1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSION_SET_H_ 6 #define CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSION_SET_H_ 7 8 #include <map> 9 #include <set> 10 #include <string> 11 #include <vector> 12 13 #include "base/gtest_prod_util.h" 14 #include "base/memory/ref_counted.h" 15 #include "base/memory/singleton.h" 16 #include "base/strings/string16.h" 17 #include "chrome/common/extensions/manifest.h" 18 #include "chrome/common/extensions/permissions/api_permission.h" 19 #include "chrome/common/extensions/permissions/api_permission_set.h" 20 #include "chrome/common/extensions/permissions/permission_message.h" 21 #include "extensions/common/url_pattern_set.h" 22 23 namespace extensions { 24 class Extension; 25 26 // The PermissionSet is an immutable class that encapsulates an 27 // extension's permissions. The class exposes set operations for combining and 28 // manipulating the permissions. 29 class PermissionSet 30 : public base::RefCountedThreadSafe<PermissionSet> { 31 public: 32 // Creates an empty permission set (e.g. default permissions). 33 PermissionSet(); 34 35 // Creates a new permission set based on the specified data: the API 36 // permissions, host permissions, and scriptable hosts. The effective hosts 37 // of the newly created permission set will be inferred from the given 38 // host permissions. 39 PermissionSet(const APIPermissionSet& apis, 40 const URLPatternSet& explicit_hosts, 41 const URLPatternSet& scriptable_hosts); 42 43 // Creates a new permission set equal to |set1| - |set2|, passing ownership of 44 // the new set to the caller. 45 static PermissionSet* CreateDifference( 46 const PermissionSet* set1, const PermissionSet* set2); 47 48 // Creates a new permission set equal to the intersection of |set1| and 49 // |set2|, passing ownership of the new set to the caller. 50 static PermissionSet* CreateIntersection( 51 const PermissionSet* set1, const PermissionSet* set2); 52 53 // Creates a new permission set equal to the union of |set1| and |set2|. 54 // Passes ownership of the new set to the caller. 55 static PermissionSet* CreateUnion( 56 const PermissionSet* set1, const PermissionSet* set2); 57 58 // Creates a new permission set that only contains permissions that must be 59 // in the manifest. Passes ownership of the new set to the caller. 60 static PermissionSet* ExcludeNotInManifestPermissions( 61 const PermissionSet* set); 62 63 bool operator==(const PermissionSet& rhs) const; 64 65 // Returns true if every API or host permission available to |set| is also 66 // available to this. In other words, if the API permissions of |set| are a 67 // subset of this, and the host permissions in this encompass those in |set|. 68 bool Contains(const PermissionSet& set) const; 69 70 // Gets the API permissions in this set as a set of strings. 71 std::set<std::string> GetAPIsAsStrings() const; 72 73 // Gets the localized permission messages that represent this set. 74 // The set of permission messages shown varies by extension type. 75 PermissionMessages GetPermissionMessages(Manifest::Type extension_type) const; 76 77 // Gets the localized permission messages that represent this set (represented 78 // as strings). The set of permission messages shown varies by extension type. 79 std::vector<string16> GetWarningMessages(Manifest::Type extension_type) const; 80 81 // Gets the localized permission details for messages that represent this set 82 // (represented as strings). The set of permission messages shown varies by 83 // extension type. 84 std::vector<string16> GetWarningMessagesDetails( 85 Manifest::Type extension_type) const; 86 87 // Returns true if this is an empty set (e.g., the default permission set). 88 bool IsEmpty() const; 89 90 // Returns true if the set has the specified API permission. 91 bool HasAPIPermission(APIPermission::ID permission) const; 92 93 // Returns true if the |extension| explicitly requests access to the given 94 // |permission_name|. Note this does not include APIs without no corresponding 95 // permission, like "runtime" or "browserAction". 96 bool HasAPIPermission(const std::string& permission_name) const; 97 98 // Returns true if the set allows the given permission with the default 99 // permission detal. 100 bool CheckAPIPermission(APIPermission::ID permission) const; 101 102 // Returns true if the set allows the given permission and permission param. 