Add OAuth2 scopes to the ExtensionPermissionSet and granted permissions.

chrome/common/extensions/extension_permission_set.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/extensions/extension_permission_set.h"
 
 #include <algorithm>
 #include <string>
 
 #include "base/command_line.h"
@@ skipping 423 matching lines @@
 //
 // ExtensionPermissionSet
 //
 
 ExtensionPermissionSet::ExtensionPermissionSet() {
 }
 
 ExtensionPermissionSet::ExtensionPermissionSet(
     const Extension* extension,
     const ExtensionAPIPermissionSet& apis,
-    const URLPatternSet& explicit_hosts)
-  : apis_(apis) {
+    const URLPatternSet& explicit_hosts,
+    const ExtensionOAuth2Scopes& scopes)
+    : apis_(apis),
+      scopes_(scopes) {
   DCHECK(extension);
   AddPatternsAndRemovePaths(explicit_hosts, &explicit_hosts_);
   InitImplicitExtensionPermissions(extension);
   InitEffectiveHosts();
 }
 
 ExtensionPermissionSet::ExtensionPermissionSet(
     const ExtensionAPIPermissionSet& apis,
     const URLPatternSet& explicit_hosts,
     const URLPatternSet& scriptable_hosts)
-  : apis_(apis),
-    scriptable_hosts_(scriptable_hosts) {
+    : apis_(apis),
+      scriptable_hosts_(scriptable_hosts) {
   AddPatternsAndRemovePaths(explicit_hosts, &explicit_hosts_);
   InitEffectiveHosts();
 }
 
+ExtensionPermissionSet::ExtensionPermissionSet(
+    const ExtensionAPIPermissionSet& apis,
+    const URLPatternSet& explicit_hosts,
+    const URLPatternSet& scriptable_hosts,
+    const ExtensionOAuth2Scopes& scopes)
+    : apis_(apis),
+      scriptable_hosts_(scriptable_hosts),
+      scopes_(scopes) {
+  AddPatternsAndRemovePaths(explicit_hosts, &explicit_hosts_);
+  InitEffectiveHosts();
+}
+
+ExtensionPermissionSet::ExtensionPermissionSet(
+    const ExtensionOAuth2Scopes& scopes)
+    : scopes_(scopes) {
+  InitEffectiveHosts();
+}
+
 ExtensionPermissionSet::~ExtensionPermissionSet() {}
 
 // static
 ExtensionPermissionSet* ExtensionPermissionSet::CreateDifference(
     const ExtensionPermissionSet* set1,
     const ExtensionPermissionSet* set2) {
   scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet();
   const ExtensionPermissionSet* set1_safe = (set1 == NULL) ? empty : set1;
   const ExtensionPermissionSet* set2_safe = (set2 == NULL) ? empty : set2;
 
   ExtensionAPIPermissionSet apis;
   std::set_difference(set1_safe->apis().begin(), set1_safe->apis().end(),
                       set2_safe->apis().begin(), set2_safe->apis().end(),
                       std::insert_iterator<ExtensionAPIPermissionSet>(
                           apis, apis.begin()));
 
   URLPatternSet explicit_hosts;
   URLPatternSet::CreateDifference(set1_safe->explicit_hosts(),
                                   set2_safe->explicit_hosts(),
                                   &explicit_hosts);
 
   URLPatternSet scriptable_hosts;
   URLPatternSet::CreateDifference(set1_safe->scriptable_hosts(),
                                   set2_safe->scriptable_hosts(),
                                   &scriptable_hosts);
-  return new ExtensionPermissionSet(apis, explicit_hosts, scriptable_hosts);
+
+  ExtensionOAuth2Scopes scopes;
+  std::set_difference(set1_safe->scopes().begin(), set1_safe->scopes().end(),
+                      set2_safe->scopes().begin(), set2_safe->scopes().end(),
+                      std::insert_iterator<ExtensionOAuth2Scopes>(
+                          scopes, scopes.begin()));
+
+  return new ExtensionPermissionSet(
+      apis, explicit_hosts, scriptable_hosts, scopes);
 }
 
 // static
 ExtensionPermissionSet* ExtensionPermissionSet::CreateIntersection(
     const ExtensionPermissionSet* set1,
     const ExtensionPermissionSet* set2) {
   scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet();
   const ExtensionPermissionSet* set1_safe = (set1 == NULL) ? empty : set1;
   const ExtensionPermissionSet* set2_safe = (set2 == NULL) ? empty : set2;
 
   ExtensionAPIPermissionSet apis;
   std::set_intersection(set1_safe->apis().begin(), set1_safe->apis().end(),
                         set2_safe->apis().begin(), set2_safe->apis().end(),
                         std::insert_iterator<ExtensionAPIPermissionSet>(
                             apis, apis.begin()));
   URLPatternSet explicit_hosts;
   URLPatternSet::CreateIntersection(set1_safe->explicit_hosts(),
                                     set2_safe->explicit_hosts(),
                                     &explicit_hosts);
 
