github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-04-10 03:01:51 -04:00
Code Issues Packages Projects Releases Wiki Activity

refactor: use ElectronBrowserContext instead of WebContents to persist devices

Browse Source 
due to changes like https://chromium-review.googlesource.com/c/chromium/src/+/3611967,
we can no longer use WebContents to store device permissions so this commit
moves device permission storage to live in memory in ElectronBrowserContext
instead.
This commit is contained in:
John Kleinschmidt
2022-06-02 14:08:51 -04:00
committed by Shelley Vohr
parent 2d81975792
commit 2f95568bfd
17 changed files with 231 additions and 411 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/api/session.md
View File

@@ -281,7 +281,7 @@ Returns:
* `event` Event
* `details` Object
* `device` [HIDDevice[]](structures/hid-device.md)
* `frame` [WebFrameMain](web-frame-main.md)
* `origin` string (optional) - The origin that the device has been revoked from.
Emitted after `HIDDevice.forget()` has been called. This event can be used
to help maintain persistent storage of permissions when
@@ -705,7 +705,6 @@ session.fromPartition('some-partition').setPermissionCheckHandler((webContents,
* `deviceType` string - The type of device that permission is being requested on, can be `hid` or `serial`.
* `origin` string - The origin URL of the device permission check.
* `device` [HIDDevice](structures/hid-device.md) | [SerialPort](structures/serial-port.md)- the device that permission is being requested for.
* `frame` [WebFrameMain](web-frame-main.md) - WebFrameMain checking the device permission.
Sets the handler which can be used to respond to device permission checks for the `session`.
Returning `true` will allow the device to be permitted and `false` will reject it.
@@ -713,8 +712,8 @@ To clear the handler, call `setDevicePermissionHandler(null)`.
This handler can be used to provide default permissioning to devices without first calling for permission
to devices (eg via `navigator.hid.requestDevice`). If this handler is not defined, the default device
permissions as granted through device selection (eg via `navigator.hid.requestDevice`) will be used.
Additionally, the default behavior of Electron is to store granted device permision through the lifetime
of the corresponding WebContents. If longer term storage is needed, a developer can store granted device
Additionally, the default behavior of Electron is to store granted device permision in memory.
If longer term storage is needed, a developer can store granted device
permissions (eg when handling the `select-hid-device` event) and then read from that storage with `setDevicePermissionHandler`.
```javascript

137
shell/browser/api/electron_api_web_contents.cc
View File

@@ -941,12 +941,6 @@ void WebContents::InitWithWebContents(
}
WebContents::~WebContents() {
// clear out objects that have been granted permissions so that when
// WebContents::RenderFrameDeleted is called as a result of WebContents
// destruction it doesn't try to clear out a granted_devices_
// on a destructed object.
granted_devices_.clear();
if (!inspectable_web_contents_) {
WebContentsDestroyed();
return;
@@ -1554,11 +1548,6 @@ void WebContents::RenderFrameDeleted(
// is swapped by content::RenderFrameHostManager.
//
// clear out objects that have been granted permissions
if (!granted_devices_.empty()) {
granted_devices_.erase(render_frame_host->GetFrameTreeNodeId());
}
// WebFrameMain::FromRenderFrameHost(rfh) will use the RFH's FrameTreeNode ID
// to find an existing instance of WebFrameMain. During a cross-origin
// navigation, the deleted RFH will be the old host which was swapped out. In
@@ -3515,132 +3504,6 @@ v8::Local<v8::Promise> WebContents::TakeHeapSnapshot(
return handle;
}
void WebContents::GrantDevicePermission(
const url::Origin& origin,
const base::Value* device,
blink::PermissionType permission_type,
content::RenderFrameHost* render_frame_host) {
granted_devices_[render_frame_host->GetFrameTreeNodeId()][permission_type]
[origin]
.push_back(
std::make_unique<base::Value>(device->Clone()));
}
void WebContents::RevokeDevicePermission(
const url::Origin& origin,
const base::Value* device,
blink::PermissionType permission_type,
content::RenderFrameHost* render_frame_host) {
const auto& devices_for_frame_host_it =
granted_devices_.find(render_frame_host->GetFrameTreeNodeId());
if (devices_for_frame_host_it == granted_devices_.end())
return;
const auto& current_devices_it =
devices_for_frame_host_it->second.find(permission_type);
if (current_devices_it == devices_for_frame_host_it->second.end())
return;
const auto& origin_devices_it = current_devices_it->second.find(origin);
if (origin_devices_it == current_devices_it->second.end())
return;
for (auto it = origin_devices_it->second.begin();
it != origin_devices_it->second.end();) {
if (DoesDeviceMatch(device, it->get(), permission_type)) {
it = origin_devices_it->second.erase(it);
} else {
++it;
}
}
}
bool WebContents::DoesDeviceMatch(const base::Value* device,
const base::Value* device_to_compare,
blink::PermissionType permission_type) {
if (permission_type ==
static_cast<blink::PermissionType>(
WebContentsPermissionHelper::PermissionType::HID)) {
if (device->GetDict().FindInt(kHidVendorIdKey) !=
