mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1
electron/shell/browser/electron_permission_manager.cc
electron-roller[bot] 08ccc81574
chore: bump chromium to 107.0.5274.0 (main) (#35375) 
* chore: bump chromium in DEPS to 106.0.5247.1

* chore: update can_create_window.patch

Xref: 3805043

content/renderer/render_view_impl.cc was removed

* chore: update patches/chromium/printing.patch

Normal code shear.

* chore: update patches/chromium/add_contentgpuclient_precreatemessageloop_callback.patch

Xref: 3764862

fix minor code shear that caused the patch to not apply

* chore: update patches/chromium/picture-in-picture.patch

Xref: 3781646

Normal code shear.

* chore: update patches/chromium/allow_disabling_blink_scheduler_throttling_per_renderview.patch

Xref: 3805043

content/renderer/render_view_impl.cc was removed

Xref: 3792324

Normal code shear.

* chore: update patches/chromium/feat_add_streaming-protocol_registry_to_multibuffer_data_source.patch

Normal code shear.

* chore: update patches/chromium/fix_patch_out_profile_refs_in_accessibility_ui.patch

Xref: 3798548

Normal code shear.

* chore: update patches/chromium/build_disable_print_content_analysis.patch

Xref: 3810473

Normal code shear.

* chore: short-circuit_permissions_checks_in_mediastreamdevicescontroller.patch

Xref: 3807504

Normal code shear.

* chore: update patches

* chore: bump chromium in DEPS to 106.0.5249.0

* chore: bump chromium in DEPS to 107.0.5250.0

* chore: bump chromium in DEPS to 107.0.5252.0

* chore: bump chromium in DEPS to 107.0.5254.0

* chore: bump chromium in DEPS to 107.0.5256.1

* chore: update v8 patches

* chore: update chromium patches

* [CodeHealthRotation] base::Value::Dict (v2) migration for //c/b/ui/zoom

Refs 3778239

* Add support for snapped window states for lacros

3810538

* webui: Migrate /chrome/browser/ui/webui URLDataSources to GetMimeType(GURL)

Refs 3774560

* Provide explicit template arguments to blink::AssociatedInterfaceRegistry::AddInterface

Refs 3773459

* Make WebScriptExecutionCallback base::OnceCallback

Refs
3676532
3724623
3675752

* Add implementation of reduce accept language service

Refs 3687391

* Add PermissionResult in //content/public.

Refs 3807504

* [Extensions] Add new Webstore domain to extension URLs and clients

Refs 3793043

* chore: update node patches

* chore: fix lint

* chore: update filenames.libcxx.gni

* fixup! Make WebScriptExecutionCallback base::OnceCallback

* chore: bump chromium in DEPS to 107.0.5266.1

* chore: bump chromium in DEPS to 107.0.5268.0

* chore: bump chromium in DEPS to 107.0.5270.1

* chore: update patches

* 3848842: [DevTools] Added 'printing-in-progress' error code.

https://chromium-review.googlesource.com/c/chromium/src/+/38488

* 3855766: PA: Move the allocator shim files into partition_allocator/shim/ | 3855766

* Change gfx::Rect to blink::mojom::WindowFeatures in AddNewContents and some related functions.

3835666

* Use base::FunctionRef for the various ForEachRenderFrameHost helpers.

3767487

* [loader] Send cached metadata as part of OnReceiveResponse

3811219

* 3832927: [json-schema-compiler] Support abs::optional<int>

3832927

* Use unique_ptr for BrowserPluginGuestDelegate::CreateNewGuestWindow

3847070

* 3847044: [Android] Dismiss select popup upon entering fullscreen

3847044

* chore: update patches

* chore: add missing header

* Migration of chrome/ BrowserContextKeyedServiceFactory to ProfileKeyedServiceFactory Part 12

3804581

* 3786946: cast pwrite64 arg to long to avoid compilation error on arm

3786946

* chore: update patches after rebase

* 3846114: float: Implement for lacros p2.

3846114

* 3825237: Enable -Wunqualified-std-cast-call

3825237

* chore: bump chromium in DEPS to 107.0.5272.0

* chore: update patches

* 3835746: Rename PepperPluginInfo to ContentPluginInfo

3835746

* 3852542: Plumb drag-image rect from blink to browser to RenderWidgetHostImpl

3852542

* 3826169: [json-schema-compiler] Support abs::optional<bool>

3826169

Also 3840687: [json-schema-compiler] Support abs::optional<double>

3840687

* 3857319: Reland "Remove PrefService::Get"

3857319

* 3854614: Rework LinuxUi ownership and creation

3854614

* chore: bump chromium in DEPS to 107.0.5274.0

* 3866104: [DownloadBubble] Change download notifications in exclusive_access

3866104

* chore: update patches

* chore: disable optimization guide for preconnect feature

* 3860569: Enable -Wshadow on Linux.

