Expose GetPermissionStatusForFrame through the content PermissionMana…

…ger API

Within chrome/ GetPermissionStatusForFrame can already be used to accurately
query the permission status for a particular RenderFrameHost. This will take
into account things like Feature Policy. However currently this isn't exposed
to content/. This CL exposes that function in the content API and uses it where
sensible.

Bug: 802945
Change-Id: I07402dc40c22939584178c071f5e253241c29e3f
Reviewed-on: https://chromium-review.googlesource.com/940744
Commit-Queue: Raymes Khoury <raymes@chromium.org>
Reviewed-by: Timothy Loh <timloh@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#541337}

android_webview/browser/aw_permission_manager.cc

@@ -432,6 +432,17 @@ PermissionStatus AwPermissionManager::GetPermissionStatus(
   return PermissionStatus::DENIED;
 }
 
+PermissionStatus AwPermissionManager::GetPermissionStatusForFrame(
+    PermissionType permission,
+    content::RenderFrameHost* render_frame_host,
+    const GURL& requesting_origin) {
+  return GetPermissionStatus(
+      permission, requesting_origin,
+      content::WebContents::FromRenderFrameHost(render_frame_host)
+          ->GetLastCommittedURL()
+          .GetOrigin());
+}
+
 int AwPermissionManager::SubscribePermissionStatusChange(
     PermissionType permission,
     const GURL& requesting_origin,

android_webview/browser/aw_permission_manager.h

@@ -46,6 +46,10 @@ class AwPermissionManager : public content::PermissionManager {
       content::PermissionType permission,
       const GURL& requesting_origin,
       const GURL& embedding_origin) override;
+  blink::mojom::PermissionStatus GetPermissionStatusForFrame(
+      content::PermissionType permission,
+      content::RenderFrameHost* render_frame_host,
+      const GURL& requesting_origin) override;
   int SubscribePermissionStatusChange(
       content::PermissionType permission,
       const GURL& requesting_origin,

chrome/browser/permissions/permission_manager.cc

@@ -522,6 +522,33 @@ PermissionStatus PermissionManager::GetPermissionStatus(
   return ContentSettingToPermissionStatus(result.content_setting);
 }
 
+PermissionStatus PermissionManager::GetPermissionStatusForFrame(
+    PermissionType permission,
+    content::RenderFrameHost* render_frame_host,
+    const GURL& requesting_origin) {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+  PermissionResult result =
+      GetPermissionStatusForFrame(PermissionTypeToContentSetting(permission),
+                                  render_frame_host, requesting_origin);
+
+  // TODO(benwells): split this into two functions, GetPermissionStatus and
+  // GetPermissionStatusForPermissionsAPI.
+  PermissionContextBase* context =
+      GetPermissionContext(PermissionTypeToContentSetting(permission));
+  if (context) {
+    content::WebContents* web_contents =
+        content::WebContents::FromRenderFrameHost(render_frame_host);
+    GURL embedding_origin = web_contents->GetLastCommittedURL().GetOrigin();
+    result = context->UpdatePermissionStatusWithDeviceStatus(
+        result, GetCanonicalOrigin(requesting_origin, embedding_origin),
+        content::WebContents::FromRenderFrameHost(render_frame_host)
+            ->GetLastCommittedURL()
+            .GetOrigin());
+  }
+
+  return ContentSettingToPermissionStatus(result.content_setting);
+}
+
 int PermissionManager::SubscribePermissionStatusChange(
     PermissionType permission,
     const GURL& requesting_origin,

chrome/browser/permissions/permission_manager.h

@@ -102,6 +102,10 @@ class PermissionManager : public KeyedService,
       content::PermissionType permission,
       const GURL& requesting_origin,
       const GURL& embedding_origin) override;
+  blink::mojom::PermissionStatus GetPermissionStatusForFrame(
+      content::PermissionType permission,
+      content::RenderFrameHost* render_frame_host,
+      const GURL& requesting_origin) override;
   int SubscribePermissionStatusChange(
       content::PermissionType permission,
       const GURL& requesting_origin,

chromecast/browser/cast_permission_manager.cc

@@ -55,6 +55,15 @@ blink::mojom::PermissionStatus CastPermissionManager::GetPermissionStatus(
   return blink::mojom::PermissionStatus::GRANTED;
 }
 