device_to_compare->GetDict().FindInt(kHidVendorIdKey) ||
device->GetDict().FindInt(kHidProductIdKey) !=
device_to_compare->GetDict().FindInt(kHidProductIdKey)) {
return false;
}
const auto* serial_number =
device_to_compare->GetDict().FindString(kHidSerialNumberKey);
const auto* device_serial_number =
device->GetDict().FindString(kHidSerialNumberKey);
if (serial_number && device_serial_number &&
*device_serial_number == *serial_number)
return true;
} else if (permission_type ==
static_cast<blink::PermissionType>(
WebContentsPermissionHelper::PermissionType::SERIAL)) {
#if BUILDFLAG(IS_WIN)
const auto* instance_id =
device->GetDict().FindString(kDeviceInstanceIdKey);
const auto* port_instance_id =
device_to_compare->GetDict().FindString(kDeviceInstanceIdKey);
if (instance_id && port_instance_id && *instance_id == *port_instance_id)
return true;
#else
const auto* serial_number = device->GetDict().FindString(kSerialNumberKey);
const auto* port_serial_number =
device_to_compare->GetDict().FindString(kSerialNumberKey);
if (device->GetDict().FindInt(kVendorIdKey) !=
device_to_compare->GetDict().FindInt(kVendorIdKey) ||
device->GetDict().FindInt(kProductIdKey) !=
device_to_compare->GetDict().FindInt(kProductIdKey) ||
(serial_number && port_serial_number &&
*port_serial_number != *serial_number)) {
return false;
}
#if BUILDFLAG(IS_MAC)
const auto* usb_driver_key = device->GetDict().FindString(kUsbDriverKey);
const auto* port_usb_driver_key =
device_to_compare->GetDict().FindString(kUsbDriverKey);
if (usb_driver_key && port_usb_driver_key &&
*usb_driver_key != *port_usb_driver_key) {
return false;
}
#endif // BUILDFLAG(IS_MAC)
return true;
#endif // BUILDFLAG(IS_WIN)
}
return false;
}
bool WebContents::CheckDevicePermission(
const url::Origin& origin,
const base::Value* device,
blink::PermissionType permission_type,
content::RenderFrameHost* render_frame_host) {
const auto& devices_for_frame_host_it =
granted_devices_.find(render_frame_host->GetFrameTreeNodeId());
if (devices_for_frame_host_it == granted_devices_.end())
return false;
const auto& current_devices_it =
devices_for_frame_host_it->second.find(permission_type);
if (current_devices_it == devices_for_frame_host_it->second.end())
return false;
const auto& origin_devices_it = current_devices_it->second.find(origin);
if (origin_devices_it == current_devices_it->second.end())
return false;
for (const auto& device_to_compare : origin_devices_it->second) {
if (DoesDeviceMatch(device, device_to_compare.get(), permission_type))
return true;
}
return false;
}
void WebContents::UpdatePreferredSize(content::WebContents* web_contents,
const gfx::Size& pref_size) {
Emit("preferred-size-changed", pref_size);

35
shell/browser/api/electron_api_web_contents.h
View File

@@ -42,7 +42,6 @@
#include "shell/common/gin_helper/constructible.h"
#include "shell/common/gin_helper/error_thrower.h"
#include "shell/common/gin_helper/pinnable.h"
#include "third_party/blink/public/common/permissions/permission_utils.h"
#include "ui/base/models/image_model.h"
#include "ui/gfx/image/image.h"
@@ -95,11 +94,6 @@ class OffScreenWebContentsView;
namespace api {
using DevicePermissionMap = std::map<
int,
std::map<blink::PermissionType,
std::map<url::Origin, std::vector<std::unique_ptr<base::Value>>>>>;
// Wrapper around the content::WebContents.
class WebContents : public ExclusiveAccessContext,
public gin::Wrappable<WebContents>,
@@ -438,28 +432,6 @@ class WebContents : public ExclusiveAccessContext,
void SetImageAnimationPolicy(const std::string& new_policy);
// Grants |origin| access to |device|.
// To be used in place of ObjectPermissionContextBase::GrantObjectPermission.
void GrantDevicePermission(const url::Origin& origin,
const base::Value* device,
blink::PermissionType permissionType,
content::RenderFrameHost* render_frame_host);
// Revokes |origin| access to |device|.
// To be used in place of ObjectPermissionContextBase::RevokeObjectPermission.
void RevokeDevicePermission(const url::Origin& origin,
const base::Value* device,
blink::PermissionType permission_type,
content::RenderFrameHost* render_frame_host);
// Returns the list of devices that |origin| has been granted permission to
// access. To be used in place of
// ObjectPermissionContextBase::GetGrantedObjects.
bool CheckDevicePermission(const url::Origin& origin,
const base::Value* device,
blink::PermissionType permissionType,
content::RenderFrameHost* render_frame_host);
// disable copy
WebContents(const WebContents&) = delete;
WebContents& operator=(const WebContents&) = delete;
@@ -755,10 +727,6 @@ class WebContents : public ExclusiveAccessContext,
// Update the html fullscreen flag in both browser and renderer.
void UpdateHtmlApiFullscreen(bool fullscreen);
bool DoesDeviceMatch(const base::Value* device,
const base::Value* device_to_compare,
blink::PermissionType permission_type);
v8::Global<v8::Value> session_;
v8::Global<v8::Value> devtools_web_contents_;
v8::Global<v8::Value> debugger_;
@@ -843,9 +811,6 @@ class WebContents : public ExclusiveAccessContext,
// Stores the frame thats currently in fullscreen, nullptr if there is none.
content::RenderFrameHost* fullscreen_frame_ = nullptr;
// In-memory cache that holds objects that have been granted permissions.
