Auto grant all permission requests for Web Kiosks

This one looks scary, but it should be approved soon by the privacy
team.

Bug: 1006230
Change-Id: I5e949d87f5032c3e354199865e9a22e152114115
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1910227
Commit-Queue: Anatoliy Potapchuk <apotapchuk@chromium.org>
Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org>
Reviewed-by: Sergey Poromov <poromov@chromium.org>
Reviewed-by: Balazs Engedy <engedy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#715670}

chrome/browser/chromeos/app_mode/web_app/web_kiosk_app_manager.cc

@@ -17,10 +17,8 @@
 namespace chromeos {
 
 namespace {
-
 // This class is owned by ChromeBrowserMainPartsChromeos.
 static WebKioskAppManager* g_web_kiosk_app_manager = nullptr;
-
 }  // namespace
 
 // static
@@ -31,6 +29,11 @@ void WebKioskAppManager::RegisterPrefs(PrefRegistrySimple* registry) {
   registry->RegisterDictionaryPref(kWebKioskDictionaryName);
 }
 
+// static
+bool WebKioskAppManager::IsInitialized() {
+  return g_web_kiosk_app_manager;
+}
+
 // static
 WebKioskAppManager* WebKioskAppManager::Get() {
   CHECK(g_web_kiosk_app_manager);
@@ -84,6 +87,13 @@ void WebKioskAppManager::UpdateAppByAccountId(
   NOTREACHED();
 }
 
+void WebKioskAppManager::AddAppForTesting(const AccountId& account_id,
+                                          const GURL& install_url) {
+  const std::string app_id = web_app::GenerateAppIdFromURL(install_url);
+  apps_.push_back(
+      std::make_unique<WebKioskAppData>(this, app_id, account_id, install_url));
+}
+
 void WebKioskAppManager::UpdateAppsFromPolicy() {
   // Store current apps. We will compare old and new apps to determine which
   // apps are new, and which were deleted.

chrome/browser/chromeos/app_mode/web_app/web_kiosk_app_manager.h

@@ -23,6 +23,10 @@ class WebKioskAppManager : public KioskAppManagerBase {
  public:
   static const char kWebKioskDictionaryName[];
 
+  // Whether the manager was already created.
+  static bool IsInitialized();
+
+  // Will return the manager instance or will crash if it not yet initiazlied.
   static WebKioskAppManager* Get();
   WebKioskAppManager();
   ~WebKioskAppManager() override;
@@ -44,6 +48,9 @@ class WebKioskAppManager : public KioskAppManagerBase {
   void UpdateAppByAccountId(const AccountId& account_id,
                             std::unique_ptr<WebApplicationInfo> app_info);
 
+  // Adds fake apps in tests.
+  void AddAppForTesting(const AccountId& account_id, const GURL& install_url);
+
  private:
   // KioskAppManagerBase:
   // Updates |apps_| based on CrosSettings.
@@ -52,7 +59,6 @@ class WebKioskAppManager : public KioskAppManagerBase {
   std::vector<std::unique_ptr<WebKioskAppData>> apps_;
   AccountId auto_launch_account_id_;
 
-
   DISALLOW_COPY_AND_ASSIGN(WebKioskAppManager);
 };
 

chrome/browser/chromeos/login/users/fake_chrome_user_manager.cc

@@ -131,6 +131,16 @@ user_manager::User* FakeChromeUserManager::AddArcKioskAppUser(
   return user;
 }
 
+user_manager::User* FakeChromeUserManager::AddWebKioskAppUser(
+    const AccountId& account_id) {
+  user_manager::User* user =
+      user_manager::User::CreateWebKioskAppUser(account_id);
+  user->set_username_hash(ProfileHelper::GetUserIdHashByUserIdForTesting(
+      account_id.GetUserEmail()));
+  users_.push_back(user);
+  return user;
+}
+
 user_manager::User* FakeChromeUserManager::AddSupervisedUser(
     const AccountId& account_id) {
   user_manager::User* user =
@@ -558,6 +568,13 @@ bool FakeChromeUserManager::IsLoggedInAsArcKioskApp() const {
              : false;
 }
 
