File: permission_util.h

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (204 lines) | stat: -rw-r--r-- 8,695 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
 
// Copyright 2015 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef COMPONENTS_PERMISSIONS_PERMISSION_UTIL_H_
#define COMPONENTS_PERMISSIONS_PERMISSION_UTIL_H_

#include <string>

#include "build/build_config.h"
#include "components/content_settings/core/common/content_settings.h"
#include "components/content_settings/core/common/content_settings_types.h"
#include "components/permissions/permission_decision.h"
#include "components/permissions/permission_prompt.h"
#include "content/public/browser/permission_result.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-forward.h"
#include "third_party/blink/public/mojom/permissions/permission_status.mojom.h"

namespace blink {
enum class PermissionType;
}

namespace content {
class RenderFrameHost;
class RenderProcessHost;
}  // namespace content

class GURL;

namespace permissions {
class PermissionRequest;
struct PermissionRequestData;

// This enum backs a UMA histogram, so it must be treated as append-only.
enum class PermissionAction {
  GRANTED = 0,
  DENIED = 1,
  DISMISSED = 2,
  IGNORED = 3,
  REVOKED = 4,
  GRANTED_ONCE = 5,

  // Always keep this at the end.
  NUM,
};

enum PermissionPromptViewID {
  VIEW_ID_PERMISSION_PROMPT_NONE = 0,
  VIEW_ID_PERMISSION_PROMPT_EXTRA_TEXT,
  VIEW_ID_PERMISSION_PROMPT_LINK,
};

// A utility class for permissions.
class PermissionUtil {
 public:
  PermissionUtil() = delete;
  PermissionUtil(const PermissionUtil&) = delete;
  PermissionUtil& operator=(const PermissionUtil&) = delete;

  // Returns the permission string for the given permission.
  static std::string GetPermissionString(ContentSettingsType);

  // Returns the request type uma value for the given permissions.
  static RequestTypeForUma GetUmaValueForRequests(
      const std::vector<std::unique_ptr<PermissionRequest>>& requests);

  static RequestTypeForUma GetUmaValueForRequests(
      const std::vector<base::WeakPtr<PermissionRequest>>& requests);

  // Returns the request type uma value for the given request type.
  static RequestTypeForUma GetUmaValueForRequestType(RequestType request_type);

  // Returns the gesture type corresponding to whether a permission request is
  // made with or without a user gesture.
  static PermissionRequestGestureType GetGestureType(bool user_gesture);

  // Limited conversion of ContentSettingsType to PermissionType. Returns true
  // if the conversion was performed.
  // TODO(timloh): Try to remove this function. Mainly we need to work out how
  // to remove the usage in PermissionUmaUtil, which uses PermissionType as a
  // histogram value to count permission request metrics.
  static bool GetPermissionType(ContentSettingsType type,
                                blink::PermissionType* out);

  // Returns the corresponding permissions policy feature to the given content
  // settings type, or nullopt if there is none.
  static std::optional<network::mojom::PermissionsPolicyFeature>
  GetPermissionsPolicyFeature(ContentSettingsType type);

  // Checks whether the given ContentSettingsType is a permission. Use this
  // to determine whether a specific ContentSettingsType is supported by the
  // PermissionManager.
  static bool IsPermission(ContentSettingsType type);

  // Check whether the given permission request has low priority, based on the
  // acceptance rates data (notifications and geolocations have the lowest
  // acceptance data)
  static bool IsLowPriorityPermissionRequest(const PermissionRequest* request);

  // Check whether the given permission request could prompt a secondary UI, it
  // means:
  // - The request is initiated from a permission element.
  // - The request type is permission element supported type.
  static bool ShouldCurrentRequestUsePermissionElementSecondaryUI(
      PermissionPrompt::Delegate* delegate);

  // Checks whether the given ContentSettingsType is a guard content setting,
  // meaning it does not support allow setting and toggles between "ask" and
  // "block" instead. This is primarily used for chooser-based permissions.
  static bool IsGuardContentSetting(ContentSettingsType type);

