feat: route deprecated sync clipboard read through permission checks (#45471)

* feat: route deprecated clipboard commands through permission checks

Co-authored-by: deepak1556 <hop2deep@gmail.com>

* docs: address review feedback

Co-authored-by: deepak1556 <hop2deep@gmail.com>

* fix: enable checks for child windows

Co-authored-by: deepak1556 <hop2deep@gmail.com>

---------

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: deepak1556 <hop2deep@gmail.com>

shell/browser/electron_web_contents_utility_handler_impl.cc

@@ -6,15 +6,19 @@
 
 #include <utility>
 
+#include "content/public/browser/browser_context.h"
+#include "content/public/browser/permission_controller.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_process_host.h"
 #include "mojo/public/cpp/bindings/self_owned_receiver.h"
+#include "shell/browser/web_contents_permission_helper.h"
+#include "third_party/blink/public/mojom/permissions/permission_status.mojom.h"
 
 namespace electron {
 ElectronWebContentsUtilityHandlerImpl::ElectronWebContentsUtilityHandlerImpl(
     content::RenderFrameHost* frame_host,
     mojo::PendingAssociatedReceiver<mojom::ElectronWebContentsUtility> receiver)
-    : render_frame_host_id_(frame_host->GetGlobalId()) {
+    : render_frame_host_token_(frame_host->GetGlobalFrameToken()) {
   content::WebContents* web_contents =
       content::WebContents::FromRenderFrameHost(frame_host);
   DCHECK(web_contents);
@@ -28,8 +32,11 @@ ElectronWebContentsUtilityHandlerImpl::ElectronWebContentsUtilityHandlerImpl(
 ElectronWebContentsUtilityHandlerImpl::
     ~ElectronWebContentsUtilityHandlerImpl() = default;
 
-void ElectronWebContentsUtilityHandlerImpl::WebContentsDestroyed() {
-  delete this;
+void ElectronWebContentsUtilityHandlerImpl::RenderFrameDeleted(
+    content::RenderFrameHost* render_frame_host) {
+  if (render_frame_host->GetGlobalFrameToken() == render_frame_host_token_) {
+    delete this;
+  }
 }
 
 void ElectronWebContentsUtilityHandlerImpl::OnConnectionError() {
@@ -59,9 +66,42 @@ void ElectronWebContentsUtilityHandlerImpl::DoGetZoomLevel(
   }
 }
 
+void ElectronWebContentsUtilityHandlerImpl::CanAccessClipboardDeprecated(
+    mojom::PermissionName name,
+    const blink::LocalFrameToken& frame_token,
+    CanAccessClipboardDeprecatedCallback callback) {
+  if (render_frame_host_token_.frame_token == frame_token) {
+    // Paste requires either (1) user activation, ...
+    if (web_contents()->HasRecentInteraction()) {
+      std::move(callback).Run(blink::mojom::PermissionStatus::GRANTED);
+      return;
+    }
+
+    // (2) granted permission, ...
+    content::RenderFrameHost* render_frame_host = GetRenderFrameHost();
+    content::BrowserContext* browser_context =
+        render_frame_host->GetBrowserContext();
+    content::PermissionController* permission_controller =
+        browser_context->GetPermissionController();
+    blink::PermissionType permission;
+    if (name == mojom::PermissionName::DEPRECATED_SYNC_CLIPBOARD_READ) {
+      permission = blink::PermissionType::DEPRECATED_SYNC_CLIPBOARD_READ;
+    } else {
+      std::move(callback).Run(blink::mojom::PermissionStatus::DENIED);
+      return;
+    }
+    blink::mojom::PermissionStatus status =
+        permission_controller->GetPermissionStatusForCurrentDocument(
+            permission, render_frame_host);
+    std::move(callback).Run(status);
+  } else {
+    std::move(callback).Run(blink::mojom::PermissionStatus::DENIED);
+  }
+}
+
 content::RenderFrameHost*
 ElectronWebContentsUtilityHandlerImpl::GetRenderFrameHost() {
-  return content::RenderFrameHost::FromID(render_frame_host_id_);
+  return content::RenderFrameHost::FromFrameToken(render_frame_host_token_);
 }
 
 // static