1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/common/extensions/permissions/chrome_api_permissions.h" 6 7 #include "chrome/common/extensions/permissions/api_permission.h" 8 #include "chrome/common/extensions/permissions/api_permission_set.h" 9 #include "chrome/common/extensions/permissions/bluetooth_permission.h" 10 #include "chrome/common/extensions/permissions/media_galleries_permission.h" 11 #include "chrome/common/extensions/permissions/permission_message.h" 12 #include "chrome/common/extensions/permissions/permissions_info.h" 13 #include "chrome/common/extensions/permissions/socket_permission.h" 14 #include "chrome/common/extensions/permissions/usb_device_permission.h" 15 #include "grit/generated_resources.h" 16 17 namespace extensions { 18 19 namespace { 20 21 const char kOldUnlimitedStoragePermission[] = "unlimited_storage"; 22 const char kWindowsPermission[] = "windows"; 23 24 template<typename T> APIPermission* CreateAPIPermission( 25 const APIPermissionInfo* permission) { 26 return new T(permission); 27 } 28 29 } // namespace 30 31 std::vector<APIPermissionInfo*> ChromeAPIPermissions::GetAllPermissions() 32 const { 33 struct PermissionRegistration { 34 APIPermission::ID id; 35 const char* name; 36 int flags; 37 int l10n_message_id; 38 PermissionMessage::ID message_id; 39 APIPermissionInfo::APIPermissionConstructor constructor; 40 } PermissionsToRegister[] = { 41 // Register permissions for all extension types. 42 { APIPermission::kBackground, "background" }, 43 { APIPermission::kClipboardRead, "clipboardRead", 44 APIPermissionInfo::kFlagNone, 45 IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD, 46 PermissionMessage::kClipboard }, 47 { APIPermission::kClipboardWrite, "clipboardWrite" }, 48 { APIPermission::kDeclarativeContent, "declarativeContent" }, 49 { APIPermission::kDeclarativeWebRequest, "declarativeWebRequest" }, 50 { APIPermission::kDownloads, "downloads", APIPermissionInfo::kFlagNone, 51 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS, 52 PermissionMessage::kDownloads }, 53 { APIPermission::kDownloadsOpen, "downloads.open", 54 APIPermissionInfo::kFlagNone, 55 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS_OPEN, 56 PermissionMessage::kDownloadsOpen }, 57 { APIPermission::kDownloadsShelf, "downloads.shelf" }, 58 { APIPermission::kIdentity, "identity" }, 59 { APIPermission::kExperimental, "experimental", 60 APIPermissionInfo::kFlagCannotBeOptional }, 61 // NOTE(kalman): this is provided by a manifest property but needs to 62 // appear in the install permission dialogue, so we need a fake 63 // permission for it. See http://crbug.com/247857. 64 { APIPermission::kWebConnectable, "webConnectable", 65 APIPermissionInfo::kFlagCannotBeOptional | 66 APIPermissionInfo::kFlagInternal, 67 IDS_EXTENSION_PROMPT_WARNING_WEB_CONNECTABLE, 68 PermissionMessage::kWebConnectable}, 69 { APIPermission::kGeolocation, "geolocation", 70 APIPermissionInfo::kFlagCannotBeOptional, 71 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION, 72 PermissionMessage::kGeolocation }, 73 { APIPermission::kNotification, "notifications" }, 74 { APIPermission::kScreensaver, "screensaver" }, 75 { APIPermission::kUnlimitedStorage, "unlimitedStorage", 76 APIPermissionInfo::kFlagCannotBeOptional }, 77 78 // Register extension permissions. 79 { APIPermission::kActiveTab, "activeTab" }, 80 { APIPermission::kAdView, "adview" }, 81 { APIPermission::kAlarms, "alarms" }, 82 { APIPermission::kBookmark, "bookmarks", APIPermissionInfo::kFlagNone, 83 IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS, 84 PermissionMessage::kBookmarks }, 85 { APIPermission::kBrowsingData, "browsingData" }, 86 { APIPermission::kContentSettings, "contentSettings", 87 APIPermissionInfo::kFlagNone, 88 IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS, 89 PermissionMessage::kContentSettings }, 90 { APIPermission::kContextMenus, "contextMenus" }, 91 { APIPermission::kCookie, "cookies" }, 