• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
6 #define EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
7 
8 #include <map>
9 #include <set>
10 #include <string>
11 
12 #include "base/callback.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/pickle.h"
15 #include "base/values.h"
16 #include "extensions/common/permissions/permission_message.h"
17 
18 namespace IPC {
19 class Message;
20 }
21 
22 namespace extensions {
23 
24 class APIPermissionInfo;
25 class ChromeAPIPermissions;
26 
27 // APIPermission is for handling some complex permissions. Please refer to
28 // extensions::SocketPermission as an example.
29 // There is one instance per permission per loaded extension.
30 class APIPermission {
31  public:
32   enum ID {
33     // Error codes.
34     kInvalid = -2,
35     kUnknown = -1,
36 
37     // Real permissions.
38     kAccessibilityFeaturesModify,
39     kAccessibilityFeaturesRead,
40     kAccessibilityPrivate,
41     kActiveTab,
42     kActivityLogPrivate,
43     kAlarms,
44     kAlwaysOnTopWindows,
45     kAudio,
46     kAudioCapture,
47     kAutomation,
48     kAutoTestPrivate,
49     kBackground,
50     kBluetoothPrivate,
51     kBookmark,
52     kBookmarkManagerPrivate,
53     kBrailleDisplayPrivate,
54     kBrowsingData,
55     kCast,
56     kCastStreaming,
57     kChromeosInfoPrivate,
58     kClipboardRead,
59     kClipboardWrite,
60     kCloudPrintPrivate,
61     kCommandLinePrivate,
62     kContentSettings,
63     kContextMenus,
64     kCookie,
65     kDiagnostics,
66     kDial,
67     kDebugger,
68     kDeclarative,
69     kDeclarativeContent,
70     kDeclarativeWebRequest,
71     kDesktopCapture,
72     kDeveloperPrivate,
73     kDevtools,
74     kDns,
75     kDownloads,
76     kDownloadsInternal,
77     kDownloadsOpen,
78     kDownloadsShelf,
79     kEchoPrivate,
80     kEnterprisePlatformKeys,
81     kEnterprisePlatformKeysPrivate,
82     kExperimental,
83     kFeedbackPrivate,
84     kFileBrowserHandler,
85     kFileBrowserHandlerInternal,
86     kFileBrowserPrivate,
87     kFileSystem,
88     kFileSystemDirectory,
89     kFileSystemProvider,
90     kFileSystemRetainEntries,
91     kFileSystemWrite,
92     kFileSystemWriteDirectory,
93     kFontSettings,
94     kFullscreen,
95     kGcdPrivate,
96     kGcm,
97     kGeolocation,
98     kHid,
99     kHistory,
100     kHomepage,
101     kHotwordPrivate,
102     kIdentity,
103     kIdentityEmail,
104     kIdentityPrivate,
105     kIdltest,
106     kIdle,
107     kInfobars,
108     kInput,
109     kInputMethodPrivate,
110     kLedger,
111     kLocation,
112     kLogPrivate,
113     kManagement,
114     kMediaGalleries,
115     kMediaGalleriesPrivate,
116     kMediaPlayerPrivate,
117     kMetricsPrivate,
118     kMDns,
119     kMusicManagerPrivate,
120     kNativeMessaging,
121     kNetworkingPrivate,
122     kNotification,
123     kOverrideEscFullscreen,
124     kPageCapture,
125     kPointerLock,
126     kPlugin,
127     kPower,
128     kPreferencesPrivate,
129     kPrincipalsPrivate,
130     kPrivacy,
131     kProcesses,
132     kProxy,
133     kPushMessaging,
134     kImageWriterPrivate,
135     kReadingListPrivate,
136     kRtcPrivate,
137     kSearchProvider,
138     kSerial,
139     kSessions,
140     kSignedInDevices,
141     kSocket,
142     kStartupPages,
143     kStorage,
144     kStreamsPrivate,
145     kSyncFileSystem,
146     kSyncedNotificationsPrivate,
147     kSystemPrivate,
148     kSystemDisplay,
149     kSystemStorage,
150     kTab,
151     kTabCapture,
152     kTabCaptureForTab,
153     kTerminalPrivate,
154     kTopSites,
155     kTts,
156     kTtsEngine,
157     kUnlimitedStorage,
158     kUsb,
159     kUsbDevice,
160     kVideoCapture,
161     kVirtualKeyboardPrivate,
162     kWallpaper,
163     kWallpaperPrivate,
164     kWebcamPrivate,
165     kWebConnectable,  // for externally_connectable manifest key
166     kWebNavigation,
167     kWebRequest,
168     kWebRequestBlocking,
169     kWebrtcAudioPrivate,
170     kWebrtcLoggingPrivate,
171     kWebstorePrivate,
172     kWebView,
173     kWindowShape,
174     kScreenlockPrivate,
175     kSystemCpu,
176     kSystemMemory,
177     kSystemNetwork,
178     kSystemInfoCpu,
179     kSystemInfoMemory,
180     kFirstRunPrivate,
181     kBrowser,
182     kEnumBoundary
183   };
184 
185   struct CheckParam {
186   };
187 
188   explicit APIPermission(const APIPermissionInfo* info);
189 
190   virtual ~APIPermission();
191 
192   // Returns the id of this permission.
193   ID id() const;
194 
195   // Returns the name of this permission.
196   const char* name() const;
197 
198   // Returns the APIPermission of this permission.
info()199   const APIPermissionInfo* info() const {
200     return info_;
201   }
202 
203   // Returns true if this permission has any PermissionMessages.
204   virtual bool HasMessages() const = 0;
205 
206   // Returns the localized permission messages of this permission.
