From dbcb6bd0589e130f965f84f8097f4f193496d881 Mon Sep 17 00:00:00 2001 From: Aleksey Khoroshilov Date: Fri, 19 Mar 2021 19:29:55 +0700 Subject: [PATCH 1/9] Support domains as PermissionExpiration key. --- .../permissions/permission_expiration_key.cc | 79 +++++++ .../permissions/permission_expiration_key.h | 43 ++++ .../permissions/permission_expirations.cc | 192 ++++++++++-------- .../permissions/permission_expirations.h | 31 ++- .../permission_expirations_unittest.cc | 176 +++++++++++++--- .../permission_lifetime_manager.cc | 11 +- components/permissions/sources.gni | 2 + 7 files changed, 409 insertions(+), 125 deletions(-) create mode 100644 components/permissions/permission_expiration_key.cc create mode 100644 components/permissions/permission_expiration_key.h diff --git a/components/permissions/permission_expiration_key.cc b/components/permissions/permission_expiration_key.cc new file mode 100644 index 000000000000..b238ae0e75bd --- /dev/null +++ b/components/permissions/permission_expiration_key.cc @@ -0,0 +1,79 @@ +/* Copyright (c) 2021 The Brave Authors. All rights reserved. + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "brave/components/permissions/permission_expiration_key.h" + +#include "base/strings/string_number_conversions.h" +#include "base/strings/string_util.h" + +namespace permissions { + +namespace { + +base::Time ParseExpirationTime(const std::string& key_str) { + int64_t expiration_time = 0; + if (!base::StringToInt64(key_str, &expiration_time)) { + return base::Time(); + } + return base::Time::FromDeltaSinceWindowsEpoch( + base::TimeDelta::FromMicroseconds(expiration_time)); +} + +std::string ExpirationTimeToStr(base::Time expiration_time) { + return std::to_string( + expiration_time.ToDeltaSinceWindowsEpoch().InMicroseconds()); +} + +} // namespace + +PermissionExpirationKey::PermissionExpirationKey(base::Time time) + : time_(time) {} +PermissionExpirationKey::PermissionExpirationKey(std::string domain) + : time_(base::Time::Max()), domain_(std::move(domain)) { + DCHECK(!domain_.empty()); +} +PermissionExpirationKey::PermissionExpirationKey( + const PermissionExpirationKey&) = default; +PermissionExpirationKey& PermissionExpirationKey::operator=( + const PermissionExpirationKey&) = default; +PermissionExpirationKey::PermissionExpirationKey( + PermissionExpirationKey&&) noexcept = default; +PermissionExpirationKey& PermissionExpirationKey::operator=( + PermissionExpirationKey&&) noexcept = default; +PermissionExpirationKey::~PermissionExpirationKey() = default; + +// static +PermissionExpirationKey PermissionExpirationKey::FromString( + const std::string& key_str) { + auto expiration_time = ParseExpirationTime(key_str); + return !expiration_time.is_null() ? PermissionExpirationKey(expiration_time) + : PermissionExpirationKey(key_str); +} + +std::string PermissionExpirationKey::ToString() const { + return IsTimeKey() ? ExpirationTimeToStr(time_) : domain_; +} + +bool PermissionExpirationKey::operator<( + const PermissionExpirationKey& rhs) const { + auto tie = [](const PermissionExpirationKey& obj) { + return std::tie(obj.time_, obj.domain_); + }; + return tie(*this) < tie(rhs); +} + +bool PermissionExpirationKey::operator==( + const PermissionExpirationKey& rhs) const { + auto tie = [](const PermissionExpirationKey& obj) { + return std::tie(obj.time_, obj.domain_); + }; + return tie(*this) == tie(rhs); +} + +bool PermissionExpirationKey::IsTimeKey() const { + return domain_.empty(); +} + +} // namespace permissions diff --git a/components/permissions/permission_expiration_key.h b/components/permissions/permission_expiration_key.h new file mode 100644 index 000000000000..ce229d864d57 --- /dev/null +++ b/components/permissions/permission_expiration_key.h @@ -0,0 +1,43 @@ +/* Copyright (c) 2021 The Brave Authors. All rights reserved. + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef BRAVE_COMPONENTS_PERMISSIONS_PERMISSION_EXPIRATION_KEY_H_ +#define BRAVE_COMPONENTS_PERMISSIONS_PERMISSION_EXPIRATION_KEY_H_ + +#include + +#include "base/time/time.h" + +namespace permissions { + +// Stores permission expiration key (an expiration time or a bound domain). +class PermissionExpirationKey { + public: + explicit PermissionExpirationKey(base::Time time); + explicit PermissionExpirationKey(std::string domain); + PermissionExpirationKey(const PermissionExpirationKey&); + PermissionExpirationKey& operator=(const PermissionExpirationKey&); + PermissionExpirationKey(PermissionExpirationKey&&) noexcept; + PermissionExpirationKey& operator=(PermissionExpirationKey&&) noexcept; + ~PermissionExpirationKey(); + + static PermissionExpirationKey FromString(const std::string& key_str); + std::string ToString() const; + + bool operator<(const PermissionExpirationKey&) const; + bool operator==(const PermissionExpirationKey&) const; + + bool IsTimeKey() const; + const base::Time& time() const { return time_; } + const std::string& domain() const { return domain_; } + + private: + base::Time time_; + std::string domain_; +}; + +} // namespace permissions + +#endif // BRAVE_COMPONENTS_PERMISSIONS_PERMISSION_EXPIRATION_KEY_H_ diff --git a/components/permissions/permission_expirations.cc b/components/permissions/permission_expirations.cc index 66fd548173cb..350bce5823f9 100644 --- a/components/permissions/permission_expirations.cc +++ b/components/permissions/permission_expirations.cc @@ -21,6 +21,8 @@ using content_settings::WebsiteSettingsInfo; using content_settings::WebsiteSettingsRegistry; +using prefs::DictionaryValueUpdate; +using prefs::ScopedDictionaryPrefUpdate; namespace permissions { @@ -30,20 +32,6 @@ namespace { constexpr base::StringPiece kRequestingOriginKey = "ro"; constexpr base::StringPiece kEmbeddingOriginKey = "eo"; -base::Time ParseExpirationTime(const std::string& time_str) { - int64_t expiration_time = 0; - if (!base::StringToInt64(time_str, &expiration_time)) { - return base::Time(); - } - return base::Time::FromDeltaSinceWindowsEpoch( - base::TimeDelta::FromMicroseconds(expiration_time)); -} - -std::string ExpirationTimeToStr(base::Time expiration_time) { - return std::to_string( - expiration_time.ToDeltaSinceWindowsEpoch().InMicroseconds()); -} - } // namespace // static @@ -64,11 +52,11 @@ PermissionExpirations::~PermissionExpirations() = default; void PermissionExpirations::AddExpiringPermission( ContentSettingsType content_type, - base::Time expiration_time, + PermissionExpirationKey expiration_key, PermissionOrigins permission_origins) { - expirations_[content_type][expiration_time].push_back( + expirations_[content_type][expiration_key].push_back( std::move(permission_origins)); - UpdateTimeExpirationsPref(content_type, {expiration_time}); + UpdateExpirationsPref(content_type, {expiration_key}); } bool PermissionExpirations::RemoveExpiringPermissions( @@ -79,14 +67,14 @@ bool PermissionExpirations::RemoveExpiringPermissions( return false; } - auto& time_expirations_map = expirations_it->second; - std::vector time_items_to_update_prefs; + auto& key_expirations_map = expirations_it->second; + std::vector expiration_keys_to_update_prefs; // Remove all elements for which |predicate| returned true. - for (auto time_expirations_it = time_expirations_map.begin(); - time_expirations_it != time_expirations_map.end();) { - const auto& expiration_time = time_expirations_it->first; - auto& expiring_permissions = time_expirations_it->second; + for (auto key_expirations_it = key_expirations_map.begin(); + key_expirations_it != key_expirations_map.end();) { + const auto& expiration_key = key_expirations_it->first; + auto& expiring_permissions = key_expirations_it->second; bool is_anything_removed = false; for (auto expiring_permission_it = expiring_permissions.begin(); @@ -102,86 +90,118 @@ bool PermissionExpirations::RemoveExpiringPermissions( // Track removed items to update prefs. if (is_anything_removed) { - time_items_to_update_prefs.push_back(expiration_time); + expiration_keys_to_update_prefs.push_back(expiration_key); } // Remove empty nested containers. if (expiring_permissions.empty()) { - time_expirations_it = time_expirations_map.erase(time_expirations_it); + key_expirations_it = key_expirations_map.erase(key_expirations_it); } else { - ++time_expirations_it; + ++key_expirations_it; } } // If nothing was removed then we're done here. - if (time_items_to_update_prefs.empty()) { + if (expiration_keys_to_update_prefs.empty()) { return false; } // Remove empty nested containers. - if (time_expirations_map.empty()) { + if (key_expirations_map.empty()) { expirations_.erase(expirations_it); } // Update prefs. - UpdateTimeExpirationsPref(content_type, time_items_to_update_prefs); + UpdateExpirationsPref(content_type, expiration_keys_to_update_prefs); return true; } PermissionExpirations::ExpiredPermissions PermissionExpirations::RemoveExpiredPermissions(base::Time current_time) { + return RemoveExpiredPermissionsImpl(base::BindRepeating( + [](const PermissionExpirationKey& expiration_key, + const PermissionExpirations::KeyExpirationsMap& key_expirations) { + return std::make_pair(key_expirations.begin(), + key_expirations.upper_bound(expiration_key)); + }, + PermissionExpirationKey(current_time))); +} + +PermissionExpirations::ExpiredPermissions +PermissionExpirations::RemoveExpiredPermissions(std::string domain) { + return RemoveExpiredPermissionsImpl(base::BindRepeating( + [](const PermissionExpirationKey& expiration_key, + const PermissionExpirations::KeyExpirationsMap& key_expirations) { + return key_expirations.equal_range(expiration_key); + }, + PermissionExpirationKey(std::move(domain)))); +} + +PermissionExpirations::ExpiredPermissions +PermissionExpirations::RemoveAllDomainPermissions() { + return RemoveExpiredPermissionsImpl(base::BindRepeating( + [](const PermissionExpirationKey& expiration_key, + const PermissionExpirations::KeyExpirationsMap& key_expirations) { + return std::make_pair(key_expirations.upper_bound(expiration_key), + key_expirations.end()); + }, + PermissionExpirationKey(base::Time::Max()))); +} + +PermissionExpirations::ExpiredPermissions +PermissionExpirations::RemoveExpiredPermissionsImpl( + base::RepeatingCallback( + const KeyExpirationsMap&)> predicate) { ExpiredPermissions expired_permissions; // Enumerate all content types and remove all expired permissions. for (auto expirations_it = expirations_.begin(); expirations_it != expirations_.end();) { const auto content_type = expirations_it->first; - auto& time_expirations_map = expirations_it->second; - - std::vector time_items_to_clear_prefs; - auto time_expirations_it = time_expirations_map.begin(); - for (; time_expirations_it != time_expirations_map.end(); - ++time_expirations_it) { - const auto& expiration_time = time_expirations_it->first; - auto& expiring_permissions = time_expirations_it->second; - if (expiration_time > current_time) { - // If we encountered an expiration that is still active, then all next - // expirations will also be active (map is sorted). - break; - } + auto& key_expirations_map = expirations_it->second; + + std::vector expiration_keys_to_clear_prefs; + auto iterator_pair = predicate.Run(key_expirations_map); + auto key_expirations_begin_it = + base::ConstCastIterator(key_expirations_map, iterator_pair.first); + auto key_expirations_end_it = + base::ConstCastIterator(key_expirations_map, iterator_pair.second); + for (auto key_expirations_it = key_expirations_begin_it; + key_expirations_it != key_expirations_end_it; ++key_expirations_it) { + const auto& expiration_key = key_expirations_it->first; + auto& expiring_permissions = key_expirations_it->second; std::move(expiring_permissions.begin(), expiring_permissions.end(), std::back_inserter(expired_permissions[content_type])); - time_items_to_clear_prefs.push_back(expiration_time); + expiration_keys_to_clear_prefs.push_back(expiration_key); } - time_expirations_map.erase(time_expirations_map.begin(), - time_expirations_it); + key_expirations_map.erase(key_expirations_begin_it, key_expirations_end_it); // Remove empty nested containers. - if (time_expirations_map.empty()) { + if (key_expirations_map.empty()) { expirations_it = expirations_.erase(expirations_it); } else { ++expirations_it; } // Update prefs. - UpdateTimeExpirationsPref(content_type, time_items_to_clear_prefs); + UpdateExpirationsPref(content_type, expiration_keys_to_clear_prefs); } return expired_permissions; } -void PermissionExpirations::UpdateTimeExpirationsPref( +void PermissionExpirations::UpdateExpirationsPref( ContentSettingsType content_type, - const std::vector& time_items) { + const std::vector& expiration_keys) { if (!prefs_) { return; } // Use a scoped pref update to update only changed pref subkeys. - ::prefs::ScopedDictionaryPrefUpdate update( - prefs_, prefs::kPermissionLifetimeExpirations); - std::unique_ptr<::prefs::DictionaryValueUpdate> time_expirations_val = - update.Get(); - DCHECK(time_expirations_val); + ScopedDictionaryPrefUpdate update(prefs_, + prefs::kPermissionLifetimeExpirations); + std::unique_ptr key_expirations_val = update.Get(); + DCHECK(key_expirations_val); const std::string& content_type_name = WebsiteSettingsRegistry::GetInstance()->Get(content_type)->name(); @@ -189,25 +209,28 @@ void PermissionExpirations::UpdateTimeExpirationsPref( const auto& expirations_it = expirations_.find(content_type); if (expirations_it == expirations_.end()) { // Remove content type if it's absent in a runtime container. - time_expirations_val->RemovePath(content_type_name, nullptr); + key_expirations_val->RemovePath(content_type_name, nullptr); return; } - const auto& time_expirations_map = expirations_it->second; - for (const auto& time_to_update : time_items) { - const auto& time_expirations_it = time_expirations_map.find(time_to_update); - if (time_expirations_it == time_expirations_map.end() || - time_expirations_it->second.empty()) { - // Remove a time element if it's absent or empty in a runtime container. - time_expirations_val->RemovePath( - base::StrCat( - {content_type_name, ".", ExpirationTimeToStr(time_to_update)}), - nullptr); + const auto& key_expirations_map = expirations_it->second; + for (const auto& expiration_key : expiration_keys) { + const auto& key_expirations_it = key_expirations_map.find(expiration_key); + const