chromium/src
0
Fork 0
Code Activity

Classify UMA data for extension messaging user activation triggering.

Browse Source 
Split the UMA entry for extension messaging user activation triggering
into four classes, based on whether the script contexts of the sender
and the receiver are privileged or not.

Bug: 1103249, 1047473
Change-Id: Ib23bf2e9427d2b836cdc21c1cf9ebbd685e27299
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2461251
Commit-Queue: Mustaq Ahmed <mustaq@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Mustaq Ahmed <mustaq@chromium.org>
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#817247}
This commit is contained in:
Mustaq Ahmed
2020-10-14 23:03:43 +00:00
committed by Commit Bot
parent 3e311f8f53
commit 15f771dc66
6 changed files with 75 additions and 17 deletions
extensions
common
api
messaging
message.h
renderer
messaging_util.ccmessaging_util.hnative_renderer_messaging_service.cc
third_party/blink/public/mojom/frame
user_activation_notification_type.mojom
tools/metrics/histograms
enums.xml

15
extensions/common/api/messaging/message.h

@ -10,13 +10,20 @@ namespace extensions {
// A message consists of both the data itself as well as a user gesture state.
struct Message {
std::string data;
bool user_gesture;
bool user_gesture = false;
bool from_privileged_context = false;
Message() : data(), user_gesture(false) {}
Message(const std::string& data, bool user_gesture)
: data(data), user_gesture(user_gesture) {}
Message() = default;
Message(const std::string& data,
bool user_gesture,
bool from_privileged_context = false)
: data(data),
user_gesture(user_gesture),
from_privileged_context(from_privileged_context) {}
bool operator==(const Message& other) const {
// Skipping the equality check for |from_privileged_context| here
// because this field is used only for histograms.
return data == other.data && user_gesture == other.user_gesture;
}
};

19
extensions/renderer/messaging_util.cc

@ -81,14 +81,18 @@ std::unique_ptr<Message> MessageFromV8(v8::Local<v8::Context> context,
ScriptContext* script_context = GetScriptContextFromV8Context(context);
blink::WebLocalFrame* web_frame =
script_context ? script_context->web_frame() : nullptr;
return MessageFromJSONString(isolate, stringified, error_out, web_frame);
bool privileged_context =
script_context && script_context->context_type() ==
extensions::Feature::BLESSED_EXTENSION_CONTEXT;
return MessageFromJSONString(isolate, stringified, error_out, web_frame,
privileged_context);
}
std::unique_ptr<Message> MessageFromJSONString(
v8::Isolate* isolate,
v8::Local<v8::String> json,
std::string* error_out,
blink::WebLocalFrame* web_frame) {
std::unique_ptr<Message> MessageFromJSONString(v8::Isolate* isolate,
v8::Local<v8::String> json,
std::string* error_out,
blink::WebLocalFrame* web_frame,
bool privileged_context) {
std::string message;
message = gin::V8ToString(isolate, json);
// JSON.stringify can fail to produce a string value in one of two ways: it
@ -122,7 +126,8 @@ std::unique_ptr<Message> MessageFromJSONString(
bool has_transient_user_activation =
web_frame ? web_frame->HasTransientUserActivation() : false;
return std::make_unique<Message>(message, has_transient_user_activation);
return std::make_unique<Message>(message, has_transient_user_activation,
privileged_context);
}
v8::Local<v8::Value> MessageToV8(v8::Local<v8::Context> context,

3
extensions/renderer/messaging_util.h

@ -44,7 +44,8 @@ std::unique_ptr<Message> MessageFromV8(v8::Local<v8::Context> context,
std::unique_ptr<Message> MessageFromJSONString(v8::Isolate* isolate,
v8::Local<v8::String> json,
std::string* error,
blink::WebLocalFrame* web_frame);
blink::WebLocalFrame* web_frame,
bool privileged_context);
// Converts a message to a v8 value. This is expected not to fail, since it
// should only be used for messages that have been validated.

