[Extensions] Remove permission warning for externally connectable sites

Remove the permission warning for externally connectable sites. This warning previously indicated that an extension could "Communicate with cooperating websites", and was shown when an extension specified "externally_connectable" in the manifest with any "matches" (i.e., websites). This allowed websites to message extensions via runtime.sendMessage() and runtime.connect(). This wasn't very useful. Any extension can communicate with cooperating websites without this capability, e.g. by being specified in the cooperating sites' ACAO, and just making an ordinary CORS request. This requires no permissions, because it is a normal web capability. (There are also other ways extensions can communicate, e.g. through web_accessible_resources). Remove the warning. Bug: 469602 Change-Id: I8663125f268b4e031a0a83c4dd0fd886cc2a6457 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2148249Reviewed-by: Martin Šrámek <msramek@chromium.org> Reviewed-by: Mustafa Emre Acer <meacer@chromium.org> Commit-Queue: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#759893}

[Extensions] Remove permission warning for externally connectable sites
Remove the permission warning for externally connectable sites. This warning previously indicated that an extension could "Communicate with cooperating websites", and was shown when an extension specified "externally_connectable" in the manifest with any "matches" (i.e., websites). This allowed websites to message extensions via runtime.sendMessage() and runtime.connect(). This wasn't very useful. Any extension can communicate with cooperating websites without this capability, e.g. by being specified in the cooperating sites' ACAO, and just making an ordinary CORS request. This requires no permissions, because it is a normal web capability. (There are also other ways extensions can communicate, e.g. through web_accessible_resources). Remove the warning. Bug: 469602 Change-Id: I8663125f268b4e031a0a83c4dd0fd886cc2a6457 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2148249Reviewed-by: Martin Šrámek <msramek@chromium.org> Reviewed-by: Mustafa Emre Acer <meacer@chromium.org> Commit-Queue: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#759893}
fb5fd69e · Devlin Cronin · Commit Bot · 8d9c0217 · fb5fd69e · fb5fd69e
Commit fb5fd69e authored Apr 17, 2020 by Devlin Cronin Committed by Commit Bot Apr 17, 2020
7 changed files
--- a/chrome/app/generated_resources.grd
+++ b/chrome/app/generated_resources.grd
@@ -4018,9 +4018,6 @@ are declared in tools/grit/grit_rule.gni.
        <message name="IDS_EXTENSION_PROMPT_WARNING_VPN" desc="Permission string for access to VPN API.">
          Access your network traffic
        </message>
-        <message name="IDS_EXTENSION_PROMPT_WARNING_WEB_CONNECTABLE" desc="Permission string for allowing websites to connect to extensions.">
-          Communicate with cooperating websites
-        </message>
        <message name="IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS" desc="Permission string for access to content settings.">
          Change your settings that control websites' access to features such as cookies, JavaScript, plugins, geolocation, microphone, camera, etc.

--- a/chrome/common/extensions/permissions/chrome_permission_message_rules.cc
+++ b/chrome/common/extensions/permissions/chrome_permission_message_rules.cc
@@ -573,9 +573,6 @@ ChromePermissionMessageRule::GetAllRules() {
       {APIPermission::kNetworkState},
       {}},
      {IDS_EXTENSION_PROMPT_WARNING_VPN, {APIPermission::kVpnProvider}, {}},
-      {IDS_EXTENSION_PROMPT_WARNING_WEB_CONNECTABLE,
-       {APIPermission::kWebConnectable},
-       {}},
      {std::make_unique<SingleParameterFormatter>(
           IDS_EXTENSION_PROMPT_WARNING_HOME_PAGE_SETTING_OVERRIDE),
       {APIPermission::kHomepage},

--- a/extensions/common/manifest_handlers/externally_connectable.cc
+++ b/extensions/common/manifest_handlers/externally_connectable.cc
@@ -75,10 +75,7 @@ bool ExternallyConnectableHandler::Parse(Extension* extension,
          *externally_connectable, allow_all_urls, &install_warnings, error);
  if (!info)
    return false;
-  if (!info->matches.is_empty()) {
-    PermissionsParser::AddAPIPermission(extension,
-                                        APIPermission::kWebConnectable);
-  }
  extension->AddInstallWarnings(std::move(install_warnings));
  extension->SetManifestData(keys::kExternallyConnectable, std::move(info));
  return true;