   URLPatternSet scriptable_hosts;
   URLPatternSet::CreateIntersection(set1_safe->scriptable_hosts(),
                                     set2_safe->scriptable_hosts(),
                                     &scriptable_hosts);
-  return new ExtensionPermissionSet(apis, explicit_hosts, scriptable_hosts);
+
+  ExtensionOAuth2Scopes scopes;
+  std::set_intersection(set1_safe->scopes().begin(), set1_safe->scopes().end(),
+                        set2_safe->scopes().begin(), set2_safe->scopes().end(),
+                        std::insert_iterator<ExtensionOAuth2Scopes>(
+                            scopes, scopes.begin()));
+
+  return new ExtensionPermissionSet(
+      apis, explicit_hosts, scriptable_hosts, scopes);
 }
+
 // static
 ExtensionPermissionSet* ExtensionPermissionSet::CreateUnion(
     const ExtensionPermissionSet* set1,
     const ExtensionPermissionSet* set2) {
   scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet();
   const ExtensionPermissionSet* set1_safe = (set1 == NULL) ? empty : set1;
   const ExtensionPermissionSet* set2_safe = (set2 == NULL) ? empty : set2;
 
   ExtensionAPIPermissionSet apis;
   std::set_union(set1_safe->apis().begin(), set1_safe->apis().end(),
                  set2_safe->apis().begin(), set2_safe->apis().end(),
                  std::insert_iterator<ExtensionAPIPermissionSet>(
                      apis, apis.begin()));
 
   URLPatternSet explicit_hosts;
   URLPatternSet::CreateUnion(set1_safe->explicit_hosts(),
                              set2_safe->explicit_hosts(),
                              &explicit_hosts);
 
   URLPatternSet scriptable_hosts;
   URLPatternSet::CreateUnion(set1_safe->scriptable_hosts(),
                              set2_safe->scriptable_hosts(),
                              &scriptable_hosts);
 
-  return new ExtensionPermissionSet(apis, explicit_hosts, scriptable_hosts);
+  ExtensionOAuth2Scopes scopes;
+  std::set_union(set1_safe->scopes().begin(), set1_safe->scopes().end(),
+                 set2_safe->scopes().begin(), set2_safe->scopes().end(),
+                 std::insert_iterator<ExtensionOAuth2Scopes>(
+                     scopes, scopes.begin()));
+
+  return new ExtensionPermissionSet(
+      apis, explicit_hosts, scriptable_hosts, scopes);
 }
 
 bool ExtensionPermissionSet::operator==(
     const ExtensionPermissionSet& rhs) const {
   return apis_ == rhs.apis_ &&
       scriptable_hosts_ == rhs.scriptable_hosts_ &&
-      explicit_hosts_ == rhs.explicit_hosts_;
+      explicit_hosts_ == rhs.explicit_hosts_ &&
+      scopes_ == rhs.scopes_;
 }
 
 bool ExtensionPermissionSet::Contains(const ExtensionPermissionSet& set) const {
   // Every set includes the empty set.
   if (set.IsEmpty())
     return true;
 
   if (!std::includes(apis_.begin(), apis_.end(),
                      set.apis().begin(), set.apis().end()))
     return false;
 
   if (!explicit_hosts().Contains(set.explicit_hosts()))
     return false;
 
   if (!scriptable_hosts().Contains(set.scriptable_hosts()))
     return false;
 
+  if (!std::includes(scopes_.begin(), scopes_.end(),
+                     set.scopes().begin(), set.scopes().end()))
+    return false;
+
   return true;
 }
 
 std::set<std::string> ExtensionPermissionSet::GetAPIsAsStrings() const {
   ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
   std::set<std::string> apis_str;
   for (ExtensionAPIPermissionSet::const_iterator i = apis_.begin();
        i != apis_.end(); ++i) {
     ExtensionAPIPermission* permission = info->GetByID(*i);
     if (permission)
@@ skipping 166 matching lines @@
   // Otherwise, it's a privilege increase if the new one has full access.
   if (permissions->HasEffectiveFullAccess())
     return true;
 
   if (HasLessHostPrivilegesThan(permissions))
     return true;
 
   if (HasLessAPIPrivilegesThan(permissions))
     return true;
 
+  if (HasLessScopesThan(permissions))
+    return true;
+
   return false;
 }
 
 // static
 std::set<std::string> ExtensionPermissionSet::GetDistinctHosts(
     const URLPatternSet& host_patterns,
     bool include_rcd,
     bool exclude_file_scheme) {
   // Use a vector to preserve order (also faster than a map on small sets).
   // Each item is a host split into two parts: host without RCDs and
@@ skipping 124 matching lines @@
   std::set<std::string> new_hosts_set(GetDistinctHosts(new_list, false, false));
   std::set<std::string> old_hosts_set(GetDistinctHosts(old_list, false, false));
   std::set<std::string> new_hosts_only;
 
   std::set_difference(new_hosts_set.begin(), new_hosts_set.end(),
                       old_hosts_set.begin(), old_hosts_set.end(),
                       std::inserter(new_hosts_only, new_hosts_only.begin()));
 
   return !new_hosts_only.empty();
 }
+
+bool ExtensionPermissionSet::HasLessScopesThan(
+    const ExtensionPermissionSet* permissions) const {
+  if (permissions == NULL)
+    return false;
+
+  ExtensionOAuth2Scopes current_scopes = scopes();
+  ExtensionOAuth2Scopes new_scopes = permissions->scopes();
+  ExtensionOAuth2Scopes delta_scopes;
+  std::set_difference(new_scopes.begin(), new_scopes.end(),
+                      current_scopes.begin(), current_scopes.end(),
+                      std::inserter(delta_scopes, delta_scopes.begin()));
+
+  // We have less privileges if there are additional scopes present.
+  return !delta_scopes.empty();
+}