| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_ | 5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_ |
| 6 #define EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_ | 6 #define EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_ |
| 7 | 7 |
| 8 #include <map> | 8 #include <map> |
| 9 #include <set> | 9 #include <set> |
| 10 #include <string> | 10 #include <string> |
| 11 #include <vector> | 11 #include <vector> |
| 12 | 12 |
| 13 #include "base/gtest_prod_util.h" | 13 #include "base/gtest_prod_util.h" |
| 14 #include "base/memory/ref_counted.h" | 14 #include "base/memory/ref_counted.h" |
| 15 #include "base/memory/singleton.h" | 15 #include "base/memory/singleton.h" |
| 16 #include "base/strings/string16.h" | 16 #include "base/strings/string16.h" |
| 17 #include "extensions/common/manifest.h" | 17 #include "extensions/common/manifest.h" |
| 18 #include "extensions/common/permissions/api_permission.h" | 18 #include "extensions/common/permissions/api_permission.h" |
| 19 #include "extensions/common/permissions/api_permission_set.h" | 19 #include "extensions/common/permissions/api_permission_set.h" |
| 20 #include "extensions/common/permissions/manifest_permission.h" |
| 21 #include "extensions/common/permissions/manifest_permission_set.h" |
| 20 #include "extensions/common/url_pattern_set.h" | 22 #include "extensions/common/url_pattern_set.h" |
| 21 | 23 |
| 22 namespace extensions { | 24 namespace extensions { |
| 23 class Extension; | 25 class Extension; |
| 24 | 26 |
| 25 // The PermissionSet is an immutable class that encapsulates an | 27 // The PermissionSet is an immutable class that encapsulates an |
| 26 // extension's permissions. The class exposes set operations for combining and | 28 // extension's permissions. The class exposes set operations for combining and |
| 27 // manipulating the permissions. | 29 // manipulating the permissions. |
| 28 class PermissionSet | 30 class PermissionSet |
| 29 : public base::RefCountedThreadSafe<PermissionSet> { | 31 : public base::RefCountedThreadSafe<PermissionSet> { |
| 30 public: | 32 public: |
| 31 // Creates an empty permission set (e.g. default permissions). | 33 // Creates an empty permission set (e.g. default permissions). |
| 32 PermissionSet(); | 34 PermissionSet(); |
| 33 | 35 |
| 34 // Creates a new permission set based on the specified data: the API | 36 // Creates a new permission set based on the specified data: the API |
| 35 // permissions, host permissions, and scriptable hosts. The effective hosts | 37 // permissions, manifest key permissions, host permissions, and scriptable |
| 36 // of the newly created permission set will be inferred from the given | 38 // hosts. The effective hosts of the newly created permission set will be |
| 37 // host permissions. | 39 // inferred from the given host permissions. |
| 38 PermissionSet(const APIPermissionSet& apis, | 40 PermissionSet(const APIPermissionSet& apis, |
| 41 const ManifestPermissionSet& manifest_permissions, |
| 39 const URLPatternSet& explicit_hosts, | 42 const URLPatternSet& explicit_hosts, |
| 40 const URLPatternSet& scriptable_hosts); | 43 const URLPatternSet& scriptable_hosts); |
| 41 | 44 |
| 42 // Creates a new permission set equal to |set1| - |set2|, passing ownership of | 45 // Creates a new permission set equal to |set1| - |set2|, passing ownership of |
| 43 // the new set to the caller. | 46 // the new set to the caller. |
| 44 static PermissionSet* CreateDifference( | 47 static PermissionSet* CreateDifference( |
| 45 const PermissionSet* set1, const PermissionSet* set2); | 48 const PermissionSet* set1, const PermissionSet* set2); |
| 46 | 49 |
| 47 // Creates a new permission set equal to the intersection of |set1| and | 50 // Creates a new permission set equal to the intersection of |set1| and |
| 48 // |set2|, passing ownership of the new set to the caller. | 51 // |set2|, passing ownership of the new set to the caller. |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 95 | 98 |
| 96 // Returns true if this permission set includes effective access to |url|. | 99 // Returns true if this permission set includes effective access to |url|. |
