feat: enable serialPort.revoke()

docs/api/session.md

@@ -385,6 +385,18 @@ callback from `select-serial-port` is called.  This event is intended for use
 when using a UI to ask users to pick a port so that the UI can be updated
 to remove the specified port.
 
+#### Event: 'serial-port-revoked'
+
+Returns:
+
+* `event` Event
+* `details` Object
+  * `origin` string (optional) - The origin that the device has been revoked from.
+
+Emitted after `serialPort.forget()` has been called.  This event can be used
+to help maintain persistent storage of permissions when
+`setDevicePermissionHandler` is used.
+
 ### Instance Methods
 
 The following methods are available on instances of `Session`:

shell/browser/serial/electron_serial_delegate.cc

@@ -82,7 +82,9 @@ void ElectronSerialDelegate::RemoveObserver(content::RenderFrameHost* frame,
 void ElectronSerialDelegate::RevokePortPermissionWebInitiated(
     content::RenderFrameHost* frame,
     const base::UnguessableToken& token) {
-  // TODO(nornagon/jkleinsc): pass this on to the chooser context
+  auto* web_contents = content::WebContents::FromRenderFrameHost(frame);
+  return GetChooserContext(frame)->RevokePortPermissionWebInitiated(
+      web_contents->GetPrimaryMainFrame()->GetLastCommittedOrigin(), token);
 }
 
 const device::mojom::SerialPortInfo* ElectronSerialDelegate::GetPortInfo(

shell/browser/serial/serial_chooser_context.cc

@@ -105,18 +105,33 @@ void SerialChooserContext::GrantPortPermission(
     content::RenderFrameHost* render_frame_host) {
   port_info_.insert({port.token, port.Clone()});
 
-  auto* permission_manager = static_cast<ElectronPermissionManager*>(
-      browser_context_->GetPermissionControllerDelegate());
-  return permission_manager->GrantDevicePermission(
-      static_cast<blink::PermissionType>(
-          WebContentsPermissionHelper::PermissionType::SERIAL),
-      origin, PortInfoToValue(port), browser_context_);
+  if (CanStorePersistentEntry(port)) {
+    auto* permission_manager = static_cast<ElectronPermissionManager*>(
+        browser_context_->GetPermissionControllerDelegate());
+    permission_manager->GrantDevicePermission(
+        static_cast<blink::PermissionType>(
+            WebContentsPermissionHelper::PermissionType::SERIAL),
+        origin, PortInfoToValue(port), browser_context_);
+    return;
+  }
+
+  ephemeral_ports_[origin].insert(port.token);
 }
 
 bool SerialChooserContext::HasPortPermission(
     const url::Origin& origin,
     const device::mojom::SerialPortInfo& port,
     content::RenderFrameHost* render_frame_host) {
+  auto it = ephemeral_ports_.find(origin);
+  if (it != ephemeral_ports_.end()) {
+    const std::set<base::UnguessableToken> ports = it->second;
+    if (base::Contains(ports, port.token))
+      return true;
+  }
+
+  if (!CanStorePersistentEntry(port))
+    return false;
+
   auto* permission_manager = static_cast<ElectronPermissionManager*>(
       browser_context_->GetPermissionControllerDelegate());
   return permission_manager->CheckDevicePermission(
@@ -129,8 +144,23 @@ void SerialChooserContext::RevokePortPermissionWebInitiated(
     const url::Origin& origin,
     const base::UnguessableToken& token) {
   auto it = port_info_.find(token);
-  if (it == port_info_.end())
-    return;
+  if (it != port_info_.end()) {
+    auto* permission_manager = static_cast<ElectronPermissionManager*>(
+        browser_context_->GetPermissionControllerDelegate());
+    permission_manager->RevokeDevicePermission(
+        static_cast<blink::PermissionType>(
+            WebContentsPermissionHelper::PermissionType::SERIAL),
+        origin, PortInfoToValue(*it->second), browser_context_);
+  }
+
+  auto ephemeral = ephemeral_ports_.find(origin);
+  if (ephemeral != ephemeral_ports_.end()) {
+    std::set<base::UnguessableToken>& ports = ephemeral->second;
+    ports.erase(token);
+  }
+
+  for (auto& observer : port_observer_list_)
+    observer.OnPermissionRevoked(origin);
 }
 
