OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ | 5 #ifndef CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ |
6 #define CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ | 6 #define CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <map> | 9 #include <map> |
10 #include <set> | 10 #include <set> |
11 #include <string> | 11 #include <string> |
12 #include <vector> | 12 #include <vector> |
13 | 13 |
14 #include "base/gtest_prod_util.h" | 14 #include "base/gtest_prod_util.h" |
15 #include "base/memory/singleton.h" | 15 #include "base/memory/singleton.h" |
| 16 #include "base/memory/ref_counted.h" |
16 #include "base/scoped_ptr.h" | 17 #include "base/scoped_ptr.h" |
17 #include "base/string16.h" | 18 #include "base/string16.h" |
18 #include "chrome/common/extensions/url_pattern_set.h" | 19 #include "chrome/common/extensions/url_pattern_set.h" |
19 | 20 |
20 class Extension; | 21 class Extension; |
21 class ExtensionPrefs; | 22 class ExtensionPrefs; |
22 | 23 |
23 // When prompting the user to install or approve permissions, we display | 24 // When prompting the user to install or approve permissions, we display |
24 // messages describing the effects of the permissions rather than listing the | 25 // messages describing the effects of the permissions rather than listing the |
25 // permissions themselves. Each ExtensionPermissionMessage represents one of the | 26 // permissions themselves. Each ExtensionPermissionMessage represents one of the |
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
114 kNotification, | 115 kNotification, |
115 kProxy, | 116 kProxy, |
116 kTab, | 117 kTab, |
117 kTts, | 118 kTts, |
118 kTtsEngine, | 119 kTtsEngine, |
119 kUnlimitedStorage, | 120 kUnlimitedStorage, |
120 kWebSocketProxyPrivate, | 121 kWebSocketProxyPrivate, |
121 kWebstorePrivate, | 122 kWebstorePrivate, |
122 kDevtools, | 123 kDevtools, |
123 kPlugin, | 124 kPlugin, |
| 125 kPermissions, |
124 kEnumBoundary | 126 kEnumBoundary |
125 }; | 127 }; |
126 | 128 |
127 typedef std::set<ID> IDSet; | 129 typedef std::set<ID> IDSet; |
128 | 130 |
129 ~ExtensionAPIPermission(); | 131 ~ExtensionAPIPermission(); |
130 | 132 |
131 // Returns the localized permission message associated with this api. | 133 // Returns the localized permission message associated with this api. |
132 ExtensionPermissionMessage GetMessage() const; | 134 ExtensionPermissionMessage GetMessage() const; |
133 | 135 |
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
259 size_t hosted_app_permission_count_; | 261 size_t hosted_app_permission_count_; |
260 size_t permission_count_; | 262 size_t permission_count_; |
261 | 263 |
262 friend struct DefaultSingletonTraits<ExtensionPermissionsInfo>; | 264 friend struct DefaultSingletonTraits<ExtensionPermissionsInfo>; |
263 DISALLOW_COPY_AND_ASSIGN(ExtensionPermissionsInfo); | 265 DISALLOW_COPY_AND_ASSIGN(ExtensionPermissionsInfo); |
264 }; | 266 }; |
265 | 267 |
266 // The ExtensionPermissionSet is an immutable class that encapsulates an | 268 // The ExtensionPermissionSet is an immutable class that encapsulates an |
267 // extension's permissions. The class exposes set operations for combining and | 269 // extension's permissions. The class exposes set operations for combining and |
268 // manipulating the permissions. | 270 // manipulating the permissions. |
269 class ExtensionPermissionSet { | 271 class ExtensionPermissionSet |
| 272 : public base::RefCountedThreadSafe<ExtensionPermissionSet> { |
270 public: | 273 public: |
271 // Creates an empty permission set (e.g. default permissions). | 274 // Creates an empty permission set (e.g. default permissions). |
272 ExtensionPermissionSet(); | 275 ExtensionPermissionSet(); |
273 | 276 |
274 // Creates a new permission set based on the |extension| manifest data, and | 277 // Creates a new permission set based on the |extension| manifest data, and |
