1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_ 6 #define EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_ 7 8 #include <map> 9 #include <set> 10 #include <string> 11 12 #include "base/callback.h" 13 #include "base/memory/scoped_ptr.h" 14 #include "base/pickle.h" 15 #include "base/values.h" 16 #include "extensions/common/permissions/permission_message.h" 17 18 namespace IPC { 19 class Message; 20 } 21 22 namespace extensions { 23 24 class APIPermissionInfo; 25 class ChromeAPIPermissions; 26 27 // APIPermission is for handling some complex permissions. Please refer to 28 // extensions::SocketPermission as an example. 29 // There is one instance per permission per loaded extension. 30 class APIPermission { 31 public: 32 enum ID { 33 // Error codes. 34 kInvalid = -2, 35 kUnknown = -1, 36 37 // Real permissions. 38 kAccessibilityFeaturesModify, 39 kAccessibilityFeaturesRead, 40 kAccessibilityPrivate, 41 kActiveTab, 42 kActivityLogPrivate, 43 kAlarms, 44 kAlwaysOnTopWindows, 45 kAudio, 46 kAudioCapture, 47 kAutomation, 48 kAutoTestPrivate, 49 kBackground, 50 kBluetoothPrivate, 51 kBookmark, 52 kBookmarkManagerPrivate, 53 kBrailleDisplayPrivate, 54 kBrowsingData, 55 kCast, 56 kCastStreaming, 57 kChromeosInfoPrivate, 58 kClipboardRead, 59 kClipboardWrite, 60 kCloudPrintPrivate, 61 kCommandLinePrivate, 62 kContentSettings, 63 kContextMenus, 64 kCookie, 65 kDiagnostics, 66 kDial, 67 kDebugger, 68 kDeclarative, 69 kDeclarativeContent, 70 kDeclarativeWebRequest, 71 kDesktopCapture, 72 kDeveloperPrivate, 73 kDevtools, 74 kDns, 75 kDownloads, 76 kDownloadsInternal, 77 kDownloadsOpen, 78 kDownloadsShelf, 79 kEchoPrivate, 80 kEnterprisePlatformKeys, 81 kEnterprisePlatformKeysPrivate, 82 kExperimental, 83 kFeedbackPrivate, 84 kFileBrowserHandler, 85 kFileBrowserHandlerInternal, 86 kFileBrowserPrivate, 87 kFileSystem, 88 kFileSystemDirectory, 89 kFileSystemProvider, 90 kFileSystemRetainEntries, 91 kFileSystemWrite, 92 kFileSystemWriteDirectory, 93 kFontSettings, 94 kFullscreen, 95 kGcdPrivate, 96 kGcm, 97 kGeolocation, 98 kHid, 99 kHistory, 100 kHomepage, 101 kHotwordPrivate, 102 kIdentity, 103 kIdentityEmail, 104 kIdentityPrivate, 105 kIdltest, 106 kIdle, 107 kInfobars, 108 kInput, 109 kInputMethodPrivate, 110 kLedger, 111 kLocation, 112 kLogPrivate, 113 kManagement, 114 kMediaGalleries, 115 kMediaGalleriesPrivate, 116 kMediaPlayerPrivate, 117 kMetricsPrivate, 118 kMDns, 119 kMusicManagerPrivate, 120 kNativeMessaging, 121 kNetworkingPrivate, 122 kNotification, 123 kOverrideEscFullscreen, 124 kPageCapture, 125 kPointerLock, 126 kPlugin, 127 kPower, 128 kPreferencesPrivate, 129 kPrincipalsPrivate, 130 kPrivacy, 131 kProcesses, 132 kProxy, 133 kPushMessaging, 134 kImageWriterPrivate, 135 kReadingListPrivate, 136 kRtcPrivate, 137 kSearchProvider, 138 kSerial, 139 kSessions, 140 kSignedInDevices, 141 kSocket, 142 kStartupPages, 143 kStorage, 144 kStreamsPrivate, 145 kSyncFileSystem, 146 kSyncedNotificationsPrivate, 147 kSystemPrivate, 148 kSystemDisplay, 149 kSystemStorage, 150 kTab, 151 kTabCapture, 152 kTabCaptureForTab, 153 kTerminalPrivate, 154 kTopSites, 155 kTts, 156 kTtsEngine, 157 kUnlimitedStorage, 158 kUsb, 159 kUsbDevice, 160 kVideoCapture, 161 kVirtualKeyboardPrivate, 162 kWallpaper, 163 kWallpaperPrivate, 164 kWebcamPrivate, 165 kWebConnectable, // for externally_connectable manifest key 166 kWebNavigation, 167 kWebRequest, 168 kWebRequestBlocking, 169 kWebrtcAudioPrivate, 170 kWebrtcLoggingPrivate, 171 kWebstorePrivate, 172 kWebView, 173 kWindowShape, 174 kScreenlockPrivate, 175 kSystemCpu, 176 kSystemMemory, 177 kSystemNetwork, 178 kSystemInfoCpu, 179 kSystemInfoMemory, 180 kFirstRunPrivate, 181 kBrowser, 182 kEnumBoundary 183 }; 184 185 struct CheckParam { 186 }; 187 188 explicit APIPermission(const APIPermissionInfo* info); 189 190 virtual ~APIPermission(); 191 192 // Returns the id of this permission. 193 ID id() const; 194 195 // Returns the name of this permission. 196 const char* name() const; 197 198 // Returns the APIPermission of this permission. info()199 const APIPermissionInfo* info() const { 200 return info_; 201 } 202 203 // Returns true if this permission has any PermissionMessages. 204 virtual bool HasMessages() const = 0; 205 206 // Returns the localized permission messages of this permission. 207 virtual PermissionMessages GetMessages() const = 0; 208 209 // Returns true if the given permission is allowed. 210 virtual bool Check(const CheckParam* param) const = 0; 211 212 // Returns true if |rhs| is a subset of this. 213 virtual bool Contains(const APIPermission* rhs) const = 0; 214 215 // Returns true if |rhs| is equal to this. 216 virtual bool Equal(const APIPermission* rhs) const = 0; 217 218 // Parses the APIPermission from |value|. Returns false if an error happens 219 // and optionally set |error| if |error| is not NULL. If |value| represents 220 // multiple permissions, some are invalid, and |unhandled_permissions| is 221 // not NULL, the invalid ones are put into |unhandled_permissions| and the 222 // function returns true. 223 virtual bool FromValue(const base::Value* value, 224 std::string* error, 225 std::vector<std::string>* unhandled_permissions) = 0; 226 227 // Stores this into a new created |value|. 