1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 // This features file defines permissions for extension APIs implemented 6 // under src/extensions. 7 8 // See extensions/common/features/* to understand this file, in particular 9 // feature.h, simple_feature.h, and base_feature_provider.h. 10 11 // To add a new whitelisted ID, SHA-1 it and force it to uppercase. In Bash: 12 // 13 // $ echo -n "aaaabbbbccccddddeeeeffffgggghhhh" | \ 14 // sha1sum | tr '[:lower:]' '[:upper:]' 15 // 9A0417016F345C934A1A88F55CA17C05014EEEBA - 16 // 17 // Google employees: please update http://go/chrome-api-whitelist to map 18 // hashes back to ids. 19 20 // If you add a new platform_app permission please update the "stubs_app" test: 21 // chrome/test/data/extensions/api_test/stubs_app/manifest.json 22 23 { 24 "app.window.alwaysOnTop": { 25 "channel": "stable", 26 "extension_types": ["platform_app"] 27 }, 28 "app.window.fullscreen": { 29 "channel": "stable", 30 "extension_types": ["platform_app"] 31 }, 32 "app.window.fullscreen.overrideEsc": { 33 "channel": "stable", 34 "extension_types": ["platform_app"] 35 }, 36 "app.window.alpha": [ 37 { 38 "channel": "dev", 39 "extension_types": ["platform_app"] 40 }, 41 { 42 "channel": "stable", 43 "extension_types": ["platform_app"], 44 "whitelist": [ 45 "0F42756099D914A026DADFA182871C015735DD95", // http://crbug.com/323773 46 "2D22CDB6583FD0A13758AEBE8B15E45208B4E9A7", 47 "E7E2461CE072DF036CF9592740196159E2D7C089", // http://crbug.com/356200 48 "A74A4D44C7CFCD8844830E6140C8D763E12DD8F3", 49 "312745D9BF916161191143F6490085EEA0434997", 50 "53041A2FA309EECED01FFC751E7399186E860B2C", 51 "A07A5B743CD82A1C2579DB77D353C98A23201EEF", // http://crbug.com/413748 52 "F16F23C83C5F6DAD9B65A120448B34056DD80691", 53 "0F585FB1D0FDFBEBCE1FEB5E9DFFB6DA476B8C9B" 54 ] 55 } 56 ], 57 "app.window.shape": { 58 "channel": "stable", 59 "extension_types": ["platform_app"] 60 }, 61 "audioCapture": [ 62 { 63 "channel": "stable", 64 "extension_types": ["platform_app"] 65 }, 66 { 67 "channel": "stable", 68 "extension_types": ["extension"], 69 "whitelist": [ 70 // http://crbug.com/292856 71 "3F50C3A83839D9C76334BCE81CDEC06174F266AF", 72 "09FDCB5851B8F3378DB630D06E316076E89C95A6", 73 "39BE69F11F68E4EED080DA3DC2394F7885B7AFF9", 74 "FF78670081967CE21DB86A04AD94A0498F01E20A", 75 // Hotword component extension 76 "62CCAAD339E6451BBF97C4BBDF758E934A05AD0B" 77 ] 78 } 79 ], 80 "bluetoothPrivate": { 81 "channel": "stable", 82 "extension_types": ["platform_app"], 83 "platforms": ["chromeos", "win", "mac"], 84 "whitelist": [ 85 "1C93BD3CF875F4A73C0B2A163BB8FBDA8B8B3D80", // http://crbug.com/387169 86 "A3BC37E2148AC4E99BE4B16AF9D42DD1E592BBBE", // http://crbug.com/387169 87 "E703483CEF33DEC18B4B6DD84B5C776FB9182BDB", // http://crbug.com/387169 88 "307E96539209F95A1A8740C713E6998A73657D96", // http://crbug.com/387169 89 "4F25792AF1AA7483936DE29C07806F203C7170A0", // http://crbug.com/407693 90 "BD8781D757D830FC2E85470A1B6E8A718B7EE0D9", // http://crbug.com/407693 91 "4AC2B6C63C6480D150DFDA13E4A5956EB1D0DDBB", // http://crbug.com/407693 92 "81986D4F846CEDDDB962643FA501D1780DD441BB" // http://crbug.com/407693 93 ] 94 }, 95 "dns": [ 96 { 97 "channel": "dev", 98 "extension_types": ["extension", "platform_app"] 99 }, 100 { 101 "channel": "stable", 102 "extension_types": ["extension", "platform_app"], 103 "whitelist": [ 104 "7AE714FFD394E073F0294CFA134C9F91DB5FBAA4", // CCD Development 105 "C7DA3A55C2355F994D3FDDAD120B426A0DF63843", // CCD Testing 106 "75E3CFFFC530582C583E4690EF97C70B9C8423B7" // CCD Release 107 ] 108 } 109 ], 110 "externally_connectable.all_urls": { 111 "channel": "stable", 112 "extension_types": [ 113 "extension", "hosted_app", "legacy_packaged_app", "platform_app" 114 ], 115 "whitelist": [ 116 "54ECAB4579BDE8FDAF9B29ED335F9946EE504A52", // Used in unit tests 117 "E24F1786D842E91E74C27929B0B3715A4689A473" // http://crbug.com/417494 118 ] 119 }, 120 "hid": [ 121 { 122 "channel": "stable", 123 "extension_types": ["platform_app"] 124 }, 125 { 126 "channel": "stable", 127 "extension_types": ["extension"], 128 "whitelist": [ 129 "496B6890097EB6E19809ADEADD095A8721FBB2E0", // FIDO U2F APIs 130 "E24F1786D842E91E74C27929B0B3715A4689A473" // CryptoToken 131 ] 132 } 133 ], 134 "u2fDevices": [ 135 { 136 "channel": "stable", 137 "extension_types": ["extension", "platform_app"], 138 "whitelist": [ 139 "496B6890097EB6E19809ADEADD095A8721FBB2E0", // FIDO U2F APIs 140 "E24F1786D842E91E74C27929B0B3715A4689A473", // CryptoToken 141 "6F9E349A0561C78A0D3F41496FE521C5151C7F71", // Security Key 142 "C06709A259378015404ED20F75C7D08547E0F10B" // Security Key (dev) 143 ] 144 } 145 ], 146 "power": { 147 "channel": "stable", 148 "extension_types": [ "extension", "legacy_packaged_app", "platform_app" ] 149 }, 150 // Note: runtime is not actually a permission, but some systems check these 151 // values to verify restrictions. 