| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ | 5 #ifndef CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ |
| 6 #define CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ | 6 #define CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <map> | 9 #include <map> |
| 10 #include <set> | 10 #include <set> |
| 11 #include <string> | 11 #include <string> |
| 12 #include <vector> | 12 #include <vector> |
| 13 | 13 |
| 14 #include "base/gtest_prod_util.h" | 14 #include "base/gtest_prod_util.h" |
| 15 #include "base/memory/singleton.h" | 15 #include "base/memory/singleton.h" |
| 16 #include "base/memory/ref_counted.h" |
| 16 #include "base/scoped_ptr.h" | 17 #include "base/scoped_ptr.h" |
| 17 #include "base/string16.h" | 18 #include "base/string16.h" |
| 18 #include "chrome/common/extensions/url_pattern_set.h" | 19 #include "chrome/common/extensions/url_pattern_set.h" |
| 19 | 20 |
| 20 class Extension; | 21 class Extension; |
| 21 class ExtensionPrefs; | 22 class ExtensionPrefs; |
| 22 | 23 |
| 23 // When prompting the user to install or approve permissions, we display | 24 // When prompting the user to install or approve permissions, we display |
| 24 // messages describing the effects of the permissions rather than listing the | 25 // messages describing the effects of the permissions rather than listing the |
| 25 // permissions themselves. Each ExtensionPermissionMessage represents one of the | 26 // permissions themselves. Each ExtensionPermissionMessage represents one of the |
| (...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 111 kManagement, | 112 kManagement, |
| 112 kMediaPlayerPrivate, | 113 kMediaPlayerPrivate, |
| 113 kNotification, | 114 kNotification, |
| 114 kProxy, | 115 kProxy, |
| 115 kTab, | 116 kTab, |
| 116 kUnlimitedStorage, | 117 kUnlimitedStorage, |
| 117 kWebSocketProxyPrivate, | 118 kWebSocketProxyPrivate, |
| 118 kWebstorePrivate, | 119 kWebstorePrivate, |
| 119 kDevtools, | 120 kDevtools, |
| 120 kPlugin, | 121 kPlugin, |
| 122 kPermissions, |
| 121 kEnumBoundary | 123 kEnumBoundary |
| 122 }; | 124 }; |
| 123 | 125 |
| 124 typedef std::set<ID> IDSet; | 126 typedef std::set<ID> IDSet; |
| 125 | 127 |
| 126 ~ExtensionAPIPermission(); | 128 ~ExtensionAPIPermission(); |
| 127 | 129 |
| 128 // Returns the localized permission message associated with this api. | 130 // Returns the localized permission message associated with this api. |
| 129 ExtensionPermissionMessage GetMessage() const; | 131 ExtensionPermissionMessage GetMessage() const; |
| 130 | 132 |
| (...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 256 size_t hosted_app_permission_count_; | 258 size_t hosted_app_permission_count_; |
| 257 size_t permission_count_; | 259 size_t permission_count_; |
| 258 | 260 |
| 259 friend struct DefaultSingletonTraits<ExtensionPermissionsInfo>; | 261 friend struct DefaultSingletonTraits<ExtensionPermissionsInfo>; |
| 260 DISALLOW_COPY_AND_ASSIGN(ExtensionPermissionsInfo); | 262 DISALLOW_COPY_AND_ASSIGN(ExtensionPermissionsInfo); |
| 261 }; | 263 }; |
| 262 | 264 |
| 263 // The ExtensionPermissionSet is an immutable class that encapsulates an | 265 // The ExtensionPermissionSet is an immutable class that encapsulates an |
| 264 // extension's permissions. The class exposes set operations for combining and | 266 // extension's permissions. The class exposes set operations for combining and |
| 265 // manipulating the permissions. | 267 // manipulating the permissions. |
| 266 class ExtensionPermissionSet { | 268 class ExtensionPermissionSet |
| 269 : public base::RefCountedThreadSafe<ExtensionPermissionSet> { |
| 267 public: | 270 public: |
| 268 // Creates an empty permission set (e.g. default permissions). | 271 // Creates an empty permission set (e.g. default permissions). |
| 269 ExtensionPermissionSet(); | 272 ExtensionPermissionSet(); |
| 270 | 273 |
