origin. For instance, removing access to
// https://google.com will remove access to *://*.com/* as well.
// DCHECKs if `url` has not been granted.
// This may only be called for extensions that can be affected (i.e., for
// which CanAffectExtension() returns true). Anything else will CHECK.
void RemoveGrantedHostPermission(const GURL& url);
// Revokes permission to run on all sites that have some intersection with
// `pattern`. This may only be called for extensions that can be affected
// (i.e., for which CanAffectExtension() returns true). Anything else will
// CHECK.
void RemoveHostPermissions(const URLPattern& pattern,
base::OnceClosure done_callback);
// Revokes host permission patterns granted to the extension that effectively
// grant access to all urls.
void RemoveBroadGrantedHostPermissions();
// Revokes all host permissions granted to the extension. Note that this will
// only withhold hosts explicitly granted to the extension; this will not
// implicitly change the value of HasWithheldHostPermissions().
// This may only be called for extensions that can be affected (i.e., for
// which CanAffectExtension() returns true). Anything else will DCHECK.
void RemoveAllGrantedHostPermissions();
// Takes in a set of permissions and withholds any permissions that should not
// be granted for the given `extension`, returning a permission set with all
// of the permissions that can be granted.
// Note: we pass in `permissions` explicitly here, as this is used during
// permission initialization, where the active permissions on the extension
// may not be the permissions to compare against.
std::unique_ptr<const PermissionSet> WithholdPermissionsIfNecessary(
const PermissionSet& permissions);
private:
// Grants `explicit_hosts` and `scriptable_hosts` permissions. Calls
// `done_callback` on completion.
void GrantHostPermission(URLPatternSet explicit_hosts,
URLPatternSet scriptable_hosts,
base::OnceClosure done_callback);
// Grants any withheld host permissions.
void GrantWithheldHostPermissions();
// Revokes `explicit_hosts` and `scriptable_hosts` permissions. Calls
// `done_callback` on completion.
void WithholdHostPermissions(URLPatternSet explicit_hosts,
URLPatternSet scriptable_hosts,
base::OnceClosure done_callback);
raw_ptr<content::BrowserContext> browser_context_;
scoped_refptr<const Extension> extension_;
raw_ptr<ExtensionPrefs> extension_prefs_;
raw_ptr<PermissionsManager> permissions_manager_;
};
} // namespace extensions
#endif // CHROME_BROWSER_EXTENSIONS_PERMISSIONS_SCRIPTING_PERMISSIONS_MODIFIER_H_
|