228 virtual scoped_ptr<base::Value> ToValue() const = 0; 229 230 // Clones this. 231 virtual APIPermission* Clone() const = 0; 232 233 // Returns a new API permission which equals this - |rhs|. 234 virtual APIPermission* Diff(const APIPermission* rhs) const = 0; 235 236 // Returns a new API permission which equals the union of this and |rhs|. 237 virtual APIPermission* Union(const APIPermission* rhs) const = 0; 238 239 // Returns a new API permission which equals the intersect of this and |rhs|. 240 virtual APIPermission* Intersect(const APIPermission* rhs) const = 0; 241 242 // IPC functions 243 // Writes this into the given IPC message |m|. 244 virtual void Write(IPC::Message* m) const = 0; 245 246 // Reads from the given IPC message |m|. 247 virtual bool Read(const IPC::Message* m, PickleIterator* iter) = 0; 248 249 // Logs this permission. 250 virtual void Log(std::string* log) const = 0; 251 252 protected: 253 // Returns the localized permission message associated with this api. 254 // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows. 255 PermissionMessage GetMessage_() const; 256 257 private: 258 const APIPermissionInfo* const info_; 259 }; 260 261 262 // The APIPermissionInfo is an immutable class that describes a single 263 // named permission (API permission). 264 // There is one instance per permission. 265 class APIPermissionInfo { 266 public: 267 enum Flag { 268 kFlagNone = 0, 269 270 // Indicates if the permission implies full access (native code). 271 kFlagImpliesFullAccess = 1 << 0, 272 273 // Indicates if the permission implies full URL access. 274 kFlagImpliesFullURLAccess = 1 << 1, 275 276 // Indicates that extensions cannot specify the permission as optional. 277 kFlagCannotBeOptional = 1 << 3, 278 279 // Indicates that the permission is internal to the extensions 280 // system and cannot be specified in the "permissions" list. 281 kFlagInternal = 1 << 4, 282 }; 283 284 typedef APIPermission* (*APIPermissionConstructor)(const APIPermissionInfo*); 285 286 typedef std::set<APIPermission::ID> IDSet; 287 288 ~APIPermissionInfo(); 289 290 // Creates a APIPermission instance. 291 APIPermission* CreateAPIPermission() const; 292 flags()293 int flags() const { return flags_; } 294 id()295 APIPermission::ID id() const { return id_; } 296 297 // Returns the message id associated with this permission. message_id()298 PermissionMessage::ID message_id() const { 299 return message_id_; 300 } 301 302 // Returns the name of this permission. name()303 const char* name() const { return name_; } 304 305 // Returns true if this permission implies full access (e.g., native code). implies_full_access()306 bool implies_full_access() const { 307 return (flags_ & kFlagImpliesFullAccess) != 0; 308 } 309 310 // Returns true if this permission implies full URL access. implies_full_url_access()311 bool implies_full_url_access() const { 312 return (flags_ & kFlagImpliesFullURLAccess) != 0; 313 } 314 315 // Returns true if this permission can be added and removed via the 316 // optional permissions extension API. supports_optional()317 bool supports_optional() const { 318 return (flags_ & kFlagCannotBeOptional) == 0; 319 } 320 321 // Returns true if this permission is internal rather than a 322 // "permissions" list entry. is_internal()323 bool is_internal() const { 324 return (flags_ & kFlagInternal) != 0; 325 } 326 327 private: 328 // Instances should only be constructed from within a PermissionsProvider. 329 friend class ChromeAPIPermissions; 330 friend class ExtensionsAPIPermissions; 331 // Implementations of APIPermission will want to get the permission message, 332 // but this class's implementation should be hidden from everyone else. 333 friend class APIPermission; 334 335 // This exists to allow aggregate initialization, so that default values 336 // for flags, etc. can be omitted. 337 // TODO(yoz): Simplify the way initialization is done. APIPermissionInfo 338 // should be the simple data struct. 339 struct InitInfo { 340 APIPermission::ID id; 341 const char* name; 342 int flags; 343 int l10n_message_id; 344 PermissionMessage::ID message_id; 345 APIPermissionInfo::APIPermissionConstructor constructor; 346 }; 347 348 explicit APIPermissionInfo(const InitInfo& info); 349 350 // Returns the localized permission message associated with this api. 351 // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows. 352 PermissionMessage GetMessage_() const; 353 354 const APIPermission::ID id_; 355 const char* const name_; 356 const int flags_; 357 const int l10n_message_id_; 358 const PermissionMessage::ID message_id_; 359 const APIPermissionConstructor api_permission_constructor_; 360 }; 361 362 } // namespace extensions 363 364 #endif // EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_ 365