| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/extensions/permissions/chrome_permission_message_rules.h
" | 5 #include "chrome/common/extensions/permissions/chrome_permission_message_rules.h
" |
| 6 | 6 |
| 7 #include "base/stl_util.h" | 7 #include "base/stl_util.h" |
| 8 #include "base/strings/string_util.h" | 8 #include "base/strings/string_util.h" |
| 9 #include "base/strings/utf_string_conversions.h" | 9 #include "base/strings/utf_string_conversions.h" |
| 10 #include "chrome/grit/generated_resources.h" | 10 #include "chrome/grit/generated_resources.h" |
| (...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 171 } | 171 } |
| 172 | 172 |
| 173 int message_id_for_one_host_; | 173 int message_id_for_one_host_; |
| 174 int message_id_for_two_hosts_; | 174 int message_id_for_two_hosts_; |
| 175 int message_id_for_three_hosts_; | 175 int message_id_for_three_hosts_; |
| 176 int message_id_for_many_hosts_; | 176 int message_id_for_many_hosts_; |
| 177 | 177 |
| 178 DISALLOW_COPY_AND_ASSIGN(CommaSeparatedListFormatter); | 178 DISALLOW_COPY_AND_ASSIGN(CommaSeparatedListFormatter); |
| 179 }; | 179 }; |
| 180 | 180 |
| 181 class USBDevicesFormatter : public ChromePermissionMessageFormatter { |
| 182 public: |
| 183 USBDevicesFormatter() {} |
| 184 ~USBDevicesFormatter() override {} |
| 185 |
| 186 CoalescedPermissionMessage GetPermissionMessage( |
| 187 const PermissionIDSet& permissions) const override { |
| 188 DCHECK(permissions.size() > 0); |
| 189 return permissions.size() == 1 ? GetItemMessage(permissions) |
| 190 : GetMultiItemMessage(permissions); |
| 191 } |
| 192 |
| 193 private: |
| 194 CoalescedPermissionMessage GetItemMessage( |
| 195 const PermissionIDSet& permissions) const { |
| 196 DCHECK(permissions.size() == 1); |
| 197 const PermissionID& permission = *permissions.begin(); |
| 198 base::string16 msg; |
| 199 switch (permission.id()) { |
| 200 case APIPermission::kUsbDevice: |
| 201 msg = l10n_util::GetStringFUTF16( |
| 202 IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE, permission.parameter()); |
| 203 break; |
| 204 case APIPermission::kUsbDeviceUnknownProduct: |
| 205 msg = l10n_util::GetStringFUTF16( |
| 206 IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_UNKNOWN_PRODUCT, |
| 207 permission.parameter()); |
| 208 break; |
| 209 case APIPermission::kUsbDeviceUnknownVendor: |
| 210 msg = l10n_util::GetStringUTF16( |
| 211 IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_UNKNOWN_VENDOR); |
| 212 break; |
| 213 default: |
| 214 NOTREACHED(); |
| 215 } |
| 216 return CoalescedPermissionMessage(msg, permissions); |
| 217 } |
| 218 |
| 219 CoalescedPermissionMessage GetMultiItemMessage( |
| 220 const PermissionIDSet& permissions) const { |
| 221 DCHECK(permissions.size() > 1); |
| 222 // Put all the individual items into submessages. |
| 223 std::vector<base::string16> submessages; |
| 224 std::vector<base::string16> devices = |
| 225 permissions.GetAllPermissionsWithID(APIPermission::kUsbDevice) |
| 226 .GetAllPermissionParameters(); |
| 227 for (const base::string16& device : devices) { |
| 228 submessages.push_back(l10n_util::GetStringFUTF16( |
| 229 IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST_ITEM, device)); |
| 230 } |
| 231 std::vector<base::string16> vendors = |
| 232 permissions.GetAllPermissionsWithID( |
| 233 APIPermission::kUsbDeviceUnknownProduct) |
| 234 .GetAllPermissionParameters(); |
| 235 for (const base::string16& vendor : vendors) { |
| 236 submessages.push_back(l10n_util::GetStringFUTF16( |
| 237 IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST_ITEM_UNKNOWN_PRODUCT, |
| 238 vendor)); |
| 239 } |
| 240 if (permissions.ContainsID(APIPermission::kUsbDeviceUnknownVendor)) { |
| 241 submessages.push_back(l10n_util::GetStringUTF16( |
| 242 IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST_ITEM_UNKNOWN_VENDOR)); |