+bool FakeChromeUserManager::IsLoggedInAsWebKioskApp() const {
+  const user_manager::User* active_user = GetActiveUser();
+  return active_user
+             ? active_user->GetType() == user_manager::USER_TYPE_WEB_KIOSK_APP
+             : false;
+}
+
 bool FakeChromeUserManager::IsLoggedInAsAnyKioskApp() const {
   const user_manager::User* active_user = GetActiveUser();
   return active_user && active_user->IsKioskType();

chrome/browser/chromeos/login/users/fake_chrome_user_manager.h

@@ -33,6 +33,7 @@ class FakeChromeUserManager : public ChromeUserManager {
   user_manager::User* AddGuestUser();
   user_manager::User* AddKioskAppUser(const AccountId& account_id);
   user_manager::User* AddArcKioskAppUser(const AccountId& account_id);
+  user_manager::User* AddWebKioskAppUser(const AccountId& account_id);
   user_manager::User* AddSupervisedUser(const AccountId& account_id);
   user_manager::User* AddPublicAccountUser(const AccountId& account_id);
 
@@ -109,6 +110,7 @@ class FakeChromeUserManager : public ChromeUserManager {
   bool IsLoggedInAsSupervisedUser() const override;
   bool IsLoggedInAsKioskApp() const override;
   bool IsLoggedInAsArcKioskApp() const override;
+  bool IsLoggedInAsWebKioskApp() const override;
   bool IsLoggedInAsAnyKioskApp() const override;
   bool IsLoggedInAsStub() const override;
   bool IsUserNonCryptohomeDataEphemeral(

chrome/browser/permissions/permission_context_base.cc

@@ -41,6 +41,13 @@
 #include "extensions/common/constants.h"
 #include "url/gurl.h"
 
+#if defined(OS_CHROMEOS)
+#include "chrome/browser/chromeos/app_mode/web_app/web_kiosk_app_data.h"
+#include "chrome/browser/chromeos/app_mode/web_app/web_kiosk_app_manager.h"
+#include "components/user_manager/user.h"
+#include "components/user_manager/user_manager.h"
+#endif
+
 namespace {
 
 const char kPermissionBlockedKillSwitchMessage[] =
@@ -170,6 +177,7 @@ void PermissionContextBase::RequestPermission(
       case PermissionStatusSource::INSECURE_ORIGIN:
       case PermissionStatusSource::UNSPECIFIED:
       case PermissionStatusSource::VIRTUAL_URL_DIFFERENT_ORIGIN:
+      case PermissionStatusSource::WEB_KIOSK_APP_MODE:
         break;
     }
 
@@ -248,16 +256,33 @@ PermissionResult PermissionContextBase::GetPermissionStatus(
 
   ContentSetting content_setting = GetPermissionStatusInternal(
       render_frame_host, requesting_origin, embedding_origin);
-  if (content_setting == CONTENT_SETTING_ASK) {
+
+  if (content_setting != CONTENT_SETTING_ASK) {
+    return PermissionResult(content_setting,
+                            PermissionStatusSource::UNSPECIFIED);
+  }
+#if defined(OS_CHROMEOS)
+  if (user_manager::UserManager::IsInitialized() &&
+      user_manager::UserManager::Get()->IsLoggedInAsWebKioskApp()) {
+    const AccountId& account_id =
+        user_manager::UserManager::Get()->GetPrimaryUser()->GetAccountId();
+    DCHECK(chromeos::WebKioskAppManager::IsInitialized());
+
+    const chromeos::WebKioskAppData* app_data =
+        chromeos::WebKioskAppManager::Get()->GetAppByAccountId(account_id);
+    DCHECK(app_data);
+    if (url::Origin::Create(requesting_origin) ==
+        url::Origin::Create(app_data->install_url()))
+      return PermissionResult(CONTENT_SETTING_ALLOW,
+                              PermissionStatusSource::WEB_KIOSK_APP_MODE);
+  }
+#endif
   PermissionResult result =
-        PermissionDecisionAutoBlocker::GetForProfile(profile_)
-            ->GetEmbargoResult(requesting_origin, content_settings_type_);
+      PermissionDecisionAutoBlocker::GetForProfile(profile_)->GetEmbargoResult(
+          requesting_origin, content_settings_type_);
   DCHECK(result.content_setting == CONTENT_SETTING_ASK ||
          result.content_setting == CONTENT_SETTING_BLOCK);
   return result;
-  }
-
-  return PermissionResult(content_setting, PermissionStatusSource::UNSPECIFIED);
 }
 
