| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/extensions/permissions/permission_set.h" | 5 #include "chrome/common/extensions/permissions/permission_set.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <iterator> | 8 #include <iterator> |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 121 | 121 |
| 122 // static | 122 // static |
| 123 PermissionSet* PermissionSet::CreateDifference( | 123 PermissionSet* PermissionSet::CreateDifference( |
| 124 const PermissionSet* set1, | 124 const PermissionSet* set1, |
| 125 const PermissionSet* set2) { | 125 const PermissionSet* set2) { |
| 126 scoped_refptr<PermissionSet> empty = new PermissionSet(); | 126 scoped_refptr<PermissionSet> empty = new PermissionSet(); |
| 127 const PermissionSet* set1_safe = (set1 == NULL) ? empty : set1; | 127 const PermissionSet* set1_safe = (set1 == NULL) ? empty : set1; |
| 128 const PermissionSet* set2_safe = (set2 == NULL) ? empty : set2; | 128 const PermissionSet* set2_safe = (set2 == NULL) ? empty : set2; |
| 129 | 129 |
| 130 APIPermissionSet apis; | 130 APIPermissionSet apis; |
| 131 std::set_difference(set1_safe->apis().begin(), set1_safe->apis().end(), | 131 APIPermissionSet::Difference(set1_safe->apis(), set2_safe->apis(), &apis); |
| 132 set2_safe->apis().begin(), set2_safe->apis().end(), | |
| 133 std::insert_iterator<APIPermissionSet>( | |
| 134 apis, apis.begin())); | |
| 135 | 132 |
| 136 URLPatternSet explicit_hosts; | 133 URLPatternSet explicit_hosts; |
| 137 URLPatternSet::CreateDifference(set1_safe->explicit_hosts(), | 134 URLPatternSet::CreateDifference(set1_safe->explicit_hosts(), |
| 138 set2_safe->explicit_hosts(), | 135 set2_safe->explicit_hosts(), |
| 139 &explicit_hosts); | 136 &explicit_hosts); |
| 140 | 137 |
| 141 URLPatternSet scriptable_hosts; | 138 URLPatternSet scriptable_hosts; |
| 142 URLPatternSet::CreateDifference(set1_safe->scriptable_hosts(), | 139 URLPatternSet::CreateDifference(set1_safe->scriptable_hosts(), |
| 143 set2_safe->scriptable_hosts(), | 140 set2_safe->scriptable_hosts(), |
| 144 &scriptable_hosts); | 141 &scriptable_hosts); |
| 145 | 142 |
| 146 return new PermissionSet(apis, explicit_hosts, scriptable_hosts); | 143 return new PermissionSet(apis, explicit_hosts, scriptable_hosts); |
| 147 } | 144 } |
| 148 | 145 |
| 149 // static | 146 // static |
| 150 PermissionSet* PermissionSet::CreateIntersection( | 147 PermissionSet* PermissionSet::CreateIntersection( |
| 151 const PermissionSet* set1, | 148 const PermissionSet* set1, |
| 152 const PermissionSet* set2) { | 149 const PermissionSet* set2) { |
| 153 scoped_refptr<PermissionSet> empty = new PermissionSet(); | 150 scoped_refptr<PermissionSet> empty = new PermissionSet(); |
| 154 const PermissionSet* set1_safe = (set1 == NULL) ? empty : set1; | 151 const PermissionSet* set1_safe = (set1 == NULL) ? empty : set1; |
| 155 const PermissionSet* set2_safe = (set2 == NULL) ? empty : set2; | 152 const PermissionSet* set2_safe = (set2 == NULL) ? empty : set2; |
| 156 | 153 |
| 157 APIPermissionSet apis; | 154 APIPermissionSet apis; |
| 158 std::set_intersection(set1_safe->apis().begin(), set1_safe->apis().end(), | 155 APIPermissionSet::Intersection(set1_safe->apis(), set2_safe->apis(), &apis); |
| 159 set2_safe->apis().begin(), set2_safe->apis().end(), | 156 |
| 160 std::insert_iterator<APIPermissionSet>( | |
| 161 apis, apis.begin())); | |
| 162 URLPatternSet explicit_hosts; | 157 URLPatternSet explicit_hosts; |