| 243 } |
| 244 |
| 245 return CoalescedPermissionMessage( |
| 246 l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST), |
| 247 permissions, submessages); |
| 248 } |
| 249 |
| 250 DISALLOW_COPY_AND_ASSIGN(USBDevicesFormatter); |
| 251 }; |
| 252 |
| 181 } // namespace | 253 } // namespace |
| 182 | 254 |
| 183 ChromePermissionMessageRule::ChromePermissionMessageRule( | 255 ChromePermissionMessageRule::ChromePermissionMessageRule( |
| 184 int message_id, | 256 int message_id, |
| 185 PermissionIDSetInitializer required, | 257 PermissionIDSetInitializer required, |
| 186 PermissionIDSetInitializer optional) | 258 PermissionIDSetInitializer optional) |
| 187 : required_permissions_(required), | 259 : required_permissions_(required), |
| 188 optional_permissions_(optional), | 260 optional_permissions_(optional), |
| 189 formatter_(new DefaultPermissionMessageFormatter(message_id)) { | 261 formatter_(new DefaultPermissionMessageFormatter(message_id)) { |
| 190 } | 262 } |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 251 // yet powerful enough to encapsulate all the messages we want to display. | 323 // yet powerful enough to encapsulate all the messages we want to display. |
| 252 // | 324 // |
| 253 // TODO(sashab): Once existing message sites are deprecated, reorder this list | 325 // TODO(sashab): Once existing message sites are deprecated, reorder this list |
| 254 // to better describe the rules generated, rather than the callsites they are | 326 // to better describe the rules generated, rather than the callsites they are |
| 255 // migrated from. | 327 // migrated from. |
| 256 ChromePermissionMessageRule rules_arr[] = { | 328 ChromePermissionMessageRule rules_arr[] = { |
| 257 // Full url access permission messages. | 329 // Full url access permission messages. |
| 258 {IDS_EXTENSION_PROMPT_WARNING_DEBUGGER, {APIPermission::kDebugger}, {}}, | 330 {IDS_EXTENSION_PROMPT_WARNING_DEBUGGER, {APIPermission::kDebugger}, {}}, |
| 259 {IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS, | 331 {IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS, |
| 260 {APIPermission::kPlugin}, | 332 {APIPermission::kPlugin}, |
| 261 {APIPermission::kFullAccess, | 333 {APIPermission::kFullAccess, APIPermission::kHostsAll, |
| 262 APIPermission::kHostsAll, | 334 APIPermission::kHostsAllReadOnly, APIPermission::kDeclarativeWebRequest, |
| 263 APIPermission::kHostsAllReadOnly, | 335 APIPermission::kTopSites, APIPermission::kTab}}, |
| 264 APIPermission::kDeclarativeWebRequest, | |
| 265 APIPermission::kTopSites, | |
| 266 APIPermission::kTab}}, | |
| 267 {IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS, | 336 {IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS, |
| 268 {APIPermission::kFullAccess}, | 337 {APIPermission::kFullAccess}, |
| 269 {APIPermission::kHostsAll, | 338 {APIPermission::kHostsAll, APIPermission::kHostsAllReadOnly, |
| 270 APIPermission::kHostsAllReadOnly, | 339 APIPermission::kDeclarativeWebRequest, APIPermission::kTopSites, |
| 271 APIPermission::kDeclarativeWebRequest, | |
| 272 APIPermission::kTopSites, | |
| 273 APIPermission::kTab}}, | 340 APIPermission::kTab}}, |
| 274 | 341 |
| 275 // Parameterized permission messages: | 342 // Parameterized permission messages: |
| 276 // Messages generated by the sockets permission. | 343 // Messages generated by the sockets permission. |
| 277 {new SpaceSeparatedListFormatter( | 344 {new SpaceSeparatedListFormatter( |
| 278 IDS_EXTENSION_PROMPT_WARNING_SOCKET_HOSTS_IN_DOMAIN, | 345 IDS_EXTENSION_PROMPT_WARNING_SOCKET_HOSTS_IN_DOMAIN, |
| 279 IDS_EXTENSION_PROMPT_WARNING_SOCKET_HOSTS_IN_DOMAINS), | 346 IDS_EXTENSION_PROMPT_WARNING_SOCKET_HOSTS_IN_DOMAINS), |
| 280 {APIPermission::kSocketDomainHosts}, | 347 {APIPermission::kSocketDomainHosts}, |
| 281 {}}, | 348 {}}, |
| 282 {new SpaceSeparatedListFormatter( | 349 {new SpaceSeparatedListFormatter( |
