| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/api/permissions/permissions_api.h" | 5 #include "chrome/browser/extensions/api/permissions/permissions_api.h" |
| 6 | 6 |
| 7 #include "base/memory/scoped_ptr.h" | 7 #include "base/memory/scoped_ptr.h" |
| 8 #include "chrome/browser/chrome_notification_types.h" | 8 #include "chrome/browser/chrome_notification_types.h" |
| 9 #include "chrome/browser/extensions/api/permissions/permissions_api_helpers.h" | 9 #include "chrome/browser/extensions/api/permissions/permissions_api_helpers.h" |
| 10 #include "chrome/browser/extensions/extension_management.h" | 10 #include "chrome/browser/extensions/extension_management.h" |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 49 }; | 49 }; |
| 50 AutoConfirmForTest auto_confirm_for_tests = DO_NOT_SKIP; | 50 AutoConfirmForTest auto_confirm_for_tests = DO_NOT_SKIP; |
| 51 bool ignore_user_gesture_for_tests = false; | 51 bool ignore_user_gesture_for_tests = false; |
| 52 | 52 |
| 53 } // namespace | 53 } // namespace |
| 54 | 54 |
| 55 bool PermissionsContainsFunction::RunSync() { | 55 bool PermissionsContainsFunction::RunSync() { |
| 56 scoped_ptr<Contains::Params> params(Contains::Params::Create(*args_)); | 56 scoped_ptr<Contains::Params> params(Contains::Params::Create(*args_)); |
| 57 EXTENSION_FUNCTION_VALIDATE(params); | 57 EXTENSION_FUNCTION_VALIDATE(params); |
| 58 | 58 |
| 59 scoped_refptr<const PermissionSet> permissions = helpers::UnpackPermissionSet( | 59 scoped_ptr<const PermissionSet> permissions = helpers::UnpackPermissionSet( |
| 60 params->permissions, | 60 params->permissions, |
| 61 ExtensionPrefs::Get(GetProfile())->AllowFileAccess(extension_->id()), | 61 ExtensionPrefs::Get(GetProfile())->AllowFileAccess(extension_->id()), |
| 62 &error_); | 62 &error_); |
| 63 if (!permissions.get()) | 63 if (!permissions.get()) |
| 64 return false; | 64 return false; |
| 65 | 65 |
| 66 results_ = Contains::Results::Create( | 66 results_ = Contains::Results::Create( |
| 67 extension()->permissions_data()->active_permissions()->Contains( | 67 extension()->permissions_data()->active_permissions()->Contains( |
| 68 *permissions.get())); | 68 *permissions)); |
| 69 return true; | 69 return true; |
| 70 } | 70 } |
| 71 | 71 |
| 72 bool PermissionsGetAllFunction::RunSync() { | 72 bool PermissionsGetAllFunction::RunSync() { |
| 73 scoped_ptr<Permissions> permissions = helpers::PackPermissionSet( | 73 scoped_ptr<Permissions> permissions = helpers::PackPermissionSet( |
| 74 extension()->permissions_data()->active_permissions().get()); | 74 extension()->permissions_data()->active_permissions()); |
| 75 results_ = GetAll::Results::Create(*permissions); | 75 results_ = GetAll::Results::Create(*permissions); |
| 76 return true; | 76 return true; |
| 77 } | 77 } |
| 78 | 78 |
| 79 bool PermissionsRemoveFunction::RunSync() { | 79 bool PermissionsRemoveFunction::RunSync() { |
| 80 scoped_ptr<Remove::Params> params(Remove::Params::Create(*args_)); | 80 scoped_ptr<Remove::Params> params(Remove::Params::Create(*args_)); |
| 81 EXTENSION_FUNCTION_VALIDATE(params); | 81 EXTENSION_FUNCTION_VALIDATE(params); |
| 82 | 82 |
| 83 scoped_refptr<const PermissionSet> permissions = helpers::UnpackPermissionSet( | 83 scoped_ptr<const PermissionSet> permissions = helpers::UnpackPermissionSet( |
| 84 params->permissions, | 84 params->permissions, |
| 85 ExtensionPrefs::Get(GetProfile())->AllowFileAccess(extension_->id()), | 85 ExtensionPrefs::Get(GetProfile())->AllowFileAccess(extension_->id()), |
| 86 &error_); | 86 &error_); |
| 87 if (!permissions.get()) | 87 if (!permissions.get()) |
| 88 return false; | 88 return false; |
| 89 | 89 |
| 90 // Make sure they're only trying to remove permissions supported by this API. | 90 // Make sure they're only trying to remove permissions supported by this API. |
| 91 APIPermissionSet apis = permissions->apis(); | 91 APIPermissionSet apis = permissions->apis(); |
| 92 for (APIPermissionSet::const_iterator i = apis.begin(); | 92 for (APIPermissionSet::const_iterator i = apis.begin(); |
| 93 i != apis.end(); ++i) { | 93 i != apis.end(); ++i) { |
| 94 if (!i->info()->supports_optional()) { | 94 if (!i->info()->supports_optional()) { |
| 95 error_ = ErrorUtils::FormatErrorMessage( | 95 error_ = ErrorUtils::FormatErrorMessage( |