DevicePermissionMap granted_devices_;
base::WeakPtrFactory<WebContents> weak_factory_{this};
};

110
shell/browser/electron_browser_context.cc
View File

@@ -46,6 +46,7 @@
#include "shell/browser/protocol_registry.h"
#include "shell/browser/special_storage_policy.h"
#include "shell/browser/ui/inspectable_web_contents.h"
#include "shell/browser/web_contents_permission_helper.h"
#include "shell/browser/web_view_manager.h"
#include "shell/browser/zoom_level_delegate.h"
#include "shell/common/application_info.h"
@@ -412,6 +413,115 @@ void ElectronBrowserContext::SetSSLConfigClient(
ssl_config_client_ = std::move(client);
}
void ElectronBrowserContext::GrantDevicePermission(
const url::Origin& origin,
const base::Value& device,
blink::PermissionType permission_type) {
granted_devices_[permission_type][origin].push_back(
std::make_unique<base::Value>(device.Clone()));
}
void ElectronBrowserContext::RevokeDevicePermission(
const url::Origin& origin,
const base::Value& device,
blink::PermissionType permission_type) {
const auto& current_devices_it = granted_devices_.find(permission_type);
if (current_devices_it == granted_devices_.end())
return;
const auto& origin_devices_it = current_devices_it->second.find(origin);
if (origin_devices_it == current_devices_it->second.end())
return;
for (auto it = origin_devices_it->second.begin();
it != origin_devices_it->second.end();) {
if (DoesDeviceMatch(device, it->get(), permission_type)) {
it = origin_devices_it->second.erase(it);
} else {
++it;
}
}
}
bool ElectronBrowserContext::DoesDeviceMatch(
const base::Value& device,
const base::Value* device_to_compare,
blink::PermissionType permission_type) {
if (permission_type ==
static_cast<blink::PermissionType>(
WebContentsPermissionHelper::PermissionType::HID)) {
if (device.GetDict().FindInt(kHidVendorIdKey) !=
device_to_compare->GetDict().FindInt(kHidVendorIdKey) ||
device.GetDict().FindInt(kHidProductIdKey) !=
device_to_compare->GetDict().FindInt(kHidProductIdKey)) {
return false;
}
const auto* serial_number =
device_to_compare->GetDict().FindString(kHidSerialNumberKey);
const auto* device_serial_number =
device.GetDict().FindString(kHidSerialNumberKey);
if (serial_number && device_serial_number &&
*device_serial_number == *serial_number)
return true;
} else if (permission_type ==
static_cast<blink::PermissionType>(
WebContentsPermissionHelper::PermissionType::SERIAL)) {
#if BUILDFLAG(IS_WIN)
const auto* instance_id = device.GetDict().FindString(kDeviceInstanceIdKey);
const auto* port_instance_id =
device_to_compare->GetDict().FindString(kDeviceInstanceIdKey);
if (instance_id && port_instance_id && *instance_id == *port_instance_id)
return true;
#else
const auto* serial_number = device.GetDict().FindString(kSerialNumberKey);
const auto* port_serial_number =
device_to_compare->GetDict().FindString(kSerialNumberKey);
if (device.GetDict().FindInt(kVendorIdKey) !=
device_to_compare->GetDict().FindInt(kVendorIdKey) ||
device.GetDict().FindInt(kProductIdKey) !=
device_to_compare->GetDict().FindInt(kProductIdKey) ||
(serial_number && port_serial_number &&
*port_serial_number != *serial_number)) {
return false;
}
#if BUILDFLAG(IS_MAC)
const auto* usb_driver_key = device.GetDict().FindString(kUsbDriverKey);
const auto* port_usb_driver_key =
device_to_compare->GetDict().FindString(kUsbDriverKey);
if (usb_driver_key && port_usb_driver_key &&
*usb_driver_key != *port_usb_driver_key) {
return false;
}
#endif // BUILDFLAG(IS_MAC)
return true;
#endif // BUILDFLAG(IS_WIN)
}
return false;
}
bool ElectronBrowserContext::CheckDevicePermission(
const url::Origin& origin,
const base::Value& device,
blink::PermissionType permission_type) {
const auto& current_devices_it = granted_devices_.find(permission_type);
if (current_devices_it == granted_devices_.end())
return false;
const auto& origin_devices_it = current_devices_it->second.find(origin);
if (origin_devices_it == current_devices_it->second.end())
return false;
for (const auto& device_to_compare : origin_devices_it->second) {
if (DoesDeviceMatch(device, device_to_compare.get(), permission_type))
return true;
}
return false;
}
// static
ElectronBrowserContext* ElectronBrowserContext::From(
const std::string& partition,

32
shell/browser/electron_browser_context.h
View File

@@ -8,6 +8,7 @@
#include <map>
#include <memory>
#include <string>
#include <vector>
#include "base/memory/weak_ptr.h"
#include "chrome/browser/predictors/preconnect_manager.h"
@@ -18,6 +19,7 @@
#include "services/network/public/mojom/network_context.mojom.h"
#include "services/network/public/mojom/url_loader_factory.mojom.h"
#include "shell/browser/media/media_device_id_salt.h"
#include "third_party/blink/public/common/permissions/permission_utils.h"
class PrefService;
class ValueMapPrefStore;
@@ -38,6 +40,10 @@ class ElectronExtensionSystem;
namespace electron {
using DevicePermissionMap =
std::map<blink::PermissionType,
std::map<url::Origin, std::vector<std::unique_ptr<base::Value>>>>;
class ElectronBrowserContext;
class ElectronDownloadManagerDelegate;
class ElectronPermissionManager;
@@ -148,6 +154,25 @@ class ElectronBrowserContext : public content::BrowserContext {
~ElectronBrowserContext() override;
// Grants |origin| access to |device|.