207   virtual PermissionMessages GetMessages() const = 0;
208 
209   // Returns true if the given permission is allowed.
210   virtual bool Check(const CheckParam* param) const = 0;
211 
212   // Returns true if |rhs| is a subset of this.
213   virtual bool Contains(const APIPermission* rhs) const = 0;
214 
215   // Returns true if |rhs| is equal to this.
216   virtual bool Equal(const APIPermission* rhs) const = 0;
217 
218   // Parses the APIPermission from |value|. Returns false if an error happens
219   // and optionally set |error| if |error| is not NULL. If |value| represents
220   // multiple permissions, some are invalid, and |unhandled_permissions| is
221   // not NULL, the invalid ones are put into |unhandled_permissions| and the
222   // function returns true.
223   virtual bool FromValue(const base::Value* value,
224                          std::string* error,
225                          std::vector<std::string>* unhandled_permissions) = 0;
226 
227   // Stores this into a new created |value|.
228   virtual scoped_ptr<base::Value> ToValue() const = 0;
229 
230   // Clones this.
231   virtual APIPermission* Clone() const = 0;
232 
233   // Returns a new API permission which equals this - |rhs|.
234   virtual APIPermission* Diff(const APIPermission* rhs) const = 0;
235 
236   // Returns a new API permission which equals the union of this and |rhs|.
237   virtual APIPermission* Union(const APIPermission* rhs) const = 0;
238 
239   // Returns a new API permission which equals the intersect of this and |rhs|.
240   virtual APIPermission* Intersect(const APIPermission* rhs) const = 0;
241 
242   // IPC functions
243   // Writes this into the given IPC message |m|.
244   virtual void Write(IPC::Message* m) const = 0;
245 
246   // Reads from the given IPC message |m|.
247   virtual bool Read(const IPC::Message* m, PickleIterator* iter) = 0;
248 
249   // Logs this permission.
250   virtual void Log(std::string* log) const = 0;
251 
252  protected:
253   // Returns the localized permission message associated with this api.
254   // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows.
255   PermissionMessage GetMessage_() const;
256 
257  private:
258   const APIPermissionInfo* const info_;
259 };
260 
261 
262 // The APIPermissionInfo is an immutable class that describes a single
263 // named permission (API permission).
264 // There is one instance per permission.
265 class APIPermissionInfo {
266  public:
267   enum Flag {
268     kFlagNone = 0,
269 
270     // Indicates if the permission implies full access (native code).
271     kFlagImpliesFullAccess = 1 << 0,
272 
273     // Indicates if the permission implies full URL access.
274     kFlagImpliesFullURLAccess = 1 << 1,
275 
276     // Indicates that extensions cannot specify the permission as optional.
277     kFlagCannotBeOptional = 1 << 3,
278 
279     // Indicates that the permission is internal to the extensions
280     // system and cannot be specified in the "permissions" list.
281     kFlagInternal = 1 << 4,
282   };
283 
284   typedef APIPermission* (*APIPermissionConstructor)(const APIPermissionInfo*);
285 
286   typedef std::set<APIPermission::ID> IDSet;
287 
288   ~APIPermissionInfo();
289 
290   // Creates a APIPermission instance.
291   APIPermission* CreateAPIPermission() const;
292 
flags()293   int flags() const { return flags_; }
294 
id()295   APIPermission::ID id() const { return id_; }
296 
297   // Returns the message id associated with this permission.
message_id()298   PermissionMessage::ID message_id() const {
299     return message_id_;
300   }
301 
302   // Returns the name of this permission.
name()303   const char* name() const { return name_; }
304 
305   // Returns true if this permission implies full access (e.g., native code).
implies_full_access()306   bool implies_full_access() const {
307     return (flags_ & kFlagImpliesFullAccess) != 0;
308   }
309 
310   // Returns true if this permission implies full URL access.
implies_full_url_access()311   bool implies_full_url_access() const {
312     return (flags_ & kFlagImpliesFullURLAccess) != 0;
313   }
314 
315   // Returns true if this permission can be added and removed via the
316   // optional permissions extension API.
supports_optional()317   bool supports_optional() const {
318     return (flags_ & kFlagCannotBeOptional) == 0;
319   }
320 
321   // Returns true if this permission is internal rather than a
322   // "permissions" list entry.
is_internal()323   bool is_internal() const {
324     return (flags_ & kFlagInternal) != 0;
325   }
326 
327  private:
328   // Instances should only be constructed from within a PermissionsProvider.
329   friend class ChromeAPIPermissions;
330   friend class ExtensionsAPIPermissions;
331   // Implementations of APIPermission will want to get the permission message,
332   // but this class's implementation should be hidden from everyone else.
333   friend class APIPermission;
334 
335   // This exists to allow aggregate initialization, so that default values
336   // for flags, etc. can be omitted.
337   // TODO(yoz): Simplify the way initialization is done. APIPermissionInfo
338   // should be the simple data struct.
339   struct InitInfo {
340     APIPermission::ID id;
341     const char* name;
342     int flags;
343     int l10n_message_id;
344     PermissionMessage::ID message_id;
345     APIPermissionInfo::APIPermissionConstructor constructor;
346   };
347 
348   explicit APIPermissionInfo(const InitInfo& info);
349 
350   // Returns the localized permission message associated with this api.
351   // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows.
352   PermissionMessage GetMessage_() const;
353 
354   const APIPermission::ID id_;
355   const char* const name_;
356   const int flags_;
357   const int l10n_message_id_;
358   const PermissionMessage::ID message_id_;
359   const APIPermissionConstructor api_permission_constructor_;
360 };
361 
362 }  // namespace extensions
363 
364 #endif  // EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
365