Add Autoblocker function to get all actively embargoed origins for permission

Previously within the GetAllSites handler encapsulation was broken by
reaching directly into ContentSettingsType::PERMISSION_AUTOBLOCKER_DATA
raw data to determine which sites were under embargo. As part of the
privacy settings redesign, additional handlers will be interested in
this information.

This CL extends the permission_decision_auto_blocker to provide this
functionality itself and refactors the GetAllSites handler to use it.

Bug: 1032584
Change-Id: I57632a4272896ad98079bede96d660578bf1a179
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2013118Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org>
Reviewed-by: Balazs Engedy <engedy@chromium.org>
Commit-Queue: Theodore Olsauskas-Warren <sauski@google.com>
Cr-Commit-Position: refs/heads/master@{#736000}

chrome/browser/permissions/permission_decision_auto_blocker.cc

@@ -330,6 +330,38 @@ base::Time PermissionDecisionAutoBlocker::GetEmbargoStartTime(
                                                   : ignore_start_time;
 }
 
+std::set<GURL> PermissionDecisionAutoBlocker::GetEmbargoedOrigins(
+    ContentSettingsType content_type) {
+  return GetEmbargoedOrigins(std::vector<ContentSettingsType>{content_type});
+}
+
+std::set<GURL> PermissionDecisionAutoBlocker::GetEmbargoedOrigins(
+    std::vector<ContentSettingsType> content_types) {
+  auto* map = HostContentSettingsMapFactory::GetForProfile(profile_);
+  DCHECK(map);
+  ContentSettingsForOneType embargo_settings;
+  map->GetSettingsForOneType(ContentSettingsType::PERMISSION_AUTOBLOCKER_DATA,
+                             std::string(), &embargo_settings);
+  std::set<GURL> origins;
+  for (const auto& e : embargo_settings) {
+    for (auto content_type : content_types) {
+      if (!permissions::PermissionUtil::IsPermission(content_type))
+        continue;
+      const GURL url(e.primary_pattern.ToString());
+      permissions::PermissionResult result =
+          GetEmbargoResult(map, url, content_type, clock_->Now());
+      if (result.source ==
+              permissions::PermissionStatusSource::MULTIPLE_DISMISSALS ||
+          result.source ==
+              permissions::PermissionStatusSource::MULTIPLE_IGNORES) {
+        origins.insert(url);
+        break;
+      }
+    }
+  }
+  return origins;
+}
+
 int PermissionDecisionAutoBlocker::GetDismissCount(
     const GURL& url,
     ContentSettingsType permission) {

chrome/browser/permissions/permission_decision_auto_blocker.h

@@ -91,6 +91,14 @@ class PermissionDecisionAutoBlocker : public KeyedService {
   // type at |url|.
   int GetIgnoreCount(const GURL& url, ContentSettingsType permission);
 
+  // Returns a set of urls currently under embargo for |content_type|.
+  std::set<GURL> GetEmbargoedOrigins(ContentSettingsType content_type);
+
+  // Returns a set of urls currently under embargo for the provided
+  // |content_type| types.
+  std::set<GURL> GetEmbargoedOrigins(
+      std::vector<ContentSettingsType> content_types);
+
   // Records that a dismissal of a prompt for |permission| was made. If the
   // total number of dismissals exceeds a threshhold and
   // features::kBlockPromptsIfDismissedOften is enabled, it will place |url|

chrome/browser/permissions/permission_decision_auto_blocker_unittest.cc

@@ -369,6 +369,57 @@ TEST_F(PermissionDecisionAutoBlockerUnitTest,
             autoblocker()->GetIgnoreCount(url, ContentSettingsType::PLUGINS));
 }
 