// To be used in place of ObjectPermissionContextBase::GrantObjectPermission.
void GrantDevicePermission(const url::Origin& origin,
const base::Value& device,
blink::PermissionType permissionType);
// Revokes |origin| access to |device|.
// To be used in place of ObjectPermissionContextBase::RevokeObjectPermission.
void RevokeDevicePermission(const url::Origin& origin,
const base::Value& device,
blink::PermissionType permission_type);
// Returns the list of devices that |origin| has been granted permission to
// access. To be used in place of
// ObjectPermissionContextBase::GetGrantedObjects.
bool CheckDevicePermission(const url::Origin& origin,
const base::Value& device,
blink::PermissionType permissionType);
private:
ElectronBrowserContext(const std::string& partition,
bool in_memory,
@@ -156,6 +181,10 @@ class ElectronBrowserContext : public content::BrowserContext {
// Initialize pref registry.
void InitPrefs();
bool DoesDeviceMatch(const base::Value& device,
const base::Value* device_to_compare,
blink::PermissionType permission_type);
ValueMapPrefStore* in_memory_pref_store_ = nullptr;
std::unique_ptr<content::ResourceContext> resource_context_;
@@ -187,6 +216,9 @@ class ElectronBrowserContext : public content::BrowserContext {
network::mojom::SSLConfigPtr ssl_config_;
mojo::Remote<network::mojom::SSLConfigClient> ssl_config_client_;
// In-memory cache that holds objects that have been granted permissions.
DevicePermissionMap granted_devices_;
base::WeakPtrFactory<ElectronBrowserContext> weak_factory_{this};
};

38
shell/browser/electron_permission_manager.cc
View File

@@ -307,25 +307,17 @@ bool ElectronPermissionManager::CheckPermissionWithDetails(
bool ElectronPermissionManager::CheckDevicePermission(
blink::PermissionType permission,
const url::Origin& origin,
const base::Value* device,
content::RenderFrameHost* render_frame_host) const {
auto* web_contents =
content::WebContents::FromRenderFrameHost(render_frame_host);
api::WebContents* api_web_contents = api::WebContents::From(web_contents);
const base::Value& device,
ElectronBrowserContext* browser_context) const {
if (device_permission_handler_.is_null()) {
if (api_web_contents) {
return api_web_contents->CheckDevicePermission(origin, device, permission,
render_frame_host);
}
return false;
return browser_context->CheckDevicePermission(origin, device, permission);
} else {
v8::Isolate* isolate = JavascriptEnvironment::GetIsolate();
v8::HandleScope scope(isolate);
v8::Local<v8::Object> details = gin::DataObjectBuilder(isolate)
.Set("deviceType", permission)
.Set("origin", origin.Serialize())
.Set("device", device->Clone())
.Set("frame", render_frame_host)
.Set("device", device.Clone())
.Build();
return device_permission_handler_.Run(details);
}
@@ -334,29 +326,19 @@ bool ElectronPermissionManager::CheckDevicePermission(
void ElectronPermissionManager::GrantDevicePermission(
blink::PermissionType permission,
const url::Origin& origin,
const base::Value* device,
content::RenderFrameHost* render_frame_host) const {
const base::Value& device,
ElectronBrowserContext* browser_context) const {
if (device_permission_handler_.is_null()) {
auto* web_contents =
content::WebContents::FromRenderFrameHost(render_frame_host);
api::WebContents* api_web_contents = api::WebContents::From(web_contents);
if (api_web_contents)
api_web_contents->GrantDevicePermission(origin, device, permission,
render_frame_host);
browser_context->GrantDevicePermission(origin, device, permission);
}
}
void ElectronPermissionManager::RevokeDevicePermission(
blink::PermissionType permission,
const url::Origin& origin,
const base::Value* device,
content::RenderFrameHost* render_frame_host) const {
auto* web_contents =
content::WebContents::FromRenderFrameHost(render_frame_host);
api::WebContents* api_web_contents = api::WebContents::From(web_contents);
if (api_web_contents)
api_web_contents->RevokeDevicePermission(origin, device, permission,
render_frame_host);
const base::Value& device,
ElectronBrowserContext* browser_context) const {
browser_context->RevokeDevicePermission(origin, device, permission);
}
blink::mojom::PermissionStatus

18
shell/browser/electron_permission_manager.h
View File

@@ -12,6 +12,7 @@
#include "base/containers/id_map.h"
#include "content/public/browser/permission_controller_delegate.h"
#include "gin/dictionary.h"
#include "shell/browser/electron_browser_context.h"
namespace base {
class DictionaryValue;
@@ -91,19 +92,18 @@ class ElectronPermissionManager : public content::PermissionControllerDelegate {
bool CheckDevicePermission(blink::PermissionType permission,
const url::Origin& origin,
const base::Value* object,
content::RenderFrameHost* render_frame_host) const;
const base::Value& object,
ElectronBrowserContext* browser_context) const;
void GrantDevicePermission(blink::PermissionType permission,
const url::Origin& origin,
