1 // Copyright 2020 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef COMPONENTS_PERMISSIONS_PERMISSIONS_CLIENT_H_
6 #define COMPONENTS_PERMISSIONS_PERMISSIONS_CLIENT_H_
8 #include "base/functional/callback_forward.h"
9 #include "base/memory/weak_ptr.h"
10 #include "build/build_config.h"
11 #include "build/chromeos_buildflags.h"
12 #include "components/content_settings/core/common/content_settings_types.h"
13 #include "components/favicon/core/favicon_service.h"
14 #include "components/permissions/origin_keyed_permission_action_service.h"
15 #include "components/permissions/permission_prompt.h"
16 #include "components/permissions/permission_ui_selector.h"
17 #include "components/permissions/permission_uma_util.h"
18 #include "components/permissions/permission_util.h"
19 #include "components/permissions/request_type.h"
20 #include "content/public/browser/browser_context.h"
21 #include "services/metrics/public/cpp/ukm_source_id.h"
22 #include "third_party/abseil-cpp/absl/types/optional.h"
23 #include "url/origin.h"
25 #if BUILDFLAG(IS_ANDROID)
26 #include "components/messages/android/message_wrapper.h"
30 class HostContentSettingsMap;
35 } // namespace content
37 namespace content_settings {
41 namespace privacy_sandbox {
42 class TrackingProtectionSettings;
43 } // namespace privacy_sandbox
48 } // namespace infobars
50 namespace permissions {
51 class ObjectPermissionContextBase;
52 class PermissionActionsHistory;
53 class PermissionDecisionAutoBlocker;
54 class PermissionPromptAndroid;
56 // Interface to be implemented by permissions embedder to access embedder
58 class PermissionsClient {
60 #if BUILDFLAG(IS_ANDROID)
61 class PermissionMessageDelegate {
63 virtual ~PermissionMessageDelegate() = default;
67 PermissionsClient(const PermissionsClient&) = delete;
68 PermissionsClient& operator=(const PermissionsClient&) = delete;
71 virtual ~PermissionsClient();
73 // Return the permissions client.
74 static PermissionsClient* Get();
76 // Retrieves the HostContentSettingsMap for this context. The returned pointer
77 // has the same lifetime as |browser_context|.
78 virtual HostContentSettingsMap* GetSettingsMap(
79 content::BrowserContext* browser_context) = 0;
81 // Retrieves the CookieSettings for this context.
82 virtual scoped_refptr<content_settings::CookieSettings> GetCookieSettings(
83 content::BrowserContext* browser_context) = 0;
85 // Retrieves the TrackingProtectionSettings for this context.
86 virtual privacy_sandbox::TrackingProtectionSettings*
87 GetTrackingProtectionSettings(content::BrowserContext* browser_context) = 0;
89 // Retrieves the subresource filter activation from browser website settings.
90 virtual bool IsSubresourceFilterActivated(
91 content::BrowserContext* browser_context,
94 // Holds and mediates access to an in-memory origin-keyed map, that holds the
95 // last PermissionAction and its timestamp for each Content Setting. Used for
96 // metrics collection.
97 virtual OriginKeyedPermissionActionService*
98 GetOriginKeyedPermissionActionService(
99 content::BrowserContext* browser_context) = 0;
100 virtual PermissionActionsHistory* GetPermissionActionsHistory(
101 content::BrowserContext* browser_context) = 0;
102 // Retrieves the PermissionDecisionAutoBlocker for this context. The returned
103 // pointer has the same lifetime as |browser_context|.
104 virtual PermissionDecisionAutoBlocker* GetPermissionDecisionAutoBlocker(
105 content::BrowserContext* browser_context) = 0;
107 // Gets the ObjectPermissionContextBase for the given type and context, which
109 // *_CHOOSER_DATA value. May return null if the context does not exist.
110 virtual ObjectPermissionContextBase* GetChooserContext(
111 content::BrowserContext* browser_context,
112 ContentSettingsType type) = 0;
114 // Gets the embedder defined engagement score for this |origin|.
115 virtual double GetSiteEngagementScore(
116 content::BrowserContext* browser_context,
119 // Determines whether some origins are "important". |origins| is an in-out
120 // param that passes in the list of origins which need judgment as the first
121 // item in each pair, and the determination of importance should be stored in
122 // the second item in the pair (true meaning important).
