1 /*
2 * Copyright 2009, The Android Open Source Project
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * * Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * * Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26 #include "config.h"
27 #include "GeolocationPermissions.h"
28
29 #include "WebViewCore.h"
30
31 #include <DOMWindow.h>
32 #include <Frame.h>
33 #include <Geolocation.h>
34 #include <Navigator.h>
35 #include <SQLiteDatabase.h>
36 #include <SQLiteFileSystem.h>
37 #include <SQLiteStatement.h>
38 #include <SQLiteTransaction.h>
39 #include <text/CString.h>
40
41 using namespace WebCore;
42
43 namespace android {
44
45 GeolocationPermissions::PermissionsMap GeolocationPermissions::s_permanentPermissions;
46 GeolocationPermissions::GeolocationPermissionsVector GeolocationPermissions::s_instances;
47 bool GeolocationPermissions::s_alwaysDeny = false;
48 bool GeolocationPermissions::s_permanentPermissionsLoaded = false;
49 bool GeolocationPermissions::s_permanentPermissionsModified = false;
50 String GeolocationPermissions::s_databasePath;
51
52 static const char* databaseName = "GeolocationPermissions.db";
53
GeolocationPermissions(WebViewCore * webViewCore)54 GeolocationPermissions::GeolocationPermissions(WebViewCore* webViewCore)
55 : m_webViewCore(webViewCore)
56 , m_timer(this, &GeolocationPermissions::timerFired)
57
58 {
59 ASSERT(m_webViewCore);
60 maybeLoadPermanentPermissions();
61 s_instances.append(this);
62 }
63
~GeolocationPermissions()64 GeolocationPermissions::~GeolocationPermissions()
65 {
66 size_t index = s_instances.find(this);
67 s_instances.remove(index);
68 }
69
queryPermissionState(Frame * frame)70 void GeolocationPermissions::queryPermissionState(Frame* frame)
71 {
72 ASSERT(s_permanentPermissionsLoaded);
73
74 // We use SecurityOrigin::toString to key the map. Note that testing
75 // the SecurityOrigin pointer for equality is insufficient.
76 String originString = frame->document()->securityOrigin()->toString();
77
78 // If we've been told to always deny requests, do so.
79 if (s_alwaysDeny) {
80 makeAsynchronousCallbackToGeolocation(originString, false);
81 return;
82 }
83
84 // See if we have a record for this origin in the permanent permissions.
85 // These take precedence over temporary permissions so that changes made
86 // from the browser settings work as intended.
87 PermissionsMap::const_iterator iter = s_permanentPermissions.find(originString);
88 PermissionsMap::const_iterator end = s_permanentPermissions.end();
89 if (iter != end) {
90 bool allow = iter->second;
91 makeAsynchronousCallbackToGeolocation(originString, allow);
92 return;
93 }
94
95 // Check the temporary permisions.
96 iter = m_temporaryPermissions.find(originString);
97 end = m_temporaryPermissions.end();
98 if (iter != end) {
99 bool allow = iter->second;
100 makeAsynchronousCallbackToGeolocation(originString, allow);
101 return;
102 }
103
104 // If there's no pending request, prompt the user.
105 if (nextOriginInQueue().isEmpty()) {
106 // Although multiple tabs may request permissions for the same origin
107 // simultaneously, the routing in WebViewCore/CallbackProxy ensures that
108 // the result of the request will make it back to this object, so
109 // there's no need for a globally unique ID for the request.
110 m_webViewCore->geolocationPermissionsShowPrompt(originString);
111 }
112
113 // Add this request to the queue so we can track which frames requested it.
