• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_
6 #define EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_
7 
8 #include <map>
9 #include <set>
10 #include <string>
11 #include <vector>
12 
13 #include "base/gtest_prod_util.h"
14 #include "base/memory/ref_counted.h"
15 #include "base/memory/singleton.h"
16 #include "base/strings/string16.h"
17 #include "extensions/common/manifest.h"
18 #include "extensions/common/permissions/api_permission.h"
19 #include "extensions/common/permissions/api_permission_set.h"
20 #include "extensions/common/permissions/manifest_permission.h"
21 #include "extensions/common/permissions/manifest_permission_set.h"
22 #include "extensions/common/url_pattern_set.h"
23 
24 namespace extensions {
25 class Extension;
26 
27 // The PermissionSet is an immutable class that encapsulates an
28 // extension's permissions. The class exposes set operations for combining and
29 // manipulating the permissions.
30 class PermissionSet
31     : public base::RefCountedThreadSafe<PermissionSet> {
32  public:
33   // Creates an empty permission set (e.g. default permissions).
34   PermissionSet();
35 
36   // Creates a new permission set based on the specified data: the API
37   // permissions, manifest key permissions, host permissions, and scriptable
38   // hosts. The effective hosts of the newly created permission set will be
39   // inferred from the given host permissions.
40   PermissionSet(const APIPermissionSet& apis,
41                 const ManifestPermissionSet& manifest_permissions,
42                 const URLPatternSet& explicit_hosts,
43                 const URLPatternSet& scriptable_hosts);
44 
45   // Creates a new permission set equal to |set1| - |set2|, passing ownership of
46   // the new set to the caller.
47   static PermissionSet* CreateDifference(
48       const PermissionSet* set1, const PermissionSet* set2);
49 
50   // Creates a new permission set equal to the intersection of |set1| and
51   // |set2|, passing ownership of the new set to the caller.
52   static PermissionSet* CreateIntersection(
53       const PermissionSet* set1, const PermissionSet* set2);
54 
55   // Creates a new permission set equal to the union of |set1| and |set2|.
56   // Passes ownership of the new set to the caller.
57   static PermissionSet* CreateUnion(
58       const PermissionSet* set1, const PermissionSet* set2);
59 
60   bool operator==(const PermissionSet& rhs) const;
61 
62   // Returns true if every API or host permission available to |set| is also
63   // available to this. In other words, if the API permissions of |set| are a
64   // subset of this, and the host permissions in this encompass those in |set|.
65   bool Contains(const PermissionSet& set) const;
66 
67   // Gets the API permissions in this set as a set of strings.
68   std::set<std::string> GetAPIsAsStrings() const;
69 
70   // Returns true if this is an empty set (e.g., the default permission set).
71   bool IsEmpty() const;
72 
73   // Returns true if the set has the specified API permission.
74   bool HasAPIPermission(APIPermission::ID permission) const;
75 
76   // Returns true if the |extension| explicitly requests access to the given
77   // |permission_name|. Note this does not include APIs without no corresponding
78   // permission, like "runtime" or "browserAction".
79   bool HasAPIPermission(const std::string& permission_name) const;
80 
81   // Returns true if the set allows the given permission with the default
82   // permission detal.
83   bool CheckAPIPermission(APIPermission::ID permission) const;
84 
85   // Returns true if the set allows the given permission and permission param.
86   bool CheckAPIPermissionWithParam(APIPermission::ID permission,
87       const APIPermission::CheckParam* param) const;
88 
89   // Returns true if this includes permission to access |origin|.
90   bool HasExplicitAccessToOrigin(const GURL& origin) const;
91 
92   // Returns true if this permission set includes access to script |url|.
93   bool HasScriptableAccessToURL(const GURL& url) const;
94 
95   // Returns true if this permission set includes effective access to all
96   // origins.
97   bool HasEffectiveAccessToAllHosts() const;
98 
99   // Returns true if this permission set has access to so many hosts, that we
100   // should treat it as all hosts for warning purposes.
101   // For example, '*://*.com/*'.
102   bool ShouldWarnAllHosts() const;
103 
104   // Returns true if this permission set includes effective access to |url|.
105   bool HasEffectiveAccessToURL(const GURL& url) const;
106 
107   // Returns true if this permission set effectively represents full access
108   // (e.g. native code).
109   bool HasEffectiveFullAccess() const;
110 
apis()111   const APIPermissionSet& apis() const { return apis_; }
112 
manifest_permissions()113   const ManifestPermissionSet& manifest_permissions() const {
114       return manifest_permissions_;
115   }
116 
effective_hosts()117   const URLPatternSet& effective_hosts() const { return effective_hosts_; }
118 
explicit_hosts()119   const URLPatternSet& explicit_hosts() const { return explicit_hosts_; }
120 
scriptable_hosts()121   const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; }
122 
123  private:
124   FRIEND_TEST_ALL_PREFIXES(PermissionsTest, GetWarningMessages_AudioVideo);
125   FRIEND_TEST_ALL_PREFIXES(PermissionsTest, AccessToDevicesMessages);
126   friend class base::RefCountedThreadSafe<PermissionSet>;
127 
128   ~PermissionSet();
129 
130   // Adds permissions implied independently of other context.
131   void InitImplicitPermissions();
132 
133   // Initializes the effective host permission based on the data in this set.
134   void InitEffectiveHosts();
135 
136   // Initializes |has_access_to_most_hosts_|.
137   void InitShouldWarnAllHosts() const;
138 
139   // The api list is used when deciding if an extension can access certain
140   // extension APIs and features.
141   APIPermissionSet apis_;
142 
143   // The manifest key permission list is used when deciding if an extension
144   // can access certain extension APIs and features.
145   ManifestPermissionSet manifest_permissions_;
146 
147   // The list of hosts that can be accessed directly from the extension.
148   // TODO(jstritar): Rename to "hosts_"?
149   URLPatternSet explicit_hosts_;
150 
151   // The list of hosts that can be scripted by content scripts.
152   // TODO(jstritar): Rename to "user_script_hosts_"?
153   URLPatternSet scriptable_hosts_;
154 
155   // The list of hosts this effectively grants access to.
156   URLPatternSet effective_hosts_;
157 
158   enum ShouldWarnAllHostsType {
159     UNINITIALIZED = 0,
160     WARN_ALL_HOSTS,
161     DONT_WARN_ALL_HOSTS
162   };
163   // Whether or not this permission set includes access to so many origins, we
164   // should treat it as all_hosts for warning purposes.
165   // Lazily initialized (and therefore mutable).
166   mutable ShouldWarnAllHostsType should_warn_all_hosts_;
167 };
168 
169 }  // namespace extensions
170 
171 #endif  // EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_
172