Chromium Code Reviews| Index: chrome/common/extensions/extension_permission_set.h |
| diff --git a/chrome/common/extensions/extension_permission_set.h b/chrome/common/extensions/extension_permission_set.h |
| index b56d12ed61416d94004d4c884b4cfdf9c43cdb3d..024f7c17f18d38f582bfd64e03c055cad5bfe446 100644 |
| --- a/chrome/common/extensions/extension_permission_set.h |
| +++ b/chrome/common/extensions/extension_permission_set.h |
| @@ -18,6 +18,8 @@ |
| #include "base/string16.h" |
| #include "chrome/common/extensions/url_pattern_set.h" |
| +// TODO(jstritar): Move each class to its own file in extensions/permissions. |
| + |
| class Extension; |
| class ExtensionPermissionsInfo; |
| @@ -150,6 +152,11 @@ class ExtensionAPIPermission { |
| // Indicates that extensions cannot specify the permission as optional. |
| kFlagCannotBeOptional = 1 << 3, |
| + |
| + // When set, the permission can only be acquired by extensions on the |
| + // permission's whitelist. Extensions must pass both tests when used in |
| + // conjunction with kFlagComponentOnly. |
| + kFlagEnforceWhitelist = 1 << 4, |
|
Aaron Boodman
2012/02/02 08:09:24
Using 'and' here doesn't seem very useful. Are the
jstritar
2012/02/02 17:51:10
Done and deprecated kFlagComponentOnly.
|
| }; |
| // Flags for specifying what extension types can use the permission. |
| @@ -212,6 +219,15 @@ class ExtensionAPIPermission { |
| return (flags_ & kFlagComponentOnly) != 0; |
| } |
| + // Returns true if |extension_id| is whitelisted. You should only use this |
| + // method if should_enforce_whitelist() is true. |
|
Aaron Boodman
2012/02/02 08:09:24
Why is the second sentence important to note?
jstritar
2012/02/02 17:51:10
Updated comment.
|
| + bool IsWhitelisted(const std::string& extension_id) const; |
| + |
| + // Returns true if access to this permission is restricted by a whitelist. |
| + bool should_enforce_whitelist() const { |
| + return (flags_ & kFlagEnforceWhitelist) != 0; |
| + } |
| + |
| // Returns true if regular extensions can specify this permission. |
| bool supports_extensions() const { |
| return (type_restrictions_ & kTypeExtension) != 0; |
| @@ -250,6 +266,11 @@ class ExtensionAPIPermission { |
| // Register ALL the permissions! |
| static void RegisterAllPermissions(ExtensionPermissionsInfo* info); |
| + // Register the permission whitelists. |
| + static void RegisterWhitelists(ExtensionPermissionsInfo* info); |
|
Aaron Boodman
2012/02/02 08:09:24
Not clear what this method does from just its name
jstritar
2012/02/02 17:51:10
Removed method.
|
| + |
| + typedef std::set<std::string> ExtensionWhitelist; |
| + |
| explicit ExtensionAPIPermission( |
| ID id, |
| const char* name, |
| @@ -258,12 +279,17 @@ class ExtensionAPIPermission { |
| int flags, |
| int type_restrictions); |
| + // Adds |extension_id| to the whitelist for this permission. |
| + // The kFlagEnforceWhitelist flag must be set to use this method. |
| + void AddToWhitelist(const std::string& extension_id); |
| + |
| ID id_; |
| const char* name_; |
| int flags_; |
| int type_restrictions_; |
| int l10n_message_id_; |
| ExtensionPermissionMessage::ID message_id_; |
| + ExtensionWhitelist whitelist_; |
| }; |
| typedef std::set<ExtensionAPIPermission::ID> ExtensionAPIPermissionSet; |
| @@ -310,6 +336,11 @@ class ExtensionPermissionsInfo { |
| int flags, |
| int type_restrictions); |
| + // Registers the whitelist for the given permission. |
| + void RegisterWhitelist(ExtensionAPIPermission::ID id, |
| + const char* whitelist[], |
| + int whitelist_length); |
| + |
| // Maps permission ids to permissions. |
| typedef std::map<ExtensionAPIPermission::ID, ExtensionAPIPermission*> IDMap; |
| @@ -435,7 +466,7 @@ class ExtensionPermissionSet |
| const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; } |
| private: |
| - FRIEND_TEST_ALL_PREFIXES(ExtensionPermissionSetTest, |
| + FRIEND_TEST_ALL_PREFIXES(ExtensionPermissionsTest, |
| HasLessHostPrivilegesThan); |
| friend class base::RefCountedThreadSafe<ExtensionPermissionSet>; |