OOR-CORS: Move chrome specific origin permission code to ExtensionsClient

Now Chrome specific origin permissions are handled in
extensions::DispatcherDelegate implementation in chrome/renderer/extensions.
To share this code with new callers in browser process, this change moves
the method to ExtensionsClient so that browser side callers can call it.

Bug: 870172
Change-Id: I0a55bd41b0eccb3450c7b6b32bc1fa5105ac3856
Reviewed-on: https://chromium-review.googlesource.com/c/1314018
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#606361}

chrome/common/extensions/chrome_extensions_client.cc

@@ -19,6 +19,7 @@
 #include "chrome/common/extensions/chrome_extensions_api_provider.h"
 #include "chrome/common/extensions/manifest_handlers/theme_handler.h"
 #include "chrome/common/url_constants.h"
+#include "chrome/common/webui_url_constants.h"
 #include "chrome/grit/chromium_strings.h"
 #include "components/version_info/version_info.h"
 #include "content/public/common/url_constants.h"
@@ -29,9 +30,11 @@
 #include "extensions/common/extension_icon_set.h"
 #include "extensions/common/extension_urls.h"
 #include "extensions/common/features/feature_channel.h"
+#include "extensions/common/manifest.h"
 #include "extensions/common/manifest_constants.h"
 #include "extensions/common/manifest_handlers/icons_handler.h"
 #include "extensions/common/permissions/api_permission_set.h"
+#include "extensions/common/permissions/permissions_data.h"
 #include "extensions/common/url_pattern.h"
 #include "extensions/common/url_pattern_set.h"
 #include "ui/base/l10n/l10n_util.h"
@@ -265,4 +268,37 @@ std::string ChromeExtensionsClient::GetUserAgent() const {
   return ::GetUserAgent();
 }
 
+void ChromeExtensionsClient::AddOriginAccessPermissions(
+    const Extension& extension,
+    bool is_extension_active,
+    std::vector<network::mojom::CorsOriginPatternPtr>* origin_patterns) const {
+  // Allow component extensions to access chrome://theme/.
+  //
+  // We don't want to grant these permissions to inactive component extensions,
+  // to avoid granting them in "unblessed" (non-extension) processes.  If a
+  // component extension somehow starts as inactive and becomes active later,
+  // we'll re-init the origin permissions, so there's no danger in being
+  // conservative. Components shouldn't be subject to enterprise policy controls
+  // or blocking access to the webstore so they get the highest priority
+  // allowlist entry.
+  if (extensions::Manifest::IsComponentLocation(extension.location()) &&
+      is_extension_active) {
+    origin_patterns->push_back(network::mojom::CorsOriginPattern::New(
+        content::kChromeUIScheme, chrome::kChromeUIThemeHost,
+        false /*allow_destination_subdomains*/,
+        network::mojom::CORSOriginAccessMatchPriority::kMaxPriority));
+  }
+
+  // TODO(jstritar): We should try to remove this special case. Also, these
+  // whitelist entries need to be updated when the kManagement permission
+  // changes.
+  if (is_extension_active && extension.permissions_data()->HasAPIPermission(
+                                 extensions::APIPermission::kManagement)) {
+    origin_patterns->push_back(network::mojom::CorsOriginPattern::New(
+        content::kChromeUIScheme, chrome::kChromeUIExtensionIconHost,
+        false /*allow_destination_subdomains*/,
+        network::mojom::CORSOriginAccessMatchPriority::kDefaultPriority));
+  }
+}
+
 }  // namespace extensions

chrome/common/extensions/chrome_extensions_client.h

@@ -47,6 +47,11 @@ class ChromeExtensionsClient : public ExtensionsClient {
       const Extension* extension) override;
   bool ExtensionAPIEnabledInExtensionServiceWorkers() const override;
   std::string GetUserAgent() const override;
+  void AddOriginAccessPermissions(
+      const Extension& extension,
+      bool is_extension_active,
+      std::vector<network::mojom::CorsOriginPatternPtr>* origin_patterns)
+      const override;
 
