1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_ 6 #define EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_ 7 8 #include <map> 9 #include <set> 10 #include <string> 11 12 #include "base/callback.h" 13 #include "base/memory/scoped_ptr.h" 14 #include "base/pickle.h" 15 #include "base/values.h" 16 #include "extensions/common/permissions/permission_message.h" 17 18 namespace IPC { 19 class Message; 20 } 21 22 namespace extensions { 23 24 class APIPermissionInfo; 25 class ChromeAPIPermissions; 26 27 // APIPermission is for handling some complex permissions. Please refer to 28 // extensions::SocketPermission as an example. 29 // There is one instance per permission per loaded extension. 30 class APIPermission { 31 public: 32 enum ID { 33 // Error codes. 34 kInvalid = -2, 35 kUnknown = -1, 36 37 // Real permissions. 38 kAccessibilityFeaturesModify, 39 kAccessibilityFeaturesRead, 40 kAccessibilityPrivate, 41 kActiveTab, 42 kActivityLogPrivate, 43 kAlarms, 44 kAlphaEnabled, 45 kAlwaysOnTopWindows, 46 kAppView, 47 kAudio, 48 kAudioCapture, 49 kAutomation, 50 kAutoTestPrivate, 51 kBackground, 52 kBluetoothPrivate, 53 kBookmark, 54 kBookmarkManagerPrivate, 55 kBrailleDisplayPrivate, 56 kBrowsingData, 57 kCast, 58 kCastStreaming, 59 kChromeosInfoPrivate, 60 kClipboardRead, 61 kClipboardWrite, 62 kCloudPrintPrivate, 63 kCommandLinePrivate, 64 kCommandsAccessibility, 65 kContentSettings, 66 kContextMenus, 67 kCookie, 68 kCopresence, 69 kCopresencePrivate, 70 kDiagnostics, 71 kDial, 72 kDebugger, 73 kDeclarative, 74 kDeclarativeContent, 75 kDeclarativeWebRequest, 76 kDesktopCapture, 77 kDeveloperPrivate, 78 kDevtools, 79 kDns, 80 kDownloads, 81 kDownloadsInternal, 82 kDownloadsOpen, 83 kDownloadsShelf, 84 kEasyUnlockPrivate, 85 kEchoPrivate, 86 kEmbeddedExtensionOptions, 87 kEnterprisePlatformKeys, 88 kEnterprisePlatformKeysPrivate, 89 kExperienceSamplingPrivate, 90 kExperimental, 91 kExternallyConnectableAllUrls, 92 kFeedbackPrivate, 93 kFileBrowserHandler, 94 kFileBrowserHandlerInternal, 95 kFileManagerPrivate, 96 kFileSystem, 97 kFileSystemDirectory, 98 kFileSystemProvider, 99 kFileSystemRetainEntries, 100 kFileSystemWrite, 101 kFileSystemWriteDirectory, 102 kFontSettings, 103 kFullscreen, 104 kGcdPrivate, 105 kGcm, 106 kGeolocation, 107 kHid, 108 kHistory, 109 kHomepage, 110 kHotwordPrivate, 111 kIdentity, 112 kIdentityEmail, 113 kIdentityPrivate, 114 kIdltest, 115 kIdle, 116 kInfobars, 117 kInput, 118 kInputMethodPrivate, 119 kLocation, 120 kLogPrivate, 121 kManagement, 122 kMediaGalleries, 123 kMediaGalleriesPrivate, 124 kMediaPlayerPrivate, 125 kMetricsPrivate, 126 kMDns, 127 kMusicManagerPrivate, 128 kNativeMessaging, 129 kNetworkingPrivate, 130 kNotificationProvider, 131 kNotifications, 132 kOverrideEscFullscreen, 133 kPageCapture, 134 kPointerLock, 135 kPlugin, 136 kPower, 137 kPreferencesPrivate, 138 kPrincipalsPrivate, 139 kPrivacy, 140 kProcesses, 141 kProxy, 142 kPushMessaging, 143 kImageWriterPrivate, 144 kReadingListPrivate, 145 kRtcPrivate, 146 kSearchProvider, 147 kSerial, 148 kSessions, 149 kSignedInDevices, 150 kSocket, 151 kStartupPages, 152 kStorage, 153 kStreamsPrivate, 154 kSyncFileSystem, 155 kSyncedNotificationsPrivate, 156 kSystemPrivate, 157 kSystemDisplay, 158 kSystemStorage, 159 kTab, 160 kTabCapture, 161 kTabCaptureForTab, 162 kTerminalPrivate, 163 kTopSites, 164 kTts, 165 kTtsEngine, 166 kUnlimitedStorage, 167 kU2fDevices, 168 kUsb, 