| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/extensions/permissions/permission_set.h" | 5 #include "chrome/common/extensions/permissions/permission_set.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <iterator> | 8 #include <iterator> |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 121 | 121 |
| 122 // static | 122 // static |
| 123 PermissionSet* PermissionSet::CreateDifference( | 123 PermissionSet* PermissionSet::CreateDifference( |
| 124 const PermissionSet* set1, | 124 const PermissionSet* set1, |
| 125 const PermissionSet* set2) { | 125 const PermissionSet* set2) { |
| 126 scoped_refptr<PermissionSet> empty = new PermissionSet(); | 126 scoped_refptr<PermissionSet> empty = new PermissionSet(); |
| 127 const PermissionSet* set1_safe = (set1 == NULL) ? empty : set1; | 127 const PermissionSet* set1_safe = (set1 == NULL) ? empty : set1; |
| 128 const PermissionSet* set2_safe = (set2 == NULL) ? empty : set2; | 128 const PermissionSet* set2_safe = (set2 == NULL) ? empty : set2; |
| 129 | 129 |
| 130 APIPermissionSet apis; | 130 APIPermissionSet apis; |
| 131 std::set_difference(set1_safe->apis().begin(), set1_safe->apis().end(), | 131 APIPermissionSet::Difference(set1_safe->apis(), set2_safe->apis(), &apis); |
| 132 set2_safe->apis().begin(), set2_safe->apis().end(), | |
| 133 std::insert_iterator<APIPermissionSet>( | |
| 134 apis, apis.begin())); | |
| 135 | 132 |
| 136 URLPatternSet explicit_hosts; | 133 URLPatternSet explicit_hosts; |
| 137 URLPatternSet::CreateDifference(set1_safe->explicit_hosts(), | 134 URLPatternSet::CreateDifference(set1_safe->explicit_hosts(), |
| 138 set2_safe->explicit_hosts(), | 135 set2_safe->explicit_hosts(), |
| 139 &explicit_hosts); | 136 &explicit_hosts); |
| 140 | 137 |
| 141 URLPatternSet scriptable_hosts; | 138 URLPatternSet scriptable_hosts; |
| 142 URLPatternSet::CreateDifference(set1_safe->scriptable_hosts(), | 139 URLPatternSet::CreateDifference(set1_safe->scriptable_hosts(), |
| 143 set2_safe->scriptable_hosts(), | 140 set2_safe->scriptable_hosts(), |
| 144 &scriptable_hosts); | 141 &scriptable_hosts); |
| 145 | 142 |
| 146 return new PermissionSet(apis, explicit_hosts, scriptable_hosts); | 143 return new PermissionSet(apis, explicit_hosts, scriptable_hosts); |
| 147 } | 144 } |
| 148 | 145 |
| 149 // static | 146 // static |
| 150 PermissionSet* PermissionSet::CreateIntersection( | 147 PermissionSet* PermissionSet::CreateIntersection( |
| 151 const PermissionSet* set1, | 148 const PermissionSet* set1, |
| 152 const PermissionSet* set2) { | 149 const PermissionSet* set2) { |
| 153 scoped_refptr<PermissionSet> empty = new PermissionSet(); | 150 scoped_refptr<PermissionSet> empty = new PermissionSet(); |
| 154 const PermissionSet* set1_safe = (set1 == NULL) ? empty : set1; | 151 const PermissionSet* set1_safe = (set1 == NULL) ? empty : set1; |
| 155 const PermissionSet* set2_safe = (set2 == NULL) ? empty : set2; | 152 const PermissionSet* set2_safe = (set2 == NULL) ? empty : set2; |
| 156 | 153 |
| 157 APIPermissionSet apis; | 154 APIPermissionSet apis; |
| 158 std::set_intersection(set1_safe->apis().begin(), set1_safe->apis().end(), | 155 APIPermissionSet::Intersection(set1_safe->apis(), set2_safe->apis(), &apis); |
| 159 set2_safe->apis().begin(), set2_safe->apis().end(), | 156 |
| 160 std::insert_iterator<APIPermissionSet>( | |
| 161 apis, apis.begin())); | |
| 162 URLPatternSet explicit_hosts; | 157 URLPatternSet explicit_hosts; |
