Home | History | Annotate | Download | only in permissions 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
      6 #define EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
      7 
      8 #include <map>
      9 #include <set>
     10 #include <string>
     11 
     12 #include "base/callback.h"
     13 #include "base/memory/scoped_ptr.h"
     14 #include "base/pickle.h"
     15 #include "base/values.h"
     16 #include "extensions/common/permissions/permission_message.h"
     17 
     18 namespace IPC {
     19 class Message;
     20 }
     21 
     22 namespace extensions {
     23 
     24 class APIPermissionInfo;
     25 class ChromeAPIPermissions;
     26 
     27 // APIPermission is for handling some complex permissions. Please refer to
     28 // extensions::SocketPermission as an example.
     29 // There is one instance per permission per loaded extension.
     30 class APIPermission {
     31  public:
     32   enum ID {
     33     // Error codes.
     34     kInvalid = -2,
     35     kUnknown = -1,
     36 
     37     // Real permissions.
     38     kActiveTab,
     39     kActivityLogPrivate,
     40     kAdView,
     41     kAlarms,
     42     kAlwaysOnTopWindows,
     43     kAppCurrentWindowInternal,
     44     kAppRuntime,
     45     kAppWindow,
     46     kAudio,
     47     kAudioCapture,
     48     kAutoTestPrivate,
     49     kBackground,
     50     kBluetooth,
     51     kBookmark,
     52     kBookmarkManagerPrivate,
     53     kBrailleDisplayPrivate,
     54     kBrowsingData,
     55     kCast,
     56     kCastStreaming,
     57     kChromeosInfoPrivate,
     58     kClipboardRead,
     59     kClipboardWrite,
     60     kCloudPrintPrivate,
     61     kCommandLinePrivate,
     62     kContentSettings,
     63     kContextMenus,
     64     kCookie,
     65     kDiagnostics,
     66     kDial,
     67     kDebugger,
     68     kDeclarative,
     69     kDeclarativeContent,
     70     kDeclarativeWebRequest,
     71     kDesktopCapture,
     72     kDeveloperPrivate,
     73     kDevtools,
     74     kDns,
     75     kDownloads,
     76     kDownloadsInternal,
     77     kDownloadsOpen,
     78     kDownloadsShelf,
     79     kEchoPrivate,
     80     kEnterprisePlatformKeysPrivate,
     81     kExperimental,
     82     kFeedbackPrivate,
     83     kFileBrowserHandler,
     84     kFileBrowserHandlerInternal,
     85     kFileBrowserPrivate,
     86     kFileSystem,
     87     kFileSystemDirectory,
     88     kFileSystemProvider,
     89     kFileSystemRetainEntries,
     90     kFileSystemWrite,
     91     kFileSystemWriteDirectory,
     92     kFontSettings,
     93     kFullscreen,
     94     kGcm,
     95     kGeolocation,
     96     kHistory,
     97     kHomepage,
     98     kIdentity,
     99     kIdentityPrivate,
    100     kIdltest,
    101     kIdle,
    102     kInfobars,
    103     kInput,
    104     kInputMethodPrivate,
    105     kLocation,
    106     kLogPrivate,
    107     kManagement,
    108     kMediaGalleries,
    109     kMediaGalleriesPrivate,
    110     kMediaPlayerPrivate,
    111     kMetricsPrivate,
    112     kMDns,
    113     kMusicManagerPrivate,
    114     kNativeMessaging,
    115     kNetworkingPrivate,
    116     kNotification,
    117     kOverrideEscFullscreen,
    118     kPageCapture,
    119     kPointerLock,
    120     kPlugin,
    121     kPower,
    122     kPreferencesPrivate,
    123     kPrincipalsPrivate,
    124     kPrivacy,
    125     kProcesses,
    126     kProxy,
    127     kPushMessaging,
    128     kImageWriterPrivate,
    129     kRtcPrivate,
    130     kSearchProvider,
    131     kSerial,
    132     kSessions,
    133     kSignedInDevices,
    134     kSocket,
    135     kStartupPages,
    136     kStorage,
    137     kStreamsPrivate,
    138     kSyncFileSystem,
    139     kSystemPrivate,
    140     kSystemIndicator,
    141     kSystemDisplay,
    142     kSystemStorage,
    143     kTab,
    144     kTabCapture,
    145     kTabCaptureForTab,
    146     kTerminalPrivate,
    147     kTopSites,
    148     kTts,
    149     kTtsEngine,
    150     kUnlimitedStorage,
    151     kUsb,
    152     kUsbDevice,
    153     kVideoCapture,
    154     kVirtualKeyboardPrivate,
    155     kWallpaper,
    156     kWallpaperPrivate,
    157     kWebConnectable,  // for externally_connectable manifest key
    158     kWebNavigation,
    159     kWebRequest,
    160     kWebRequestBlocking,
    161     kWebRequestInternal,
    162     kWebrtcAudioPrivate,
    163     kWebrtcLoggingPrivate,
    164     kWebstorePrivate,
    165     kWebView,
    166     kScreenlockPrivate,
    167     kSystemCpu,
    168     kSystemMemory,
    169     kSystemNetwork,
    170     kSystemInfoCpu,
    171     kSystemInfoMemory,
    172     kFirstRunPrivate,
    173     kEnumBoundary
    174   };
    175 
    176   struct CheckParam {
    177   };
    178 
    179   explicit APIPermission(const APIPermissionInfo* info);
    180 
    181   virtual ~APIPermission();
    182 
    183   // Returns the id of this permission.
    184   ID id() const;
    185 
    186   // Returns the name of this permission.