std::string& key = expiration_key.ToString(); + if (key_expirations_it == key_expirations_map.end() || + key_expirations_it->second.empty()) { + // Remove a key element if it's absent or empty in a runtime container. + std::unique_ptr content_type_expirations_val; + if (key_expirations_val->GetDictionaryWithoutPathExpansion( + content_type_name, &content_type_expirations_val)) { + DCHECK(content_type_expirations_val); + content_type_expirations_val->RemoveWithoutPathExpansion(key, nullptr); + } } else { - // Update a time element if it's not empty in a runtime container. - time_expirations_val->SetPath( - {content_type_name, ExpirationTimeToStr(time_to_update)}, - ExpiringPermissionsToValue(time_expirations_it->second)); + // Update a key element if it's not empty in a runtime container. + key_expirations_val->SetPath( + {content_type_name, key}, + ExpiringPermissionsToValue(key_expirations_it->second)); } } } @@ -226,8 +249,8 @@ void PermissionExpirations::ReadExpirationsFromPrefs() { for (const auto& type_expirations_val : type_expirations_map_val->DictItems()) { const std::string& content_type_name = type_expirations_val.first; - const base::Value& time_expirations_map_val = type_expirations_val.second; - if (!time_expirations_map_val.is_dict()) { + const base::Value& key_expirations_map_val = type_expirations_val.second; + if (!key_expirations_map_val.is_dict()) { continue; } const WebsiteSettingsInfo* website_settings_info = @@ -236,37 +259,32 @@ void PermissionExpirations::ReadExpirationsFromPrefs() { invalid_content_type_names.push_back(content_type_name); continue; } - TimeExpirationsMap time_expirations_map; - for (const auto& time_expiring_permissions_val : - time_expirations_map_val.DictItems()) { - const std::string& time_str = time_expiring_permissions_val.first; - const base::Value& expiring_permissions_val = - time_expiring_permissions_val.second; - const base::Time expiration_time = ParseExpirationTime(time_str); - if (expiration_time.is_null()) { - continue; - } + KeyExpirationsMap key_expirations_map; + for (const auto& key_expirations_val : + key_expirations_map_val.DictItems()) { + const std::string& key_str = key_expirations_val.first; + const base::Value& expiring_permissions_val = key_expirations_val.second; ExpiringPermissions expiring_permissions = ParseExpiringPermissions(expiring_permissions_val); if (expiring_permissions.empty()) { continue; } - time_expirations_map.emplace(expiration_time, - std::move(expiring_permissions)); + key_expirations_map.emplace(PermissionExpirationKey::FromString(key_str), + std::move(expiring_permissions)); } - if (!time_expirations_map.empty()) { + if (!key_expirations_map.empty()) { expirations_.emplace(website_settings_info->type(), - std::move(time_expirations_map)); + std::move(key_expirations_map)); } } if (!invalid_content_type_names.empty()) { ::prefs::ScopedDictionaryPrefUpdate update( prefs_, prefs::kPermissionLifetimeExpirations); - std::unique_ptr<::prefs::DictionaryValueUpdate> time_expirations_val = + std::unique_ptr<::prefs::DictionaryValueUpdate> key_expirations_val = update.Get(); for (const auto& invalid_content_type_name : invalid_content_type_names) { - time_expirations_val->RemovePath(invalid_content_type_name, nullptr); + key_expirations_val->RemovePath(invalid_content_type_name, nullptr); } } } diff --git a/components/permissions/permission_expirations.h b/components/permissions/permission_expirations.h index 1df8a01ead4d..a1c504a3cb24 100644 --- a/components/permissions/permission_expirations.h +++ b/components/permissions/permission_expirations.h @@ -11,6 +11,7 @@ #include "base/callback.h" #include "base/containers/flat_set.h" +#include "brave/components/permissions/permission_expiration_key.h" #include "brave/components/permissions/permission_origins.h" #include "components/content_settings/core/common/content_settings.h" @@ -27,9 +28,10 @@ namespace permissions { class PermissionExpirations { public: using ExpiringPermissions = std::vector; - using TimeExpirationsMap = std::map; - using TypeTimeExpirationsMap = - base::flat_map; + using KeyExpirationsMap = + std::map; + using TypeKeyExpirationsMap = + base::flat_map; using ExpiredPermissions = base::flat_map; @@ -42,21 +44,32 @@ class PermissionExpirations { // Add expiring permission. void AddExpiringPermission(ContentSettingsType content_type, - base::Time expiration_time, + PermissionExpirationKey expiration_time, PermissionOrigins permission_origins); // Remove permission using |predicate|. Returns true if anything was removed. bool RemoveExpiringPermissions( ContentSettingsType content_type, base::RepeatingCallback predicate); - // Remove expired permissions with expiration_time > |current_time|. + // Remove expired permissions with expiration_time >= |current_time|. ExpiredPermissions RemoveExpiredPermissions(base::Time current_time); + // Remove expired permissions with exact |domain|. + ExpiredPermissions RemoveExpiredPermissions(std::string domain); + // Remove expired permissions with a domain as a key. + ExpiredPermissions RemoveAllDomainPermissions(); - const TypeTimeExpirationsMap& expirations() const { return expirations_; } + const TypeKeyExpirationsMap& expirations() const { return expirations_; } private: + // Remove expired permissions using |predicate|. + ExpiredPermissions RemoveExpiredPermissionsImpl( + base::RepeatingCallback( + const KeyExpirationsMap&)> predicate); + // Update value in prefs, |time_items| used to update only listed items. - void UpdateTimeExpirationsPref(ContentSettingsType content_type, - const std::vector& time_items); + void UpdateExpirationsPref( + ContentSettingsType content_type, + const std::vector& expiration_keys); void ReadExpirationsFromPrefs(); ExpiringPermissions ParseExpiringPermissions( @@ -67,7 +80,7 @@ class PermissionExpirations { PrefService* const prefs_ = nullptr; // Expirations data from prefs used at runtime. Kept in sync with prefs. - TypeTimeExpirationsMap expirations_; + TypeKeyExpirationsMap expirations_; }; } // namespace permissions diff --git a/components/permissions/permission_expirations_unittest.cc b/components/permissions/permission_expirations_unittest.cc index bccabb0e1f11..14134323916a 100644 --- a/components/permissions/permission_expirations_unittest.cc +++ b/components/permissions/permission_expirations_unittest.cc @@ -45,6 +45,20 @@ constexpr base::StringPiece kOneTypeTwoExpirationsPrefValue = R"({ } })"; +constexpr base::StringPiece kOneTypeThreeExpirationsPrefValue = R"({ + "$1": { + "$2": [ + {"ro": "$3"} + ], + "$4": [ + {"ro": "$5"} + ], + "$6": [ + {"ro": "$7"} + ] + } +})"; + constexpr base::StringPiece kTwoTypesOneExpirationPrefValue = R"({ "$1": { "$2": [ @@ -89,7 +103,15 @@ class PermissionExpirationsTest : public testing::Test { void AddExpiringPermission(ContentSettingsType content_type, base::TimeDelta time_delta, const GURL& origin) { - expirations()->AddExpiringPermission(content_type, now_ + time_delta, + expirations()->AddExpiringPermission( + content_type, PermissionExpirationKey(now_ + time_delta), + PermissionOrigins(origin, origin)); + } + + void AddExpiringPermission(ContentSettingsType content_type, + const GURL& origin) { + expirations()->AddExpiringPermission(content_type, + PermissionExpirationKey(origin.host()), PermissionOrigins(origin, origin)); } @@ -105,9 +127,16 @@ class PermissionExpirationsTest : public testing::Test { pref_value_template, subst, nullptr))); } + static std::string TimeKey(const base::Time& time) { + return std::to_string(time.ToDeltaSinceWindowsEpoch().InMicroseconds()); + } + + static std::string DomainKey(const GURL& url) { return url.host(); } + protected: const GURL kOrigin{"https://example.com"}; - const GURL kOrigin2{"https://brave.com"}; + const GURL kOrigin2{"https://brave1.com"}; + const GURL kOrigin3{"https://brave2.com"}; const base::TimeDelta kLifetime{base::TimeDelta::FromSeconds(5)}; const base::TimeDelta kOneSecond{base::TimeDelta::FromSeconds(1)}; @@ -126,10 +155,7 @@ TEST_F(PermissionExpirationsTest, AddAndRemoveAfterExpiration) { // Check data stored in prefs. CheckExpirationsPref( FROM_HERE, kOneTypeOneExpirationPrefValue, - {"notifications", - std::to_string( - expiration_time.ToDeltaSinceWindowsEpoch().InMicroseconds()), - kOrigin.spec()}); + {"notifications", TimeKey(expiration_time), kOrigin.spec()}); auto removed = expirations()->RemoveExpiredPermissions(expiration_time); EXPECT_EQ(removed, PermissionExpirations::ExpiredPermissions( @@ -156,13 +182,8 @@ TEST_F(PermissionExpirationsTest, AddAndRemoveExpiring) { // Check data stored in prefs. CheckExpirationsPref( FROM_HERE, kOneTypeTwoExpirationsPrefValue, - {"notifications", - std::to_string( - expiration_time2.ToDeltaSinceWindowsEpoch().InMicroseconds()), - kOrigin2.spec(), - std::to_string( - expiration_time.ToDeltaSinceWindowsEpoch().InMicroseconds()), - kOrigin.spec()}); + {"notifications", TimeKey(expiration_time2), kOrigin2.spec(), + TimeKey(expiration_time), kOrigin.spec()}); EXPECT_TRUE(expirations()->RemoveExpiringPermissions( ContentSettingsType::NOTIFICATIONS, @@ -173,10 +194,7 @@ TEST_F(PermissionExpirationsTest, AddAndRemoveExpiring) { // Check data stored in prefs. CheckExpirationsPref( FROM_HERE, kOneTypeOneExpirationPrefValue, - {"notifications", - std::to_string( - expiration_time.ToDeltaSinceWindowsEpoch().InMicroseconds()), - kOrigin.spec()}); + {"notifications", TimeKey(expiration_time), kOrigin.spec()}); EXPECT_TRUE(expirations()->RemoveExpiringPermissions( ContentSettingsType::NOTIFICATIONS, @@ -202,13 +220,8 @@ TEST_F(PermissionExpirationsTest, RemoveExpiredDifferentTypes) { // Check data stored in prefs. CheckExpirationsPref( FROM_HERE, kTwoTypesOneExpirationPrefValue, - {"notifications", - std::to_string( - expiration_time.ToDeltaSinceWindowsEpoch().InMicroseconds()), - kOrigin.spec(), "geolocation", - std::to_string( - expiration_time.ToDeltaSinceWindowsEpoch().InMicroseconds()), - kOrigin.spec()}); + {"notifications", TimeKey(expiration_time), kOrigin.spec(), "geolocation", + TimeKey(expiration_time), kOrigin.spec()}); auto removed = expirations()->RemoveExpiredPermissions(expiration_time); EXPECT_EQ(removed, PermissionExpirations::ExpiredPermissions( @@ -247,4 +260,119 @@ TEST_F(PermissionExpirationsTest, ClearInvalidContentType) { CheckExpirationsPref(FROM_HERE, "{}"); } +TEST_F(PermissionExpirationsTest, AddRemoveDomainExpiration) { + AddExpiringPermission(ContentSettingsType::NOTIFICATIONS, kOrigin); + AddExpiringPermission(ContentSettingsType::GEOLOCATION, kOrigin2); + + // Check data stored in prefs. + CheckExpirationsPref(FROM_HERE, kTwoTypesOneExpirationPrefValue, + {"notifications", DomainKey(kOrigin), kOrigin.spec(), + "geolocation", DomainKey(kOrigin2), kOrigin2.spec()}); + + auto removed = expirations()->RemoveExpiredPermissions(kOrigin.host()); + EXPECT_EQ(removed, PermissionExpirations::ExpiredPermissions( + {{ContentSettingsType::NOTIFICATIONS, + {PermissionOrigins(kOrigin, kOrigin)}}})); + + CheckExpirationsPref(FROM_HERE, kOneTypeOneExpirationPrefValue, + {"geolocation", DomainKey(kOrigin2), kOrigin2.spec()}); + + removed = expirations()->RemoveExpiredPermissions(kOrigin2.host()); + EXPECT_EQ(removed, PermissionExpirations::ExpiredPermissions( + {{ContentSettingsType::GEOLOCATION, + {PermissionOrigins(kOrigin2, kOrigin2)}}})); + CheckExpirationsPref(FROM_HERE, "{}"); + + // Nothing should be removed in the end. + EXPECT_TRUE(expirations()->RemoveAllDomainPermissions().empty()); +} + +TEST_F(PermissionExpirationsTest, RemoveDomainThenTimeExpirations) { + const auto expiration_delta = base::TimeDelta::FromSeconds(10); + const auto expiration_time = now_ + expiration_delta; + AddExpiringPermission(ContentSettingsType::NOTIFICATIONS, expiration_delta, + kOrigin); + AddExpiringPermission(ContentSettingsType::GEOLOCATION, kOrigin2); + + // Check data stored in prefs. + CheckExpirationsPref( + FROM_HERE, kTwoTypesOneExpirationPrefValue, + {"notifications", TimeKey(expiration_time), kOrigin.spec(), "geolocation", + DomainKey(kOrigin2), kOrigin2.spec()}); + + auto removed = expirations()->RemoveExpiredPermissions(kOrigin2.host()); + EXPECT_EQ(removed, PermissionExpirations::ExpiredPermissions( + {{ContentSettingsType::GEOLOCATION, + {PermissionOrigins(kOrigin2, kOrigin2)}}})); + + CheckExpirationsPref( + FROM_HERE, kOneTypeOneExpirationPrefValue, + {"notifications", TimeKey(expiration_time), kOrigin.spec()}); + + removed = expirations()->RemoveExpiredPermissions(expiration_time); + EXPECT_EQ(removed, PermissionExpirations::ExpiredPermissions( + {{ContentSettingsType::NOTIFICATIONS, + {PermissionOrigins(kOrigin, kOrigin)}}})); + CheckExpirationsPref(FROM_HERE, "{}"); +} + +TEST_F(PermissionExpirationsTest, RemoveTimeThenDomainExpirations) { + const auto expiration_delta = base::TimeDelta::FromSeconds(10); + const auto expiration_time = now_ + expiration_delta; + AddExpiringPermission(ContentSettingsType::NOTIFICATIONS, expiration_delta, + kOrigin); + AddExpiringPermission(ContentSettingsType::GEOLOCATION, kOrigin2); + + // Check data stored in prefs. + CheckExpirationsPref( + FROM_HERE, kTwoTypesOneExpirationPrefValue, + {"notifications", TimeKey(expiration_time), kOrigin.spec(), "geolocation", + DomainKey(kOrigin2), kOrigin2.spec()}); + + auto removed = expirations()->RemoveExpiredPermissions(expiration_time); + EXPECT_EQ(removed, PermissionExpirations::ExpiredPermissions( + {{ContentSettingsType::NOTIFICATIONS, + {PermissionOrigins(kOrigin, kOrigin)}}})); + + CheckExpirationsPref(FROM_HERE, kOneTypeOneExpirationPrefValue, + {"geolocation", DomainKey(kOrigin2), kOrigin2.spec()}); + + removed = expirations()->RemoveExpiredPermissions(kOrigin2.host()); + EXPECT_EQ(removed, PermissionExpirations::ExpiredPermissions( + {{ContentSettingsType::GEOLOCATION, + {PermissionOrigins(kOrigin2, kOrigin2)}}})); + CheckExpirationsPref(FROM_HERE, "{}"); +} + +TEST_F(PermissionExpirationsTest, RemoveAllDomainExpirations) { + const auto expiration_delta = base::TimeDelta::FromSeconds(10); + const auto expiration_time = now_ + expiration_delta; + AddExpiringPermission(ContentSettingsType::NOTIFICATIONS, expiration_delta, + kOrigin); + AddExpiringPermission(ContentSettingsType::NOTIFICATIONS, kOrigin2); + AddExpiringPermission(ContentSettingsType::NOTIFICATIONS, kOrigin3); + + // Check