| 163 URLPatternSet::CreateIntersection(set1_safe->explicit_hosts(), | 158 URLPatternSet::CreateIntersection(set1_safe->explicit_hosts(), |
| 164 set2_safe->explicit_hosts(), | 159 set2_safe->explicit_hosts(), |
| 165 &explicit_hosts); | 160 &explicit_hosts); |
| 166 | 161 |
| 167 URLPatternSet scriptable_hosts; | 162 URLPatternSet scriptable_hosts; |
| 168 URLPatternSet::CreateIntersection(set1_safe->scriptable_hosts(), | 163 URLPatternSet::CreateIntersection(set1_safe->scriptable_hosts(), |
| 169 set2_safe->scriptable_hosts(), | 164 set2_safe->scriptable_hosts(), |
| 170 &scriptable_hosts); | 165 &scriptable_hosts); |
| 171 | 166 |
| 172 return new PermissionSet(apis, explicit_hosts, scriptable_hosts); | 167 return new PermissionSet(apis, explicit_hosts, scriptable_hosts); |
| 173 } | 168 } |
| 174 | 169 |
| 175 // static | 170 // static |
| 176 PermissionSet* PermissionSet::CreateUnion( | 171 PermissionSet* PermissionSet::CreateUnion( |
| 177 const PermissionSet* set1, | 172 const PermissionSet* set1, |
| 178 const PermissionSet* set2) { | 173 const PermissionSet* set2) { |
| 179 scoped_refptr<PermissionSet> empty = new PermissionSet(); | 174 scoped_refptr<PermissionSet> empty = new PermissionSet(); |
| 180 const PermissionSet* set1_safe = (set1 == NULL) ? empty : set1; | 175 const PermissionSet* set1_safe = (set1 == NULL) ? empty : set1; |
| 181 const PermissionSet* set2_safe = (set2 == NULL) ? empty : set2; | 176 const PermissionSet* set2_safe = (set2 == NULL) ? empty : set2; |
| 182 | 177 |
| 183 APIPermissionSet apis; | 178 APIPermissionSet apis; |
| 184 std::set_union(set1_safe->apis().begin(), set1_safe->apis().end(), | 179 APIPermissionSet::Union(set1_safe->apis(), set2_safe->apis(), &apis); |
| 185 set2_safe->apis().begin(), set2_safe->apis().end(), | |
| 186 std::insert_iterator<APIPermissionSet>( | |
| 187 apis, apis.begin())); | |
| 188 | 180 |
| 189 URLPatternSet explicit_hosts; | 181 URLPatternSet explicit_hosts; |
| 190 URLPatternSet::CreateUnion(set1_safe->explicit_hosts(), | 182 URLPatternSet::CreateUnion(set1_safe->explicit_hosts(), |
| 191 set2_safe->explicit_hosts(), | 183 set2_safe->explicit_hosts(), |
| 192 &explicit_hosts); | 184 &explicit_hosts); |
| 193 | 185 |
| 194 URLPatternSet scriptable_hosts; | 186 URLPatternSet scriptable_hosts; |
| 195 URLPatternSet::CreateUnion(set1_safe->scriptable_hosts(), | 187 URLPatternSet::CreateUnion(set1_safe->scriptable_hosts(), |
| 196 set2_safe->scriptable_hosts(), | 188 set2_safe->scriptable_hosts(), |
| 197 &scriptable_hosts); | 189 &scriptable_hosts); |
| 198 | 190 |
| 199 return new PermissionSet(apis, explicit_hosts, scriptable_hosts); | 191 return new PermissionSet(apis, explicit_hosts, scriptable_hosts); |
| 200 } | 192 } |
| 201 | 193 |
| 202 bool PermissionSet::operator==( | 194 bool PermissionSet::operator==( |
| 203 const PermissionSet& rhs) const { | 195 const PermissionSet& rhs) const { |
| 204 return apis_ == rhs.apis_ && | 196 return apis_ == rhs.apis_ && |
| 205 scriptable_hosts_ == rhs.scriptable_hosts_ && | 197 scriptable_hosts_ == rhs.scriptable_hosts_ && |
| 206 explicit_hosts_ == rhs.explicit_hosts_; | 198 explicit_hosts_ == rhs.explicit_hosts_; |
| 207 } | 199 } |
| 208 | 200 |
| 209 bool PermissionSet::Contains(const PermissionSet& set) const { | 201 bool PermissionSet::Contains(const PermissionSet& set) const { |
| 210 // Every set includes the empty set. | 202 // Every set includes the empty set. |
| 211 if (set.IsEmpty()) | 203 if (set.IsEmpty()) |