275 // the api and host permissions (|apis| and |hosts|). The effective hosts | 278 // the api and host permissions (|apis| and |hosts|). The effective hosts |
276 // of the newly created permission set will be inferred from the |extension| | 279 // of the newly created permission set will be inferred from the |extension| |
277 // manifest, |apis| and |hosts|. | 280 // manifest, |apis| and |hosts|. |
278 ExtensionPermissionSet(const Extension* extension, | 281 ExtensionPermissionSet(const Extension* extension, |
279 const ExtensionAPIPermissionSet& apis, | 282 const ExtensionAPIPermissionSet& apis, |
280 const URLPatternSet& explicit_hosts); | 283 const URLPatternSet& explicit_hosts); |
281 | 284 |
282 // Creates a new permission set based on the specified data. | 285 // Creates a new permission set based on the specified data. |
283 ExtensionPermissionSet(const ExtensionAPIPermissionSet& apis, | 286 ExtensionPermissionSet(const ExtensionAPIPermissionSet& apis, |
284 const URLPatternSet& explicit_hosts, | 287 const URLPatternSet& explicit_hosts, |
285 const URLPatternSet& scriptable_hosts); | 288 const URLPatternSet& scriptable_hosts); |
286 | 289 |
287 ~ExtensionPermissionSet(); | 290 ~ExtensionPermissionSet(); |
288 | 291 |
| 292 // Creates a new permission set equal to |set1| - |set2|, passing ownership of |
| 293 // the new set to the caller. |
| 294 static ExtensionPermissionSet* CreateDifference( |
| 295 const ExtensionPermissionSet* set1, const ExtensionPermissionSet* set2); |
| 296 |
| 297 // Creates a new permission set equal to the intersection of |set1| and |
| 298 // |set2|, passing ownership of the new set to the caller. |
| 299 static ExtensionPermissionSet* CreateIntersection( |
| 300 const ExtensionPermissionSet* set1, const ExtensionPermissionSet* set2); |
| 301 |
289 // Creates a new permission set equal to the union of |set1| and |set2|. | 302 // Creates a new permission set equal to the union of |set1| and |set2|. |
290 // Passes ownership of the new set to the caller. | 303 // Passes ownership of the new set to the caller. |
291 static ExtensionPermissionSet* CreateUnion( | 304 static ExtensionPermissionSet* CreateUnion( |
292 const ExtensionPermissionSet* set1, const ExtensionPermissionSet* set2); | 305 const ExtensionPermissionSet* set1, const ExtensionPermissionSet* set2); |
293 | 306 |
| 307 bool operator==(const ExtensionPermissionSet& rhs) const; |
| 308 |
| 309 // Returns true if |set| is a subset of this. |
| 310 bool Contains(const ExtensionPermissionSet& set) const; |
| 311 |
294 // Gets the API permissions in this set as a set of strings. | 312 // Gets the API permissions in this set as a set of strings. |
295 std::set<std::string> GetAPIsAsStrings() const; | 313 std::set<std::string> GetAPIsAsStrings() const; |
296 | 314 |
297 // Gets a list of the distinct hosts for displaying to the user. | 315 // Gets a list of the distinct hosts for displaying to the user. |
298 // NOTE: do not use this for comparing permissions, since this disgards some | 316 // NOTE: do not use this for comparing permissions, since this disgards some |
299 // information. | 317 // information. |
300 std::set<std::string> GetDistinctHostsForDisplay() const; | 318 std::set<std::string> GetDistinctHostsForDisplay() const; |
301 | 319 |
302 // Gets the localized permission messages that represent this set. | 320 // Gets the localized permission messages that represent this set. |
303 ExtensionPermissionMessages GetPermissionMessages() const; | 321 ExtensionPermissionMessages GetPermissionMessages() const; |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
346 const URLPatternSet& effective_hosts() const { return effective_hosts_; } | 364 const URLPatternSet& effective_hosts() const { return effective_hosts_; } |
