Add origin-based permission lifetime support #8378

goodov · 2021-03-29T14:06:14Z

Added an integration of the ephemeral origin lifetime tracking with the permission revoke mechanism.
This is a second PR, should be merged on top of the first one.

Resolves brave/brave-browser#14126

Submitter Checklist:

I confirm that no security/privacy review is needed, or that I have requested one
There is a ticket for my issue
Used Github auto-closing keywords in the PR description above
Wrote a good PR/commit description
Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
Checked the PR locally: npm run test -- brave_browser_tests, npm run test -- brave_unit_tests, npm run lint, npm run gn_check, npm run tslint
Ran git rebase master (if needed)

Reviewer Checklist:

A security review is not needed, or a link to one is included in the PR description
New files have MPL-2.0 license header
Adequate test coverage exists to prevent regressions
Major classes, functions and non-trivial code blocks are well-commented
Changes in component dependencies are properly reflected in gn
Code follows the style guide
Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

chromium_src/content/browser/tld_ephemeral_lifetime.cc

browser/permissions/chrome_permission_origin_lifetime_monitor.h

components/permissions/permission_origin_lifetime_monitor.h

browser/permissions/chrome_permission_origin_lifetime_monitor.cc

components/permissions/permission_origin_lifetime_monitor.h

browser/permissions/permission_lifetime_manager_browsertest.cc

bridiver · 2021-04-08T16:32:37Z

components/permissions/permission_lifetime_manager.h

@@ -35,7 +37,9 @@ class PermissionLifetimeManager : public KeyedService,
  static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);

  PermissionLifetimeManager(HostContentSettingsMap* host_content_settings_map,
-                            PrefService* prefs);
+                            PrefService* prefs,


missing either an include or forward decl for PrefService

it's right here:

brave-core/components/permissions/permission_lifetime_manager.h

Line 28 in ced3795

class PrefService;

components/permissions/sources.gni

browser/ephemeral_storage/ephemeral_storage_tab_helper.cc

chromium_src/content/browser/tld_ephemeral_lifetime.cc

bridiver · 2021-04-08T16:47:28Z

chromium_src/content/browser/tld_ephemeral_lifetime.cc

-  auto it = active_tld_storage_areas().find(key);
-  DCHECK(it == active_tld_storage_areas().end() || it->second.get());
-  return it != active_tld_storage_areas().end() ? it->second.get() : nullptr;
+  const TLDEphemeralLifetimeKey key(browser_context, std::move(storage_domain));


same, const& instead of std::move and you still only have one copy operation inside TLDEphemeralLifetimeKey

chromium_src/content/browser/tld_ephemeral_lifetime.cc

components/permissions/permission_expiration_key.cc

components/permissions/permission_expirations.cc

browser/ephemeral_storage/ephemeral_storage_tab_helper.cc

bridiver · 2021-04-12T19:05:55Z

.github/CODEOWNERS

@@ -69,6 +69,10 @@ components/weekly_storage/ @iefremov
 # Perf predictor
 components/brave_perf_predictor/ @iefremov

+# Permissions
+browser/permissions/ @akhoroshilov


we really need to avoid having entire components blocked on one person, can you restrict this to just critical parts of the code and/or add more people?

stephendonner · 2021-04-20T18:24:39Z

As discussed in Slack, the origin-based permission lifetime (until I close this page) requires uplift to the 1.24.x branch.

@goodov when you next get online, mind please getting that started? So as not to block that effort, I started testing on nightly; notes here.

/cc @kjozwiak

Verified the following 3 cases with this nightly build; @pes10k @goodov let me know ASAP, please, if there are additional cases to cover for the uplift. The full verification will be done over in brave/brave-browser#14126

Brave	1.25.25 Chromium: 90.0.4430.72 (Official Build) nightly (x86_64)
Revision	b6172ef8d07ef486489a4b11b66b2eaeed50d132-refs/branch-heads/4430@{#1233}
OS	macOS Version 11.2.3 (Build 20D91)

Case 1: Origin-based behavior, multiple tabs (location):

load brave://flags and enable the Permission Lifetime flag
restart Brave
load hulu.com
log in, install Widevine
Give permission until I close this page
click Allow
confirm brave://settings/content shows Allow for Location
play a video
open hulu.com in another tab
play a video
close either of the two open tabs
confirm brave://settings/content shows Allow for Location
close the remaining tab
confirm brave://settings/content now shows Ask (default) for Location

Case 2: Origin-based behavior, leave tab open, restart (MIDI):

load brave://flags and enable the Permission Lifetime flag
restart Brave
load https://permission.site
click on MIDI
Give permission until I close this page
click Allow
confirm brave://settings/content shows Allow for MIDI devices
leave tab open; shut down Brave
confirm brave://settings/content shows Ask (default) for MIDI devices
load https://permission.site
click on MIDI
confirm you get prompted for permission

Case 3: Origin-based behavior, close tab, open new tab (MIDI):

load brave://flags and enable the Permission Lifetime flag
restart Brave
load https://permission.site
click on MIDI
Give permission until I close this page
click Allow
confirm brave://settings/content shows Allow for MIDI devices
close permission.site tab
open https://permission.site in a new tab
confirm brave://settings/content shows Ask (default) for MIDI devices
click on MIDI
confirm you get prompted for permission

example	example	example	example	example

goodov requested a review from iefremov March 29, 2021 14:06

goodov requested review from bridiver and a team as code owners March 29, 2021 14:06

github-actions bot assigned goodov Mar 29, 2021

goodov force-pushed the issues/14126-2 branch 2 times, most recently from 86faf7c to 1eab63a Compare March 30, 2021 07:39