| 163 URLPatternSet::CreateIntersection(set1_safe->explicit_hosts(), | 158 URLPatternSet::CreateIntersection(set1_safe->explicit_hosts(), |
| 164 set2_safe->explicit_hosts(), | 159 set2_safe->explicit_hosts(), |
| 165 &explicit_hosts); | 160 &explicit_hosts); |
| 166 | 161 |
| 167 URLPatternSet scriptable_hosts; | 162 URLPatternSet scriptable_hosts; |
| 168 URLPatternSet::CreateIntersection(set1_safe->scriptable_hosts(), | 163 URLPatternSet::CreateIntersection(set1_safe->scriptable_hosts(), |
| 169 set2_safe->scriptable_hosts(), | 164 set2_safe->scriptable_hosts(), |
| 170 &scriptable_hosts); | 165 &scriptable_hosts); |
| 171 | 166 |
| 172 return new PermissionSet(apis, explicit_hosts, scriptable_hosts); | 167 return new PermissionSet(apis, explicit_hosts, scriptable_hosts); |
| 173 } | 168 } |
| 174 | 169 |
| 175 // static | 170 // static |
| 176 PermissionSet* PermissionSet::CreateUnion( | 171 PermissionSet* PermissionSet::CreateUnion( |
| 177 const PermissionSet* set1, | 172 const PermissionSet* set1, |
| 178 const PermissionSet* set2) { | 173 const PermissionSet* set2) { |
| 179 scoped_refptr<PermissionSet> empty = new PermissionSet(); | 174 scoped_refptr<PermissionSet> empty = new PermissionSet(); |
| 180 const PermissionSet* set1_safe = (set1 == NULL) ? empty : set1; | 175 const PermissionSet* set1_safe = (set1 == NULL) ? empty : set1; |
| 181 const PermissionSet* set2_safe = (set2 == NULL) ? empty : set2; | 176 const PermissionSet* set2_safe = (set2 == NULL) ? empty : set2; |
| 182 | 177 |
| 183 APIPermissionSet apis; | 178 APIPermissionSet apis; |
| 184 std::set_union(set1_safe->apis().begin(), set1_safe->apis().end(), | 179 APIPermissionSet::Union(set1_safe->apis(), set2_safe->apis(), &apis); |
| 185 set2_safe->apis().begin(), set2_safe->apis().end(), | |
| 186 std::insert_iterator<APIPermissionSet>( | |
| 187 apis, apis.begin())); | |
| 188 | 180 |
| 189 URLPatternSet explicit_hosts; | 181 URLPatternSet explicit_hosts; |
| 190 URLPatternSet::CreateUnion(set1_safe->explicit_hosts(), | 182 URLPatternSet::CreateUnion(set1_safe->explicit_hosts(), |
| 191 set2_safe->explicit_hosts(), | 183 set2_safe->explicit_hosts(), |
| 192 &explicit_hosts); | 184 &explicit_hosts); |
| 193 | 185 |
| 194 URLPatternSet scriptable_hosts; | 186 URLPatternSet scriptable_hosts; |
| 195 URLPatternSet::CreateUnion(set1_safe->scriptable_hosts(), | 187 URLPatternSet::CreateUnion(set1_safe->scriptable_hosts(), |
| 196 set2_safe->scriptable_hosts(), | 188 set2_safe->scriptable_hosts(), |
| 197 &scriptable_hosts); | 189 &scriptable_hosts); |
| 198 | 190 |
| 199 return new PermissionSet(apis, explicit_hosts, scriptable_hosts); | 191 return new PermissionSet(apis, explicit_hosts, scriptable_hosts); |
| 200 } | 192 } |
| 201 | 193 |
| 202 bool PermissionSet::operator==( | 194 bool PermissionSet::operator==( |
| 203 const PermissionSet& rhs) const { | 195 const PermissionSet& rhs) const { |
| 204 return apis_ == rhs.apis_ && | 196 return apis_ == rhs.apis_ && |
| 205 scriptable_hosts_ == rhs.scriptable_hosts_ && | 197 scriptable_hosts_ == rhs.scriptable_hosts_ && |
| 206 explicit_hosts_ == rhs.explicit_hosts_; | 198 explicit_hosts_ == rhs.explicit_hosts_; |
| 207 } | 199 } |
| 208 | 200 |
| 209 bool PermissionSet::Contains(const PermissionSet& set) const { | 201 bool PermissionSet::Contains(const PermissionSet& set) const { |
| 210 // Every set includes the empty set. | 202 // Every set includes the empty set. |
| 211 if (set.IsEmpty()) | 203 if (set.IsEmpty()) |