| 97 bool HasEffectiveAccessToURL(const GURL& url) const; | 100 bool HasEffectiveAccessToURL(const GURL& url) const; |
| 98 | 101 |
| 99 // Returns true if this permission set effectively represents full access | 102 // Returns true if this permission set effectively represents full access |
| 100 // (e.g. native code). | 103 // (e.g. native code). |
| 101 bool HasEffectiveFullAccess() const; | 104 bool HasEffectiveFullAccess() const; |
| 102 | 105 |
| 103 const APIPermissionSet& apis() const { return apis_; } | 106 const APIPermissionSet& apis() const { return apis_; } |
| 104 | 107 |
| 108 const ManifestPermissionSet& manifest_permissions() const { |
| 109 return manifest_permissions_; |
| 110 } |
| 111 |
| 105 const URLPatternSet& effective_hosts() const { return effective_hosts_; } | 112 const URLPatternSet& effective_hosts() const { return effective_hosts_; } |
| 106 | 113 |
| 107 const URLPatternSet& explicit_hosts() const { return explicit_hosts_; } | 114 const URLPatternSet& explicit_hosts() const { return explicit_hosts_; } |
| 108 | 115 |
| 109 const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; } | 116 const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; } |
| 110 | 117 |
| 111 private: | 118 private: |
| 112 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, GetWarningMessages_AudioVideo); | 119 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, GetWarningMessages_AudioVideo); |
| 113 friend class base::RefCountedThreadSafe<PermissionSet>; | 120 friend class base::RefCountedThreadSafe<PermissionSet>; |
| 114 | 121 |
| 115 ~PermissionSet(); | 122 ~PermissionSet(); |
| 116 | 123 |
| 117 void AddAPIPermission(APIPermission::ID id); | 124 void AddAPIPermission(APIPermission::ID id); |
| 118 | 125 |
| 119 // Adds permissions implied independently of other context. | 126 // Adds permissions implied independently of other context. |
| 120 void InitImplicitPermissions(); | 127 void InitImplicitPermissions(); |
| 121 | 128 |
| 122 // Initializes the effective host permission based on the data in this set. | 129 // Initializes the effective host permission based on the data in this set. |
| 123 void InitEffectiveHosts(); | 130 void InitEffectiveHosts(); |
| 124 | 131 |
| 125 // The api list is used when deciding if an extension can access certain | 132 // The api list is used when deciding if an extension can access certain |
| 126 // extension APIs and features. | 133 // extension APIs and features. |
| 127 APIPermissionSet apis_; | 134 APIPermissionSet apis_; |
| 128 | 135 |
| 136 // The manifest key permission list is used when deciding if an extension |
| 137 // can access certain extension APIs and features. |
| 138 ManifestPermissionSet manifest_permissions_; |
| 139 |
| 129 // The list of hosts that can be accessed directly from the extension. | 140 // The list of hosts that can be accessed directly from the extension. |
| 130 // TODO(jstritar): Rename to "hosts_"? | 141 // TODO(jstritar): Rename to "hosts_"? |
| 131 URLPatternSet explicit_hosts_; | 142 URLPatternSet explicit_hosts_; |
| 132 | 143 |
| 133 // The list of hosts that can be scripted by content scripts. | 144 // The list of hosts that can be scripted by content scripts. |
| 134 // TODO(jstritar): Rename to "user_script_hosts_"? | 145 // TODO(jstritar): Rename to "user_script_hosts_"? |
| 135 URLPatternSet scriptable_hosts_; | 146 URLPatternSet scriptable_hosts_; |
| 136 | 147 |
| 137 // The list of hosts this effectively grants access to. | 148 // The list of hosts this effectively grants access to. |
| 138 URLPatternSet effective_hosts_; | 149 URLPatternSet effective_hosts_; |
| 139 }; | 150 }; |
| 140 | 151 |
| 141 } // namespace extensions | 152 } // namespace extensions |
| 142 | 153 |
| 143 #endif // EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_ | 154 #endif // EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 51433002:
Enable permission warnings from ManifestHandlers. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master