| Index: chrome/common/extensions/extension_permission_set.h
|
| diff --git a/chrome/common/extensions/extension_permission_set.h b/chrome/common/extensions/extension_permission_set.h
|
| index 4b99c7f87429020311d22e868f831a2a600882c2..06dff0754896955af70864009785ccaba4206146 100644
|
| --- a/chrome/common/extensions/extension_permission_set.h
|
| +++ b/chrome/common/extensions/extension_permission_set.h
|
| @@ -19,6 +19,7 @@
|
| #include "chrome/common/extensions/url_pattern_set.h"
|
|
|
| class Extension;
|
| +class ExtensionPermissionsInfo;
|
|
|
| // When prompting the user to install or approve permissions, we display
|
| // messages describing the effects of the permissions rather than listing the
|
| @@ -132,23 +133,40 @@ class ExtensionAPIPermission {
|
| enum Flag {
|
| kFlagNone = 0,
|
|
|
| - // Indicates if the permission can be accessed by hosted apps.
|
| - kFlagHostedApp = 1 << 0,
|
| -
|
| // Indicates if the permission implies full access (native code).
|
| - kFlagImpliesFullAccess = 1 << 1,
|
| + kFlagImpliesFullAccess = 1 << 0,
|
|
|
| // Indicates if the permission implies full URL access.
|
| - kFlagImpliesFullURLAccess = 1 << 2,
|
| + kFlagImpliesFullURLAccess = 1 << 1,
|
|
|
| // Indicates that the permission is private to COMPONENT extensions.
|
| - kFlagComponentOnly = 1 << 3,
|
| + kFlagComponentOnly = 1 << 2,
|
|
|
| // Indicates that the permission supports the optional permissions API.
|
| - kFlagSupportsOptional = 1 << 4,
|
| + kFlagSupportsOptional = 1 << 3,
|
| + };
|
| +
|
| + // Flags for specifying what extension types can use the permission.
|
| + enum TypeRestriction {
|
| + kTypeNone = 0,
|
| +
|
| + // Extension::TYPE_EXTENSION and Extension::TYPE_USER_SCRIPT
|
| + kTypeExtension = 1 << 0,
|
| +
|
| + // Extension::TYPE_HOSTED_APP
|
| + kTypeHostedApp = 1 << 1,
|
| +
|
| + // Extension::TYPE_PACKAGED_APP
|
| + kTypePackagedApp = 1 << 2,
|
| +
|
| + // Extension::TYPE_PLATFORM_APP
|
| + kTypePlatformApp = 1 << 3,
|
|
|
| - // Indicates whether the permission is available only to platform apps.
|
| - kFlagPlatformAppOnly = 1 << 5,
|
| + // Supports all types.
|
| + kTypeAll = (1 << 4) - 1,
|
| +
|
| + // Convenience flag for all types except hosted apps.
|
| + kTypeDefault = kTypeAll - kTypeHostedApp,
|
| };
|
|
|
| typedef std::set<ID> IDSet;
|
| @@ -160,6 +178,8 @@ class ExtensionAPIPermission {
|
|
|
| int flags() const { return flags_; }
|
|
|
| + int type_restrictions() const { return type_restrictions_; }
|
| +
|
| ID id() const { return id_; }
|
|
|
| // Returns the message id associated with this permission.
|
| @@ -180,42 +200,62 @@ class ExtensionAPIPermission {
|
| return (flags_ & kFlagImpliesFullURLAccess) != 0;
|
| }
|
|
|
| - // Returns true if this permission can be accessed by hosted apps.
|
| - bool is_hosted_app() const {
|
| - return (flags_ & kFlagHostedApp) != 0;
|
| - }
|
| -
|
| // Returns true if this permission can only be acquired by COMPONENT
|
| // extensions.
|
| bool is_component_only() const {
|
| return (flags_ & kFlagComponentOnly) != 0;
|
| }
|
|
|
| + // Returns true if regular extensions can specify this permission.