+// Check that GetEmbargoedOrigins only returns origins where embargo is the
+// effective permission enforcement mechanism.
+TEST_F(PermissionDecisionAutoBlockerUnitTest, CheckEmbargoedOrigins) {
+  GURL url1("https://www.google.com");
+  GURL url2("https://www.google.com:8443");
+  std::vector<ContentSettingsType> content_types = {
+      ContentSettingsType::GEOLOCATION, ContentSettingsType::NOTIFICATIONS};
+  std::set<GURL> origins;
+  clock()->SetNow(base::Time::Now());
+
+  EXPECT_EQ(0UL, autoblocker()->GetEmbargoedOrigins(content_types).size());
+
+  // Place both origins under embargo and verify.
+  EXPECT_FALSE(autoblocker()->RecordDismissAndEmbargo(
+      url1, ContentSettingsType::GEOLOCATION, false));
+  EXPECT_FALSE(autoblocker()->RecordDismissAndEmbargo(
+      url1, ContentSettingsType::GEOLOCATION, false));
+  EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
+      url1, ContentSettingsType::GEOLOCATION, false));
+  EXPECT_FALSE(autoblocker()->RecordDismissAndEmbargo(
+      url2, ContentSettingsType::NOTIFICATIONS, false));
+  EXPECT_FALSE(autoblocker()->RecordDismissAndEmbargo(
+      url2, ContentSettingsType::NOTIFICATIONS, false));
+  EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
+      url2, ContentSettingsType::NOTIFICATIONS, false));
+
+  origins = autoblocker()->GetEmbargoedOrigins(content_types);
+  EXPECT_EQ(2UL, origins.size());
+  EXPECT_EQ(1UL, origins.count(url1));
+  EXPECT_EQ(1UL, origins.count(url2));
+
+  // Check no leakage between content types
+  origins =
+      autoblocker()->GetEmbargoedOrigins(ContentSettingsType::GEOLOCATION);
+  EXPECT_EQ(1UL, origins.count(url1));
+  origins =
+      autoblocker()->GetEmbargoedOrigins(ContentSettingsType::NOTIFICATIONS);
+  EXPECT_EQ(1UL, origins.count(url2));
+
+  // Remove an embargo and confirm it's removed from origins
+  autoblocker()->RemoveEmbargoByUrl(url1, ContentSettingsType::GEOLOCATION);
+  origins = autoblocker()->GetEmbargoedOrigins(content_types);
+  EXPECT_EQ(1UL, origins.size());
+  EXPECT_EQ(1UL, origins.count(url2));
+
+  // Expire the remaining embargo and confirm the origin is removed
+  clock()->Advance(base::TimeDelta::FromDays(8));
+  origins = autoblocker()->GetEmbargoedOrigins(content_types);
+  EXPECT_EQ(0UL, origins.size());
+}
+
 // Check that GetEmbargoResult returns the correct value when the embargo is set
 // and expires.
 TEST_F(PermissionDecisionAutoBlockerUnitTest, CheckEmbargoStatus) {

chrome/browser/ui/webui/settings/site_settings_handler.cc

@@ -703,27 +703,11 @@ void SiteSettingsHandler::HandleGetAllSites(const base::ListValue* args) {
 
   // Retrieve a list of embargoed settings to check separately. This ensures
   // that only settings included in |content_types| will be listed in all sites.
-  ContentSettingsForOneType embargo_settings;
-  map->GetSettingsForOneType(ContentSettingsType::PERMISSION_AUTOBLOCKER_DATA,
-                             std::string(), &embargo_settings);
-  PermissionManager* permission_manager = PermissionManager::Get(profile);
-  for (const ContentSettingPatternSource& e : embargo_settings) {
-    for (ContentSettingsType content_type : content_types) {
-      if (permissions::PermissionUtil::IsPermission(content_type)) {
-        const GURL url(e.primary_pattern.ToString());
-        // Add |url| to the set if there are any embargo settings.
-        permissions::PermissionResult result =
-            permission_manager->GetPermissionStatus(content_type, url, url);
-        if (result.source ==
-                permissions::PermissionStatusSource::MULTIPLE_DISMISSALS ||
-            result.source ==
-                permissions::PermissionStatusSource::MULTIPLE_IGNORES) {
-          CreateOrAppendSiteGroupEntry(&all_sites_map_, url);
-          origin_permission_set_.insert(url.spec());
-          break;
-        }
-      }
-    }
+  auto* autoblocker = PermissionDecisionAutoBlocker::GetForProfile(profile_);
+  for (auto& url : autoblocker->GetEmbargoedOrigins(content_types)) {
+    // Add |url| to the set if there are any embargo settings.
+    CreateOrAppendSiteGroupEntry(&all_sites_map_, url);
+    origin_permission_set_.insert(url.spec());
   }
 
   // Convert |types| to a list of ContentSettingsTypes.