92 { APIPermission::kFileBrowserHandler, "fileBrowserHandler", 93 APIPermissionInfo::kFlagCannotBeOptional }, 94 { APIPermission::kFontSettings, "fontSettings", 95 APIPermissionInfo::kFlagCannotBeOptional }, 96 { APIPermission::kHistory, "history", APIPermissionInfo::kFlagNone, 97 IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY, 98 PermissionMessage::kBrowsingHistory }, 99 { APIPermission::kIdle, "idle" }, 100 { APIPermission::kInfobars, "infobars" }, 101 { APIPermission::kInput, "input", APIPermissionInfo::kFlagNone, 102 IDS_EXTENSION_PROMPT_WARNING_INPUT, 103 PermissionMessage::kInput }, 104 { APIPermission::kLocation, "location", 105 APIPermissionInfo::kFlagCannotBeOptional, 106 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION, 107 PermissionMessage::kGeolocation }, 108 { APIPermission::kManagement, "management", APIPermissionInfo::kFlagNone, 109 IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT, 110 PermissionMessage::kManagement }, 111 { APIPermission::kNativeMessaging, "nativeMessaging", 112 APIPermissionInfo::kFlagNone, 113 IDS_EXTENSION_PROMPT_WARNING_NATIVE_MESSAGING, 114 PermissionMessage::kNativeMessaging }, 115 { APIPermission::kPower, "power", }, 116 { APIPermission::kPrivacy, "privacy", APIPermissionInfo::kFlagNone, 117 IDS_EXTENSION_PROMPT_WARNING_PRIVACY, 118 PermissionMessage::kPrivacy }, 119 { APIPermission::kSessionRestore, "sessionRestore" }, 120 { APIPermission::kStorage, "storage" }, 121 { APIPermission::kSyncFileSystem, "syncFileSystem", 122 APIPermissionInfo::kFlagNone, 123 IDS_EXTENSION_PROMPT_WARNING_SYNCFILESYSTEM, 124 PermissionMessage::kSyncFileSystem }, 125 { APIPermission::kTab, "tabs", APIPermissionInfo::kFlagNone, 126 IDS_EXTENSION_PROMPT_WARNING_TABS, 127 PermissionMessage::kTabs }, 128 { APIPermission::kTopSites, "topSites", APIPermissionInfo::kFlagNone, 129 IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY, 130 PermissionMessage::kBrowsingHistory }, 131 { APIPermission::kTts, "tts", 0, APIPermissionInfo::kFlagCannotBeOptional }, 132 { APIPermission::kTtsEngine, "ttsEngine", 133 APIPermissionInfo::kFlagCannotBeOptional, 134 IDS_EXTENSION_PROMPT_WARNING_TTS_ENGINE, 135 PermissionMessage::kTtsEngine }, 136 { APIPermission::kWebNavigation, "webNavigation", 137 APIPermissionInfo::kFlagNone, 138 IDS_EXTENSION_PROMPT_WARNING_TABS, PermissionMessage::kTabs }, 139 { APIPermission::kWebRequest, "webRequest" }, 140 { APIPermission::kWebRequestBlocking, "webRequestBlocking" }, 141 { APIPermission::kWebView, "webview", 142 APIPermissionInfo::kFlagCannotBeOptional }, 143 144 // Register private permissions. 145 { APIPermission::kActivityLogPrivate, "activityLogPrivate", 146 APIPermissionInfo::kFlagCannotBeOptional, 147 IDS_EXTENSION_PROMPT_WARNING_ACTIVITY_LOG_PRIVATE, 148 PermissionMessage::kActivityLogPrivate }, 149 { APIPermission::kAutoTestPrivate, "autotestPrivate", 150 APIPermissionInfo::kFlagCannotBeOptional }, 151 { APIPermission::kBookmarkManagerPrivate, "bookmarkManagerPrivate", 152 APIPermissionInfo::kFlagCannotBeOptional }, 153 { APIPermission::kChromeosInfoPrivate, "chromeosInfoPrivate", 154 APIPermissionInfo::kFlagCannotBeOptional }, 155 { APIPermission::kCommandLinePrivate, "commandLinePrivate", 156 APIPermissionInfo::kFlagCannotBeOptional }, 157 { APIPermission::kDeveloperPrivate, "developerPrivate", 158 APIPermissionInfo::kFlagCannotBeOptional }, 159 { APIPermission::kDiagnostics, "diagnostics", 160 APIPermissionInfo::kFlagCannotBeOptional }, 161 { APIPermission::kDial, "dial", APIPermissionInfo::kFlagCannotBeOptional }, 162 { APIPermission::kDownloadsInternal, "downloadsInternal" }, 163 { APIPermission::kFileBrowserHandlerInternal, "fileBrowserHandlerInternal", 164 APIPermissionInfo::kFlagCannotBeOptional }, 165 { APIPermission::kFileBrowserPrivate, "fileBrowserPrivate", 166 APIPermissionInfo::kFlagCannotBeOptional }, 167 { APIPermission::kIdentityPrivate, "identityPrivate", 168 