Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef CHROME_COMMON_EXTENSIONS_PERMISSIONS_API_PERMISSION_H_ |
| 6 | #define CHROME_COMMON_EXTENSIONS_PERMISSIONS_API_PERMISSION_H_ |
| 7 | |
| 8 | #include <map> |
| 9 | #include <set> |
| 10 | #include <string> |
| 11 | |
| 12 | #include "base/callback.h" |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 13 | #include "base/memory/scoped_ptr.h" |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 14 | #include "base/pickle.h" |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 15 | #include "base/values.h" |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 16 | #include "chrome/common/extensions/permissions/permission_message.h" |
| 17 | |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 18 | namespace IPC { |
| 19 | class Message; |
| 20 | } |
| 21 | |
| 22 | namespace extensions { |
| 23 | |
| 24 | class APIPermissionInfo; |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 25 | class ChromeAPIPermissions; |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 26 | |
| 27 | // APIPermission is for handling some complex permissions. Please refer to |
| 28 | // extensions::SocketPermission as an example. |
| 29 | // There is one instance per permission per loaded extension. |
| 30 | class APIPermission { |
| 31 | public: |
| 32 | enum ID { |
| 33 | // Error codes. |
| 34 | kInvalid = -2, |
| 35 | kUnknown = -1, |
| 36 | |
| 37 | // Real permissions. |
| 38 | kActiveTab, |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 39 | kActivityLogPrivate, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 40 | kAdView, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 41 | kAlarms, |
| 42 | kAppCurrentWindowInternal, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 43 | kAppRuntime, |
| 44 | kAppWindow, |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 45 | kAudio, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 46 | kAudioCapture, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 47 | kAutoTestPrivate, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 48 | kBackground, |
| 49 | kBluetooth, |
| 50 | kBookmark, |
| 51 | kBookmarkManagerPrivate, |
| 52 | kBrowsingData, |
| 53 | kChromeosInfoPrivate, |
| 54 | kClipboardRead, |
| 55 | kClipboardWrite, |
| 56 | kCloudPrintPrivate, |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 57 | kCommandLinePrivate, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 58 | kContentSettings, |
| 59 | kContextMenus, |
| 60 | kCookie, |
Ben Murdoch | eb525c5 | 2013-07-10 11:40:50 +0100 | [diff] [blame] | 61 | kDiagnostics, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 62 | kDial, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 63 | kDebugger, |
| 64 | kDeclarative, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 65 | kDeclarativeContent, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 66 | kDeclarativeWebRequest, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 67 | kDeveloperPrivate, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 68 | kDevtools, |
| 69 | kDownloads, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 70 | kDownloadsInternal, |
Ben Murdoch | 58e6fbe | 2013-07-26 10:20:38 +0100 | [diff] [blame] | 71 | kDownloadsOpen, |
Torne (Richard Coles) | a36e592 | 2013-08-05 13:57:33 +0100 | [diff] [blame] | 72 | kDownloadsShelf, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 73 | kEchoPrivate, |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 74 | kEnterprisePlatformKeysPrivate, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 75 | kExperimental, |
Torne (Richard Coles) | 7d4cd47 | 2013-06-19 11:58:07 +0100 | [diff] [blame] | 76 | kFeedbackPrivate, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 77 | kFileBrowserHandler, |
| 78 | kFileBrowserHandlerInternal, |
| 79 | kFileBrowserPrivate, |
| 80 | kFileSystem, |
Ben Murdoch | 7dbb3d5 | 2013-07-17 14:55:54 +0100 | [diff] [blame] | 81 | kFileSystemRetainEntries, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 82 | kFileSystemWrite, |
| 83 | kFontSettings, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 84 | kFullscreen, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 85 | kGeolocation, |
| 86 | kHistory, |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 87 | kIdentity, |
Torne (Richard Coles) | 90dce4d | 2013-05-29 14:40:03 +0100 | [diff] [blame] | 88 | kIdentityPrivate, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 89 | kIdle, |
Torne (Richard Coles) | a36e592 | 2013-08-05 13:57:33 +0100 | [diff] [blame] | 90 | kInfobars, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 91 | kInput, |
| 92 | kInputMethodPrivate, |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 93 | kLocation, |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 94 | kLogPrivate, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 95 | kManagement, |
| 96 | kMediaGalleries, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 97 | kMediaGalleriesPrivate, |
| 98 | kMediaPlayerPrivate, |