3860569

* chore: update patches after rebase

* fixup: update to accomodate Wc++98-compat-extra-semi flag

* Revert "fixup! Make WebScriptExecutionCallback base::OnceCallback"

This reverts commit 0866fe8648671f04e4ea45ceed85db6e4a3b260b.

* fixup! Make WebScriptExecutionCallback base::OnceCallback

* fixup! Make WebScriptExecutionCallback base::OnceCallback

* 3840937: [sandbox] Merge V8_SANDBOXED_POINTERS into V8_ENABLE_SANDBOX

3840937

* fixup! chore: update can_create_window.patch

* chore: update patches

* 53946: Track SSL_ERROR_ZERO_RETURN explicitly.

https://boringssl-review.googlesource.com/c/boringssl/+/53946

* fixup: Migration of chrome/ BrowserContextKeyedServiceFactory to ProfileKeyedServiceFactory Part 12

3804581

* 3805932: [headless] Added print compositor support for OOPIF printing.

3805932

Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
Co-authored-by: deepak1556 <hop2deep@gmail.com>
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
2022-09-07 09:46:37 +02:00

372 lines
13 KiB
C++
Raw Blame History

// Copyright (c) 2016 GitHub, Inc.
// Use of this source code is governed by the MIT license that can be
// found in the LICENSE file.
#include "shell/browser/electron_permission_manager.h"
#include <memory>
#include <utility>
#include <vector>
#include "base/values.h"
#include "content/browser/permissions/permission_util.h" // nogncheck
#include "content/public/browser/child_process_security_policy.h"
#include "content/public/browser/global_routing_id.h"
#include "content/public/browser/permission_controller.h"
#include "content/public/browser/render_frame_host.h"
#include "content/public/browser/render_process_host.h"
#include "content/public/browser/render_view_host.h"
#include "content/public/browser/web_contents.h"
#include "gin/data_object_builder.h"
#include "shell/browser/api/electron_api_web_contents.h"
#include "shell/browser/electron_browser_client.h"
#include "shell/browser/electron_browser_main_parts.h"
#include "shell/browser/web_contents_permission_helper.h"
#include "shell/browser/web_contents_preferences.h"
#include "shell/common/gin_converters/content_converter.h"
#include "shell/common/gin_converters/frame_converter.h"
#include "shell/common/gin_converters/value_converter.h"
#include "shell/common/gin_helper/event_emitter_caller.h"
#include "third_party/blink/public/common/permissions/permission_utils.h"
namespace electron {
namespace {
bool WebContentsDestroyed(content::RenderFrameHost* rfh) {
content::WebContents* web_contents =
content::WebContents::FromRenderFrameHost(rfh);
if (!web_contents)
return true;
return web_contents->IsBeingDestroyed();
}
void PermissionRequestResponseCallbackWrapper(
ElectronPermissionManager::StatusCallback callback,
const std::vector<blink::mojom::PermissionStatus>& vector) {
std::move(callback).Run(vector[0]);
}
} // namespace
class ElectronPermissionManager::PendingRequest {
public:
PendingRequest(content::RenderFrameHost* render_frame_host,
const std::vector<blink::PermissionType>& permissions,
StatusesCallback callback)
: render_process_id_(render_frame_host->GetProcess()->GetID()),
render_frame_id_(render_frame_host->GetGlobalId()),
callback_(std::move(callback)),
permissions_(permissions),
results_(permissions.size(), blink::mojom::PermissionStatus::DENIED),
remaining_results_(permissions.size()) {}
void SetPermissionStatus(int permission_id,
blink::mojom::PermissionStatus status) {
DCHECK(!IsComplete());
if (status == blink::mojom::PermissionStatus::GRANTED) {
const auto permission = permissions_[permission_id];
if (permission == blink::PermissionType::MIDI_SYSEX) {
content::ChildProcessSecurityPolicy::GetInstance()
->GrantSendMidiSysExMessage(render_process_id_);
} else if (permission == blink::PermissionType::GEOLOCATION) {
ElectronBrowserMainParts::Get()
->GetGeolocationControl()
->UserDidOptIntoLocationServices();
}
}
results_[permission_id] = status;
--remaining_results_;
}
content::RenderFrameHost* GetRenderFrameHost() {
return content::RenderFrameHost::FromID(render_frame_id_);
}
bool IsComplete() const { return remaining_results_ == 0; }
void RunCallback() {
if (!callback_.is_null()) {
std::move(callback_).Run(results_);
}
}
private:
int render_process_id_;
content::GlobalRenderFrameHostId render_frame_id_;
StatusesCallback callback_;
std::vector<blink::PermissionType> permissions_;
std::vector<blink::mojom::PermissionStatus> results_;
