| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ | 5 #ifndef CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ |
| 6 #define CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ | 6 #define CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <map> | 9 #include <map> |
| 10 #include <set> | 10 #include <set> |
| 11 #include <string> | 11 #include <string> |
| 12 #include <vector> | 12 #include <vector> |
| 13 | 13 |
| 14 #include "base/gtest_prod_util.h" | 14 #include "base/gtest_prod_util.h" |
| 15 #include "base/memory/singleton.h" | 15 #include "base/memory/singleton.h" |
| 16 #include "base/memory/ref_counted.h" |
| 16 #include "base/scoped_ptr.h" | 17 #include "base/scoped_ptr.h" |
| 17 #include "base/string16.h" | 18 #include "base/string16.h" |
| 18 #include "chrome/common/extensions/url_pattern_set.h" | 19 #include "chrome/common/extensions/url_pattern_set.h" |
| 19 | 20 |
| 20 class Extension; | 21 class Extension; |
| 21 class ExtensionPrefs; | 22 class ExtensionPrefs; |
| 22 | 23 |
| 23 // When prompting the user to install or approve permissions, we display | 24 // When prompting the user to install or approve permissions, we display |
| 24 // messages describing the effects of the permissions rather than listing the | 25 // messages describing the effects of the permissions rather than listing the |
| 25 // permissions themselves. Each ExtensionPermissionMessage represents one of the | 26 // permissions themselves. Each ExtensionPermissionMessage represents one of the |
| (...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 114 kNotification, | 115 kNotification, |
| 115 kProxy, | 116 kProxy, |
| 116 kTab, | 117 kTab, |
| 117 kTts, | 118 kTts, |
| 118 kTtsEngine, | 119 kTtsEngine, |
| 119 kUnlimitedStorage, | 120 kUnlimitedStorage, |
| 120 kWebSocketProxyPrivate, | 121 kWebSocketProxyPrivate, |
| 121 kWebstorePrivate, | 122 kWebstorePrivate, |
| 122 kDevtools, | 123 kDevtools, |
| 123 kPlugin, | 124 kPlugin, |
| 125 kPermissions, |
| 124 kEnumBoundary | 126 kEnumBoundary |
| 125 }; | 127 }; |
| 126 | 128 |
| 127 typedef std::set<ID> IDSet; | 129 typedef std::set<ID> IDSet; |
| 128 | 130 |
| 129 ~ExtensionAPIPermission(); | 131 ~ExtensionAPIPermission(); |
| 130 | 132 |
| 131 // Returns the localized permission message associated with this api. | 133 // Returns the localized permission message associated with this api. |
| 132 ExtensionPermissionMessage GetMessage() const; | 134 ExtensionPermissionMessage GetMessage() const; |
| 133 | 135 |
| (...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 259 size_t hosted_app_permission_count_; | 261 size_t hosted_app_permission_count_; |
| 260 size_t permission_count_; | 262 size_t permission_count_; |
| 261 | 263 |
| 262 friend struct DefaultSingletonTraits<ExtensionPermissionsInfo>; | 264 friend struct DefaultSingletonTraits<ExtensionPermissionsInfo>; |
| 263 DISALLOW_COPY_AND_ASSIGN(ExtensionPermissionsInfo); | 265 DISALLOW_COPY_AND_ASSIGN(ExtensionPermissionsInfo); |
| 264 }; | 266 }; |
| 265 | 267 |
| 266 // The ExtensionPermissionSet is an immutable class that encapsulates an | 268 // The ExtensionPermissionSet is an immutable class that encapsulates an |
| 267 // extension's permissions. The class exposes set operations for combining and | 269 // extension's permissions. The class exposes set operations for combining and |
| 268 // manipulating the permissions. | 270 // manipulating the permissions. |
| 269 class ExtensionPermissionSet { | 271 class ExtensionPermissionSet |
| 272 : public base::RefCountedThreadSafe<ExtensionPermissionSet> { |
| 270 public: | 273 public: |
| 271 // Creates an empty permission set (e.g. default permissions). | 274 // Creates an empty permission set (e.g. default permissions). |
| 272 ExtensionPermissionSet(); | 275 ExtensionPermissionSet(); |
| 273 | 276 |
| 274 // Creates a new permission set based on the |extension| manifest data, and | 277 // Creates a new permission set based on the |extension| manifest data, and |
