chrome/browser/extensions/extension_action_runner.h - chromium/src - Git at Google

 // Copyright 2014 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CHROME_BROWSER_EXTENSIONS_EXTENSION_ACTION_RUNNER_H_
 #define CHROME_BROWSER_EXTENSIONS_EXTENSION_ACTION_RUNNER_H_

 #include <stdint.h>

 #include <map>
 #include <set>
 #include <string>
 #include <vector>

 #include "base/callback.h"
 #include "base/memory/raw_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/scoped_observation.h"
 #include "chrome/browser/extensions/site_permissions_helper.h"
 #include "content/public/browser/web_contents_observer.h"
 #include "extensions/browser/blocked_action_type.h"
 #include "extensions/browser/extension_action.h"
 #include "extensions/browser/extension_registry.h"
 #include "extensions/browser/extension_registry_observer.h"
 #include "extensions/common/extension_id.h"
 #include "extensions/common/mojom/frame.mojom.h"
 #include "extensions/common/mojom/injection_type.mojom-shared.h"
 #include "extensions/common/mojom/run_location.mojom-shared.h"
 #include "extensions/common/permissions/permissions_data.h"
 #include "extensions/common/user_script.h"
 #include "third_party/abseil-cpp/absl/types/optional.h"

 namespace content {
 class BrowserContext;
 class WebContents;
 }

 namespace extensions {
 class Extension;

 // The provider for ExtensionActions corresponding to scripts which are actively
 // running or need permission.
 class ExtensionActionRunner : public content::WebContentsObserver,
                               public ExtensionRegistryObserver {
  public:
   class TestObserver {
    public:
     virtual void OnBlockedActionAdded() = 0;
   };

   explicit ExtensionActionRunner(content::WebContents* web_contents);

   ExtensionActionRunner(const ExtensionActionRunner&) = delete;
   ExtensionActionRunner& operator=(const ExtensionActionRunner&) = delete;

   ~ExtensionActionRunner() override;

   // Returns the ExtensionActionRunner for the given |web_contents|, or null
   // if one does not exist.
   static ExtensionActionRunner* GetForWebContents(
       content::WebContents* web_contents);

   // Executes the action for the given |extension| and |grant_tab_permissions|
   // if true. Returns any further action (like showing a popup) that should be
   // taken.
   ExtensionAction::ShowAction RunAction(const Extension* extension,
                                         bool grant_tab_permissions);

   // Grants activeTab to |extensions| (this should only be done if this is
   // through a direct user action). If any extension needs a page refresh to
   // run, this will show a dialog instead of immediately granting permissions.
   void GrantTabPermissions(const std::vector<const Extension*>& extensions);

   // Notifies the ExtensionActionRunner that the page access for |extension| has
   // changed.
   void HandlePageAccessModified(
       const Extension* extension,
       SitePermissionsHelper::SiteAccess current_access,
       SitePermissionsHelper::SiteAccess new_access);

   // Notifies the ExtensionActionRunner that the user site setting for `origin`
   // with `action_ids` has changed.
   void HandleUserSiteSettingModified(
       const base::flat_set<ToolbarActionsModel::ActionId>& action_ids,
       const url::Origin& origin,
       PermissionsManager::UserSiteSetting new_site_settings);

   // Notifies the ExtensionActionRunner that an extension has been granted
   // active tab permissions. This will run any pending injections for that
   // extension.
   void OnActiveTabPermissionGranted(const Extension* extension);

   // Called when a webRequest event for the given |extension| was blocked.
   void OnWebRequestBlocked(const Extension* extension);

   // Returns a bitmask of BlockedActionType for the actions that have been
   // blocked for the given extension.
   int GetBlockedActions(const ExtensionId& extension_id);

   // Returns true if the given |extension| has any blocked actions.
   bool WantsToRun(const Extension* extension);

   // Runs any blocked actions the extension has, but does not handle any page
   // refreshes for document_start/webRequest.
   void RunForTesting(const Extension* extension);

   int num_page_requests() const { return num_page_requests_; }

   void accept_bubble_for_testing(bool accept_bubble) {
     accept_bubble_for_testing_ = accept_bubble;
   }

   void set_observer_for_testing(TestObserver* observer) {
     test_observer_ = observer;
   }