| 212 return true; | 204 return true; |
| 213 | 205 |
| 214 if (!std::includes(apis_.begin(), apis_.end(), | 206 APIPermissionSet::const_iterator first1 = apis_.begin(); |
| 215 set.apis().begin(), set.apis().end())) | 207 APIPermissionSet::const_iterator first2 = set.apis().begin(); |
| 216 return false; | 208 APIPermissionSet::const_iterator end1 = apis_.end(); |
| 209 APIPermissionSet::const_iterator end2 = set.apis().end(); |
| 210 |
| 211 while (first1 != end1 && first2 != end2) { |
| 212 if (first1->id() > first2->id()) { |
| 213 return false; |
| 214 } else if (first1->id() < first2->id()) { |
| 215 ++first1; |
| 216 } else { |
| 217 if (!first1->Contains(*first2)) |
| 218 return false; |
| 219 first1++; |
| 220 first2++; |
| 221 } |
| 222 } |
| 217 | 223 |
| 218 if (!explicit_hosts().Contains(set.explicit_hosts())) | 224 if (!explicit_hosts().Contains(set.explicit_hosts())) |
| 219 return false; | 225 return false; |
| 220 | 226 |
| 221 if (!scriptable_hosts().Contains(set.scriptable_hosts())) | 227 if (!scriptable_hosts().Contains(set.scriptable_hosts())) |
| 222 return false; | 228 return false; |
| 223 | 229 |
| 224 return true; | 230 return true; |
| 225 } | 231 } |
| 226 | 232 |
| 227 std::set<std::string> PermissionSet::GetAPIsAsStrings() const { | 233 std::set<std::string> PermissionSet::GetAPIsAsStrings() const { |
| 228 PermissionsInfo* info = PermissionsInfo::GetInstance(); | |
| 229 std::set<std::string> apis_str; | 234 std::set<std::string> apis_str; |
| 230 for (APIPermissionSet::const_iterator i = apis_.begin(); | 235 for (APIPermissionSet::const_iterator i = apis_.begin(); |
| 231 i != apis_.end(); ++i) { | 236 i != apis_.end(); ++i) { |
| 232 APIPermission* permission = info->GetByID(*i); | 237 apis_str.insert(i->name()); |
| 233 if (permission) | |
| 234 apis_str.insert(permission->name()); | |
| 235 } | 238 } |
| 236 return apis_str; | 239 return apis_str; |
| 237 } | 240 } |
| 238 | 241 |
| 239 std::set<std::string> PermissionSet:: | 242 std::set<std::string> PermissionSet:: |
| 240 GetAPIsWithAnyAccessAsStrings() const { | 243 GetAPIsWithAnyAccessAsStrings() const { |
| 241 std::set<std::string> result = GetAPIsAsStrings(); | 244 std::set<std::string> result = GetAPIsAsStrings(); |
| 242 for (size_t i = 0; i < kNumNonPermissionModuleNames; ++i) | 245 for (size_t i = 0; i < kNumNonPermissionModuleNames; ++i) |
| 243 result.insert(kNonPermissionModuleNames[i]); | 246 result.insert(kNonPermissionModuleNames[i]); |
| 244 for (size_t i = 0; i < kNumNonPermissionFunctionNames; ++i) | 247 for (size_t i = 0; i < kNumNonPermissionFunctionNames; ++i) |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 328 bool PermissionSet::IsEmpty() const { | 331 bool PermissionSet::IsEmpty() const { |
| 329 // Not default if any host permissions are present. | 332 // Not default if any host permissions are present. |
| 330 if (!(explicit_hosts().is_empty() && scriptable_hosts().is_empty())) | 333 if (!(explicit_hosts().is_empty() && scriptable_hosts().is_empty())) |
| 331 return false; | 334 return false; |
| 332 | 335 |
| 333 // Or if it has no api permissions. | 336 // Or if it has no api permissions. |
| 334 return apis().empty(); | 337 return apis().empty(); |
| 335 } | 338 } |
| 336 | 339 |
| 337 bool PermissionSet::HasAPIPermission( | 340 bool PermissionSet::HasAPIPermission( |
| 338 APIPermission::ID permission) const { | 341 APIPermission::ID id) const { |
