Enabling extensions in Tor through "Allow in private" and warn users

that network requests will not go through Tor if the extension is running in
spanning mode

app/brave_generated_resources.grd

@@ -764,11 +764,14 @@ By installing this extension, you are agreeing to the Google Widevine Terms of U
       <message name="IDS_EXTENSIONS_BRAVE_ITEM_CHROME_WEB_STORE" desc="Label for button to visit the Web Extensions Store.">
         View in Web Extensions Store
       </message>
-      <message name="IDS_EXTENSIONS_BRAVE_ITEM_ALLOW_TOR" desc="The text next to the checkbox to enable an extension in tor mode.">
-        Allow in Tor
+      <message name="IDS_EXTENSIONS_BRAVE_PRIVATE_WARNING" desc="Warns the user that Brave cannot prevent extensions from recording history in private mode and Tor mode">
+        Warning: Brave cannot prevent extensions from recording your browsing history.
       </message>
-      <message name="IDS_EXTENSIONS_BRAVE_TOR_WARNING" desc="Warns the user that Brave cannot prevent extensions from recording history in Tor mode. Displayed in extensions management UI after an extension is selected to be run in Tor mode.">
-        Warning: Brave cannot prevent extensions from recording your browsing history. To disable this extension in Tor mode, unselect this option.
+      <message name="IDS_EXTENSIONS_BRAVE_SPANNING_WARNING" desc="Warns the user that extension will make network connection not through Tor when it is in spanning mode">
+        If this extension makes network requests, they will not use Tor or private mode.
+      </message>
+      <message name="IDS_EXTENSIONS_BRAVE_PRIVATE_AND_TOR_WARNING" desc="Displayed in extensions management UI after an extension is selected to be run in private mode and Tor mode.">
+        To disable this extension in private mode and Tor mode, unselect this option.
       </message>
       <!-- Brave Clear Browsing Data On Exit Settings -->
       <message name="IDS_SETTINGS_BRAVE_ON_EXIT" desc="Clear Browsing Data dialog On exit tab label">

browser/resources/extensions/brave_overrides/extensions_detail_view.js

@@ -20,30 +20,20 @@ RegisterPolymerTemplateModifications({
       console.error('[Brave Extensions Overrides] Could not find incognitoTemplate')
       return
     }
-
-    incognitoTemplate.insertAdjacentHTML('afterend', `
-      <template is="dom-if"
-        if="[[data.torAccess.isEnabled]]">
-        <extensions-toggle-row id="allow-tor"
-            checked="[[data.torAccess.isActive]]"
-            class="hr"
-            on-change="onAllowTorChange_">
-          <div>
-            <div>${I18nBehavior.i18n('itemAllowInTor')}</div>
-            <div class="section-content">${I18nBehavior.i18n('torInfoWarning')}</div>
-          </div>
-        </extensions-toggle-row>
-        </template>
-     `)
+    let incognitoWarningDiv = incognitoTemplate.content.querySelector('.section-content')
+    if (!incognitoWarningDiv) {
+      console.error('[Brave Extensions Overrides] Could not find incognitoWarningDiv')
+      return
+    }
+    incognitoWarningDiv.innerText = I18nBehavior.i18n('privateInfoWarning')
+    const spanningWarningSpan = document.createElement('span')
+    spanningWarningSpan.setAttribute('class', 'section-content')
+    spanningWarningSpan.setAttribute('hidden', '[[data.isSplitMode]]')
+    spanningWarningSpan.innerText = ' ' +  I18nBehavior.i18n('spanningInfoWarning')
+    const privateAndTorWarningSpan = document.createElement('span')
+    privateAndTorWarningSpan.setAttribute('class', 'section-content')
+    privateAndTorWarningSpan.innerText = ' ' + I18nBehavior.i18n('privateAndTorInfoWarning')
+    incognitoWarningDiv.appendChild(spanningWarningSpan)
+    incognitoWarningDiv.appendChild(privateAndTorWarningSpan)
   }
 })
-
-RegisterPolymerComponentBehaviors({
-  'extensions-detail-view': [{
-    /** @private */
-    onAllowTorChange_: function() {
-      this.delegate.setItemAllowedTor(
-        this.data.id, this.$$('#allow-tor').checked);
-    },
-  }]
-})

