• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
6 #define EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
7 
8 #include <map>
9 #include <set>
10 #include <string>
11 
12 #include "base/callback.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/pickle.h"
15 #include "base/values.h"
16 #include "extensions/common/permissions/permission_message.h"
17 
18 namespace IPC {
19 class Message;
20 }
21 
22 namespace extensions {
23 
24 class APIPermissionInfo;
25 class ChromeAPIPermissions;
26 
27 // APIPermission is for handling some complex permissions. Please refer to
28 // extensions::SocketPermission as an example.
29 // There is one instance per permission per loaded extension.
30 class APIPermission {
31  public:
32   enum ID {
33     // Error codes.
34     kInvalid = -2,
35     kUnknown = -1,
36 
37     // Real permissions.
38     kAccessibilityFeaturesModify,
39     kAccessibilityFeaturesRead,
40     kAccessibilityPrivate,
41     kActiveTab,
42     kActivityLogPrivate,
43     kAlarms,
44     kAlphaEnabled,
45     kAlwaysOnTopWindows,
46     kAppView,
47     kAudio,
48     kAudioCapture,
49     kAutomation,
50     kAutoTestPrivate,
51     kBackground,
52     kBluetoothPrivate,
53     kBookmark,
54     kBookmarkManagerPrivate,
55     kBrailleDisplayPrivate,
56     kBrowsingData,
57     kCast,
58     kCastStreaming,
59     kChromeosInfoPrivate,
60     kClipboardRead,
61     kClipboardWrite,
62     kCloudPrintPrivate,
63     kCommandLinePrivate,
64     kCommandsAccessibility,
65     kContentSettings,
66     kContextMenus,
67     kCookie,
68     kCopresence,
69     kCopresencePrivate,
70     kDiagnostics,
71     kDial,
72     kDebugger,
73     kDeclarative,
74     kDeclarativeContent,
75     kDeclarativeWebRequest,
76     kDesktopCapture,
77     kDeveloperPrivate,
78     kDevtools,
79     kDns,
80     kDownloads,
81     kDownloadsInternal,
82     kDownloadsOpen,
83     kDownloadsShelf,
84     kEasyUnlockPrivate,
85     kEchoPrivate,
86     kEmbeddedExtensionOptions,
87     kEnterprisePlatformKeys,
88     kEnterprisePlatformKeysPrivate,
89     kExperienceSamplingPrivate,
90     kExperimental,
91     kExternallyConnectableAllUrls,
92     kFeedbackPrivate,
93     kFileBrowserHandler,
94     kFileBrowserHandlerInternal,
95     kFileManagerPrivate,
96     kFileSystem,
97     kFileSystemDirectory,
98     kFileSystemProvider,
99     kFileSystemRetainEntries,
100     kFileSystemWrite,
101     kFileSystemWriteDirectory,
102     kFontSettings,
103     kFullscreen,
104     kGcdPrivate,
105     kGcm,
106     kGeolocation,
107     kHid,
108     kHistory,
109     kHomepage,
110     kHotwordPrivate,
111     kIdentity,
112     kIdentityEmail,
113     kIdentityPrivate,
114     kIdltest,
115     kIdle,
116     kInfobars,
117     kInput,
118     kInputMethodPrivate,
119     kLocation,
120     kLogPrivate,
121     kManagement,
122     kMediaGalleries,
123     kMediaGalleriesPrivate,
124     kMediaPlayerPrivate,
125     kMetricsPrivate,
126     kMDns,
127     kMusicManagerPrivate,
128     kNativeMessaging,
129     kNetworkingPrivate,
130     kNotificationProvider,
131     kNotifications,
132     kOverrideEscFullscreen,
133     kPageCapture,
134     kPointerLock,
135     kPlugin,
136     kPower,
137     kPreferencesPrivate,
138     kPrincipalsPrivate,
139     kPrivacy,
140     kProcesses,
141     kProxy,
142     kPushMessaging,
143     kImageWriterPrivate,
144     kReadingListPrivate,
145     kRtcPrivate,
146     kSearchProvider,
147     kSerial,
148     kSessions,