| (...skipping 11 matching lines...) Expand all Loading... |
| 294 {APIPermission::kHostReadOnly}, | 361 {APIPermission::kHostReadOnly}, |
| 295 {}}, | 362 {}}, |
| 296 {new CommaSeparatedListFormatter(IDS_EXTENSION_PROMPT_WARNING_1_HOST, | 363 {new CommaSeparatedListFormatter(IDS_EXTENSION_PROMPT_WARNING_1_HOST, |
| 297 IDS_EXTENSION_PROMPT_WARNING_2_HOSTS, | 364 IDS_EXTENSION_PROMPT_WARNING_2_HOSTS, |
| 298 IDS_EXTENSION_PROMPT_WARNING_3_HOSTS, | 365 IDS_EXTENSION_PROMPT_WARNING_3_HOSTS, |
| 299 IDS_EXTENSION_PROMPT_WARNING_HOSTS_LIST), | 366 IDS_EXTENSION_PROMPT_WARNING_HOSTS_LIST), |
| 300 {APIPermission::kHostReadWrite}, | 367 {APIPermission::kHostReadWrite}, |
| 301 {}}, | 368 {}}, |
| 302 | 369 |
| 303 // USB Device Permission rules: | 370 // USB Device Permission rules: |
| 304 // TODO(sashab, reillyg): Rework the permission message logic for USB | 371 {new USBDevicesFormatter, |
| 305 // devices to generate more meaningful messages and better fit the current | 372 {}, |
| 306 // rules system. Maybe model it similarly to host or socket permissions | 373 {APIPermission::kUsbDevice, APIPermission::kUsbDeviceUnknownProduct, |
| 307 // above. crbug.com/522842 | 374 APIPermission::kUsbDeviceUnknownVendor}}, |
| 308 {new SingleParameterFormatter(IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE), | |
| 309 {APIPermission::kUsbDevice}, | |
| 310 {}}, | |
| 311 {new SingleParameterFormatter( | |
| 312 IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_UNKNOWN_PRODUCT), | |
| 313 {APIPermission::kUsbDeviceUnknownProduct}, | |
| 314 {}}, | |
| 315 {IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_UNKNOWN_VENDOR, | |
| 316 {APIPermission::kUsbDeviceUnknownVendor}, | |
| 317 {}}, | |
| 318 {new SimpleListFormatter(IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST), | |
| 319 {APIPermission::kUsbDeviceList}, | |
| 320 {}}, | |
| 321 | 375 |
| 322 // Coalesced message rules taken from | 376 // Coalesced message rules taken from |
| 323 // ChromePermissionMessageProvider::GetWarningMessages(): | 377 // ChromePermissionMessageProvider::GetWarningMessages(): |
| 324 | 378 |
| 325 // Access to users' devices should provide a single warning message | 379 // Access to users' devices should provide a single warning message |
| 326 // specifying the transport method used; serial and/or Bluetooth. | 380 // specifying the transport method used; serial and/or Bluetooth. |
| 327 {IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH_SERIAL, | 381 {IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH_SERIAL, |
| 328 {APIPermission::kBluetooth, APIPermission::kSerial}, | 382 {APIPermission::kBluetooth, APIPermission::kSerial}, |
| 329 {APIPermission::kBluetoothDevices}}, | 383 {APIPermission::kBluetoothDevices}}, |
| 330 | 384 |
| (...skipping 16 matching lines...) Expand all Loading... |
| 347 {IDS_EXTENSION_PROMPT_WARNING_MEDIA_GALLERIES_READ_DELETE, | 401 {IDS_EXTENSION_PROMPT_WARNING_MEDIA_GALLERIES_READ_DELETE, |
| 348 {APIPermission::kMediaGalleriesAllGalleriesDelete, | 402 {APIPermission::kMediaGalleriesAllGalleriesDelete, |
| 349 APIPermission::kMediaGalleriesAllGalleriesRead}, | 403 APIPermission::kMediaGalleriesAllGalleriesRead}, |
| 350 {}}, | 404 {}}, |
| 351 {IDS_EXTENSION_PROMPT_WARNING_MEDIA_GALLERIES_READ, | 405 {IDS_EXTENSION_PROMPT_WARNING_MEDIA_GALLERIES_READ, |
| 352 {APIPermission::kMediaGalleriesAllGalleriesRead}, | 406 {APIPermission::kMediaGalleriesAllGalleriesRead}, |
| 353 {}}, | 407 {}}, |
| 354 | 408 |
| 355 {IDS_EXTENSION_PROMPT_WARNING_HISTORY_WRITE_AND_SESSIONS, | 409 {IDS_EXTENSION_PROMPT_WARNING_HISTORY_WRITE_AND_SESSIONS, |
| 356 {APIPermission::kSessions, APIPermission::kHistory}, | 410 {APIPermission::kSessions, APIPermission::kHistory}, |
| 357 {APIPermission::kFavicon, | 411 {APIPermission::kFavicon, APIPermission::kProcesses, APIPermission::kTab, |