data stored in prefs. + CheckExpirationsPref(FROM_HERE, kOneTypeThreeExpirationsPrefValue, + {"notifications", TimeKey(expiration_time), + kOrigin.spec(), DomainKey(kOrigin2), kOrigin2.spec(), + DomainKey(kOrigin3), kOrigin3.spec()}); + + auto removed = expirations()->RemoveAllDomainPermissions(); + EXPECT_EQ(removed, PermissionExpirations::ExpiredPermissions( + {{ContentSettingsType::NOTIFICATIONS, + {{PermissionOrigins(kOrigin2, kOrigin2)}, + PermissionOrigins(kOrigin3, kOrigin3)}}})); + + CheckExpirationsPref( + FROM_HERE, kOneTypeOneExpirationPrefValue, + {"notifications", TimeKey(expiration_time), kOrigin.spec()}); + + removed = expirations()->RemoveExpiredPermissions(expiration_time); + EXPECT_EQ(removed, PermissionExpirations::ExpiredPermissions( + {{ContentSettingsType::NOTIFICATIONS, + {PermissionOrigins(kOrigin, kOrigin)}}})); + CheckExpirationsPref(FROM_HERE, "{}"); +} + } // namespace permissions diff --git a/components/permissions/permission_lifetime_manager.cc b/components/permissions/permission_lifetime_manager.cc index 9b38e285c161..a678e48bd186 100644 --- a/components/permissions/permission_lifetime_manager.cc +++ b/components/permissions/permission_lifetime_manager.cc @@ -88,7 +88,7 @@ void PermissionLifetimeManager::PermissionDecided( << " seconds"; permission_expirations_.AddExpiringPermission( - content_type, expiration_time, + content_type, PermissionExpirationKey(expiration_time), PermissionOrigins(requesting_origin, embedding_origin)); UpdateExpirationTimer(); @@ -154,12 +154,13 @@ void PermissionLifetimeManager::RestartExpirationTimerForTesting() { void PermissionLifetimeManager::UpdateExpirationTimer() { base::Time nearest_expiration_time(base::Time::Max()); for (const auto& type_expirations : permission_expirations_.expirations()) { - const auto& time_expirations_map = type_expirations.second; - if (time_expirations_map.empty()) { + const auto& key_expirations_map = type_expirations.second; + if (key_expirations_map.empty() || + !key_expirations_map.begin()->first.IsTimeKey()) { continue; } - nearest_expiration_time = - std::min(nearest_expiration_time, time_expirations_map.begin()->first); + nearest_expiration_time = std::min( + nearest_expiration_time, key_expirations_map.begin()->first.time()); } if (nearest_expiration_time == base::Time::Max()) { diff --git a/components/permissions/sources.gni b/components/permissions/sources.gni index 5c125f7aad12..9f0b8d038796 100644 --- a/components/permissions/sources.gni +++ b/components/permissions/sources.gni @@ -1,4 +1,6 @@ brave_components_permissions_sources = [ + "//brave/components/permissions/permission_expiration_key.cc", + "//brave/components/permissions/permission_expiration_key.h", "//brave/components/permissions/permission_expirations.cc", "//brave/components/permissions/permission_expirations.h", "//brave/components/permissions/permission_lifetime_manager.cc", From 03074aa99f0fe8e593fc8faf58fde36728e45971 Mon Sep 17 00:00:00 2001 From: Aleksey Khoroshilov Date: Wed, 24 Mar 2021 15:15:20 +0700 Subject: [PATCH 2/9] Add ephemeral TLD destroy observer. --- .../ephemeral_storage_tab_helper.cc | 4 +- ...rome_permission_origin_lifetime_monitor.cc | 67 ++++++ ...hrome_permission_origin_lifetime_monitor.h | 43 ++++ ...permission_lifetime_manager_browsertest.cc | 193 ++++++++++++++++- .../permission_lifetime_manager_factory.cc | 12 +- .../permission_lifetime_manager_unittest.cc | 196 +++++++++++++++++- browser/permissions/sources.gni | 2 + .../content/browser/tld_ephemeral_lifetime.cc | 41 +++- .../public/browser/tld_ephemeral_lifetime.h | 14 +- .../permission_lifetime_manager.cc | 92 ++++++-- .../permissions/permission_lifetime_manager.h | 17 +- .../permissions/permission_lifetime_utils.cc | 19 +- .../permission_origin_lifetime_monitor.h | 36 ++++ components/permissions/sources.gni | 1 + 14 files changed, 694 insertions(+), 43 deletions(-) create mode 100644 browser/permissions/chrome_permission_origin_lifetime_monitor.cc create mode 100644 browser/permissions/chrome_permission_origin_lifetime_monitor.h create mode 100644 components/permissions/permission_origin_lifetime_monitor.h diff --git a/browser/ephemeral_storage/ephemeral_storage_tab_helper.cc b/browser/ephemeral_storage/ephemeral_storage_tab_helper.cc index 80bca6920332..194ed33a67b0 100644 --- a/browser/ephemeral_storage/ephemeral_storage_tab_helper.cc +++ b/browser/ephemeral_storage/ephemeral_storage_tab_helper.cc @@ -82,7 +82,7 @@ void EphemeralStorageTabHelper::ReadyToCommitNavigation( if (new_domain == previous_domain) return; - CreateEphemeralStorageAreasForDomainAndURL(new_domain, new_url); + CreateEphemeralStorageAreasForDomainAndURL(std::move(new_domain), new_url); } void EphemeralStorageTabHelper::CreateEphemeralStorageAreasForDomainAndURL( @@ -145,7 +145,7 @@ void EphemeralStorageTabHelper::CreateEphemeralStorageAreasForDomainAndURL( } tld_ephemeral_lifetime_ = content::TLDEphemeralLifetime::GetOrCreate( - browser_context, partition, new_domain); + browser_context, partition, std::move(new_domain)); } // static diff --git a/browser/permissions/chrome_permission_origin_lifetime_monitor.cc b/browser/permissions/chrome_permission_origin_lifetime_monitor.cc new file mode 100644 index 000000000000..fd0ccd121f7e --- /dev/null +++ b/browser/permissions/chrome_permission_origin_lifetime_monitor.cc @@ -0,0 +1,67 @@ +/* Copyright (c) 2021 The Brave Authors. All rights reserved. + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "brave/browser/permissions/chrome_permission_origin_lifetime_monitor.h" + +#include "base/stl_util.h" +#include "brave/browser/ephemeral_storage/ephemeral_storage_tab_helper.h" +#include "chrome/browser/profiles/profile.h" +#include "content/public/browser/render_frame_host.h" +#include "content/public/browser/tld_ephemeral_lifetime.h" +#include "content/public/browser/web_contents.h" +#include "net/base/features.h" +#include "net/base/url_util.h" + +namespace permissions { + +ChromePermissionOriginLifetimeMonitor::ChromePermissionOriginLifetimeMonitor( + Profile* profile) + : profile_(profile) { + DCHECK(profile_); + DCHECK(base::FeatureList::IsEnabled(net::features::kBraveEphemeralStorage)); +} + +ChromePermissionOriginLifetimeMonitor:: + ~ChromePermissionOriginLifetimeMonitor() = default; + +void ChromePermissionOriginLifetimeMonitor:: + SetOnPermissionOriginDestroyedCallback( + base::RepeatingCallback callback) { + permission_destroyed_callback_ = std::move(callback); +} + +std::string +ChromePermissionOriginLifetimeMonitor::SubscribeToPermissionOriginDestruction( + const GURL& requesting_origin) { + DCHECK(permission_destroyed_callback_); + std::string storage_domain = + net::URLToEphemeralStorageDomain(requesting_origin); + auto* tld_ephemeral_lifetime = + content::TLDEphemeralLifetime::Get(profile_, storage_domain); + if (!tld_ephemeral_lifetime) { + // If an ephemeral lifetime object doesn't exist, treat a permission origin + // as an already destroyed one. + return std::string(); + } + + if (!base::Contains(active_subscriptions_, storage_domain)) { + tld_ephemeral_lifetime->RegisterOnDestroyCallback(base::BindOnce( + &ChromePermissionOriginLifetimeMonitor::OnEphemeralTLDDestroyed, + weak_ptr_factory_.GetWeakPtr())); + active_subscriptions_.insert(storage_domain); + } + return storage_domain; +} + +void ChromePermissionOriginLifetimeMonitor::OnEphemeralTLDDestroyed( + const std::string& storage_domain) { + DCHECK(base::Contains(active_subscriptions_, storage_domain)); + active_subscriptions_.erase(storage_domain); + if (permission_destroyed_callback_) { + permission_destroyed_callback_.Run(storage_domain); + } +} + +} // namespace permissions diff --git a/browser/permissions/chrome_permission_origin_lifetime_monitor.h b/browser/permissions/chrome_permission_origin_lifetime_monitor.h new file mode 100644 index 000000000000..ce53706b7b35 --- /dev/null +++ b/browser/permissions/chrome_permission_origin_lifetime_monitor.h @@ -0,0 +1,43 @@ +/* Copyright (c) 2021 The Brave Authors. All rights reserved. + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef BRAVE_BROWSER_PERMISSIONS_CHROME_PERMISSION_ORIGIN_LIFETIME_MONITOR_H_ +#define BRAVE_BROWSER_PERMISSIONS_CHROME_PERMISSION_ORIGIN_LIFETIME_MONITOR_H_ + +#include "base/containers/flat_set.h" +#include "base/memory/weak_ptr.h" +#include "brave/components/permissions/permission_origin_lifetime_monitor.h" + +class Profile; + +namespace permissions { + +class ChromePermissionOriginLifetimeMonitor + : public PermissionOriginLifetimeMonitor { + public: + ChromePermissionOriginLifetimeMonitor(Profile* profile); + ~ChromePermissionOriginLifetimeMonitor() override; + + void SetOnPermissionOriginDestroyedCallback( + base::RepeatingCallback callback) override; + std::string SubscribeToPermissionOriginDestruction( + const GURL& requesting_origin) override; + + private: + void OnEphemeralTLDDestroyed(const std::string& storage_domain); + + Profile* const profile_ = nullptr; + + base::RepeatingCallback + permission_destroyed_callback_; + base::flat_set active_subscriptions_; + + base::WeakPtrFactory weak_ptr_factory_{ + this}; +}; + +} // namespace permissions + +#endif // BRAVE_BROWSER_PERMISSIONS_CHROME_PERMISSION_ORIGIN_LIFETIME_MONITOR_H_ diff --git a/browser/permissions/permission_lifetime_manager_browsertest.cc b/browser/permissions/permission_lifetime_manager_browsertest.cc index f772a2c98755..c6bcc8503ff0 100644 --- a/browser/permissions/permission_lifetime_manager_browsertest.cc +++ b/browser/permissions/permission_lifetime_manager_browsertest.cc @@ -27,6 +27,7 @@ #include "chrome/test/base/ui_test_utils.h" #include "components/content_settings/core/browser/host_content_settings_map.h" #include "components/content_settings/core/common/content_settings_types.h" +#include "components/network_session_configurator/common/network_switches.h" #include "components/permissions/features.h" #include "components/permissions/request_type.h" #include "components/prefs/pref_service.h" @@ -34,6 +35,7 @@ #include "content/public/browser/web_contents.h" #include "content/public/test/browser_test.h" #include "content/public/test/browser_test_utils.h" +#include "net/base/features.h" #include "net/dns/mock_host_resolver.h" #include "net/test/embedded_test_server/embedded_test_server.h" #include "url/gurl.h" @@ -49,22 +51,31 @@ const char kPreTestDataFileName[] = "pre_test_data"; class PermissionLifetimeManagerBrowserTest : public InProcessBrowserTest { public: - PermissionLifetimeManagerBrowserTest() { + PermissionLifetimeManagerBrowserTest() + : https_server_(net::EmbeddedTestServer::TYPE_HTTPS) { scoped_feature_list_.InitAndEnableFeature(features::kPermissionLifetime); } ~PermissionLifetimeManagerBrowserTest() override = default; + void SetUpCommandLine(base::CommandLine* command_line) override { + InProcessBrowserTest::SetUpCommandLine(command_line); + command_line->AppendSwitch(switches::kIgnoreCertificateErrors); + } + void SetUpOnMainThread() override { PermissionRequestManager* manager = GetPermissionRequestManager(); prompt_factory_.reset(new MockPermissionLifetimePromptFactory(manager)); host_resolver()->AddRule("*", "127.0.0.1"); - ASSERT_TRUE(embedded_test_server()->Start()); + https_server()->ServeFilesFromDirectory(GetChromeTestDataDir()); + ASSERT_TRUE(https_server()->Start()); } void TearDownOnMainThread() override { prompt_factory_.reset(); } + net::EmbeddedTestServer* https_server() { return &https_server_; } + PermissionRequestManager* GetPermissionRequestManager() { return PermissionRequestManager::FromWebContents( browser()->tab_strip_model()->GetActiveWebContents()); @@ -120,12 +131,13 @@ class PermissionLifetimeManagerBrowserTest : public InProcessBrowserTest { protected: base::test::ScopedFeatureList scoped_feature_list_; + net::test_server::EmbeddedTestServer https_server_; std::unique_ptr prompt_factory_; base::Value pre_test_data_{base::Value::Type::DICTIONARY}; }; IN_PROC_BROWSER_TEST_F(PermissionLifetimeManagerBrowserTest, ExpirationSmoke) { - const GURL& url = embedded_test_server()->GetURL("/empty.html"); + const GURL& url = https_server()->GetURL("/empty.html"); ui_test_utils::NavigateToURL(browser(), url); prompt_factory_->set_response_type( PermissionRequestManager::AutoResponseType::ACCEPT_ALL); @@ -169,7 +181,7 @@ IN_PROC_BROWSER_TEST_F(PermissionLifetimeManagerBrowserTest, ExpirationSmoke) { IN_PROC_BROWSER_TEST_F(PermissionLifetimeManagerBrowserTest, PRE_PermissionExpiredAfterRestart) { - const GURL& url = embedded_test_server()->GetURL("/empty.html"); + const GURL& url = https_server()->GetURL("/empty.html"); ui_test_utils::NavigateToURL(browser(), url); prompt_factory_->set_response_type( PermissionRequestManager::AutoResponseType::ACCEPT_ALL); @@ -227,7 +239,7 @@ IN_PROC_BROWSER_TEST_F(PermissionLifetimeManagerBrowserTest, IN_PROC_BROWSER_TEST_F(PermissionLifetimeManagerBrowserTest, ExpirationRemovedAfterManualReset) { - const GURL& url = embedded_test_server()->GetURL("/empty.html"); + const GURL& url = https_server()->GetURL("/empty.html"); ui_test_utils::NavigateToURL(browser(), url); prompt_factory_->set_response_type( PermissionRequestManager::AutoResponseType::ACCEPT_ALL); @@ -257,4 +269,175 @@ IN_PROC_BROWSER_TEST_F(PermissionLifetimeManagerBrowserTest, EXPECT_TRUE(GetExpirationsPrefValue()->DictEmpty()); } +class PermissionLifetimeManagerWithOriginMonitorBrowserTest + : public PermissionLifetimeManagerBrowserTest { + public: + PermissionLifetimeManagerWithOriginMonitorBrowserTest() { + scoped_feature_list_.InitAndEnableFeature( + net::features::kBraveEphemeralStorage); + } + + protected: + base::test::ScopedFeatureList scoped_feature_list_; +}; + +IN_PROC_BROWSER_TEST_F(PermissionLifetimeManagerWithOriginMonitorBrowserTest, + DomainPermissionReset) { + const GURL& url = https_server()->GetURL("host.com", "/empty.html"); + ui_test_utils::NavigateToURL(browser(), url); + prompt_factory_->set_response_type( + PermissionRequestManager::AutoResponseType::ACCEPT_ALL); + + EXPECT_CALL(*prompt_factory_, OnPermissionPromptCreated(_)) + .WillOnce(testing::Invoke([](MockPermissionLifetimePrompt* prompt) { + prompt->delegate()->Requests()[0]->SetLifetime(base::TimeDelta()); + })); + content::ExecuteScriptAsync( + GetActiveMainFrame(), + "navigator.geolocation.getCurrentPosition(function(){});"); + prompt_factory_->WaitForPermissionBubble(); + + EXPECT_EQ(1, prompt_factory_->show_count()); + EXPECT_FALSE(permission_lifetime_timer().IsRunning()); + EXPECT_FALSE(GetExpirationsPrefValue()->DictEmpty()); + + EXPECT_EQ(host_content_settings_map()->GetContentSetting( + url, url, ContentSettingsType::GEOLOCATION), + ContentSetting::CONTENT_SETTING_ALLOW); + + // Navigate to another domain. It should reset the permission. + const GURL& other_url = + https_server()->GetURL("other_host.com", "/empty.html"); + ui_test_utils::NavigateToURL(browser(), other_url); + EXPECT_EQ(host_content_settings_map()->GetContentSetting( + url, url, ContentSettingsType::GEOLOCATION), + ContentSetting::CONTENT_SETTING_ASK); + EXPECT_TRUE(GetExpirationsPrefValue()->DictEmpty()); +} + +IN_PROC_BROWSER_TEST_F(PermissionLifetimeManagerWithOriginMonitorBrowserTest, + FriendlyDomainPermissionKept) { + const GURL& url = https_server()->GetURL("example.com", "/empty.html"); + ui_test_utils::NavigateToURL(browser(), url); + prompt_factory_->set_response_type( + PermissionRequestManager::AutoResponseType::ACCEPT_ALL); + + EXPECT_CALL(*prompt_factory_, OnPermissionPromptCreated(_)) + .WillOnce(testing::Invoke([](MockPermissionLifetimePrompt* prompt) { + prompt->delegate()->Requests()[0]->SetLifetime(base::TimeDelta()); + })); + content::ExecuteScriptAsync( + GetActiveMainFrame(), + "navigator.geolocation.getCurrentPosition(function(){});"); + prompt_factory_->WaitForPermissionBubble(); + + EXPECT_EQ(1, prompt_factory_->show_count()); + EXPECT_FALSE(permission_lifetime_timer().IsRunning()); + EXPECT_FALSE(GetExpirationsPrefValue()->DictEmpty()); + + EXPECT_EQ(host_content_settings_map()->GetContentSetting( + url, url, ContentSettingsType::GEOLOCATION), + ContentSetting::CONTENT_SETTING_ALLOW); + + // Navigate to a subdomain, permission should be kept. + const GURL& sub_url = + https_server()->GetURL("sub.example.com", "/empty.html"); + ui_test_utils::NavigateToURL(browser(), sub_url); + EXPECT_EQ(host_content_settings_map()->GetContentSetting( + url, url, ContentSettingsType::GEOLOCATION), + ContentSetting::CONTENT_SETTING_ALLOW); + EXPECT_FALSE(GetExpirationsPrefValue()->DictEmpty()); + + // Navigate to another domain. It should reset the permission. + const GURL& other_url = + https_server()->GetURL("other_host.com", "/empty.html"); + ui_test_utils::NavigateToURL(browser(), other_url); + EXPECT_EQ(host_content_settings_map()->GetContentSetting( + url, url, ContentSettingsType::GEOLOCATION), + ContentSetting::CONTENT_SETTING_ASK); + EXPECT_TRUE(GetExpirationsPrefValue()->DictEmpty()); +} + +IN_PROC_BROWSER_TEST_F(PermissionLifetimeManagerWithOriginMonitorBrowserTest, + PublicSuffixListDomainPermissionReset) { + const GURL& url = https_server()->GetURL("user.github.io", "/empty.html"); + ui_test_utils::NavigateToURL(browser(), url); + prompt_factory_->set_response_type( + PermissionRequestManager::AutoResponseType::ACCEPT_ALL); + + EXPECT_CALL(*prompt_factory_, OnPermissionPromptCreated(_)) + .WillOnce(testing::Invoke([](MockPermissionLifetimePrompt* prompt) { + prompt->delegate()->Requests()[0]->SetLifetime(base::TimeDelta()); + })); + content::ExecuteScriptAsync( + GetActiveMainFrame(), + "navigator.geolocation.getCurrentPosition(function(){});"); + prompt_factory_->WaitForPermissionBubble(); + + EXPECT_EQ(1, prompt_factory_->show_count()); + EXPECT_FALSE(permission_lifetime_timer().IsRunning()); + EXPECT_FALSE(GetExpirationsPrefValue()->DictEmpty()); + + EXPECT_EQ(host_content_settings_map()->GetContentSetting( + url, url, ContentSettingsType::GEOLOCATION), + ContentSetting::CONTENT_SETTING_ALLOW); + + // Navigate to a subdomain, permission should be kept. + const GURL& sub_url = + https_server()->GetURL("sub.user.github.io", "/empty.html"); + ui_test_utils::NavigateToURL(browser(), sub_url); + EXPECT_EQ(host_content_settings_map()->GetContentSetting( + url, url, ContentSettingsType::GEOLOCATION), + ContentSetting::CONTENT_SETTING_ALLOW); + EXPECT_FALSE(GetExpirationsPrefValue()->DictEmpty()); + + // Navigate to another domain in PSL. It should reset the permission. + const GURL& other_url = + https_server()->GetURL("user2.github.io", "/empty.html"); + ui_test_utils::NavigateToURL(browser(), other_url); + EXPECT_EQ(host_content_settings_map()->GetContentSetting( + url, url, ContentSettingsType::GEOLOCATION), + ContentSetting::CONTENT_SETTING_ASK); + EXPECT_TRUE(GetExpirationsPrefValue()->DictEmpty()); +} + +IN_PROC_BROWSER_TEST_F(PermissionLifetimeManagerWithOriginMonitorBrowserTest, + PRE_DomainPermissionResetAfterRestart) { + const GURL& url = https_server()->GetURL("example.com", "/empty.html"); + ui_test_utils::NavigateToURL(browser(), url); + prompt_factory_->set_response_type( + PermissionRequestManager::AutoResponseType::ACCEPT_ALL); + + EXPECT_CALL(*prompt_factory_, OnPermissionPromptCreated(_)) + .WillOnce(testing::Invoke([](MockPermissionLifetimePrompt* prompt) { + prompt->delegate()->Requests()[0]->SetLifetime(base::TimeDelta()); + })); + content::ExecuteScriptAsync( + GetActiveMainFrame(), + "navigator.geolocation.getCurrentPosition(function(){});"); + prompt_factory_->WaitForPermissionBubble(); + + EXPECT_EQ(1, prompt_factory_->show_count()); + EXPECT_FALSE(permission_lifetime_timer().IsRunning()); + EXPECT_FALSE(GetExpirationsPrefValue()->DictEmpty()); + + EXPECT_EQ(host_content_settings_map()->GetContentSetting( + url, url, ContentSettingsType::GEOLOCATION), + ContentSetting::CONTENT_SETTING_ALLOW); + + pre_test_data_.SetStringKey("url", url.spec()); + WritePreTestData(); +} + +IN_PROC_BROWSER_TEST_F(PermissionLifetimeManagerWithOriginMonitorBrowserTest, + DomainPermissionResetAfterRestart) { + ReadPreTestData(); + const GURL url(*pre_test_data_.FindStringKey("url")); + + EXPECT_EQ(host_content_settings_map()->GetContentSetting( + url, url, ContentSettingsType::GEOLOCATION), + ContentSetting::CONTENT_SETTING_ASK); + EXPECT_TRUE(GetExpirationsPrefValue()->DictEmpty()); +} + } // namespace permissions \ No newline at end of file diff --git a/browser/permissions/permission_lifetime_manager_factory.cc b/browser/permissions/permission_lifetime_manager_factory.cc index 48de8dd136cd..06882307e1f6 100644 --- a/browser/permissions/permission_lifetime_manager_factory.cc +++ b/browser/permissions/permission_lifetime_manager_factory.cc @@ -5,6 +5,7 @@ #include "brave/browser/permissions/permission_lifetime_manager_factory.h" +#include "brave/browser/permissions/chrome_permission_origin_lifetime_monitor.h" #include "brave/components/permissions/permission_lifetime_manager.h" #include "chrome/browser/content_settings/host_content_settings_map_factory.h" #include "chrome/browser/permissions/permission_manager_factory.h" @@ -12,6 +13,7 @@ #include "chrome/browser/profiles/profile.h" #include "components/keyed_service/content/browser_context_dependency_manager.h" #include "components/permissions/features.h" +#include "net/base/features.h" // static permissions::PermissionLifetimeManager* @@ -44,9 +46,17 @@ KeyedService* PermissionLifetimeManagerFactory::BuildServiceInstanceFor( return nullptr; } auto* profile = Profile::FromBrowserContext(context); + std::unique_ptr + permission_origin_lifetime_monitor; + if (base::FeatureList::IsEnabled(net::features::kBraveEphemeralStorage)) { + permission_origin_lifetime_monitor = + std::make_unique( + profile); + } return new permissions::PermissionLifetimeManager( HostContentSettingsMapFactory::GetForProfile(context), - profile->IsOffTheRecord() ? nullptr : profile->GetPrefs()); + profile->IsOffTheRecord() ? nullptr : profile->GetPrefs(), + std::move(permission_origin_lifetime_monitor)); } bool PermissionLifetimeManagerFactory::ServiceIsCreatedWithBrowserContext() diff --git a/browser/permissions/permission_lifetime_manager_unittest.cc b/browser/permissions/permission_lifetime_manager_unittest.cc index 87055940cf16..55474d28d82c 100644 --- a/browser/permissions/permission_lifetime_manager_unittest.cc +++ b/browser/permissions/permission_lifetime_manager_unittest.cc @@ -25,10 +25,12 @@ #include "components/prefs/pref_service.h" #include "components/sync_preferences/testing_pref_service_syncable.h" #include "content/public/test/browser_task_environment.h" +#include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" using content_settings::WebsiteSettingsInfo; using content_settings::WebsiteSettingsRegistry; +using testing::_; namespace permissions { @@ -78,6 +80,35 @@ constexpr base::StringPiece kTwoTypesOneExpirationPrefValue = R"({ } })"; +class MockPermissionOriginLifetimeMonitor + : public PermissionOriginLifetimeMonitor { + public: + MockPermissionOriginLifetimeMonitor() { + ON_CALL(*this, SetOnPermissionOriginDestroyedCallback(_)) + .WillByDefault( + [this](base::RepeatingCallback callback) { + origin_destroyed_callback_ = std::move(callback); + }); + } + + MOCK_METHOD(void, + SetOnPermissionOriginDestroyedCallback, + (base::RepeatingCallback callback), + (override)); + MOCK_METHOD(std::string, + SubscribeToPermissionOriginDestruction, + (const GURL& requesting_origin), + (override)); + + void NotifyOriginDestroyed(const std::string& origin) { + ASSERT_TRUE(origin_destroyed_callback_); + origin_destroyed_callback_.Run(origin); + } + + private: + base::RepeatingCallback origin_destroyed_callback_; +}; + } // namespace class PermissionLifetimeManagerTest : public testing::Test { @@ -100,10 +131,16 @@ class PermissionLifetimeManagerTest : public testing::Test { PrefService* prefs() { return profile_.GetPrefs(); } + virtual std::unique_ptr + GetPermissionOriginLifetimeMonitor() { + return nullptr; + } + PermissionLifetimeManager* manager() { if (!manager_) { manager_ = std::make_unique( - host_content_settings_map_, prefs()); + host_content_settings_map_, prefs(), + GetPermissionOriginLifetimeMonitor()); } return manager_.get(); } @@ -516,4 +553,161 @@ TEST_F(PermissionLifetimeManagerTest, ClearAllExpiredAfterRestart) { ContentSetting::CONTENT_SETTING_DEFAULT); } +class PermissionLifetimeManagerWithOriginMonitorTest + : public PermissionLifetimeManagerTest { + public: + std::unique_ptr + GetPermissionOriginLifetimeMonitor() override { + auto monitor = std::make_unique(); + origin_lifetime_monitor_ = monitor.get(); + EXPECT_CALL(*origin_lifetime_monitor_, + SetOnPermissionOriginDestroyedCallback(_)); + return monitor; + } + + protected: + MockPermissionOriginLifetimeMonitor* origin_lifetime_monitor_ = nullptr; +}; + +TEST_F(PermissionLifetimeManagerWithOriginMonitorTest, + SetAndResetDomainPermission) { + // Create a manager with a mocked origin lifetime monitor. + ASSERT_TRUE(manager()); + auto request(CreateRequestAndAllowContentSetting( + kOrigin, ContentSettingsType::NOTIFICATIONS, base::TimeDelta())); + EXPECT_CALL(*origin_lifetime_monitor_, + SubscribeToPermissionOriginDestruction(kOrigin)) + .WillOnce(testing::Return(kOrigin.host())); + manager()->PermissionDecided(*request, kOrigin, kOrigin, + ContentSetting::CONTENT_SETTING_ALLOW, false); + EXPECT_FALSE(timer().IsRunning()); + + // Check data stored in prefs. + CheckExpirationsPref(FROM_HERE, kOneTypeOneExpirationPrefValue, + {"notifications", kOrigin.host(), kOrigin.spec()}); + + // Invalid host destroy shouldn't trigger any reset. + origin_lifetime_monitor_->NotifyOriginDestroyed("test.com"); + CheckExpirationsPref(FROM_HERE, kOneTypeOneExpirationPrefValue, + {"notifications", kOrigin.host(), kOrigin.spec()}); + + // Destroy origin, this should trigger a setting reset to default state. + origin_lifetime_monitor_->NotifyOriginDestroyed(kOrigin.host()); + ExpectContentSetting(FROM_HERE, kOrigin, ContentSettingsType::NOTIFICATIONS, + ContentSetting::CONTENT_SETTING_DEFAULT); + + // Prefs data should be empty. + CheckExpirationsPref(FROM_HERE, "{}"); +} + +TEST_F(PermissionLifetimeManagerWithOriginMonitorTest, + ResetAllDomainsAfterRestart) { + // Create a manager with a mocked origin lifetime monitor. + ASSERT_TRUE(manager()); + auto request(CreateRequestAndAllowContentSetting( + kOrigin, ContentSettingsType::NOTIFICATIONS, base::TimeDelta())); + auto request2(CreateRequestAndAllowContentSetting( + kOrigin2, ContentSettingsType::NOTIFICATIONS, base::TimeDelta())); + EXPECT_CALL(*origin_lifetime_monitor_, + SubscribeToPermissionOriginDestruction(kOrigin)) + .WillOnce(testing::Return(kOrigin.host())); + EXPECT_CALL(*origin_lifetime_monitor_, + SubscribeToPermissionOriginDestruction(kOrigin2)) + .WillOnce(testing::Return(kOrigin2.host())); + manager()->PermissionDecided(*request, kOrigin, kOrigin, + ContentSetting::CONTENT_SETTING_ALLOW, false); + manager()->PermissionDecided(*request2, kOrigin2, kOrigin2, + ContentSetting::CONTENT_SETTING_ALLOW, false); + EXPECT_FALSE(timer().IsRunning()); + + // Check data stored in prefs. + CheckExpirationsPref(FROM_HERE, kOneTypeTwoExpirationsPrefValue, + {"notifications", kOrigin.host(), kOrigin.spec(), + kOrigin2.host(), kOrigin2.spec()}); + + ResetManager(); + // This will create a new PermissionLifetimeManager instance. + ASSERT_TRUE(manager()); + + ExpectContentSetting(FROM_HERE, kOrigin, ContentSettingsType::NOTIFICATIONS, + ContentSetting::CONTENT_SETTING_DEFAULT); + ExpectContentSetting(FROM_HERE, kOrigin2, ContentSettingsType::NOTIFICATIONS, + ContentSetting::CONTENT_SETTING_DEFAULT); + + // Prefs data should be empty. + CheckExpirationsPref(FROM_HERE, "{}"); +} + +TEST_F(PermissionLifetimeManagerWithOriginMonitorTest, + TimeAndDomainKeyedPermissionsWorks) { + // Create a manager with a mocked origin lifetime monitor. + ASSERT_TRUE(manager()); + auto request(CreateRequestAndAllowContentSetting( + kOrigin, ContentSettingsType::NOTIFICATIONS, kLifetime)); + const base::Time expected_expiration_time = + base::Time::Now() + *request->GetLifetime(); + auto request2(CreateRequestAndAllowContentSetting( + kOrigin2, ContentSettingsType::NOTIFICATIONS, base::TimeDelta())); + EXPECT_CALL(*origin_lifetime_monitor_, + SubscribeToPermissionOriginDestruction(kOrigin)) + .Times(0); + EXPECT_CALL(*origin_lifetime_monitor_, + SubscribeToPermissionOriginDestruction(kOrigin2)) + .WillOnce(testing::Return(kOrigin2.host())); + manager()->PermissionDecided(*request, kOrigin, kOrigin, + ContentSetting::CONTENT_SETTING_ALLOW, false); + manager()->PermissionDecided(*request2, kOrigin2, kOrigin2, + ContentSetting::CONTENT_SETTING_ALLOW, false); + EXPECT_TRUE(timer().IsRunning()); + + // Check