   // Handles mojom::LocalFrameHost::RequestScriptInjectionPermission(). It
   // replies back with |callback|.
   void OnRequestScriptInjectionPermission(
       const std::string& extension_id,
       mojom::InjectionType script_type,
       mojom::RunLocation run_location,
       mojom::LocalFrameHost::RequestScriptInjectionPermissionCallback callback);

   using ScriptInjectionCallback = base::OnceCallback<void(bool)>;

 #if defined(UNIT_TEST)
   // Only used in tests.
   PermissionsData::PageAccess RequiresUserConsentForScriptInjectionForTesting(
       const Extension* extension,
       mojom::InjectionType type) {
     return RequiresUserConsentForScriptInjection(extension, type);
   }
   void RequestScriptInjectionForTesting(const Extension* extension,
                                         mojom::RunLocation run_location,
                                         ScriptInjectionCallback callback) {
     return RequestScriptInjection(extension, run_location, std::move(callback));
   }
   void ClearInjectionsForTesting(const Extension& extension) {
     pending_scripts_.erase(extension.id());
   }
 #endif  // defined(UNIT_TEST)

   // The blocked actions that require a page refresh to run.
   static const int kRefreshRequiredActionsMask;

  private:
   FRIEND_TEST_ALL_PREFIXES(ExtensionActionRunnerFencedFrameBrowserTest,
                            DoNotResetExtensionActionRunner);

   struct PendingScript {
     PendingScript(mojom::RunLocation run_location,
                   ScriptInjectionCallback permit_script);
     PendingScript(const PendingScript&) = delete;
     PendingScript& operator=(const PendingScript&) = delete;
     ~PendingScript();

     // The run location that the script wants to inject at.
     mojom::RunLocation run_location;

     // The callback to run when the script is permitted by the user.
     ScriptInjectionCallback permit_script;
   };

   using PendingScriptList = std::vector<std::unique_ptr<PendingScript>>;
   using PendingScriptMap = std::map<std::string, PendingScriptList>;

   // Returns true if the extension requesting script injection requires
   // user consent. If this is true, the caller should then register a request
   // via RequestScriptInjection().
   PermissionsData::PageAccess RequiresUserConsentForScriptInjection(
       const Extension* extension,
       mojom::InjectionType type);

   // |callback|. The only assumption that can be made about when (or if)
   // |callback| is run is that, if it is run, it will run on the current page.
   void RequestScriptInjection(const Extension* extension,
                               mojom::RunLocation run_location,
                               ScriptInjectionCallback callback);

   // Runs any pending injections for the corresponding extension.
   void RunPendingScriptsForExtension(const Extension* extension);

   // Notifies the ExtensionActionAPI of a change (either that an extension now
   // wants permission to run, or that it has been run).
   void NotifyChange(const Extension* extension);

   // Log metrics.
   void LogUMA() const;

   // Shows the bubble to prompt the user to refresh the page to run or not the
   // action for the given |extension_ids|. |callback| is invoked when the
   // bubble is closed.
   void ShowReloadPageBubble(const std::vector<ExtensionId>& extension_ids,
                             base::OnceClosure callback);

   // Called when the reload page bubble is accepted. Grants one time site access
   // to `page_url` for each extension in `extension_ids`.
   void OnReloadPageBubbleAcceptedForGrantTabPermissions(
       const std::vector<ExtensionId>& extension_ids,
       const GURL& page_url);

   // Called when the reload page bubble is accepted. Updates site access of
   // `extension_id` from `current_access` to `new_access` for `page_url`.
   void OnReloadPageBubbleAcceptedForExtensionSiteAccessChange(
       const ExtensionId& extension_id,
       const GURL& page_url,
       SitePermissionsHelper::SiteAccess current_access,
       SitePermissionsHelper::SiteAccess new_access);

   // Called when the reload page bubble is accepted. Updates user site setting
   // of `origin` to `site_settings`.
   void OnReloadPageBubbleAcceptedForUserSiteSettingsChange(
       const url::Origin& origin,
       extensions::PermissionsManager::UserSiteSetting site_settings);

   // Handles permission changes necessary for page access modification of the
   // |extension|.
   void UpdatePageAccessSettings(
       const Extension* extension,
       SitePermissionsHelper::SiteAccess current_access,
       SitePermissionsHelper::SiteAccess new_access);

   // Runs any actions that were blocked for the given |extension|. As a
   // requirement, this will grant activeTab permission to the extension.
   void RunBlockedActions(const Extension* extension);

   // Returns true if the given `extension` needs a page refresh to run a blocked
   // action.
   bool PageNeedsRefreshToRun(const Extension* extension);

