| Index: chrome/browser/extensions/extension_service.cc
|
| diff --git a/chrome/browser/extensions/extension_service.cc b/chrome/browser/extensions/extension_service.cc
|
| index 755c7d6285113a0cdbd854fd6d744f961014bd3a..ec74802e6a1e4034735774a8658b8e78e18a1530 100644
|
| --- a/chrome/browser/extensions/extension_service.cc
|
| +++ b/chrome/browser/extensions/extension_service.cc
|
| @@ -551,6 +551,7 @@ ExtensionService::ExtensionService(Profile* profile,
|
| show_extensions_prompts_(true),
|
| ready_(false),
|
| toolbar_model_(ALLOW_THIS_IN_INITIALIZER_LIST(this)),
|
| + permissions_manager_(ALLOW_THIS_IN_INITIALIZER_LIST(this)),
|
| apps_promo_(profile->GetPrefs()),
|
| event_routers_initialized_(false) {
|
| CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
|
| @@ -983,7 +984,7 @@ void ExtensionService::GrantPermissions(const Extension* extension) {
|
| CHECK_EQ(Extension::INTERNAL, extension->location());
|
|
|
| extension_prefs_->AddGrantedPermissions(extension->id(),
|
| - extension->permission_set());
|
| + extension->GetActivePermissions());
|
| }
|
|
|
| void ExtensionService::GrantPermissionsAndEnableExtension(
|
| @@ -996,6 +997,13 @@ void ExtensionService::GrantPermissionsAndEnableExtension(
|
| EnableExtension(extension->id());
|
| }
|
|
|
| +void ExtensionService::UpdateActivePermissions(
|
| + const Extension* extension,
|
| + const ExtensionPermissionSet* permissions) {
|
| + extension_prefs()->SetActivePermissions(extension->id(), permissions);
|
| + extension->SetActivePermissions(permissions);
|
| +}
|
| +
|
| void ExtensionService::LoadExtension(const FilePath& extension_path) {
|
| BrowserThread::PostTask(BrowserThread::FILE, FROM_HERE,
|
| NewRunnableMethod(backend_.get(),
|
| @@ -1306,7 +1314,8 @@ void ExtensionService::NotifyExtensionLoaded(const Extension* extension) {
|
| if (host->profile()->GetOriginalProfile() ==
|
| profile_->GetOriginalProfile()) {
|
| host->Send(
|
| - new ExtensionMsg_Loaded(ExtensionMsg_Loaded_Params(extension)));
|
| + new ExtensionMsg_Loaded(ExtensionMsg_Loaded_Params(
|
| + extension, extension->GetActivePermissions())));
|
| }
|
| }
|
|
|
| @@ -1914,7 +1923,7 @@ void ExtensionService::AddExtension(const Extension* extension) {
|
|
|
| // Check if the extension's privileges have changed and disable the
|
| // extension if necessary.
|
| - DisableIfPrivilegeIncrease(extension);
|
| + InitializePermissions(extension);
|
|
|
| bool disabled = Extension::UserMayDisable(extension->location()) &&
|
| extension_prefs_->GetExtensionState(extension->id()) ==
|
| @@ -1935,7 +1944,36 @@ void ExtensionService::AddExtension(const Extension* extension) {
|
| NotifyExtensionLoaded(extension);
|
| }
|
|
|
| -void ExtensionService::DisableIfPrivilegeIncrease(const Extension* extension) {
|
| +void ExtensionService::InitializePermissions(const Extension* extension) {
|
| + // If the extension has used the optional permissions API, it will have a
|
| + // custom set of active permissions defined in the extension prefs. Here,
|
| + // we update the extension's active permissions based on the prefs.
|
| + scoped_ptr<ExtensionPermissionSet> active_permissions(
|
| + extension_prefs()->GetActivePermissions(extension->id()));
|
| +
|
| + if (active_permissions.get()) {
|
| + // We restrict the active permissions to be within the bounds defined in the
|
| + // extension's manifest.
|
| + // a) active permissions must be a subset of optional + default permissions
|
| + // b) active permissions must contains all default permissions
|
| + scoped_ptr<ExtensionPermissionSet> total_permissions(
|
| + ExtensionPermissionSet::CreateUnion(
|
| + extension->required_permission_set(),
|
| + extension->optional_permission_set()));
|
| +
|
| + // Make sure the active permissions contain no more than optional + default.
|
| + scoped_ptr<ExtensionPermissionSet> adjusted_active(
|
| + ExtensionPermissionSet::CreateIntersection(
|
| + total_permissions.get(), active_permissions.get()));
|
| +
|
| + // Make sure the active permissions contain the default permissions.
|
| + adjusted_active.reset(
|
| + ExtensionPermissionSet::CreateUnion(
|
| + extension->required_permission_set(), adjusted_active.get()));
|
| +
|
| + UpdateActivePermissions(extension, adjusted_active.release());
|
| + }
|
| +
|
| // We keep track of all permissions the user has granted each extension.
|
| // This allows extensions to gracefully support backwards compatibility
|
| // by including unknown permissions in their manifests. When the user
|
| @@ -1976,7 +2014,8 @@ void ExtensionService::DisableIfPrivilegeIncrease(const Extension* extension) {
|
| // upgraded and recognized additional privileges, or an extension upgrades
|
| // to a version that requires additional privileges.
|
| is_privilege_increase =
|
| - granted_permissions->HasLessPrivilegesThan(extension->permission_set());
|
| + granted_permissions->HasLessPrivilegesThan(
|
| + extension->GetActivePermissions());
|
| }
|
|
|
| if (is_extension_upgrade) {
|
| @@ -2328,7 +2367,8 @@ void ExtensionService::Observe(int type,
|
| // Loaded extensions.
|
| for (size_t i = 0; i < extensions_.size(); ++i) {
|
| process->Send(new ExtensionMsg_Loaded(
|
| - ExtensionMsg_Loaded_Params(extensions_[i])));
|
| + ExtensionMsg_Loaded_Params(
|
| + extensions_[i], extensions_[i]->GetActivePermissions())));
|
| }
|
| break;
|
| }
|
|
|
Chromium Code Reviews
Issue 7432006:
Add an experimental permissions API for extensions. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src