Chromium Code Reviews Chromium Code Reviews
Issue 8598022:
Restrict access to permissions based on extension types. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome/common/extensions/extension_permission_set.h |
| diff --git a/chrome/common/extensions/extension_permission_set.h b/chrome/common/extensions/extension_permission_set.h |
| index 9a2b5cdd7de7fe6268576ac7fb895e12a4cc1e57..c4528dc14ebbc0197dfc59f3f2e2531eaedd96de 100644 |
| --- a/chrome/common/extensions/extension_permission_set.h |
| +++ b/chrome/common/extensions/extension_permission_set.h |
| @@ -19,6 +19,7 @@ |
| #include "chrome/common/extensions/url_pattern_set.h" |
| class Extension; |
| +class ExtensionPermissionsInfo; |
| // When prompting the user to install or approve permissions, we display |
| // messages describing the effects of the permissions rather than listing the |
| @@ -130,20 +131,40 @@ class ExtensionAPIPermission { |
| enum Flag { |
| kFlagNone = 0, |
| - // Indicates if the permission can be accessed by hosted apps. |
| - kFlagHostedApp = 1 << 0, |
| - |
| // Indicates if the permission implies full access (native code). |
| - kFlagImpliesFullAccess = 1 << 1, |
| + kFlagImpliesFullAccess = 1 << 0, |
| // Indicates if the permission implies full URL access. |
| - kFlagImpliesFullURLAccess = 1 << 2, |
| + kFlagImpliesFullURLAccess = 1 << 1, |
| // Indicates that the permission is private to COMPONENT extensions. |
| - kFlagComponentOnly = 1 << 3, |
| + kFlagComponentOnly = 1 << 2, |
| // Indicates that the permission supports the optional permissions API. |
| - kFlagSupportsOptional = 1 << 4, |
| + kFlagSupportsOptional = 1 << 3, |
| + }; |
| + |
| + // Flags for specifying what extension types can use the permission. |
| + enum TypeRestriction { |
| + kTypeNone = 0, |
| + |
| + // Extension::TYPE_EXTENSION and Extension::TYPE_USER_SCRIPT |
| + kTypeExtension = 1 << 0, |
| + |
| + // Extension::TYPE_HOSTED_APP |
| + kTypeHostedApp = 1 << 1, |
| + |
| + // Extension::TYPE_PACKAGED_APP |
| + kTypePackagedApp = 1 << 2, |
| + |
| + // Extension::TYPE_PLATFORM_APP |
| + kTypePlatformApp = 1 << 3, |
| + |
| + // Supports all types. |
| + kTypeAll = (1 << 4) - 1, |
| + |
| + // Convenience flag for all types except hosted apps. |
| + kTypeDefault = kTypeAll - kTypeHostedApp, |
| }; |
| typedef std::set<ID> IDSet; |
| @@ -175,17 +196,32 @@ class ExtensionAPIPermission { |
| return (flags_ & kFlagImpliesFullURLAccess) != 0; |
| } |
| - // Returns true if this permission can be accessed by hosted apps. |
| - bool is_hosted_app() const { |
| - return (flags_ & kFlagHostedApp) != 0; |
| - } |
| - |
| // Returns true if this permission can only be acquired by COMPONENT |
| // extensions. |
| bool is_component_only() const { |
| return (flags_ & kFlagComponentOnly) != 0; |
| } |
| + // Returns true if regular extensions can specify this permission. |
| + bool supports_extensions() const { |
| + return (type_restrictions_ & kTypeExtension) != 0; |
| + } |
| + |
| + // Returns true if hosted apps can specify this permission. |
| + bool supports_hosted_apps() const { |
| + return (type_restrictions_ & kTypeHostedApp) != 0; |
| + } |
| + |
| + // Returns true if packaged apps can specify this permission. |
| + bool supports_packaged_apps() const { |
| + return (type_restrictions_ & kTypePackagedApp) != 0; |
| + } |
| + |
| + // Returns true if platform apps can specify this permission. |
| + bool supports_platform_apps() const { |
| + return (type_restrictions_ & kTypePlatformApp) != 0; |
| + } |
| + |
| // Returns true if this permission can be added and removed via the |
| // optional permissions extension API. |
| bool supports_optional() const { |
| @@ -196,16 +232,21 @@ class ExtensionAPIPermission { |
| // Instances should only be constructed from within ExtensionPermissionsInfo. |
| friend class ExtensionPermissionsInfo; |
| + // Registers all the permissions. |
|
Aaron Boodman
2011/11/22 09:40:32
I sorta feel like this should be:
// Register ALL
jstritar
2011/11/22 15:58:29
Haha, done. I also renamed the method to RegisterA
|
| + static void RegisterPermissions(ExtensionPermissionsInfo* info); |
| + |
| explicit ExtensionAPIPermission( |
| ID id, |
| const char* name, |
| int l10n_message_id, |
| ExtensionPermissionMessage::ID message_id, |
| - int flags); |
| + int flags, |
| + int type_restrictions); |
| ID id_; |
| const char* name_; |
| int flags_; |
| + int type_restrictions_; |
| int l10n_message_id_; |
| ExtensionPermissionMessage::ID message_id_; |
| }; |
| @@ -233,15 +274,12 @@ class ExtensionPermissionsInfo { |
| ExtensionAPIPermissionSet GetAllByName( |
| const std::set<std::string>& permission_names); |
| - // Gets the total number of API permissions available to hosted apps. |
| - size_t get_hosted_app_permission_count() { |
| - return hosted_app_permission_count_; |
| - } |
| - |
| // Gets the total number of API permissions. |
| size_t get_permission_count() { return permission_count_; } |
| private: |
| + friend class ExtensionAPIPermission; |
| + |
| ~ExtensionPermissionsInfo(); |
| ExtensionPermissionsInfo(); |
| @@ -254,7 +292,8 @@ class ExtensionPermissionsInfo { |
| const char* name, |
| int l10n_message_id, |
| ExtensionPermissionMessage::ID message_id, |
| - int flags); |
| + int flags, |
| + int type_restrictions); |
| // Maps permission ids to permissions. |
| typedef std::map<ExtensionAPIPermission::ID, ExtensionAPIPermission*> IDMap; |