114 if (m_queuedOrigins.find(originString) == WTF::notFound) {
115 m_queuedOrigins.append(originString);
116 FrameSet frameSet;
117 frameSet.add(frame);
118 m_queuedOriginsToFramesMap.add(originString, frameSet);
119 } else {
120 ASSERT(m_queuedOriginsToFramesMap.contains(originString));
121 m_queuedOriginsToFramesMap.find(originString)->second.add(frame);
122 }
123 }
124
cancelPermissionStateQuery(WebCore::Frame * frame)125 void GeolocationPermissions::cancelPermissionStateQuery(WebCore::Frame* frame)
126 {
127 // We cancel any queued request for the given frame. There can be at most
128 // one of these, since each frame maps to a single origin. We only cancel
129 // the request if this frame is the only one reqesting permission for this
130 // origin.
131 //
132 // We can use the origin string to avoid searching the map.
133 String originString = frame->document()->securityOrigin()->toString();
134 size_t index = m_queuedOrigins.find(originString);
135 if (index == WTF::notFound)
136 return;
137
138 ASSERT(m_queuedOriginsToFramesMap.contains(originString));
139 OriginToFramesMap::iterator iter = m_queuedOriginsToFramesMap.find(originString);
140 ASSERT(iter->second.contains(frame));
141 iter->second.remove(frame);
142 if (!iter->second.isEmpty())
143 return;
144
145 m_queuedOrigins.remove(index);
146 m_queuedOriginsToFramesMap.remove(iter);
147
148 // If this is the origin currently being shown, cancel the prompt
149 // and show the next in the queue, if present.
150 if (index == 0) {
151 m_webViewCore->geolocationPermissionsHidePrompt();
152 if (!nextOriginInQueue().isEmpty())
153 m_webViewCore->geolocationPermissionsShowPrompt(nextOriginInQueue());
154 }
155 }
156
makeAsynchronousCallbackToGeolocation(String origin,bool allow)157 void GeolocationPermissions::makeAsynchronousCallbackToGeolocation(String origin, bool allow)
158 {
159 m_callbackData.origin = origin;
160 m_callbackData.allow = allow;
161 m_timer.startOneShot(0);
162 }
163
providePermissionState(String origin,bool allow,bool remember)164 void GeolocationPermissions::providePermissionState(String origin, bool allow, bool remember)
165 {
166 ASSERT(s_permanentPermissionsLoaded);
167
168 // It's possible that this method is called with an origin that doesn't
169 // match m_originInProgress. This can occur if this object is reset
170 // while a permission result is in the process of being marshalled back to
171 // the WebCore thread from the browser. In this case, we simply ignore the
172 // call.
173 if (origin != nextOriginInQueue())
174 return;
175
176 maybeCallbackFrames(origin, allow);
177 recordPermissionState(origin, allow, remember);
178
179 // If the permissions are set to be remembered, cancel any queued requests
180 // for this domain in other tabs.
181 if (remember)
182 cancelPendingRequestsInOtherTabs(origin);
183
184 // Clear the origin from the queue.
185 ASSERT(!m_queuedOrigins.isEmpty());
186 m_queuedOrigins.remove(0);
187 ASSERT(m_queuedOriginsToFramesMap.contains(origin));
188 m_queuedOriginsToFramesMap.remove(origin);
189
190 // If there are other requests queued, start the next one.
191 if (!nextOriginInQueue().isEmpty())
192 m_webViewCore->geolocationPermissionsShowPrompt(nextOriginInQueue());
193 }
194
recordPermissionState(String origin,bool allow,bool remember)195 void GeolocationPermissions::recordPermissionState(String origin, bool allow, bool remember)
196 {
197 if (remember) {
198 s_permanentPermissions.set(origin, allow);
199 s_permanentPermissionsModified = true;
200 } else {
201 // It's possible that another tab recorded a permanent permission for
202 // this origin while our request was in progress, but we record it
203 // anyway.
204 m_temporaryPermissions.set(origin, allow);
205 }
206 }
207
cancelPendingRequestsInOtherTabs(String origin)208 void GeolocationPermissions::cancelPendingRequestsInOtherTabs(String origin)
209 {
210 for (GeolocationPermissionsVector::const_iterator iter = s_instances.begin();
211 iter != s_instances.end();
212 ++iter)
213 (*iter)->cancelPendingRequests(origin);
214 }
215
cancelPendingRequests(String origin)216 void GeolocationPermissions::cancelPendingRequests(String origin)
217 {
218 size_t index = m_queuedOrigins.find(origin);
219
220 // Don't cancel the request if it's currently being shown, in which case
221 // it's at index 0.
