7 files changed, 68 insertions, 7 deletions

diff --git a/chromium/extensions/renderer/messaging_util.cc b/chromium/extensions/renderer/messaging_util.cc
index f6bf874f98d..7e9a0f124de 100644
--- a/chromium/extensions/renderer/messaging_util.cc
+++ b/chromium/extensions/renderer/messaging_util.cc
@@ -124,9 +124,13 @@ std::unique_ptr<Message> MessageFromJSONString(v8::Isolate* isolate,
     return nullptr;
   }
 
-  bool has_transient_user_activation =
-      web_frame ? web_frame->HasTransientUserActivation() : false;
-  return std::make_unique<Message>(message, has_transient_user_activation,
+  // The message should carry user activation information only if the last
+  // activation in |web_frame| was triggered by a real user interaction.  See
+  // |UserActivationState::LastActivationWasRestricted()|.
+  bool has_unrestricted_user_activation =
+      web_frame && web_frame->HasTransientUserActivation() &&
+      !web_frame->LastActivationWasRestricted();
+  return std::make_unique<Message>(message, has_unrestricted_user_activation,
                                    privileged_context);
 }
 
diff --git a/chromium/third_party/blink/common/frame/user_activation_state.cc b/chromium/third_party/blink/common/frame/user_activation_state.cc
index a8a878ada00..ebc71897c08 100644
--- a/chromium/third_party/blink/common/frame/user_activation_state.cc
+++ b/chromium/third_party/blink/common/frame/user_activation_state.cc
@@ -11,6 +11,23 @@ using blink::mojom::UserActivationNotificationType;
 
 namespace blink {
 
+namespace {
+
+// Indicates if |notification_type| should be considered restricted.  See
+// |LastActivationWasRestricted| for details.
+bool IsRestricted(UserActivationNotificationType notification_type) {
+  return notification_type == UserActivationNotificationType::
+                                  kExtensionMessagingBothPrivileged ||
+         notification_type == UserActivationNotificationType::
+                                  kExtensionMessagingSenderPrivileged ||
+         notification_type == UserActivationNotificationType::
+                                  kExtensionMessagingReceiverPrivileged ||
+         notification_type == UserActivationNotificationType::
+                                  kExtensionMessagingNeitherPrivileged;
+}
+
+}  // namespace
+
 // The expiry time should be long enough to allow network round trips even in a
 // very slow connection (to support xhr-like calls with user activation), yet
 // not too long to make an "unattended" page feel activated.
@@ -23,6 +40,7 @@ UserActivationState::UserActivationState()
 void UserActivationState::Activate(
     UserActivationNotificationType notification_type) {
   has_been_active_ = true;
+  last_activation_was_restricted_ = IsRestricted(notification_type);
   ActivateTransientState();
 
   // Update states for UMA.
@@ -36,6 +54,7 @@ void UserActivationState::Activate(
 
 void UserActivationState::Clear() {
   has_been_active_ = false;
+  last_activation_was_restricted_ = false;
   first_notification_type_ = UserActivationNotificationType::kNone;
   last_notification_type_ = UserActivationNotificationType::kNone;
   DeactivateTransientState();
@@ -70,6 +89,10 @@ bool UserActivationState::ConsumeIfActive() {
   return true;
 }
 
+bool UserActivationState::LastActivationWasRestricted() const {
+  return last_activation_was_restricted_;
+}
+
 void UserActivationState::RecordPreconsumptionUma() const {
   if (!IsActiveInternal())
     return;
diff --git a/chromium/third_party/blink/public/common/frame/user_activation_state.h b/chromium/third_party/blink/public/common/frame/user_activation_state.h
index aa1a421c1c6..380165d2655 100644
--- a/chromium/third_party/blink/public/common/frame/user_activation_state.h
+++ b/chromium/third_party/blink/public/common/frame/user_activation_state.h
@@ -94,6 +94,9 @@ class BLINK_COMMON_EXPORT UserActivationState {
   // true and updates the transient state timestamp to "now".
   //
   // The |notification_type| parameter is used for histograms only.
+  //
+  // TODO(mustaq): When removing |notification_type|, explicitly pass
+  // |is_restricted| as a parameter here.
   void Activate(mojom::UserActivationNotificationType notification_type);
 
   void Clear();
@@ -110,6 +113,21 @@ class BLINK_COMMON_EXPORT UserActivationState {
   // successfully consumed.
   bool ConsumeIfActive();
 
+  // Indicates if the last user activation notification was restricted in
+  // nature.  This is a non-spec-compliant state, added only for compat reasons.
+  //
+  // Please don't add any new dependency to it!
+  //
+  // More details: A user activation on a frame is marked as restricted when the
+  // frame is neither an ancestor nor of the same-origin w.r.t. the frame where
+  // user interaction happened.  In other words, the restricted activation does
+  // not follow the tracking mechanism mentioned in the HTML spec and above.
+  // This non-standard activation in Chrome prevents breaking old extensions
+  // that (historically) expect a synthetic user activation to be available in
+  // an "unexposed" script-context (say in an extension's background script)
+  // after receiving an extension message under certain conditions.
+  bool LastActivationWasRestricted() const;
+
   // Records UMA stats related to consumption.  Must be called:
   // - before |ConsumeIfActive()| to record correct stats, and
   // - only once during consumption propagation to suppress over-counting.
@@ -126,6 +144,8 @@ class BLINK_COMMON_EXPORT UserActivationState {
   bool has_been_active_ = false;
   base::TimeTicks transient_state_expiry_time_;
 
+  bool last_activation_was_restricted_ = false;
+
   // Tracks the expiry of |kInteraction| notification for UMA data.
   base::TimeTicks transient_state_expiry_time_for_interaction_;
 
diff --git a/chromium/third_party/blink/public/web/web_local_frame.h b/chromium/third_party/blink/public/web/web_local_frame.h
index 31b19cec69d..6d6b366c95f 100644
--- a/chromium/third_party/blink/public/web/web_local_frame.h
+++ b/chromium/third_party/blink/public/web/web_local_frame.h
@@ -787,21 +787,24 @@ class WebLocalFrame : public WebFrame {
 
   // User activation -----------------------------------------------------------
 
-  // See blink::LocalFrame::NotifyUserActivation().
+  // See |blink::LocalFrame::NotifyUserActivation()|.
   virtual void NotifyUserActivation(
       mojom::UserActivationNotificationType notification_type) = 0;
 
-  // See blink::LocalFrame::HasStickyUserActivation().
+  // See |blink::Frame::HasStickyUserActivation()|.
   virtual bool HasStickyUserActivation() = 0;
 
-  // See blink::LocalFrame::HasTransientUserActivation().
+  // See |blink::Frame::HasTransientUserActivation()|.
   virtual bool HasTransientUserActivation() = 0;
 
-  // See blink::LocalFrame::ConsumeTransientUserActivation().
+  // See |blink::LocalFrame::ConsumeTransientUserActivation()|.
   virtual bool ConsumeTransientUserActivation(
       UserActivationUpdateSource update_source =
           UserActivationUpdateSource::kRenderer) = 0;
 
+  // See |blink::Frame::LastActivationWasRestricted()|.
+  virtual bool LastActivationWasRestricted() const = 0;
+
   // Testing ------------------------------------------------------------------
 
   // Get the total spool size (the bounding box of all the pages placed after
diff --git a/chromium/third_party/blink/renderer/core/frame/frame.h b/chromium/third_party/blink/renderer/core/frame/frame.h
index ecc1409edb9..1167129b143 100644
--- a/chromium/third_party/blink/renderer/core/frame/frame.h
+++ b/chromium/third_party/blink/renderer/core/frame/frame.h
@@ -213,6 +213,12 @@ class CORE_EXPORT Frame : public GarbageCollected<Frame> {
     return user_activation_state_.HasBeenActive();
   }
 
+  // Returns if the last user activation for this frame was restricted in
+  // nature.
+  bool LastActivationWasRestricted() const {
+    return user_activation_state_.LastActivationWasRestricted();
+  }
+
   // Resets the user activation state of this frame.
   void ClearUserActivation() { user_activation_state_.Clear(); }
 
diff --git a/chromium/third_party/blink/renderer/core/frame/web_local_frame_impl.cc b/chromium/third_party/blink/renderer/core/frame/web_local_frame_impl.cc
index 3d718e04a50..c5f779e1965 100644
--- a/chromium/third_party/blink/renderer/core/frame/web_local_frame_impl.cc
+++ b/chromium/third_party/blink/renderer/core/frame/web_local_frame_impl.cc
@@ -653,6 +653,10 @@ bool WebLocalFrameImpl::ConsumeTransientUserActivation(
   return LocalFrame::ConsumeTransientUserActivation(GetFrame(), update_source);
 }
 
+bool WebLocalFrameImpl::LastActivationWasRestricted() const {
+  return GetFrame()->LastActivationWasRestricted();
+}
+
 WebLocalFrame* WebLocalFrame::FrameForContext(v8::Local<v8::Context> context) {
   return WebLocalFrameImpl::FromFrame(ToLocalFrameIfNotDetached(context));
 }
diff --git a/chromium/third_party/blink/renderer/core/frame/web_local_frame_impl.h b/chromium/third_party/blink/renderer/core/frame/web_local_frame_impl.h
index ebd7f45cadf..08531405db4 100644
--- a/chromium/third_party/blink/renderer/core/frame/web_local_frame_impl.h
+++ b/chromium/third_party/blink/renderer/core/frame/web_local_frame_impl.h
@@ -329,6 +329,7 @@ class CORE_EXPORT WebLocalFrameImpl final
   bool HasStickyUserActivation() override;
   bool HasTransientUserActivation() override;
   bool ConsumeTransientUserActivation(UserActivationUpdateSource) override;
+  bool LastActivationWasRestricted() const override;
   void SetTargetToCurrentHistoryItem(const WebString& target) override;
   void UpdateCurrentHistoryItem() override;
   PageState CurrentHistoryItemToPageState() override;