| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSION_SET_H_ | 5 #ifndef CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSION_SET_H_ |
| 6 #define CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSION_SET_H_ | 6 #define CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSION_SET_H_ |
| 7 | 7 |
| 8 #include <map> | 8 #include <map> |
| 9 #include <set> | 9 #include <set> |
| 10 #include <string> | 10 #include <string> |
| 11 #include <vector> | 11 #include <vector> |
| 12 | 12 |
| 13 #include "base/gtest_prod_util.h" | 13 #include "base/gtest_prod_util.h" |
| 14 #include "base/memory/ref_counted.h" | 14 #include "base/memory/ref_counted.h" |
| 15 #include "base/memory/singleton.h" | 15 #include "base/memory/singleton.h" |
| 16 #include "base/strings/string16.h" | 16 #include "base/strings/string16.h" |
| 17 #include "extensions/common/manifest.h" | 17 #include "extensions/common/manifest.h" |
| 18 #include "extensions/common/permissions/api_permission.h" | 18 #include "extensions/common/permissions/api_permission.h" |
| 19 #include "extensions/common/permissions/api_permission_set.h" | 19 #include "extensions/common/permissions/api_permission_set.h" |
| 20 #include "extensions/common/permissions/permission_message.h" | |
| 21 #include "extensions/common/url_pattern_set.h" | 20 #include "extensions/common/url_pattern_set.h" |
| 22 | 21 |
| 23 namespace extensions { | 22 namespace extensions { |
| 24 class Extension; | 23 class Extension; |
| 25 | 24 |
| 26 // The PermissionSet is an immutable class that encapsulates an | 25 // The PermissionSet is an immutable class that encapsulates an |
| 27 // extension's permissions. The class exposes set operations for combining and | 26 // extension's permissions. The class exposes set operations for combining and |
| 28 // manipulating the permissions. | 27 // manipulating the permissions. |
| 29 class PermissionSet | 28 class PermissionSet |
| 30 : public base::RefCountedThreadSafe<PermissionSet> { | 29 : public base::RefCountedThreadSafe<PermissionSet> { |
| (...skipping 27 matching lines...) Expand all Loading... |
| 58 bool operator==(const PermissionSet& rhs) const; | 57 bool operator==(const PermissionSet& rhs) const; |
| 59 | 58 |
| 60 // Returns true if every API or host permission available to |set| is also | 59 // Returns true if every API or host permission available to |set| is also |
| 61 // available to this. In other words, if the API permissions of |set| are a | 60 // available to this. In other words, if the API permissions of |set| are a |
| 62 // subset of this, and the host permissions in this encompass those in |set|. | 61 // subset of this, and the host permissions in this encompass those in |set|. |
| 63 bool Contains(const PermissionSet& set) const; | 62 bool Contains(const PermissionSet& set) const; |
| 64 | 63 |
| 65 // Gets the API permissions in this set as a set of strings. | 64 // Gets the API permissions in this set as a set of strings. |
| 66 std::set<std::string> GetAPIsAsStrings() const; | 65 std::set<std::string> GetAPIsAsStrings() const; |
| 67 | 66 |
| 68 // Gets the localized permission messages that represent this set. | |
| 69 // The set of permission messages shown varies by extension type. | |
| 70 PermissionMessages GetPermissionMessages(Manifest::Type extension_type) const; | |
| 71 | |
| 72 // Gets the localized permission messages that represent this set (represented | |
| 73 // as strings). The set of permission messages shown varies by extension type. | |
| 74 std::vector<string16> GetWarningMessages(Manifest::Type extension_type) const; | |
| 75 | |
| 76 // Gets the localized permission details for messages that represent this set | |
| 77 // (represented as strings). The set of permission messages shown varies by | |
| 78 // extension type. | |
| 79 std::vector<string16> GetWarningMessagesDetails( | |
| 80 Manifest::Type extension_type) const; | |
| 81 | |
| 82 // Returns true if this is an empty set (e.g., the default permission set). | 67 // Returns true if this is an empty set (e.g., the default permission set). |
| 83 bool IsEmpty() const; | 68 bool IsEmpty() const; |
| 84 | 69 |
| 85 // Returns true if the set has the specified API permission. | 70 // Returns true if the set has the specified API permission. |
| 86 bool HasAPIPermission(APIPermission::ID permission) const; | 71 bool HasAPIPermission(APIPermission::ID permission) const; |
| 87 | 72 |
| 88 // Returns true if the |extension| explicitly requests access to the given | 73 // Returns true if the |extension| explicitly requests access to the given |
| 89 // |permission_name|. Note this does not include APIs without no corresponding | 74 // |permission_name|. Note this does not include APIs without no corresponding |
| 90 // permission, like "runtime" or "browserAction". | 75 // permission, like "runtime" or "browserAction". |
| 91 bool HasAPIPermission(const std::string& permission_name) const; | 76 bool HasAPIPermission(const std::string& permission_name) const; |
| (...skipping 16 matching lines...) Expand all Loading... |
| 108 // origins. | 93 // origins. |
| 109 bool HasEffectiveAccessToAllHosts() const; | 94 bool HasEffectiveAccessToAllHosts() const; |
| 110 | 95 |
| 111 // Returns true if this permission set includes effective access to |url|. | 96 // Returns true if this permission set includes effective access to |url|. |
| 112 bool HasEffectiveAccessToURL(const GURL& url) const; | 97 bool HasEffectiveAccessToURL(const GURL& url) const; |
| 113 | 98 |
