Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(898)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/extensions/extension_service.cc

Issue 7432006: Add an experimental permissions API for extensions. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: missed a scoped_refptr Created 9 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/extensions/extension_service.h ('k') | chrome/browser/extensions/extension_service_unittest.cc » ('j') | chrome/common/extensions/extension.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/extensions/extension_service.cc
diff --git a/chrome/browser/extensions/extension_service.cc b/chrome/browser/extensions/extension_service.cc
index c2aab1e597124d40d3191c4fabceddf4ba50cf72..b058527063c51d12e04a1fe465fa354ea3ca5475 100644
--- a/chrome/browser/extensions/extension_service.cc
+++ b/chrome/browser/extensions/extension_service.cc
@@ -552,6 +552,7 @@ ExtensionService::ExtensionService(Profile* profile,
show_extensions_prompts_(true),
ready_(false),
toolbar_model_(ALLOW_THIS_IN_INITIALIZER_LIST(this)),
+ permissions_manager_(ALLOW_THIS_IN_INITIALIZER_LIST(this)),
apps_promo_(profile->GetPrefs()),
event_routers_initialized_(false) {
CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
@@ -974,11 +975,13 @@ void ExtensionService::DisableExtension(const std::string& extension_id) {
void ExtensionService::GrantPermissions(const Extension* extension) {
CHECK(extension);
- // We only maintain the granted permissions prefs for INTERNAL extensions.
- CHECK_EQ(Extension::INTERNAL, extension->location());
+ // We only maintain the granted permissions prefs for INTERNAL extensions
+ // because the other types don't prompt the user at install & upgrade time.
+ if (extension->location() != Extension::INTERNAL)
Mihai Parparita -not on Chrome 2011/07/23 22:54:53 Not seeing the Extension::CanSilentlyIncreasePermi
jstritar 2011/07/25 19:15:24 Woops. Done.
+ return;
extension_prefs_->AddGrantedPermissions(extension->id(),
- extension->permission_set());
+ extension->GetActivePermissions());
}
void ExtensionService::GrantPermissionsAndEnableExtension(
@@ -991,6 +994,13 @@ void ExtensionService::GrantPermissionsAndEnableExtension(
EnableExtension(extension->id());
}
+void ExtensionService::UpdateActivePermissions(
+ const Extension* extension,
+ const ExtensionPermissionSet* permissions) {
+ extension_prefs()->SetActivePermissions(extension->id(), permissions);
+ extension->SetActivePermissions(permissions);
+}
+
void ExtensionService::LoadExtension(const FilePath& extension_path) {
BrowserThread::PostTask(BrowserThread::FILE, FROM_HERE,
NewRunnableMethod(backend_.get(),
@@ -1334,7 +1344,8 @@ void ExtensionService::NotifyExtensionLoaded(const Extension* extension) {
if (host->profile()->GetOriginalProfile() ==
profile_->GetOriginalProfile()) {
host->Send(
- new ExtensionMsg_Loaded(ExtensionMsg_Loaded_Params(extension)));
+ new ExtensionMsg_Loaded(ExtensionMsg_Loaded_Params(
+ extension, extension->GetActivePermissions())));
}
}
@@ -1942,7 +1953,7 @@ void ExtensionService::AddExtension(const Extension* extension) {
// Check if the extension's privileges have changed and disable the
// extension if necessary.
- DisableIfPrivilegeIncrease(extension);
+ InitializePermissions(extension);
bool disabled = Extension::UserMayDisable(extension->location()) &&
extension_prefs_->GetExtensionState(extension->id()) ==
@@ -1963,7 +1974,36 @@ void ExtensionService::AddExtension(const Extension* extension) {
NotifyExtensionLoaded(extension);
}
-void ExtensionService::DisableIfPrivilegeIncrease(const Extension* extension) {
+void ExtensionService::InitializePermissions(const Extension* extension) {
+ // If the extension has used the optional permissions API, it will have a
+ // custom set of active permissions defined in the extension prefs. Here,
+ // we update the extension's active permissions based on the prefs.
+ scoped_ptr<ExtensionPermissionSet> active_permissions(
+ extension_prefs()->GetActivePermissions(extension->id()));
+
+ if (active_permissions.get()) {
+ // We restrict the active permissions to be within the bounds defined in the
+ // extension's manifest.
+ // a) active permissions must be a subset of optional + default permissions
+ // b) active permissions must contains all default permissions
+ scoped_ptr<ExtensionPermissionSet> total_permissions(
+ ExtensionPermissionSet::CreateUnion(
+ extension->required_permission_set(),
+ extension->optional_permission_set()));
+
+ // Make sure the active permissions contain no more than optional + default.
+ scoped_ptr<ExtensionPermissionSet> adjusted_active(
+ ExtensionPermissionSet::CreateIntersection(
+ total_permissions.get(), active_permissions.get()));
+
+ // Make sure the active permissions contain the default permissions.
+ adjusted_active.reset(
+ ExtensionPermissionSet::CreateUnion(
+ extension->required_permission_set(), adjusted_active.get()));
+
+ UpdateActivePermissions(extension, adjusted_active.release());
+ }
+
// We keep track of all permissions the user has granted each extension.
// This allows extensions to gracefully support backwards compatibility
// by including unknown permissions in their manifests. When the user
@@ -2004,7 +2044,8 @@ void ExtensionService::DisableIfPrivilegeIncrease(const Extension* extension) {
// upgraded and recognized additional privileges, or an extension upgrades
// to a version that requires additional privileges.
is_privilege_increase =
- granted_permissions->HasLessPrivilegesThan(extension->permission_set());
+ granted_permissions->HasLessPrivilegesThan(
+ extension->GetActivePermissions());
}
if (is_extension_upgrade) {
@@ -2356,7 +2397,8 @@ void ExtensionService::Observe(int type,
// Loaded extensions.
for (size_t i = 0; i < extensions_.size(); ++i) {
process->Send(new ExtensionMsg_Loaded(
- ExtensionMsg_Loaded_Params(extensions_[i])));
+ ExtensionMsg_Loaded_Params(
+ extensions_[i], extensions_[i]->GetActivePermissions())));
}
break;
}
« no previous file with comments | « chrome/browser/extensions/extension_service.h ('k') | chrome/browser/extensions/extension_service_unittest.cc » ('j') | chrome/common/extensions/extension.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698