data stored in prefs. + CheckExpirationsPref( + FROM_HERE, kOneTypeTwoExpirationsPrefValue, + {"notifications", + std::to_string(expected_expiration_time.ToDeltaSinceWindowsEpoch() + .InMicroseconds()), + kOrigin.spec(), kOrigin2.host(), kOrigin2.spec()}); + + browser_task_environment_.FastForwardBy(*request->GetLifetime()); + ExpectContentSetting(FROM_HERE, kOrigin, ContentSettingsType::NOTIFICATIONS, + ContentSetting::CONTENT_SETTING_DEFAULT); + ExpectContentSetting(FROM_HERE, kOrigin2, ContentSettingsType::NOTIFICATIONS, + ContentSetting::CONTENT_SETTING_ALLOW); + + // Check data stored in prefs. + CheckExpirationsPref(FROM_HERE, kOneTypeOneExpirationPrefValue, + {"notifications", kOrigin2.host(), kOrigin2.spec()}); + + // Destroy origin, this should trigger a setting reset to default state. + origin_lifetime_monitor_->NotifyOriginDestroyed(kOrigin2.host()); + ExpectContentSetting(FROM_HERE, kOrigin2, ContentSettingsType::NOTIFICATIONS, + ContentSetting::CONTENT_SETTING_DEFAULT); + + // Prefs data should be empty. + CheckExpirationsPref(FROM_HERE, "{}"); +} + +TEST_F(PermissionLifetimeManagerWithOriginMonitorTest, + PermissionResetIfDomainKeyIsEmpty) { + // Create a manager with a mocked origin lifetime monitor. + ASSERT_TRUE(manager()); + auto request(CreateRequestAndAllowContentSetting( + kOrigin, ContentSettingsType::NOTIFICATIONS, base::TimeDelta())); + EXPECT_CALL(*origin_lifetime_monitor_, + SubscribeToPermissionOriginDestruction(kOrigin)) + .WillOnce(testing::Return(std::string())); + manager()->PermissionDecided(*request, kOrigin, kOrigin, + ContentSetting::CONTENT_SETTING_ALLOW, false); + + // Nothing should be stored in prefs. + CheckExpirationsPref(FROM_HERE, "{}"); + + // Permission should be reset on the next loop. + ExpectContentSetting(FROM_HERE, kOrigin, ContentSettingsType::NOTIFICATIONS, + ContentSetting::CONTENT_SETTING_ALLOW); + browser_task_environment_.RunUntilIdle(); + ExpectContentSetting(FROM_HERE, kOrigin, ContentSettingsType::NOTIFICATIONS, + ContentSetting::CONTENT_SETTING_DEFAULT); +} + } // namespace permissions diff --git a/browser/permissions/sources.gni b/browser/permissions/sources.gni index b03c17c25b4b..65553f7bb714 100644 --- a/browser/permissions/sources.gni +++ b/browser/permissions/sources.gni @@ -1,4 +1,6 @@ brave_browser_permissions_sources = [ + "//brave/browser/permissions/chrome_permission_origin_lifetime_monitor.cc", + "//brave/browser/permissions/chrome_permission_origin_lifetime_monitor.h", "//brave/browser/permissions/permission_lifetime_manager_factory.cc", "//brave/browser/permissions/permission_lifetime_manager_factory.h", ] diff --git a/chromium_src/content/browser/tld_ephemeral_lifetime.cc b/chromium_src/content/browser/tld_ephemeral_lifetime.cc index c1547c7db66c..f66247eba7ba 100644 --- a/chromium_src/content/browser/tld_ephemeral_lifetime.cc +++ b/chromium_src/content/browser/tld_ephemeral_lifetime.cc @@ -6,6 +6,7 @@ #include "content/public/browser/tld_ephemeral_lifetime.h" #include + #include "base/no_destructor.h" #include "services/network/public/mojom/cookie_manager.mojom.h" @@ -29,10 +30,11 @@ TLDEphemeralLifetimeMap& active_tld_storage_areas() { TLDEphemeralLifetime::TLDEphemeralLifetime(TLDEphemeralLifetimeKey key, StoragePartition* storage_partition) - : key_(key), storage_partition_(storage_partition) { - DCHECK(active_tld_storage_areas().find(key) == + : key_(std::move(key)), storage_partition_(storage_partition) { + DCHECK(active_tld_storage_areas().find(key_) == active_tld_storage_areas().end()); - active_tld_storage_areas().emplace(key, weak_factory_.GetWeakPtr()); + DCHECK(storage_partition_); + active_tld_storage_areas().emplace(key_, weak_factory_.GetWeakPtr()); } TLDEphemeralLifetime::~TLDEphemeralLifetime() { @@ -41,27 +43,46 @@ TLDEphemeralLifetime::~TLDEphemeralLifetime() { storage_partition_->GetCookieManagerForBrowserProcess()->DeleteCookies( std::move(filter), base::NullCallback()); + if (!on_destroy_callbacks_.empty()) { + auto on_destroy_callbacks = std::move(on_destroy_callbacks_); + for (auto& callback : on_destroy_callbacks) { + std::move(callback).Run(key_.second); + } + } + active_tld_storage_areas().erase(key_); } TLDEphemeralLifetime* TLDEphemeralLifetime::Get(BrowserContext* browser_context, std::string storage_domain) { - TLDEphemeralLifetimeKey key = std::make_pair(browser_context, storage_domain); - auto it = active_tld_storage_areas().find(key); - DCHECK(it == active_tld_storage_areas().end() || it->second.get()); - return it != active_tld_storage_areas().end() ? it->second.get() : nullptr; + const TLDEphemeralLifetimeKey key(browser_context, std::move(storage_domain)); + return Get(key); } scoped_refptr TLDEphemeralLifetime::GetOrCreate( BrowserContext* browser_context, StoragePartition* storage_partition, std::string storage_domain) { - if (TLDEphemeralLifetime* existing = Get(browser_context, storage_domain)) { + TLDEphemeralLifetimeKey key(browser_context, std::move(storage_domain)); + if (scoped_refptr existing = Get(key)) { return existing; } - TLDEphemeralLifetimeKey key = std::make_pair(browser_context, storage_domain); - return base::MakeRefCounted(key, storage_partition); + return base::MakeRefCounted(std::move(key), + storage_partition); +} + +// static +TLDEphemeralLifetime* TLDEphemeralLifetime::Get( + const TLDEphemeralLifetimeKey& key) { + auto it = active_tld_storage_areas().find(key); + DCHECK(it == active_tld_storage_areas().end() || it->second.get()); + return it != active_tld_storage_areas().end() ? it->second.get() : nullptr; +} + +void TLDEphemeralLifetime::RegisterOnDestroyCallback( + OnDestroyCallback callback) { + on_destroy_callbacks_.push_back(std::move(callback)); } } // namespace content diff --git a/chromium_src/content/public/browser/tld_ephemeral_lifetime.h b/chromium_src/content/public/browser/tld_ephemeral_lifetime.h index c242fc452748..09e22b239aea 100644 --- a/chromium_src/content/public/browser/tld_ephemeral_lifetime.h +++ b/chromium_src/content/public/browser/tld_ephemeral_lifetime.h @@ -8,6 +8,9 @@ #include #include +#include + +#include "base/callback.h" #include "base/memory/ref_counted.h" #include "base/memory/weak_ptr.h" #include "content/common/content_export.h" @@ -36,20 +39,29 @@ using TLDEphemeralLifetimeKey = class CONTENT_EXPORT TLDEphemeralLifetime : public base::RefCounted { public: + using OnDestroyCallback = base::OnceCallback; + TLDEphemeralLifetime(TLDEphemeralLifetimeKey key, StoragePartition* storage_partition); - static TLDEphemeralLifetime* Get(BrowserContext*, std::string storage_domain); + static TLDEphemeralLifetime* Get(BrowserContext* browser_context, + std::string storage_domain); static scoped_refptr GetOrCreate( BrowserContext* browser_context, StoragePartition* storage_partition, std::string storage_domain); + // Add a callback to a callback list to be called on destruction. + void RegisterOnDestroyCallback(OnDestroyCallback callback); + private: friend class RefCounted; virtual ~TLDEphemeralLifetime(); + static TLDEphemeralLifetime* Get(const TLDEphemeralLifetimeKey& key); + TLDEphemeralLifetimeKey key_; StoragePartition* storage_partition_; + std::vector on_destroy_callbacks_; base::WeakPtrFactory weak_factory_{this}; }; diff --git a/components/permissions/permission_lifetime_manager.cc b/components/permissions/permission_lifetime_manager.cc index a678e48bd186..e80cd728a788 100644 --- a/components/permissions/permission_lifetime_manager.cc +++ b/components/permissions/permission_lifetime_manager.cc @@ -9,6 +9,7 @@ #include "base/auto_reset.h" #include "base/stl_util.h" +#include "base/threading/sequenced_task_runner_handle.h" #include "brave/components/permissions/permission_lifetime_pref_names.h" #include "components/content_settings/core/browser/content_settings_registry.h" #include "components/content_settings/core/browser/content_settings_utils.h" @@ -34,9 +35,13 @@ void PermissionLifetimeManager::RegisterProfilePrefs( PermissionLifetimeManager::PermissionLifetimeManager( HostContentSettingsMap* host_content_settings_map, - PrefService* prefs) + PrefService* prefs, + std::unique_ptr + permission_origin_lifetime_monitor) : host_content_settings_map_(host_content_settings_map), prefs_(prefs), + permission_origin_lifetime_monitor_( + std::move(permission_origin_lifetime_monitor)), permission_expirations_(prefs_), expiration_timer_(std::make_unique()) { DCHECK(host_content_settings_map_); @@ -44,6 +49,14 @@ PermissionLifetimeManager::PermissionLifetimeManager( ResetExpiredPermissionsAndUpdateTimer(base::Time::Now()); + if (permission_origin_lifetime_monitor_) { + ResetAllDomainPermissions(); + permission_origin_lifetime_monitor_->SetOnPermissionOriginDestroyedCallback( + base::BindRepeating( + &PermissionLifetimeManager::OnPermissionOriginDestroyed, + base::Unretained(this))); + } + host_content_settings_map_observation_.Observe(host_content_settings_map_); } @@ -51,6 +64,7 @@ PermissionLifetimeManager::~PermissionLifetimeManager() {} void PermissionLifetimeManager::Shutdown() { host_content_settings_map_observation_.Reset(); + permission_origin_lifetime_monitor_.reset(); StopExpirationTimer(); } @@ -68,14 +82,13 @@ void PermissionLifetimeManager::PermissionDecided( } const auto& lifetime = permission_request.GetLifetime(); - if (!lifetime || *lifetime == base::TimeDelta()) { + if (!lifetime) { // If no lifetime is set, then we don't need to do anything here. return; } const ContentSettingsType content_type = permission_request.GetContentSettingsType(); - const base::Time expiration_time = base::Time::Now() + *lifetime; DVLOG(1) << "PermissionLifetimeManager::PermissionDecided" << "\ntype: " @@ -87,11 +100,32 @@ void PermissionLifetimeManager::PermissionDecided( << "\nlifetime: " << permission_request.GetLifetime()->InSeconds() << " seconds"; - permission_expirations_.AddExpiringPermission( - content_type, PermissionExpirationKey(expiration_time), - PermissionOrigins(requesting_origin, embedding_origin)); - - UpdateExpirationTimer(); + if (*lifetime == base::TimeDelta()) { + DCHECK(permission_origin_lifetime_monitor_); + std::string key = + permission_origin_lifetime_monitor_ + ->SubscribeToPermissionOriginDestruction(requesting_origin); + if (key.empty()) { + // There is no any active origin with this key, so reset the permission + // right away. PostTask is required because at this point the permission + // is not stored in HostContentSettingsMap yet. + base::SequencedTaskRunnerHandle::Get()->PostTask( + FROM_HERE, + base::BindOnce(&PermissionLifetimeManager::ResetPermission, + weak_ptr_factory_.GetWeakPtr(), content_type, + requesting_origin, embedding_origin)); + return; + } + permission_expirations_.AddExpiringPermission( + content_type, PermissionExpirationKey(std::move(key)), + PermissionOrigins(requesting_origin, embedding_origin)); + } else { + const base::Time expiration_time = base::Time::Now() + *lifetime; + permission_expirations_.AddExpiringPermission( + content_type, PermissionExpirationKey(expiration_time), + PermissionOrigins(requesting_origin, embedding_origin)); + UpdateExpirationTimer(); + } } void PermissionLifetimeManager::OnContentSettingChanged( @@ -201,13 +235,47 @@ void PermissionLifetimeManager::ResetExpiredPermissionsAndUpdateTimer( const auto& content_type = expired_permissions.first; const auto& expiring_permissions = expired_permissions.second; for (const auto& expiring_permission : expiring_permissions) { - host_content_settings_map_->SetContentSettingDefaultScope( - expiring_permission.requesting_origin(), - expiring_permission.embedding_origin(), content_type, - CONTENT_SETTING_DEFAULT); + ResetPermission(content_type, expiring_permission.requesting_origin(), + expiring_permission.embedding_origin()); } } UpdateExpirationTimer(); } +void PermissionLifetimeManager::OnPermissionOriginDestroyed( + const std::string& origin_key) { + base::AutoReset auto_reset(&is_currently_removing_permissions_, true); + for (const auto& expired_permissions : + permission_expirations_.RemoveExpiredPermissions(origin_key)) { + const auto& content_type = expired_permissions.first; + const auto& expiring_permissions = expired_permissions.second; + for (const auto& expiring_permission : expiring_permissions) { + ResetPermission(content_type, expiring_permission.requesting_origin(), + expiring_permission.embedding_origin()); + } + } +} + +void PermissionLifetimeManager::ResetAllDomainPermissions() { + base::AutoReset auto_reset(&is_currently_removing_permissions_, true); + for (const auto& expired_permissions : + permission_expirations_.RemoveAllDomainPermissions()) { + const auto& content_type = expired_permissions.first; + const auto& expiring_permissions = expired_permissions.second; + for (const auto& expiring_permission : expiring_permissions) { + ResetPermission(content_type, expiring_permission.requesting_origin(), + expiring_permission.embedding_origin()); + } + } +} + +void PermissionLifetimeManager::ResetPermission( + ContentSettingsType content_type, + const GURL& requesting_origin, + const GURL& embedding_origin) { + host_content_settings_map_->SetContentSettingDefaultScope( + requesting_origin, embedding_origin, content_type, + CONTENT_SETTING_DEFAULT); +} + } // namespace permissions diff --git a/components/permissions/permission_lifetime_manager.h b/components/permissions/permission_lifetime_manager.h index a9ee17b56edb..539ed5184ed2 100644 --- a/components/permissions/permission_lifetime_manager.h +++ b/components/permissions/permission_lifetime_manager.h @@ -9,9 +9,11 @@ #include #include +#include "base/memory/weak_ptr.h" #include "base/scoped_observation.h" #include "base/util/timer/wall_clock_timer.h" #include "brave/components/permissions/permission_expirations.h" +#include "brave/components/permissions/permission_origin_lifetime_monitor.h" #include "components/content_settings/core/browser/content_settings_observer.h" #include "components/content_settings/core/browser/host_content_settings_map.h" #include "components/content_settings/core/common/content_settings.h" @@ -35,7 +37,9 @@ class PermissionLifetimeManager : public