| 339 return apis().find(permission) != apis().end(); | 342 return apis().find(id) != apis().end(); |
| 343 } |
| 344 |
| 345 bool PermissionSet::CheckAPIPermission(APIPermission::ID permission) const { |
| 346 return CheckAPIPermissionWithDetail(permission, NULL); |
| 347 } |
| 348 |
| 349 bool PermissionSet::CheckAPIPermissionWithDetail( |
| 350 APIPermission::ID permission, |
| 351 const APIPermissionDetail::DetailParam* detail) const { |
| 352 APIPermissionSet::const_iterator iter = apis().find(permission); |
| 353 if (iter == apis().end()) |
| 354 return false; |
| 355 return iter->Check(detail); |
| 340 } | 356 } |
| 341 | 357 |
| 342 bool PermissionSet::HasAccessToFunction( | 358 bool PermissionSet::HasAccessToFunction( |
| 343 const std::string& function_name) const { | 359 const std::string& function_name) const { |
| 344 // TODO(jstritar): Embed this information in each permission and add a method | 360 // TODO(jstritar): Embed this information in each permission and add a method |
| 345 // like GrantsAccess(function_name) to APIPermission. A "default" | 361 // like GrantsAccess(function_name) to APIPermission. A "default" |
| 346 // permission can then handle the modules and functions that everyone can | 362 // permission can then handle the modules and functions that everyone can |
| 347 // access. | 363 // access. |
| 348 for (size_t i = 0; i < kNumNonPermissionFunctionNames; ++i) { | 364 for (size_t i = 0; i < kNumNonPermissionFunctionNames; ++i) { |
| 349 if (function_name == kNonPermissionFunctionNames[i]) | 365 if (function_name == kNonPermissionFunctionNames[i]) |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 382 // There are two ways this set can have effective access to all hosts: | 398 // There are two ways this set can have effective access to all hosts: |
| 383 // 1) it has an <all_urls> URL pattern. | 399 // 1) it has an <all_urls> URL pattern. |
| 384 // 2) it has a named permission with implied full URL access. | 400 // 2) it has a named permission with implied full URL access. |
| 385 for (URLPatternSet::const_iterator host = effective_hosts().begin(); | 401 for (URLPatternSet::const_iterator host = effective_hosts().begin(); |
| 386 host != effective_hosts().end(); ++host) { | 402 host != effective_hosts().end(); ++host) { |
| 387 if (host->match_all_urls() || | 403 if (host->match_all_urls() || |
| 388 (host->match_subdomains() && host->host().empty())) | 404 (host->match_subdomains() && host->host().empty())) |
| 389 return true; | 405 return true; |
| 390 } | 406 } |
| 391 | 407 |
| 392 PermissionsInfo* info = PermissionsInfo::GetInstance(); | |
| 393 for (APIPermissionSet::const_iterator i = apis().begin(); | 408 for (APIPermissionSet::const_iterator i = apis().begin(); |
| 394 i != apis().end(); ++i) { | 409 i != apis().end(); ++i) { |
| 395 APIPermission* permission = info->GetByID(*i); | 410 if (i->permission()->implies_full_url_access()) |
| 396 if (permission->implies_full_url_access()) | |
| 397 return true; | 411 return true; |
| 398 } | 412 } |
| 399 return false; | 413 return false; |
| 400 } | 414 } |
| 401 | 415 |
| 402 bool PermissionSet::HasEffectiveAccessToURL( | 416 bool PermissionSet::HasEffectiveAccessToURL( |
| 403 const GURL& url) const { | 417 const GURL& url) const { |
| 404 return effective_hosts().MatchesURL(url); | 418 return effective_hosts().MatchesURL(url); |
| 405 } | 419 } |
| 406 | 420 |
| 407 bool PermissionSet::HasEffectiveFullAccess() const { | 421 bool PermissionSet::HasEffectiveFullAccess() const { |