| 358 APIPermission::kProcesses, | 412 APIPermission::kTopSites, APIPermission::kWebNavigation}}, |
| 359 APIPermission::kTab, | |
| 360 APIPermission::kTopSites, | |
| 361 APIPermission::kWebNavigation}}, | |
| 362 {IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ_AND_SESSIONS, | 413 {IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ_AND_SESSIONS, |
| 363 {APIPermission::kSessions, APIPermission::kTab}, | 414 {APIPermission::kSessions, APIPermission::kTab}, |
| 364 {APIPermission::kFavicon, | 415 {APIPermission::kFavicon, APIPermission::kProcesses, |
| 365 APIPermission::kProcesses, | 416 APIPermission::kTopSites, APIPermission::kWebNavigation}}, |
| 366 APIPermission::kTopSites, | |
| 367 APIPermission::kWebNavigation}}, | |
| 368 | 417 |
| 369 // Suppression list taken from | 418 // Suppression list taken from |
| 370 // ChromePermissionMessageProvider::GetPermissionMessages(): | 419 // ChromePermissionMessageProvider::GetPermissionMessages(): |
| 371 // Some warnings are more generic and/or powerful and supercede other | 420 // Some warnings are more generic and/or powerful and supercede other |
| 372 // warnings. In that case, the first message suppresses the second one. | 421 // warnings. In that case, the first message suppresses the second one. |
| 373 {IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH, | 422 {IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH, |
| 374 {APIPermission::kBluetooth}, | 423 {APIPermission::kBluetooth}, |
| 375 {APIPermission::kBluetoothDevices}}, | 424 {APIPermission::kBluetoothDevices}}, |
| 376 {IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS, | 425 {IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS, |
| 377 {APIPermission::kBookmark}, | 426 {APIPermission::kBookmark}, |
| 378 {APIPermission::kOverrideBookmarksUI}}, | 427 {APIPermission::kOverrideBookmarksUI}}, |
| 379 // History already allows reading favicons, tab access and accessing the | 428 // History already allows reading favicons, tab access and accessing the |
| 380 // list of most frequently visited sites. | 429 // list of most frequently visited sites. |
| 381 {IDS_EXTENSION_PROMPT_WARNING_HISTORY_WRITE, | 430 {IDS_EXTENSION_PROMPT_WARNING_HISTORY_WRITE, |
| 382 {APIPermission::kHistory}, | 431 {APIPermission::kHistory}, |
| 383 {APIPermission::kFavicon, | 432 {APIPermission::kFavicon, APIPermission::kProcesses, APIPermission::kTab, |
| 384 APIPermission::kProcesses, | 433 APIPermission::kTopSites, APIPermission::kWebNavigation}}, |
| 385 APIPermission::kTab, | |
| 386 APIPermission::kTopSites, | |
| 387 APIPermission::kWebNavigation}}, | |
| 388 // A special hack: If kFileSystemWriteDirectory would be displayed, hide | 434 // A special hack: If kFileSystemWriteDirectory would be displayed, hide |
| 389 // kFileSystemDirectory as the write directory message implies it. | 435 // kFileSystemDirectory as the write directory message implies it. |
| 390 // TODO(sashab): Remove kFileSystemWriteDirectory; it's no longer needed | 436 // TODO(sashab): Remove kFileSystemWriteDirectory; it's no longer needed |
| 391 // since this rules system can represent the rule. See crbug.com/284849. | 437 // since this rules system can represent the rule. See crbug.com/284849. |
| 392 {IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY, | 438 {IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY, |
| 393 {APIPermission::kFileSystemWrite, APIPermission::kFileSystemDirectory}, | 439 {APIPermission::kFileSystemWrite, APIPermission::kFileSystemDirectory}, |
| 394 {APIPermission::kFileSystemWriteDirectory}}, | 440 {APIPermission::kFileSystemWriteDirectory}}, |
| 395 // Full access already allows DeclarativeWebRequest, reading the list of | 441 // Full access already allows DeclarativeWebRequest, reading the list of |