   // content::WebContentsObserver implementation.
   void DidFinishNavigation(
       content::NavigationHandle* navigation_handle) override;
   void WebContentsDestroyed() override;

   // ExtensionRegistryObserver:
   void OnExtensionUnloaded(content::BrowserContext* browser_context,
                            const Extension* extension,
                            UnloadedExtensionReason reason) override;

   // Runs the callback from the pending script. Since the callback holds
   // RequestScriptInjectionPermissionCallback, it should be called before the
   // pending script is cleared. |granted| represents whether the script is
   // granted or not.
   void RunCallbackOnPendingScript(const PendingScriptList& list, bool granted);

   // The total number of requests from the renderer on the current page,
   // including any that are pending or were immediately granted.
   // Right now, used only in tests.
   int num_page_requests_;

   // The associated browser context.
   raw_ptr<content::BrowserContext> browser_context_;

   // Whether or not the feature was used for any extensions. This may not be the
   // case if the user never enabled the scripts-require-action flag.
   bool was_used_on_page_;

   // The map of extension_id:pending_request of all pending script requests.
   PendingScriptMap pending_scripts_;

   // A set of ids for which the webRequest API was blocked on the page.
   std::set<std::string> web_request_blocked_;

   // The extensions which have been granted permission to run on the given page.
   // TODO(rdevlin.cronin): Right now, this just keeps track of extensions that
   // have been permitted to run on the page via this interface. Instead, it
   // should incorporate more fully with ActiveTab.
   std::set<std::string> permitted_extensions_;

   // If true, ignore active tab being granted rather than running pending
   // actions.
   bool ignore_active_tab_granted_;

   // If true, immediately accept the blocked action dialog by running the
   // callback.
   absl::optional<bool> accept_bubble_for_testing_;

   raw_ptr<TestObserver> test_observer_;

   base::ScopedObservation<ExtensionRegistry, ExtensionRegistryObserver>
       extension_registry_observation_{this};

   base::WeakPtrFactory<ExtensionActionRunner> weak_factory_{this};
 };

 }  // namespace extensions

 #endif  // CHROME_BROWSER_EXTENSIONS_EXTENSION_ACTION_RUNNER_H_
	// Copyright 2014 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CHROME_BROWSER_EXTENSIONS_EXTENSION_ACTION_RUNNER_H_
	#define CHROME_BROWSER_EXTENSIONS_EXTENSION_ACTION_RUNNER_H_

	#include <stdint.h>

	#include <map>
	#include <set>
	#include <string>
	#include <vector>

	#include "base/callback.h"
	#include "base/memory/raw_ptr.h"
	#include "base/memory/weak_ptr.h"
	#include "base/scoped_observation.h"
	#include "chrome/browser/extensions/site_permissions_helper.h"
	#include "content/public/browser/web_contents_observer.h"
	#include "extensions/browser/blocked_action_type.h"
	#include "extensions/browser/extension_action.h"
	#include "extensions/browser/extension_registry.h"
	#include "extensions/browser/extension_registry_observer.h"
	#include "extensions/common/extension_id.h"
	#include "extensions/common/mojom/frame.mojom.h"
	#include "extensions/common/mojom/injection_type.mojom-shared.h"
	#include "extensions/common/mojom/run_location.mojom-shared.h"
	#include "extensions/common/permissions/permissions_data.h"
	#include "extensions/common/user_script.h"
	#include "third_party/abseil-cpp/absl/types/optional.h"

	namespace content {
	class BrowserContext;
	class WebContents;
	}

	namespace extensions {
	class Extension;

	// The provider for ExtensionActions corresponding to scripts which are actively
	// running or need permission.
	class ExtensionActionRunner : public content::WebContentsObserver,
	public ExtensionRegistryObserver {
	public:
	class TestObserver {
	public:
	virtual void OnBlockedActionAdded() = 0;
	};

	explicit ExtensionActionRunner(content::WebContents* web_contents);

	ExtensionActionRunner(const ExtensionActionRunner&) = delete;
	ExtensionActionRunner& operator=(const ExtensionActionRunner&) = delete;

	~ExtensionActionRunner() override;

	// Returns the ExtensionActionRunner for the given \|web_contents\|, or null
	// if one does not exist.
	static ExtensionActionRunner* GetForWebContents(
	content::WebContents* web_contents);