const base::Value* object,
content::RenderFrameHost* render_frame_host) const;
const base::Value& object,
ElectronBrowserContext* browser_context) const;
void RevokeDevicePermission(
blink::PermissionType permission,
const url::Origin& origin,
const base::Value* object,
content::RenderFrameHost* render_frame_host) const;
void RevokeDevicePermission(blink::PermissionType permission,
const url::Origin& origin,
const base::Value& object,
ElectronBrowserContext* browser_context) const;
protected:
void OnPermissionResponse(int request_id,

24
shell/browser/hid/electron_hid_delegate.cc
View File

@@ -10,10 +10,12 @@
#include "base/command_line.h"
#include "content/public/browser/web_contents.h"
#include "services/device/public/cpp/hid/hid_switches.h"
#include "shell/browser/electron_permission_manager.h"
#include "shell/browser/hid/hid_chooser_context.h"
#include "shell/browser/hid/hid_chooser_context_factory.h"
#include "shell/browser/hid/hid_chooser_controller.h"
#include "shell/browser/web_contents_permission_helper.h"
#include "third_party/blink/public/common/permissions/permission_utils.h"
namespace {
@@ -49,8 +51,6 @@ std::unique_ptr<content::HidChooser> ElectronHidDelegate::RunChooser(
AddControllerForFrame(render_frame_host, std::move(filters),
std::move(exclusion_filters), std::move(callback));
render_frame_host_id_ = render_frame_host->GetGlobalId();
// Return a nullptr because the return value isn't used for anything, eg
// there is no mechanism to cancel navigator.hid.requestDevice(). The return
// value is simply used in Chromium to cleanup the chooser UI once the serial
@@ -61,30 +61,30 @@ std::unique_ptr<content::HidChooser> ElectronHidDelegate::RunChooser(
bool ElectronHidDelegate::CanRequestDevicePermission(
content::BrowserContext* browser_context,
const url::Origin& origin) {
auto* rfh = content::RenderFrameHost::FromID(render_frame_host_id_);
auto* web_contents = content::WebContents::FromRenderFrameHost(rfh);
auto* permission_helper =
WebContentsPermissionHelper::FromWebContents(web_contents);
return permission_helper->CheckHIDAccessPermission(
web_contents->GetMainFrame()->GetLastCommittedOrigin());
base::DictionaryValue details;
details.SetString("securityOrigin", origin.GetURL().spec());
auto* permission_manager = static_cast<ElectronPermissionManager*>(
browser_context->GetPermissionControllerDelegate());
return permission_manager->CheckPermissionWithDetails(
static_cast<blink::PermissionType>(
WebContentsPermissionHelper::PermissionType::HID),
nullptr, origin.GetURL(), &details);
}
bool ElectronHidDelegate::HasDevicePermission(
content::BrowserContext* browser_context,
const url::Origin& origin,
const device::mojom::HidDeviceInfo& device) {
auto* rfh = content::RenderFrameHost::FromID(render_frame_host_id_);
return GetChooserContext(browser_context)
->HasDevicePermission(origin, device, rfh);
->HasDevicePermission(origin, device);
}
void ElectronHidDelegate::RevokeDevicePermission(
content::BrowserContext* browser_context,
const url::Origin& origin,
const device::mojom::HidDeviceInfo& device) {
auto* rfh = content::RenderFrameHost::FromID(render_frame_host_id_);
return GetChooserContext(browser_context)
->RevokeDevicePermission(origin, device, rfh);
->RevokeDevicePermission(origin, device);
}
device::mojom::HidManager* ElectronHidDelegate::GetHidManager(

2
shell/browser/hid/electron_hid_delegate.h
View File

@@ -83,8 +83,6 @@ class ElectronHidDelegate : public content::HidDelegate,
std::unique_ptr<HidChooserController>>
controller_map_;
content::GlobalRenderFrameHostId render_frame_host_id_;
base::WeakPtrFactory<ElectronHidDelegate> weak_factory_{this};
};

62
shell/browser/hid/hid_chooser_context.cc
View File

@@ -20,12 +20,15 @@
#include "services/device/public/cpp/hid/hid_blocklist.h"
#include "services/device/public/cpp/hid/hid_switches.h"
#include "shell/browser/api/electron_api_session.h"
#include "shell/browser/electron_permission_manager.h"
#include "shell/browser/web_contents_permission_helper.h"
#include "shell/common/gin_converters/content_converter.h"
#include "shell/common/gin_converters/frame_converter.h"
#include "shell/common/gin_converters/hid_device_info_converter.h"
#include "shell/common/gin_converters/value_converter.h"
#include "shell/common/gin_helper/dictionary.h"
#include "third_party/blink/public/common/permissions/permission_utils.h"
#include "ui/base/l10n/l10n_util.h"
namespace electron {
@@ -90,16 +93,16 @@ base::Value HidChooserContext::DeviceInfoToValue(
void HidChooserContext::GrantDevicePermission(
const url::Origin& origin,
const device::mojom::HidDeviceInfo& device,
content::RenderFrameHost* render_frame_host) {
const device::mojom::HidDeviceInfo& device) {
DCHECK(base::Contains(devices_, device.guid));
if (CanStorePersistentEntry(device)) {
auto* web_contents =
content::WebContents::FromRenderFrameHost(render_frame_host);