+blink::mojom::PermissionStatus
+CastPermissionManager::GetPermissionStatusForFrame(
+    content::PermissionType permission,
+    content::RenderFrameHost* render_frame_host,
+    const GURL& requesting_origin) {
+  LOG(INFO) << __FUNCTION__ << ": " << static_cast<int>(permission);
+  return blink::mojom::PermissionStatus::GRANTED;
+}
+
 int CastPermissionManager::SubscribePermissionStatusChange(
     content::PermissionType permission,
     const GURL& requesting_origin,

chromecast/browser/cast_permission_manager.h

@@ -40,6 +40,10 @@ class CastPermissionManager : public content::PermissionManager {
       content::PermissionType permission,
       const GURL& requesting_origin,
       const GURL& embedding_origin) override;
+  blink::mojom::PermissionStatus GetPermissionStatusForFrame(
+      content::PermissionType permission,
+      content::RenderFrameHost* render_frame_host,
+      const GURL& requesting_origin) override;
   int SubscribePermissionStatusChange(
       content::PermissionType permission,
       const GURL& requesting_origin,

components/domain_reliability/service_unittest.cc

@@ -12,6 +12,7 @@
 #include "components/domain_reliability/monitor.h"
 #include "components/domain_reliability/test_util.h"
 #include "content/public/browser/permission_manager.h"
+#include "content/public/browser/web_contents.h"
 #include "content/public/test/test_browser_context.h"
 #include "net/base/host_port_pair.h"
 #include "net/url_request/url_request_context_getter.h"
@@ -55,6 +56,17 @@ class TestPermissionManager : public content::PermissionManager {
     return permission_status_;
   }
 
+  blink::mojom::PermissionStatus GetPermissionStatusForFrame(
+      content::PermissionType permission,
+      content::RenderFrameHost* render_frame_host,
+      const GURL& requesting_origin) override {
+    return GetPermissionStatus(
+        permission, requesting_origin,
+        content::WebContents::FromRenderFrameHost(render_frame_host)
+            ->GetLastCommittedURL()
+            .GetOrigin());
+  }
+
   int RequestPermission(
       content::PermissionType permission,
       content::RenderFrameHost* render_frame_host,

content/browser/generic_sensor/sensor_provider_proxy_impl.cc

@@ -66,17 +66,11 @@ void SensorProviderProxyImpl::GetSensor(SensorType type,
 }
 
 bool SensorProviderProxyImpl::CheckPermission() const {
-  WebContents* web_contents =
-      WebContents::FromRenderFrameHost(render_frame_host_);
-  if (!web_contents)
-    return false;
-
-  const GURL& embedding_origin = web_contents->GetLastCommittedURL();
   const GURL& requesting_origin = render_frame_host_->GetLastCommittedURL();
 
   blink::mojom::PermissionStatus permission_status =
-      permission_manager_->GetPermissionStatus(
-          PermissionType::SENSORS, requesting_origin, embedding_origin);
+      permission_manager_->GetPermissionStatusForFrame(
+          PermissionType::SENSORS, render_frame_host_, requesting_origin);
   return permission_status == blink::mojom::PermissionStatus::GRANTED;
 }
 

content/browser/permissions/permission_service_impl.cc

@@ -229,11 +229,14 @@ PermissionStatus PermissionServiceImpl::GetPermissionStatusFromType(
     return PermissionStatus::DENIED;
 