 bool PermissionContextBase::IsPermissionAvailableToOrigins(

chrome/browser/permissions/permission_context_base_unittest.cc

@@ -37,6 +37,7 @@
 #include "components/content_settings/core/common/content_settings_types.h"
 #include "components/ukm/content/source_url_recorder.h"
 #include "components/ukm/test_ukm_recorder.h"
+#include "components/user_manager/scoped_user_manager.h"
 #include "components/variations/variations_associated_data.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/navigation_entry.h"
@@ -45,6 +46,11 @@
 #include "content/public/test/mock_render_process_host.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
+#if defined(OS_CHROMEOS)
+#include "chrome/browser/chromeos/app_mode/web_app/web_kiosk_app_manager.h"
+#include "chrome/browser/chromeos/login/users/fake_chrome_user_manager.h"
+#endif
+
 const char* const kPermissionsKillSwitchFieldStudy =
     PermissionContextBase::kPermissionsKillSwitchFieldStudy;
 const char* const kPermissionsKillSwitchBlockedValue =
@@ -670,6 +676,35 @@ class PermissionContextBaseTests : public ChromeRenderViewHostTestHarness {
     prompt_factory_->DocumentOnLoadCompletedInMainFrame();
   }
 
+#if defined(OS_CHROMEOS)
+  void TestWebKioskMode(const GURL& app_url,
+                        const GURL& request_url,
+                        ContentSetting response) {
+    const AccountId account_id = AccountId::FromUserEmail("lala@example.com");
+
+    auto fake_user_manager =
+        std::make_unique<chromeos::FakeChromeUserManager>();
+    // Stealing the pointer from unique ptr before it goes to the scoped user
+    // manager.
+    chromeos::FakeChromeUserManager* user_manager = fake_user_manager.get();
+    auto scoped_user_manager =
+        std::make_unique<user_manager::ScopedUserManager>(
+            std::move(fake_user_manager));
+    user_manager->AddWebKioskAppUser(account_id);
+    user_manager->LoginUser(account_id);
+
+    auto kiosk_app_manager = std::make_unique<chromeos::WebKioskAppManager>();
+    kiosk_app_manager->AddAppForTesting(account_id, app_url);
+
+    TestPermissionContext permission_context(profile(),
+                                             ContentSettingsType::GEOLOCATION);
+    PermissionResult result = permission_context.GetPermissionStatus(
+        nullptr, request_url, request_url);
+
+    EXPECT_EQ(result.content_setting, response);
+  }
+#endif  // defined(OS_CHROMEOS)
+
  private:
   // ChromeRenderViewHostTestHarness:
   void SetUp() override {
@@ -854,3 +889,15 @@ TEST_F(PermissionContextBaseTests, TestVirtualURLSameOrigin) {
                  GURL("http://www.google.com/foo"), CONTENT_SETTING_ASK,
                  PermissionStatusSource::UNSPECIFIED);
 }
+
+#if defined(OS_CHROMEOS)
+TEST_F(PermissionContextBaseTests, TestWebKioskModeSameOrigin) {
+  TestWebKioskMode(GURL("https://google.com/launch"),
+                   GURL("https://google.com/page"), CONTENT_SETTING_ALLOW);
+}
+
+TEST_F(PermissionContextBaseTests, TestWebKioskModeDifferentOrigin) {
+  TestWebKioskMode(GURL("https://google.com/launch"),
+                   GURL("https://notgoogle.com/page"), CONTENT_SETTING_ASK);
+}
+#endif  // defined(OS_CHROMEOS)

chrome/browser/permissions/permission_result.h

@@ -35,6 +35,10 @@ enum class PermissionStatusSource {
   // seen by the user. This may be very confusing for a user to see in a
   // permissions request.
   VIRTUAL_URL_DIFFERENT_ORIGIN,
+
+  // In web kiosk mode, all permissions are granted to the domain associated
+  // with the single app running.
+  WEB_KIOSK_APP_MODE,
 };
 
 struct PermissionResult {

chrome/browser/permissions/permission_uma_util.cc

@@ -229,6 +229,7 @@ void PermissionUmaUtil::RecordEmbargoPromptSuppressionFromSource(
     case PermissionStatusSource::INSECURE_ORIGIN:
     case PermissionStatusSource::FEATURE_POLICY:
     case PermissionStatusSource::VIRTUAL_URL_DIFFERENT_ORIGIN:
+    case PermissionStatusSource::WEB_KIOSK_APP_MODE:
       // The permission wasn't under embargo, so don't record anything. We may
       // embargo it later.
       break;