| 212 return true; | 204 return true; |
| 213 | 205 |
| 214 if (!std::includes(apis_.begin(), apis_.end(), | 206 APIPermissionSet::const_iterator first1 = apis_.begin(); |
| 215 set.apis().begin(), set.apis().end())) | 207 APIPermissionSet::const_iterator first2 = set.apis().begin(); |
| 216 return false; | 208 APIPermissionSet::const_iterator end1 = apis_.end(); |
| 209 APIPermissionSet::const_iterator end2 = set.apis().end(); |
| 210 |
| 211 while (first1 != end1 && first2 != end2) { |
| 212 if (first1->id() > first2->id()) { |
| 213 return false; |
| 214 } else if (first1->id() < first2->id()) { |
| 215 ++first1; |
| 216 } else { |
| 217 if (!first1->Contains(*first2)) |
| 218 return false; |
| 219 first1++; |
| 220 first2++; |
| 221 } |
| 222 } |
| 217 | 223 |
| 218 if (!explicit_hosts().Contains(set.explicit_hosts())) | 224 if (!explicit_hosts().Contains(set.explicit_hosts())) |
| 219 return false; | 225 return false; |
| 220 | 226 |
| 221 if (!scriptable_hosts().Contains(set.scriptable_hosts())) | 227 if (!scriptable_hosts().Contains(set.scriptable_hosts())) |
| 222 return false; | 228 return false; |
| 223 | 229 |
| 224 return true; | 230 return true; |
| 225 } | 231 } |
| 226 | 232 |
| 227 std::set<std::string> PermissionSet::GetAPIsAsStrings() const { | 233 std::set<std::string> PermissionSet::GetAPIsAsStrings() const { |
| 228 PermissionsInfo* info = PermissionsInfo::GetInstance(); | |
| 229 std::set<std::string> apis_str; | 234 std::set<std::string> apis_str; |
| 230 for (APIPermissionSet::const_iterator i = apis_.begin(); | 235 for (APIPermissionSet::const_iterator i = apis_.begin(); |
| 231 i != apis_.end(); ++i) { | 236 i != apis_.end(); ++i) { |
| 232 APIPermission* permission = info->GetByID(*i); | 237 apis_str.insert(i->name()); |
| 233 if (permission) | |
| 234 apis_str.insert(permission->name()); | |
| 235 } | 238 } |
| 236 return apis_str; | 239 return apis_str; |
| 237 } | 240 } |
| 238 | 241 |
| 239 std::set<std::string> PermissionSet:: | 242 std::set<std::string> PermissionSet:: |
| 240 GetAPIsWithAnyAccessAsStrings() const { | 243 GetAPIsWithAnyAccessAsStrings() const { |
| 241 std::set<std::string> result = GetAPIsAsStrings(); | 244 std::set<std::string> result = GetAPIsAsStrings(); |
| 242 for (size_t i = 0; i < kNumNonPermissionModuleNames; ++i) | 245 for (size_t i = 0; i < kNumNonPermissionModuleNames; ++i) |
| 243 result.insert(kNonPermissionModuleNames[i]); | 246 result.insert(kNonPermissionModuleNames[i]); |
| 244 for (size_t i = 0; i < kNumNonPermissionFunctionNames; ++i) | 247 for (size_t i = 0; i < kNumNonPermissionFunctionNames; ++i) |
| (...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 333 bool PermissionSet::IsEmpty() const { | 336 bool PermissionSet::IsEmpty() const { |
| 334 // Not default if any host permissions are present. | 337 // Not default if any host permissions are present. |
| 335 if (!(explicit_hosts().is_empty() && scriptable_hosts().is_empty())) | 338 if (!(explicit_hosts().is_empty() && scriptable_hosts().is_empty())) |
| 336 return false; | 339 return false; |
| 337 | 340 |
| 338 // Or if it has no api permissions. | 341 // Or if it has no api permissions. |
| 339 return apis().empty(); | 342 return apis().empty(); |
| 340 } | 343 } |
| 341 | 344 |
| 342 bool PermissionSet::HasAPIPermission( | 345 bool PermissionSet::HasAPIPermission( |
| 343 APIPermission::ID permission) const { | 346 APIPermission::ID id) const { |
