1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_PERMISSIONS_DATA_H_ 6 #define EXTENSIONS_COMMON_PERMISSIONS_PERMISSIONS_DATA_H_ 7 8 #include <map> 9 #include <string> 10 #include <vector> 11 12 #include "base/memory/ref_counted.h" 13 #include "base/memory/scoped_ptr.h" 14 #include "base/strings/string16.h" 15 #include "base/synchronization/lock.h" 16 #include "extensions/common/extension.h" 17 #include "extensions/common/manifest.h" 18 #include "extensions/common/permissions/api_permission.h" 19 #include "extensions/common/permissions/permission_message.h" 20 #include "extensions/common/permissions/permission_set.h" 21 22 class GURL; 23 24 namespace extensions { 25 26 class PermissionSet; 27 class Extension; 28 class URLPatternSet; 29 class UserScript; 30 31 // A container for the active permissions of an extension. 32 // TODO(rdevlin.cronin): For the love of everything good, rename this class to 33 // ActivePermissions. We do *not* need PermissionsParser, PermissionSet, 34 // PermissionInfo, and PermissionsData. No one will be able to keep them 35 // straight. 36 class PermissionsData { 37 public: 38 // Delegate class to allow different contexts (e.g. browser vs renderer) to 39 // have control over policy decisions. 40 class PolicyDelegate { 41 public: 42 virtual ~PolicyDelegate() {} 43 44 // Returns false if script access should be blocked on this page. 45 // Otherwise, default policy should decide. 46 virtual bool CanExecuteScriptOnPage(const Extension* extension, 47 const GURL& document_url, 48 const GURL& top_document_url, 49 int tab_id, 50 int process_id, 51 std::string* error) = 0; 52 }; 53 54 static void SetPolicyDelegate(PolicyDelegate* delegate); 55 56 PermissionsData(const Extension* extension); 57 virtual ~PermissionsData(); 58 59 // Returns true if the |extension| can silently increase its permission level. 60 // Users must approve permissions for unpacked and packed extensions in the 61 // following situations: 62 // - when installing or upgrading packed extensions 63 // - when installing unpacked extensions that have NPAPI plugins 64 // - when either type of extension requests optional permissions 65 static bool CanSilentlyIncreasePermissions(const Extension* extension); 66 67 // Returns true if the extension is a COMPONENT extension or is on the 68 // whitelist of extensions that can script all pages. 69 static bool CanExecuteScriptEverywhere(const Extension* extension); 70 71 // Returns true if we should skip the permisisons warning for the extension 72 // with the given |extension_id|. 73 static bool ShouldSkipPermissionWarnings(const std::string& extension_id); 74 75 // Returns true if the given |url| is restricted for the given |extension|, 76 // as is commonly the case for chrome:// urls. 77 // NOTE: You probably want to use CanAccessPage(). 78 static bool IsRestrictedUrl(const GURL& document_url, 79 const GURL& top_frame_url, 80 const Extension* extension, 81 std::string* error); 82 83 // Sets the runtime permissions of the given |extension| to |permissions|. 84 void SetActivePermissions(const PermissionSet* active) const; 85 86 // Updates the tab-specific permissions of |tab_id| to include those from 87 // |permissions|. 88 void UpdateTabSpecificPermissions( 89 int tab_id, 90 scoped_refptr<const PermissionSet> permissions) const; 91 92 // Clears the tab-specific permissions of |tab_id|. 93 void ClearTabSpecificPermissions(int tab_id) const; 94 95 // Returns true if the |extension| has the given |permission|. Prefer 96 // IsExtensionWithPermissionOrSuggestInConsole when developers may be using an 97 // api that requires a permission they didn't know about, e.g. open web apis. 98 // Note this does not include APIs with no corresponding permission, like 99 // "runtime" or "browserAction". 100 // TODO(mpcomplete): drop the "API" from these names, it's confusing. 101 bool HasAPIPermission(APIPermission::ID permission) const; 102 bool HasAPIPermission(const std::string& permission_name) const; 103 bool HasAPIPermissionForTab(int tab_id, APIPermission::ID permission) const; 104 bool CheckAPIPermissionWithParam( 105 APIPermission::ID permission, 106 const APIPermission::CheckParam* param) const; 107 108 // TODO(rdevlin.cronin): GetEffectiveHostPermissions(), HasHostPermission(), 109 // and HasEffectiveAccessToAllHosts() are just forwards for the active 110 // permissions. We should either get rid of these, and have callers use 111 // active_permissions(), or should get rid of active_permissions(), and make 112 // callers use PermissionsData for everything. We should not do both. 113 114 // Returns the effective hosts associated with the active permissions. 115 const URLPatternSet& GetEffectiveHostPermissions() const; 116 117 // Whether the extension has access to the given |url|. 