OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/extensions/permissions_updater.h" | 5 #include "chrome/browser/extensions/permissions_updater.h" |
6 | 6 |
7 #include "base/json/json_writer.h" | 7 #include "base/json/json_writer.h" |
8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
9 #include "base/values.h" | 9 #include "base/values.h" |
10 #include "chrome/browser/chrome_notification_types.h" | 10 #include "chrome/browser/chrome_notification_types.h" |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
57 } | 57 } |
58 | 58 |
59 // Returns a PermissionSet that has the active permissions of the extension, | 59 // Returns a PermissionSet that has the active permissions of the extension, |
60 // bounded to its current manifest. | 60 // bounded to its current manifest. |
61 scoped_refptr<const PermissionSet> GetBoundedActivePermissions( | 61 scoped_refptr<const PermissionSet> GetBoundedActivePermissions( |
62 const Extension* extension, | 62 const Extension* extension, |
63 const scoped_refptr<const PermissionSet>& active_permissions) { | 63 const scoped_refptr<const PermissionSet>& active_permissions) { |
64 // If the extension has used the optional permissions API, it will have a | 64 // If the extension has used the optional permissions API, it will have a |
65 // custom set of active permissions defined in the extension prefs. Here, | 65 // custom set of active permissions defined in the extension prefs. Here, |
66 // we update the extension's active permissions based on the prefs. | 66 // we update the extension's active permissions based on the prefs. |
67 if (!active_permissions) | 67 if (!active_permissions.get()) |
68 return extension->permissions_data()->active_permissions(); | 68 return extension->permissions_data()->active_permissions(); |
69 | 69 |
70 scoped_refptr<const PermissionSet> required_permissions = | 70 scoped_refptr<const PermissionSet> required_permissions = |
71 PermissionsParser::GetRequiredPermissions(extension); | 71 PermissionsParser::GetRequiredPermissions(extension); |
72 | 72 |
73 // We restrict the active permissions to be within the bounds defined in the | 73 // We restrict the active permissions to be within the bounds defined in the |
74 // extension's manifest. | 74 // extension's manifest. |
75 // a) active permissions must be a subset of optional + default permissions | 75 // a) active permissions must be a subset of optional + default permissions |
76 // b) active permissions must contains all default permissions | 76 // b) active permissions must contains all default permissions |
77 scoped_refptr<PermissionSet> total_permissions = PermissionSet::CreateUnion( | 77 scoped_refptr<PermissionSet> total_permissions = PermissionSet::CreateUnion( |
78 required_permissions, | 78 required_permissions.get(), |
79 PermissionsParser::GetOptionalPermissions(extension)); | 79 PermissionsParser::GetOptionalPermissions(extension)); |
80 | 80 |
81 // Make sure the active permissions contain no more than optional + default. | 81 // Make sure the active permissions contain no more than optional + default. |
82 scoped_refptr<PermissionSet> adjusted_active = | 82 scoped_refptr<PermissionSet> adjusted_active = |
83 PermissionSet::CreateIntersection(total_permissions, active_permissions); | 83 PermissionSet::CreateIntersection(total_permissions.get(), |
| 84 active_permissions.get()); |
84 | 85 |
85 // Make sure the active permissions contain the default permissions. | 86 // Make sure the active permissions contain the default permissions. |
86 adjusted_active = | 87 adjusted_active = PermissionSet::CreateUnion(required_permissions.get(), |
87 PermissionSet::CreateUnion(required_permissions, adjusted_active); | 88 adjusted_active.get()); |
88 | 89 |
89 return adjusted_active; | 90 return adjusted_active; |
90 } | 91 } |
91 | 92 |
92 // Divvy up the |url patterns| between those we grant and those we do not. If | 93 // Divvy up the |url patterns| between those we grant and those we do not. If |
93 // |withhold_permissions| is false (because the requisite feature is not | 94 // |withhold_permissions| is false (because the requisite feature is not |
94 // enabled), no permissions are withheld. | 95 // enabled), no permissions are withheld. |
95 void SegregateUrlPermissions(const URLPatternSet& url_patterns, | 96 void SegregateUrlPermissions(const URLPatternSet& url_patterns, |
96 bool withhold_permissions, | 97 bool withhold_permissions, |
97 URLPatternSet* granted, | 98 URLPatternSet* granted, |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
187 SegregateUrlPermissions(bounded_active->scriptable_hosts(), | 188 SegregateUrlPermissions(bounded_active->scriptable_hosts(), |
188 should_withhold_permissions, | 189 should_withhold_permissions, |
189 &granted_scriptable_hosts, | 190 &granted_scriptable_hosts, |
190 &withheld_scriptable_hosts); | 191 &withheld_scriptable_hosts); |
191 | 192 |
192 // After withholding permissions, add back any origins to the active set that | 193 // After withholding permissions, add back any origins to the active set that |
193 // may have been lost during the set operations that would have dropped them. | 194 // may have been lost during the set operations that would have dropped them. |
194 // For example, the union of <all_urls> and "example.com" is <all_urls>, so | 195 // For example, the union of <all_urls> and "example.com" is <all_urls>, so |
195 // we may lose "example.com". However, "example.com" is important once | 196 // we may lose "example.com". However, "example.com" is important once |
196 // <all_urls> is stripped during withholding. | 197 // <all_urls> is stripped during withholding. |
197 if (active_permissions) { | 198 if (active_permissions.get()) { |
198 granted_explicit_hosts.AddPatterns( | 199 granted_explicit_hosts.AddPatterns( |
199 FilterSingleOriginPermissions(active_permissions->explicit_hosts(), | 200 FilterSingleOriginPermissions(active_permissions->explicit_hosts(), |
200 bounded_active->explicit_hosts())); | 201 bounded_active->explicit_hosts())); |
201 granted_scriptable_hosts.AddPatterns( | 202 granted_scriptable_hosts.AddPatterns( |
202 FilterSingleOriginPermissions(active_permissions->scriptable_hosts(), | 203 FilterSingleOriginPermissions(active_permissions->scriptable_hosts(), |
203 bounded_active->scriptable_hosts())); | 204 bounded_active->scriptable_hosts())); |
204 } | 205 } |
205 | 206 |
206 bounded_active = new PermissionSet(bounded_active->apis(), | 207 bounded_active = new PermissionSet(bounded_active->apis(), |
207 bounded_active->manifest_permissions(), | 208 bounded_active->manifest_permissions(), |
(...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
349 Profile::FromBrowserContext(host->GetBrowserContext()))) { | 350 Profile::FromBrowserContext(host->GetBrowserContext()))) { |
350 host->Send(new ExtensionMsg_UpdatePermissions(params)); | 351 host->Send(new ExtensionMsg_UpdatePermissions(params)); |
351 } | 352 } |
352 } | 353 } |
353 | 354 |
354 // Trigger the onAdded and onRemoved events in the extension. | 355 // Trigger the onAdded and onRemoved events in the extension. |
355 DispatchEvent(extension->id(), event_name, changed); | 356 DispatchEvent(extension->id(), event_name, changed); |
356 } | 357 } |
357 | 358 |
358 } // namespace extensions | 359 } // namespace extensions |
OLD | NEW |