| 275 // the api and host permissions (|apis| and |hosts|). The effective hosts | 278 // the api and host permissions (|apis| and |hosts|). The effective hosts |
| 276 // of the newly created permission set will be inferred from the |extension| | 279 // of the newly created permission set will be inferred from the |extension| |
| 277 // manifest, |apis| and |hosts|. | 280 // manifest, |apis| and |hosts|. |
| 278 ExtensionPermissionSet(const Extension* extension, | 281 ExtensionPermissionSet(const Extension* extension, |
| 279 const ExtensionAPIPermissionSet& apis, | 282 const ExtensionAPIPermissionSet& apis, |
| 280 const URLPatternSet& explicit_hosts); | 283 const URLPatternSet& explicit_hosts); |
| 281 | 284 |
| 282 // Creates a new permission set based on the specified data. | 285 // Creates a new permission set based on the specified data. |
| 283 ExtensionPermissionSet(const ExtensionAPIPermissionSet& apis, | 286 ExtensionPermissionSet(const ExtensionAPIPermissionSet& apis, |
| 284 const URLPatternSet& explicit_hosts, | 287 const URLPatternSet& explicit_hosts, |
| 285 const URLPatternSet& scriptable_hosts); | 288 const URLPatternSet& scriptable_hosts); |
| 286 | 289 |
| 287 ~ExtensionPermissionSet(); | 290 ~ExtensionPermissionSet(); |
| 288 | 291 |
| 292 // Creates a new permission set equal to |set1| - |set2|, passing ownership of |
| 293 // the new set to the caller. |
| 294 static ExtensionPermissionSet* CreateDifference( |
| 295 const ExtensionPermissionSet* set1, const ExtensionPermissionSet* set2); |
| 296 |
| 297 // Creates a new permission set equal to the intersection of |set1| and |
| 298 // |set2|, passing ownership of the new set to the caller. |
| 299 static ExtensionPermissionSet* CreateIntersection( |
| 300 const ExtensionPermissionSet* set1, const ExtensionPermissionSet* set2); |
| 301 |
| 289 // Creates a new permission set equal to the union of |set1| and |set2|. | 302 // Creates a new permission set equal to the union of |set1| and |set2|. |
| 290 // Passes ownership of the new set to the caller. | 303 // Passes ownership of the new set to the caller. |
| 291 static ExtensionPermissionSet* CreateUnion( | 304 static ExtensionPermissionSet* CreateUnion( |
| 292 const ExtensionPermissionSet* set1, const ExtensionPermissionSet* set2); | 305 const ExtensionPermissionSet* set1, const ExtensionPermissionSet* set2); |
| 293 | 306 |
| 307 bool operator==(const ExtensionPermissionSet& rhs) const; |
| 308 |
| 309 // Returns true if |set| is a subset of this. |
| 310 bool Contains(const ExtensionPermissionSet& set) const; |
| 311 |
| 294 // Gets the API permissions in this set as a set of strings. | 312 // Gets the API permissions in this set as a set of strings. |
| 295 std::set<std::string> GetAPIsAsStrings() const; | 313 std::set<std::string> GetAPIsAsStrings() const; |
| 296 | 314 |
| 297 // Gets a list of the distinct hosts for displaying to the user. | 315 // Gets a list of the distinct hosts for displaying to the user. |
| 298 // NOTE: do not use this for comparing permissions, since this disgards some | 316 // NOTE: do not use this for comparing permissions, since this disgards some |
| 299 // information. | 317 // information. |
| 300 std::set<std::string> GetDistinctHostsForDisplay() const; | 318 std::set<std::string> GetDistinctHostsForDisplay() const; |
| 301 | 319 |
| 302 // Gets the localized permission messages that represent this set. | 320 // Gets the localized permission messages that represent this set. |
| 303 ExtensionPermissionMessages GetPermissionMessages() const; | 321 ExtensionPermissionMessages GetPermissionMessages() const; |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 346 const URLPatternSet& effective_hosts() const { return effective_hosts_; } | 364 const URLPatternSet& effective_hosts() const { return effective_hosts_; } |
| 347 | 365 |
