| Index: chrome/common/extensions/extension_permission_set.h
|
| diff --git a/chrome/common/extensions/extension_permission_set.h b/chrome/common/extensions/extension_permission_set.h
|
| index b56d12ed61416d94004d4c884b4cfdf9c43cdb3d..024f7c17f18d38f582bfd64e03c055cad5bfe446 100644
|
| --- a/chrome/common/extensions/extension_permission_set.h
|
| +++ b/chrome/common/extensions/extension_permission_set.h
|
| @@ -18,6 +18,8 @@
|
| #include "base/string16.h"
|
| #include "chrome/common/extensions/url_pattern_set.h"
|
|
|
| +// TODO(jstritar): Move each class to its own file in extensions/permissions.
|
| +
|
| class Extension;
|
| class ExtensionPermissionsInfo;
|
|
|
| @@ -150,6 +152,11 @@ class ExtensionAPIPermission {
|
|
|
| // Indicates that extensions cannot specify the permission as optional.
|
| kFlagCannotBeOptional = 1 << 3,
|
| +
|
| + // When set, the permission can only be acquired by extensions on the
|
| + // permission's whitelist. Extensions must pass both tests when used in
|
| + // conjunction with kFlagComponentOnly.
|
| + kFlagEnforceWhitelist = 1 << 4,
|
| };
|
|
|
| // Flags for specifying what extension types can use the permission.
|
| @@ -212,6 +219,15 @@ class ExtensionAPIPermission {
|
| return (flags_ & kFlagComponentOnly) != 0;
|
| }
|
|
|
| + // Returns true if |extension_id| is whitelisted. You should only use this
|
| + // method if should_enforce_whitelist() is true.
|
| + bool IsWhitelisted(const std::string& extension_id) const;
|
| +
|
| + // Returns true if access to this permission is restricted by a whitelist.
|
| + bool should_enforce_whitelist() const {
|
| + return (flags_ & kFlagEnforceWhitelist) != 0;
|
| + }
|
| +
|
| // Returns true if regular extensions can specify this permission.
|
| bool supports_extensions() const {
|
| return (type_restrictions_ & kTypeExtension) != 0;
|
| @@ -250,6 +266,11 @@ class ExtensionAPIPermission {
|
| // Register ALL the permissions!
|
| static void RegisterAllPermissions(ExtensionPermissionsInfo* info);
|
|
|
| + // Register the permission whitelists.
|
| + static void RegisterWhitelists(ExtensionPermissionsInfo* info);
|
| +
|
| + typedef std::set<std::string> ExtensionWhitelist;
|
| +
|
| explicit ExtensionAPIPermission(
|
| ID id,
|
| const char* name,
|
| @@ -258,12 +279,17 @@ class ExtensionAPIPermission {
|
| int flags,
|
| int type_restrictions);
|
|
|
| + // Adds |extension_id| to the whitelist for this permission.
|
| + // The kFlagEnforceWhitelist flag must be set to use this method.
|
| + void AddToWhitelist(const std::string& extension_id);
|
| +
|
| ID id_;
|
| const char* name_;
|
| int flags_;
|
| int type_restrictions_;
|
| int l10n_message_id_;
|
| ExtensionPermissionMessage::ID message_id_;
|
| + ExtensionWhitelist whitelist_;
|
| };
|
|
|
| typedef std::set<ExtensionAPIPermission::ID> ExtensionAPIPermissionSet;
|
| @@ -310,6 +336,11 @@ class ExtensionPermissionsInfo {
|
| int flags,
|
| int type_restrictions);
|
|
|
| + // Registers the whitelist for the given permission.
|
| + void RegisterWhitelist(ExtensionAPIPermission::ID id,
|
| + const char* whitelist[],
|
| + int whitelist_length);
|
| +
|
| // Maps permission ids to permissions.
|
| typedef std::map<ExtensionAPIPermission::ID, ExtensionAPIPermission*> IDMap;
|
|
|
| @@ -435,7 +466,7 @@ class ExtensionPermissionSet
|
| const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; }
|
|
|
| private:
|
| - FRIEND_TEST_ALL_PREFIXES(ExtensionPermissionSetTest,
|
| + FRIEND_TEST_ALL_PREFIXES(ExtensionPermissionsTest,
|
| HasLessHostPrivilegesThan);
|
|
|
| friend class base::RefCountedThreadSafe<ExtensionPermissionSet>;
|
|
|