Home | History | Annotate | Download | only in permissions 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSION_SET_H_
      6 #define CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSION_SET_H_
      7 
      8 #include <map>
      9 #include <set>
     10 #include <string>
     11 #include <vector>
     12 
     13 #include "base/gtest_prod_util.h"
     14 #include "base/memory/ref_counted.h"
     15 #include "base/memory/singleton.h"
     16 #include "base/strings/string16.h"
     17 #include "chrome/common/extensions/manifest.h"
     18 #include "chrome/common/extensions/permissions/api_permission.h"
     19 #include "chrome/common/extensions/permissions/api_permission_set.h"
     20 #include "chrome/common/extensions/permissions/permission_message.h"
     21 #include "extensions/common/url_pattern_set.h"
     22 
     23 namespace extensions {
     24 class Extension;
     25 
     26 // The PermissionSet is an immutable class that encapsulates an
     27 // extension's permissions. The class exposes set operations for combining and
     28 // manipulating the permissions.
     29 class PermissionSet
     30     : public base::RefCountedThreadSafe<PermissionSet> {
     31  public:
     32   // Creates an empty permission set (e.g. default permissions).
     33   PermissionSet();
     34 
     35   // Creates a new permission set based on the specified data: the API
     36   // permissions, host permissions, and scriptable hosts. The effective hosts
     37   // of the newly created permission set will be inferred from the given
     38   // host permissions.
     39   PermissionSet(const APIPermissionSet& apis,
     40                 const URLPatternSet& explicit_hosts,
     41                 const URLPatternSet& scriptable_hosts);
     42 
     43   // Creates a new permission set equal to |set1| - |set2|, passing ownership of
     44   // the new set to the caller.
     45   static PermissionSet* CreateDifference(
     46       const PermissionSet* set1, const PermissionSet* set2);
     47 
     48   // Creates a new permission set equal to the intersection of |set1| and
     49   // |set2|, passing ownership of the new set to the caller.
     50   static PermissionSet* CreateIntersection(
     51       const PermissionSet* set1, const PermissionSet* set2);
     52 
     53   // Creates a new permission set equal to the union of |set1| and |set2|.
     54   // Passes ownership of the new set to the caller.
     55   static PermissionSet* CreateUnion(
     56       const PermissionSet* set1, const PermissionSet* set2);
     57 
     58   // Creates a new permission set that only contains permissions that must be
     59   // in the manifest.  Passes ownership of the new set to the caller.
     60   static PermissionSet* ExcludeNotInManifestPermissions(
     61       const PermissionSet* set);
     62 
     63   bool operator==(const PermissionSet& rhs) const;
     64 
     65   // Returns true if every API or host permission available to |set| is also
     66   // available to this. In other words, if the API permissions of |set| are a
     67   // subset of this, and the host permissions in this encompass those in |set|.
     68   bool Contains(const PermissionSet& set) const;
     69 
     70   // Gets the API permissions in this set as a set of strings.
     71   std::set<std::string> GetAPIsAsStrings() const;
     72 
     73   // Gets the localized permission messages that represent this set.
     74   // The set of permission messages shown varies by extension type.
     75   PermissionMessages GetPermissionMessages(Manifest::Type extension_type) const;
     76 
     77   // Gets the localized permission messages that represent this set (represented
     78   // as strings). The set of permission messages shown varies by extension type.
     79   std::vector<string16> GetWarningMessages(Manifest::Type extension_type) const;
     80 
     81   // Gets the localized permission details for messages that represent this set
     82   // (represented as strings). The set of permission messages shown varies by
     83   // extension type.
     84   std::vector<string16> GetWarningMessagesDetails(
     85       Manifest::Type extension_type) const;
     86 
     87   // Returns true if this is an empty set (e.g., the default permission set).
     88   bool IsEmpty() const;
     89 
     90   // Returns true if the set has the specified API permission.
     91   bool HasAPIPermission(APIPermission::ID permission) const;
     92 
     93   // Returns true if the |extension| explicitly requests access to the given
     94   // |permission_name|. Note this does not include APIs without no corresponding
     95   // permission, like "runtime" or "browserAction".
     96   bool HasAPIPermission(const std::string& permission_name) const;
     97 
     98   // Returns true if the set allows the given permission with the default
     99   // permission detal.
    100   bool CheckAPIPermission(APIPermission::ID permission) const;
    101 
    102   // Returns true if the set allows the given permission and permission param.
    103   bool CheckAPIPermissionWithParam(APIPermission::ID permission,
    104       const APIPermission::CheckParam* param) const;
    105 
    106   // Returns true if this includes permission to access |origin|.