size_t remaining_results_;
};
ElectronPermissionManager::ElectronPermissionManager() = default;
ElectronPermissionManager::~ElectronPermissionManager() = default;
void ElectronPermissionManager::SetPermissionRequestHandler(
const RequestHandler& handler) {
if (handler.is_null() && !pending_requests_.IsEmpty()) {
for (PendingRequestsMap::iterator iter(&pending_requests_); !iter.IsAtEnd();
iter.Advance()) {
auto* request = iter.GetCurrentValue();
if (!WebContentsDestroyed(request->GetRenderFrameHost()))
request->RunCallback();
}
pending_requests_.Clear();
}
request_handler_ = handler;
}
void ElectronPermissionManager::SetPermissionCheckHandler(
const CheckHandler& handler) {
check_handler_ = handler;
}
void ElectronPermissionManager::SetDevicePermissionHandler(
const DeviceCheckHandler& handler) {
device_permission_handler_ = handler;
}
void ElectronPermissionManager::RequestPermission(
blink::PermissionType permission,
content::RenderFrameHost* render_frame_host,
const GURL& requesting_origin,
bool user_gesture,
StatusCallback response_callback) {
RequestPermissionWithDetails(permission, render_frame_host, requesting_origin,
user_gesture, {}, std::move(response_callback));
}
void ElectronPermissionManager::RequestPermissionWithDetails(
blink::PermissionType permission,
content::RenderFrameHost* render_frame_host,
const GURL& requesting_origin,
bool user_gesture,
base::Value::Dict details,
StatusCallback response_callback) {
RequestPermissionsWithDetails(
std::vector<blink::PermissionType>(1, permission), render_frame_host,
user_gesture, std::move(details),
base::BindOnce(PermissionRequestResponseCallbackWrapper,
std::move(response_callback)));
}
void ElectronPermissionManager::RequestPermissions(
const std::vector<blink::PermissionType>& permissions,
content::RenderFrameHost* render_frame_host,
const GURL& requesting_origin,
bool user_gesture,
StatusesCallback response_callback) {
RequestPermissionsWithDetails(permissions, render_frame_host, user_gesture,
{}, std::move(response_callback));
}
void ElectronPermissionManager::RequestPermissionsWithDetails(
const std::vector<blink::PermissionType>& permissions,
content::RenderFrameHost* render_frame_host,
bool user_gesture,
base::Value::Dict details,
StatusesCallback response_callback) {
if (permissions.empty()) {
std::move(response_callback).Run({});
return;
}
if (request_handler_.is_null()) {
std::vector<blink::mojom::PermissionStatus> statuses;
for (auto permission : permissions) {
if (permission == blink::PermissionType::MIDI_SYSEX) {
content::ChildProcessSecurityPolicy::GetInstance()
->GrantSendMidiSysExMessage(
render_frame_host->GetProcess()->GetID());
} else if (permission == blink::PermissionType::GEOLOCATION) {
ElectronBrowserMainParts::Get()
->GetGeolocationControl()
->UserDidOptIntoLocationServices();
}
statuses.push_back(blink::mojom::PermissionStatus::GRANTED);
}
std::move(response_callback).Run(statuses);
return;
}
auto* web_contents =
content::WebContents::FromRenderFrameHost(render_frame_host);
int request_id = pending_requests_.Add(std::make_unique<PendingRequest>(
render_frame_host, permissions, std::move(response_callback)));
for (size_t i = 0; i < permissions.size(); ++i) {
auto permission = permissions[i];
const auto callback =
base::BindRepeating(&ElectronPermissionManager::OnPermissionResponse,
base::Unretained(this), request_id, i);
details.Set("requestingUrl",
render_frame_host->GetLastCommittedURL().spec());
details.Set("isMainFrame", render_frame_host->GetParent() == nullptr);
request_handler_.Run(web_contents, permission, callback,
base::Value(std::move(details)));
}
}
void ElectronPermissionManager::OnPermissionResponse(
int request_id,
int permission_id,
blink::mojom::PermissionStatus status) {
auto* pending_request = pending_requests_.Lookup(request_id);
if (!pending_request)
return;
pending_request->SetPermissionStatus(permission_id, status);
if (pending_request->IsComplete()) {
pending_request->RunCallback();
pending_requests_.Remove(request_id);
}
}
void ElectronPermissionManager::ResetPermission(
blink::PermissionType permission,
const GURL& requesting_origin,
const GURL& embedding_origin) {}
void ElectronPermissionManager::RequestPermissionsFromCurrentDocument(
const std::vector<blink::PermissionType>& permissions,
content::RenderFrameHost* render_frame_host,
bool user_gesture,
base::OnceCallback<void(const std::vector<blink::mojom::PermissionStatus>&)>