browser/tor/tor_profile_manager_browsertest.cc

@@ -36,7 +36,6 @@
 #include "extensions/browser/extension_registry.h"
 #include "extensions/browser/extension_util.h"
 #include "extensions/common/extension_id.h"
-#include "extensions/common/manifest_handlers/incognito_info.h"
 #endif
 
 #if BUILDFLAG(IPFS_ENABLED)
@@ -282,7 +281,7 @@ class TorProfileManagerExtensionTest : public extensions::ExtensionBrowserTest {
 };
 
 IN_PROC_BROWSER_TEST_F(TorProfileManagerExtensionTest,
-                       SwitchToTorProfileDisableExtensionsByDefault) {
+                       SwitchToTorProfileIncognitoEnabled) {
   Profile* parent_profile = ProfileManager::GetActiveUserProfile();
   ASSERT_TRUE(parent_profile);
 
@@ -300,8 +299,8 @@ IN_PROC_BROWSER_TEST_F(TorProfileManagerExtensionTest,
   EXPECT_TRUE(tor_profile->IsOffTheRecord());
   EXPECT_EQ(tor_profile->GetOriginalProfile(), parent_profile);
 
-  // The installed extension should not be accessible in Tor.
-  EXPECT_FALSE(extensions::util::IsIncognitoEnabled(id, tor_profile));
+  // The installed extension should be accessible in Tor.
+  EXPECT_TRUE(extensions::util::IsIncognitoEnabled(id, tor_profile));
   EXPECT_TRUE(extensions::util::IsIncognitoEnabled(id, parent_profile));
   // Tor OTR and regular profile shares same registry
   extensions::ExtensionRegistry* parent_registry =
@@ -311,60 +310,24 @@ IN_PROC_BROWSER_TEST_F(TorProfileManagerExtensionTest,
   EXPECT_EQ(parent_registry, tor_registry);
   EXPECT_TRUE(tor_registry->GetExtensionById(
       id, extensions::ExtensionRegistry::EVERYTHING));
-}
-
-IN_PROC_BROWSER_TEST_F(TorProfileManagerExtensionTest,
-                       SwitchToTorProfileAllowInTor) {
-  Profile* parent_profile = ProfileManager::GetActiveUserProfile();
-  ASSERT_TRUE(parent_profile);
-
-  const extensions::Extension* extension =
-      InstallExtension(extension_path(), 1);
-  const std::string id = extension->id();
-  extensions::ExtensionPrefs* parent_extension_prefs =
-      extensions::ExtensionPrefs::Get(parent_profile);
-  parent_extension_prefs->SetIsIncognitoEnabled(id, true);
-  parent_extension_prefs->SetIsTorEnabled(id, true);
-
-  Profile* tor_profile =
-      SwitchToTorProfile(parent_profile, GetTorLauncherFactory());
-  ASSERT_TRUE(tor_profile->IsTor());
-  EXPECT_TRUE(tor_profile->IsOffTheRecord());
-  EXPECT_EQ(tor_profile->GetOriginalProfile(), parent_profile);
-
-  Profile* primary_otr_profile = parent_profile->GetPrimaryOTRProfile();
-
-  // The installed extension should be accessible in Tor.
-  EXPECT_TRUE(extensions::util::IsIncognitoEnabled(id, primary_otr_profile));
-  EXPECT_TRUE(extensions::util::IsIncognitoEnabled(id, tor_profile));
-  EXPECT_TRUE(extensions::util::IsIncognitoEnabled(id, parent_profile));
-  // Default mode is spanning but we force it to be split in Tor
-  EXPECT_FALSE(
-      extensions::IncognitoInfo::ForSplitModeCheck(primary_otr_profile->IsTor())
-          ->IsSplitMode(extension));
-  EXPECT_TRUE(extensions::IncognitoInfo::ForSplitModeCheck(tor_profile->IsTor())
-                  ->IsSplitMode(extension));
-
-  // Allow in Tor depends on Allow in private
-  parent_extension_prefs->SetIsIncognitoEnabled(id, false);
-  EXPECT_FALSE(extensions::util::IsIncognitoEnabled(id, tor_profile));
 