auto* permission_helper =
WebContentsPermissionHelper::FromWebContents(web_contents);
permission_helper->GrantHIDDevicePermission(
origin, DeviceInfoToValue(device), render_frame_host);
auto* permission_manager = static_cast<ElectronPermissionManager*>(
browser_context_->GetPermissionControllerDelegate());
permission_manager->GrantDevicePermission(
static_cast<blink::PermissionType>(
WebContentsPermissionHelper::PermissionType::HID),
origin, DeviceInfoToValue(device), browser_context_);
} else {
ephemeral_devices_[origin].insert(device.guid);
}
@@ -107,40 +110,34 @@ void HidChooserContext::GrantDevicePermission(
void HidChooserContext::RevokeDevicePermission(
const url::Origin& origin,
const device::mojom::HidDeviceInfo& device,
content::RenderFrameHost* render_frame_host) {
const device::mojom::HidDeviceInfo& device) {
DCHECK(base::Contains(devices_, device.guid));
if (CanStorePersistentEntry(device)) {
RevokePersistentDevicePermission(origin, device, render_frame_host);
RevokePersistentDevicePermission(origin, device);
} else {
RevokeEphemeralDevicePermission(origin, device);
}
auto* web_contents =
content::WebContents::FromRenderFrameHost(render_frame_host);
api::Session* session =
api::Session::FromBrowserContext(web_contents->GetBrowserContext());
api::Session* session = api::Session::FromBrowserContext(browser_context_);
if (session) {
v8::Isolate* isolate = JavascriptEnvironment::GetIsolate();
v8::HandleScope scope(isolate);
gin_helper::Dictionary details =
gin_helper::Dictionary::CreateEmpty(isolate);
details.Set("device", device.Clone());
details.SetGetter("frame", render_frame_host);
details.Set("origin", origin.Serialize());
session->Emit("hid-device-revoked", details);
}
}
void HidChooserContext::RevokePersistentDevicePermission(
const url::Origin& origin,
const device::mojom::HidDeviceInfo& device,
content::RenderFrameHost* render_frame_host) {
auto* web_contents =
content::WebContents::FromRenderFrameHost(render_frame_host);
auto* permission_helper =
WebContentsPermissionHelper::FromWebContents(web_contents);
permission_helper->RevokeHIDDevicePermission(
origin, DeviceInfoToValue(device), render_frame_host);
const device::mojom::HidDeviceInfo& device) {
auto* permission_manager = static_cast<ElectronPermissionManager*>(
browser_context_->GetPermissionControllerDelegate());
permission_manager->RevokeDevicePermission(
static_cast<blink::PermissionType>(
WebContentsPermissionHelper::PermissionType::HID),
origin, DeviceInfoToValue(device), browser_context_);
RevokeEphemeralDevicePermission(origin, device);
}
@@ -167,8 +164,7 @@ void HidChooserContext::RevokeEphemeralDevicePermission(
bool HidChooserContext::HasDevicePermission(
const url::Origin& origin,
const device::mojom::HidDeviceInfo& device,
content::RenderFrameHost* render_frame_host) {
const device::mojom::HidDeviceInfo& device) {
if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
switches::kDisableHidBlocklist) &&
device.is_excluded_by_blocklist)
@@ -180,12 +176,12 @@ bool HidChooserContext::HasDevicePermission(
return true;
}
auto* web_contents =
content::WebContents::FromRenderFrameHost(render_frame_host);
auto* permission_helper =
WebContentsPermissionHelper::FromWebContents(web_contents);
return permission_helper->CheckHIDDevicePermission(
origin, DeviceInfoToValue(device), render_frame_host);
auto* permission_manager = static_cast<ElectronPermissionManager*>(
browser_context_->GetPermissionControllerDelegate());
return permission_manager->CheckDevicePermission(
static_cast<blink::PermissionType>(
WebContentsPermissionHelper::PermissionType::HID),
origin, DeviceInfoToValue(device), browser_context_);
}
void HidChooserContext::AddDeviceObserver(DeviceObserver* observer) {

13
shell/browser/hid/hid_chooser_context.h
View File

@@ -16,7 +16,6 @@
#include "base/memory/weak_ptr.h"
#include "base/observer_list.h"
#include "base/unguessable_token.h"
#include "content/public/browser/render_frame_host.h"
#include "content/public/browser/web_contents.h"
#include "mojo/public/cpp/bindings/associated_receiver.h"
#include "mojo/public/cpp/bindings/pending_remote.h"
@@ -74,14 +73,11 @@ class HidChooserContext : public KeyedService,
// HID-specific interface for granting and checking permissions.
void GrantDevicePermission(const url::Origin& origin,
const device::mojom::HidDeviceInfo& device,
content::RenderFrameHost* render_frame_host);
const device::mojom::HidDeviceInfo& device);
void RevokeDevicePermission(const url::Origin& origin,
const device::mojom::HidDeviceInfo& device,
content::RenderFrameHost* render_frame_host);
const device::mojom::HidDeviceInfo& device);
bool HasDevicePermission(const url::Origin& origin,
const device::mojom::HidDeviceInfo& device,
content::RenderFrameHost* render_frame_host);
const device::mojom::HidDeviceInfo& device);
// For ScopedObserver.
