🤝 Restrict browserservices.Origin to HTTP and HTTPS.

Bug: 1019244
Change-Id: I9f8dfdf858e57e78c282d88924ff2e8edb24442e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1892961Reviewed-by: Finnur Thorarinsson <finnur@chromium.org>
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Theresa  <twellington@chromium.org>
Commit-Queue: Peter Conn <peconn@chromium.org>
Cr-Commit-Position: refs/heads/master@{#712934}

chrome/android/java/src/org/chromium/chrome/browser/browserservices/Origin.java

@@ -11,7 +11,7 @@ import org.chromium.chrome.browser.util.UrlConstants;
 import androidx.annotation.Nullable;
 
 /**
- * A class to canonically represent a web origin in Java. In comparison to
+ * A class to canonically represent a HTTP or HTTPS web origin in Java. In comparison to
  * {@link org.chromium.net.GURLUtils#getOrigin} it can be used before native is loaded and lets us
  * ensure conversion to an origin has been done with the type system.
  *
@@ -32,7 +32,8 @@ public class Origin {
     }
 
     /**
-     * Constructs a canonical Origin from a String.
+     * Constructs a canonical Origin from a String. Will return {@code null} for origins that are
+     * not HTTP or HTTPS.
      */
     @Nullable
     public static Origin create(String uri) {
@@ -40,7 +41,8 @@ public class Origin {
     }
 
     /**
-     * Constructs a canonical Origin from an Uri.
+     * Constructs a canonical Origin from an Uri. Will return {@code null} for origins that are not
+     * HTTP or HTTPS.
      */
     @Nullable
     public static Origin create(Uri uri) {
@@ -48,9 +50,14 @@ public class Origin {
             return null;
         }
 
+        // This class can only correctly handle certain origins, see https://crbug.com/1019244.
+        String scheme = uri.getScheme();
+        if (!scheme.equals(UrlConstants.HTTP_SCHEME) && !scheme.equals(UrlConstants.HTTPS_SCHEME)) {
+            return null;
+        }
+
         // Make explicit ports implicit and remove any user:password.
         int port = uri.getPort();
-        String scheme = uri.getScheme();
         if (scheme.equals(UrlConstants.HTTP_SCHEME) && port == HTTP_DEFAULT_PORT) port = -1;
         if (scheme.equals(UrlConstants.HTTPS_SCHEME) && port == HTTPS_DEFAULT_PORT) port = -1;
 

chrome/android/java/src/org/chromium/chrome/browser/page_info/PermissionParamsListBuilder.java

@@ -128,9 +128,11 @@ class PermissionParamsListBuilder {
         String managedBy = null;
         if (permission.type == ContentSettingsType.NOTIFICATIONS) {
             TrustedWebActivityPermissionManager manager = TrustedWebActivityPermissionManager.get();
-            Origin origin = Origin.createOrThrow(mFullUrl);
+            Origin origin = Origin.create(mFullUrl);
+            if (origin != null) {
                 managedBy = manager.getDelegateAppName(origin);
             }
+        }
         if (managedBy != null) {
             status_text = String.format(
                     mContext.getString(R.string.website_notification_managed_by_app), managedBy);

chrome/android/java/src/org/chromium/chrome/browser/preferences/website/SingleWebsitePreferences.java

@@ -428,17 +428,20 @@ public class SingleWebsitePreferences extends PreferenceFragmentCompat
 
     private void setUpNotificationsPreference(Preference preference) {
         TrustedWebActivityPermissionManager manager = TrustedWebActivityPermissionManager.get();
-        Origin origin = Origin.createOrThrow(mSite.getAddress().getOrigin());
+        Origin origin = Origin.create(mSite.getAddress().getOrigin());
+        if (origin != null) {
             String managedBy = manager.getDelegateAppName(origin);
             if (managedBy != null) {
                 final Intent notificationSettingsIntent =
                         getNotificationSettingsIntent(manager.getDelegatePackageName(origin));
-            String summaryText = getString(R.string.website_notification_managed_by_app, managedBy);
+                String summaryText = getString(R.string.website_notification_managed_by_app,
+                        managedBy);
                 ChromeImageViewPreference newPreference =
                         replaceWithReadOnlyCopyOf(preference, summaryText);
                 setupNotificationManagedByPreference(newPreference, notificationSettingsIntent);
                 return;
             }
+        }
 
         final @ContentSettingValues @Nullable Integer value =
                 mSite.getPermission(PermissionInfo.Type.NOTIFICATION);