[Locked Fullscreen] Disable ARC while in locked fullscreen

Locked fullscreen is supposed to be a secure mode where the user cannot do anything outside of the current browser window, but ARC apps can currently draw on top of it. To fix this, we disable ARC when entering the mode, and we re-enable it upon exiting the mode. This is a follow-up CL to crrev.com/c/1363202 ([ARC] Decouple ARC data removal from disabling ARC inside of ArcSessionManager) More details can be found on the design doc go/disabling-arc-locked-fullscreen Bug: 888611 Change-Id: I295902b2dfb6889457ef468c15bb7becdec1c746 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1488927Reviewed-by: Karan Bhatia <karandeepb@chromium.org> Reviewed-by: Hidehiko Abe <hidehiko@chromium.org> Reviewed-by: Yury Khmel <khmel@chromium.org> Commit-Queue: Ivan Šandrk <isandrk@chromium.org> Cr-Commit-Position: refs/heads/master@{#637639}

[Locked Fullscreen] Disable ARC while in locked fullscreen
Locked fullscreen is supposed to be a secure mode where the user cannot do anything outside of the current browser window, but ARC apps can currently draw on top of it. To fix this, we disable ARC when entering the mode, and we re-enable it upon exiting the mode. This is a follow-up CL to crrev.com/c/1363202 ([ARC] Decouple ARC data removal from disabling ARC inside of ArcSessionManager) More details can be found on the design doc go/disabling-arc-locked-fullscreen Bug: 888611 Change-Id: I295902b2dfb6889457ef468c15bb7becdec1c746 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1488927Reviewed-by: Karan Bhatia <karandeepb@chromium.org> Reviewed-by: Hidehiko Abe <hidehiko@chromium.org> Reviewed-by: Yury Khmel <khmel@chromium.org> Commit-Queue: Ivan Šandrk <isandrk@chromium.org> Cr-Commit-Position: refs/heads/master@{#637639}
c86ed7ef · Ivan Sandrk · Commit Bot · 84ce5507 · c86ed7ef · c86ed7ef
Commit c86ed7ef authored Mar 05, 2019 by Ivan Sandrk Committed by Commit Bot Mar 05, 2019
2 changed files
--- a/chrome/browser/chromeos/arc/arc_session_manager_browsertest.cc
+++ b/chrome/browser/chromeos/arc/arc_session_manager_browsertest.cc
@@ -11,7 +11,9 @@
 #include "base/files/file_path.h"
 #include "base/files/scoped_temp_dir.h"
 #include "base/macros.h"
+#include "base/memory/scoped_refptr.h"
 #include "base/run_loop.h"
+#include "base/strings/stringprintf.h"
 #include "base/time/time.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chromeos/arc/arc_service_launcher.h"
@@ -21,6 +23,9 @@
 #include "chrome/browser/chromeos/login/users/fake_chrome_user_manager.h"
 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
+#include "chrome/browser/extensions/api/tabs/tabs_api.h"
+#include "chrome/browser/extensions/extension_function_test_utils.h"
+#include "chrome/browser/extensions/extension_tab_util.h"
 #include "chrome/browser/policy/profile_policy_connector.h"
 #include "chrome/browser/policy/profile_policy_connector_factory.h"
 #include "chrome/browser/policy/test/local_policy_test_server.h"
@@ -43,6 +48,8 @@
 #include "components/user_manager/scoped_user_manager.h"
 #include "components/user_manager/user_manager.h"
 #include "content/public/browser/browser_thread.h"
+#include "extensions/common/extension.h"
+#include "extensions/common/extension_builder.h"
 #include "net/base/upload_bytes_element_reader.h"
 #include "net/base/upload_data_stream.h"
 #include "net/url_request/url_request_test_job.h"
@@ -250,4 +257,30 @@ IN_PROC_BROWSER_TEST_F(ArcSessionManagerTest, ManagedAndroidAccount) {
  EXPECT_FALSE(IsArcPlayStoreEnabledForProfile(profile()));
 }
+// Make sure that ARC is disabled upon entering locked fullscreen mode.
+IN_PROC_BROWSER_TEST_F(ArcSessionManagerTest, ArcDisabledInLockedFullscreen) {
+  EnableArc();
+  ASSERT_EQ(ArcSessionManager::State::ACTIVE,
+            ArcSessionManager::Get()->state());
+  const int window_id = extensions::ExtensionTabUtil::GetWindowId(browser());
+  const char kStateLockedFullscreen[] =
+      "[%u, {\"state\": \"locked-fullscreen\"}]";
+  auto function = base::MakeRefCounted<extensions::WindowsUpdateFunction>();
+  scoped_refptr<const extensions::Extension> extension(
+      extensions::ExtensionBuilder("Test")
+          .SetID("pmgljoohajacndjcjlajcopidgnhphcl")
+          .AddPermission("lockWindowFullscreenPrivate")
+          .Build());
+  function->set_extension(extension.get());
+  extension_function_test_utils::RunFunctionAndReturnSingleResult(
+      function.get(), base::StringPrintf(kStateLockedFullscreen, window_id),
+      browser());
+  ASSERT_EQ(ArcSessionManager::State::STOPPED,
+            ArcSessionManager::Get()->state());
+}
 }  // namespace arc
--- a/chrome/browser/extensions/api/tabs/tabs_api.cc
+++ b/chrome/browser/extensions/api/tabs/tabs_api.cc
@@ -100,6 +100,8 @@
 #include "ash/public/cpp/window_pin_type.h"
 #include "ash/public/cpp/window_properties.h"
 #include "ash/public/interfaces/window_pin_type.mojom.h"
+#include "chrome/browser/chromeos/arc/arc_session_manager.h"
+#include "chrome/browser/chromeos/arc/arc_util.h"
 #include "chrome/browser/ui/ash/chrome_screenshot_grabber.h"
 #include "chrome/browser/ui/browser_command_controller.h"
 #include "content/public/browser/devtools_agent_host.h"
@@ -289,6 +291,8 @@ bool ExtensionHasLockedFullscreenPermission(const Extension* extension) {
 }
 #if defined(OS_CHROMEOS)
+// TODO(isandrk, crbug.com/937786): Move platform specific code out of this
+// file.
 void SetLockedFullscreenState(Browser* browser, bool locked) {
  UMA_HISTOGRAM_BOOLEAN("Extensions.LockedFullscreenStateRequest", locked);
@@ -312,6 +316,21 @@ void SetLockedFullscreenState(Browser* browser, bool locked) {
  // fullscreen (security concerns).
  ui::Clipboard::GetForCurrentThread()->Clear(ui::CLIPBOARD_TYPE_COPY_PASTE);
  content::DevToolsAgentHost::DetachAllClients();
+  // Disable ARC while in the locked fullscreen mode.
+  arc::ArcSessionManager* const arc_session_manager =
+      arc::ArcSessionManager::Get();
+  Profile* const profile = browser->profile();
+  if (arc_session_manager && arc::IsArcAllowedForProfile(profile)) {
+    if (locked) {
+      // Disable ARC, preserve data.
+      arc_session_manager->RequestDisable();
+    } else {
+      // Re-enable ARC if needed.
+      if (arc::IsArcPlayStoreEnabledForProfile(profile))
+        arc_session_manager->RequestEnable();
+    }
+  }
 }
 #endif  // defined(OS_CHROMEOS)