Allow interfaceClass USB device permissions

extensions/browser/api/usb/usb_api.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/browser/api/usb/usb_api.h"
 
 #include <algorithm>
 #include <memory>
 #include <numeric>
+#include <set>
 #include <string>
 #include <utility>
 #include <vector>
 
 #include "base/barrier_closure.h"
 #include "base/memory/ptr_util.h"
 #include "device/base/device_client.h"
 #include "device/usb/usb_descriptors.h"
 #include "device/usb/usb_device_handle.h"
 #include "device/usb/usb_service.h"
@@ skipping 382 matching lines @@
 
   DevicePermissions* device_permissions =
       device_permissions_manager_->GetForExtension(extension_id());
   DCHECK(device_permissions);
 
   permission_entry_ = device_permissions->FindUsbDeviceEntry(device);
   if (permission_entry_.get()) {
     return true;
   }
 
-  UsbDevicePermission::CheckParam param(
-      device->vendor_id(),
-      device->product_id(),
-      UsbDevicePermissionData::UNSPECIFIED_INTERFACE);
+  std::unique_ptr<UsbDevicePermission::CheckParam> param =
+      UsbDevicePermission::CheckParam::ForUsbDevice(extension(), device.get());
   if (extension()->permissions_data()->CheckAPIPermissionWithParam(
-          APIPermission::kUsbDevice, &param)) {
+          APIPermission::kUsbDevice, param.get())) {
     return true;
   }
 
   return false;
 }
 
 void UsbPermissionCheckingFunction::RecordDeviceLastUsed() {
   if (permission_entry_.get()) {
     device_permissions_manager_->UpdateLastUsed(extension_id(),
                                                 permission_entry_);
@@ skipping 69 matching lines @@
 
 ExtensionFunction::ResponseAction UsbFindDevicesFunction::Run() {
   std::unique_ptr<extensions::api::usb::FindDevices::Params> parameters =
       FindDevices::Params::Create(*args_);
   EXTENSION_FUNCTION_VALIDATE(parameters.get());
 
   vendor_id_ = parameters->options.vendor_id;
   product_id_ = parameters->options.product_id;
   int interface_id = parameters->options.interface_id.get()
                          ? *parameters->options.interface_id
-                         : UsbDevicePermissionData::ANY_INTERFACE;
-  UsbDevicePermission::CheckParam param(vendor_id_, product_id_, interface_id);
+                         : UsbDevicePermissionData::SPECIAL_VALUE_ANY;
+  // Bail out early if there is no chance that the app has manifest permission
+  // for the USB device described by vendor ID, product ID, and interface ID.
+  // Note that this will match any permission filter that has only interface
+  // class specified - in order to match interface class information about
+  // device interfaces is needed, which is not known at this point; the
+  // permission will have to be checked again when the USB device info is
+  // fetched.
+  std::unique_ptr<UsbDevicePermission::CheckParam> param =
+      UsbDevicePermission::CheckParam::ForDeviceWithAnyInterfaceClass(
+          extension(), vendor_id_, product_id_, interface_id);
   if (!extension()->permissions_data()->CheckAPIPermissionWithParam(
-          APIPermission::kUsbDevice, &param)) {
+          APIPermission::kUsbDevice, param.get())) {
     return RespondNow(Error(kErrorPermissionDenied));
   }
 
   UsbService* service = device::DeviceClient::Get()->GetUsbService();
   if (!service) {
     return RespondNow(Error(kErrorInitService));
   }
 
   service->GetDevices(
       base::Bind(&UsbFindDevicesFunction::OnGetDevicesComplete, this));
   return RespondLater();
 }
 
 void UsbFindDevicesFunction::OnGetDevicesComplete(
     const std::vector<scoped_refptr<UsbDevice>>& devices) {
   result_.reset(new base::ListValue());
   barrier_ = base::BarrierClosure(
       devices.size(), base::Bind(&UsbFindDevicesFunction::OpenComplete, this));
 
   for (const scoped_refptr<UsbDevice>& device : devices) {
+    // Skip the device whose vendor and product ID do not match the target one.
     if (device->vendor_id() != vendor_id_ ||
         device->product_id() != product_id_) {
       barrier_.Run();
+      continue;
+    }
+
+    // Verify that the app has permission for the device again, this time taking
+    // device's interface classes into account - in case there is a USB device
+    // permission specifying only interfaceClass, permissions check in |Run|
+    // might have passed even though the app did not have permission for
+    // specified vendor and product ID (as actual permissions check had to be
+    // deferred until device's interface classes are known).
+    std::unique_ptr<UsbDevicePermission::CheckParam> param =
+        UsbDevicePermission::CheckParam::ForUsbDevice(extension(),
+                                                      device.get());
+    if (!extension()->permissions_data()->CheckAPIPermissionWithParam(
+            APIPermission::kUsbDevice, param.get())) {
+      barrier_.Run();
     } else {
       device->Open(base::Bind(&UsbFindDevicesFunction::OnDeviceOpened, this));
     }
   }
 }
 
 void UsbFindDevicesFunction::OnDeviceOpened(
     scoped_refptr<UsbDeviceHandle> device_handle) {
   if (device_handle.get()) {
     ApiResourceManager<UsbDeviceResource>* manager =
@@ skipping 727 matching lines @@
 
     std::unique_ptr<base::ListValue> error_args(new base::ListValue());
     error_args->AppendBoolean(false);
     // Using ErrorWithArguments is discouraged but required to maintain
     // compatibility with existing applications.
     Respond(ErrorWithArguments(std::move(error_args), kErrorResetDevice));
   }
 }
 
 }  // namespace extensions