APIPermissionInfo::kFlagCannotBeOptional }, 169 { APIPermission::kLogPrivate, "logPrivate"}, 170 { APIPermission::kNetworkingPrivate, "networkingPrivate", 171 APIPermissionInfo::kFlagCannotBeOptional, 172 IDS_EXTENSION_PROMPT_WARNING_NETWORKING_PRIVATE, 173 PermissionMessage::kNetworkingPrivate }, 174 { APIPermission::kMediaPlayerPrivate, "mediaPlayerPrivate", 175 APIPermissionInfo::kFlagCannotBeOptional }, 176 { APIPermission::kMetricsPrivate, "metricsPrivate", 177 APIPermissionInfo::kFlagCannotBeOptional }, 178 { APIPermission::kMusicManagerPrivate, "musicManagerPrivate", 179 APIPermissionInfo::kFlagCannotBeOptional, 180 IDS_EXTENSION_PROMPT_WARNING_MUSIC_MANAGER_PRIVATE, 181 PermissionMessage::kMusicManagerPrivate }, 182 { APIPermission::kPreferencesPrivate, "preferencesPrivate", 183 APIPermissionInfo::kFlagCannotBeOptional }, 184 { APIPermission::kSystemPrivate, "systemPrivate", 185 APIPermissionInfo::kFlagCannotBeOptional }, 186 { APIPermission::kCloudPrintPrivate, "cloudPrintPrivate", 187 APIPermissionInfo::kFlagCannotBeOptional }, 188 { APIPermission::kInputMethodPrivate, "inputMethodPrivate", 189 APIPermissionInfo::kFlagCannotBeOptional }, 190 { APIPermission::kEchoPrivate, "echoPrivate", 191 APIPermissionInfo::kFlagCannotBeOptional }, 192 { APIPermission::kFeedbackPrivate, "feedbackPrivate", 193 APIPermissionInfo::kFlagCannotBeOptional }, 194 { APIPermission::kRecoveryPrivate, "recoveryPrivate", 195 APIPermissionInfo::kFlagCannotBeOptional }, 196 { APIPermission::kRtcPrivate, "rtcPrivate", 197 APIPermissionInfo::kFlagCannotBeOptional }, 198 { APIPermission::kTerminalPrivate, "terminalPrivate", 199 APIPermissionInfo::kFlagCannotBeOptional }, 200 { APIPermission::kWallpaperPrivate, "wallpaperPrivate", 201 APIPermissionInfo::kFlagCannotBeOptional }, 202 { APIPermission::kWebRequestInternal, "webRequestInternal" }, 203 { APIPermission::kWebstorePrivate, "webstorePrivate", 204 APIPermissionInfo::kFlagCannotBeOptional }, 205 { APIPermission::kMediaGalleriesPrivate, "mediaGalleriesPrivate", 206 APIPermissionInfo::kFlagCannotBeOptional }, 207 { APIPermission::kStreamsPrivate, "streamsPrivate", 208 APIPermissionInfo::kFlagCannotBeOptional }, 209 { APIPermission::kEnterprisePlatformKeysPrivate, 210 "enterprise.platformKeysPrivate", 211 APIPermissionInfo::kFlagCannotBeOptional }, 212 213 // Full url access permissions. 214 { APIPermission::kDebugger, "debugger", 215 APIPermissionInfo::kFlagImpliesFullURLAccess | 216 APIPermissionInfo::kFlagCannotBeOptional, 217 IDS_EXTENSION_PROMPT_WARNING_DEBUGGER, 218 PermissionMessage::kDebugger }, 219 { APIPermission::kDevtools, "devtools", 220 APIPermissionInfo::kFlagImpliesFullURLAccess | 221 APIPermissionInfo::kFlagCannotBeOptional | 222 APIPermissionInfo::kFlagInternal }, 223 { APIPermission::kPageCapture, "pageCapture", 224 APIPermissionInfo::kFlagImpliesFullURLAccess }, 225 { APIPermission::kTabCapture, "tabCapture", 226 APIPermissionInfo::kFlagImpliesFullURLAccess }, 227 { APIPermission::kPlugin, "plugin", 228 APIPermissionInfo::kFlagImpliesFullURLAccess | 229 APIPermissionInfo::kFlagImpliesFullAccess | 230 APIPermissionInfo::kFlagCannotBeOptional | 231 APIPermissionInfo::kFlagInternal, 232 IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS, 233 PermissionMessage::kFullAccess }, 234 { APIPermission::kProxy, "proxy", 235 APIPermissionInfo::kFlagImpliesFullURLAccess | 236 APIPermissionInfo::kFlagCannotBeOptional }, 237 238 // Platform-app permissions. 239 { APIPermission::kSerial, "serial", APIPermissionInfo::kFlagNone, 240 IDS_EXTENSION_PROMPT_WARNING_SERIAL, 241 PermissionMessage::kSerial }, 242 // Because warning messages for the "socket" permission vary based on the 243 // permissions parameters, no message ID or message text is specified here. 244 // The message ID and text used will be determined at run-time in the 245 // |SocketPermission| class. 