| 99 | kMetricsPrivate, |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 100 | kMusicManagerPrivate, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 101 | kNativeMessaging, |
| 102 | kNetworkingPrivate, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 103 | kNotification, |
| 104 | kPageCapture, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 105 | kPointerLock, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 106 | kPlugin, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 107 | kPower, |
Torne (Richard Coles) | 7d4cd47 | 2013-06-19 11:58:07 +0100 | [diff] [blame] | 108 | kPreferencesPrivate, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 109 | kPrivacy, |
| 110 | kProxy, |
| 111 | kPushMessaging, |
Torne (Richard Coles) | a36e592 | 2013-08-05 13:57:33 +0100 | [diff] [blame] | 112 | kRecoveryPrivate, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 113 | kRtcPrivate, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 114 | kScreensaver, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 115 | kSerial, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 116 | kSessionRestore, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 117 | kSocket, |
| 118 | kStorage, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 119 | kStreamsPrivate, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 120 | kSyncFileSystem, |
| 121 | kSystemPrivate, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 122 | kSystemIndicator, |
Ben Murdoch | ca12bfa | 2013-07-23 11:17:05 +0100 | [diff] [blame] | 123 | kSystemDisplay, |
Ben Murdoch | 558790d | 2013-07-30 15:19:42 +0100 | [diff] [blame] | 124 | kSystemStorage, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 125 | kTab, |
| 126 | kTabCapture, |
| 127 | kTerminalPrivate, |
| 128 | kTopSites, |
| 129 | kTts, |
| 130 | kTtsEngine, |
| 131 | kUnlimitedStorage, |
| 132 | kUsb, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 133 | kUsbDevice, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 134 | kVideoCapture, |
| 135 | kWallpaperPrivate, |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 136 | kWebConnectable, // for externally_connectable manifest key |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 137 | kWebNavigation, |
| 138 | kWebRequest, |
| 139 | kWebRequestBlocking, |
| 140 | kWebRequestInternal, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 141 | kWebstorePrivate, |
| 142 | kWebView, |
Ben Murdoch | 9ab5563 | 2013-07-18 11:57:30 +0100 | [diff] [blame] | 143 | kSystemCpu, |
Ben Murdoch | a3f7b4e | 2013-07-24 10:36:34 +0100 | [diff] [blame] | 144 | kSystemMemory, |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 145 | kSystemInfoCpu, |
| 146 | kSystemInfoMemory, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 147 | kEnumBoundary |
| 148 | }; |
| 149 | |
| 150 | struct CheckParam { |
| 151 | }; |
| 152 | |
| 153 | explicit APIPermission(const APIPermissionInfo* info); |
| 154 | |
| 155 | virtual ~APIPermission(); |
| 156 | |
| 157 | // Returns the id of this permission. |
| 158 | ID id() const; |
| 159 | |
| 160 | // Returns the name of this permission. |
| 161 | const char* name() const; |
| 162 | |
| 163 | // Returns the APIPermission of this permission. |
| 164 | const APIPermissionInfo* info() const { |
| 165 | return info_; |
| 166 | } |
| 167 | |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 168 | // Returns true if this permission cannot be found in the manifest. |
| 169 | virtual bool ManifestEntryForbidden() const; |
| 170 | |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 171 | // Returns true if this permission has any PermissionMessages. |
| 172 | virtual bool HasMessages() const = 0; |
| 173 | |
| 174 | // Returns the localized permission messages of this permission. |
| 175 | virtual PermissionMessages GetMessages() const = 0; |
| 176 | |
| 177 | // Returns true if the given permission is allowed. |
| 178 | virtual bool Check(const CheckParam* param) const = 0; |
| 179 | |
| 180 | // Returns true if |rhs| is a subset of this. |
| 181 | virtual bool Contains(const APIPermission* rhs) const = 0; |
| 182 | |
| 183 | // Returns true if |rhs| is equal to this. |
| 184 | virtual bool Equal(const APIPermission* rhs) const = 0; |
| 185 | |
| 186 | // Parses the APIPermission from |value|. Returns false if error happens. |
| 187 | virtual bool FromValue(const base::Value* value) = 0; |
| 188 | |
| 189 | // Stores this into a new created |value|. |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 190 | virtual scoped_ptr<base::Value> ToValue() const = 0; |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 191 | |
| 192 | // Clones this. |
| 193 | virtual APIPermission* Clone() const = 0; |
| 194 | |
| 195 | // Returns a new API permission which equals this - |rhs|. |
| 196 | virtual APIPermission* Diff(const APIPermission* rhs) const = 0; |
| 197 | |
| 198 | // Returns a new API permission which equals the union of this and |rhs|. |
| 199 | virtual APIPermission* Union(const APIPermission* rhs) const = 0; |
| 200 | |