123 virtual void AreSitesImportant(
124 content::BrowserContext* browser_context,
125 std::vector<std::pair<url::Origin, bool>>* origins);
127 #if BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_CHROMEOS_ASH)
128 // Returns whether cookie deletion is allowed for |browser_context| and
130 // TODO(crbug.com/1081944): Remove this method and all code depending on it
131 // when a proper fix is landed.
132 virtual bool IsCookieDeletionDisabled(
133 content::BrowserContext* browser_context,
137 // Retrieves the ukm::SourceId (if any) associated with this |browser_context|
138 // and |web_contents|. |web_contents| may be null. |callback| will be called
139 // with the result, and may be run synchronously if the result is available
141 using GetUkmSourceIdCallback =
142 base::OnceCallback<void(absl::optional<ukm::SourceId>)>;
143 virtual void GetUkmSourceId(content::BrowserContext* browser_context,
144 content::WebContents* web_contents,
145 const GURL& requesting_origin,
146 GetUkmSourceIdCallback callback);
148 // Returns the icon ID that should be used for permissions UI for |type|. If
149 // the embedder returns an empty IconId, the default icon for |type| will be
151 virtual IconId GetOverrideIconId(RequestType request_type);
153 // Allows the embedder to provide a list of selectors for choosing the UI to
154 // use for permission requests. If the embedder returns an empty list, the
155 // normal UI will be used always. Then for each request, if none of the
156 // returned selectors prescribe the quiet UI, the normal UI will be used.
157 // Otherwise the quiet UI will be used. Selectors at lower indices have higher
158 // priority when determining the quiet UI flavor.
159 virtual std::vector<std::unique_ptr<PermissionUiSelector>>
160 CreatePermissionUiSelectors(content::BrowserContext* browser_context);
162 using QuietUiReason = PermissionUiSelector::QuietUiReason;
164 #if !BUILDFLAG(IS_ANDROID)
165 virtual void TriggerPromptHatsSurveyIfEnabled(
166 content::BrowserContext* context,
167 permissions::RequestType request_type,
168 absl::optional<permissions::PermissionAction> action,
169 permissions::PermissionPromptDisposition prompt_disposition,
170 permissions::PermissionPromptDispositionReason prompt_disposition_reason,
171 permissions::PermissionRequestGestureType gesture_type,
172 absl::optional<base::TimeDelta> prompt_display_duration,
175 base::OnceCallback<void()> hats_shown_callback_);
178 // Called for each request type when a permission prompt is resolved.
179 virtual void OnPromptResolved(
180 RequestType request_type,
181 PermissionAction action,
183 PermissionPromptDisposition prompt_disposition,
184 PermissionPromptDispositionReason prompt_disposition_reason,
185 PermissionRequestGestureType gesture_type,
186 absl::optional<QuietUiReason> quiet_ui_reason,
187 base::TimeDelta prompt_display_duration,
188 content::WebContents* web_contents);
190 // Returns true if user has 3 consecutive notifications permission denies,
191 // returns false otherwise.
192 // Returns absl::nullopt if the user is not in the adoptive activation quiet
193 // ui dry run experiment group.
194 virtual absl::optional<bool> HadThreeConsecutiveNotificationPermissionDenies(
195 content::BrowserContext* browser_context);
197 // Returns whether the |permission| has already been auto-revoked due to abuse
198 // at least once for the given |origin|. Returns `nullopt` if permission
199 // auto-revocation is not supported for a given permission type.
200 virtual absl::optional<bool> HasPreviouslyAutoRevokedPermission(
201 content::BrowserContext* browser_context,
203 ContentSettingsType permission);
205 // If the embedder returns an origin here, any requests matching that origin
206 // will be approved. Requests that do not match the returned origin will
207 // immediately be finished without granting/denying the permission.
208 virtual absl::optional<url::Origin> GetAutoApprovalOrigin();
210 // Allows the embedder to bypass checking the embedding origin when performing
211 // permission availability checks. This is used for example when a permission
212 // should only be available on secure origins. Return true to bypass embedding
213 // origin checks for the passed in origins.