| 114 // Returns ture if this permission set effectively represents full access | 99 // Returns ture if this permission set effectively represents full access |
| 115 // (e.g. native code). | 100 // (e.g. native code). |
| 116 bool HasEffectiveFullAccess() const; | 101 bool HasEffectiveFullAccess() const; |
| 117 | 102 |
| 118 // Returns true if |permissions| has a greater privilege level than this | |
| 119 // permission set (e.g., this permission set has less permissions). | |
| 120 // Whether certain permissions are considered varies by extension type. | |
| 121 bool HasLessPrivilegesThan(const PermissionSet* permissions, | |
| 122 Manifest::Type extension_type) const; | |
| 123 | |
| 124 const APIPermissionSet& apis() const { return apis_; } | 103 const APIPermissionSet& apis() const { return apis_; } |
| 125 | 104 |
| 126 const URLPatternSet& effective_hosts() const { return effective_hosts_; } | 105 const URLPatternSet& effective_hosts() const { return effective_hosts_; } |
| 127 | 106 |
| 128 const URLPatternSet& explicit_hosts() const { return explicit_hosts_; } | 107 const URLPatternSet& explicit_hosts() const { return explicit_hosts_; } |
| 129 | 108 |
| 130 const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; } | 109 const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; } |
| 131 | 110 |
| 132 private: | 111 private: |
| 133 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, HasLessHostPrivilegesThan); | |
| 134 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, GetWarningMessages_AudioVideo); | 112 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, GetWarningMessages_AudioVideo); |
| 135 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, GetDistinctHosts); | |
| 136 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, | |
| 137 GetDistinctHosts_ComIsBestRcd); | |
| 138 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, | |
| 139 GetDistinctHosts_NetIs2ndBestRcd); | |
| 140 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, | |
| 141 GetDistinctHosts_OrgIs3rdBestRcd); | |
| 142 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, | |
| 143 GetDistinctHosts_FirstInListIs4thBestRcd); | |
| 144 friend class base::RefCountedThreadSafe<PermissionSet>; | 113 friend class base::RefCountedThreadSafe<PermissionSet>; |
| 145 | 114 |
| 146 ~PermissionSet(); | 115 ~PermissionSet(); |
| 147 | 116 |
| 148 void AddAPIPermission(APIPermission::ID id); | 117 void AddAPIPermission(APIPermission::ID id); |
| 149 | 118 |
| 150 static std::set<std::string> GetDistinctHosts( | |
| 151 const URLPatternSet& host_patterns, | |
| 152 bool include_rcd, | |
| 153 bool exclude_file_scheme); | |
| 154 | |
| 155 // Adds permissions implied independently of other context. | 119 // Adds permissions implied independently of other context. |
| 156 void InitImplicitPermissions(); | 120 void InitImplicitPermissions(); |
| 157 | 121 |
| 158 // Initializes the effective host permission based on the data in this set. | 122 // Initializes the effective host permission based on the data in this set. |
| 159 void InitEffectiveHosts(); | 123 void InitEffectiveHosts(); |
| 160 | 124 |
| 161 // Gets the permission messages for the API permissions. | |
| 162 std::set<PermissionMessage> GetAPIPermissionMessages() const; | |
| 163 | |
| 164 // Gets the permission messages for the host permissions. | |
| 165 std::set<PermissionMessage> GetHostPermissionMessages( | |
| 166 Manifest::Type extension_type) const; | |
| 167 | |
| 168 // Returns true if |permissions| has an elevated API privilege level than | |
| 169 // this set. | |
| 170 bool HasLessAPIPrivilegesThan(const PermissionSet* permissions) const; | |
| 171 | |
| 172 // Returns true if |permissions| has more host permissions compared to this | |
| 173 // set. | |
| 174 bool HasLessHostPrivilegesThan(const PermissionSet* permissions, | |
| 175 Manifest::Type extension_type) const; | |
| 176 | |
| 177 // The api list is used when deciding if an extension can access certain | 125 // The api list is used when deciding if an extension can access certain |
| 178 // extension APIs and features. | 126 // extension APIs and features. |
| 179 APIPermissionSet apis_; | 127 APIPermissionSet apis_; |
| 180 | 128 |
| 181 // The list of hosts that can be accessed directly from the extension. | 129 // The list of hosts that can be accessed directly from the extension. |
| 182 // TODO(jstritar): Rename to "hosts_"? | 130 // TODO(jstritar): Rename to "hosts_"? |
| 183 URLPatternSet explicit_hosts_; | 131 URLPatternSet explicit_hosts_; |
| 184 | 132 |
| 185 // The list of hosts that can be scripted by content scripts. | 133 // The list of hosts that can be scripted by content scripts. |
| 186 // TODO(jstritar): Rename to "user_script_hosts_"? | 134 // TODO(jstritar): Rename to "user_script_hosts_"? |
| 187 URLPatternSet scriptable_hosts_; | 135 URLPatternSet scriptable_hosts_; |
| 188 | 136 |
| 189 // The list of hosts this effectively grants access to. | 137 // The list of hosts this effectively grants access to. |
| 190 URLPatternSet effective_hosts_; | 138 URLPatternSet effective_hosts_; |
| 191 }; | 139 }; |
| 192 | 140 |
| 193 } // namespace extensions | 141 } // namespace extensions |
| 194 | 142 |
| 195 #endif // CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSION_SET_H_ | 143 #endif // CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSION_SET_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 27446002:
Move permission warning message handling from PermissionSet to PermissionMessageProvider. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src