feat: add --disable-geolocation command-line flag for macOS (#45934)

* feat(macos): add --disable-geolocation-mac command-line flag

* internally deny geolocation requests if flag set

e

* wrap PermissionRequestHandler instead

* wrap custom handler and deny regardless of response

* Update docs/api/command-line-switches.md

Co-authored-by: Will Anderson <will@itsananderson.com>

* resolving conflicts during rebase

* tests added

* tests added: minor changes

* move IsGeolocationDisabledViaCommandLine inside ElectronPermissionManager as a static member

* test: inject fixturesPath via --boot-eval

* Update shell/browser/electron_permission_manager.cc

Co-authored-by: Robo <hop2deep@gmail.com>

* chore: Fixup after merge

* fixup after merge

---------

Co-authored-by: Will Anderson <will@itsananderson.com>
Co-authored-by: Robo <hop2deep@gmail.com>
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>

shell/browser/api/electron_api_session.cc

@@ -886,6 +886,24 @@ void Session::SetPermissionRequestHandler(v8::Local<v8::Value> val,
          blink::PermissionType permission_type,
          ElectronPermissionManager::StatusCallback callback,
          const base::Value& details) {
+#if (BUILDFLAG(IS_MAC))
+        if (permission_type == blink::PermissionType::GEOLOCATION) {
+          if (ElectronPermissionManager::
+                  IsGeolocationDisabledViaCommandLine()) {
+            auto original_callback = std::move(callback);
+            callback = base::BindOnce(
+                [](ElectronPermissionManager::StatusCallback callback,
+                   content::PermissionResult /*ignored_result*/) {
+                  // Always deny regardless of what
+                  // content::PermissionResult is passed here
+                  std::move(callback).Run(content::PermissionResult(
+                      blink::mojom::PermissionStatus::DENIED,
+                      content::PermissionStatusSource::UNSPECIFIED));
+                },
+                std::move(original_callback));
+          }
+        }
+#endif
         handler->Run(web_contents, permission_type, std::move(callback),
                      details);
       },

shell/browser/electron_browser_main_parts_mac.mm

@@ -11,6 +11,7 @@
 #include "services/device/public/cpp/geolocation/geolocation_system_permission_manager.h"
 #include "services/device/public/cpp/geolocation/system_geolocation_source_apple.h"
 #include "shell/browser/browser_process_impl.h"
+#include "shell/browser/electron_permission_manager.h"
 #include "shell/browser/mac/electron_application.h"
 #include "shell/browser/mac/electron_application_delegate.h"
 #include "ui/base/l10n/l10n_util_mac.h"
@@ -32,7 +33,13 @@ void ElectronBrowserMainParts::PreCreateMainMessageLoop() {
       setObject:@"NO"
          forKey:@"NSTreatUnknownArgumentsAsOpen"];
 
-  if (!device::GeolocationSystemPermissionManager::GetInstance()) {
+  const bool geolocationDisabled =
+      ElectronPermissionManager::IsGeolocationDisabledViaCommandLine();
+
+  // Check if geolocation api is NOT disabled via command line before
+  // CreateGeolocationSystemPermissionManager is called
+  if (!geolocationDisabled &&
+      !device::GeolocationSystemPermissionManager::GetInstance()) {
     device::GeolocationSystemPermissionManager::SetInstance(
         device::SystemGeolocationSourceApple::
             CreateGeolocationSystemPermissionManager());

shell/browser/electron_permission_manager.cc

@@ -8,6 +8,7 @@
 #include <utility>
 #include <vector>
 
+#include "base/command_line.h"
 #include "base/containers/to_vector.h"
 #include "base/values.h"
 #include "content/browser/permissions/permission_util.h"  // nogncheck
@@ -146,6 +147,17 @@ void ElectronPermissionManager::SetBluetoothPairingHandler(
   bluetooth_pairing_handler_ = handler;
 }
 
+// static
+bool ElectronPermissionManager::IsGeolocationDisabledViaCommandLine() {
+// Remove platform check once flag is extended to other platforms
+#if BUILDFLAG(IS_MAC)
+  auto* command_line = base::CommandLine::ForCurrentProcess();
+  return command_line->HasSwitch("disable-geolocation");
+#else
+  return false;
+#endif
+}
+
 bool ElectronPermissionManager::HasPermissionRequestHandler() const {
   return !request_handler_.is_null();
 }
@@ -220,9 +232,16 @@ void ElectronPermissionManager::RequestPermissionsWithDetails(
             ->GrantSendMidiSysExMessage(
                 render_frame_host->GetProcess()->GetDeprecatedID());
       } else if (permission_type == blink::PermissionType::GEOLOCATION) {
-        ElectronBrowserMainParts::Get()
-            ->GetGeolocationControl()
-            ->UserDidOptIntoLocationServices();
+        if (IsGeolocationDisabledViaCommandLine()) {
+          results.push_back(content::PermissionResult(
+              blink::mojom::PermissionStatus::DENIED,
+              content::PermissionStatusSource::UNSPECIFIED));
+          continue;
+        } else {
+          ElectronBrowserMainParts::Get()
+              ->GetGeolocationControl()
+              ->UserDidOptIntoLocationServices();
+        }
       }
       results.push_back(content::PermissionResult(
           blink::mojom::PermissionStatus::GRANTED,
@@ -331,6 +350,10 @@ bool ElectronPermissionManager::CheckPermissionWithDetails(
     content::RenderFrameHost* render_frame_host,
     const GURL& requesting_origin,
     base::Value::Dict details) const {
+  if (permission == blink::PermissionType::GEOLOCATION &&
+      IsGeolocationDisabledViaCommandLine())
+    return false;
+
   if (check_handler_.is_null()) {
     if (permission == blink::PermissionType::DEPRECATED_SYNC_CLIPBOARD_READ) {
       return false;
@@ -368,6 +391,10 @@ bool ElectronPermissionManager::CheckDevicePermission(
     const url::Origin& origin,
     const base::Value& device,
     ElectronBrowserContext* browser_context) const {
+  if (permission == blink::PermissionType::GEOLOCATION &&
+      IsGeolocationDisabledViaCommandLine())
+    return false;
+
   if (device_permission_handler_.is_null())
     return browser_context->CheckDevicePermission(origin, device, permission);
 

shell/browser/electron_permission_manager.h

@@ -66,6 +66,8 @@ class ElectronPermissionManager : public content::PermissionControllerDelegate {
   using BluetoothPairingHandler =
       base::RepeatingCallback<void(gin_helper::Dictionary, PairCallback)>;
 
+  static bool IsGeolocationDisabledViaCommandLine();
+
   void RequestPermissionWithDetails(
       blink::mojom::PermissionDescriptorPtr permission,
       content::RenderFrameHost* render_frame_host,