1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/common/extensions/permissions/chrome_api_permissions.h" 6 7 #include "chrome/common/extensions/permissions/bluetooth_permission.h" 8 #include "chrome/common/extensions/permissions/media_galleries_permission.h" 9 #include "chrome/common/extensions/permissions/socket_permission.h" 10 #include "chrome/common/extensions/permissions/usb_device_permission.h" 11 #include "extensions/common/permissions/api_permission.h" 12 #include "extensions/common/permissions/api_permission_set.h" 13 #include "extensions/common/permissions/permission_message.h" 14 #include "extensions/common/permissions/permissions_info.h" 15 #include "grit/generated_resources.h" 16 17 namespace extensions { 18 19 namespace { 20 21 const char kOldUnlimitedStoragePermission[] = "unlimited_storage"; 22 const char kWindowsPermission[] = "windows"; 23 24 template<typename T> APIPermission* CreateAPIPermission( 25 const APIPermissionInfo* permission) { 26 return new T(permission); 27 } 28 29 } // namespace 30 31 std::vector<APIPermissionInfo*> ChromeAPIPermissions::GetAllPermissions() 32 const { 33 struct PermissionRegistration { 34 APIPermission::ID id; 35 const char* name; 36 int flags; 37 int l10n_message_id; 38 PermissionMessage::ID message_id; 39 APIPermissionInfo::APIPermissionConstructor constructor; 40 } PermissionsToRegister[] = { 41 // Register permissions for all extension types. 42 { APIPermission::kBackground, "background" }, 43 { APIPermission::kClipboardRead, "clipboardRead", 44 APIPermissionInfo::kFlagNone, 45 IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD, 46 PermissionMessage::kClipboard }, 47 { APIPermission::kClipboardWrite, "clipboardWrite" }, 48 { APIPermission::kDeclarativeContent, "declarativeContent" }, 49 { APIPermission::kDeclarativeWebRequest, "declarativeWebRequest", 50 APIPermissionInfo::kFlagNone, 51 IDS_EXTENSION_PROMPT_WARNING_DECLARATIVE_WEB_REQUEST, 52 PermissionMessage::kDeclarativeWebRequest }, 53 { APIPermission::kDesktopCapture, "desktopCapture", 54 APIPermissionInfo::kFlagNone, 55 IDS_EXTENSION_PROMPT_WARNING_DESKTOP_CAPTURE, 56 PermissionMessage::kDesktopCapture }, 57 { APIPermission::kDns, "dns" }, 58 { APIPermission::kDownloads, "downloads", APIPermissionInfo::kFlagNone, 59 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS, 60 PermissionMessage::kDownloads }, 61 { APIPermission::kDownloadsOpen, "downloads.open", 62 APIPermissionInfo::kFlagNone, 63 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS_OPEN, 64 PermissionMessage::kDownloadsOpen }, 65 { APIPermission::kDownloadsShelf, "downloads.shelf" }, 66 { APIPermission::kIdentity, "identity" }, 67 { APIPermission::kExperimental, "experimental", 68 APIPermissionInfo::kFlagCannotBeOptional }, 69 // NOTE(kalman): this is provided by a manifest property but needs to 70 // appear in the install permission dialogue, so we need a fake 71 // permission for it. See http://crbug.com/247857. 