246 { APIPermission::kSocket, "socket", 247 APIPermissionInfo::kFlagCannotBeOptional, 0, 248 PermissionMessage::kNone, &CreateAPIPermission<SocketPermission> }, 249 { APIPermission::kAppCurrentWindowInternal, "app.currentWindowInternal" }, 250 { APIPermission::kAppRuntime, "app.runtime" }, 251 { APIPermission::kAppWindow, "app.window" }, 252 { APIPermission::kAudioCapture, "audioCapture", 253 APIPermissionInfo::kFlagNone, 254 IDS_EXTENSION_PROMPT_WARNING_AUDIO_CAPTURE, 255 PermissionMessage::kAudioCapture }, 256 { APIPermission::kVideoCapture, "videoCapture", 257 APIPermissionInfo::kFlagNone, 258 IDS_EXTENSION_PROMPT_WARNING_VIDEO_CAPTURE, 259 PermissionMessage::kVideoCapture }, 260 // The permission string for "fileSystem" is only shown when "write" is 261 // present. Read-only access is only granted after the user has been shown 262 // a file chooser dialog and selected a file. Selecting the file is 263 // considered consent to read it. 264 { APIPermission::kFileSystem, "fileSystem" }, 265 { APIPermission::kFileSystemRetainEntries, "fileSystem.retainEntries" }, 266 { APIPermission::kFileSystemWrite, "fileSystem.write", 267 APIPermissionInfo::kFlagNone, 268 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE, 269 PermissionMessage::kFileSystemWrite }, 270 // Because warning messages for the "mediaGalleries" permission vary based 271 // on the permissions parameters, no message ID or message text is 272 // specified here. 273 // The message ID and text used will be determined at run-time in the 274 // |MediaGalleriesPermission| class. 275 { APIPermission::kMediaGalleries, "mediaGalleries", 276 APIPermissionInfo::kFlagNone, 0, 277 PermissionMessage::kNone, 278 &CreateAPIPermission<MediaGalleriesPermission> }, 279 { APIPermission::kPushMessaging, "pushMessaging", 280 APIPermissionInfo::kFlagCannotBeOptional }, 281 // Because warning messages for the "bluetooth" permission vary based on 282 // the permissions parameters, no message ID or message text is specified 283 // here. The message ID and text used will be determined at run-time in the 284 // |BluetoothPermission| class. 285 { APIPermission::kBluetooth, "bluetooth", APIPermissionInfo::kFlagNone, 286 0, PermissionMessage::kNone, 287 &CreateAPIPermission<BluetoothPermission> }, 288 { APIPermission::kUsb, "usb", APIPermissionInfo::kFlagNone, 289 IDS_EXTENSION_PROMPT_WARNING_USB, 290 PermissionMessage::kUsb }, 291 { APIPermission::kUsbDevice, "usbDevices", 292 APIPermissionInfo::kFlagNone, 0, PermissionMessage::kNone, 293 &CreateAPIPermission<UsbDevicePermission> }, 294 { APIPermission::kSystemIndicator, "systemIndicator", 295 APIPermissionInfo::kFlagNone, 296 IDS_EXTENSION_PROMPT_WARNING_SYSTEM_INDICATOR, 297 PermissionMessage::kSystemIndicator }, 298 { APIPermission::kSystemCpu, "system.cpu" }, 299 { APIPermission::kSystemMemory, "system.memory" }, 300 { APIPermission::kSystemDisplay, "system.display" }, 301 { APIPermission::kSystemStorage, "system.storage" }, 302 { APIPermission::kPointerLock, "pointerLock" }, 303 { APIPermission::kFullscreen, "fullscreen" }, 304 { APIPermission::kAudio, "audio" }, 305 }; 306 307 std::vector<APIPermissionInfo*> permissions; 308 309 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(PermissionsToRegister); ++i) { 310 const PermissionRegistration& pr = PermissionsToRegister[i]; 311 permissions.push_back(new APIPermissionInfo( 312 pr.id, pr.name, pr.l10n_message_id, 313 pr.message_id ? pr.message_id : PermissionMessage::kNone, 314 pr.flags, 315 pr.constructor)); 316 } 317 return permissions; 318 } 319 320 std::vector<PermissionsProvider::AliasInfo> 321 ChromeAPIPermissions::GetAllAliases() const { 322 // Register aliases. 323 std::vector<PermissionsProvider::AliasInfo> aliases; 324 aliases.push_back(PermissionsProvider::AliasInfo( 325 "unlimitedStorage", kOldUnlimitedStoragePermission)); 326 aliases.push_back(PermissionsProvider::AliasInfo( 327 "tabs", kWindowsPermission)); 328 return aliases; 329 } 330 331 } // namespace extensions 332