1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
|
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/extensions/api/file_system/consent_provider.h"
#include <memory>
#include <string>
#include "base/bind.h"
#include "base/logging.h"
#include "base/threading/thread_task_runner_handle.h"
#include "chrome/browser/chromeos/app_mode/kiosk_app_manager.h"
#include "chrome/browser/chromeos/file_manager/app_id.h"
#include "chrome/browser/chromeos/file_manager/volume_manager.h"
#include "chrome/browser/extensions/api/file_system/request_file_system_notification.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/ui/views/extensions/request_file_system_dialog_view.h"
#include "components/user_manager/user_manager.h"
#include "content/public/browser/render_frame_host.h"
#include "content/public/browser/web_contents.h"
#include "extensions/browser/app_window/app_window.h"
#include "extensions/browser/app_window/app_window_registry.h"
#include "extensions/common/api/file_system.h"
#include "extensions/common/manifest_handlers/kiosk_mode_info.h"
#include "extensions/common/permissions/permissions_data.h"
namespace extensions {
namespace {
// List of whitelisted component apps and extensions by their ids for
// chrome.fileSystem.requestFileSystem.
const char* const kRequestFileSystemComponentWhitelist[] = {
file_manager::kFileManagerAppId, file_manager::kVideoPlayerAppId,
file_manager::kGalleryAppId, file_manager::kAudioPlayerAppId,
file_manager::kImageLoaderExtensionId, file_manager::kZipArchiverId,
// TODO(henryhsu,b/110126438): Remove this extension id, and add it only
// for tests.
"pkplfbidichfdicaijlchgnapepdginl" // Testing extensions.
};
ui::DialogButton g_auto_dialog_button_for_test = ui::DIALOG_BUTTON_NONE;
// Gets a WebContents instance handle for a current window of a platform app
// with |app_id|. If not found, then returns NULL.
content::WebContents* GetWebContentsForAppId(Profile* profile,
const std::string& app_id) {
AppWindowRegistry* const registry = AppWindowRegistry::Get(profile);
DCHECK(registry);
AppWindow* const app_window = registry->GetCurrentAppWindowForApp(app_id);
return app_window ? app_window->web_contents() : nullptr;
}
// Converts the clicked button to a consent result and passes it via the
// |callback|.
void DialogResultToConsent(
const file_system_api::ConsentProvider::ConsentCallback& callback,
ui::DialogButton button) {
switch (button) {
case ui::DIALOG_BUTTON_NONE:
callback.Run(file_system_api::ConsentProvider::CONSENT_IMPOSSIBLE);
break;
case ui::DIALOG_BUTTON_OK:
callback.Run(file_system_api::ConsentProvider::CONSENT_GRANTED);
break;
case ui::DIALOG_BUTTON_CANCEL:
callback.Run(file_system_api::ConsentProvider::CONSENT_REJECTED);
break;
}
}
} // namespace
namespace file_system_api {
ConsentProvider::ConsentProvider(DelegateInterface* delegate)
: delegate_(delegate) {
DCHECK(delegate_);
}
ConsentProvider::~ConsentProvider() {
}
void ConsentProvider::RequestConsent(
const Extension& extension,
content::RenderFrameHost* host,
const base::WeakPtr<file_manager::Volume>& volume,
bool writable,
const ConsentCallback& callback) {
DCHECK(IsGrantableForVolume(extension, volume));
// If a whitelisted component, then no need to ask or inform the user.
if (extension.location() == Manifest::COMPONENT &&
delegate_->IsWhitelistedComponent(extension)) {
base::ThreadTaskRunnerHandle::Get()->PostTask(
FROM_HERE, base::BindOnce(callback, CONSENT_GRANTED));
return;
}
// If a whitelisted app or extensions to access Downloads folder, then no
// need to ask or inform the user.
if (volume.get() &&
volume->type() == file_manager::VOLUME_TYPE_DOWNLOADS_DIRECTORY &&
delegate_->HasRequestDownloadsPermission(extension)) {
base::ThreadTaskRunnerHandle::Get()->PostTask(
FROM_HERE, base::BindOnce(callback, CONSENT_GRANTED));
return;
}
// If auto-launched kiosk app, then no need to ask user either, but show the
// notification.
if (delegate_->IsAutoLaunched(extension)) {
delegate_->ShowNotification(extension, volume, writable);
base::ThreadTaskRunnerHandle::Get()->PostTask(
FROM_HERE, base::BindOnce(callback, CONSENT_GRANTED));
return;
}
// If it's a kiosk app running in manual-launch kiosk session, then show
// the confirmation dialog.