72 { APIPermission::kWebConnectable, "webConnectable", 73 APIPermissionInfo::kFlagCannotBeOptional | 74 APIPermissionInfo::kFlagInternal, 75 IDS_EXTENSION_PROMPT_WARNING_WEB_CONNECTABLE, 76 PermissionMessage::kWebConnectable}, 77 { APIPermission::kGeolocation, "geolocation", 78 APIPermissionInfo::kFlagCannotBeOptional, 79 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION, 80 PermissionMessage::kGeolocation }, 81 { APIPermission::kNotification, "notifications" }, 82 { APIPermission::kUnlimitedStorage, "unlimitedStorage", 83 APIPermissionInfo::kFlagCannotBeOptional }, 84 { APIPermission::kGcm, "gcm" }, 85 86 // Register extension permissions. 87 { APIPermission::kActiveTab, "activeTab" }, 88 { APIPermission::kAdView, "adview" }, 89 { APIPermission::kAlarms, "alarms" }, 90 { APIPermission::kBookmark, "bookmarks", APIPermissionInfo::kFlagNone, 91 IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS, 92 PermissionMessage::kBookmarks }, 93 { APIPermission::kBrailleDisplayPrivate, "brailleDisplayPrivate", 94 APIPermissionInfo::kFlagCannotBeOptional }, 95 { APIPermission::kBrowsingData, "browsingData" }, 96 { APIPermission::kContentSettings, "contentSettings", 97 APIPermissionInfo::kFlagNone, 98 IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS, 99 PermissionMessage::kContentSettings }, 100 { APIPermission::kContextMenus, "contextMenus" }, 101 { APIPermission::kCookie, "cookies" }, 102 { APIPermission::kFileBrowserHandler, "fileBrowserHandler", 103 APIPermissionInfo::kFlagCannotBeOptional }, 104 { APIPermission::kFontSettings, "fontSettings", 105 APIPermissionInfo::kFlagCannotBeOptional }, 106 { APIPermission::kHistory, "history", APIPermissionInfo::kFlagNone, 107 IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY, 108 PermissionMessage::kBrowsingHistory }, 109 { APIPermission::kIdltest, "idltest" }, 110 { APIPermission::kIdle, "idle" }, 111 { APIPermission::kInfobars, "infobars" }, 112 { APIPermission::kInput, "input", APIPermissionInfo::kFlagNone, 113 IDS_EXTENSION_PROMPT_WARNING_INPUT, 114 PermissionMessage::kInput }, 115 { APIPermission::kLocation, "location", 116 APIPermissionInfo::kFlagCannotBeOptional, 117 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION, 118 PermissionMessage::kGeolocation }, 119 { APIPermission::kManagement, "management", APIPermissionInfo::kFlagNone, 120 IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT, 121 PermissionMessage::kManagement }, 122 { APIPermission::kNativeMessaging, "nativeMessaging", 123 APIPermissionInfo::kFlagNone, 124 IDS_EXTENSION_PROMPT_WARNING_NATIVE_MESSAGING, 125 PermissionMessage::kNativeMessaging }, 126 { APIPermission::kPower, "power", }, 127 { APIPermission::kPrivacy, "privacy", APIPermissionInfo::kFlagNone, 128 IDS_EXTENSION_PROMPT_WARNING_PRIVACY, 129 PermissionMessage::kPrivacy }, 130 { APIPermission::kProcesses, "processes", APIPermissionInfo::kFlagNone, 131 IDS_EXTENSION_PROMPT_WARNING_TABS, 132 PermissionMessage::kTabs }, 133 { APIPermission::kSessions, "sessions" }, 134 { APIPermission::kSignedInDevices, "signedInDevices", 135 APIPermissionInfo::kFlagNone, 136 IDS_EXTENSION_PROMPT_WARNING_SIGNED_IN_DEVICES, 137 PermissionMessage::kSignedInDevices }, 138 { APIPermission::kStorage, "storage" }, 139 { APIPermission::kSyncFileSystem, "syncFileSystem", 140 APIPermissionInfo::kFlagNone, 141 IDS_EXTENSION_PROMPT_WARNING_SYNCFILESYSTEM, 142 PermissionMessage::kSyncFileSystem }, 143 { APIPermission::kTab, "tabs", APIPermissionInfo::kFlagNone, 