118 bool HasHostPermission(const GURL& url) const; 119 120 // Whether the extension has effective access to all hosts. This is true if 121 // there is a content script that matches all hosts, if there is a host 122 // permission grants access to all hosts (like <all_urls>) or an api 123 // permission that effectively grants access to all hosts (e.g. proxy, 124 // network, etc.) 125 bool HasEffectiveAccessToAllHosts() const; 126 127 // Returns the full list of permission messages that should display at 128 // install time. 129 PermissionMessages GetPermissionMessages() const; 130 131 // Returns the full list of permission messages that should display at install 132 // time as strings. 133 std::vector<base::string16> GetPermissionMessageStrings() const; 134 135 // Returns the full list of permission details for messages that should 136 // display at install time as strings. 137 std::vector<base::string16> GetPermissionMessageDetailsStrings() const; 138 139 // Returns true if the |extension| has permission to access and interact with 140 // the specified page, in order to do things like inject scripts or modify 141 // the content. 142 // If this returns false and |error| is non-NULL, |error| will be popualted 143 // with the reason the extension cannot access the page. 144 bool CanAccessPage(const Extension* extension, 145 const GURL& document_url, 146 const GURL& top_document_url, 147 int tab_id, 148 int process_id, 149 std::string* error) const; 150 151 // Returns true if the |extension| has permission to inject a content script 152 // on the page. 153 // If this returns false and |error| is non-NULL, |error| will be popualted 154 // with the reason the extension cannot script the page. 155 // NOTE: You almost certainly want to use CanAccessPage() instead of this 156 // method. 157 bool CanRunContentScriptOnPage(const Extension* extension, 158 const GURL& document_url, 159 const GURL& top_document_url, 160 int tab_id, 161 int process_id, 162 std::string* error) const; 163 164 // Returns true if extension is allowed to obtain the contents of a page as 165 // an image. Since a page may contain sensitive information, this is 166 // restricted to the extension's host permissions as well as the extension 167 // page itself. 168 bool CanCaptureVisiblePage(int tab_id, std::string* error) const; 169 170 // Returns true if the user should be alerted that the |extension| is running 171 // a script. If |tab_id| and |url| are included, this also considers tab- 172 // specific permissions. 173 bool RequiresActionForScriptExecution(const Extension* extension) const; 174 bool RequiresActionForScriptExecution(const Extension* extension, 175 int tab_id, 176 const GURL& url) const; 177 178 scoped_refptr<const PermissionSet> active_permissions() const { 179 base::AutoLock auto_lock(runtime_lock_); 180 return active_permissions_unsafe_; 181 } 182 183 #if defined(UNIT_TEST) 184 scoped_refptr<const PermissionSet> GetTabSpecificPermissionsForTesting( 185 int tab_id) const { 186 return GetTabSpecificPermissions(tab_id); 187 } 188 #endif 189 190 private: 191 typedef std::map<int, scoped_refptr<const PermissionSet> > TabPermissionsMap; 192 193 // Gets the tab-specific host permissions of |tab_id|, or NULL if there 194 // aren't any. 195 scoped_refptr<const PermissionSet> GetTabSpecificPermissions( 196 int tab_id) const; 197 198 // Returns true if the |extension| has tab-specific permission to operate on 199 // the tab specified by |tab_id| with the given |url|. 200 // Note that if this returns false, it doesn't mean the extension can't run on 201 // the given tab, only that it does not have tab-specific permission to do so. 202 bool HasTabSpecificPermissionToExecuteScript(int tab_id, 203 const GURL& url) const; 204 205 // Returns true if the extension is permitted to run on the given page, 206 // checking against |permitted_url_patterns| in addition to blocking special 207 // sites (like the webstore or chrome:// urls). 208 bool CanRunOnPage(const Extension* extension, 209 const GURL& document_url, 210 const GURL& top_document_url, 211 int tab_id, 212 int process_id, 213 const URLPatternSet& permitted_url_patterns, 214 std::string* error) const; 215 216 // The associated extension's id. 217 std::string extension_id_; 218 219 // The associated extension's manifest type. 220 Manifest::Type manifest_type_; 221 222 mutable base::Lock runtime_lock_; 223 224 // The permission's which are currently active on the extension during 225 // runtime. 226 // Unsafe indicates that we must lock anytime this is directly accessed. 227 // Unless you need to change |active_permissions_unsafe_|, use the (safe) 228 // active_permissions() accessor. 229 mutable scoped_refptr<const PermissionSet> active_permissions_unsafe_; 230 231 mutable TabPermissionsMap tab_specific_permissions_; 232 233 DISALLOW_COPY_AND_ASSIGN(PermissionsData); 234 }; 235 236 } // namespace extensions 237 238 #endif // EXTENSIONS_COMMON_PERMISSIONS_PERMISSIONS_DATA_H_ 239