	// Executes the action for the given \|extension\| and \|grant_tab_permissions\|
	// if true. Returns any further action (like showing a popup) that should be
	// taken.
	ExtensionAction::ShowAction RunAction(const Extension* extension,
	bool grant_tab_permissions);

	// Grants activeTab to \|extensions\| (this should only be done if this is
	// through a direct user action). If any extension needs a page refresh to
	// run, this will show a dialog instead of immediately granting permissions.
	void GrantTabPermissions(const std::vector<const Extension*>& extensions);

	// Notifies the ExtensionActionRunner that the page access for \|extension\| has
	// changed.
	void HandlePageAccessModified(
	const Extension* extension,
	SitePermissionsHelper::SiteAccess current_access,
	SitePermissionsHelper::SiteAccess new_access);

	// Notifies the ExtensionActionRunner that the user site setting for `origin`
	// with `action_ids` has changed.
	void HandleUserSiteSettingModified(
	const base::flat_set<ToolbarActionsModel::ActionId>& action_ids,
	const url::Origin& origin,
	PermissionsManager::UserSiteSetting new_site_settings);

	// Notifies the ExtensionActionRunner that an extension has been granted
	// active tab permissions. This will run any pending injections for that
	// extension.
	void OnActiveTabPermissionGranted(const Extension* extension);

	// Called when a webRequest event for the given \|extension\| was blocked.
	void OnWebRequestBlocked(const Extension* extension);

	// Returns a bitmask of BlockedActionType for the actions that have been
	// blocked for the given extension.
	int GetBlockedActions(const ExtensionId& extension_id);

	// Returns true if the given \|extension\| has any blocked actions.
	bool WantsToRun(const Extension* extension);

	// Runs any blocked actions the extension has, but does not handle any page
	// refreshes for document_start/webRequest.
	void RunForTesting(const Extension* extension);

	int num_page_requests() const { return num_page_requests_; }

	void accept_bubble_for_testing(bool accept_bubble) {
	accept_bubble_for_testing_ = accept_bubble;
	}

	void set_observer_for_testing(TestObserver* observer) {
	test_observer_ = observer;
	}

	// Handles mojom::LocalFrameHost::RequestScriptInjectionPermission(). It
	// replies back with \|callback\|.
	void OnRequestScriptInjectionPermission(
	const std::string& extension_id,
	mojom::InjectionType script_type,
	mojom::RunLocation run_location,
	mojom::LocalFrameHost::RequestScriptInjectionPermissionCallback callback);

	using ScriptInjectionCallback = base::OnceCallback<void(bool)>;

	#if defined(UNIT_TEST)
	// Only used in tests.
	PermissionsData::PageAccess RequiresUserConsentForScriptInjectionForTesting(
	const Extension* extension,
	mojom::InjectionType type) {
	return RequiresUserConsentForScriptInjection(extension, type);
	}
	void RequestScriptInjectionForTesting(const Extension* extension,
	mojom::RunLocation run_location,
	ScriptInjectionCallback callback) {
	return RequestScriptInjection(extension, run_location, std::move(callback));
	}
	void ClearInjectionsForTesting(const Extension& extension) {
	pending_scripts_.erase(extension.id());
	}
	#endif // defined(UNIT_TEST)

	// The blocked actions that require a page refresh to run.
	static const int kRefreshRequiredActionsMask;

	private:
	FRIEND_TEST_ALL_PREFIXES(ExtensionActionRunnerFencedFrameBrowserTest,
	DoNotResetExtensionActionRunner);

	struct PendingScript {
	PendingScript(mojom::RunLocation run_location,
	ScriptInjectionCallback permit_script);
	PendingScript(const PendingScript&) = delete;
	PendingScript& operator=(const PendingScript&) = delete;
	~PendingScript();

	// The run location that the script wants to inject at.
	mojom::RunLocation run_location;

	// The callback to run when the script is permitted by the user.
	ScriptInjectionCallback permit_script;
	};

	using PendingScriptList = std::vector<std::unique_ptr<PendingScript>>;
	using PendingScriptMap = std::map<std::string, PendingScriptList>;

	// Returns true if the extension requesting script injection requires
	// user consent. If this is true, the caller should then register a request
	// via RequestScriptInjection().
	PermissionsData::PageAccess RequiresUserConsentForScriptInjection(
	const Extension* extension,
	mojom::InjectionType type);

	// \|callback\|. The only assumption that can be made about when (or if)
	// \|callback\| is run is that, if it is run, it will run on the current page.
	void RequestScriptInjection(const Extension* extension,
	mojom::RunLocation run_location,
	ScriptInjectionCallback callback);