|
| + bool supports_extensions() const {
|
| + return (type_restrictions_ & kTypeExtension) != 0;
|
| + }
|
| +
|
| + // Returns true if hosted apps can specify this permission.
|
| + bool supports_hosted_apps() const {
|
| + return (type_restrictions_ & kTypeHostedApp) != 0;
|
| + }
|
| +
|
| + // Returns true if packaged apps can specify this permission.
|
| + bool supports_packaged_apps() const {
|
| + return (type_restrictions_ & kTypePackagedApp) != 0;
|
| + }
|
| +
|
| + // Returns true if platform apps can specify this permission.
|
| + bool supports_platform_apps() const {
|
| + return (type_restrictions_ & kTypePlatformApp) != 0;
|
| + }
|
| +
|
| // Returns true if this permission can be added and removed via the
|
| // optional permissions extension API.
|
| bool supports_optional() const {
|
| return (flags_ & kFlagSupportsOptional) != 0;
|
| }
|
|
|
| - // Returns true if this permission can only be acquired by platform apps.
|
| - bool is_platform_app_only() const {
|
| - return (flags_ & kFlagPlatformAppOnly) != 0;
|
| + // Returns true if this permissions supports the specified |type|.
|
| + bool supports_type(TypeRestriction type) const {
|
| + return (type_restrictions_ & type) != 0;
|
| }
|
|
|
| private:
|
| // Instances should only be constructed from within ExtensionPermissionsInfo.
|
| friend class ExtensionPermissionsInfo;
|
|
|
| + // Register ALL the permissions!
|
| + static void RegisterAllPermissions(ExtensionPermissionsInfo* info);
|
| +
|
| explicit ExtensionAPIPermission(
|
| ID id,
|
| const char* name,
|
| int l10n_message_id,
|
| ExtensionPermissionMessage::ID message_id,
|
| - int flags);
|
| + int flags,
|
| + int type_restrictions);
|
|
|
| ID id_;
|
| const char* name_;
|
| int flags_;
|
| + int type_restrictions_;
|
| int l10n_message_id_;
|
| ExtensionPermissionMessage::ID message_id_;
|
| };
|
| @@ -243,15 +283,12 @@ class ExtensionPermissionsInfo {
|
| ExtensionAPIPermissionSet GetAllByName(
|
| const std::set<std::string>& permission_names);
|
|
|
| - // Gets the total number of API permissions available to hosted apps.
|
| - size_t get_hosted_app_permission_count() {
|
| - return hosted_app_permission_count_;
|
| - }
|
| -
|
| // Gets the total number of API permissions.
|
| size_t get_permission_count() { return permission_count_; }
|
|
|
| private:
|
| + friend class ExtensionAPIPermission;
|
| +
|
| ~ExtensionPermissionsInfo();
|
| ExtensionPermissionsInfo();
|
|
|
| @@ -264,7 +301,8 @@ class ExtensionPermissionsInfo {
|
| const char* name,
|
| int l10n_message_id,
|
| ExtensionPermissionMessage::ID message_id,
|
| - int flags);
|
| + int flags,
|
| + int type_restrictions);
|
|
|
| // Maps permission ids to permissions.
|
| typedef std::map<ExtensionAPIPermission::ID, ExtensionAPIPermission*> IDMap;
|
| @@ -372,10 +410,6 @@ class ExtensionPermissionSet
|
| // restricted to internal extensions.
|
| bool HasPrivatePermissions() const;
|
|
|
| - // Returns true if this permission set includes permissions that are
|
| - // restricted to platform apps.
|
| - bool HasPlatformAppPermissions() const;
|
| -
|
| // Returns true if |permissions| has a greater privilege level than this
|
| // permission set (e.g., this permission set has less permissions).
|
| bool HasLessPrivilegesThan(const ExtensionPermissionSet* permissions) const;
|
|
|
Chromium Code Reviews
Issue 8598022:
Restrict access to permissions based on extension types. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src