if (KioskModeInfo::IsKioskOnly(&extension) &&
user_manager::UserManager::Get()->IsLoggedInAsKioskApp()) {
delegate_->ShowDialog(extension, host, volume, writable,
base::Bind(&DialogResultToConsent, callback));
return;
}
NOTREACHED() << "Cannot request consent for non-grantable extensions.";
}
FileSystemDelegate::GrantVolumesMode ConsentProvider::GetGrantVolumesMode(
const Extension& extension) {
const bool is_whitelisted_component =
delegate_->IsWhitelistedComponent(extension);
const bool is_running_in_kiosk_session =
KioskModeInfo::IsKioskOnly(&extension) &&
user_manager::UserManager::Get()->IsLoggedInAsKioskApp();
if (is_whitelisted_component || is_running_in_kiosk_session) {
return FileSystemDelegate::kGrantAll;
}
const bool is_whitelisted_non_component =
delegate_->HasRequestDownloadsPermission(extension);
return is_whitelisted_non_component ? FileSystemDelegate::kGrantPerVolume
: FileSystemDelegate::kGrantNone;
}
bool ConsentProvider::IsGrantableForVolume(
const Extension& extension,
const base::WeakPtr<file_manager::Volume>& volume) {
if (volume.get() &&
volume->type() == file_manager::VOLUME_TYPE_DOWNLOADS_DIRECTORY &&
delegate_->HasRequestDownloadsPermission(extension)) {
return true;
}
return GetGrantVolumesMode(extension) == FileSystemDelegate::kGrantAll;
}
ConsentProviderDelegate::ConsentProviderDelegate(Profile* profile)
: profile_(profile) {
DCHECK(profile_);
}
ConsentProviderDelegate::~ConsentProviderDelegate() {
}
// static
void ConsentProviderDelegate::SetAutoDialogButtonForTest(
ui::DialogButton button) {
g_auto_dialog_button_for_test = button;
}
void ConsentProviderDelegate::ShowDialog(
const Extension& extension,
content::RenderFrameHost* host,
const base::WeakPtr<file_manager::Volume>& volume,
bool writable,
const file_system_api::ConsentProvider::ShowDialogCallback& callback) {
DCHECK(host);
content::WebContents* web_contents = nullptr;
// Find an app window to host the dialog.
content::WebContents* const foreground_contents =
content::WebContents::FromRenderFrameHost(host);
if (AppWindowRegistry::Get(profile_)->GetAppWindowForWebContents(
foreground_contents)) {
web_contents = foreground_contents;
}
// If there is no web contents handle, then the method is most probably
// executed from a background page.
if (!web_contents)
web_contents = GetWebContentsForAppId(profile_, extension.id());
if (!web_contents) {
base::ThreadTaskRunnerHandle::Get()->PostTask(
FROM_HERE, base::BindOnce(callback, ui::DIALOG_BUTTON_NONE));
return;
}
// Short circuit the user consent dialog for tests. This is far from a pretty
// code design.
if (g_auto_dialog_button_for_test != ui::DIALOG_BUTTON_NONE) {
base::ThreadTaskRunnerHandle::Get()->PostTask(
FROM_HERE,
base::BindOnce(callback, g_auto_dialog_button_for_test /* result */));
return;
}
// If the volume is gone, then cancel the dialog.
if (!volume.get()) {
base::ThreadTaskRunnerHandle::Get()->PostTask(
FROM_HERE, base::BindOnce(callback, ui::DIALOG_BUTTON_CANCEL));
return;
}
RequestFileSystemDialogView::ShowDialog(
web_contents, extension.name(),
(volume->volume_label().empty() ? volume->volume_id()
: volume->volume_label()),
writable, callback);
}
void ConsentProviderDelegate::ShowNotification(
const Extension& extension,
const base::WeakPtr<file_manager::Volume>& volume,
bool writable) {
ShowNotificationForAutoGrantedRequestFileSystem(profile_, extension, volume,
writable);
}
bool ConsentProviderDelegate::IsAutoLaunched(const Extension& extension) {
chromeos::KioskAppManager::App app_info;
return chromeos::KioskAppManager::Get()->GetApp(extension.id(), &app_info) &&
app_info.was_auto_launched_with_zero_delay;
}
bool ConsentProviderDelegate::IsWhitelistedComponent(
const Extension& extension) {
for (auto* whitelisted_id : kRequestFileSystemComponentWhitelist) {
if (extension.id().compare(whitelisted_id) == 0)
return true;
}
return false;
}
bool ConsentProviderDelegate::HasRequestDownloadsPermission(
const Extension& extension) {
return extension.permissions_data()->HasAPIPermission(
APIPermission::kFileSystemRequestDownloads);
}
} // namespace file_system_api
} // namespace extensions
|
