Add finch kill switch for removal of default app protected storage

Release team strongly prefers a kill switch for merges to stable. R=costan@chromium.org Bug: 1139902 Change-Id: I6b7f98c3d1032c1cf9098d2ded87413e89bdd530 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2486396 Commit-Queue: Daniel Murphy <dmurph@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Reviewed-by: Victor Costan <pwnall@chromium.org> Auto-Submit: Daniel Murphy <dmurph@chromium.org> Cr-Commit-Position: refs/heads/master@{#818737}

Add finch kill switch for removal of default app protected storage
Release team strongly prefers a kill switch for merges to stable. R=costan@chromium.org Bug: 1139902 Change-Id: I6b7f98c3d1032c1cf9098d2ded87413e89bdd530 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2486396 Commit-Queue: Daniel Murphy <dmurph@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Reviewed-by: Victor Costan <pwnall@chromium.org> Auto-Submit: Daniel Murphy <dmurph@chromium.org> Cr-Commit-Position: refs/heads/master@{#818737}
662a284a · Daniel Murphy · Commit Bot · 30af552a · 662a284a
Commit 662a284a authored Oct 20, 2020 by Daniel Murphy Committed by Commit Bot Oct 20, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 3 deletions

chrome/browser/extensions/extension_special_storage_policy.cc ...me/browser/extensions/extension_special_storage_policy.cc +21 -3

No files found.
--- a/chrome/browser/extensions/extension_special_storage_policy.cc
+++ b/chrome/browser/extensions/extension_special_storage_policy.cc
@@ -12,6 +12,7 @@
 #include "base/callback.h"
 #include "base/check.h"
 #include "base/command_line.h"
+#include "base/feature_list.h"
 #include "base/memory/ref_counted.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/strings/utf_string_conversions.h"
@@ -40,6 +41,13 @@ using extensions::APIPermission;
 using extensions::Extension;
 using storage::SpecialStoragePolicy;

+namespace {
+// Kill switch for default app protected storage. Enable this make
+// default-installed hosted apps have protected storage.
+const base::Feature kDefaultHostedAppsNeedProtection{
+    "DefaultHostedAppsNeedProtection", base::FEATURE_DISABLED_BY_DEFAULT};
+}  // namespace
+
 class ExtensionSpecialStoragePolicy::CookieSettingsObserver
    : public content_settings::CookieSettings::Observer {
 public:
@@ -171,9 +179,19 @@ bool ExtensionSpecialStoragePolicy::IsStorageDurable(const GURL& origin) {

 bool ExtensionSpecialStoragePolicy::NeedsProtection(
    const extensions::Extension* extension) {
-  // Default-installed apps should never be granted protected storage.
-  return extension->is_hosted_app() && !extension->from_bookmark() &&
-         !extension->was_installed_by_default();
+  // We only consider "protecting" storage for hosted apps (excluding bookmark
+  // apps, which are only hosted apps as an implementation detail).
+  if (!extension->is_hosted_app() || extension->from_bookmark())
+    return false;
+
+  // Normally, default-installed apps shouldn't have protected storage...
+  if (extension->was_installed_by_default()) {
+    // ... However, we have a kill-switch for this, just in case.
+    return base::FeatureList::IsEnabled(kDefaultHostedAppsNeedProtection);
+  }
+  // Otherwise, this is a user-installed hosted app, and we grant it
+  // special protected storage.
+  return true;
 }

 const extensions::ExtensionSet*