144 IDS_EXTENSION_PROMPT_WARNING_TABS, 145 PermissionMessage::kTabs }, 146 { APIPermission::kTopSites, "topSites", APIPermissionInfo::kFlagNone, 147 IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY, 148 PermissionMessage::kBrowsingHistory }, 149 { APIPermission::kTts, "tts", 0, APIPermissionInfo::kFlagCannotBeOptional }, 150 { APIPermission::kTtsEngine, "ttsEngine", 151 APIPermissionInfo::kFlagCannotBeOptional, 152 IDS_EXTENSION_PROMPT_WARNING_TTS_ENGINE, 153 PermissionMessage::kTtsEngine }, 154 { APIPermission::kWallpaper, "wallpaper", 155 APIPermissionInfo::kFlagCannotBeOptional, 156 IDS_EXTENSION_PROMPT_WARNING_WALLPAPER, 157 PermissionMessage::kWallpaper }, 158 { APIPermission::kWebNavigation, "webNavigation", 159 APIPermissionInfo::kFlagNone, 160 IDS_EXTENSION_PROMPT_WARNING_TABS, PermissionMessage::kTabs }, 161 { APIPermission::kWebRequest, "webRequest" }, 162 { APIPermission::kWebRequestBlocking, "webRequestBlocking" }, 163 { APIPermission::kWebView, "webview", 164 APIPermissionInfo::kFlagCannotBeOptional }, 165 166 // Register private permissions. 167 { APIPermission::kScreenlockPrivate, "screenlockPrivate", 168 APIPermissionInfo::kFlagCannotBeOptional, 169 IDS_EXTENSION_PROMPT_WARNING_SCREENLOCK_PRIVATE, 170 PermissionMessage::kScreenlockPrivate }, 171 { APIPermission::kActivityLogPrivate, "activityLogPrivate", 172 APIPermissionInfo::kFlagCannotBeOptional, 173 IDS_EXTENSION_PROMPT_WARNING_ACTIVITY_LOG_PRIVATE, 174 PermissionMessage::kActivityLogPrivate }, 175 { APIPermission::kAutoTestPrivate, "autotestPrivate", 176 APIPermissionInfo::kFlagCannotBeOptional }, 177 { APIPermission::kBookmarkManagerPrivate, "bookmarkManagerPrivate", 178 APIPermissionInfo::kFlagCannotBeOptional }, 179 { APIPermission::kCast, "cast", 180 APIPermissionInfo::kFlagCannotBeOptional }, 181 { APIPermission::kChromeosInfoPrivate, "chromeosInfoPrivate", 182 APIPermissionInfo::kFlagCannotBeOptional }, 183 { APIPermission::kCommandLinePrivate, "commandLinePrivate", 184 APIPermissionInfo::kFlagCannotBeOptional }, 185 { APIPermission::kDeveloperPrivate, "developerPrivate", 186 APIPermissionInfo::kFlagCannotBeOptional }, 187 { APIPermission::kDiagnostics, "diagnostics", 188 APIPermissionInfo::kFlagCannotBeOptional }, 189 { APIPermission::kDial, "dial", APIPermissionInfo::kFlagCannotBeOptional }, 190 { APIPermission::kDownloadsInternal, "downloadsInternal" }, 191 { APIPermission::kFileBrowserHandlerInternal, "fileBrowserHandlerInternal", 192 APIPermissionInfo::kFlagCannotBeOptional }, 193 { APIPermission::kFileBrowserPrivate, "fileBrowserPrivate", 194 APIPermissionInfo::kFlagCannotBeOptional }, 195 { APIPermission::kIdentityPrivate, "identityPrivate", 196 APIPermissionInfo::kFlagCannotBeOptional }, 197 { APIPermission::kLogPrivate, "logPrivate"}, 198 { APIPermission::kNetworkingPrivate, "networkingPrivate", 199 APIPermissionInfo::kFlagCannotBeOptional, 200 IDS_EXTENSION_PROMPT_WARNING_NETWORKING_PRIVATE, 201 PermissionMessage::kNetworkingPrivate }, 202 { APIPermission::kMediaPlayerPrivate, "mediaPlayerPrivate", 203 APIPermissionInfo::kFlagCannotBeOptional }, 204 { APIPermission::kMetricsPrivate, "metricsPrivate", 205 APIPermissionInfo::kFlagCannotBeOptional }, 206 { APIPermission::kMDns, "mdns", APIPermissionInfo::kFlagCannotBeOptional }, 207 { APIPermission::kMusicManagerPrivate, "musicManagerPrivate", 208 APIPermissionInfo::kFlagCannotBeOptional, 209 IDS_EXTENSION_PROMPT_WARNING_MUSIC_MANAGER_PRIVATE, 210 PermissionMessage::kMusicManagerPrivate }, 211 { APIPermission::kPreferencesPrivate, "preferencesPrivate", 212 APIPermissionInfo::kFlagCannotBeOptional }, 213 { APIPermission::kSystemPrivate, "systemPrivate", 214 APIPermissionInfo::kFlagCannotBeOptional }, 215 { APIPermission::kCloudPrintPrivate, "cloudPrintPrivate", 216 APIPermissionInfo::kFlagCannotBeOptional }, 217 { APIPermission::kInputMethodPrivate, "inputMethodPrivate", 218 APIPermissionInfo::kFlagCannotBeOptional }, 219 { APIPermission::kEchoPrivate, "echoPrivate", 220 APIPermissionInfo::kFlagCannotBeOptional }, 221 { APIPermission::kFeedbackPrivate, "feedbackPrivate", 222 APIPermissionInfo::kFlagCannotBeOptional }, 223 { APIPermission::kImageWriterPrivate, "imageWriterPrivate", 224 APIPermissionInfo::kFlagCannotBeOptional }, 225 { APIPermission::kRtcPrivate, "rtcPrivate", 226 APIPermissionInfo::kFlagCannotBeOptional }, 227 { APIPermission::kTerminalPrivate, "terminalPrivate", 228 APIPermissionInfo::kFlagCannotBeOptional }, 229 { APIPermission::kVirtualKeyboardPrivate, "virtualKeyboardPrivate", 230 APIPermissionInfo::kFlagCannotBeOptional }, 231 { APIPermission::kWallpaperPrivate, "wallpaperPrivate", 232 APIPermissionInfo::kFlagCannotBeOptional }, 233 { APIPermission::kWebRequestInternal, "webRequestInternal" }, 234 { APIPermission::kWebstorePrivate, "webstorePrivate", 235 APIPermissionInfo::kFlagCannotBeOptional }, 236 { APIPermission::kMediaGalleriesPrivate, "mediaGalleriesPrivate", 237 APIPermissionInfo::kFlagCannotBeOptional }, 238 { APIPermission::kStreamsPrivate, "streamsPrivate", 239 APIPermissionInfo::kFlagCannotBeOptional }, 240 { APIPermission::kEnterprisePlatformKeysPrivate, 241 "enterprise.platformKeysPrivate", 242 APIPermissionInfo::kFlagCannotBeOptional }, 243 { APIPermission::kWebrtcAudioPrivate, "webrtcAudioPrivate", 244 APIPermissionInfo::kFlagCannotBeOptional }, 245 { APIPermission::kWebrtcLoggingPrivate, "webrtcLoggingPrivate", 246 APIPermissionInfo::kFlagCannotBeOptional }, 247 { APIPermission::kPrincipalsPrivate, "principalsPrivate", 248 APIPermissionInfo::kFlagCannotBeOptional }, 249 { APIPermission::kFirstRunPrivate, "firstRunPrivate", 250 APIPermissionInfo::kFlagCannotBeOptional}, 251 252 // Full url access permissions. 253 { APIPermission::kDebugger, "debugger", 254 APIPermissionInfo::kFlagImpliesFullURLAccess | 255 APIPermissionInfo::kFlagCannotBeOptional, 256 IDS_EXTENSION_PROMPT_WARNING_DEBUGGER, 257 PermissionMessage::kDebugger }, 258 { APIPermission::kDevtools, "devtools", 259 APIPermissionInfo::kFlagImpliesFullURLAccess | 260 APIPermissionInfo::kFlagCannotBeOptional | 261 APIPermissionInfo::kFlagInternal }, 262 { APIPermission::kPageCapture, "pageCapture", 263 APIPermissionInfo::kFlagImpliesFullURLAccess }, 264 { APIPermission::kTabCapture, "tabCapture", 265 APIPermissionInfo::kFlagImpliesFullURLAccess }, 266 { APIPermission::kTabCaptureForTab, "tabCaptureForTab", 267 APIPermissionInfo::kFlagInternal }, 268 { APIPermission::kPlugin, "plugin", 269 APIPermissionInfo::kFlagImpliesFullURLAccess | 270 APIPermissionInfo::kFlagImpliesFullAccess | 271 APIPermissionInfo::kFlagCannotBeOptional | 272 APIPermissionInfo::kFlagInternal, 273 IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS, 274 PermissionMessage::kFullAccess }, 275 { APIPermission::kProxy, "proxy", 276 APIPermissionInfo::kFlagImpliesFullURLAccess | 277 APIPermissionInfo::kFlagCannotBeOptional }, 278 279 // Platform-app permissions. 