    187   const char* name() const;
    188 
    189   // Returns the APIPermission of this permission.
    190   const APIPermissionInfo* info() const {
    191     return info_;
    192   }
    193 
    194   // Returns true if this permission has any PermissionMessages.
    195   virtual bool HasMessages() const = 0;
    196 
    197   // Returns the localized permission messages of this permission.
    198   virtual PermissionMessages GetMessages() const = 0;
    199 
    200   // Returns true if the given permission is allowed.
    201   virtual bool Check(const CheckParam* param) const = 0;
    202 
    203   // Returns true if |rhs| is a subset of this.
    204   virtual bool Contains(const APIPermission* rhs) const = 0;
    205 
    206   // Returns true if |rhs| is equal to this.
    207   virtual bool Equal(const APIPermission* rhs) const = 0;
    208 
    209   // Parses the APIPermission from |value|. Returns false if error happens.
    210   virtual bool FromValue(const base::Value* value) = 0;
    211 
    212   // Stores this into a new created |value|.
    213   virtual scoped_ptr<base::Value> ToValue() const = 0;
    214 
    215   // Clones this.
    216   virtual APIPermission* Clone() const = 0;
    217 
    218   // Returns a new API permission which equals this - |rhs|.
    219   virtual APIPermission* Diff(const APIPermission* rhs) const = 0;
    220 
    221   // Returns a new API permission which equals the union of this and |rhs|.
    222   virtual APIPermission* Union(const APIPermission* rhs) const = 0;
    223 
    224   // Returns a new API permission which equals the intersect of this and |rhs|.
    225   virtual APIPermission* Intersect(const APIPermission* rhs) const = 0;
    226 
    227   // IPC functions
    228   // Writes this into the given IPC message |m|.
    229   virtual void Write(IPC::Message* m) const = 0;
    230 
    231   // Reads from the given IPC message |m|.
    232   virtual bool Read(const IPC::Message* m, PickleIterator* iter) = 0;
    233 
    234   // Logs this permission.
    235   virtual void Log(std::string* log) const = 0;
    236 
    237  protected:
    238   // Returns the localized permission message associated with this api.
    239   // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows.
    240   PermissionMessage GetMessage_() const;
    241 
    242  private:
    243   const APIPermissionInfo* const info_;
    244 };
    245 
    246 
    247 // The APIPermissionInfo is an immutable class that describes a single
    248 // named permission (API permission).
    249 // There is one instance per permission.
    250 class APIPermissionInfo {
    251  public:
    252   enum Flag {
    253     kFlagNone = 0,
    254 
    255     // Indicates if the permission implies full access (native code).
    256     kFlagImpliesFullAccess = 1 << 0,
    257 
    258     // Indicates if the permission implies full URL access.
    259     kFlagImpliesFullURLAccess = 1 << 1,
    260 
    261     // Indicates that extensions cannot specify the permission as optional.
    262     kFlagCannotBeOptional = 1 << 3,
    263 
    264     // Indicates that the permission is internal to the extensions
    265     // system and cannot be specified in the "permissions" list.
    266     kFlagInternal = 1 << 4,
    267   };
    268 
    269   typedef APIPermission* (*APIPermissionConstructor)(const APIPermissionInfo*);
    270 
    271   typedef std::set<APIPermission::ID> IDSet;
    272 
    273   ~APIPermissionInfo();
    274 
    275   // Creates a APIPermission instance.
    276   APIPermission* CreateAPIPermission() const;
    277 
    278   int flags() const { return flags_; }
    279 
    280   APIPermission::ID id() const { return id_; }
    281 
    282   // Returns the message id associated with this permission.
    283   PermissionMessage::ID message_id() const {
    284     return message_id_;
    285   }
    286 
    287   // Returns the name of this permission.
    288   const char* name() const { return name_; }
    289 
    290   // Returns true if this permission implies full access (e.g., native code).
    291   bool implies_full_access() const {
    292     return (flags_ & kFlagImpliesFullAccess) != 0;
    293   }
    294 
    295   // Returns true if this permission implies full URL access.
    296   bool implies_full_url_access() const {
    297     return (flags_ & kFlagImpliesFullURLAccess) != 0;
    298   }
    299 
    300   // Returns true if this permission can be added and removed via the
    301   // optional permissions extension API.
    302   bool supports_optional() const {
    303     return (flags_ & kFlagCannotBeOptional) == 0;
    304   }
    305 
    306   // Returns true if this permission is internal rather than a
    307   // "permissions" list entry.
    308   bool is_internal() const {
    309     return (flags_ & kFlagInternal) != 0;
    310   }
    311 
    312  private:
    313   // Instances should only be constructed from within a
    314   // PermissionsInfo::Delegate.
    315   friend class ChromeAPIPermissions;
    316   // Implementations of APIPermission will want to get the permission message,
    317   // but this class's implementation should be hidden from everyone else.
    318   friend class APIPermission;
    319 
    320   explicit APIPermissionInfo(
    321       APIPermission::ID id,
    322       const char* name,
    323       int l10n_message_id,
    324       PermissionMessage::ID message_id,
    325       int flags,
    326       APIPermissionConstructor api_permission_constructor);
    327 
    328   // Returns the localized permission message associated with this api.
    329   // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows.
    330   PermissionMessage GetMessage_() const;
    331 
    332   const APIPermission::ID id_;
    333   const char* const name_;
    334   const int flags_;
    335   const int l10n_message_id_;
    336   const PermissionMessage::ID message_id_;
    337   const APIPermissionConstructor api_permission_constructor_;
    338 };
    339 
    340 }  // namespace extensions
    341 
    342 #endif  // EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
    343