| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ | 5 #ifndef CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ |
| 6 #define CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ | 6 #define CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <map> | 9 #include <map> |
| 10 #include <set> | 10 #include <set> |
| (...skipping 254 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 265 IDMap id_map_; | 265 IDMap id_map_; |
| 266 NameMap name_map_; | 266 NameMap name_map_; |
| 267 | 267 |
| 268 size_t hosted_app_permission_count_; | 268 size_t hosted_app_permission_count_; |
| 269 size_t permission_count_; | 269 size_t permission_count_; |
| 270 | 270 |
| 271 friend struct DefaultSingletonTraits<ExtensionPermissionsInfo>; | 271 friend struct DefaultSingletonTraits<ExtensionPermissionsInfo>; |
| 272 DISALLOW_COPY_AND_ASSIGN(ExtensionPermissionsInfo); | 272 DISALLOW_COPY_AND_ASSIGN(ExtensionPermissionsInfo); |
| 273 }; | 273 }; |
| 274 | 274 |
| 275 typedef std::set<std::string> ExtensionOAuth2Scopes; |
| 276 |
| 275 // The ExtensionPermissionSet is an immutable class that encapsulates an | 277 // The ExtensionPermissionSet is an immutable class that encapsulates an |
| 276 // extension's permissions. The class exposes set operations for combining and | 278 // extension's permissions. The class exposes set operations for combining and |
| 277 // manipulating the permissions. | 279 // manipulating the permissions. |
| 278 class ExtensionPermissionSet | 280 class ExtensionPermissionSet |
| 279 : public base::RefCountedThreadSafe<ExtensionPermissionSet> { | 281 : public base::RefCountedThreadSafe<ExtensionPermissionSet> { |
| 280 public: | 282 public: |
| 281 // Creates an empty permission set (e.g. default permissions). | 283 // Creates an empty permission set (e.g. default permissions). |
| 282 ExtensionPermissionSet(); | 284 ExtensionPermissionSet(); |
| 283 | 285 |
| 284 // Creates a new permission set based on the |extension| manifest data, and | 286 // Creates a new permission set based on the |extension| manifest data, and |
| 285 // the api and host permissions (|apis| and |hosts|). The effective hosts | 287 // the api and host permissions (|apis| and |hosts|). The effective hosts |
| 286 // of the newly created permission set will be inferred from the |extension| | 288 // of the newly created permission set will be inferred from the |extension| |
| 287 // manifest, |apis| and |hosts|. | 289 // manifest, |apis| and |hosts|. |
| 288 ExtensionPermissionSet(const Extension* extension, | 290 ExtensionPermissionSet(const Extension* extension, |
| 289 const ExtensionAPIPermissionSet& apis, | 291 const ExtensionAPIPermissionSet& apis, |
| 290 const URLPatternSet& explicit_hosts); | 292 const URLPatternSet& explicit_hosts, |
| 293 const ExtensionOAuth2Scopes& scopes); |
| 294 |
| 291 | 295 |
| 292 // Creates a new permission set based on the specified data. | 296 // Creates a new permission set based on the specified data. |
| 293 ExtensionPermissionSet(const ExtensionAPIPermissionSet& apis, | 297 ExtensionPermissionSet(const ExtensionAPIPermissionSet& apis, |
| 294 const URLPatternSet& explicit_hosts, | 298 const URLPatternSet& explicit_hosts, |
| 295 const URLPatternSet& scriptable_hosts); | 299 const URLPatternSet& scriptable_hosts); |
| 296 | 300 |
| 301 // Creates a new permission set that has oauth scopes in it. |
| 302 ExtensionPermissionSet(const ExtensionAPIPermissionSet& apis, |
| 303 const URLPatternSet& explicit_hosts, |
| 304 const URLPatternSet& scriptable_hosts, |
| 305 const ExtensionOAuth2Scopes& scopes); |
| 306 |
| 307 // Creates a new permission set containing only oauth scopes. |
| 308 explicit ExtensionPermissionSet(const ExtensionOAuth2Scopes& scopes); |
| 309 |
| 297 ~ExtensionPermissionSet(); | 310 ~ExtensionPermissionSet(); |
| 298 | 311 |
| 299 // Creates a new permission set equal to |set1| - |set2|, passing ownership of | 312 // Creates a new permission set equal to |set1| - |set2|, passing ownership of |
| 300 // the new set to the caller. | 313 // the new set to the caller. |
| 301 static ExtensionPermissionSet* CreateDifference( | 314 static ExtensionPermissionSet* CreateDifference( |
| 302 const ExtensionPermissionSet* set1, const ExtensionPermissionSet* set2); | 315 const ExtensionPermissionSet* set1, const ExtensionPermissionSet* set2); |
| 303 | 316 |
| 304 // Creates a new permission set equal to the intersection of |set1| and | 317 // Creates a new permission set equal to the intersection of |set1| and |
| 305 // |set2|, passing ownership of the new set to the caller. | 318 // |set2|, passing ownership of the new set to the caller. |
