Add an experimental permissions API for extensions.

chrome/common/extensions/extension.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_COMMON_EXTENSIONS_EXTENSION_H_
 #define CHROME_COMMON_EXTENSIONS_EXTENSION_H_
 #pragma once
 
 #include <map>
 #include <set>
 #include <string>
 #include <vector>
 
 #include "base/file_path.h"
 #include "base/gtest_prod_util.h"
 #include "base/memory/linked_ptr.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/synchronization/lock.h"
 #include "chrome/common/extensions/extension_constants.h"
 #include "chrome/common/extensions/extension_icon_set.h"
 #include "chrome/common/extensions/extension_permission_set.h"
 #include "chrome/common/extensions/user_script.h"
 #include "chrome/common/extensions/url_pattern.h"
 #include "chrome/common/extensions/url_pattern_set.h"
 #include "googleurl/src/gurl.h"
 #include "ui/gfx/size.h"
 
 class ExtensionAction;
@@ skipping 169 matching lines @@
       std::string* error);
 
   // Return the update url used by gallery/webstore extensions.
   static GURL GalleryUpdateUrl(bool secure);
 
   // Given two install sources, return the one which should take priority
   // over the other. If an extension is installed from two sources A and B,
   // its install source should be set to GetHigherPriorityLocation(A, B).
   static Location GetHigherPriorityLocation(Location loc1, Location loc2);
 
-  // Returns the full list of permission messages that this extension
-  // should display at install time.
-  ExtensionPermissionMessages GetPermissionMessages() const;
-
-  // Returns the full list of permission messages that this extension
-  // should display at install time. The messages are returned as strings
-  // for convenience.
-  std::vector<string16> GetPermissionMessageStrings() const;
-
   // Icon sizes used by the extension system.
   static const int kIconSizes[];
 
   // Max size (both dimensions) for browser and page actions.
   static const int kPageActionIconMaxSize;
   static const int kBrowserActionIconMaxSize;
   static const int kSidebarIconMaxSize;
 
   // Valid schemes for web extent URLPatterns.
   static const int kValidWebExtentSchemes;
@@ skipping 137 matching lines @@
   // --apps-gallery-url switch. The URL returned will not contain a trailing
   // slash. Do not use this as a prefix/extent for the store.  Instead see
   // ExtensionService::GetWebStoreApp or
   // ExtensionService::IsDownloadFromGallery
   static std::string ChromeStoreLaunchURL();
 
   // Adds an extension to the scripting whitelist. Used for testing only.
   static void SetScriptingWhitelist(const ScriptingWhitelist& whitelist);
   static const ScriptingWhitelist* GetScriptingWhitelist();
 
+  // Parses the host and api permissions from the specified permission |key|
+  // in the manifest |source|.
+  bool ParsePermissions(const base::DictionaryValue* source,
+                        const char* key,
+                        int flags,
+                        std::string* error,
+                        ExtensionAPIPermissionSet* api_permissions,
+                        URLPatternSet* host_permissions);
+
   bool HasAPIPermission(ExtensionAPIPermission::ID permission) const;
   bool HasAPIPermission(const std::string& function_name) const;
 
   const URLPatternSet& GetEffectiveHostPermissions() const;
 
   // Whether or not the extension is allowed permission for a URL pattern from
   // the manifest.  http, https, and chrome://favicon/ is allowed for all
   // extensions, while component extensions are allowed access to
   // chrome://resources.
   bool CanSpecifyHostPermission(const URLPattern& pattern) const;
 
   // Whether the extension has access to the given URL.
   bool HasHostPermission(const GURL& url) const;
 
   // Whether the extension has effective access to all hosts. This is true if
   // there is a content script that matches all hosts, if there is a host
   // permission grants access to all hosts (like <all_urls>) or an api
   // permission that effectively grants access to all hosts (e.g. proxy,
   // network, etc.)
   bool HasEffectiveAccessToAllHosts() const;
 
   // Whether the extension effectively has all permissions (for example, by
   // having an NPAPI plugin).
   bool HasFullPermissions() const;
 
+  // Returns the full list of permission messages that this extension
+  // should display at install time.
+  ExtensionPermissionMessages GetPermissionMessages() const;
+
+  // Returns the full list of permission messages that this extension
+  // should display at install time. The messages are returned as strings
+  // for convenience.
+  std::vector<string16> GetPermissionMessageStrings() const;
+
+  // Sets the active |permissions|.
+  void SetActivePermissions(const ExtensionPermissionSet* permissions) const;
+
+  // Gets the extension's active permission set.
+  scoped_refptr<const ExtensionPermissionSet> GetActivePermissions() const;
+
   // Whether context menu should be shown for page and browser actions.
   bool ShowConfigureContextMenus() const;
 
   // Returns the Homepage URL for this extension. If homepage_url was not
   // specified in the manifest, this returns the Google Gallery URL. For
   // third-party extensions, this returns a blank GURL.
   GURL GetHomepageURL() const;
 