| 408 PermissionsInfo* info = PermissionsInfo::GetInstance(); | |
| 409 for (APIPermissionSet::const_iterator i = apis().begin(); | 422 for (APIPermissionSet::const_iterator i = apis().begin(); |
| 410 i != apis().end(); ++i) { | 423 i != apis().end(); ++i) { |
| 411 APIPermission* permission = info->GetByID(*i); | 424 if (i->permission()->implies_full_access()) |
| 412 if (permission->implies_full_access()) | |
| 413 return true; | 425 return true; |
| 414 } | 426 } |
| 415 return false; | 427 return false; |
| 416 } | 428 } |
| 417 | 429 |
| 418 bool PermissionSet::HasLessPrivilegesThan( | 430 bool PermissionSet::HasLessPrivilegesThan( |
| 419 const PermissionSet* permissions) const { | 431 const PermissionSet* permissions) const { |
| 420 // Things can't get worse than native code access. | 432 // Things can't get worse than native code access. |
| 421 if (HasEffectiveFullAccess()) | 433 if (HasEffectiveFullAccess()) |
| 422 return false; | 434 return false; |
| (...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 532 } | 544 } |
| 533 | 545 |
| 534 std::set<PermissionMessage> | 546 std::set<PermissionMessage> |
| 535 PermissionSet::GetSimplePermissionMessages() const { | 547 PermissionSet::GetSimplePermissionMessages() const { |
| 536 std::set<PermissionMessage> messages; | 548 std::set<PermissionMessage> messages; |
| 537 PermissionsInfo* info = PermissionsInfo::GetInstance(); | 549 PermissionsInfo* info = PermissionsInfo::GetInstance(); |
| 538 for (APIPermissionSet::const_iterator i = apis_.begin(); | 550 for (APIPermissionSet::const_iterator i = apis_.begin(); |
| 539 i != apis_.end(); ++i) { | 551 i != apis_.end(); ++i) { |
| 540 DCHECK_GT(PermissionMessage::kNone, | 552 DCHECK_GT(PermissionMessage::kNone, |
| 541 PermissionMessage::kUnknown); | 553 PermissionMessage::kUnknown); |
| 542 APIPermission* perm = info->GetByID(*i); | 554 APIPermission* perm = info->GetByID(i->id()); |
| 543 if (perm && perm->message_id() > PermissionMessage::kNone) | 555 if (perm && perm->message_id() > PermissionMessage::kNone) |
| 544 messages.insert(perm->GetMessage_()); | 556 messages.insert(perm->GetMessage_()); |
| 545 } | 557 } |
| 546 return messages; | 558 return messages; |
| 547 } | 559 } |
| 548 | 560 |
| 549 bool PermissionSet::HasLessAPIPrivilegesThan( | 561 bool PermissionSet::HasLessAPIPrivilegesThan( |
| 550 const PermissionSet* permissions) const { | 562 const PermissionSet* permissions) const { |
| 551 if (permissions == NULL) | 563 if (permissions == NULL) |
| 552 return false; | 564 return false; |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 586 std::set<std::string> new_hosts_only; | 598 std::set<std::string> new_hosts_only; |
| 587 | 599 |
| 588 std::set_difference(new_hosts_set.begin(), new_hosts_set.end(), | 600 std::set_difference(new_hosts_set.begin(), new_hosts_set.end(), |
| 589 old_hosts_set.begin(), old_hosts_set.end(), | 601 old_hosts_set.begin(), old_hosts_set.end(), |
| 590 std::inserter(new_hosts_only, new_hosts_only.begin())); | 602 std::inserter(new_hosts_only, new_hosts_only.begin())); |
| 591 | 603 |
| 592 return !new_hosts_only.empty(); | 604 return !new_hosts_only.empty(); |
| 593 } | 605 } |
| 594 | 606 |
| 595 } // namespace extensions | 607 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10692160:
Support socket endpoint permissions for AppsV2 Socket API. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master