| 396 // most frequently visited sites, and tab access. | 442 // most frequently visited sites, and tab access. |
| 397 // The warning message for declarativeWebRequest | 443 // The warning message for declarativeWebRequest |
| 398 // permissions speaks about blocking parts of pages, which is a | 444 // permissions speaks about blocking parts of pages, which is a |
| 399 // subset of what the "<all_urls>" access allows. Therefore we | 445 // subset of what the "<all_urls>" access allows. Therefore we |
| 400 // display only the "<all_urls>" warning message if both permissions | 446 // display only the "<all_urls>" warning message if both permissions |
| 401 // are required. | 447 // are required. |
| 402 {IDS_EXTENSION_PROMPT_WARNING_ALL_HOSTS, | 448 {IDS_EXTENSION_PROMPT_WARNING_ALL_HOSTS, |
| 403 {APIPermission::kHostsAll}, | 449 {APIPermission::kHostsAll}, |
| 404 {APIPermission::kDeclarativeWebRequest, | 450 {APIPermission::kDeclarativeWebRequest, APIPermission::kTopSites, |
| 405 APIPermission::kTopSites, | 451 APIPermission::kTab, APIPermission::kFavicon, APIPermission::kTopSites, |
| 406 APIPermission::kTab, | |
| 407 APIPermission::kFavicon, | |
| 408 APIPermission::kTopSites, | |
| 409 APIPermission::kHostsAllReadOnly}}, | 452 APIPermission::kHostsAllReadOnly}}, |
| 410 // AutomationManifestPermission: | 453 // AutomationManifestPermission: |
| 411 {IDS_EXTENSION_PROMPT_WARNING_ALL_HOSTS_READ_ONLY, | 454 {IDS_EXTENSION_PROMPT_WARNING_ALL_HOSTS_READ_ONLY, |
| 412 {APIPermission::kHostsAllReadOnly}, | 455 {APIPermission::kHostsAllReadOnly}, |
| 413 {}}, // TODO(treib): This should probably include kTab? | 456 {}}, // TODO(treib): This should probably include kTab? |
| 414 // Tabs already allows reading favicons and reading the list of most | 457 // Tabs already allows reading favicons and reading the list of most |
| 415 // frequently visited sites. | 458 // frequently visited sites. |
| 416 {IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ, | 459 {IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ, |
| 417 {APIPermission::kTab}, | 460 {APIPermission::kTab}, |
| 418 {APIPermission::kFavicon, | 461 {APIPermission::kFavicon, APIPermission::kProcesses, |
| 419 APIPermission::kProcesses, | 462 APIPermission::kTopSites, APIPermission::kWebNavigation}}, |
| 420 APIPermission::kTopSites, | |
| 421 APIPermission::kWebNavigation}}, | |
| 422 | 463 |
| 423 // Individual message rules taken from | 464 // Individual message rules taken from |
| 424 // ChromeAPIPermissions::GetAllPermissions(): | 465 // ChromeAPIPermissions::GetAllPermissions(): |
| 425 // Permission messages for all extension types: | 466 // Permission messages for all extension types: |
| 426 | 467 |
| 427 {IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD, | 468 {IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD, |
| 428 {APIPermission::kClipboardRead}, | 469 {APIPermission::kClipboardRead}, |
| 429 {}}, | 470 {}}, |
| 430 {IDS_EXTENSION_PROMPT_WARNING_DESKTOP_CAPTURE, | 471 {IDS_EXTENSION_PROMPT_WARNING_DESKTOP_CAPTURE, |
| 431 {APIPermission::kDesktopCapture}, | 472 {APIPermission::kDesktopCapture}, |
| (...skipping 248 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 680 insert(permission_four); | 721 insert(permission_four); |
| 681 insert(permission_five); | 722 insert(permission_five); |
| 682 insert(permission_six); | 723 insert(permission_six); |
| 683 } | 724 } |
| 684 | 725 |
| 685 ChromePermissionMessageRule::PermissionIDSetInitializer:: | 726 ChromePermissionMessageRule::PermissionIDSetInitializer:: |
| 686 ~PermissionIDSetInitializer() { | 727 ~PermissionIDSetInitializer() { |
| 687 } | 728 } |
| 688 | 729 |
| 689 } // namespace extensions | 730 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1300353002:
Make USB permissions work in the new permission message system (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@kill_permissionmessage