KeyedService, static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry); PermissionLifetimeManager(HostContentSettingsMap* host_content_settings_map, - PrefService* prefs); + PrefService* prefs, + std::unique_ptr + permission_origin_lifetime_monitor); PermissionLifetimeManager(const PermissionLifetimeManager&) = delete; PermissionLifetimeManager& operator=(const PermissionLifetimeManager&) = delete; @@ -71,9 +75,18 @@ class PermissionLifetimeManager : public KeyedService, void OnExpirationTimer(); void ResetExpiredPermissionsAndUpdateTimer( base::Time current_expiration_time); + // Resets permission, updates pref. + void OnPermissionOriginDestroyed(const std::string& origin_key); + void ResetAllDomainPermissions(); + void ResetPermission(ContentSettingsType content_type, + const GURL& requesting_origin, + const GURL& embedding_origin); HostContentSettingsMap* const host_content_settings_map_ = nullptr; PrefService* const prefs_ = nullptr; + // Origin lifetime monitor enables origin-based permission lifetime support. + std::unique_ptr + permission_origin_lifetime_monitor_; // Expirations data from prefs used at runtime. Kept in sync with prefs. PermissionExpirations permission_expirations_; // WallClockTimer to reset permissions properly even if a machine was put in @@ -89,6 +102,8 @@ class PermissionLifetimeManager : public KeyedService, // Flag to ignore notifications from HostContentSettingsMap when a permission // reset is in progress. bool is_currently_removing_permissions_ = false; + + base::WeakPtrFactory weak_ptr_factory_{this}; }; } // namespace permissions diff --git a/components/permissions/permission_lifetime_utils.cc b/components/permissions/permission_lifetime_utils.cc index dc763b9e5041..74baf050124f 100644 --- a/components/permissions/permission_lifetime_utils.cc +++ b/components/permissions/permission_lifetime_utils.cc @@ -12,6 +12,7 @@ #include "base/strings/utf_string_conversions.h" #include "components/grit/brave_components_strings.h" #include "components/permissions/features.h" +#include "net/base/features.h" #include "ui/base/l10n/l10n_util.h" namespace permissions { @@ -42,17 +43,15 @@ base::Optional GetTestSecondsOption() { std::vector CreatePermissionLifetimeOptions() { std::vector options; - const size_t kOptionsCount = 3; + const size_t kOptionsCount = 4; options.reserve(kOptionsCount); - // TODO(https://github.com/brave/brave-browser/issues/14126): Add support for - // "until page is closed" lifetime. -#if 0 - options.emplace_back(PermissionLifetimeOption( - l10n_util::GetStringUTF16( - IDS_PERMISSIONS_BUBBLE_UNTIL_PAGE_CLOSE_LIFETIME_OPTION), - base::TimeDelta())); -#endif // 0 + if (base::FeatureList::IsEnabled(net::features::kBraveEphemeralStorage)) { + options.emplace_back(PermissionLifetimeOption( + l10n_util::GetStringUTF16( + IDS_PERMISSIONS_BUBBLE_UNTIL_PAGE_CLOSE_LIFETIME_OPTION), + base::TimeDelta())); + } options.emplace_back(PermissionLifetimeOption( l10n_util::GetStringUTF16( IDS_PERMISSIONS_BUBBLE_24_HOURS_LIFETIME_OPTION), @@ -63,7 +62,7 @@ std::vector CreatePermissionLifetimeOptions() { options.emplace_back(PermissionLifetimeOption( l10n_util::GetStringUTF16(IDS_PERMISSIONS_BUBBLE_FOREVER_LIFETIME_OPTION), base::nullopt)); - DCHECK_EQ(options.size(), kOptionsCount); + DCHECK_LE(options.size(), kOptionsCount); // This is strictly for manual testing. if (auto test_seconds_option = GetTestSecondsOption()) { diff --git a/components/permissions/permission_origin_lifetime_monitor.h b/components/permissions/permission_origin_lifetime_monitor.h new file mode 100644 index 000000000000..25940195be24 --- /dev/null +++ b/components/permissions/permission_origin_lifetime_monitor.h @@ -0,0 +1,36 @@ +/* Copyright (c) 2021 The Brave Authors. All rights reserved. + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef BRAVE_COMPONENTS_PERMISSIONS_PERMISSION_ORIGIN_LIFETIME_MONITOR_H_ +#define BRAVE_COMPONENTS_PERMISSIONS_PERMISSION_ORIGIN_LIFETIME_MONITOR_H_ + +#include + +#include "base/callback.h" +#include "url/gurl.h" + +namespace permissions { + +// Helper to support an origin-based permission lifetime logic. +class PermissionOriginLifetimeMonitor { + public: + virtual ~PermissionOriginLifetimeMonitor() = default; + + // Set a callback to call when a permission origin is destroyed. + // Callback will receive a string returned by + // |SubscribeToPermissionOriginDestruction|. + virtual void SetOnPermissionOriginDestroyedCallback( + base::RepeatingCallback callback) = 0; + + // Subscribe to a permission origin destruction. Returns a string key which + // will be used in a callback. An empty key can be returned if a permission + // origin can not be observed. + virtual std::string SubscribeToPermissionOriginDestruction( + const GURL& requesting_origin) = 0; +}; + +} // namespace permissions + +#endif // BRAVE_COMPONENTS_PERMISSIONS_PERMISSION_ORIGIN_LIFETIME_MONITOR_H_ diff --git a/components/permissions/sources.gni b/components/permissions/sources.gni index 9f0b8d038796..90a51a00973d 100644 --- a/components/permissions/sources.gni +++ b/components/permissions/sources.gni @@ -10,6 +10,7 @@ brave_components_permissions_sources = [ "//brave/components/permissions/permission_lifetime_pref_names.h", "//brave/components/permissions/permission_lifetime_utils.cc", "//brave/components/permissions/permission_lifetime_utils.h", + "//brave/components/permissions/permission_origin_lifetime_monitor.h", "//brave/components/permissions/permission_origins.cc", "//brave/components/permissions/permission_origins.h", ] From af8a171d2394ecaddfcaf3d06fe55b3a33006d51 Mon Sep 17 00:00:00 2001 From: Aleksey Khoroshilov Date: Fri, 2 Apr 2021 15:48:03 +0700 Subject: [PATCH 3/9] Fix linter issues. --- .../permissions/chrome_permission_origin_lifetime_monitor.cc | 2 ++ .../permissions/chrome_permission_origin_lifetime_monitor.h | 2 ++ browser/permissions/permission_lifetime_manager_browsertest.cc | 2 +- browser/permissions/permission_lifetime_manager_factory.cc | 3 +++ .../chrome/browser/permissions/permission_manager_factory.cc | 2 +- components/permissions/permission_expiration_key.cc | 2 ++ components/permissions/permission_expirations.cc | 2 ++ components/permissions/permission_expirations.h | 2 ++ components/permissions/permission_expirations_unittest.cc | 1 + components/permissions/permission_lifetime_manager.cc | 1 + components/permissions/permission_lifetime_manager.h | 1 + components/permissions/permission_lifetime_pref_names.h | 3 ++- components/permissions/permission_lifetime_utils.cc | 3 +++ 13 files changed, 23 insertions(+), 3 deletions(-) diff --git a/browser/permissions/chrome_permission_origin_lifetime_monitor.cc b/browser/permissions/chrome_permission_origin_lifetime_monitor.cc index fd0ccd121f7e..c9ef9f7ef560 100644 --- a/browser/permissions/chrome_permission_origin_lifetime_monitor.cc +++ b/browser/permissions/chrome_permission_origin_lifetime_monitor.cc @@ -5,6 +5,8 @@ #include "brave/browser/permissions/chrome_permission_origin_lifetime_monitor.h" +#include + #include "base/stl_util.h" #include "brave/browser/ephemeral_storage/ephemeral_storage_tab_helper.h" #include "chrome/browser/profiles/profile.h" diff --git a/browser/permissions/chrome_permission_origin_lifetime_monitor.h b/browser/permissions/chrome_permission_origin_lifetime_monitor.h index ce53706b7b35..3c6ca21c4053 100644 --- a/browser/permissions/chrome_permission_origin_lifetime_monitor.h +++ b/browser/permissions/chrome_permission_origin_lifetime_monitor.h @@ -6,6 +6,8 @@ #ifndef BRAVE_BROWSER_PERMISSIONS_CHROME_PERMISSION_ORIGIN_LIFETIME_MONITOR_H_ #define BRAVE_BROWSER_PERMISSIONS_CHROME_PERMISSION_ORIGIN_LIFETIME_MONITOR_H_ +#include + #include "base/containers/flat_set.h" #include "base/memory/weak_ptr.h" #include "brave/components/permissions/permission_origin_lifetime_monitor.h" diff --git a/browser/permissions/permission_lifetime_manager_browsertest.cc b/browser/permissions/permission_lifetime_manager_browsertest.cc index c6bcc8503ff0..d481f4b0370e 100644 --- a/browser/permissions/permission_lifetime_manager_browsertest.cc +++ b/browser/permissions/permission_lifetime_manager_browsertest.cc @@ -440,4 +440,4 @@ IN_PROC_BROWSER_TEST_F(PermissionLifetimeManagerWithOriginMonitorBrowserTest, EXPECT_TRUE(GetExpirationsPrefValue()->DictEmpty()); } -} // namespace permissions \ No newline at end of file +} // namespace permissions diff --git a/browser/permissions/permission_lifetime_manager_factory.cc b/browser/permissions/permission_lifetime_manager_factory.cc index 06882307e1f6..93d27cbb533b 100644 --- a/browser/permissions/permission_lifetime_manager_factory.cc +++ b/browser/permissions/permission_lifetime_manager_factory.cc @@ -5,6 +5,9 @@ #include "brave/browser/permissions/permission_lifetime_manager_factory.h" +#include +#include + #include "brave/browser/permissions/chrome_permission_origin_lifetime_monitor.h" #include "brave/components/permissions/permission_lifetime_manager.h" #include "chrome/browser/content_settings/host_content_settings_map_factory.h" diff --git a/chromium_src/chrome/browser/permissions/permission_manager_factory.cc b/chromium_src/chrome/browser/permissions/permission_manager_factory.cc index 8bf5fc78ecd7..e102e5a32bc0 100644 --- a/chromium_src/chrome/browser/permissions/permission_manager_factory.cc +++ b/chromium_src/chrome/browser/permissions/permission_manager_factory.cc @@ -34,4 +34,4 @@ KeyedService* PermissionManagerFactory::BuildServiceInstanceFor( } return new permissions::PermissionManager(profile, std::move(permission_contexts)); -} \ No newline at end of file +} diff --git a/components/permissions/permission_expiration_key.cc b/components/permissions/permission_expiration_key.cc index b238ae0e75bd..7bbae1765335 100644 --- a/components/permissions/permission_expiration_key.cc +++ b/components/permissions/permission_expiration_key.cc @@ -5,6 +5,8 @@ #include "brave/components/permissions/permission_expiration_key.h" +#include + #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" diff --git a/components/permissions/permission_expirations.cc b/components/permissions/permission_expirations.cc index 350bce5823f9..18b9309f90e8 100644 --- a/components/permissions/permission_expirations.cc +++ b/components/permissions/permission_expirations.cc @@ -6,6 +6,8 @@ #include "brave/components/permissions/permission_expirations.h" #include +#include +#include #include "base/stl_util.h" #include "base/strings/strcat.h" diff --git a/components/permissions/permission_expirations.h b/components/permissions/permission_expirations.h index a1c504a3cb24..d5c4554c0d2d 100644 --- a/components/permissions/permission_expirations.h +++ b/components/permissions/permission_expirations.h @@ -7,6 +7,8 @@ #define BRAVE_COMPONENTS_PERMISSIONS_PERMISSION_EXPIRATIONS_H_ #include +#include +#include #include #include "base/callback.h" diff --git a/components/permissions/permission_expirations_unittest.cc b/components/permissions/permission_expirations_unittest.cc index 14134323916a..95629c29fd1d 100644 --- a/components/permissions/permission_expirations_unittest.cc +++ b/components/permissions/permission_expirations_unittest.cc @@ -6,6 +6,7 @@ #include "brave/components/permissions/permission_expirations.h" #include +#include #include "base/stl_util.h" #include "base/strings/strcat.h" diff --git a/components/permissions/permission_lifetime_manager.cc b/components/permissions/permission_lifetime_manager.cc index e80cd728a788..c4f3ef57e21b 100644 --- a/components/permissions/permission_lifetime_manager.cc +++ b/components/permissions/permission_lifetime_manager.cc @@ -6,6 +6,7 @@ #include "brave/components/permissions/permission_lifetime_manager.h" #include +#include #include "base/auto_reset.h" #include "base/stl_util.h" diff --git a/components/permissions/permission_lifetime_manager.h b/components/permissions/permission_lifetime_manager.h index 539ed5184ed2..f3da4cb179cb 100644 --- a/components/permissions/permission_lifetime_manager.h +++ b/components/permissions/permission_lifetime_manager.h @@ -8,6 +8,7 @@ #include #include +#include #include "base/memory/weak_ptr.h" #include "base/scoped_observation.h" diff --git a/components/permissions/permission_lifetime_pref_names.h b/components/permissions/permission_lifetime_pref_names.h index 014f6c7cf05b..a85980d18048 100644 --- a/components/permissions/permission_lifetime_pref_names.h +++ b/components/permissions/permission_lifetime_pref_names.h @@ -12,7 +12,8 @@ namespace prefs { // General pref for all permission lifetime logic. constexpr char kPermissionLifetimeRoot[] = "permission_lifetime"; // Expiration pref to store currently expiring permissions. -constexpr char kPermissionLifetimeExpirations[] = "permission_lifetime.expirations"; +constexpr char kPermissionLifetimeExpirations[] = + "permission_lifetime.expirations"; } // namespace prefs } // namespace permissions diff --git a/components/permissions/permission_lifetime_utils.cc b/components/permissions/permission_lifetime_utils.cc index 74baf050124f..b8d79b8b0544 100644 --- a/components/permissions/permission_lifetime_utils.cc +++ b/components/permissions/permission_lifetime_utils.cc @@ -5,6 +5,9 @@ #include "brave/components/permissions/permission_lifetime_utils.h" +#include +#include + #include "base/command_line.h" #include "base/optional.h" #include "base/strings/string_number_conversions.h" From 1d360613e17908851b5c490d1cea1562f4c46946 Mon Sep 17 00:00:00 2001 From: Aleksey Khoroshilov Date: Fri, 2 Apr 2021 19:18:44 +0700 Subject: [PATCH 4/9] Rename permission origin lifetime monitor. --- ...ave_permission_origin_lifetime_monitor.cc} | 28 ++++------ ...brave_permission_origin_lifetime_monitor.h | 55 +++++++++++++++++++ ...hrome_permission_origin_lifetime_monitor.h | 45 --------------- .../permission_lifetime_manager_factory.cc | 8 +-- browser/permissions/sources.gni | 4 +- 5 files changed, 73 insertions(+), 67 deletions(-) rename browser/permissions/{chrome_permission_origin_lifetime_monitor.cc => brave_permission_origin_lifetime_monitor.cc} (65%) create mode 100644 browser/permissions/brave_permission_origin_lifetime_monitor.h delete mode 100644 browser/permissions/chrome_permission_origin_lifetime_monitor.h diff --git a/browser/permissions/chrome_permission_origin_lifetime_monitor.cc