callback) {
RequestPermissionsWithDetails(permissions, render_frame_host, user_gesture,
{}, std::move(callback));
}
blink::mojom::PermissionStatus ElectronPermissionManager::GetPermissionStatus(
blink::PermissionType permission,
const GURL& requesting_origin,
const GURL& embedding_origin) {
base::Value::Dict details;
details.Set("embeddingOrigin", embedding_origin.spec());
bool granted = CheckPermissionWithDetails(permission, {}, requesting_origin,
std::move(details));
return granted ? blink::mojom::PermissionStatus::GRANTED
: blink::mojom::PermissionStatus::DENIED;
}
content::PermissionResult
ElectronPermissionManager::GetPermissionResultForOriginWithoutContext(
blink::PermissionType permission,
const url::Origin& origin) {
blink::mojom::PermissionStatus status =
GetPermissionStatus(permission, origin.GetURL(), origin.GetURL());
return content::PermissionResult(
status, content::PermissionStatusSource::UNSPECIFIED);
}
ElectronPermissionManager::SubscriptionId
ElectronPermissionManager::SubscribePermissionStatusChange(
blink::PermissionType permission,
content::RenderProcessHost* render_process_host,
content::RenderFrameHost* render_frame_host,
const GURL& requesting_origin,
base::RepeatingCallback<void(blink::mojom::PermissionStatus)> callback) {
return SubscriptionId(-1);
}
void ElectronPermissionManager::UnsubscribePermissionStatusChange(
SubscriptionId id) {}
bool ElectronPermissionManager::CheckPermissionWithDetails(
blink::PermissionType permission,
content::RenderFrameHost* render_frame_host,
const GURL& requesting_origin,
base::Value::Dict details) const {
if (check_handler_.is_null()) {
return true;
}
auto* web_contents =
render_frame_host
? content::WebContents::FromRenderFrameHost(render_frame_host)
: nullptr;
if (render_frame_host) {
details.Set("requestingUrl",
render_frame_host->GetLastCommittedURL().spec());
}
details.Set("isMainFrame",
render_frame_host && render_frame_host->GetParent() == nullptr);
switch (permission) {
case blink::PermissionType::AUDIO_CAPTURE:
details.Set("mediaType", "audio");
break;
case blink::PermissionType::VIDEO_CAPTURE:
details.Set("mediaType", "video");
break;
default:
break;
}
return check_handler_.Run(web_contents, permission, requesting_origin,
base::Value(std::move(details)));
}
bool ElectronPermissionManager::CheckDevicePermission(
blink::PermissionType permission,
const url::Origin& origin,
const base::Value& device,
ElectronBrowserContext* browser_context) const {
if (device_permission_handler_.is_null()) {
return browser_context->CheckDevicePermission(origin, device, permission);
} else {
v8::Isolate* isolate = JavascriptEnvironment::GetIsolate();
v8::HandleScope scope(isolate);
v8::Local<v8::Object> details = gin::DataObjectBuilder(isolate)
.Set("deviceType", permission)
.Set("origin", origin.Serialize())
.Set("device", device.Clone())
.Build();
return device_permission_handler_.Run(details);
}
}
void ElectronPermissionManager::GrantDevicePermission(
blink::PermissionType permission,
const url::Origin& origin,
const base::Value& device,
ElectronBrowserContext* browser_context) const {
if (device_permission_handler_.is_null()) {
browser_context->GrantDevicePermission(origin, device, permission);
}
}
void ElectronPermissionManager::RevokeDevicePermission(
blink::PermissionType permission,
const url::Origin& origin,
const base::Value& device,
ElectronBrowserContext* browser_context) const {
browser_context->RevokeDevicePermission(origin, device, permission);
}
blink::mojom::PermissionStatus
ElectronPermissionManager::GetPermissionStatusForCurrentDocument(
blink::PermissionType permission,
content::RenderFrameHost* render_frame_host) {
base::Value::Dict details;
details.Set("embeddingOrigin",
content::PermissionUtil::GetLastCommittedOriginAsURL(
render_frame_host->GetMainFrame())
.spec());
bool granted = CheckPermissionWithDetails(
permission, render_frame_host,
render_frame_host->GetLastCommittedOrigin().GetURL(), std::move(details));
return granted ? blink::mojom::PermissionStatus::GRANTED
: blink::mojom::PermissionStatus::DENIED;
}
blink::mojom::PermissionStatus
ElectronPermissionManager::GetPermissionStatusForWorker(
blink::PermissionType permission,
content::RenderProcessHost* render_process_host,
const GURL& worker_origin) {
return GetPermissionStatus(permission, worker_origin, worker_origin);
}
} // namespace electron
Reference in a new issue View git blame Copy permalink