| 271 // Creates a new permission set based on the |extension| manifest data, and | 274 // Creates a new permission set based on the |extension| manifest data, and |
| 272 // the api and host permissions (|apis| and |hosts|). The effective hosts | 275 // the api and host permissions (|apis| and |hosts|). The effective hosts |
| 273 // of the newly created permission set will be inferred from the |extension| | 276 // of the newly created permission set will be inferred from the |extension| |
| 274 // manifest, |apis| and |hosts|. | 277 // manifest, |apis| and |hosts|. |
| 275 ExtensionPermissionSet(const Extension* extension, | 278 ExtensionPermissionSet(const Extension* extension, |
| 276 const ExtensionAPIPermissionSet& apis, | 279 const ExtensionAPIPermissionSet& apis, |
| 277 const URLPatternSet& explicit_hosts); | 280 const URLPatternSet& explicit_hosts); |
| 278 | 281 |
| 279 // Creates a new permission set based on the specified data. | 282 // Creates a new permission set based on the specified data. |
| 280 ExtensionPermissionSet(const ExtensionAPIPermissionSet& apis, | 283 ExtensionPermissionSet(const ExtensionAPIPermissionSet& apis, |
| 281 const URLPatternSet& explicit_hosts, | 284 const URLPatternSet& explicit_hosts, |
| 282 const URLPatternSet& scriptable_hosts); | 285 const URLPatternSet& scriptable_hosts); |
| 283 | 286 |
| 284 ~ExtensionPermissionSet(); | 287 ~ExtensionPermissionSet(); |
| 285 | 288 |
| 289 // Creates a new permission set equal to |set1| - |set2|, passing ownership of |
| 290 // the new set to the caller. |
| 291 static ExtensionPermissionSet* CreateDifference( |
| 292 const ExtensionPermissionSet* set1, const ExtensionPermissionSet* set2); |
| 293 |
| 294 // Creates a new permission set equal to the intersection of |set1| and |
| 295 // |set2|, passing ownership of the new set to the caller. |
| 296 static ExtensionPermissionSet* CreateIntersection( |
| 297 const ExtensionPermissionSet* set1, const ExtensionPermissionSet* set2); |
| 298 |
| 286 // Creates a new permission set equal to the union of |set1| and |set2|. | 299 // Creates a new permission set equal to the union of |set1| and |set2|. |
| 287 // Passes ownership of the new set to the caller. | 300 // Passes ownership of the new set to the caller. |
| 288 static ExtensionPermissionSet* CreateUnion( | 301 static ExtensionPermissionSet* CreateUnion( |
| 289 const ExtensionPermissionSet* set1, const ExtensionPermissionSet* set2); | 302 const ExtensionPermissionSet* set1, const ExtensionPermissionSet* set2); |
| 290 | 303 |
| 304 bool operator==(const ExtensionPermissionSet& rhs) const; |
| 305 |
| 306 // Returns true if |set| is a subset of this. |
| 307 bool Contains(const ExtensionPermissionSet& set) const; |
| 308 |
| 291 // Gets the API permissions in this set as a set of strings. | 309 // Gets the API permissions in this set as a set of strings. |
| 292 std::set<std::string> GetAPIsAsStrings() const; | 310 std::set<std::string> GetAPIsAsStrings() const; |
| 293 | 311 |
| 294 // Gets a list of the distinct hosts for displaying to the user. | 312 // Gets a list of the distinct hosts for displaying to the user. |
| 295 // NOTE: do not use this for comparing permissions, since this disgards some | 313 // NOTE: do not use this for comparing permissions, since this disgards some |
| 296 // information. | 314 // information. |
| 297 std::set<std::string> GetDistinctHostsForDisplay() const; | 315 std::set<std::string> GetDistinctHostsForDisplay() const; |
| 298 | 316 |
| 299 // Gets the localized permission messages that represent this set. | 317 // Gets the localized permission messages that represent this set. |
| 300 ExtensionPermissionMessages GetPermissionMessages() const; | 318 ExtensionPermissionMessages GetPermissionMessages() const; |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 343 const URLPatternSet& effective_hosts() const { return effective_hosts_; } | 361 const URLPatternSet& effective_hosts() const { return effective_hosts_; } |
| 344 | 362 |