 // static
@@ -204,7 +234,21 @@ void SerialChooserContext::OnPortRemoved(
   for (auto& observer : port_observer_list_)
     observer.OnPortRemoved(*port);
 
+  std::vector<url::Origin> revoked_origins;
+  for (auto& map_entry : ephemeral_ports_) {
+    std::set<base::UnguessableToken>& ports = map_entry.second;
+    if (ports.erase(port->token) > 0) {
+      revoked_origins.push_back(map_entry.first);
+    }
+  }
+
   port_info_.erase(port->token);
+
+  for (auto& observer : port_observer_list_) {
+    for (const auto& origin : revoked_origins) {
+      observer.OnPermissionRevoked(origin);
+    }
+  }
 }
 
 void SerialChooserContext::EnsurePortManagerConnection() {
@@ -239,6 +283,20 @@ void SerialChooserContext::OnGetDevices(
 void SerialChooserContext::OnPortManagerConnectionError() {
   port_manager_.reset();
   client_receiver_.reset();
+
+  port_info_.clear();
+
+  std::vector<url::Origin> revoked_origins;
+  revoked_origins.reserve(ephemeral_ports_.size());
+  for (const auto& map_entry : ephemeral_ports_)
+    revoked_origins.push_back(map_entry.first);
+  ephemeral_ports_.clear();
+
+  // Notify observers that all ephemeral permissions have been revoked.
+  for (auto& observer : port_observer_list_) {
+    for (const auto& origin : revoked_origins)
+      observer.OnPermissionRevoked(origin);
+  }
 }
 
 }  // namespace electron

shell/browser/serial/serial_chooser_context.h

@@ -77,11 +77,6 @@ class SerialChooserContext : public KeyedService,
 
   base::WeakPtr<SerialChooserContext> AsWeakPtr();
 
-  bool is_initialized_ = false;
-
-  // Map from port token to port info.
-  std::map<base::UnguessableToken, device::mojom::SerialPortInfoPtr> port_info_;
-
   // SerialPortManagerClient implementation.
   void OnPortAdded(device::mojom::SerialPortInfoPtr port) override;
   void OnPortRemoved(device::mojom::SerialPortInfoPtr port) override;
@@ -99,9 +94,14 @@ class SerialChooserContext : public KeyedService,
       mojo::PendingRemote<device::mojom::SerialPortManager> manager);
   void OnGetDevices(std::vector<device::mojom::SerialPortInfoPtr> ports);
   void OnPortManagerConnectionError();
-  void RevokeObjectPermissionInternal(const url::Origin& origin,
-                                      const base::Value& object,
-                                      bool revoked_by_website);
+
+  bool is_initialized_ = false;
+
+  // Tracks the set of ports to which an origin has access to.
+  std::map<url::Origin, std::set<base::UnguessableToken>> ephemeral_ports_;
+
+  // Map from port token to port info.
+  std::map<base::UnguessableToken, device::mojom::SerialPortInfoPtr> port_info_;
 
   mojo::Remote<device::mojom::SerialPortManager> port_manager_;
   mojo::Receiver<device::mojom::SerialPortManagerClient> client_receiver_{this};

shell/browser/serial/serial_chooser_controller.cc

@@ -114,6 +114,18 @@ void SerialChooserController::OnPortRemoved(
   }
 }
 
+void SerialChooserController::OnPermissionRevoked(const url::Origin& origin) {
+  api::Session* session = GetSession();
+  if (session) {
+    v8::Isolate* isolate = JavascriptEnvironment::GetIsolate();
+    v8::HandleScope scope(isolate);
+    gin_helper::Dictionary details =
+        gin_helper::Dictionary::CreateEmpty(isolate);
+    details.Set("origin", origin.Serialize());
+    session->Emit("serial-port-revoked", details);
+  }
+}
+
 void SerialChooserController::OnPortManagerConnectionError() {
   observation_.Reset();
 }

shell/browser/serial/serial_chooser_controller.h

@@ -47,7 +47,7 @@ class SerialChooserController final : public SerialChooserContext::PortObserver,
   void OnPortAdded(const device::mojom::SerialPortInfo& port) override;
   void OnPortRemoved(const device::mojom::SerialPortInfo& port) override;
   void OnPortManagerConnectionError() override;
-  void OnPermissionRevoked(const url::Origin& origin) override {}
+  void OnPermissionRevoked(const url::Origin& origin) override;
   void OnSerialChooserContextShutdown() override;
 
  private: