1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/common/extensions/permissions/chrome_api_permissions.h"
6
7 #include "chrome/common/extensions/permissions/bluetooth_permission.h"
8 #include "chrome/common/extensions/permissions/media_galleries_permission.h"
9 #include "chrome/common/extensions/permissions/socket_permission.h"
10 #include "chrome/common/extensions/permissions/usb_device_permission.h"
11 #include "extensions/common/permissions/api_permission.h"
12 #include "extensions/common/permissions/api_permission_set.h"
13 #include "extensions/common/permissions/permission_message.h"
14 #include "extensions/common/permissions/permissions_info.h"
15 #include "grit/generated_resources.h"
16
17 namespace extensions {
18
19 namespace {
20
21 const char kOldUnlimitedStoragePermission[] = "unlimited_storage";
22 const char kWindowsPermission[] = "windows";
23
CreateAPIPermission(const APIPermissionInfo * permission)24 template<typename T> APIPermission* CreateAPIPermission(
25 const APIPermissionInfo* permission) {
26 return new T(permission);
27 }
28
29 } // namespace
30
GetAllPermissions() const31 std::vector<APIPermissionInfo*> ChromeAPIPermissions::GetAllPermissions()
32 const {
33 struct PermissionRegistration {
34 APIPermission::ID id;
35 const char* name;
36 int flags;
37 int l10n_message_id;
38 PermissionMessage::ID message_id;
39 APIPermissionInfo::APIPermissionConstructor constructor;
40 } PermissionsToRegister[] = {
41 // Register permissions for all extension types.
42 { APIPermission::kBackground, "background" },
43 { APIPermission::kClipboardRead, "clipboardRead",
44 APIPermissionInfo::kFlagNone,
45 IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD,
46 PermissionMessage::kClipboard },
47 { APIPermission::kClipboardWrite, "clipboardWrite" },
48 { APIPermission::kDeclarativeContent, "declarativeContent" },
49 { APIPermission::kDeclarativeWebRequest, "declarativeWebRequest",
50 APIPermissionInfo::kFlagNone,
51 IDS_EXTENSION_PROMPT_WARNING_DECLARATIVE_WEB_REQUEST,
52 PermissionMessage::kDeclarativeWebRequest },
53 { APIPermission::kDesktopCapture, "desktopCapture",
54 APIPermissionInfo::kFlagNone,
55 IDS_EXTENSION_PROMPT_WARNING_DESKTOP_CAPTURE,
56 PermissionMessage::kDesktopCapture },
57 { APIPermission::kDns, "dns" },
58 { APIPermission::kDownloads, "downloads", APIPermissionInfo::kFlagNone,
59 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS,
60 PermissionMessage::kDownloads },
61 { APIPermission::kDownloadsOpen, "downloads.open",
62 APIPermissionInfo::kFlagNone,
63 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS_OPEN,
64 PermissionMessage::kDownloadsOpen },
65 { APIPermission::kDownloadsShelf, "downloads.shelf" },
66 { APIPermission::kIdentity, "identity" },
67 { APIPermission::kExperimental, "experimental",
68 APIPermissionInfo::kFlagCannotBeOptional },
69 // NOTE(kalman): this is provided by a manifest property but needs to
70 // appear in the install permission dialogue, so we need a fake
71 // permission for it. See http://crbug.com/247857.
72 { APIPermission::kWebConnectable, "webConnectable",
73 APIPermissionInfo::kFlagCannotBeOptional |
74 APIPermissionInfo::kFlagInternal,
75 IDS_EXTENSION_PROMPT_WARNING_WEB_CONNECTABLE,
76 PermissionMessage::kWebConnectable},
77 { APIPermission::kGeolocation, "geolocation",
78 APIPermissionInfo::kFlagCannotBeOptional,
79 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
80 PermissionMessage::kGeolocation },
81 { APIPermission::kNotification, "notifications" },
82 { APIPermission::kUnlimitedStorage, "unlimitedStorage",
83 APIPermissionInfo::kFlagCannotBeOptional },
84 { APIPermission::kGcm, "gcm" },
85
86 // Register extension permissions.
87 { APIPermission::kActiveTab, "activeTab" },
88 { APIPermission::kAdView, "adview" },
89 { APIPermission::kAlarms, "alarms" },
90 { APIPermission::kBookmark, "bookmarks", APIPermissionInfo::kFlagNone,
91 IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS,
92 PermissionMessage::kBookmarks },
93 { APIPermission::kBrailleDisplayPrivate, "brailleDisplayPrivate",
94 APIPermissionInfo::kFlagCannotBeOptional },
95 { APIPermission::kBrowsingData, "browsingData" },
96 { APIPermission::kContentSettings, "contentSettings",
97 APIPermissionInfo::kFlagNone,
98 IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS,
99 PermissionMessage::kContentSettings },
100 { APIPermission::kContextMenus, "contextMenus" },
101 { APIPermission::kCookie, "cookies" },
102 { APIPermission::kFileBrowserHandler, "fileBrowserHandler",
103 APIPermissionInfo::kFlagCannotBeOptional },
104 { APIPermission::kFontSettings, "fontSettings",
105 APIPermissionInfo::kFlagCannotBeOptional },
106 { APIPermission::kHistory, "history", APIPermissionInfo::kFlagNone,
107 IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY,
108 PermissionMessage::kBrowsingHistory },
109 { APIPermission::kIdltest, "idltest" },
110 { APIPermission::kIdle, "idle" },
111 { APIPermission::kInfobars, "infobars" },
112 { APIPermission::kInput, "input", APIPermissionInfo::kFlagNone,
113 IDS_EXTENSION_PROMPT_WARNING_INPUT,
114 PermissionMessage::kInput },
115 { APIPermission::kLocation, "location",
116 APIPermissionInfo::kFlagCannotBeOptional,
117 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
118 PermissionMessage::kGeolocation },
119 { APIPermission::kManagement, "management", APIPermissionInfo::kFlagNone,
120 IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT,
121 PermissionMessage::kManagement },
122 { APIPermission::kNativeMessaging, "nativeMessaging",
123 APIPermissionInfo::kFlagNone,
124 IDS_EXTENSION_PROMPT_WARNING_NATIVE_MESSAGING,
125 PermissionMessage::kNativeMessaging },
126 { APIPermission::kPower, "power", },
127 { APIPermission::kPrivacy, "privacy", APIPermissionInfo::kFlagNone,
128 IDS_EXTENSION_PROMPT_WARNING_PRIVACY,
129 PermissionMessage::kPrivacy },
130 { APIPermission::kProcesses, "processes", APIPermissionInfo::kFlagNone,
131 IDS_EXTENSION_PROMPT_WARNING_TABS,
132 PermissionMessage::kTabs },
133 { APIPermission::kSessions, "sessions" },
134 { APIPermission::kSignedInDevices, "signedInDevices",
135 APIPermissionInfo::kFlagNone,
136 IDS_EXTENSION_PROMPT_WARNING_SIGNED_IN_DEVICES,
137 PermissionMessage::kSignedInDevices },
138 { APIPermission::kStorage, "storage" },
139 { APIPermission::kSyncFileSystem, "syncFileSystem",
140 APIPermissionInfo::kFlagNone,
141 IDS_EXTENSION_PROMPT_WARNING_SYNCFILESYSTEM,
142 PermissionMessage::kSyncFileSystem },
143 { APIPermission::kTab, "tabs", APIPermissionInfo::kFlagNone,
144 IDS_EXTENSION_PROMPT_WARNING_TABS,
145 PermissionMessage::kTabs },
146 { APIPermission::kTopSites, "topSites", APIPermissionInfo::kFlagNone,
147 IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY,
148 PermissionMessage::kBrowsingHistory },
149 { APIPermission::kTts, "tts", 0, APIPermissionInfo::kFlagCannotBeOptional },
150 { APIPermission::kTtsEngine, "ttsEngine",
151 APIPermissionInfo::kFlagCannotBeOptional,
152 IDS_EXTENSION_PROMPT_WARNING_TTS_ENGINE,
153 PermissionMessage::kTtsEngine },
154 { APIPermission::kWallpaper, "wallpaper",
155 APIPermissionInfo::kFlagCannotBeOptional,
156 IDS_EXTENSION_PROMPT_WARNING_WALLPAPER,
157 PermissionMessage::kWallpaper },
158 { APIPermission::kWebNavigation, "webNavigation",
159 APIPermissionInfo::kFlagNone,
160 IDS_EXTENSION_PROMPT_WARNING_TABS, PermissionMessage::kTabs },
161 { APIPermission::kWebRequest, "webRequest" },
162 { APIPermission::kWebRequestBlocking, "webRequestBlocking" },
163 { APIPermission::kWebView, "webview",
164 APIPermissionInfo::kFlagCannotBeOptional },
165
166 // Register private permissions.
167 { APIPermission::kScreenlockPrivate, "screenlockPrivate",
168 APIPermissionInfo::kFlagCannotBeOptional,
169 IDS_EXTENSION_PROMPT_WARNING_SCREENLOCK_PRIVATE,
170 PermissionMessage::kScreenlockPrivate },
171 { APIPermission::kActivityLogPrivate, "activityLogPrivate",
172 APIPermissionInfo::kFlagCannotBeOptional,
173 IDS_EXTENSION_PROMPT_WARNING_ACTIVITY_LOG_PRIVATE,
174 PermissionMessage::kActivityLogPrivate },
175 { APIPermission::kAutoTestPrivate, "autotestPrivate",
176 APIPermissionInfo::kFlagCannotBeOptional },
177 { APIPermission::kBookmarkManagerPrivate, "bookmarkManagerPrivate",
178 APIPermissionInfo::kFlagCannotBeOptional },
179 { APIPermission::kCast, "cast",
180 APIPermissionInfo::kFlagCannotBeOptional },
181 { APIPermission::kChromeosInfoPrivate, "chromeosInfoPrivate",
182 APIPermissionInfo::kFlagCannotBeOptional },
183 { APIPermission::kCommandLinePrivate, "commandLinePrivate",
184 APIPermissionInfo::kFlagCannotBeOptional },
185 { APIPermission::kDeveloperPrivate, "developerPrivate",
186 APIPermissionInfo::kFlagCannotBeOptional },
187 { APIPermission::kDiagnostics, "diagnostics",
188 APIPermissionInfo::kFlagCannotBeOptional },
189 { APIPermission::kDial, "dial", APIPermissionInfo::kFlagCannotBeOptional },
190 { APIPermission::kDownloadsInternal, "downloadsInternal" },
191 { APIPermission::kFileBrowserHandlerInternal, "fileBrowserHandlerInternal",
192 APIPermissionInfo::kFlagCannotBeOptional },
193 { APIPermission::kFileBrowserPrivate, "fileBrowserPrivate",
194 APIPermissionInfo::kFlagCannotBeOptional },
195 { APIPermission::kIdentityPrivate, "identityPrivate",
196 APIPermissionInfo::kFlagCannotBeOptional },
197 { APIPermission::kLogPrivate, "logPrivate"},
198 { APIPermission::kNetworkingPrivate, "networkingPrivate",
199 APIPermissionInfo::kFlagCannotBeOptional,
200 IDS_EXTENSION_PROMPT_WARNING_NETWORKING_PRIVATE,
201 PermissionMessage::kNetworkingPrivate },
202 { APIPermission::kMediaPlayerPrivate, "mediaPlayerPrivate",
203 APIPermissionInfo::kFlagCannotBeOptional },
204 { APIPermission::kMetricsPrivate, "metricsPrivate",
205 APIPermissionInfo::kFlagCannotBeOptional },
206 { APIPermission::kMDns, "mdns", APIPermissionInfo::kFlagCannotBeOptional },
207 { APIPermission::kMusicManagerPrivate, "musicManagerPrivate",
208 APIPermissionInfo::kFlagCannotBeOptional,
209 IDS_EXTENSION_PROMPT_WARNING_MUSIC_MANAGER_PRIVATE,
210 PermissionMessage::kMusicManagerPrivate },
211 { APIPermission::kPreferencesPrivate, "preferencesPrivate",
212 APIPermissionInfo::kFlagCannotBeOptional },
213 { APIPermission::kSystemPrivate, "systemPrivate",
214 APIPermissionInfo::kFlagCannotBeOptional },
215 { APIPermission::kCloudPrintPrivate, "cloudPrintPrivate",
216 APIPermissionInfo::kFlagCannotBeOptional },
217 { APIPermission::kInputMethodPrivate, "inputMethodPrivate",
218 APIPermissionInfo::kFlagCannotBeOptional },
219 { APIPermission::kEchoPrivate, "echoPrivate",
220 APIPermissionInfo::kFlagCannotBeOptional },
221 { APIPermission::kFeedbackPrivate, "feedbackPrivate",
222 APIPermissionInfo::kFlagCannotBeOptional },
223 { APIPermission::kImageWriterPrivate, "imageWriterPrivate",
224 APIPermissionInfo::kFlagCannotBeOptional },
225 { APIPermission::kRtcPrivate, "rtcPrivate",
226 APIPermissionInfo::kFlagCannotBeOptional },
227 { APIPermission::kTerminalPrivate, "terminalPrivate",
228 APIPermissionInfo::kFlagCannotBeOptional },
229 { APIPermission::kVirtualKeyboardPrivate, "virtualKeyboardPrivate",
230 APIPermissionInfo::kFlagCannotBeOptional },
231 { APIPermission::kWallpaperPrivate, "wallpaperPrivate",
232 APIPermissionInfo::kFlagCannotBeOptional },
233 { APIPermission::kWebRequestInternal, "webRequestInternal" },
234 { APIPermission::kWebstorePrivate, "webstorePrivate",
235 APIPermissionInfo::kFlagCannotBeOptional },
236 { APIPermission::kMediaGalleriesPrivate, "mediaGalleriesPrivate",
237 APIPermissionInfo::kFlagCannotBeOptional },
238 { APIPermission::kStreamsPrivate, "streamsPrivate",
239 APIPermissionInfo::kFlagCannotBeOptional },
240 { APIPermission::kEnterprisePlatformKeysPrivate,
241 "enterprise.platformKeysPrivate",
242 APIPermissionInfo::kFlagCannotBeOptional },
243 { APIPermission::kWebrtcAudioPrivate, "webrtcAudioPrivate",
244 APIPermissionInfo::kFlagCannotBeOptional },
245 { APIPermission::kWebrtcLoggingPrivate, "webrtcLoggingPrivate",
246 APIPermissionInfo::kFlagCannotBeOptional },
247 { APIPermission::kPrincipalsPrivate, "principalsPrivate",
248 APIPermissionInfo::kFlagCannotBeOptional },
249 { APIPermission::kFirstRunPrivate, "firstRunPrivate",
250 APIPermissionInfo::kFlagCannotBeOptional},
251
252 // Full url access permissions.