  private:
   const ChromePermissionMessageProvider permission_message_provider_;

chrome/renderer/BUILD.gn

@@ -360,6 +360,7 @@ jumbo_static_library("renderer") {
       "//media/cast:net",
       "//media/cast:receiver",
       "//media/cast:sender",
+      "//services/network/public/cpp",
     ]
     public_deps = [
       "//ipc",

chrome/renderer/extensions/chrome_extensions_dispatcher_delegate.cc

@@ -13,7 +13,6 @@
 #include "chrome/common/channel_info.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/crash_keys.h"
-#include "chrome/common/url_constants.h"
 #include "chrome/grit/renderer_resources.h"
 #include "chrome/renderer/extensions/app_bindings.h"
 #include "chrome/renderer/extensions/app_hooks_delegate.h"
@@ -35,7 +34,6 @@
 #include "extensions/common/features/feature_channel.h"
 #include "extensions/common/permissions/manifest_permission_set.h"
 #include "extensions/common/permissions/permission_set.h"
-#include "extensions/common/permissions/permissions_data.h"
 #include "extensions/common/switches.h"
 #include "extensions/renderer/bindings/api_bindings_system.h"
 #include "extensions/renderer/css_native_handler.h"
@@ -65,40 +63,6 @@ ChromeExtensionsDispatcherDelegate::ChromeExtensionsDispatcherDelegate() {
 ChromeExtensionsDispatcherDelegate::~ChromeExtensionsDispatcherDelegate() {
 }
 
-void ChromeExtensionsDispatcherDelegate::AddOriginAccessPermissions(
-    const extensions::Extension& extension,
-    bool is_extension_active) {
-  // Allow component extensions to access chrome://theme/.
-  //
-  // We don't want to grant these permissions to inactive component extensions,
-  // to avoid granting them in "unblessed" (non-extension) processes.  If a
-  // component extension somehow starts as inactive and becomes active later,
-  // we'll re-init the origin permissions, so there's no danger in being
-  // conservative. Components shouldn't be subject to enterprise policy controls
-  // or blocking access to the webstore so they get the highest priority
-  // allowlist entry.
-  if (extensions::Manifest::IsComponentLocation(extension.location()) &&
-      is_extension_active) {
-    blink::WebSecurityPolicy::AddOriginAccessAllowListEntry(
-        extension.url(), blink::WebString::FromUTF8(content::kChromeUIScheme),
-        blink::WebString::FromUTF8(chrome::kChromeUIThemeHost),
-        false /*allow_destination_subdomains*/,
-        network::mojom::CORSOriginAccessMatchPriority::kMaxPriority);
-  }
-
-  // TODO(jstritar): We should try to remove this special case. Also, these
-  // whitelist entries need to be updated when the kManagement permission
-  // changes.
-  if (is_extension_active && extension.permissions_data()->HasAPIPermission(
-                                 extensions::APIPermission::kManagement)) {
-    blink::WebSecurityPolicy::AddOriginAccessAllowListEntry(
-        extension.url(), blink::WebString::FromUTF8(content::kChromeUIScheme),
-        blink::WebString::FromUTF8(chrome::kChromeUIExtensionIconHost),
-        false /*allow_destination_subdomains*/,
-        network::mojom::CORSOriginAccessMatchPriority::kDefaultPriority);
-  }
-}
-
 void ChromeExtensionsDispatcherDelegate::RegisterNativeHandlers(
     extensions::Dispatcher* dispatcher,
     extensions::ModuleSystem* module_system,

chrome/renderer/extensions/chrome_extensions_dispatcher_delegate.h

@@ -16,8 +16,6 @@ class ChromeExtensionsDispatcherDelegate
 
  private:
   // extensions::DispatcherDelegate implementation.
-  void AddOriginAccessPermissions(const extensions::Extension& extension,
-                                  bool is_extension_active) override;
   void RegisterNativeHandlers(
       extensions::Dispatcher* dispatcher,
       extensions::ModuleSystem* module_system,

extensions/common/extensions_client.cc

@@ -109,6 +109,11 @@ std::string ExtensionsClient::GetUserAgent() const {
   return std::string();
 }
 
+void ExtensionsClient::AddOriginAccessPermissions(
+    const Extension& extension,
+    bool is_extension_active,
+    std::vector<network::mojom::CorsOriginPatternPtr>* origin_patterns) const {}
+
 void ExtensionsClient::DoInitialize() {
   initialize_called_ = true;
 

extensions/common/extensions_client.h

@@ -12,6 +12,7 @@
 
 #include "base/strings/string_piece.h"
 #include "extensions/common/permissions/api_permission_set.h"
+#include "services/network/public/mojom/cors_origin_pattern.mojom.h"
 
 class GURL;
 
@@ -150,6 +151,13 @@ class ExtensionsClient {
   // Returns the user agent used by the content module.
   virtual std::string GetUserAgent() const;
 
+  // Adds client specific permitted origins to |origin_patterns| for
+  // cross-origin communication for an extension context.
+  virtual void AddOriginAccessPermissions(
+      const Extension& extension,
+      bool is_extension_active,
+      std::vector<network::mojom::CorsOriginPatternPtr>* origin_patterns) const;
+
  private:
   // Performs common initialization and calls Initialize() to allow subclasses
   // to do any extra initialization.

extensions/renderer/dispatcher.cc

@@ -38,6 +38,7 @@
 #include "extensions/common/extension_features.h"
 #include "extensions/common/extension_messages.h"
 #include "extensions/common/extension_urls.h"
+#include "extensions/common/extensions_client.h"
 #include "extensions/common/features/behavior_feature.h"
 #include "extensions/common/features/feature.h"
 #include "extensions/common/features/feature_channel.h"
@@ -1214,12 +1215,11 @@ void Dispatcher::UpdateOriginPermissions(const Extension& extension) {
   // Remove all old patterns associated with this extension.
   WebSecurityPolicy::ClearOriginAccessListForOrigin(extension.url());
 
-  // TODO(toyoshim): Change this delegate call to be available even from the
+  std::vector<network::mojom::CorsOriginPatternPtr> allow_list =
-  // browser process.
+      CreateCorsOriginAccessAllowList(extension);
-  delegate_->AddOriginAccessPermissions(extension,
+  ExtensionsClient::Get()->AddOriginAccessPermissions(
-                                        IsExtensionActive(extension.id()));
+      extension, IsExtensionActive(extension.id()), &allow_list);
-
+  for (const auto& entry : allow_list) {
-  for (const auto& entry : CreateCorsOriginAccessAllowList(extension)) {
     WebSecurityPolicy::AddOriginAccessAllowListEntry(
         extension.url(), WebString::FromUTF8(entry->protocol),
         WebString::FromUTF8(entry->domain), entry->allow_subdomains,

extensions/renderer/dispatcher_delegate.h

@@ -10,7 +10,6 @@
 
 namespace extensions {
 class Dispatcher;
-class Extension;
 class ExtensionBindingsSystem;
 class ModuleSystem;
 class NativeExtensionBindingsSystem;
@@ -24,11 +23,6 @@ class DispatcherDelegate {
  public:
   virtual ~DispatcherDelegate() {}
 
-  // Adds any allowlisted entries for cross-origin communication for a newly
-  // created extension context.
-  virtual void AddOriginAccessPermissions(const Extension& extension,
-                                          bool is_extension_active) {}
-
   // Includes additional native handlers in a ScriptContext's ModuleSystem.
   virtual void RegisterNativeHandlers(Dispatcher* dispatcher,
                                       ModuleSystem* module_system,