void AddDeviceObserver(DeviceObserver* observer);
@@ -117,8 +113,7 @@ class HidChooserContext : public KeyedService,
// HID-specific interface for revoking device permissions.
void RevokePersistentDevicePermission(
const url::Origin& origin,
const device::mojom::HidDeviceInfo& device,
content::RenderFrameHost* render_frame_host);
const device::mojom::HidDeviceInfo& device);
void RevokeEphemeralDevicePermission(
const url::Origin& origin,
const device::mojom::HidDeviceInfo& device);

3
shell/browser/hid/hid_chooser_controller.cc
View File

@@ -196,8 +196,7 @@ void HidChooserController::OnDeviceChosen(gin::Arguments* args) {
std::vector<device::mojom::HidDeviceInfoPtr> devices;
devices.reserve(device_infos.size());
for (auto& device : device_infos) {
chooser_context_->GrantDevicePermission(origin_, *device,
web_contents()->GetMainFrame());
chooser_context_->GrantDevicePermission(origin_, *device);
devices.push_back(device->Clone());
}
RunCallback(std::move(devices));

30
shell/browser/serial/serial_chooser_context.cc
View File

@@ -15,6 +15,7 @@
#include "content/public/browser/device_service.h"
#include "content/public/browser/web_contents.h"
#include "mojo/public/cpp/bindings/pending_remote.h"
#include "shell/browser/electron_permission_manager.h"
#include "shell/browser/web_contents_permission_helper.h"
namespace electron {
@@ -86,7 +87,8 @@ base::Value PortInfoToValue(const device::mojom::SerialPortInfo& port) {
return value;
}
SerialChooserContext::SerialChooserContext() = default;
SerialChooserContext::SerialChooserContext(ElectronBrowserContext* context)
: browser_context_(context) {}
SerialChooserContext::~SerialChooserContext() = default;
@@ -99,26 +101,24 @@ void SerialChooserContext::GrantPortPermission(
const url::Origin& origin,
const device::mojom::SerialPortInfo& port,
content::RenderFrameHost* render_frame_host) {
base::Value value = PortInfoToValue(port);
auto* web_contents =
content::WebContents::FromRenderFrameHost(render_frame_host);
auto* permission_helper =
WebContentsPermissionHelper::FromWebContents(web_contents);
permission_helper->GrantSerialPortPermission(origin, std::move(value),
render_frame_host);
auto* permission_manager = static_cast<ElectronPermissionManager*>(
browser_context_->GetPermissionControllerDelegate());
return permission_manager->GrantDevicePermission(
static_cast<blink::PermissionType>(
WebContentsPermissionHelper::PermissionType::SERIAL),
origin, PortInfoToValue(port), browser_context_);
}
bool SerialChooserContext::HasPortPermission(
const url::Origin& origin,
const device::mojom::SerialPortInfo& port,
content::RenderFrameHost* render_frame_host) {
auto* web_contents =
content::WebContents::FromRenderFrameHost(render_frame_host);
auto* permission_helper =
WebContentsPermissionHelper::FromWebContents(web_contents);
base::Value value = PortInfoToValue(port);
return permission_helper->CheckSerialPortPermission(origin, std::move(value),
render_frame_host);
auto* permission_manager = static_cast<ElectronPermissionManager*>(
browser_context_->GetPermissionControllerDelegate());
return permission_manager->CheckDevicePermission(
static_cast<blink::PermissionType>(
WebContentsPermissionHelper::PermissionType::SERIAL),
origin, PortInfoToValue(port), browser_context_);
}
void SerialChooserContext::RevokePortPermissionWebInitiated(

4
shell/browser/serial/serial_chooser_context.h
View File

@@ -48,7 +48,7 @@ class SerialChooserContext : public KeyedService,
public:
using PortObserver = content::SerialDelegate::Observer;
SerialChooserContext();
explicit SerialChooserContext(ElectronBrowserContext* context);
~SerialChooserContext() override;
// disable copy
@@ -104,6 +104,8 @@ class SerialChooserContext : public KeyedService,
mojo::Receiver<device::mojom::SerialPortManagerClient> client_receiver_{this};
base::ObserverList<PortObserver> port_observer_list_;
ElectronBrowserContext* browser_context_;
base::WeakPtrFactory<SerialChooserContext> weak_factory_{this};
};

4
shell/browser/serial/serial_chooser_context_factory.cc
View File

@@ -19,7 +19,9 @@ SerialChooserContextFactory::~SerialChooserContextFactory() = default;
KeyedService* SerialChooserContextFactory::BuildServiceInstanceFor(
content::BrowserContext* context) const {
return new SerialChooserContext();
auto* browser_context =
static_cast<electron::ElectronBrowserContext*>(context);
return new SerialChooserContext(browser_context);
}
// static

86
shell/browser/web_contents_permission_helper.cc
View File

@@ -85,39 +85,6 @@ bool WebContentsPermissionHelper::CheckPermission(
details);
}
bool WebContentsPermissionHelper::CheckDevicePermission(
blink::PermissionType permission,
const url::Origin& origin,
const base::Value* device,
content::RenderFrameHost* render_frame_host) const {
auto* permission_manager = static_cast<ElectronPermissionManager*>(
web_contents_->GetBrowserContext()->GetPermissionControllerDelegate());
return permission_manager->CheckDevicePermission(permission, origin, device,