149     kSignedInDevices,
150     kSocket,
151     kStartupPages,
152     kStorage,
153     kStreamsPrivate,
154     kSyncFileSystem,
155     kSyncedNotificationsPrivate,
156     kSystemPrivate,
157     kSystemDisplay,
158     kSystemStorage,
159     kTab,
160     kTabCapture,
161     kTabCaptureForTab,
162     kTerminalPrivate,
163     kTopSites,
164     kTts,
165     kTtsEngine,
166     kUnlimitedStorage,
167     kU2fDevices,
168     kUsb,
169     kUsbDevice,
170     kVideoCapture,
171     kVirtualKeyboardPrivate,
172     kWallpaper,
173     kWallpaperPrivate,
174     kWebcamPrivate,
175     kWebConnectable,  // for externally_connectable manifest key
176     kWebNavigation,
177     kWebRequest,
178     kWebRequestBlocking,
179     kWebrtcAudioPrivate,
180     kWebrtcLoggingPrivate,
181     kWebstorePrivate,
182     kWebView,
183     kWindowShape,
184     kScreenlockPrivate,
185     kSystemCpu,
186     kSystemMemory,
187     kSystemNetwork,
188     kSystemInfoCpu,
189     kSystemInfoMemory,
190     kFirstRunPrivate,
191     kBrowser,
192     kEnumBoundary
193   };
194 
195   struct CheckParam {
196   };
197 
198   explicit APIPermission(const APIPermissionInfo* info);
199 
200   virtual ~APIPermission();
201 
202   // Returns the id of this permission.
203   ID id() const;
204 
205   // Returns the name of this permission.
206   const char* name() const;
207 
208   // Returns the APIPermission of this permission.
info()209   const APIPermissionInfo* info() const {
210     return info_;
211   }
212 
213   // Returns true if this permission has any PermissionMessages.
214   virtual bool HasMessages() const = 0;
215 
216   // Returns the localized permission messages of this permission.
217   virtual PermissionMessages GetMessages() const = 0;
218 
219   // Returns true if the given permission is allowed.
220   virtual bool Check(const CheckParam* param) const = 0;
221 
222   // Returns true if |rhs| is a subset of this.
223   virtual bool Contains(const APIPermission* rhs) const = 0;
224 
225   // Returns true if |rhs| is equal to this.
226   virtual bool Equal(const APIPermission* rhs) const = 0;
227 
228   // Parses the APIPermission from |value|. Returns false if an error happens
229   // and optionally set |error| if |error| is not NULL. If |value| represents
230   // multiple permissions, some are invalid, and |unhandled_permissions| is
231   // not NULL, the invalid ones are put into |unhandled_permissions| and the
232   // function returns true.
233   virtual bool FromValue(const base::Value* value,
234                          std::string* error,
235                          std::vector<std::string>* unhandled_permissions) = 0;
236 
237   // Stores this into a new created |value|.
238   virtual scoped_ptr<base::Value> ToValue() const = 0;
239 
240   // Clones this.
241   virtual APIPermission* Clone() const = 0;
242 
243   // Returns a new API permission which equals this - |rhs|.
244   virtual APIPermission* Diff(const APIPermission* rhs) const = 0;
245 
246   // Returns a new API permission which equals the union of this and |rhs|.
247   virtual APIPermission* Union(const APIPermission* rhs) const = 0;
248 
249   // Returns a new API permission which equals the intersect of this and |rhs|.
250   virtual APIPermission* Intersect(const APIPermission* rhs) const = 0;
251 
252   // IPC functions
253   // Writes this into the given IPC message |m|.
254   virtual void Write(IPC::Message* m) const = 0;
255 
256   // Reads from the given IPC message |m|.
