url_blacklist_manager.h revision c5cede9ae108bb15f6b7a8aea21c7e1fefa2834c
1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef COMPONENTS_POLICY_CORE_BROWSER_URL_BLACKLIST_MANAGER_H_ 6#define COMPONENTS_POLICY_CORE_BROWSER_URL_BLACKLIST_MANAGER_H_ 7 8#include <map> 9#include <string> 10 11#include "base/basictypes.h" 12#include "base/callback_forward.h" 13#include "base/compiler_specific.h" 14#include "base/containers/hash_tables.h" 15#include "base/memory/ref_counted.h" 16#include "base/memory/scoped_ptr.h" 17#include "base/memory/weak_ptr.h" 18#include "base/prefs/pref_change_registrar.h" 19#include "components/policy/policy_export.h" 20#include "components/url_matcher/url_matcher.h" 21#include "url/gurl.h" 22 23class PrefService; 24 25namespace base { 26class ListValue; 27class SequencedTaskRunner; 28} 29 30namespace net { 31class URLRequest; 32} 33 34namespace user_prefs { 35class PrefRegistrySyncable; 36} 37 38namespace policy { 39 40// Contains a set of filters to block and allow certain URLs, and matches GURLs 41// against this set. The filters are currently kept in memory. 42class POLICY_EXPORT URLBlacklist { 43 public: 44 // This is meant to be bound to URLFixerUpper::SegmentURL. See that function 45 // for documentation on the parameters and return value. 46 typedef std::string (*SegmentURLCallback)(const std::string&, 47 url_parse::Parsed*); 48 49 explicit URLBlacklist(SegmentURLCallback segment_url); 50 virtual ~URLBlacklist(); 51 52 // Allows or blocks URLs matching one of the filters, depending on |allow|. 53 void AddFilters(bool allow, const base::ListValue* filters); 54 55 // URLs matching one of the |filters| will be blocked. The filter format is 56 // documented at 57 // http://www.chromium.org/administrators/url-blacklist-filter-format. 58 void Block(const base::ListValue* filters); 59 60 // URLs matching one of the |filters| will be allowed. If a URL is both 61 // Blocked and Allowed, Allow takes precedence. 62 void Allow(const base::ListValue* filters); 63 64 // Returns true if the URL is blocked. 65 bool IsURLBlocked(const GURL& url) const; 66 67 // Returns the number of items in the list. 68 size_t Size() const; 69 70 // Splits a URL filter into its components. A GURL isn't used because these 71 // can be invalid URLs e.g. "google.com". 72 // Returns false if the URL couldn't be parsed. 73 // The |host| is preprocessed so it can be passed to URLMatcher for the 74 // appropriate condition. 75 // The optional username and password are ignored. 76 // |match_subdomains| specifies whether the filter should include subdomains 77 // of the hostname (if it is one.) 78 // |port| is 0 if none is explicitly defined. 79 // |path| does not include query parameters. 80 static bool FilterToComponents(SegmentURLCallback segment_url, 81 const std::string& filter, 82 std::string* scheme, 83 std::string* host, 84 bool* match_subdomains, 85 uint16* port, 86 std::string* path); 87 88 // Creates a condition set that can be used with the |url_matcher|. |id| needs 89 // to be a unique number that will be returned by the |url_matcher| if the URL 90 // matches that condition set. 91 static scoped_refptr<url_matcher::URLMatcherConditionSet> CreateConditionSet( 92 url_matcher::URLMatcher* url_matcher, 93 url_matcher::URLMatcherConditionSet::ID id, 94 const std::string& scheme, 95 const std::string& host, 96 bool match_subdomains, 97 uint16 port, 98 const std::string& path); 99 100 private: 101 struct FilterComponents; 102 103 // Returns true if |lhs| takes precedence over |rhs|. 104 static bool FilterTakesPrecedence(const FilterComponents& lhs, 105 const FilterComponents& rhs); 106 107 SegmentURLCallback segment_url_; 108 url_matcher::URLMatcherConditionSet::ID id_; 109 std::map<url_matcher::URLMatcherConditionSet::ID, FilterComponents> filters_; 110 scoped_ptr<url_matcher::URLMatcher> url_matcher_; 111 112 DISALLOW_COPY_AND_ASSIGN(URLBlacklist); 113}; 114 115// Tracks the blacklist policies for a given profile, and updates it on changes. 116// 117// This class interacts with both the UI thread, where notifications of pref 118// changes are received from, and the IO thread, which owns it (in the 119// ProfileIOData) and checks for blacklisted URLs (from ChromeNetworkDelegate). 120// 121// It must be constructed on the UI thread, to set up |ui_weak_ptr_factory_| and 122// the prefs listeners. 123// 124// ShutdownOnUIThread must be called from UI before destruction, to release 125// the prefs listeners on the UI thread. This is done from ProfileIOData. 