--- a/extensions/common/manifest_handlers/externally_connectable_unittest.cc
+++ b/extensions/common/manifest_handlers/externally_connectable_unittest.cc
@@ -39,9 +39,6 @@ TEST_F(ExternallyConnectableTest, IDsAndMatches) {
      LoadAndExpectSuccess("externally_connectable_ids_and_matches.json");
  ASSERT_TRUE(extension.get());
-  EXPECT_TRUE(extension->permissions_data()->HasAPIPermission(
-      APIPermission::kWebConnectable));
  ExternallyConnectableInfo* info =
      ExternallyConnectableInfo::Get(extension.get());
  ASSERT_TRUE(info);
@@ -101,9 +98,6 @@ TEST_F(ExternallyConnectableTest, IDs) {
      LoadAndExpectSuccess("externally_connectable_ids.json");
  ASSERT_TRUE(extension.get());
-  EXPECT_FALSE(extension->permissions_data()->HasAPIPermission(
-      APIPermission::kWebConnectable));
  ExternallyConnectableInfo* info =
      ExternallyConnectableInfo::Get(extension.get());
  ASSERT_TRUE(info);
@@ -122,9 +116,6 @@ TEST_F(ExternallyConnectableTest, Matches) {
      LoadAndExpectSuccess("externally_connectable_matches.json");
  ASSERT_TRUE(extension.get());
-  EXPECT_TRUE(extension->permissions_data()->HasAPIPermission(
-      APIPermission::kWebConnectable));
  ExternallyConnectableInfo* info =
      ExternallyConnectableInfo::Get(extension.get());
  ASSERT_TRUE(info);
@@ -165,9 +156,6 @@ TEST_F(ExternallyConnectableTest, MatchesWithTlsChannelId) {
      "externally_connectable_matches_tls_channel_id.json");
  ASSERT_TRUE(extension.get());
-  EXPECT_TRUE(extension->permissions_data()->HasAPIPermission(
-      APIPermission::kWebConnectable));
  ExternallyConnectableInfo* info =
      ExternallyConnectableInfo::Get(extension.get());
  ASSERT_TRUE(info);
@@ -190,9 +178,6 @@ TEST_F(ExternallyConnectableTest, AllIDs) {
      LoadAndExpectSuccess("externally_connectable_all_ids.json");
  ASSERT_TRUE(extension.get());
-  EXPECT_FALSE(extension->permissions_data()->HasAPIPermission(
-      APIPermission::kWebConnectable));
  ExternallyConnectableInfo* info =
      ExternallyConnectableInfo::Get(extension.get());
  ASSERT_TRUE(info);

--- a/extensions/common/permissions/api_permission.h
+++ b/extensions/common/permissions/api_permission.h
@@ -197,7 +197,7 @@ class APIPermission {
    kWallpaper = 153,
    kWallpaperPrivate = 154,
    kWebcamPrivate = 155,
-    kWebConnectable = 156,  // for externally_connectable manifest key
+    kDeleted_kWebConnectable = 156,  // for externally_connectable manifest key
    kWebNavigation = 157,
    kWebRequest = 158,
    kWebRequestBlocking = 159,

--- a/extensions/common/permissions/extensions_api_permissions.cc
+++ b/extensions/common/permissions/extensions_api_permissions.cc
@@ -149,12 +149,6 @@ constexpr APIPermissionInfo::InitInfo permissions_to_register[] = {
    {APIPermission::kVpnProvider, "vpnProvider",
     APIPermissionInfo::kFlagCannotBeOptional |
         APIPermissionInfo::kFlagDoesNotRequireManagedSessionFullLoginWarning},
-    // NOTE(kalman): This is provided by a manifest property but needs to
-    // appear in the install permission dialogue, so we need a fake
-    // permission for it. See http://crbug.com/247857.
-    {APIPermission::kWebConnectable, "webConnectable",
-     APIPermissionInfo::kFlagCannotBeOptional |
-         APIPermissionInfo::kFlagInternal},
    {APIPermission::kWebRequest, "webRequest"},
    {APIPermission::kWebRequestBlocking, "webRequestBlocking"},
    {APIPermission::kDeclarativeNetRequest,

--- a/tools/metrics/histograms/enums.xml
+++ b/tools/metrics/histograms/enums.xml
@@ -22944,7 +22944,7 @@ Called by update_extension_histograms.py.-->
  <int value="39" label="kAudio"/>
  <int value="40" label="kFavicon"/>
  <int value="41" label="kMusicManagerPrivate"/>
-  <int value="42" label="kWebConnectable"/>
+  <int value="42" label="kDeleted_WebConnectable"/>
  <int value="43" label="kActivityLogPrivate"/>
  <int value="44" label="kBluetoothDevices"/>
  <int value="45" label="kDownloadsOpen"/>