| 344 return apis().find(permission) != apis().end(); | 347 return apis().find(id) != apis().end(); |
| 348 } |
| 349 |
| 350 bool PermissionSet::CheckAPIPermission(APIPermission::ID permission) const { |
| 351 return CheckAPIPermissionWithDetail(permission, NULL); |
| 352 } |
| 353 |
| 354 bool PermissionSet::CheckAPIPermissionWithDetail( |
| 355 APIPermission::ID permission, |
| 356 const APIPermissionDetail::CheckParam* param) const { |
| 357 APIPermissionSet::const_iterator iter = apis().find(permission); |
| 358 if (iter == apis().end()) |
| 359 return false; |
| 360 return iter->Check(param); |
| 345 } | 361 } |
| 346 | 362 |
| 347 bool PermissionSet::HasAccessToFunction( | 363 bool PermissionSet::HasAccessToFunction( |
| 348 const std::string& function_name) const { | 364 const std::string& function_name) const { |
| 349 // TODO(jstritar): Embed this information in each permission and add a method | 365 // TODO(jstritar): Embed this information in each permission and add a method |
| 350 // like GrantsAccess(function_name) to APIPermission. A "default" | 366 // like GrantsAccess(function_name) to APIPermission. A "default" |
| 351 // permission can then handle the modules and functions that everyone can | 367 // permission can then handle the modules and functions that everyone can |
| 352 // access. | 368 // access. |
| 353 for (size_t i = 0; i < kNumNonPermissionFunctionNames; ++i) { | 369 for (size_t i = 0; i < kNumNonPermissionFunctionNames; ++i) { |
| 354 if (function_name == kNonPermissionFunctionNames[i]) | 370 if (function_name == kNonPermissionFunctionNames[i]) |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 387 // There are two ways this set can have effective access to all hosts: | 403 // There are two ways this set can have effective access to all hosts: |
| 388 // 1) it has an <all_urls> URL pattern. | 404 // 1) it has an <all_urls> URL pattern. |
| 389 // 2) it has a named permission with implied full URL access. | 405 // 2) it has a named permission with implied full URL access. |
| 390 for (URLPatternSet::const_iterator host = effective_hosts().begin(); | 406 for (URLPatternSet::const_iterator host = effective_hosts().begin(); |
| 391 host != effective_hosts().end(); ++host) { | 407 host != effective_hosts().end(); ++host) { |
| 392 if (host->match_all_urls() || | 408 if (host->match_all_urls() || |
| 393 (host->match_subdomains() && host->host().empty())) | 409 (host->match_subdomains() && host->host().empty())) |
| 394 return true; | 410 return true; |
| 395 } | 411 } |
| 396 | 412 |
| 397 PermissionsInfo* info = PermissionsInfo::GetInstance(); | |
| 398 for (APIPermissionSet::const_iterator i = apis().begin(); | 413 for (APIPermissionSet::const_iterator i = apis().begin(); |
| 399 i != apis().end(); ++i) { | 414 i != apis().end(); ++i) { |
| 400 APIPermission* permission = info->GetByID(*i); | 415 if (i->permission()->implies_full_url_access()) |
| 401 if (permission->implies_full_url_access()) | |
| 402 return true; | 416 return true; |
| 403 } | 417 } |
| 404 return false; | 418 return false; |
| 405 } | 419 } |
| 406 | 420 |
| 407 bool PermissionSet::HasEffectiveAccessToURL( | 421 bool PermissionSet::HasEffectiveAccessToURL( |
| 408 const GURL& url) const { | 422 const GURL& url) const { |
| 409 return effective_hosts().MatchesURL(url); | 423 return effective_hosts().MatchesURL(url); |
| 410 } | 424 } |
| 411 | 425 |
| 412 bool PermissionSet::HasEffectiveFullAccess() const { | 426 bool PermissionSet::HasEffectiveFullAccess() const { |