| 306 static ExtensionPermissionSet* CreateIntersection( | 319 static ExtensionPermissionSet* CreateIntersection( |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 375 bool HasLessPrivilegesThan(const ExtensionPermissionSet* permissions) const; | 388 bool HasLessPrivilegesThan(const ExtensionPermissionSet* permissions) const; |
| 376 | 389 |
| 377 const ExtensionAPIPermissionSet& apis() const { return apis_; } | 390 const ExtensionAPIPermissionSet& apis() const { return apis_; } |
| 378 | 391 |
| 379 const URLPatternSet& effective_hosts() const { return effective_hosts_; } | 392 const URLPatternSet& effective_hosts() const { return effective_hosts_; } |
| 380 | 393 |
| 381 const URLPatternSet& explicit_hosts() const { return explicit_hosts_; } | 394 const URLPatternSet& explicit_hosts() const { return explicit_hosts_; } |
| 382 | 395 |
| 383 const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; } | 396 const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; } |
| 384 | 397 |
| 398 const ExtensionOAuth2Scopes& scopes() const { return scopes_; } |
| 399 |
| 385 private: | 400 private: |
| 386 FRIEND_TEST_ALL_PREFIXES(ExtensionPermissionsTest, | 401 FRIEND_TEST_ALL_PREFIXES(ExtensionPermissionsTest, |
| 387 HasLessHostPrivilegesThan); | 402 HasLessHostPrivilegesThan); |
| 388 | 403 |
| 389 friend class base::RefCountedThreadSafe<ExtensionPermissionSet>; | 404 friend class base::RefCountedThreadSafe<ExtensionPermissionSet>; |
| 390 | 405 |
| 391 static std::set<std::string> GetDistinctHosts( | 406 static std::set<std::string> GetDistinctHosts( |
| 392 const URLPatternSet& host_patterns, | 407 const URLPatternSet& host_patterns, |
| 393 bool include_rcd, | 408 bool include_rcd, |
| 394 bool exclude_file_scheme); | 409 bool exclude_file_scheme); |
| (...skipping 10 matching lines...) Expand all Loading... |
| 405 // Returns true if |permissions| has an elevated API privilege level than | 420 // Returns true if |permissions| has an elevated API privilege level than |
| 406 // this set. | 421 // this set. |
| 407 bool HasLessAPIPrivilegesThan( | 422 bool HasLessAPIPrivilegesThan( |
| 408 const ExtensionPermissionSet* permissions) const; | 423 const ExtensionPermissionSet* permissions) const; |
| 409 | 424 |
| 410 // Returns true if |permissions| has more host permissions compared to this | 425 // Returns true if |permissions| has more host permissions compared to this |
| 411 // set. | 426 // set. |
| 412 bool HasLessHostPrivilegesThan( | 427 bool HasLessHostPrivilegesThan( |
| 413 const ExtensionPermissionSet* permissions) const; | 428 const ExtensionPermissionSet* permissions) const; |
| 414 | 429 |
| 430 // Returns true if |permissions| has more oauth2 scopes compared to this set. |
| 431 bool HasLessScopesThan(const ExtensionPermissionSet* permissions) const; |
| 432 |
| 415 // The api list is used when deciding if an extension can access certain | 433 // The api list is used when deciding if an extension can access certain |
| 416 // extension APIs and features. | 434 // extension APIs and features. |
| 417 ExtensionAPIPermissionSet apis_; | 435 ExtensionAPIPermissionSet apis_; |
| 418 | 436 |
| 419 // The list of hosts that can be accessed directly from the extension. | 437 // The list of hosts that can be accessed directly from the extension. |
| 420 // TODO(jstritar): Rename to "hosts_"? | 438 // TODO(jstritar): Rename to "hosts_"? |
| 421 URLPatternSet explicit_hosts_; | 439 URLPatternSet explicit_hosts_; |
| 422 | 440 |
| 423 // The list of hosts that can be scripted by content scripts. | 441 // The list of hosts that can be scripted by content scripts. |
| 424 // TODO(jstritar): Rename to "user_script_hosts_"? | 442 // TODO(jstritar): Rename to "user_script_hosts_"? |
| 425 URLPatternSet scriptable_hosts_; | 443 URLPatternSet scriptable_hosts_; |
| 426 | 444 |
| 427 // The list of hosts this effectively grants access to. | 445 // The list of hosts this effectively grants access to. |
| 428 URLPatternSet effective_hosts_; | 446 URLPatternSet effective_hosts_; |
| 447 |
| 448 // A set of oauth2 scopes that are used by the identity API to create OAuth2 |
| 449 // tokens for accessing the Google Account of the signed-in sync account. |
| 450 ExtensionOAuth2Scopes scopes_; |
| 429 }; | 451 }; |
| 430 | 452 |
| 431 #endif // CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ | 453 #endif // CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10049006:
Add OAuth2 scopes to the ExtensionPermissionSet and granted permissions. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src