169 kUsbDevice, 170 kVideoCapture, 171 kVirtualKeyboardPrivate, 172 kWallpaper, 173 kWallpaperPrivate, 174 kWebcamPrivate, 175 kWebConnectable, // for externally_connectable manifest key 176 kWebNavigation, 177 kWebRequest, 178 kWebRequestBlocking, 179 kWebrtcAudioPrivate, 180 kWebrtcLoggingPrivate, 181 kWebstorePrivate, 182 kWebView, 183 kWindowShape, 184 kScreenlockPrivate, 185 kSystemCpu, 186 kSystemMemory, 187 kSystemNetwork, 188 kSystemInfoCpu, 189 kSystemInfoMemory, 190 kFirstRunPrivate, 191 kBrowser, 192 kEnumBoundary 193 }; 194 195 struct CheckParam { 196 }; 197 198 explicit APIPermission(const APIPermissionInfo* info); 199 200 virtual ~APIPermission(); 201 202 // Returns the id of this permission. 203 ID id() const; 204 205 // Returns the name of this permission. 206 const char* name() const; 207 208 // Returns the APIPermission of this permission. info()209 const APIPermissionInfo* info() const { 210 return info_; 211 } 212 213 // Returns true if this permission has any PermissionMessages. 214 virtual bool HasMessages() const = 0; 215 216 // Returns the localized permission messages of this permission. 217 virtual PermissionMessages GetMessages() const = 0; 218 219 // Returns true if the given permission is allowed. 220 virtual bool Check(const CheckParam* param) const = 0; 221 222 // Returns true if |rhs| is a subset of this. 223 virtual bool Contains(const APIPermission* rhs) const = 0; 224 225 // Returns true if |rhs| is equal to this. 226 virtual bool Equal(const APIPermission* rhs) const = 0; 227 228 // Parses the APIPermission from |value|. Returns false if an error happens 229 // and optionally set |error| if |error| is not NULL. If |value| represents 230 // multiple permissions, some are invalid, and |unhandled_permissions| is 231 // not NULL, the invalid ones are put into |unhandled_permissions| and the 232 // function returns true. 233 virtual bool FromValue(const base::Value* value, 234 std::string* error, 235 std::vector<std::string>* unhandled_permissions) = 0; 236 237 // Stores this into a new created |value|. 238 virtual scoped_ptr<base::Value> ToValue() const = 0; 239 240 // Clones this. 241 virtual APIPermission* Clone() const = 0; 242 243 // Returns a new API permission which equals this - |rhs|. 244 virtual APIPermission* Diff(const APIPermission* rhs) const = 0; 245 246 // Returns a new API permission which equals the union of this and |rhs|. 247 virtual APIPermission* Union(const APIPermission* rhs) const = 0; 248 249 // Returns a new API permission which equals the intersect of this and |rhs|. 250 virtual APIPermission* Intersect(const APIPermission* rhs) const = 0; 251 252 // IPC functions 253 // Writes this into the given IPC message |m|. 254 virtual void Write(IPC::Message* m) const = 0; 255 256 // Reads from the given IPC message |m|. 257 virtual bool Read(const IPC::Message* m, PickleIterator* iter) = 0; 258 259 // Logs this permission. 260 virtual void Log(std::string* log) const = 0; 261 262 protected: 263 // Returns the localized permission message associated with this api. 264 // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows. 265 PermissionMessage GetMessage_() const; 266 267 private: 268 const APIPermissionInfo* const info_; 269 }; 270 271 272 // The APIPermissionInfo is an immutable class that describes a single 273 // named permission (API permission). 274 // There is one instance per permission. 