   GURL requesting_origin(origin_.GetURL());
-  // If the embedding_origin is empty we'll use |origin_| instead.
-  GURL embedding_origin = context_->GetEmbeddingOrigin();
+  if (context_->render_frame_host()) {
+    return browser_context->GetPermissionManager()->GetPermissionStatusForFrame(
+        type, context_->render_frame_host(), requesting_origin);
+  }
+
+  DCHECK(context_->GetEmbeddingOrigin().is_empty());
   return browser_context->GetPermissionManager()->GetPermissionStatus(
-      type, requesting_origin,
-      embedding_origin.is_empty() ? requesting_origin : embedding_origin);
+      type, requesting_origin, requesting_origin);
 }
 
 void PermissionServiceImpl::ResetPermissionStatus(PermissionType type) {

content/public/browser/permission_manager.h

@@ -60,12 +60,23 @@ class CONTENT_EXPORT PermissionManager {
 
   // Returns the permission status of a given requesting_origin/embedding_origin
   // tuple. This is not taking a RenderFrameHost because the call might happen
-  // outside of a frame context.
+  // outside of a frame context. Prefer GetPermissionStatusForFrame (below)
+  // whenever possible.
   virtual blink::mojom::PermissionStatus GetPermissionStatus(
       PermissionType permission,
       const GURL& requesting_origin,
       const GURL& embedding_origin) = 0;
 
+  // Returns the permission status for a given frame. Use this over
+  // GetPermissionStatus whenever possible.
+  // TODO(raymes): Currently we still pass the |requesting_origin| as a separate
+  // parameter because we can't yet guarantee that it matches the last committed
+  // origin of the RenderFrameHost. See https://crbug.com/698985.
+  virtual blink::mojom::PermissionStatus GetPermissionStatusForFrame(
+      PermissionType permission,
+      RenderFrameHost* render_frame_host,
+      const GURL& requesting_origin) = 0;
+
   // Sets the permission back to its default for the requesting_origin/
   // embedding_origin tuple.
   virtual void ResetPermission(PermissionType permission,

content/public/test/mock_permission_manager.h

@@ -27,6 +27,11 @@ class MockPermissionManager : public PermissionManager {
                blink::mojom::PermissionStatus(PermissionType permission,
                                               const GURL& requesting_origin,
                                               const GURL& embedding_origin));
+  MOCK_METHOD3(GetPermissionStatusForFrame,
+               blink::mojom::PermissionStatus(
+                   PermissionType permission,
+                   content::RenderFrameHost* render_frame_host,
+                   const GURL& requesting_origin));
   int RequestPermission(
       PermissionType permission,
       RenderFrameHost* render_frame_host,

content/shell/browser/layout_test/layout_test_permission_manager.cc

@@ -143,6 +143,18 @@ blink::mojom::PermissionStatus LayoutTestPermissionManager::GetPermissionStatus(
   return it->second;
 }
 
+blink::mojom::PermissionStatus
+LayoutTestPermissionManager::GetPermissionStatusForFrame(
+    PermissionType permission,
+    content::RenderFrameHost* render_frame_host,
+    const GURL& requesting_origin) {
+  return GetPermissionStatus(
+      permission, requesting_origin,
+      content::WebContents::FromRenderFrameHost(render_frame_host)
+          ->GetLastCommittedURL()
+          .GetOrigin());
+}
+
 int LayoutTestPermissionManager::SubscribePermissionStatusChange(
     PermissionType permission,
     const GURL& requesting_origin,

content/shell/browser/layout_test/layout_test_permission_manager.h

@@ -45,6 +45,10 @@ class LayoutTestPermissionManager : public PermissionManager {
       PermissionType permission,
       const GURL& requesting_origin,
       const GURL& embedding_origin) override;
+  blink::mojom::PermissionStatus GetPermissionStatusForFrame(
+      content::PermissionType permission,
+      content::RenderFrameHost* render_frame_host,
+      const GURL& requesting_origin) override;
   int SubscribePermissionStatusChange(
       PermissionType permission,
       const GURL& requesting_origin,