280 { APIPermission::kSerial, "serial", APIPermissionInfo::kFlagNone, 281 IDS_EXTENSION_PROMPT_WARNING_SERIAL, 282 PermissionMessage::kSerial }, 283 // Because warning messages for the "socket" permission vary based on the 284 // permissions parameters, no message ID or message text is specified here. 285 // The message ID and text used will be determined at run-time in the 286 // |SocketPermission| class. 287 { APIPermission::kSocket, "socket", 288 APIPermissionInfo::kFlagCannotBeOptional, 0, 289 PermissionMessage::kNone, &CreateAPIPermission<SocketPermission> }, 290 { APIPermission::kAppCurrentWindowInternal, "app.currentWindowInternal" }, 291 { APIPermission::kAppRuntime, "app.runtime" }, 292 { APIPermission::kAppWindow, "app.window" }, 293 { APIPermission::kAlwaysOnTopWindows, "alwaysOnTopWindows" }, 294 { APIPermission::kAudioCapture, "audioCapture", 295 APIPermissionInfo::kFlagNone, 296 IDS_EXTENSION_PROMPT_WARNING_AUDIO_CAPTURE, 297 PermissionMessage::kAudioCapture }, 298 { APIPermission::kVideoCapture, "videoCapture", 299 APIPermissionInfo::kFlagNone, 300 IDS_EXTENSION_PROMPT_WARNING_VIDEO_CAPTURE, 301 PermissionMessage::kVideoCapture }, 302 // The permission string for "fileSystem" is only shown when "write" or 303 // "directory" is present. Read-only access is only granted after the user 304 // has been shown a file or directory chooser dialog and selected a file or 305 // directory . Selecting the file or directory is considered consent to 306 // read it. 307 { APIPermission::kFileSystem, "fileSystem" }, 308 { APIPermission::kFileSystemDirectory, "fileSystem.directory", 309 APIPermissionInfo::kFlagNone, 310 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_DIRECTORY, 311 PermissionMessage::kFileSystemDirectory }, 312 { APIPermission::kFileSystemProvider, "fileSystemProvider" }, 313 { APIPermission::kFileSystemRetainEntries, "fileSystem.retainEntries" }, 314 { APIPermission::kFileSystemWrite, "fileSystem.write", 315 APIPermissionInfo::kFlagNone, 316 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE, 317 PermissionMessage::kFileSystemWrite }, 318 { APIPermission::kFileSystemWriteDirectory, "fileSystem.writeDirectory", 319 APIPermissionInfo::kFlagNone, 320 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY, 321 PermissionMessage::kFileSystemWriteDirectory }, 322 // Because warning messages for the "mediaGalleries" permission vary based 323 // on the permissions parameters, no message ID or message text is 324 // specified here. 325 // The message ID and text used will be determined at run-time in the 326 // |MediaGalleriesPermission| class. 