| 96 kNotWhitelistedError, i->name()); | 96 kNotWhitelistedError, i->name()); |
| 97 return false; | 97 return false; |
| 98 } | 98 } |
| 99 } | 99 } |
| 100 | 100 |
| 101 // Make sure we only remove optional permissions, and not required | 101 // Make sure we only remove optional permissions, and not required |
| 102 // permissions. Sadly, for some reason we support having a permission be both | 102 // permissions. Sadly, for some reason we support having a permission be both |
| 103 // optional and required (and should assume its required), so we need both of | 103 // optional and required (and should assume its required), so we need both of |
| 104 // these checks. | 104 // these checks. |
| 105 // TODO(devlin): *Why* do we support that? Should be a load error. | 105 // TODO(devlin): *Why* do we support that? Should be a load error. |
| 106 scoped_refptr<const PermissionSet> optional = | 106 const PermissionSet* optional = |
| 107 PermissionsParser::GetOptionalPermissions(extension()); | 107 PermissionsParser::GetOptionalPermissions(extension()); |
| 108 scoped_refptr<const PermissionSet> required = | 108 const PermissionSet* required = |
| 109 PermissionsParser::GetRequiredPermissions(extension()); | 109 PermissionsParser::GetRequiredPermissions(extension()); |
| 110 if (!optional->Contains(*permissions) || | 110 if (!optional->Contains(*permissions) || |
| 111 !scoped_refptr<const PermissionSet>( | 111 !scoped_ptr<const PermissionSet>( |
| 112 PermissionSet::CreateIntersection(*permissions, *required)) | 112 PermissionSet::CreateIntersection(*permissions, *required)) |
| 113 ->IsEmpty()) { | 113 ->IsEmpty()) { |
| 114 error_ = kCantRemoveRequiredPermissionsError; | 114 error_ = kCantRemoveRequiredPermissionsError; |
| 115 return false; | 115 return false; |
| 116 } | 116 } |
| 117 | 117 |
| 118 // Only try and remove those permissions that are active on the extension. | 118 // Only try and remove those permissions that are active on the extension. |
| 119 // For backwards compatability with behavior before this check was added, just | 119 // For backwards compatability with behavior before this check was added, just |
| 120 // silently remove any that aren't present. | 120 // silently remove any that aren't present. |
| 121 permissions = PermissionSet::CreateIntersection( | 121 permissions = PermissionSet::CreateIntersection( |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 185 i != apis.end(); ++i) { | 185 i != apis.end(); ++i) { |
| 186 if (!i->info()->supports_optional()) { | 186 if (!i->info()->supports_optional()) { |
| 187 error_ = ErrorUtils::FormatErrorMessage( | 187 error_ = ErrorUtils::FormatErrorMessage( |
| 188 kNotWhitelistedError, i->name()); | 188 kNotWhitelistedError, i->name()); |
| 189 return false; | 189 return false; |
| 190 } | 190 } |
| 191 } | 191 } |
| 192 | 192 |
| 193 // The requested permissions must be defined as optional in the manifest. | 193 // The requested permissions must be defined as optional in the manifest. |
| 194 if (!PermissionsParser::GetOptionalPermissions(extension()) | 194 if (!PermissionsParser::GetOptionalPermissions(extension()) |
| 195 ->Contains(*requested_permissions_.get())) { | 195 ->Contains(*requested_permissions_)) { |
| 196 error_ = kNotInOptionalPermissionsError; | 196 error_ = kNotInOptionalPermissionsError; |
| 197 return false; | 197 return false; |
| 198 } | 198 } |
| 199 | 199 |
| 200 // Automatically declines api permissions requests, which are blocked by | 200 // Automatically declines api permissions requests, which are blocked by |
| 201 // enterprise policy. | 201 // enterprise policy. |
| 202 if (!ExtensionManagementFactory::GetForBrowserContext(GetProfile()) | 202 if (!ExtensionManagementFactory::GetForBrowserContext(GetProfile()) |
| 203 ->IsPermissionSetAllowed(extension(), requested_permissions_)) { | 203 ->IsPermissionSetAllowed(extension(), *requested_permissions_)) { |
| 204 error_ = kBlockedByEnterprisePolicy; | 204 error_ = kBlockedByEnterprisePolicy; |
| 205 return false; | 205 return false; |
| 206 } | 206 } |
| 207 | 207 |
| 208 // We don't need to prompt the user if the requested permissions are a subset | 208 // We don't need to prompt the user if the requested permissions are a subset |
| 209 // of the granted permissions set. | 209 // of the granted permissions set. |