    107   bool HasExplicitAccessToOrigin(const GURL& origin) const;
    108 
    109   // Returns true if this permission set includes access to script |url|.
    110   bool HasScriptableAccessToURL(const GURL& url) const;
    111 
    112   // Returns true if this permission set includes effective access to all
    113   // origins.
    114   bool HasEffectiveAccessToAllHosts() const;
    115 
    116   // Returns true if this permission set includes effective access to |url|.
    117   bool HasEffectiveAccessToURL(const GURL& url) const;
    118 
    119   // Returns ture if this permission set effectively represents full access
    120   // (e.g. native code).
    121   bool HasEffectiveFullAccess() const;
    122 
    123   // Returns true if |permissions| has a greater privilege level than this
    124   // permission set (e.g., this permission set has less permissions).
    125   // Whether certain permissions are considered varies by extension type.
    126   bool HasLessPrivilegesThan(const PermissionSet* permissions,
    127                              Manifest::Type extension_type) const;
    128 
    129   const APIPermissionSet& apis() const { return apis_; }
    130 
    131   const URLPatternSet& effective_hosts() const { return effective_hosts_; }
    132 
    133   const URLPatternSet& explicit_hosts() const { return explicit_hosts_; }
    134 
    135   const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; }
    136 
    137  private:
    138   FRIEND_TEST_ALL_PREFIXES(PermissionsTest, HasLessHostPrivilegesThan);
    139   FRIEND_TEST_ALL_PREFIXES(PermissionsTest, GetWarningMessages_AudioVideo);
    140   FRIEND_TEST_ALL_PREFIXES(PermissionsTest, GetDistinctHostsForDisplay);
    141   FRIEND_TEST_ALL_PREFIXES(PermissionsTest,
    142                            GetDistinctHostsForDisplay_ComIsBestRcd);
    143   FRIEND_TEST_ALL_PREFIXES(PermissionsTest,
    144                            GetDistinctHostsForDisplay_NetIs2ndBestRcd);
    145   FRIEND_TEST_ALL_PREFIXES(PermissionsTest,
    146                            GetDistinctHostsForDisplay_OrgIs3rdBestRcd);
    147   FRIEND_TEST_ALL_PREFIXES(PermissionsTest,
    148                            GetDistinctHostsForDisplay_FirstInListIs4thBestRcd);
    149   friend class base::RefCountedThreadSafe<PermissionSet>;
    150 
    151   ~PermissionSet();
    152 
    153   void AddAPIPermission(APIPermission::ID id);
    154 
    155   static std::set<std::string> GetDistinctHosts(
    156       const URLPatternSet& host_patterns,
    157       bool include_rcd,
    158       bool exclude_file_scheme);
    159 
    160   // Adds permissions implied independently of other context.
    161   void InitImplicitPermissions();
    162 
    163   // Initializes the effective host permission based on the data in this set.
    164   void InitEffectiveHosts();
    165 
    166   // Gets the permission messages for the API permissions.
    167   std::set<PermissionMessage> GetAPIPermissionMessages() const;
    168 
    169   // Gets the permission messages for the host permissions.
    170   std::set<PermissionMessage> GetHostPermissionMessages(
    171       Manifest::Type extension_type) const;
    172 
    173   // Returns true if |permissions| has an elevated API privilege level than
    174   // this set.
    175   bool HasLessAPIPrivilegesThan(const PermissionSet* permissions) const;
    176 
    177   // Returns true if |permissions| has more host permissions compared to this
    178   // set.
    179   bool HasLessHostPrivilegesThan(const PermissionSet* permissions,
    180                                  Manifest::Type extension_type) const;
    181 
    182   // Gets a list of the distinct hosts for displaying to the user.
    183   // NOTE: do not use this for comparing permissions, since this disgards some
    184   // information.
    185   std::set<std::string> GetDistinctHostsForDisplay() const;
    186 
    187   // The api list is used when deciding if an extension can access certain
    188   // extension APIs and features.
    189   APIPermissionSet apis_;
    190 
    191   // The list of hosts that can be accessed directly from the extension.
    192   // TODO(jstritar): Rename to "hosts_"?
    193   URLPatternSet explicit_hosts_;
    194 
    195   // The list of hosts that can be scripted by content scripts.
    196   // TODO(jstritar): Rename to "user_script_hosts_"?
    197   URLPatternSet scriptable_hosts_;
    198 
    199   // The list of hosts this effectively grants access to.
    200   URLPatternSet effective_hosts_;
    201 };
    202 
    203 }  // namespace extensions
    204 
    205 #endif  // CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSION_SET_H_
    206