222 if (index == WTF::notFound || !index)
223 return;
224
225 // Get the permission from the permanent list.
226 ASSERT(s_permanentPermissions.contains(origin));
227 PermissionsMap::const_iterator iter = s_permanentPermissions.find(origin);
228 bool allow = iter->second;
229
230 maybeCallbackFrames(origin, allow);
231
232 m_queuedOrigins.remove(index);
233 ASSERT(m_queuedOriginsToFramesMap.contains(origin));
234 m_queuedOriginsToFramesMap.remove(origin);
235 }
236
timerFired(Timer<GeolocationPermissions> * timer)237 void GeolocationPermissions::timerFired(Timer<GeolocationPermissions>* timer)
238 {
239 ASSERT_UNUSED(timer, timer == &m_timer);
240 maybeCallbackFrames(m_callbackData.origin, m_callbackData.allow);
241 }
242
resetTemporaryPermissionStates()243 void GeolocationPermissions::resetTemporaryPermissionStates()
244 {
245 ASSERT(s_permanentPermissionsLoaded);
246 m_queuedOrigins.clear();
247 m_queuedOriginsToFramesMap.clear();
248 m_temporaryPermissions.clear();
249 // If any permission results are being marshalled back to this thread, this
250 // will render them inefective.
251 m_timer.stop();
252
253 m_webViewCore->geolocationPermissionsHidePrompt();
254 }
255
nextOriginInQueue()256 const WTF::String& GeolocationPermissions::nextOriginInQueue()
257 {
258 static const String emptyString = "";
259 return m_queuedOrigins.isEmpty() ? emptyString : m_queuedOrigins[0];
260 }
261
maybeCallbackFrames(String origin,bool allow)262 void GeolocationPermissions::maybeCallbackFrames(String origin, bool allow)
263 {
264 // We can't track which frame issued the request, as frames can be deleted
265 // or have their contents replaced. Even uniqueChildName is not unique when
266 // frames are dynamically deleted and created. Instead, we simply call back
267 // to the Geolocation object in all frames from the correct origin.
268 for (Frame* frame = m_webViewCore->mainFrame(); frame; frame = frame->tree()->traverseNext()) {
269 if (origin == frame->document()->securityOrigin()->toString()) {
270 // If the page has changed, it may no longer have a Geolocation
271 // object.
272 Geolocation* geolocation = frame->domWindow()->navigator()->optionalGeolocation();
273 if (geolocation)
274 geolocation->setIsAllowed(allow);
275 }
276 }
277 }
278
getOrigins()279 GeolocationPermissions::OriginSet GeolocationPermissions::getOrigins()
280 {
281 maybeLoadPermanentPermissions();
282 OriginSet origins;
283 PermissionsMap::const_iterator end = s_permanentPermissions.end();
284 for (PermissionsMap::const_iterator iter = s_permanentPermissions.begin(); iter != end; ++iter)
285 origins.add(iter->first);
286 return origins;
287 }
288
getAllowed(String origin)289 bool GeolocationPermissions::getAllowed(String origin)
290 {
291 maybeLoadPermanentPermissions();
292 bool allowed = false;
293 PermissionsMap::const_iterator iter = s_permanentPermissions.find(origin);
294 PermissionsMap::const_iterator end = s_permanentPermissions.end();
295 if (iter != end)
296 allowed = iter->second;
297 return allowed;
298 }
299
clear(String origin)300 void GeolocationPermissions::clear(String origin)
301 {
302 maybeLoadPermanentPermissions();
303 PermissionsMap::iterator iter = s_permanentPermissions.find(origin);
304 if (iter != s_permanentPermissions.end()) {
305 s_permanentPermissions.remove(iter);
306 s_permanentPermissionsModified = true;
307 }
308 }
309
allow(String origin)310 void GeolocationPermissions::allow(String origin)
311 {
312 maybeLoadPermanentPermissions();
313 // We replace any existing permanent permission.