   // Component extension should always be allowed
   extension_service()->UnloadExtension(
       extension->id(), extensions::UnloadedExtensionReason::UNINSTALL);
   const extensions::Extension* component_extension =
       LoadExtensionAsComponent(extension_path());
   ASSERT_TRUE(component_extension);
-  parent_extension_prefs->SetIsTorEnabled(component_extension->id(), false);
+  parent_extension_prefs->SetIsIncognitoEnabled(component_extension->id(),
+                                                false);
   EXPECT_TRUE(extensions::util::IsIncognitoEnabled(component_extension->id(),
                                                    tor_profile));
 
-  // "not_allowed" mode will also disable "Allow in Tor"
+  // "not_allowed" mode will also disable extension in Tor
   const extensions::Extension* incognito_not_allowed_ext =
       InstallExtension(incognito_not_allowed_ext_path(), 1);
   const std::string incognito_not_allowed_id = incognito_not_allowed_ext->id();
   parent_extension_prefs->SetIsIncognitoEnabled(incognito_not_allowed_id, true);
-  parent_extension_prefs->SetIsTorEnabled(incognito_not_allowed_id, true);
+  Profile* primary_otr_profile = parent_profile->GetPrimaryOTRProfile();
   EXPECT_FALSE(extensions::util::IsIncognitoEnabled(incognito_not_allowed_id,
                                                     primary_otr_profile));
   EXPECT_FALSE(extensions::util::IsIncognitoEnabled(incognito_not_allowed_id,

chromium_src/chrome/browser/extensions/api/developer_private/extension_info_generator.cc

@@ -3,9 +3,9 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#define BRAVE_CREATE_EXTENSION_INFO_HELPER                        \
-  info->tor_access.is_enabled = info->incognito_access.is_active; \
-  info->tor_access.is_active =                                    \
-      util::IsTorEnabled(extension.id(), browser_context_);
+#include "extensions/common/manifest_handlers/incognito_info.h"
+
+#define BRAVE_CREATE_EXTENSION_INFO_HELPER \
+  info->is_split_mode = IncognitoInfo::IsSplitMode(&extension);
 #include "../../../../../../../chrome/browser/extensions/api/developer_private/extension_info_generator.cc"
 #undef BRAVE_CREATE_EXTENSION_INFO_HELPER

chromium_src/chrome/browser/ui/webui/extensions/extensions_ui.cc

@@ -33,10 +33,12 @@ void BraveAddExtensionsResources(content::WebUIDataSource* source) {
   }
 #endif
   NavigationBarDataProvider::Initialize(source);
-  source->AddLocalizedString("itemAllowInTor",
-                             IDS_EXTENSIONS_BRAVE_ITEM_ALLOW_TOR);
-  source->AddLocalizedString("torInfoWarning",
-                             IDS_EXTENSIONS_BRAVE_TOR_WARNING);
+  source->AddLocalizedString("privateInfoWarning",
+                             IDS_EXTENSIONS_BRAVE_PRIVATE_WARNING);
+  source->AddLocalizedString("spanningInfoWarning",
+                             IDS_EXTENSIONS_BRAVE_SPANNING_WARNING);
+  source->AddLocalizedString("privateAndTorInfoWarning",
+                             IDS_EXTENSIONS_BRAVE_PRIVATE_AND_TOR_WARNING);
 }
 
 }  // namespace