152 "runtime": { 153 "channel": "stable", 154 "extension_types": ["extension", "legacy_packaged_app", "platform_app"] 155 }, 156 "serial": { 157 "channel": "stable", 158 "extension_types": ["platform_app"] 159 }, 160 "socket": [ 161 { 162 "channel": "stable", 163 "extension_types": ["platform_app"] 164 }, 165 { 166 "channel": "stable", 167 "extension_types": ["extension"], 168 "whitelist": [ 169 // The connectivity diagnostic utility is a component extension that is 170 // used to try to provide suggestions on how to fix connection issues. 171 // It should be the only non-app allowed to use the socket API. 172 "32A1BA997F8AB8DE29ED1BA94AAF00CF2A3FEFA7" 173 ] 174 } 175 ], 176 "storage": { 177 "channel": "stable", 178 "extension_types": ["extension", "legacy_packaged_app", "platform_app"], 179 "min_manifest_version": 2 180 }, 181 "system.cpu": [ 182 { 183 "channel": "stable", 184 "extension_types": ["extension", "legacy_packaged_app", "platform_app"] 185 }, 186 { 187 "channel": "stable", 188 "extension_types": ["hosted_app"], 189 "whitelist": ["B44D08FD98F1523ED5837D78D0A606EA9D6206E5"] // Web Store 190 } 191 ], 192 "system.memory": [ 193 { 194 "channel": "stable", 195 "extension_types": ["extension", "legacy_packaged_app", "platform_app"] 196 }, 197 { 198 "channel": "stable", 199 "extension_types": ["hosted_app"], 200 "whitelist": ["B44D08FD98F1523ED5837D78D0A606EA9D6206E5"] // Web Store 201 } 202 ], 203 "system.network": [ 204 { 205 "channel": "stable", 206 "extension_types": ["platform_app"] 207 }, 208 { 209 "channel": "stable", 210 "extension_types": ["hosted_app"], 211 "whitelist": ["B44D08FD98F1523ED5837D78D0A606EA9D6206E5"] // Web Store 212 } 213 ], 214 "system.storage": [ 215 { 216 "channel": "stable", 217 "extension_types": ["extension", "legacy_packaged_app", "platform_app"] 218 }, 219 { 220 "channel": "stable", 221 "extension_types": ["hosted_app"], 222 "whitelist": ["B44D08FD98F1523ED5837D78D0A606EA9D6206E5"] // Web Store 223 } 224 ], 225 "system.display": [ 226 { 227 "channel": "stable", 228 "extension_types": ["extension", "legacy_packaged_app", "platform_app"] 229 }, 230 { 231 "channel": "stable", 232 "extension_types": ["hosted_app"], 233 "whitelist": ["B44D08FD98F1523ED5837D78D0A606EA9D6206E5"] // Web Store 234 } 235 ], 236 "usb": [ 237 { 238 "channel": "stable", 239 "extension_types": ["platform_app"] 240 }, 241 { 242 "channel": "stable", 243 "extension_types": ["extension"], 244 "whitelist": [ 245 "496B6890097EB6E19809ADEADD095A8721FBB2E0", // FIDO U2F APIs 246 "E24F1786D842E91E74C27929B0B3715A4689A473" // CryptoToken 247 ] 248 } 249 ], 250 "usbDevices": [ 251 { 252 "channel": "stable", 253 "extension_types": ["platform_app"] 254 }, 255 { 256 "channel": "stable", 257 "extension_types": ["extension"], 258 "whitelist": [ 259 "496B6890097EB6E19809ADEADD095A8721FBB2E0", // FIDO U2F APIs 260 "E24F1786D842E91E74C27929B0B3715A4689A473" // CryptoToken 261 ] 262 } 263 ], 264 "videoCapture": [ 265 { 266 "channel": "stable", 267 "extension_types": ["platform_app"] 268 }, 269 { 270 "channel": "stable", 271 "extension_types": ["extension"], 272 "whitelist": [ 273 // http://crbug.com/292856 274 "3F50C3A83839D9C76334BCE81CDEC06174F266AF", 275 "09FDCB5851B8F3378DB630D06E316076E89C95A6", 276 "A434B90223C3C52F2B69DB494736B63C612C774D" 277 ] 278 } 279 ], 280 "webview": [ 281 { 282 "channel": "stable", 283 "extension_types": ["platform_app"] 284 }, 285 { 286 // General support for webview in component extensions still in progress. 287 // Only allowed for whitelisted extensions until all the caveats are 288 // addressed. Tracked in crbug/285151. 289 "channel": "stable", 290 "extension_types": ["extension"], 291 "location": "component", 292 "whitelist": [ 293 "D519188F86D9ACCEE0412007B227D9936EB9676B" // GAIA Component Extension 294 ] 295 } 296 ] 297 } 298