314 s_permanentPermissions.set(origin, true);
315 s_permanentPermissionsModified = true;
316 }
317
clearAll()318 void GeolocationPermissions::clearAll()
319 {
320 maybeLoadPermanentPermissions();
321 s_permanentPermissions.clear();
322 s_permanentPermissionsModified = true;
323 }
324
maybeLoadPermanentPermissions()325 void GeolocationPermissions::maybeLoadPermanentPermissions()
326 {
327 if (s_permanentPermissionsLoaded)
328 return;
329 s_permanentPermissionsLoaded = true;
330
331 SQLiteDatabase database;
332 if (!openDatabase(&database))
333 return;
334
335 // Create the table here, such that even if we've just created the DB, the
336 // commands below should succeed.
337 if (!database.executeCommand("CREATE TABLE IF NOT EXISTS Permissions (origin TEXT UNIQUE NOT NULL, allow INTEGER NOT NULL)")) {
338 database.close();
339 return;
340 }
341
342 SQLiteStatement statement(database, "SELECT * FROM Permissions");
343 if (statement.prepare() != SQLResultOk) {
344 database.close();
345 return;
346 }
347
348 ASSERT(s_permanentPermissions.size() == 0);
349 while (statement.step() == SQLResultRow)
350 s_permanentPermissions.set(statement.getColumnText(0), statement.getColumnInt64(1));
351
352 database.close();
353 }
354
maybeStorePermanentPermissions()355 void GeolocationPermissions::maybeStorePermanentPermissions()
356 {
357 // If the permanent permissions haven't been modified, there's no need to
358 // save them to the DB. (If we haven't even loaded them, writing them now
359 // would overwrite the stored permissions with the empty set.)
360 if (!s_permanentPermissionsModified)
361 return;
362
363 SQLiteDatabase database;
364 if (!openDatabase(&database))
365 return;
366
367 SQLiteTransaction transaction(database);
368
369 // The number of entries should be small enough that it's not worth trying
370 // to perform a diff. Simply clear the table and repopulate it.
371 if (!database.executeCommand("DELETE FROM Permissions")) {
372 database.close();
373 return;
374 }
375
376 PermissionsMap::const_iterator end = s_permanentPermissions.end();
377 for (PermissionsMap::const_iterator iter = s_permanentPermissions.begin(); iter != end; ++iter) {
378 SQLiteStatement statement(database, "INSERT INTO Permissions (origin, allow) VALUES (?, ?)");
379 if (statement.prepare() != SQLResultOk)
380 continue;
381 statement.bindText(1, iter->first);
382 statement.bindInt64(2, iter->second);
383 statement.executeCommand();
384 }
385
386 transaction.commit();
387 database.close();
388
389 s_permanentPermissionsModified = false;
390 }
391
setDatabasePath(String path)392 void GeolocationPermissions::setDatabasePath(String path)
393 {
394 // Take the first non-empty value.
395 if (s_databasePath.length() > 0)
396 return;
397 s_databasePath = path;
398 }
399
openDatabase(SQLiteDatabase * database)400 bool GeolocationPermissions::openDatabase(SQLiteDatabase* database)
401 {
402 ASSERT(database);
403 String filename = SQLiteFileSystem::appendDatabaseFileNameToPath(s_databasePath, databaseName);
404 if (!database->open(filename))
405 return false;
406 if (chmod(filename.utf8().data(), S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP)) {
407 database->close();
408 return false;
409 }
410 return true;
411 }
412
setAlwaysDeny(bool deny)413 void GeolocationPermissions::setAlwaysDeny(bool deny)
414 {
415 s_alwaysDeny = deny;
416 }
417
418 } // namespace android
419