b/browser/permissions/brave_permission_origin_lifetime_monitor.cc similarity index 65% rename from browser/permissions/chrome_permission_origin_lifetime_monitor.cc rename to browser/permissions/brave_permission_origin_lifetime_monitor.cc index c9ef9f7ef560..1cdde8f98964 100644 --- a/browser/permissions/chrome_permission_origin_lifetime_monitor.cc +++ b/browser/permissions/brave_permission_origin_lifetime_monitor.cc @@ -3,45 +3,41 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this file, * You can obtain one at http://mozilla.org/MPL/2.0/. */ -#include "brave/browser/permissions/chrome_permission_origin_lifetime_monitor.h" +#include "brave/browser/permissions/brave_permission_origin_lifetime_monitor.h" #include #include "base/stl_util.h" -#include "brave/browser/ephemeral_storage/ephemeral_storage_tab_helper.h" -#include "chrome/browser/profiles/profile.h" -#include "content/public/browser/render_frame_host.h" #include "content/public/browser/tld_ephemeral_lifetime.h" -#include "content/public/browser/web_contents.h" #include "net/base/features.h" #include "net/base/url_util.h" namespace permissions { -ChromePermissionOriginLifetimeMonitor::ChromePermissionOriginLifetimeMonitor( - Profile* profile) - : profile_(profile) { - DCHECK(profile_); +BravePermissionOriginLifetimeMonitor::BravePermissionOriginLifetimeMonitor( + content::BrowserContext* browser_context) + : browser_context_(browser_context) { + DCHECK(browser_context_); DCHECK(base::FeatureList::IsEnabled(net::features::kBraveEphemeralStorage)); } -ChromePermissionOriginLifetimeMonitor:: - ~ChromePermissionOriginLifetimeMonitor() = default; +BravePermissionOriginLifetimeMonitor::~BravePermissionOriginLifetimeMonitor() = + default; -void ChromePermissionOriginLifetimeMonitor:: +void BravePermissionOriginLifetimeMonitor:: SetOnPermissionOriginDestroyedCallback( base::RepeatingCallback callback) { permission_destroyed_callback_ = std::move(callback); } std::string -ChromePermissionOriginLifetimeMonitor::SubscribeToPermissionOriginDestruction( +BravePermissionOriginLifetimeMonitor::SubscribeToPermissionOriginDestruction( const GURL& requesting_origin) { DCHECK(permission_destroyed_callback_); std::string storage_domain = net::URLToEphemeralStorageDomain(requesting_origin); auto* tld_ephemeral_lifetime = - content::TLDEphemeralLifetime::Get(profile_, storage_domain); + content::TLDEphemeralLifetime::Get(browser_context_, storage_domain); if (!tld_ephemeral_lifetime) { // If an ephemeral lifetime object doesn't exist, treat a permission origin // as an already destroyed one. @@ -50,14 +46,14 @@ ChromePermissionOriginLifetimeMonitor::SubscribeToPermissionOriginDestruction( if (!base::Contains(active_subscriptions_, storage_domain)) { tld_ephemeral_lifetime->RegisterOnDestroyCallback(base::BindOnce( - &ChromePermissionOriginLifetimeMonitor::OnEphemeralTLDDestroyed, + &BravePermissionOriginLifetimeMonitor::OnEphemeralTLDDestroyed, weak_ptr_factory_.GetWeakPtr())); active_subscriptions_.insert(storage_domain); } return storage_domain; } -void ChromePermissionOriginLifetimeMonitor::OnEphemeralTLDDestroyed( +void BravePermissionOriginLifetimeMonitor::OnEphemeralTLDDestroyed( const std::string& storage_domain) { DCHECK(base::Contains(active_subscriptions_, storage_domain)); active_subscriptions_.erase(storage_domain); diff --git a/browser/permissions/brave_permission_origin_lifetime_monitor.h b/browser/permissions/brave_permission_origin_lifetime_monitor.h new file mode 100644 index 000000000000..29c775bca667 --- /dev/null +++ b/browser/permissions/brave_permission_origin_lifetime_monitor.h @@ -0,0 +1,55 @@ +/* Copyright (c) 2021 The Brave Authors. All rights reserved. + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef BRAVE_BROWSER_PERMISSIONS_BRAVE_PERMISSION_ORIGIN_LIFETIME_MONITOR_H_ +#define BRAVE_BROWSER_PERMISSIONS_BRAVE_PERMISSION_ORIGIN_LIFETIME_MONITOR_H_ + +#include + +#include "base/containers/flat_set.h" +#include "base/memory/weak_ptr.h" +#include "brave/components/permissions/permission_origin_lifetime_monitor.h" + +namespace content { +class BrowserContext; +} // namespace content + +namespace permissions { + +// Uses TLDEphemeralLifetime to observe a permission origin destruction. +class BravePermissionOriginLifetimeMonitor + : public PermissionOriginLifetimeMonitor { + public: + BravePermissionOriginLifetimeMonitor( + content::BrowserContext* browser_context); + BravePermissionOriginLifetimeMonitor( + const BravePermissionOriginLifetimeMonitor&) = delete; + BravePermissionOriginLifetimeMonitor& operator=( + const BravePermissionOriginLifetimeMonitor&) = delete; + ~BravePermissionOriginLifetimeMonitor() override; + + void SetOnPermissionOriginDestroyedCallback( + base::RepeatingCallback callback) override; + // Returns an ephemeral storage domain or an empty string if a storage + // partition for |requesting_origin| doesn't exist. + std::string SubscribeToPermissionOriginDestruction( + const GURL& requesting_origin) override; + + private: + void OnEphemeralTLDDestroyed(const std::string& storage_domain); + + content::BrowserContext* const browser_context_ = nullptr; + + base::RepeatingCallback + permission_destroyed_callback_; + base::flat_set active_subscriptions_; + + base::WeakPtrFactory weak_ptr_factory_{ + this}; +}; + +} // namespace permissions + +#endif // BRAVE_BROWSER_PERMISSIONS_BRAVE_PERMISSION_ORIGIN_LIFETIME_MONITOR_H_ diff --git a/browser/permissions/chrome_permission_origin_lifetime_monitor.h b/browser/permissions/chrome_permission_origin_lifetime_monitor.h deleted file mode 100644 index 3c6ca21c4053..000000000000 --- a/browser/permissions/chrome_permission_origin_lifetime_monitor.h +++ /dev/null @@ -1,45 +0,0 @@ -/* Copyright (c) 2021 The Brave Authors. All rights reserved. - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef BRAVE_BROWSER_PERMISSIONS_CHROME_PERMISSION_ORIGIN_LIFETIME_MONITOR_H_ -#define BRAVE_BROWSER_PERMISSIONS_CHROME_PERMISSION_ORIGIN_LIFETIME_MONITOR_H_ - -#include - -#include "base/containers/flat_set.h" -#include "base/memory/weak_ptr.h" -#include "brave/components/permissions/permission_origin_lifetime_monitor.h" - -class Profile; - -namespace permissions { - -class ChromePermissionOriginLifetimeMonitor - : public PermissionOriginLifetimeMonitor { - public: - ChromePermissionOriginLifetimeMonitor(Profile* profile); - ~ChromePermissionOriginLifetimeMonitor() override; - - void SetOnPermissionOriginDestroyedCallback( - base::RepeatingCallback callback) override; - std::string SubscribeToPermissionOriginDestruction( - const GURL& requesting_origin) override; - - private: - void OnEphemeralTLDDestroyed(const std::string& storage_domain); - - Profile* const profile_ = nullptr; - - base::RepeatingCallback - permission_destroyed_callback_; - base::flat_set active_subscriptions_; - - base::WeakPtrFactory weak_ptr_factory_{ - this}; -}; - -} // namespace permissions - -#endif // BRAVE_BROWSER_PERMISSIONS_CHROME_PERMISSION_ORIGIN_LIFETIME_MONITOR_H_ diff --git a/browser/permissions/permission_lifetime_manager_factory.cc b/browser/permissions/permission_lifetime_manager_factory.cc index 93d27cbb533b..9e79e92f1e8d 100644 --- a/browser/permissions/permission_lifetime_manager_factory.cc +++ b/browser/permissions/permission_lifetime_manager_factory.cc @@ -8,7 +8,7 @@ #include #include -#include "brave/browser/permissions/chrome_permission_origin_lifetime_monitor.h" +#include "brave/browser/permissions/brave_permission_origin_lifetime_monitor.h" #include "brave/components/permissions/permission_lifetime_manager.h" #include "chrome/browser/content_settings/host_content_settings_map_factory.h" #include "chrome/browser/permissions/permission_manager_factory.h" @@ -48,14 +48,14 @@ KeyedService* PermissionLifetimeManagerFactory::BuildServiceInstanceFor( permissions::features::kPermissionLifetime)) { return nullptr; } - auto* profile = Profile::FromBrowserContext(context); std::unique_ptr permission_origin_lifetime_monitor; if (base::FeatureList::IsEnabled(net::features::kBraveEphemeralStorage)) { permission_origin_lifetime_monitor = - std::make_unique( - profile); + std::make_unique( + context); } + auto* profile = Profile::FromBrowserContext(context); return new permissions::PermissionLifetimeManager( HostContentSettingsMapFactory::GetForProfile(context), profile->IsOffTheRecord() ? nullptr : profile->GetPrefs(), diff --git a/browser/permissions/sources.gni b/browser/permissions/sources.gni index 65553f7bb714..3ff5e780670a 100644 --- a/browser/permissions/sources.gni +++ b/browser/permissions/sources.gni @@ -1,6 +1,6 @@ brave_browser_permissions_sources = [ - "//brave/browser/permissions/chrome_permission_origin_lifetime_monitor.cc", - "//brave/browser/permissions/chrome_permission_origin_lifetime_monitor.h", + "//brave/browser/permissions/brave_permission_origin_lifetime_monitor.cc", + "//brave/browser/permissions/brave_permission_origin_lifetime_monitor.h", "//brave/browser/permissions/permission_lifetime_manager_factory.cc", "//brave/browser/permissions/permission_lifetime_manager_factory.h", ] From ea1045342da8097d7ebbd4357166710338e484b7 Mon Sep 17 00:00:00 2001 From: Aleksey Khoroshilov Date: Fri, 2 Apr 2021 19:18:50 +0700 Subject: [PATCH 5/9] Add comments. --- chromium_src/content/browser/tld_ephemeral_lifetime.cc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/chromium_src/content/browser/tld_ephemeral_lifetime.cc b/chromium_src/content/browser/tld_ephemeral_lifetime.cc index f66247eba7ba..6b49c2a9e751 100644 --- a/chromium_src/content/browser/tld_ephemeral_lifetime.cc +++ b/chromium_src/content/browser/tld_ephemeral_lifetime.cc @@ -53,12 +53,14 @@ TLDEphemeralLifetime::~TLDEphemeralLifetime() { active_tld_storage_areas().erase(key_); } +// static TLDEphemeralLifetime* TLDEphemeralLifetime::Get(BrowserContext* browser_context, std::string storage_domain) { const TLDEphemeralLifetimeKey key(browser_context, std::move(storage_domain)); return Get(key); } +// static scoped_refptr TLDEphemeralLifetime::GetOrCreate( BrowserContext* browser_context, StoragePartition* storage_partition, From ae5e8a5a8c910f8f537a210f149f0a24dec76073 Mon Sep 17 00:00:00 2001 From: Aleksey Khoroshilov Date: Mon, 5 Apr 2021 15:27:43 +0700 Subject: [PATCH 6/9] Move permission origin lifetime monitor to components. --- .../permission_lifetime_manager_factory.cc | 4 ++-- browser/permissions/sources.gni | 2 -- components/permissions/DEPS | 1 + .../permission_origin_lifetime_monitor.h | 6 ++--- ...permission_origin_lifetime_monitor_impl.cc | 15 ++++++------ .../permission_origin_lifetime_monitor_impl.h | 24 +++++++++---------- components/permissions/sources.gni | 2 ++ 7 files changed, 27 insertions(+), 27 deletions(-) rename browser/permissions/brave_permission_origin_lifetime_monitor.cc => components/permissions/permission_origin_lifetime_monitor_impl.cc (76%) rename browser/permissions/brave_permission_origin_lifetime_monitor.h => components/permissions/permission_origin_lifetime_monitor_impl.h (61%) diff --git a/browser/permissions/permission_lifetime_manager_factory.cc b/browser/permissions/permission_lifetime_manager_factory.cc index 9e79e92f1e8d..4e5042275ca7 100644 --- a/browser/permissions/permission_lifetime_manager_factory.cc +++ b/browser/permissions/permission_lifetime_manager_factory.cc @@ -8,8 +8,8 @@ #include #include -#include "brave/browser/permissions/brave_permission_origin_lifetime_monitor.h" #include "brave/components/permissions/permission_lifetime_manager.h" +#include "brave/components/permissions/permission_origin_lifetime_monitor_impl.h" #include "chrome/browser/content_settings/host_content_settings_map_factory.h" #include "chrome/browser/permissions/permission_manager_factory.h" #include "chrome/browser/profiles/incognito_helpers.h" @@ -52,7 +52,7 @@ KeyedService* PermissionLifetimeManagerFactory::BuildServiceInstanceFor( permission_origin_lifetime_monitor; if (base::FeatureList::IsEnabled(net::features::kBraveEphemeralStorage)) { permission_origin_lifetime_monitor = - std::make_unique( + std::make_unique( context); } auto* profile = Profile::FromBrowserContext(context); diff --git a/browser/permissions/sources.gni b/browser/permissions/sources.gni index 3ff5e780670a..b03c17c25b4b 100644 --- a/browser/permissions/sources.gni +++ b/browser/permissions/sources.gni @@ -1,6 +1,4 @@ brave_browser_permissions_sources = [ - "//brave/browser/permissions/brave_permission_origin_lifetime_monitor.cc", - "//brave/browser/permissions/brave_permission_origin_lifetime_monitor.h", "//brave/browser/permissions/permission_lifetime_manager_factory.cc", "//brave/browser/permissions/permission_lifetime_manager_factory.h", ] diff --git a/components/permissions/DEPS b/components/permissions/DEPS index d47bdf490639..8cd9f4d2f82b 100644 --- a/components/permissions/DEPS +++ b/components/permissions/DEPS @@ -3,5 +3,6 @@ include_rules = [ "+components/keyed_service/core", "+components/permissions", "+components/pref_registry", + "+content/public/browser", "+services/preferences/public/cpp", ] diff --git a/components/permissions/permission_origin_lifetime_monitor.h b/components/permissions/permission_origin_lifetime_monitor.h index 25940195be24..04d3efbe0a9e 100644 --- a/components/permissions/permission_origin_lifetime_monitor.h +++ b/components/permissions/permission_origin_lifetime_monitor.h @@ -24,9 +24,9 @@ class PermissionOriginLifetimeMonitor { virtual void SetOnPermissionOriginDestroyedCallback( base::RepeatingCallback callback) = 0; - // Subscribe to a permission origin destruction. Returns a string key which - // will be used in a callback. An empty key can be returned if a permission - // origin can not be observed. + // Subscribe to a permission origin destruction. Returns an ephemeral storage + // domain or an empty string if a storage partition for |requesting_origin| + // doesn't exist. Returned string will be used in a callback. virtual std::string SubscribeToPermissionOriginDestruction( const GURL& requesting_origin) = 0; }; diff --git a/browser/permissions/brave_permission_origin_lifetime_monitor.cc b/components/permissions/permission_origin_lifetime_monitor_impl.cc similarity index 76% rename from browser/permissions/brave_permission_origin_lifetime_monitor.cc rename to components/permissions/permission_origin_lifetime_monitor_impl.cc