126// 127// Update tasks from the UI thread can post safely to the IO thread, since the 128// destruction order of Profile and ProfileIOData guarantees that if this 129// exists in UI, then a potential destruction on IO will come after any task 130// posted to IO from that method on UI. This is used to go through IO before 131// the actual update starts, and grab a WeakPtr. 132class POLICY_EXPORT URLBlacklistManager { 133 public: 134 // Returns true if the blacklist should be overridden for |url| and sets 135 // |block| to true if it should be blocked and false otherwise. 136 // |reason| is set to the exact reason for blocking |url| iff |block| is true. 137 typedef base::Callback<bool(const GURL& url, bool* block, int* reason)> 138 OverrideBlacklistCallback; 139 140 // Must be constructed on the UI thread. 141 // |background_task_runner| is used to build the blacklist in a background 142 // thread. 143 // |io_task_runner| must be backed by the IO thread. 144 // |segment_url| is used to break a URL spec into its components. 145 URLBlacklistManager( 146 PrefService* pref_service, 147 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner, 148 const scoped_refptr<base::SequencedTaskRunner>& io_task_runner, 149 URLBlacklist::SegmentURLCallback segment_url, 150 OverrideBlacklistCallback override_blacklist); 151 virtual ~URLBlacklistManager(); 152 153 // Must be called on the UI thread, before destruction. 154 void ShutdownOnUIThread(); 155 156 // Returns true if |url| is blocked by the current blacklist. Must be called 157 // from the IO thread. 158 bool IsURLBlocked(const GURL& url) const; 159 160 // Returns true if |request| is blocked by the current blacklist. 161 // Only main frame and sub frame requests may be blocked; other sub resources 162 // or background downloads (e.g. extensions updates, sync, etc) are not 163 // filtered. The sync signin page is also not filtered. 164 // |reason| is populated with the exact reason for blocking the url if and 165 // only if the return value is true otherwise it is left untouched. 166 // Must be called from the IO thread. 167 bool IsRequestBlocked(const net::URLRequest& request, int* reason) const; 168 169 // Replaces the current blacklist. Must be called on the IO thread. 170 // Virtual for testing. 171 virtual void SetBlacklist(scoped_ptr<URLBlacklist> blacklist); 172 173 // Registers the preferences related to blacklisting in the given PrefService. 174 static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry); 175 176 protected: 177 // Used to delay updating the blacklist while the preferences are 178 // changing, and execute only one update per simultaneous prefs changes. 179 void ScheduleUpdate(); 180 181 // Updates the blacklist using the current preference values. 182 // Virtual for testing. 183 virtual void Update(); 184 185 // Starts the blacklist update on the IO thread, using the filters in 186 // |block| and |allow|. Protected for testing. 187 void UpdateOnIO(scoped_ptr<base::ListValue> block, 188 scoped_ptr<base::ListValue> allow); 189 190 private: 191 // --------- 192 // UI thread 193 // --------- 194 195 // Used to post update tasks to the UI thread. 196 base::WeakPtrFactory<URLBlacklistManager> ui_weak_ptr_factory_; 197 198 // Used to track the policies and update the blacklist on changes. 199 PrefChangeRegistrar pref_change_registrar_; 200 PrefService* pref_service_; // Weak. 201 202 // Used to post tasks to a background thread. 203 scoped_refptr<base::SequencedTaskRunner> background_task_runner_; 204 205 // Used to post tasks to the IO thread. 206 scoped_refptr<base::SequencedTaskRunner> io_task_runner_; 207 208 // Used to break a URL into its components. 209 URLBlacklist::SegmentURLCallback segment_url_; 210 211 // Used to optionally skip blacklisting for some URLs. 212 OverrideBlacklistCallback override_blacklist_; 213 214 // --------- 215 // IO thread 216 // --------- 217 218 // Used to get |weak_ptr_| to self on the IO thread. 219 base::WeakPtrFactory<URLBlacklistManager> io_weak_ptr_factory_; 220 221 // Used to post tasks to the UI thread. 222 scoped_refptr<base::SequencedTaskRunner> ui_task_runner_; 223 224 // The current blacklist. 225 scoped_ptr<URLBlacklist> blacklist_; 226 227 DISALLOW_COPY_AND_ASSIGN(URLBlacklistManager); 228}; 229 230} // namespace policy 231 232#endif // COMPONENTS_POLICY_CORE_BROWSER_URL_BLACKLIST_MANAGER_H_ 233