| 345 const URLPatternSet& explicit_hosts() const { return explicit_hosts_; } | 363 const URLPatternSet& explicit_hosts() const { return explicit_hosts_; } |
| 346 | 364 |
| 347 const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; } | 365 const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; } |
| 348 | 366 |
| 349 private: | 367 private: |
| 350 FRIEND_TEST_ALL_PREFIXES(ExtensionPermissionSetTest, | 368 FRIEND_TEST_ALL_PREFIXES(ExtensionPermissionSetTest, |
| 351 HasLessHostPrivilegesThan); | 369 HasLessHostPrivilegesThan); |
| 352 | 370 |
| 371 friend class base::RefCountedThreadSafe<ExtensionPermissionSet>; |
| 372 |
| 353 static std::set<std::string> GetDistinctHosts( | 373 static std::set<std::string> GetDistinctHosts( |
| 354 const URLPatternSet& host_patterns, bool include_rcd); | 374 const URLPatternSet& host_patterns, bool include_rcd); |
| 355 | 375 |
| 356 // Initializes the set based on |extension|'s manifest data. | 376 // Initializes the set based on |extension|'s manifest data. |
| 357 void InitImplicitExtensionPermissions(const Extension* extension); | 377 void InitImplicitExtensionPermissions(const Extension* extension); |
| 358 | 378 |
| 359 // Initializes the effective host permission based on the data in this set. | 379 // Initializes the effective host permission based on the data in this set. |
| 360 void InitEffectiveHosts(); | 380 void InitEffectiveHosts(); |
| 361 | 381 |
| 362 // Gets the permission messages for the API permissions. | 382 // Gets the permission messages for the API permissions. |
| 363 std::set<ExtensionPermissionMessage> GetSimplePermissionMessages() const; | 383 std::set<ExtensionPermissionMessage> GetSimplePermissionMessages() const; |
| 364 | 384 |
| 365 // Returns true if |permissions| has an elevated API privilege level than | 385 // Returns true if |permissions| has an elevated API privilege level than |
| 366 // this set. | 386 // this set. |
| 367 bool HasLessAPIPrivilegesThan( | 387 bool HasLessAPIPrivilegesThan( |
| 368 const ExtensionPermissionSet* permissions) const; | 388 const ExtensionPermissionSet* permissions) const; |
| 369 | 389 |
| 370 // Returns true if |permissions| has more host permissions compared to this | 390 // Returns true if |permissions| has more host permissions compared to this |
| 371 // set. | 391 // set. |
| 372 bool HasLessHostPrivilegesThan( | 392 bool HasLessHostPrivilegesThan( |
| 373 const ExtensionPermissionSet* permissions) const; | 393 const ExtensionPermissionSet* permissions) const; |
| 374 | 394 |
| 375 // The api list is used when deciding if an extension can access certain | 395 // The api list is used when deciding if an extension can access certain |
| 376 // extension APIs and features. | 396 // extension APIs and features. |
| 377 ExtensionAPIPermissionSet apis_; | 397 ExtensionAPIPermissionSet apis_; |
| 378 | 398 |
| 379 // The list of hosts that can be accessed directly from the extension. | 399 // The list of hosts that can be accessed directly from the extension. |
| 400 // TODO(jstritar): Rename to "hosts_"? |
| 380 URLPatternSet explicit_hosts_; | 401 URLPatternSet explicit_hosts_; |
| 381 | 402 |
| 382 // The list of hosts that can be scripted by content scripts. | 403 // The list of hosts that can be scripted by content scripts. |
| 404 // TODO(jstritar): Rename to "user_script_hosts_"? |
| 383 URLPatternSet scriptable_hosts_; | 405 URLPatternSet scriptable_hosts_; |
| 384 | 406 |
| 385 // The list of hosts this effectively grants access to. | 407 // The list of hosts this effectively grants access to. |
| 386 URLPatternSet effective_hosts_; | 408 URLPatternSet effective_hosts_; |
| 387 }; | 409 }; |
| 388 | 410 |
| 389 #endif // CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ | 411 #endif // CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7432006:
Add an experimental permissions API for extensions. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src