   // Returns a list of paths (relative to the extension dir) for images that
   // the browser might load (like themes and page action icons).
@@ skipping 74 matching lines @@
   const std::vector<NaClModuleInfo>& nacl_modules() const {
     return nacl_modules_;
   }
   const std::vector<InputComponentInfo>& input_components() const {
     return input_components_;
   }
   const GURL& background_url() const { return background_url_; }
   const GURL& options_url() const { return options_url_; }
   const GURL& devtools_url() const { return devtools_url_; }
   const std::vector<GURL>& toolstrips() const { return toolstrips_; }
-  const ExtensionPermissionSet* permission_set() const {
-    return permission_set_.get();
+  const ExtensionPermissionSet* optional_permission_set() const {
+    return optional_permission_set_.get();
+  }
+  const ExtensionPermissionSet* required_permission_set() const {
+    return required_permission_set_.get();
   }
   const GURL& update_url() const { return update_url_; }
   const ExtensionIconSet& icons() const { return icons_; }
   const base::DictionaryValue* manifest_value() const {
     return manifest_value_.get();
   }
   const std::string default_locale() const { return default_locale_; }
   const URLOverrideMap& GetChromeURLOverrides() const {
     return chrome_url_overrides_;
   }
@@ skipping 33 matching lines @@
 
  private:
   friend class base::RefCountedThreadSafe<Extension>;
 
   // We keep a cache of images loaded from extension resources based on their
   // path and a string representation of a size that may have been used to
   // scale it (or the empty string if the image is at its original size).
   typedef std::pair<FilePath, std::string> ImageCacheKey;
   typedef std::map<ImageCacheKey, SkBitmap> ImageCache;
 
+  class RuntimeData : public base::RefCountedThreadSafe<RuntimeData> {

[Mihai Parparita -not on Chrome, 2011/07/21 21:18:13]

I don't think making this ref counted buys you anything, since you never hand
out instances of it to anyone else, it seems like the lifetime of runtime_data_
is 1:1 with the lifetime of the Extension instance that it's in.

[jstritar, 2011/07/22 19:21:55]

Done.

+   public:
+    RuntimeData();
+    explicit RuntimeData(const ExtensionPermissionSet* active);
+    ~RuntimeData();
+
+    void SetActivePermissions(const ExtensionPermissionSet* active);
+    scoped_refptr<const ExtensionPermissionSet> GetActivePermissions() const;
+
+   private:
+    friend class base::RefCountedThreadSafe<RuntimeData>;
+    scoped_refptr<const ExtensionPermissionSet> active_permissions_;
+  };
+
   // Normalize the path for use by the extension. On Windows, this will make
   // sure the drive letter is uppercase.
   static FilePath MaybeNormalizePath(const FilePath& path);
 
   // Returns true if this extension id is from a trusted provider.
   static bool IsTrustedId(const std::string& id);
 
   Extension(const FilePath& path, Location location);
   ~Extension();
 
@@ skipping 102 matching lines @@
   // Default locale for fall back. Can be empty if extension is not localized.
   std::string default_locale_;
 
   // If true, a separate process will be used for the extension in incognito
   // mode.
   bool incognito_split_mode_;
 
   // Defines the set of URLs in the extension's web content.
   URLPatternSet extent_;
 
-  // The set of permissions that the extension effectively has access to.
-  scoped_ptr<ExtensionPermissionSet> permission_set_;
+  // The extension runtime data.
+  mutable base::Lock runtime_data_lock_;
+  mutable RuntimeData runtime_data_;

[jstritar, 2011/07/19 17:10:53]

I kept this in Extension to simplify these changes, since there are lots of
calls to the Extension methods that access permissions. We could pull this out
of the Extension in a follow up CL if necessary though.

+
+  // The set of permissions the extension can request at runtime.
+  scoped_ptr<const ExtensionPermissionSet> optional_permission_set_;
+
+  // The extension's required / default set of permissions.
+  scoped_ptr<const ExtensionPermissionSet> required_permission_set_;
 
   // The icons for the extension.
   ExtensionIconSet icons_;
 
   // The base extension url for the extension.
   GURL extension_url_;
 
   // The location the extension was loaded from.
   Location location_;
 
@@ skipping 175 matching lines @@
 
   // Was the extension already disabled?
   bool already_disabled;
 
   // The extension being unloaded - this should always be non-NULL.
   const Extension* extension;
 
   UnloadedExtensionInfo(const Extension* extension, Reason reason);
 };
 
+// The details sent for EXTENSION_PERMISSIONS_UPDATED notifications.
+struct UpdatedExtensionPermissionsInfo {
+  enum Reason {
+    ADDED,   // The permissions were added to the extension.
+    REMOVED, // The permissions were removed from the extension.
+  };
+
+  Reason reason;
+
+  // The extension who's permissions have changed.
+  const Extension* extension;
+
+  // The permissions that have changed. For Reason::ADDED, this would contain
+  // only the permissions that have added, and for Reason::REMOVED, this would
+  // only contain the removed permissions.
+  const ExtensionPermissionSet* permissions;
+
+  UpdatedExtensionPermissionsInfo(
+      const Extension* extension,
+      const ExtensionPermissionSet* permissions,
+      Reason reason);
+};
+
 #endif  // CHROME_COMMON_EXTENSIONS_EXTENSION_H_