103 bool CheckAPIPermissionWithParam(APIPermission::ID permission, 104 const APIPermission::CheckParam* param) const; 105 106 // Returns true if this includes permission to access |origin|. 107 bool HasExplicitAccessToOrigin(const GURL& origin) const; 108 109 // Returns true if this permission set includes access to script |url|. 110 bool HasScriptableAccessToURL(const GURL& url) const; 111 112 // Returns true if this permission set includes effective access to all 113 // origins. 114 bool HasEffectiveAccessToAllHosts() const; 115 116 // Returns true if this permission set includes effective access to |url|. 117 bool HasEffectiveAccessToURL(const GURL& url) const; 118 119 // Returns ture if this permission set effectively represents full access 120 // (e.g. native code). 121 bool HasEffectiveFullAccess() const; 122 123 // Returns true if |permissions| has a greater privilege level than this 124 // permission set (e.g., this permission set has less permissions). 125 // Whether certain permissions are considered varies by extension type. 126 bool HasLessPrivilegesThan(const PermissionSet* permissions, 127 Manifest::Type extension_type) const; 128 129 const APIPermissionSet& apis() const { return apis_; } 130 131 const URLPatternSet& effective_hosts() const { return effective_hosts_; } 132 133 const URLPatternSet& explicit_hosts() const { return explicit_hosts_; } 134 135 const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; } 136 137 private: 138 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, HasLessHostPrivilegesThan); 139 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, GetWarningMessages_AudioVideo); 140 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, GetDistinctHostsForDisplay); 141 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, 142 GetDistinctHostsForDisplay_ComIsBestRcd); 143 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, 144 GetDistinctHostsForDisplay_NetIs2ndBestRcd); 145 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, 146 GetDistinctHostsForDisplay_OrgIs3rdBestRcd); 147 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, 148 GetDistinctHostsForDisplay_FirstInListIs4thBestRcd); 149 friend class base::RefCountedThreadSafe<PermissionSet>; 150 151 ~PermissionSet(); 152 153 void AddAPIPermission(APIPermission::ID id); 154 155 static std::set<std::string> GetDistinctHosts( 156 const URLPatternSet& host_patterns, 157 bool include_rcd, 158 bool exclude_file_scheme); 159 160 // Adds permissions implied independently of other context. 161 void InitImplicitPermissions(); 162 163 // Initializes the effective host permission based on the data in this set. 164 void InitEffectiveHosts(); 165 166 // Gets the permission messages for the API permissions. 167 std::set<PermissionMessage> GetAPIPermissionMessages() const; 168 169 // Gets the permission messages for the host permissions. 170 std::set<PermissionMessage> GetHostPermissionMessages( 171 Manifest::Type extension_type) const; 172 173 // Returns true if |permissions| has an elevated API privilege level than 174 // this set. 175 bool HasLessAPIPrivilegesThan(const PermissionSet* permissions) const; 176 177 // Returns true if |permissions| has more host permissions compared to this 178 // set. 179 bool HasLessHostPrivilegesThan(const PermissionSet* permissions, 180 Manifest::Type extension_type) const; 181 182 // Gets a list of the distinct hosts for displaying to the user. 183 // NOTE: do not use this for comparing permissions, since this disgards some 184 // information. 185 std::set<std::string> GetDistinctHostsForDisplay() const; 186 187 // The api list is used when deciding if an extension can access certain 188 // extension APIs and features. 189 APIPermissionSet apis_; 190 191 // The list of hosts that can be accessed directly from the extension. 192 // TODO(jstritar): Rename to "hosts_"? 193 URLPatternSet explicit_hosts_; 194 195 // The list of hosts that can be scripted by content scripts. 196 // TODO(jstritar): Rename to "user_script_hosts_"? 197 URLPatternSet scriptable_hosts_; 198 199 // The list of hosts this effectively grants access to. 200 URLPatternSet effective_hosts_; 201 }; 202 203 } // namespace extensions 204 205 #endif // CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSION_SET_H_ 206