327 { APIPermission::kMediaGalleries, "mediaGalleries", 328 APIPermissionInfo::kFlagNone, 0, 329 PermissionMessage::kNone, 330 &CreateAPIPermission<MediaGalleriesPermission> }, 331 { APIPermission::kPushMessaging, "pushMessaging", 332 APIPermissionInfo::kFlagCannotBeOptional }, 333 // Because warning messages for the "bluetooth" permission vary based on 334 // the permissions parameters, no message ID or message text is specified 335 // here. The message ID and text used will be determined at run-time in the 336 // |BluetoothPermission| class. 337 { APIPermission::kBluetooth, "bluetooth", APIPermissionInfo::kFlagNone, 338 0, PermissionMessage::kNone, 339 &CreateAPIPermission<BluetoothPermission> }, 340 { APIPermission::kUsb, "usb", APIPermissionInfo::kFlagNone, 341 IDS_EXTENSION_PROMPT_WARNING_USB, 342 PermissionMessage::kUsb }, 343 { APIPermission::kUsbDevice, "usbDevices", 344 APIPermissionInfo::kFlagNone, 0, PermissionMessage::kNone, 345 &CreateAPIPermission<UsbDevicePermission> }, 346 { APIPermission::kSystemIndicator, "systemIndicator", 347 APIPermissionInfo::kFlagNone, 348 IDS_EXTENSION_PROMPT_WARNING_SYSTEM_INDICATOR, 349 PermissionMessage::kSystemIndicator }, 350 { APIPermission::kSystemCpu, "system.cpu" }, 351 { APIPermission::kSystemMemory, "system.memory" }, 352 { APIPermission::kSystemNetwork, "system.network" }, 353 { APIPermission::kSystemDisplay, "system.display" }, 354 { APIPermission::kSystemStorage, "system.storage" }, 355 { APIPermission::kPointerLock, "pointerLock" }, 356 { APIPermission::kFullscreen, "fullscreen" }, 357 { APIPermission::kAudio, "audio" }, 358 { APIPermission::kCastStreaming, "cast.streaming" }, 359 { APIPermission::kOverrideEscFullscreen, "overrideEscFullscreen" }, 360 361 // Settings override permissions. 362 { APIPermission::kHomepage, "homepage", 363 APIPermissionInfo::kFlagCannotBeOptional | 364 APIPermissionInfo::kFlagInternal, 365 IDS_EXTENSION_PROMPT_WARNING_HOME_PAGE_SETTING_OVERRIDE, 366 PermissionMessage::kHomepage }, 367 { APIPermission::kSearchProvider, "searchProvider", 368 APIPermissionInfo::kFlagCannotBeOptional | 369 APIPermissionInfo::kFlagInternal, 370 IDS_EXTENSION_PROMPT_WARNING_SEARCH_SETTINGS_OVERRIDE, 371 PermissionMessage::kSearchProvider }, 372 { APIPermission::kStartupPages, "startupPages", 373 APIPermissionInfo::kFlagCannotBeOptional | 374 APIPermissionInfo::kFlagInternal, 375 IDS_EXTENSION_PROMPT_WARNING_START_PAGE_SETTING_OVERRIDE, 376 PermissionMessage::kStartupPages }, 377 }; 378 379 std::vector<APIPermissionInfo*> permissions; 380 381 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(PermissionsToRegister); ++i) { 382 const PermissionRegistration& pr = PermissionsToRegister[i]; 383 permissions.push_back(new APIPermissionInfo( 384 pr.id, pr.name, pr.l10n_message_id, 385 pr.message_id ? pr.message_id : PermissionMessage::kNone, 386 pr.flags, 387 pr.constructor)); 388 } 389 return permissions; 390 } 391 392 std::vector<PermissionsProvider::AliasInfo> 393 ChromeAPIPermissions::GetAllAliases() const { 394 // Register aliases. 395 std::vector<PermissionsProvider::AliasInfo> aliases; 396 aliases.push_back(PermissionsProvider::AliasInfo( 397 "unlimitedStorage", kOldUnlimitedStoragePermission)); 398 aliases.push_back(PermissionsProvider::AliasInfo( 399 "tabs", kWindowsPermission)); 400 return aliases; 401 } 402 403 } // namespace extensions 404