257   virtual bool Read(const IPC::Message* m, PickleIterator* iter) = 0;
258 
259   // Logs this permission.
260   virtual void Log(std::string* log) const = 0;
261 
262  protected:
263   // Returns the localized permission message associated with this api.
264   // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows.
265   PermissionMessage GetMessage_() const;
266 
267  private:
268   const APIPermissionInfo* const info_;
269 };
270 
271 
272 // The APIPermissionInfo is an immutable class that describes a single
273 // named permission (API permission).
274 // There is one instance per permission.
275 class APIPermissionInfo {
276  public:
277   enum Flag {
278     kFlagNone = 0,
279 
280     // Indicates if the permission implies full access (native code).
281     kFlagImpliesFullAccess = 1 << 0,
282 
283     // Indicates if the permission implies full URL access.
284     kFlagImpliesFullURLAccess = 1 << 1,
285 
286     // Indicates that extensions cannot specify the permission as optional.
287     kFlagCannotBeOptional = 1 << 3,
288 
289     // Indicates that the permission is internal to the extensions
290     // system and cannot be specified in the "permissions" list.
291     kFlagInternal = 1 << 4,
292   };
293 
294   typedef APIPermission* (*APIPermissionConstructor)(const APIPermissionInfo*);
295 
296   typedef std::set<APIPermission::ID> IDSet;
297 
298   ~APIPermissionInfo();
299 
300   // Creates a APIPermission instance.
301   APIPermission* CreateAPIPermission() const;
302 
flags()303   int flags() const { return flags_; }
304 
id()305   APIPermission::ID id() const { return id_; }
306 
307   // Returns the message id associated with this permission.
message_id()308   PermissionMessage::ID message_id() const {
309     return message_id_;
310   }
311 
312   // Returns the name of this permission.
name()313   const char* name() const { return name_; }
314 
315   // Returns true if this permission implies full access (e.g., native code).
implies_full_access()316   bool implies_full_access() const {
317     return (flags_ & kFlagImpliesFullAccess) != 0;
318   }
319 
320   // Returns true if this permission implies full URL access.
implies_full_url_access()321   bool implies_full_url_access() const {
322     return (flags_ & kFlagImpliesFullURLAccess) != 0;
323   }
324 
325   // Returns true if this permission can be added and removed via the
326   // optional permissions extension API.
supports_optional()327   bool supports_optional() const {
328     return (flags_ & kFlagCannotBeOptional) == 0;
329   }
330 
331   // Returns true if this permission is internal rather than a
332   // "permissions" list entry.
is_internal()333   bool is_internal() const {
334     return (flags_ & kFlagInternal) != 0;
335   }
336 
337  private:
338   // Instances should only be constructed from within a PermissionsProvider.
339   friend class ChromeAPIPermissions;
340   friend class ExtensionsAPIPermissions;
341   // Implementations of APIPermission will want to get the permission message,
342   // but this class's implementation should be hidden from everyone else.
343   friend class APIPermission;
344 
345   // This exists to allow aggregate initialization, so that default values
346   // for flags, etc. can be omitted.
347   // TODO(yoz): Simplify the way initialization is done. APIPermissionInfo
348   // should be the simple data struct.
349   struct InitInfo {
350     APIPermission::ID id;
351     const char* name;
352     int flags;
353     int l10n_message_id;
354     PermissionMessage::ID message_id;
355     APIPermissionInfo::APIPermissionConstructor constructor;
356   };
357 
358   explicit APIPermissionInfo(const InitInfo& info);
359 
360   // Returns the localized permission message associated with this api.
361   // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows.
362   PermissionMessage GetMessage_() const;
363 
364   const APIPermission::ID id_;
365   const char* const name_;
366   const int flags_;
367   const int l10n_message_id_;
368   const PermissionMessage::ID message_id_;
369   const APIPermissionConstructor api_permission_constructor_;
370 };
371 
372 }  // namespace extensions
373 
374 #endif  // EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
375