content/shell/browser/shell_permission_manager.cc

@@ -7,6 +7,7 @@
 #include "base/callback.h"
 #include "base/command_line.h"
 #include "content/public/browser/permission_type.h"
+#include "content/public/browser/web_contents.h"
 #include "content/public/common/content_switches.h"
 #include "content/shell/common/shell_switches.h"
 #include "media/base/media_switches.h"
@@ -88,6 +89,18 @@ blink::mojom::PermissionStatus ShellPermissionManager::GetPermissionStatus(
              : blink::mojom::PermissionStatus::DENIED;
 }
 
+blink::mojom::PermissionStatus
+ShellPermissionManager::GetPermissionStatusForFrame(
+    PermissionType permission,
+    content::RenderFrameHost* render_frame_host,
+    const GURL& requesting_origin) {
+  return GetPermissionStatus(
+      permission, requesting_origin,
+      content::WebContents::FromRenderFrameHost(render_frame_host)
+          ->GetLastCommittedURL()
+          .GetOrigin());
+}
+
 int ShellPermissionManager::SubscribePermissionStatusChange(
     PermissionType permission,
     const GURL& requesting_origin,

content/shell/browser/shell_permission_manager.h

@@ -39,6 +39,10 @@ class ShellPermissionManager : public PermissionManager {
       PermissionType permission,
       const GURL& requesting_origin,
       const GURL& embedding_origin) override;
+  blink::mojom::PermissionStatus GetPermissionStatusForFrame(
+      content::PermissionType permission,
+      content::RenderFrameHost* render_frame_host,
+      const GURL& requesting_origin) override;
   int SubscribePermissionStatusChange(
       PermissionType permission,
       const GURL& requesting_origin,

headless/lib/browser/headless_permission_manager.cc

@@ -62,6 +62,14 @@ blink::mojom::PermissionStatus HeadlessPermissionManager::GetPermissionStatus(
   return blink::mojom::PermissionStatus::ASK;
 }
 
+blink::mojom::PermissionStatus
+HeadlessPermissionManager::GetPermissionStatusForFrame(
+    content::PermissionType permission,
+    content::RenderFrameHost* render_frame_host,
+    const GURL& requesting_origin) {
+  return blink::mojom::PermissionStatus::ASK;
+}
+
 int HeadlessPermissionManager::SubscribePermissionStatusChange(
     content::PermissionType permission,
     const GURL& requesting_origin,

headless/lib/browser/headless_permission_manager.h

@@ -43,6 +43,10 @@ class HeadlessPermissionManager : public content::PermissionManager {
       content::PermissionType permission,
       const GURL& requesting_origin,
       const GURL& embedding_origin) override;
+  blink::mojom::PermissionStatus GetPermissionStatusForFrame(
+      content::PermissionType permission,
+      content::RenderFrameHost* render_frame_host,
+      const GURL& requesting_origin) override;
   int SubscribePermissionStatusChange(
       content::PermissionType permission,
       const GURL& requesting_origin,

third_party/WebKit/common/feature_policy/feature_policy.cc

@@ -270,6 +270,8 @@ const FeaturePolicy::FeatureList& FeaturePolicy::GetDefaultFeatureList() {
                             FeaturePolicy::FeatureDefault::EnableForAll},
                            {mojom::FeaturePolicyFeature::kUsb,
                             FeaturePolicy::FeatureDefault::EnableForSelf},
+                           {mojom::FeaturePolicyFeature::kAccessibilityEvents,
+                            FeaturePolicy::FeatureDefault::EnableForSelf},
                            {mojom::FeaturePolicyFeature::kWebVr,
                             FeaturePolicy::FeatureDefault::EnableForSelf},
                            {mojom::FeaturePolicyFeature::kAccelerometer,