  // Returns true if the permission for `type` can be granted for a short period
  // of time. This means the following:
  // - Permission prompts will have a button that is labeled along the lines of
  //   "Allow this time".
  // - The `permissions.query` API will report PermissionStatus.state as
  //   "granted" within this short time window.
  // - Subsequent requests to the permission-gated API in this time window will
  //   succeed without user mediation.
  static bool DoesSupportTemporaryGrants(ContentSettingsType type);

  // For a permission `type` that `DoesSupportTemporaryGrants()`, returns true
  // if that temporary grant is stored in the `OneTimePermissionProvider` in
  // `HostContentSettingMap`, and false elsewhere.
  static bool DoesStoreTemporaryGrantsInHcsm(ContentSettingsType type);

  // Returns the authoritative `embedding origin`, as a GURL, to be used for
  // permission decisions in `render_frame_host`.
  // TODO(crbug.com/40226169): Remove this method when possible.
  static GURL GetLastCommittedOriginAsURL(
      content::RenderFrameHost* render_frame_host);

  // Helper method to convert `PermissionType` to `ContentSettingsType`.
  // If `PermissionType` is not supported or found, returns
  // ContentSettingsType::DEFAULT.
  static ContentSettingsType PermissionTypeToContentSettingsTypeSafe(
      blink::PermissionType permission);

  // Helper method to convert `PermissionType` to `ContentSettingsType`.
  static ContentSettingsType PermissionTypeToContentSettingsType(
      blink::PermissionType permission);

  // Helper method to convert `ContentSettingsType` to `PermissionType`.
  static blink::PermissionType ContentSettingsTypeToPermissionType(
      ContentSettingsType permission);

  // Helper method to convert PermissionStatus to ContentSetting.
  static ContentSetting PermissionStatusToContentSetting(
      blink::mojom::PermissionStatus status);

  // Helper method to convert PermissionDecision to PermissionStatus.
  static content::PermissionStatus PermissionDecisionToPermissionStatus(
      PermissionDecision decision);

  // Helper method to convert PermissionDecision to ContentSetting.
  static ContentSetting PermissionDecisionToContentSetting(
      PermissionDecision decision);

  // Helper methods to convert ContentSetting to PermissionStatus and vice
  // versa.
  static blink::mojom::PermissionStatus ContentSettingToPermissionStatus(
      ContentSetting setting);

  // If an iframed document/worker inherits a different StoragePartition from
  // its embedder than it would use if it were a main frame, we should block
  // undelegated permissions. Because permissions are scoped to BrowserContext
  // instead of StoragePartition, without this check the aforementioned iframe
  // would be given undelegated permissions if the user had granted its origin
  // access when it was loaded as a main frame.
  static bool IsPermissionBlockedInPartition(
      ContentSettingsType permission,
      const GURL& requesting_origin,
      content::RenderProcessHost* render_process_host);

  // Converts from |url|'s actual origin to the "canonical origin" that should
  // be used for the purpose of requesting/storing permissions. For example, the
  // origin of the local NTP gets mapped to the Google base URL instead. With
  // Permission Delegation it will transform the requesting origin into
  // the embedding origin because all permission checks happen on the top level
  // origin.
  //
  // All the public methods below, such as RequestPermission or
  // GetPermissionStatus, take the actual origin and do the canonicalization
  // internally. You only need to call this directly if you do something else
  // with the origin, such as display it in the UI.
  static GURL GetCanonicalOrigin(ContentSettingsType permission,
                                 const GURL& requesting_origin,
                                 const GURL& embedding_origin);

  // Returns `true` if at least one of the `delegate->Requests()` was requested
  // with a user gesture.
  static bool HasUserGesture(PermissionPrompt::Delegate* delegate);

  static bool CanPermissionRequestIgnoreStatus(
      const std::unique_ptr<PermissionRequestData>& request,
      content::PermissionStatusSource source);

  // Returns `true` if the current platform support permission chips.
  static bool DoesPlatformSupportChip();
};

}  // namespace permissions

#endif  // COMPONENTS_PERMISSIONS_PERMISSION_UTIL_H_