275 class APIPermissionInfo { 276 public: 277 enum Flag { 278 kFlagNone = 0, 279 280 // Indicates if the permission implies full access (native code). 281 kFlagImpliesFullAccess = 1 << 0, 282 283 // Indicates if the permission implies full URL access. 284 kFlagImpliesFullURLAccess = 1 << 1, 285 286 // Indicates that extensions cannot specify the permission as optional. 287 kFlagCannotBeOptional = 1 << 3, 288 289 // Indicates that the permission is internal to the extensions 290 // system and cannot be specified in the "permissions" list. 291 kFlagInternal = 1 << 4, 292 }; 293 294 typedef APIPermission* (*APIPermissionConstructor)(const APIPermissionInfo*); 295 296 typedef std::set<APIPermission::ID> IDSet; 297 298 ~APIPermissionInfo(); 299 300 // Creates a APIPermission instance. 301 APIPermission* CreateAPIPermission() const; 302 flags()303 int flags() const { return flags_; } 304 id()305 APIPermission::ID id() const { return id_; } 306 307 // Returns the message id associated with this permission. message_id()308 PermissionMessage::ID message_id() const { 309 return message_id_; 310 } 311 312 // Returns the name of this permission. name()313 const char* name() const { return name_; } 314 315 // Returns true if this permission implies full access (e.g., native code). implies_full_access()316 bool implies_full_access() const { 317 return (flags_ & kFlagImpliesFullAccess) != 0; 318 } 319 320 // Returns true if this permission implies full URL access. implies_full_url_access()321 bool implies_full_url_access() const { 322 return (flags_ & kFlagImpliesFullURLAccess) != 0; 323 } 324 325 // Returns true if this permission can be added and removed via the 326 // optional permissions extension API. supports_optional()327 bool supports_optional() const { 328 return (flags_ & kFlagCannotBeOptional) == 0; 329 } 330 331 // Returns true if this permission is internal rather than a 332 // "permissions" list entry. is_internal()333 bool is_internal() const { 334 return (flags_ & kFlagInternal) != 0; 335 } 336 337 private: 338 // Instances should only be constructed from within a PermissionsProvider. 339 friend class ChromeAPIPermissions; 340 friend class ExtensionsAPIPermissions; 341 // Implementations of APIPermission will want to get the permission message, 342 // but this class's implementation should be hidden from everyone else. 343 friend class APIPermission; 344 345 // This exists to allow aggregate initialization, so that default values 346 // for flags, etc. can be omitted. 347 // TODO(yoz): Simplify the way initialization is done. APIPermissionInfo 348 // should be the simple data struct. 349 struct InitInfo { 350 APIPermission::ID id; 351 const char* name; 352 int flags; 353 int l10n_message_id; 354 PermissionMessage::ID message_id; 355 APIPermissionInfo::APIPermissionConstructor constructor; 356 }; 357 358 explicit APIPermissionInfo(const InitInfo& info); 359 360 // Returns the localized permission message associated with this api. 361 // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows. 362 PermissionMessage GetMessage_() const; 363 364 const APIPermission::ID id_; 365 const char* const name_; 366 const int flags_; 367 const int l10n_message_id_; 368 const PermissionMessage::ID message_id_; 369 const APIPermissionConstructor api_permission_constructor_; 370 }; 371 372 } // namespace extensions 373 374 #endif // EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_ 375