| 201 | // Returns a new API permission which equals the intersect of this and |rhs|. |
| 202 | virtual APIPermission* Intersect(const APIPermission* rhs) const = 0; |
| 203 | |
| 204 | // IPC functions |
| 205 | // Writes this into the given IPC message |m|. |
| 206 | virtual void Write(IPC::Message* m) const = 0; |
| 207 | |
| 208 | // Reads from the given IPC message |m|. |
| 209 | virtual bool Read(const IPC::Message* m, PickleIterator* iter) = 0; |
| 210 | |
| 211 | // Logs this permission. |
| 212 | virtual void Log(std::string* log) const = 0; |
| 213 | |
| 214 | protected: |
| 215 | // Returns the localized permission message associated with this api. |
| 216 | // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows. |
| 217 | PermissionMessage GetMessage_() const; |
| 218 | |
| 219 | private: |
| 220 | const APIPermissionInfo* const info_; |
| 221 | }; |
| 222 | |
| 223 | |
| 224 | // The APIPermissionInfo is an immutable class that describes a single |
| 225 | // named permission (API permission). |
| 226 | // There is one instance per permission. |
| 227 | class APIPermissionInfo { |
| 228 | public: |
| 229 | enum Flag { |
| 230 | kFlagNone = 0, |
| 231 | |
| 232 | // Indicates if the permission implies full access (native code). |
| 233 | kFlagImpliesFullAccess = 1 << 0, |
| 234 | |
| 235 | // Indicates if the permission implies full URL access. |
| 236 | kFlagImpliesFullURLAccess = 1 << 1, |
| 237 | |
| 238 | // Indicates that extensions cannot specify the permission as optional. |
Ben Murdoch | ca12bfa | 2013-07-23 11:17:05 +0100 | [diff] [blame] | 239 | kFlagCannotBeOptional = 1 << 3, |
| 240 | |
| 241 | // Indicates that the permission is internal to the extensions |
| 242 | // system and cannot be specified in the "permissions" list. |
| 243 | kFlagInternal = 1 << 4, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 244 | }; |
| 245 | |
| 246 | typedef APIPermission* (*APIPermissionConstructor)(const APIPermissionInfo*); |
| 247 | |
| 248 | typedef std::set<APIPermission::ID> IDSet; |
| 249 | |
| 250 | ~APIPermissionInfo(); |
| 251 | |
| 252 | // Creates a APIPermission instance. |
| 253 | APIPermission* CreateAPIPermission() const; |
| 254 | |
| 255 | int flags() const { return flags_; } |
| 256 | |
| 257 | APIPermission::ID id() const { return id_; } |
| 258 | |
| 259 | // Returns the message id associated with this permission. |
| 260 | PermissionMessage::ID message_id() const { |
| 261 | return message_id_; |
| 262 | } |
| 263 | |
| 264 | // Returns the name of this permission. |
| 265 | const char* name() const { return name_; } |
| 266 | |
| 267 | // Returns true if this permission implies full access (e.g., native code). |
| 268 | bool implies_full_access() const { |
| 269 | return (flags_ & kFlagImpliesFullAccess) != 0; |
| 270 | } |
| 271 | |
| 272 | // Returns true if this permission implies full URL access. |
| 273 | bool implies_full_url_access() const { |
| 274 | return (flags_ & kFlagImpliesFullURLAccess) != 0; |
| 275 | } |
| 276 | |
| 277 | // Returns true if this permission can be added and removed via the |
| 278 | // optional permissions extension API. |
| 279 | bool supports_optional() const { |
| 280 | return (flags_ & kFlagCannotBeOptional) == 0; |
| 281 | } |
| 282 | |
Ben Murdoch | ca12bfa | 2013-07-23 11:17:05 +0100 | [diff] [blame] | 283 | // Returns true if this permission is internal rather than a |
| 284 | // "permissions" list entry. |
| 285 | bool is_internal() const { |
| 286 | return (flags_ & kFlagInternal) != 0; |
| 287 | } |
| 288 | |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 289 | private: |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 290 | // Instances should only be constructed from within a |
| 291 | // PermissionsInfo::Delegate. |
| 292 | friend class ChromeAPIPermissions; |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 293 | // Implementations of APIPermission will want to get the permission message, |
| 294 | // but this class's implementation should be hidden from everyone else. |
| 295 | friend class APIPermission; |
| 296 | |
| 297 | explicit APIPermissionInfo( |
| 298 | APIPermission::ID id, |
| 299 | const char* name, |
| 300 | int l10n_message_id, |
| 301 | PermissionMessage::ID message_id, |
| 302 | int flags, |
| 303 | APIPermissionConstructor api_permission_constructor); |
| 304 | |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 305 | // Returns the localized permission message associated with this api. |
| 306 | // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows. |
| 307 | PermissionMessage GetMessage_() const; |
| 308 | |
| 309 | const APIPermission::ID id_; |
| 310 | const char* const name_; |
| 311 | const int flags_; |
| 312 | const int l10n_message_id_; |
| 313 | const PermissionMessage::ID message_id_; |
| 314 | const APIPermissionConstructor api_permission_constructor_; |
| 315 | }; |
| 316 | |
| 317 | } // namespace extensions |
| 318 | |
| 319 | #endif // CHROME_COMMON_EXTENSIONS_PERMISSIONS_API_PERMISSION_H_ |