347 | 365 |
348 const URLPatternSet& explicit_hosts() const { return explicit_hosts_; } | 366 const URLPatternSet& explicit_hosts() const { return explicit_hosts_; } |
349 | 367 |
350 const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; } | 368 const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; } |
351 | 369 |
352 private: | 370 private: |
353 FRIEND_TEST_ALL_PREFIXES(ExtensionPermissionSetTest, | 371 FRIEND_TEST_ALL_PREFIXES(ExtensionPermissionSetTest, |
354 HasLessHostPrivilegesThan); | 372 HasLessHostPrivilegesThan); |
355 | 373 |
| 374 friend class base::RefCountedThreadSafe<ExtensionPermissionSet>; |
| 375 |
356 static std::set<std::string> GetDistinctHosts( | 376 static std::set<std::string> GetDistinctHosts( |
357 const URLPatternSet& host_patterns, bool include_rcd); | 377 const URLPatternSet& host_patterns, bool include_rcd); |
358 | 378 |
359 // Initializes the set based on |extension|'s manifest data. | 379 // Initializes the set based on |extension|'s manifest data. |
360 void InitImplicitExtensionPermissions(const Extension* extension); | 380 void InitImplicitExtensionPermissions(const Extension* extension); |
361 | 381 |
362 // Initializes the effective host permission based on the data in this set. | 382 // Initializes the effective host permission based on the data in this set. |
363 void InitEffectiveHosts(); | 383 void InitEffectiveHosts(); |
364 | 384 |
365 // Gets the permission messages for the API permissions. | 385 // Gets the permission messages for the API permissions. |
366 std::set<ExtensionPermissionMessage> GetSimplePermissionMessages() const; | 386 std::set<ExtensionPermissionMessage> GetSimplePermissionMessages() const; |
367 | 387 |
368 // Returns true if |permissions| has an elevated API privilege level than | 388 // Returns true if |permissions| has an elevated API privilege level than |
369 // this set. | 389 // this set. |
370 bool HasLessAPIPrivilegesThan( | 390 bool HasLessAPIPrivilegesThan( |
371 const ExtensionPermissionSet* permissions) const; | 391 const ExtensionPermissionSet* permissions) const; |
372 | 392 |
373 // Returns true if |permissions| has more host permissions compared to this | 393 // Returns true if |permissions| has more host permissions compared to this |
374 // set. | 394 // set. |
375 bool HasLessHostPrivilegesThan( | 395 bool HasLessHostPrivilegesThan( |
376 const ExtensionPermissionSet* permissions) const; | 396 const ExtensionPermissionSet* permissions) const; |
377 | 397 |
378 // The api list is used when deciding if an extension can access certain | 398 // The api list is used when deciding if an extension can access certain |
379 // extension APIs and features. | 399 // extension APIs and features. |
380 ExtensionAPIPermissionSet apis_; | 400 ExtensionAPIPermissionSet apis_; |
381 | 401 |
382 // The list of hosts that can be accessed directly from the extension. | 402 // The list of hosts that can be accessed directly from the extension. |
| 403 // TODO(jstritar): Rename to "hosts_"? |
383 URLPatternSet explicit_hosts_; | 404 URLPatternSet explicit_hosts_; |
384 | 405 |
385 // The list of hosts that can be scripted by content scripts. | 406 // The list of hosts that can be scripted by content scripts. |
| 407 // TODO(jstritar): Rename to "user_script_hosts_"? |
386 URLPatternSet scriptable_hosts_; | 408 URLPatternSet scriptable_hosts_; |
387 | 409 |
388 // The list of hosts this effectively grants access to. | 410 // The list of hosts this effectively grants access to. |
389 URLPatternSet effective_hosts_; | 411 URLPatternSet effective_hosts_; |
390 }; | 412 }; |
391 | 413 |
392 #endif // CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ | 414 #endif // CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ |
OLD | NEW |