214 virtual bool CanBypassEmbeddingOriginCheck(const GURL& requesting_origin,
215 const GURL& embedding_origin);
217 // Allows embedder to override the canonical origin for a permission request.
218 // This is the origin that will be used for requesting/storing/displaying
220 virtual absl::optional<GURL> OverrideCanonicalOrigin(
221 const GURL& requesting_origin,
222 const GURL& embedding_origin);
224 // Checks if `requesting_origin` and `embedding_origin` are the new tab page
226 virtual bool DoURLsMatchNewTabPage(const GURL& requesting_origin,
227 const GURL& embedding_origin);
229 // Determines the reason why a prompt was ignored.
230 virtual permissions::PermissionIgnoredReason DetermineIgnoreReason(
231 content::WebContents* web_contents);
233 #if BUILDFLAG(IS_ANDROID)
234 // Returns whether the given origin matches the default search
235 // engine (DSE) origin.
236 virtual bool IsDseOrigin(content::BrowserContext* browser_context,
237 const url::Origin& origin);
239 // Retrieves the InfoBarManager for the web contents. The returned
240 // pointer has the same lifetime as |web_contents|.
241 virtual infobars::InfoBarManager* GetInfoBarManager(
242 content::WebContents* web_contents);
244 // Allows the embedder to create an info bar to use as the
245 // permission prompt. Might return null based on internal logic
246 // (e.g. |type| does not support infobar permission prompts). The
247 // returned infobar is owned by the info bar manager.
248 virtual infobars::InfoBar* MaybeCreateInfoBar(
249 content::WebContents* web_contents,
250 ContentSettingsType type,
251 base::WeakPtr<PermissionPromptAndroid> prompt);
253 // Allows the embedder to create a message UI to use as the
254 // permission prompt. Returns the pointer to the message UI if the
255 // message UI is successfully created, nullptr otherwise, e.g. if
256 // the messages-prompt is not supported for `type`.
257 virtual std::unique_ptr<PermissionMessageDelegate> MaybeCreateMessageUI(
258 content::WebContents* web_contents,
259 ContentSettingsType type,
260 base::WeakPtr<PermissionPromptAndroid> prompt);
262 using PermissionsUpdatedCallback = base::OnceCallback<void(bool)>;
264 // Prompts the user to accept system permissions for
265 // |content_settings_types|, after they've already been denied. In
266 // Chrome, this shows an infobar. |callback| will be run with
267 // |true| for success and |false| otherwise.
268 virtual void RepromptForAndroidPermissions(
269 content::WebContents* web_contents,
270 const std::vector<ContentSettingsType>& content_settings_types,
271 const std::vector<ContentSettingsType>& filtered_content_settings_types,
272 const std::vector<std::string>& required_permissions,
273 const std::vector<std::string>& optional_permissions,
274 PermissionsUpdatedCallback callback);
276 // Converts the given chromium |resource_id| (e.g.
277 // IDR_INFOBAR_TRANSLATE) to an Android drawable resource ID.
278 // Returns 0 if a mapping wasn't found.
279 virtual int MapToJavaDrawableId(int resource_id);
281 // Creates a permission prompt.
282 // TODO(crbug.com/1025609): Move the desktop permission prompt
283 // implementation into //components/permissions and remove this.
284 virtual std::unique_ptr<PermissionPrompt> CreatePrompt(
285 content::WebContents* web_contents,
286 PermissionPrompt::Delegate* delegate);
289 // Returns true if the browser has the necessary permission(s) from the
290 // platform to provide a particular permission-gated capability to sites. This
291 // can include both app-specific permissions relevant to the browser and
292 // device-wide permissions.
293 virtual bool HasDevicePermission(ContentSettingsType type) const;
295 // Returns true if the browser is able to request from the platform the
296 // necessary permission(s) needed to provide a particular permission-gated
297 // capability to sites.
298 virtual bool CanRequestDevicePermission(ContentSettingsType type) const;
300 virtual favicon::FaviconService* GetFaviconService(
301 content::BrowserContext* browser_context);
304 } // namespace permissions
306 #endif // COMPONENTS_PERMISSIONS_PERMISSIONS_CLIENT_H_