| 210 scoped_refptr<const PermissionSet> granted = | 210 scoped_ptr<const PermissionSet> granted = |
| 211 ExtensionPrefs::Get(GetProfile()) | 211 ExtensionPrefs::Get(GetProfile()) |
| 212 ->GetGrantedPermissions(extension()->id()); | 212 ->GetGrantedPermissions(extension()->id()); |
| 213 if (granted.get() && granted->Contains(*requested_permissions_.get())) { | 213 if (granted.get() && granted->Contains(*requested_permissions_)) { |
| 214 PermissionsUpdater perms_updater(GetProfile()); | 214 PermissionsUpdater perms_updater(GetProfile()); |
| 215 perms_updater.AddPermissions(extension(), requested_permissions_.get()); | 215 perms_updater.AddPermissions(extension(), requested_permissions_.get()); |
| 216 results_ = Request::Results::Create(true); | 216 results_ = Request::Results::Create(true); |
| 217 SendResponse(true); | 217 SendResponse(true); |
| 218 return true; | 218 return true; |
| 219 } | 219 } |
| 220 | 220 |
| 221 // Filter out the granted permissions so we only prompt for new ones. | 221 // Filter out the granted permissions so we only prompt for new ones. |
| 222 requested_permissions_ = | 222 requested_permissions_ = |
| 223 PermissionSet::CreateDifference(*requested_permissions_, *granted); | 223 PermissionSet::CreateDifference(*requested_permissions_, *granted); |
| 224 | 224 |
| 225 // Filter out the active permissions. | 225 // Filter out the active permissions. |
| 226 requested_permissions_ = PermissionSet::CreateDifference( | 226 requested_permissions_ = PermissionSet::CreateDifference( |
| 227 *requested_permissions_.get(), | 227 *requested_permissions_, |
| 228 *extension()->permissions_data()->active_permissions()); | 228 *extension()->permissions_data()->active_permissions()); |
| 229 | 229 |
| 230 AddRef(); // Balanced in InstallUIProceed() / InstallUIAbort(). | 230 AddRef(); // Balanced in InstallUIProceed() / InstallUIAbort(). |
| 231 | 231 |
| 232 // We don't need to show the prompt if there are no new warnings, or if | 232 // We don't need to show the prompt if there are no new warnings, or if |
| 233 // we're skipping the confirmation UI. All extension types but INTERNAL | 233 // we're skipping the confirmation UI. All extension types but INTERNAL |
| 234 // are allowed to silently increase their permission level. | 234 // are allowed to silently increase their permission level. |
| 235 const PermissionMessageProvider* message_provider = | 235 const PermissionMessageProvider* message_provider = |
| 236 PermissionMessageProvider::Get(); | 236 PermissionMessageProvider::Get(); |
| 237 bool has_no_warnings = | 237 bool has_no_warnings = |
| 238 message_provider->GetPermissionMessages( | 238 message_provider->GetPermissionMessages( |
| 239 message_provider->GetAllPermissionIDs( | 239 message_provider->GetAllPermissionIDs( |
| 240 requested_permissions_.get(), | 240 requested_permissions_.get(), |
| 241 extension()->GetType())).empty(); | 241 extension()->GetType())).empty(); |
| 242 if (auto_confirm_for_tests == PROCEED || has_no_warnings || | 242 if (auto_confirm_for_tests == PROCEED || has_no_warnings || |
| 243 extension_->location() == Manifest::COMPONENT) { | 243 extension_->location() == Manifest::COMPONENT) { |
| 244 InstallUIProceed(); | 244 InstallUIProceed(); |
| 245 } else if (auto_confirm_for_tests == ABORT) { | 245 } else if (auto_confirm_for_tests == ABORT) { |
| 246 // Pretend the user clicked cancel. | 246 // Pretend the user clicked cancel. |
| 247 InstallUIAbort(true); | 247 InstallUIAbort(true); |
| 248 } else { | 248 } else { |
| 249 CHECK_EQ(DO_NOT_SKIP, auto_confirm_for_tests); | 249 CHECK_EQ(DO_NOT_SKIP, auto_confirm_for_tests); |
| 250 install_ui_.reset(new ExtensionInstallPrompt(GetAssociatedWebContents())); | 250 install_ui_.reset(new ExtensionInstallPrompt(GetAssociatedWebContents())); |
| 251 install_ui_->ConfirmPermissions( | 251 install_ui_->ConfirmPermissions(this, extension(), |
| 252 this, extension(), requested_permissions_.get()); | 252 requested_permissions_->Clone()); |
| 253 } | 253 } |
| 254 | 254 |
| 255 return true; | 255 return true; |
| 256 } | 256 } |
| 257 | 257 |
| 258 } // namespace extensions | 258 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1349613003:
[Extensions] Un-refcount PermissionSet (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master