Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2707)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/permissions/permission_context_base.cc

Issue 2898663002: Implement feature policy checks in the browser process (Closed)
Patch Set: Implement feature policy checks in the browser process Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/permissions/permission_context_base.h ('k') | chrome/browser/permissions/permission_context_base_feature_policy_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/permissions/permission_context_base.cc
diff --git a/chrome/browser/permissions/permission_context_base.cc b/chrome/browser/permissions/permission_context_base.cc
index 35af53f6364a197a3a2139ad9cd4e767efe427b2..3f263c4ca169d9d0f5dac2f99414c3ff97bc1f63 100644
--- a/chrome/browser/permissions/permission_context_base.cc
+++ b/chrome/browser/permissions/permission_context_base.cc
@@ -35,6 +35,7 @@
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/render_frame_host.h"
#include "content/public/browser/web_contents.h"
+#include "content/public/common/content_features.h"
#include "content/public/common/origin_util.h"
#include "extensions/common/constants.h"
#include "url/gurl.h"
@@ -83,9 +84,11 @@ const char PermissionContextBase::kPermissionsKillSwitchBlockedValue[] =
PermissionContextBase::PermissionContextBase(
Profile* profile,
- const ContentSettingsType content_settings_type)
+ ContentSettingsType content_settings_type,
+ blink::WebFeaturePolicyFeature feature_policy_feature)
: profile_(profile),
content_settings_type_(content_settings_type),
+ feature_policy_feature_(feature_policy_feature),
weak_factory_(this) {
#if defined(OS_ANDROID)
permission_queue_controller_.reset(
@@ -244,6 +247,14 @@ PermissionResult PermissionContextBase::GetPermissionStatus(
}
}
+ // Check whether the feature is enabled for the frame by feature policy. We
+ // can only do this when a RenderFrameHost has been provided.
+ if (render_frame_host &&
+ !PermissionAllowedByFeaturePolicy(render_frame_host)) {
+ return PermissionResult(CONTENT_SETTING_BLOCK,
+ PermissionStatusSource::UNSPECIFIED);
+ }
+
ContentSetting content_setting = GetPermissionStatusInternal(
render_frame_host, requesting_origin, embedding_origin);
if (content_setting == CONTENT_SETTING_ASK) {
@@ -463,3 +474,18 @@ ContentSettingsType PermissionContextBase::content_settings_storage_type()
return CONTENT_SETTINGS_TYPE_NOTIFICATIONS;
return content_settings_type_;
}
+
+bool PermissionContextBase::PermissionAllowedByFeaturePolicy(
+ content::RenderFrameHost* rfh) const {
+ if (!base::FeatureList::IsEnabled(
+ features::kUseFeaturePolicyForPermissions)) {
+ // Default to ignoring the feature policy.
+ return true;
+ }
+
+ // Some features don't have an associated feature policy yet. Allow those.
+ if (feature_policy_feature_ == blink::WebFeaturePolicyFeature::kNotFound)
+ return true;
+
+ return rfh->IsFeatureEnabled(feature_policy_feature_);
+}
« no previous file with comments | « chrome/browser/permissions/permission_context_base.h ('k') | chrome/browser/permissions/permission_context_base_feature_policy_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698