| 413 PermissionsInfo* info = PermissionsInfo::GetInstance(); | |
| 414 for (APIPermissionSet::const_iterator i = apis().begin(); | 427 for (APIPermissionSet::const_iterator i = apis().begin(); |
| 415 i != apis().end(); ++i) { | 428 i != apis().end(); ++i) { |
| 416 APIPermission* permission = info->GetByID(*i); | 429 if (i->permission()->implies_full_access()) |
| 417 if (permission->implies_full_access()) | |
| 418 return true; | 430 return true; |
| 419 } | 431 } |
| 420 return false; | 432 return false; |
| 421 } | 433 } |
| 422 | 434 |
| 423 bool PermissionSet::HasLessPrivilegesThan( | 435 bool PermissionSet::HasLessPrivilegesThan( |
| 424 const PermissionSet* permissions) const { | 436 const PermissionSet* permissions) const { |
| 425 // Things can't get worse than native code access. | 437 // Things can't get worse than native code access. |
| 426 if (HasEffectiveFullAccess()) | 438 if (HasEffectiveFullAccess()) |
| 427 return false; | 439 return false; |
| (...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 537 } | 549 } |
| 538 | 550 |
| 539 std::set<PermissionMessage> | 551 std::set<PermissionMessage> |
| 540 PermissionSet::GetSimplePermissionMessages() const { | 552 PermissionSet::GetSimplePermissionMessages() const { |
| 541 std::set<PermissionMessage> messages; | 553 std::set<PermissionMessage> messages; |
| 542 PermissionsInfo* info = PermissionsInfo::GetInstance(); | 554 PermissionsInfo* info = PermissionsInfo::GetInstance(); |
| 543 for (APIPermissionSet::const_iterator i = apis_.begin(); | 555 for (APIPermissionSet::const_iterator i = apis_.begin(); |
| 544 i != apis_.end(); ++i) { | 556 i != apis_.end(); ++i) { |
| 545 DCHECK_GT(PermissionMessage::kNone, | 557 DCHECK_GT(PermissionMessage::kNone, |
| 546 PermissionMessage::kUnknown); | 558 PermissionMessage::kUnknown); |
| 547 APIPermission* perm = info->GetByID(*i); | 559 APIPermission* perm = info->GetByID(i->id()); |
| 548 if (perm && perm->message_id() > PermissionMessage::kNone) | 560 if (perm && perm->message_id() > PermissionMessage::kNone) |
| 549 messages.insert(perm->GetMessage_()); | 561 messages.insert(perm->GetMessage_()); |
| 550 } | 562 } |
| 551 return messages; | 563 return messages; |
| 552 } | 564 } |
| 553 | 565 |
| 554 bool PermissionSet::HasLessAPIPrivilegesThan( | 566 bool PermissionSet::HasLessAPIPrivilegesThan( |
| 555 const PermissionSet* permissions) const { | 567 const PermissionSet* permissions) const { |
| 556 if (permissions == NULL) | 568 if (permissions == NULL) |
| 557 return false; | 569 return false; |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 591 std::set<std::string> new_hosts_only; | 603 std::set<std::string> new_hosts_only; |
| 592 | 604 |
| 593 std::set_difference(new_hosts_set.begin(), new_hosts_set.end(), | 605 std::set_difference(new_hosts_set.begin(), new_hosts_set.end(), |
| 594 old_hosts_set.begin(), old_hosts_set.end(), | 606 old_hosts_set.begin(), old_hosts_set.end(), |
| 595 std::inserter(new_hosts_only, new_hosts_only.begin())); | 607 std::inserter(new_hosts_only, new_hosts_only.begin())); |
| 596 | 608 |
| 597 return !new_hosts_only.empty(); | 609 return !new_hosts_only.empty(); |
| 598 } | 610 } |
| 599 | 611 |
| 600 } // namespace extensions | 612 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10692160:
Support socket endpoint permissions for AppsV2 Socket API. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master