253 { APIPermission::kDebugger, "debugger",
254 APIPermissionInfo::kFlagImpliesFullURLAccess |
255 APIPermissionInfo::kFlagCannotBeOptional,
256 IDS_EXTENSION_PROMPT_WARNING_DEBUGGER,
257 PermissionMessage::kDebugger },
258 { APIPermission::kDevtools, "devtools",
259 APIPermissionInfo::kFlagImpliesFullURLAccess |
260 APIPermissionInfo::kFlagCannotBeOptional |
261 APIPermissionInfo::kFlagInternal },
262 { APIPermission::kPageCapture, "pageCapture",
263 APIPermissionInfo::kFlagImpliesFullURLAccess },
264 { APIPermission::kTabCapture, "tabCapture",
265 APIPermissionInfo::kFlagImpliesFullURLAccess },
266 { APIPermission::kTabCaptureForTab, "tabCaptureForTab",
267 APIPermissionInfo::kFlagInternal },
268 { APIPermission::kPlugin, "plugin",
269 APIPermissionInfo::kFlagImpliesFullURLAccess |
270 APIPermissionInfo::kFlagImpliesFullAccess |
271 APIPermissionInfo::kFlagCannotBeOptional |
272 APIPermissionInfo::kFlagInternal,
273 IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS,
274 PermissionMessage::kFullAccess },
275 { APIPermission::kProxy, "proxy",
276 APIPermissionInfo::kFlagImpliesFullURLAccess |
277 APIPermissionInfo::kFlagCannotBeOptional },
278
279 // Platform-app permissions.
280 { APIPermission::kSerial, "serial", APIPermissionInfo::kFlagNone,
281 IDS_EXTENSION_PROMPT_WARNING_SERIAL,
282 PermissionMessage::kSerial },
283 // Because warning messages for the "socket" permission vary based on the
284 // permissions parameters, no message ID or message text is specified here.
285 // The message ID and text used will be determined at run-time in the
286 // |SocketPermission| class.
287 { APIPermission::kSocket, "socket",
288 APIPermissionInfo::kFlagCannotBeOptional, 0,
289 PermissionMessage::kNone, &CreateAPIPermission<SocketPermission> },
290 { APIPermission::kAppCurrentWindowInternal, "app.currentWindowInternal" },
291 { APIPermission::kAppRuntime, "app.runtime" },
292 { APIPermission::kAppWindow, "app.window" },
293 { APIPermission::kAlwaysOnTopWindows, "alwaysOnTopWindows" },
294 { APIPermission::kAudioCapture, "audioCapture",
295 APIPermissionInfo::kFlagNone,
296 IDS_EXTENSION_PROMPT_WARNING_AUDIO_CAPTURE,
297 PermissionMessage::kAudioCapture },
298 { APIPermission::kVideoCapture, "videoCapture",
299 APIPermissionInfo::kFlagNone,
300 IDS_EXTENSION_PROMPT_WARNING_VIDEO_CAPTURE,
301 PermissionMessage::kVideoCapture },
302 // The permission string for "fileSystem" is only shown when "write" or
303 // "directory" is present. Read-only access is only granted after the user
304 // has been shown a file or directory chooser dialog and selected a file or
305 // directory . Selecting the file or directory is considered consent to
306 // read it.
307 { APIPermission::kFileSystem, "fileSystem" },
308 { APIPermission::kFileSystemDirectory, "fileSystem.directory",
309 APIPermissionInfo::kFlagNone,
310 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_DIRECTORY,
311 PermissionMessage::kFileSystemDirectory },
312 { APIPermission::kFileSystemProvider, "fileSystemProvider" },
313 { APIPermission::kFileSystemRetainEntries, "fileSystem.retainEntries" },
314 { APIPermission::kFileSystemWrite, "fileSystem.write",
315 APIPermissionInfo::kFlagNone,
316 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE,
317 PermissionMessage::kFileSystemWrite },
318 { APIPermission::kFileSystemWriteDirectory, "fileSystem.writeDirectory",
319 APIPermissionInfo::kFlagNone,
320 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY,
321 PermissionMessage::kFileSystemWriteDirectory },
322 // Because warning messages for the "mediaGalleries" permission vary based
323 // on the permissions parameters, no message ID or message text is
324 // specified here.
325 // The message ID and text used will be determined at run-time in the
326 // |MediaGalleriesPermission| class.