	// Runs any pending injections for the corresponding extension.
	void RunPendingScriptsForExtension(const Extension* extension);

	// Notifies the ExtensionActionAPI of a change (either that an extension now
	// wants permission to run, or that it has been run).
	void NotifyChange(const Extension* extension);

	// Log metrics.
	void LogUMA() const;

	// Shows the bubble to prompt the user to refresh the page to run or not the
	// action for the given \|extension_ids\|. \|callback\| is invoked when the
	// bubble is closed.
	void ShowReloadPageBubble(const std::vector<ExtensionId>& extension_ids,
	base::OnceClosure callback);

	// Called when the reload page bubble is accepted. Grants one time site access
	// to `page_url` for each extension in `extension_ids`.
	void OnReloadPageBubbleAcceptedForGrantTabPermissions(
	const std::vector<ExtensionId>& extension_ids,
	const GURL& page_url);

	// Called when the reload page bubble is accepted. Updates site access of
	// `extension_id` from `current_access` to `new_access` for `page_url`.
	void OnReloadPageBubbleAcceptedForExtensionSiteAccessChange(
	const ExtensionId& extension_id,
	const GURL& page_url,
	SitePermissionsHelper::SiteAccess current_access,
	SitePermissionsHelper::SiteAccess new_access);

	// Called when the reload page bubble is accepted. Updates user site setting
	// of `origin` to `site_settings`.
	void OnReloadPageBubbleAcceptedForUserSiteSettingsChange(
	const url::Origin& origin,
	extensions::PermissionsManager::UserSiteSetting site_settings);

	// Handles permission changes necessary for page access modification of the
	// \|extension\|.
	void UpdatePageAccessSettings(
	const Extension* extension,
	SitePermissionsHelper::SiteAccess current_access,
	SitePermissionsHelper::SiteAccess new_access);

	// Runs any actions that were blocked for the given \|extension\|. As a
	// requirement, this will grant activeTab permission to the extension.
	void RunBlockedActions(const Extension* extension);

	// Returns true if the given `extension` needs a page refresh to run a blocked
	// action.
	bool PageNeedsRefreshToRun(const Extension* extension);

	// content::WebContentsObserver implementation.
	void DidFinishNavigation(
	content::NavigationHandle* navigation_handle) override;
	void WebContentsDestroyed() override;

	// ExtensionRegistryObserver:
	void OnExtensionUnloaded(content::BrowserContext* browser_context,
	const Extension* extension,
	UnloadedExtensionReason reason) override;

	// Runs the callback from the pending script. Since the callback holds
	// RequestScriptInjectionPermissionCallback, it should be called before the
	// pending script is cleared. \|granted\| represents whether the script is
	// granted or not.
	void RunCallbackOnPendingScript(const PendingScriptList& list, bool granted);

	// The total number of requests from the renderer on the current page,
	// including any that are pending or were immediately granted.
	// Right now, used only in tests.
	int num_page_requests_;

	// The associated browser context.
	raw_ptr<content::BrowserContext> browser_context_;

	// Whether or not the feature was used for any extensions. This may not be the
	// case if the user never enabled the scripts-require-action flag.
	bool was_used_on_page_;

	// The map of extension_id:pending_request of all pending script requests.
	PendingScriptMap pending_scripts_;

	// A set of ids for which the webRequest API was blocked on the page.
	std::set<std::string> web_request_blocked_;

	// The extensions which have been granted permission to run on the given page.
	// TODO(rdevlin.cronin): Right now, this just keeps track of extensions that
	// have been permitted to run on the page via this interface. Instead, it
	// should incorporate more fully with ActiveTab.
	std::set<std::string> permitted_extensions_;

	// If true, ignore active tab being granted rather than running pending
	// actions.
	bool ignore_active_tab_granted_;

	// If true, immediately accept the blocked action dialog by running the
	// callback.
	absl::optional<bool> accept_bubble_for_testing_;

	raw_ptr<TestObserver> test_observer_;

	base::ScopedObservation<ExtensionRegistry, ExtensionRegistryObserver>
	extension_registry_observation_{this};

	base::WeakPtrFactory<ExtensionActionRunner> weak_factory_{this};
	};

	} // namespace extensions

	#endif // CHROME_BROWSER_EXTENSIONS_EXTENSION_ACTION_RUNNER_H_