| 348 const URLPatternSet& explicit_hosts() const { return explicit_hosts_; } | 366 const URLPatternSet& explicit_hosts() const { return explicit_hosts_; } |
| 349 | 367 |
| 350 const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; } | 368 const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; } |
| 351 | 369 |
| 352 private: | 370 private: |
| 353 FRIEND_TEST_ALL_PREFIXES(ExtensionPermissionSetTest, | 371 FRIEND_TEST_ALL_PREFIXES(ExtensionPermissionSetTest, |
| 354 HasLessHostPrivilegesThan); | 372 HasLessHostPrivilegesThan); |
| 355 | 373 |
| 374 friend class base::RefCountedThreadSafe<ExtensionPermissionSet>; |
| 375 |
| 356 static std::set<std::string> GetDistinctHosts( | 376 static std::set<std::string> GetDistinctHosts( |
| 357 const URLPatternSet& host_patterns, bool include_rcd); | 377 const URLPatternSet& host_patterns, bool include_rcd); |
| 358 | 378 |
| 359 // Initializes the set based on |extension|'s manifest data. | 379 // Initializes the set based on |extension|'s manifest data. |
| 360 void InitImplicitExtensionPermissions(const Extension* extension); | 380 void InitImplicitExtensionPermissions(const Extension* extension); |
| 361 | 381 |
| 362 // Initializes the effective host permission based on the data in this set. | 382 // Initializes the effective host permission based on the data in this set. |
| 363 void InitEffectiveHosts(); | 383 void InitEffectiveHosts(); |
| 364 | 384 |
| 365 // Gets the permission messages for the API permissions. | 385 // Gets the permission messages for the API permissions. |
| 366 std::set<ExtensionPermissionMessage> GetSimplePermissionMessages() const; | 386 std::set<ExtensionPermissionMessage> GetSimplePermissionMessages() const; |
| 367 | 387 |
| 368 // Returns true if |permissions| has an elevated API privilege level than | 388 // Returns true if |permissions| has an elevated API privilege level than |
| 369 // this set. | 389 // this set. |
| 370 bool HasLessAPIPrivilegesThan( | 390 bool HasLessAPIPrivilegesThan( |
| 371 const ExtensionPermissionSet* permissions) const; | 391 const ExtensionPermissionSet* permissions) const; |
| 372 | 392 |
| 373 // Returns true if |permissions| has more host permissions compared to this | 393 // Returns true if |permissions| has more host permissions compared to this |
| 374 // set. | 394 // set. |
| 375 bool HasLessHostPrivilegesThan( | 395 bool HasLessHostPrivilegesThan( |
| 376 const ExtensionPermissionSet* permissions) const; | 396 const ExtensionPermissionSet* permissions) const; |
| 377 | 397 |
| 378 // The api list is used when deciding if an extension can access certain | 398 // The api list is used when deciding if an extension can access certain |
| 379 // extension APIs and features. | 399 // extension APIs and features. |
| 380 ExtensionAPIPermissionSet apis_; | 400 ExtensionAPIPermissionSet apis_; |
| 381 | 401 |
| 382 // The list of hosts that can be accessed directly from the extension. | 402 // The list of hosts that can be accessed directly from the extension. |
| 403 // TODO(jstritar): Rename to "hosts_"? |
| 383 URLPatternSet explicit_hosts_; | 404 URLPatternSet explicit_hosts_; |
| 384 | 405 |
| 385 // The list of hosts that can be scripted by content scripts. | 406 // The list of hosts that can be scripted by content scripts. |
| 407 // TODO(jstritar): Rename to "user_script_hosts_"? |
| 386 URLPatternSet scriptable_hosts_; | 408 URLPatternSet scriptable_hosts_; |
| 387 | 409 |
| 388 // The list of hosts this effectively grants access to. | 410 // The list of hosts this effectively grants access to. |
| 389 URLPatternSet effective_hosts_; | 411 URLPatternSet effective_hosts_; |
| 390 }; | 412 }; |
| 391 | 413 |
| 392 #endif // CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ | 414 #endif // CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7432006:
Add an experimental permissions API for extensions. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src