327 { APIPermission::kMediaGalleries, "mediaGalleries",
328 APIPermissionInfo::kFlagNone, 0,
329 PermissionMessage::kNone,
330 &CreateAPIPermission<MediaGalleriesPermission> },
331 { APIPermission::kPushMessaging, "pushMessaging",
332 APIPermissionInfo::kFlagCannotBeOptional },
333 // Because warning messages for the "bluetooth" permission vary based on
334 // the permissions parameters, no message ID or message text is specified
335 // here. The message ID and text used will be determined at run-time in the
336 // |BluetoothPermission| class.
337 { APIPermission::kBluetooth, "bluetooth", APIPermissionInfo::kFlagNone,
338 0, PermissionMessage::kNone,
339 &CreateAPIPermission<BluetoothPermission> },
340 { APIPermission::kUsb, "usb", APIPermissionInfo::kFlagNone,
341 IDS_EXTENSION_PROMPT_WARNING_USB,
342 PermissionMessage::kUsb },
343 { APIPermission::kUsbDevice, "usbDevices",
344 APIPermissionInfo::kFlagNone, 0, PermissionMessage::kNone,
345 &CreateAPIPermission<UsbDevicePermission> },
346 { APIPermission::kSystemIndicator, "systemIndicator",
347 APIPermissionInfo::kFlagNone,
348 IDS_EXTENSION_PROMPT_WARNING_SYSTEM_INDICATOR,
349 PermissionMessage::kSystemIndicator },
350 { APIPermission::kSystemCpu, "system.cpu" },
351 { APIPermission::kSystemMemory, "system.memory" },
352 { APIPermission::kSystemNetwork, "system.network" },
353 { APIPermission::kSystemDisplay, "system.display" },
354 { APIPermission::kSystemStorage, "system.storage" },
355 { APIPermission::kPointerLock, "pointerLock" },
356 { APIPermission::kFullscreen, "fullscreen" },
357 { APIPermission::kAudio, "audio" },
358 { APIPermission::kCastStreaming, "cast.streaming" },
359 { APIPermission::kOverrideEscFullscreen, "overrideEscFullscreen" },
360
361 // Settings override permissions.
362 { APIPermission::kHomepage, "homepage",
363 APIPermissionInfo::kFlagCannotBeOptional |
364 APIPermissionInfo::kFlagInternal,
365 IDS_EXTENSION_PROMPT_WARNING_HOME_PAGE_SETTING_OVERRIDE,
366 PermissionMessage::kHomepage },
367 { APIPermission::kSearchProvider, "searchProvider",
368 APIPermissionInfo::kFlagCannotBeOptional |
369 APIPermissionInfo::kFlagInternal,
370 IDS_EXTENSION_PROMPT_WARNING_SEARCH_SETTINGS_OVERRIDE,
371 PermissionMessage::kSearchProvider },
372 { APIPermission::kStartupPages, "startupPages",
373 APIPermissionInfo::kFlagCannotBeOptional |
374 APIPermissionInfo::kFlagInternal,
375 IDS_EXTENSION_PROMPT_WARNING_START_PAGE_SETTING_OVERRIDE,
376 PermissionMessage::kStartupPages },
377 };
378
379 std::vector<APIPermissionInfo*> permissions;
380
381 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(PermissionsToRegister); ++i) {
382 const PermissionRegistration& pr = PermissionsToRegister[i];
383 permissions.push_back(new APIPermissionInfo(
384 pr.id, pr.name, pr.l10n_message_id,
385 pr.message_id ? pr.message_id : PermissionMessage::kNone,
386 pr.flags,
387 pr.constructor));
388 }
389 return permissions;
390 }
391
392 std::vector<PermissionsProvider::AliasInfo>
GetAllAliases() const393 ChromeAPIPermissions::GetAllAliases() const {
394 // Register aliases.
395 std::vector<PermissionsProvider::AliasInfo> aliases;
396 aliases.push_back(PermissionsProvider::AliasInfo(
397 "unlimitedStorage", kOldUnlimitedStoragePermission));
398 aliases.push_back(PermissionsProvider::AliasInfo(
399 "tabs", kWindowsPermission));
400 return aliases;
401 }
402
403 } // namespace extensions
404