chromium_src/extensions/browser/api/storage/storage_utils.cc · OpenHarmony-TPC/chromium_src - AtomGit

// Copyright 2024 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "extensions/browser/api/storage/storage_utils.h"

#include "base/types/cxx23_to_underlying.h"
#include "base/values.h"
#include "extensions/browser/extension_prefs.h"
#include "extensions/browser/extension_util.h"
#include "extensions/browser/process_map.h"
#include "extensions/common/mojom/api_permission_id.mojom-shared.h"
#include "extensions/common/permissions/permissions_data.h"

namespace extensions::storage_utils {

namespace {

constexpr PrefMap kPrefSessionStorageAccessLevel = {
    "storage_session_access_level", PrefType::kInteger,
    PrefScope::kExtensionSpecific};

constexpr PrefMap kPrefLocalStorageAccessLevel = {
    "storage_local_access_level", PrefType::kInteger,
    PrefScope::kExtensionSpecific};

constexpr PrefMap kPrefSyncStorageAccessLevel = {"storage_sync_access_level",
                                                 PrefType::kInteger,
                                                 PrefScope::kExtensionSpecific};

constexpr PrefMap kPrefManagedStorageAccessLevel = {
    "storage_managed_access_level", PrefType::kInteger,
    PrefScope::kExtensionSpecific};

const PrefMap* GetPrefMapForStorageArea(StorageAreaNamespace storage_area) {
  switch (storage_area) {
    case StorageAreaNamespace::kSession:
      return &kPrefSessionStorageAccessLevel;
    case StorageAreaNamespace::kLocal:
      return &kPrefLocalStorageAccessLevel;
    case StorageAreaNamespace::kSync:
      return &kPrefSyncStorageAccessLevel;
    case StorageAreaNamespace::kManaged:
      return &kPrefManagedStorageAccessLevel;
    // An invalid storage area does not have access levels.
    case StorageAreaNamespace::kInvalid:
      NOTREACHED();
  }
}
}  // namespace

api::storage::AccessLevel GetAccessLevelForArea(
    const ExtensionId& extension_id,
    content::BrowserContext& browser_context,
    StorageAreaNamespace storage_area) {
  ExtensionPrefs* prefs = ExtensionPrefs::Get(&browser_context);
  const PrefMap* pref_map = GetPrefMapForStorageArea(storage_area);

  int stored_access_level_int = 0;
  if (pref_map && prefs->ReadPrefAsInteger(extension_id, *pref_map,
                                           &stored_access_level_int)) {
    // Return access level iff it's a valid value.
    if (stored_access_level_int > 0 &&
        stored_access_level_int <=
            base::to_underlying(api::storage::AccessLevel::kMaxValue)) {
      return static_cast<api::storage::AccessLevel>(stored_access_level_int);
    }
  }

  // Otherwise, return the default access level for the specified storage area.
  switch (storage_area) {
    case StorageAreaNamespace::kSession:
      return api::storage::AccessLevel::kTrustedContexts;
    case StorageAreaNamespace::kLocal:
    case StorageAreaNamespace::kSync:
    case StorageAreaNamespace::kManaged:
      return api::storage::AccessLevel::kTrustedAndUntrustedContexts;
    case StorageAreaNamespace::kInvalid:
      NOTREACHED();
  }
}

void SetAccessLevelForArea(const ExtensionId& extension_id,
                           content::BrowserContext& browser_context,
                           StorageAreaNamespace storage_area,
                           api::storage::AccessLevel access_level) {
  ExtensionPrefs* prefs = ExtensionPrefs::Get(&browser_context);
  const PrefMap* pref_map = GetPrefMapForStorageArea(storage_area);
  prefs->SetIntegerPref(extension_id, *pref_map,
                        base::to_underlying(access_level));
}

base::Value ValueChangeToValue(
    std::vector<SessionStorageManager::ValueChange> changes) {
  base::Value::Dict changes_value;
  for (auto& change : changes) {
    base::Value::Dict change_value;
    if (change.old_value.has_value()) {
      change_value.Set("oldValue", std::move(change.old_value.value()));
    }
    if (change.new_value) {
      change_value.Set("newValue", change.new_value->Clone());
    }
    changes_value.Set(change.key, std::move(change_value));
  }
  return base::Value(std::move(changes_value));
}

// TODO(crbug.com/41034787): Use this to limit renderer access to storage to
// cases where there has been an injection.
bool CanRendererAccessExtensionStorage(
    content::BrowserContext& browser_context,
    const Extension& extension,
    std::optional<StorageAreaNamespace> storage_area,
    content::RenderFrameHost* render_frame_host,
    content::RenderProcessHost& render_process_host) {
  if (!extension.permissions_data()->HasAPIPermission(
          mojom::APIPermissionID::kStorage)) {
    return false;
  }

  if (storage_area == StorageAreaNamespace::kSession) {
    if (extension.manifest_version() < 3) {
      return false;
    }

    api::storage::AccessLevel access_level =
        GetAccessLevelForArea(extension.id(), browser_context, *storage_area);
    if (access_level == api::storage::AccessLevel::kTrustedContexts) {
      ProcessMap* process_map = ProcessMap::Get(&browser_context);
      return process_map->IsPrivilegedExtensionProcess(
          extension, render_process_host.GetDeprecatedID());
    }
  }

  return util::CanRendererActOnBehalfOfExtension(
      extension.id(), render_frame_host, render_process_host,
      /*include_user_scripts=*/false);
}

}  // namespace extensions::storage_utils