render_frame_host);
}
void WebContentsPermissionHelper::GrantDevicePermission(
blink::PermissionType permission,
const url::Origin& origin,
const base::Value* device,
content::RenderFrameHost* render_frame_host) const {
auto* permission_manager = static_cast<ElectronPermissionManager*>(
web_contents_->GetBrowserContext()->GetPermissionControllerDelegate());
permission_manager->GrantDevicePermission(permission, origin, device,
render_frame_host);
}
void WebContentsPermissionHelper::RevokeDevicePermission(
blink::PermissionType permission,
const url::Origin& origin,
const base::Value* device,
content::RenderFrameHost* render_frame_host) const {
auto* permission_manager = static_cast<ElectronPermissionManager*>(
web_contents_->GetBrowserContext()->GetPermissionControllerDelegate());
permission_manager->RevokeDevicePermission(permission, origin, device,
render_frame_host);
}
void WebContentsPermissionHelper::RequestFullscreenPermission(
base::OnceCallback<void(bool)> callback) {
RequestPermission(
@@ -197,59 +164,6 @@ bool WebContentsPermissionHelper::CheckSerialAccessPermission(
static_cast<blink::PermissionType>(PermissionType::SERIAL), &details);
}
bool WebContentsPermissionHelper::CheckSerialPortPermission(
const url::Origin& origin,
base::Value device,
content::RenderFrameHost* render_frame_host) const {
return CheckDevicePermission(
static_cast<blink::PermissionType>(PermissionType::SERIAL), origin,
&device, render_frame_host);
}
void WebContentsPermissionHelper::GrantSerialPortPermission(
const url::Origin& origin,
base::Value device,
content::RenderFrameHost* render_frame_host) const {
return GrantDevicePermission(
static_cast<blink::PermissionType>(PermissionType::SERIAL), origin,
&device, render_frame_host);
}
bool WebContentsPermissionHelper::CheckHIDAccessPermission(
const url::Origin& embedding_origin) const {
base::DictionaryValue details;
details.SetString("securityOrigin", embedding_origin.GetURL().spec());
return CheckPermission(
static_cast<blink::PermissionType>(PermissionType::HID), &details);
}
bool WebContentsPermissionHelper::CheckHIDDevicePermission(
const url::Origin& origin,
base::Value device,
content::RenderFrameHost* render_frame_host) const {
return CheckDevicePermission(
static_cast<blink::PermissionType>(PermissionType::HID), origin, &device,
render_frame_host);
}
void WebContentsPermissionHelper::GrantHIDDevicePermission(
const url::Origin& origin,
base::Value device,
content::RenderFrameHost* render_frame_host) const {
return GrantDevicePermission(
static_cast<blink::PermissionType>(PermissionType::HID), origin, &device,
render_frame_host);
}
void WebContentsPermissionHelper::RevokeHIDDevicePermission(
const url::Origin& origin,
base::Value device,
content::RenderFrameHost* render_frame_host) const {
return RevokeDevicePermission(
static_cast<blink::PermissionType>(PermissionType::HID), origin, &device,
render_frame_host);
}
WEB_CONTENTS_USER_DATA_KEY_IMPL(WebContentsPermissionHelper);
} // namespace electron

37
shell/browser/web_contents_permission_helper.h
View File

@@ -51,27 +51,6 @@ class WebContentsPermissionHelper
bool CheckMediaAccessPermission(const GURL& security_origin,
blink::mojom::MediaStreamType type) const;
bool CheckSerialAccessPermission(const url::Origin& embedding_origin) const;
bool CheckSerialPortPermission(
const url::Origin& origin,
base::Value device,
content::RenderFrameHost* render_frame_host) const;
void GrantSerialPortPermission(
const url::Origin& origin,
base::Value device,
content::RenderFrameHost* render_frame_host) const;
bool CheckHIDAccessPermission(const url::Origin& embedding_origin) const;
bool CheckHIDDevicePermission(
const url::Origin& origin,
base::Value device,
content::RenderFrameHost* render_frame_host) const;
void GrantHIDDevicePermission(
const url::Origin& origin,
base::Value device,
content::RenderFrameHost* render_frame_host) const;
void RevokeHIDDevicePermission(
const url::Origin& origin,
base::Value device,
content::RenderFrameHost* render_frame_host) const;
private:
explicit WebContentsPermissionHelper(content::WebContents* web_contents);
@@ -85,22 +64,6 @@ class WebContentsPermissionHelper
bool CheckPermission(blink::PermissionType permission,
const base::DictionaryValue* details) const;
bool CheckDevicePermission(blink::PermissionType permission,
const url::Origin& origin,
const base::Value* device,
content::RenderFrameHost* render_frame_host) const;
void GrantDevicePermission(blink::PermissionType permission,
const url::Origin& origin,
const base::Value* device,
content::RenderFrameHost* render_frame_host) const;
void RevokeDevicePermission(
blink::PermissionType permission,
const url::Origin& origin,
const base::Value* device,
content::RenderFrameHost* render_frame_host) const;
// TODO(clavin): refactor to use the WebContents provided by the
// WebContentsUserData base class instead of storing a duplicate ref
content::WebContents* web_contents_;