index 1cdde8f98964..9a80ee078d5e 100644 --- a/browser/permissions/brave_permission_origin_lifetime_monitor.cc +++ b/components/permissions/permission_origin_lifetime_monitor_impl.cc @@ -3,7 +3,7 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this file, * You can obtain one at http://mozilla.org/MPL/2.0/. */ -#include "brave/browser/permissions/brave_permission_origin_lifetime_monitor.h" +#include "brave/components/permissions/permission_origin_lifetime_monitor_impl.h" #include @@ -14,24 +14,24 @@ namespace permissions { -BravePermissionOriginLifetimeMonitor::BravePermissionOriginLifetimeMonitor( +PermissionOriginLifetimeMonitorImpl::PermissionOriginLifetimeMonitorImpl( content::BrowserContext* browser_context) : browser_context_(browser_context) { DCHECK(browser_context_); DCHECK(base::FeatureList::IsEnabled(net::features::kBraveEphemeralStorage)); } -BravePermissionOriginLifetimeMonitor::~BravePermissionOriginLifetimeMonitor() = +PermissionOriginLifetimeMonitorImpl::~PermissionOriginLifetimeMonitorImpl() = default; -void BravePermissionOriginLifetimeMonitor:: +void PermissionOriginLifetimeMonitorImpl:: SetOnPermissionOriginDestroyedCallback( base::RepeatingCallback callback) { permission_destroyed_callback_ = std::move(callback); } std::string -BravePermissionOriginLifetimeMonitor::SubscribeToPermissionOriginDestruction( +PermissionOriginLifetimeMonitorImpl::SubscribeToPermissionOriginDestruction( const GURL& requesting_origin) { DCHECK(permission_destroyed_callback_); std::string storage_domain = @@ -39,6 +39,7 @@ BravePermissionOriginLifetimeMonitor::SubscribeToPermissionOriginDestruction( auto* tld_ephemeral_lifetime = content::TLDEphemeralLifetime::Get(browser_context_, storage_domain); if (!tld_ephemeral_lifetime) { + DCHECK(!base::Contains(active_subscriptions_, storage_domain)); // If an ephemeral lifetime object doesn't exist, treat a permission origin // as an already destroyed one. return std::string(); @@ -46,14 +47,14 @@ BravePermissionOriginLifetimeMonitor::SubscribeToPermissionOriginDestruction( if (!base::Contains(active_subscriptions_, storage_domain)) { tld_ephemeral_lifetime->RegisterOnDestroyCallback(base::BindOnce( - &BravePermissionOriginLifetimeMonitor::OnEphemeralTLDDestroyed, + &PermissionOriginLifetimeMonitorImpl::OnEphemeralTLDDestroyed, weak_ptr_factory_.GetWeakPtr())); active_subscriptions_.insert(storage_domain); } return storage_domain; } -void BravePermissionOriginLifetimeMonitor::OnEphemeralTLDDestroyed( +void PermissionOriginLifetimeMonitorImpl::OnEphemeralTLDDestroyed( const std::string& storage_domain) { DCHECK(base::Contains(active_subscriptions_, storage_domain)); active_subscriptions_.erase(storage_domain); diff --git a/browser/permissions/brave_permission_origin_lifetime_monitor.h b/components/permissions/permission_origin_lifetime_monitor_impl.h similarity index 61% rename from browser/permissions/brave_permission_origin_lifetime_monitor.h rename to components/permissions/permission_origin_lifetime_monitor_impl.h index 29c775bca667..66a43c5af134 100644 --- a/browser/permissions/brave_permission_origin_lifetime_monitor.h +++ b/components/permissions/permission_origin_lifetime_monitor_impl.h @@ -3,8 +3,8 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this file, * You can obtain one at http://mozilla.org/MPL/2.0/. */ -#ifndef BRAVE_BROWSER_PERMISSIONS_BRAVE_PERMISSION_ORIGIN_LIFETIME_MONITOR_H_ -#define BRAVE_BROWSER_PERMISSIONS_BRAVE_PERMISSION_ORIGIN_LIFETIME_MONITOR_H_ +#ifndef BRAVE_COMPONENTS_PERMISSIONS_PERMISSION_ORIGIN_LIFETIME_MONITOR_IMPL_H_ +#define BRAVE_COMPONENTS_PERMISSIONS_PERMISSION_ORIGIN_LIFETIME_MONITOR_IMPL_H_ #include @@ -19,21 +19,19 @@ class BrowserContext; namespace permissions { // Uses TLDEphemeralLifetime to observe a permission origin destruction. -class BravePermissionOriginLifetimeMonitor +class PermissionOriginLifetimeMonitorImpl : public PermissionOriginLifetimeMonitor { public: - BravePermissionOriginLifetimeMonitor( + explicit PermissionOriginLifetimeMonitorImpl( content::BrowserContext* browser_context); - BravePermissionOriginLifetimeMonitor( - const BravePermissionOriginLifetimeMonitor&) = delete; - BravePermissionOriginLifetimeMonitor& operator=( - const BravePermissionOriginLifetimeMonitor&) = delete; - ~BravePermissionOriginLifetimeMonitor() override; + PermissionOriginLifetimeMonitorImpl( + const PermissionOriginLifetimeMonitorImpl&) = delete; + PermissionOriginLifetimeMonitorImpl& operator=( + const PermissionOriginLifetimeMonitorImpl&) = delete; + ~PermissionOriginLifetimeMonitorImpl() override; void SetOnPermissionOriginDestroyedCallback( base::RepeatingCallback callback) override; - // Returns an ephemeral storage domain or an empty string if a storage - // partition for |requesting_origin| doesn't exist. std::string SubscribeToPermissionOriginDestruction( const GURL& requesting_origin) override; @@ -46,10 +44,10 @@ class BravePermissionOriginLifetimeMonitor permission_destroyed_callback_; base::flat_set active_subscriptions_; - base::WeakPtrFactory weak_ptr_factory_{ + base::WeakPtrFactory weak_ptr_factory_{ this}; }; } // namespace permissions -#endif // BRAVE_BROWSER_PERMISSIONS_BRAVE_PERMISSION_ORIGIN_LIFETIME_MONITOR_H_ +#endif // BRAVE_COMPONENTS_PERMISSIONS_PERMISSION_ORIGIN_LIFETIME_MONITOR_IMPL_H_ diff --git a/components/permissions/sources.gni b/components/permissions/sources.gni index 90a51a00973d..b46788cd6689 100644 --- a/components/permissions/sources.gni +++ b/components/permissions/sources.gni @@ -11,6 +11,8 @@ brave_components_permissions_sources = [ "//brave/components/permissions/permission_lifetime_utils.cc", "//brave/components/permissions/permission_lifetime_utils.h", "//brave/components/permissions/permission_origin_lifetime_monitor.h", + "//brave/components/permissions/permission_origin_lifetime_monitor_impl.cc", + "//brave/components/permissions/permission_origin_lifetime_monitor_impl.h", "//brave/components/permissions/permission_origins.cc", "//brave/components/permissions/permission_origins.h", ] From 1a0dc91b350e23ed367256370d9b27a3c5cd9978 Mon Sep 17 00:00:00 2001 From: Aleksey Khoroshilov Date: Fri, 9 Apr 2021 16:02:47 +0700 Subject: [PATCH 7/9] Add @akhoroshilov to permissions codeowners. --- .github/CODEOWNERS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 6541c19fffe1..28d75f9c6c57 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -69,6 +69,10 @@ components/weekly_storage/ @iefremov # Perf predictor components/brave_perf_predictor/ @iefremov +# Permissions +browser/permissions/ @akhoroshilov +components/permissions/ @akhoroshilov + # Java patching build/android/bytecode/ @samartnik patches/*.java.patch @samartnik From 076f42b2589931eb5465d94730885ac820e44061 Mon Sep 17 00:00:00 2001 From: Aleksey Khoroshilov Date: Fri, 9 Apr 2021 16:29:48 +0700 Subject: [PATCH 8/9] Pass some args as const ref. --- .../ephemeral_storage_tab_helper.cc | 6 +++--- .../ephemeral_storage_tab_helper.h | 2 +- .../content/browser/tld_ephemeral_lifetime.cc | 18 +++++++++--------- .../public/browser/tld_ephemeral_lifetime.h | 6 +++--- .../permissions/permission_expirations.cc | 4 ++-- .../permissions/permission_expirations.h | 2 +- 6 files changed, 19 insertions(+), 19 deletions(-) diff --git a/browser/ephemeral_storage/ephemeral_storage_tab_helper.cc b/browser/ephemeral_storage/ephemeral_storage_tab_helper.cc index 194ed33a67b0..278757b95844 100644 --- a/browser/ephemeral_storage/ephemeral_storage_tab_helper.cc +++ b/browser/ephemeral_storage/ephemeral_storage_tab_helper.cc @@ -82,11 +82,11 @@ void EphemeralStorageTabHelper::ReadyToCommitNavigation( if (new_domain == previous_domain) return; - CreateEphemeralStorageAreasForDomainAndURL(std::move(new_domain), new_url); + CreateEphemeralStorageAreasForDomainAndURL(new_domain, new_url); } void EphemeralStorageTabHelper::CreateEphemeralStorageAreasForDomainAndURL( - std::string new_domain, + const std::string& new_domain, const GURL& new_url) { if (new_url.is_empty()) return; @@ -145,7 +145,7 @@ void EphemeralStorageTabHelper::CreateEphemeralStorageAreasForDomainAndURL( } tld_ephemeral_lifetime_ = content::TLDEphemeralLifetime::GetOrCreate( - browser_context, partition, std::move(new_domain)); + browser_context, partition, new_domain); } // static diff --git a/browser/ephemeral_storage/ephemeral_storage_tab_helper.h b/browser/ephemeral_storage/ephemeral_storage_tab_helper.h index 649cecc3b429..26048c6e8801 100644 --- a/browser/ephemeral_storage/ephemeral_storage_tab_helper.h +++ b/browser/ephemeral_storage/ephemeral_storage_tab_helper.h @@ -40,7 +40,7 @@ class EphemeralStorageTabHelper content::NavigationHandle* navigation_handle) override; private: - void CreateEphemeralStorageAreasForDomainAndURL(std::string new_domain, + void CreateEphemeralStorageAreasForDomainAndURL(const std::string& new_domain, const GURL& new_url); friend class content::WebContentsUserData; diff --git a/chromium_src/content/browser/tld_ephemeral_lifetime.cc b/chromium_src/content/browser/tld_ephemeral_lifetime.cc index 6b49c2a9e751..c677fcc519bf 100644 --- a/chromium_src/content/browser/tld_ephemeral_lifetime.cc +++ b/chromium_src/content/browser/tld_ephemeral_lifetime.cc @@ -28,9 +28,9 @@ TLDEphemeralLifetimeMap& active_tld_storage_areas() { } // namespace -TLDEphemeralLifetime::TLDEphemeralLifetime(TLDEphemeralLifetimeKey key, +TLDEphemeralLifetime::TLDEphemeralLifetime(const TLDEphemeralLifetimeKey& key, StoragePartition* storage_partition) - : key_(std::move(key)), storage_partition_(storage_partition) { + : key_(key), storage_partition_(storage_partition) { DCHECK(active_tld_storage_areas().find(key_) == active_tld_storage_areas().end()); DCHECK(storage_partition_); @@ -54,9 +54,10 @@ TLDEphemeralLifetime::~TLDEphemeralLifetime() { } // static -TLDEphemeralLifetime* TLDEphemeralLifetime::Get(BrowserContext* browser_context, - std::string storage_domain) { - const TLDEphemeralLifetimeKey key(browser_context, std::move(storage_domain)); +TLDEphemeralLifetime* TLDEphemeralLifetime::Get( + BrowserContext* browser_context, + const std::string& storage_domain) { + const TLDEphemeralLifetimeKey key(browser_context, storage_domain); return Get(key); } @@ -64,14 +65,13 @@ TLDEphemeralLifetime* TLDEphemeralLifetime::Get(BrowserContext* browser_context, scoped_refptr TLDEphemeralLifetime::GetOrCreate( BrowserContext* browser_context, StoragePartition* storage_partition, - std::string storage_domain) { - TLDEphemeralLifetimeKey key(browser_context, std::move(storage_domain)); + const std::string& storage_domain) { + const TLDEphemeralLifetimeKey key(browser_context, storage_domain); if (scoped_refptr existing = Get(key)) { return existing; } - return base::MakeRefCounted(std::move(key), - storage_partition); + return base::MakeRefCounted(key, storage_partition); } // static diff --git a/chromium_src/content/public/browser/tld_ephemeral_lifetime.h b/chromium_src/content/public/browser/tld_ephemeral_lifetime.h index 09e22b239aea..9802eb386dd0 100644 --- a/chromium_src/content/public/browser/tld_ephemeral_lifetime.h +++ b/chromium_src/content/public/browser/tld_ephemeral_lifetime.h @@ -41,14 +41,14 @@ class CONTENT_EXPORT TLDEphemeralLifetime public: using OnDestroyCallback = base::OnceCallback; - TLDEphemeralLifetime(TLDEphemeralLifetimeKey key, + TLDEphemeralLifetime(const TLDEphemeralLifetimeKey& key, StoragePartition* storage_partition); static TLDEphemeralLifetime* Get(BrowserContext* browser_context, - std::string storage_domain); + const std::string& storage_domain); static scoped_refptr GetOrCreate( BrowserContext* browser_context, StoragePartition* storage_partition, - std::string storage_domain); + const std::string& storage_domain); // Add a callback to a callback list to be called on destruction. void RegisterOnDestroyCallback(OnDestroyCallback callback); diff --git a/components/permissions/permission_expirations.cc b/components/permissions/permission_expirations.cc index 18b9309f90e8..690600317885 100644 --- a/components/permissions/permission_expirations.cc +++ b/components/permissions/permission_expirations.cc @@ -130,13 +130,13 @@ PermissionExpirations::RemoveExpiredPermissions(base::Time current_time) { } PermissionExpirations::ExpiredPermissions -PermissionExpirations::RemoveExpiredPermissions(std::string domain) { +PermissionExpirations::RemoveExpiredPermissions(const std::string& domain) { return RemoveExpiredPermissionsImpl(base::BindRepeating( [](const PermissionExpirationKey& expiration_key, const PermissionExpirations::KeyExpirationsMap& key_expirations) { return key_expirations.equal_range(expiration_key); }, - PermissionExpirationKey(std::move(domain)))); + PermissionExpirationKey(domain))); } PermissionExpirations::ExpiredPermissions diff --git a/components/permissions/permission_expirations.h b/components/permissions/permission_expirations.h index d5c4554c0d2d..1c23b36841c3 100644 --- a/components/permissions/permission_expirations.h +++ b/components/permissions/permission_expirations.h @@ -55,7 +55,7 @@ class PermissionExpirations { // Remove expired permissions with expiration_time >= |current_time|. ExpiredPermissions RemoveExpiredPermissions(base::Time current_time); // Remove expired permissions with exact |domain|. - ExpiredPermissions RemoveExpiredPermissions(std::string domain); + ExpiredPermissions RemoveExpiredPermissions(const std::string& domain); // Remove expired permissions with a domain as a key. ExpiredPermissions RemoveAllDomainPermissions(); From 58370b1144a956cbb5f50835e18fd67791082bdf Mon Sep 17 00:00:00 2001 From: Aleksey Khoroshilov Date: Tue, 13 Apr 2021 14:58:56 +0700 Subject: [PATCH 9/9] Narrow down CODEOWNERS to lifetime/expiration files. --- .github/CODEOWNERS | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 28d75f9c6c57..51b12449a6bc 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -70,8 +70,10 @@ components/weekly_storage/ @iefremov components/brave_perf_predictor/ @iefremov # Permissions -browser/permissions/ @akhoroshilov -components/permissions/ @akhoroshilov +browser/permissions/**/*expiration* @goodov +browser/permissions/**/*lifetime* @goodov +components/permissions/**/*expiration* @goodov +components/permissions/**/*lifetime* @goodov # Java patching build/android/bytecode/ @samartnik