26
extensions/renderer/native_renderer_messaging_service.cc

@ -20,6 +20,7 @@
#include "extensions/common/api/messaging/messaging_endpoint.h"
#include "extensions/common/api/messaging/port_id.h"
#include "extensions/common/extension_messages.h"
#include "extensions/common/features/feature.h"
#include "extensions/common/manifest_handlers/externally_connectable.h"
#include "extensions/renderer/api_activity_logger.h"
#include "extensions/renderer/bindings/api_binding_util.h"
@ -41,6 +42,8 @@
#include "third_party/blink/public/web/web_scoped_window_focus_allowed_indicator.h"
#include "v8/include/v8.h"
using blink::mojom::UserActivationNotificationType;
namespace extensions {
namespace {
@ -317,9 +320,26 @@ void NativeRendererMessagingService::DeliverMessageToScriptContext(
std::unique_ptr<blink::WebScopedWindowFocusAllowedIndicator>
allow_window_focus;
if (message.user_gesture && script_context->web_frame()) {
// TODO(mustaq): Split this further for trusted/untrusted cases.
script_context->web_frame()->NotifyUserActivation(
blink::mojom::UserActivationNotificationType::kExtensionMessaging);
bool sender_is_privileged = message.from_privileged_context;
bool receiver_is_privileged =
script_context->context_type() ==
extensions::Feature::BLESSED_EXTENSION_CONTEXT;
UserActivationNotificationType notification_type;
if (sender_is_privileged && receiver_is_privileged) {
notification_type =
UserActivationNotificationType::kExtensionMessagingBothPrivileged;
} else if (sender_is_privileged && !receiver_is_privileged) {
notification_type =
UserActivationNotificationType::kExtensionMessagingSenderPrivileged;
} else if (!sender_is_privileged && receiver_is_privileged) {
notification_type =
UserActivationNotificationType::kExtensionMessagingReceiverPrivileged;
} else /* !sender_is_privileged && !receiver_is_privileged */ {
notification_type =
UserActivationNotificationType::kExtensionMessagingNeitherPrivileged;
}
script_context->web_frame()->NotifyUserActivation(notification_type);
blink::WebDocument document = script_context->web_frame()->GetDocument();
allow_window_focus =

25
third_party/blink/public/mojom/frame/user_activation_notification_type.mojom vendored

@ -24,7 +24,9 @@ enum UserActivationNotificationType {
// An extension API caused the notification call through GuestView.
kExtensionGuestView,
// An extension messaging API caused the notification call.
// An extension messaging API caused the notification call. This enum value
// is deprecated by more specific enums kExtensionMessaging* below, we are
// preserving this enum value only for UMA consistency.
kExtensionMessaging,
// A media API caused the notification call.
@ -47,5 +49,24 @@ enum UserActivationNotificationType {
kWebScriptExec,
// Android voice search API caused the notification call.
kVoiceSearch
kVoiceSearch,
// An extension messaging API caused the notification call, where the script
// contexts of both the sender and the receiver of the message are privileged.
kExtensionMessagingBothPrivileged,
// An extension messaging API caused the notification call, where the script
// context of only the sender (and not the receiver) of the message is
// privileged.
kExtensionMessagingSenderPrivileged,
// An extension messaging API caused the notification call, where the script
// context of only the receiver (and not the sender) of the message is
// privileged.
kExtensionMessagingReceiverPrivileged,
// An extension messaging API caused the notification call, where the script
// context of neither the sender nor the receiver of the message is
// privileged.
kExtensionMessagingNeitherPrivileged
};

4
tools/metrics/histograms/enums.xml

@ -73450,6 +73450,10 @@ Full version information for the fingerprint enum values:
<int value="9" label="kTest"/>
<int value="10" label="kWebScriptExec"/>
<int value="11" label="kVoiceSearch"/>
<int value="12" label="kExtensionMessagingBothPrivileged"/>
<int value="13" label="kExtensionMessagingSenderPrivileged"/>
<int value="14" label="kExtensionMessagingReceiverPrivileged"/>
<int value="15" label="kExtensionMessagingNeitherPrivileged"/>
</enum>
<enum name="UserCertContentDisposition">