Start refractoring extension permissions into ExtensionPermissionSet.

chrome/common/extensions/extension.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_COMMON_EXTENSIONS_EXTENSION_H_
 #define CHROME_COMMON_EXTENSIONS_EXTENSION_H_
 #pragma once
 
 #include <map>
 #include <set>
 #include <string>
 #include <vector>
 
 #include "base/file_path.h"
 #include "base/gtest_prod_util.h"
 #include "base/memory/linked_ptr.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "chrome/common/extensions/extension_constants.h"
 #include "chrome/common/extensions/extension_icon_set.h"
+#include "chrome/common/extensions/extension_permission_set.h"
 #include "chrome/common/extensions/user_script.h"
 #include "chrome/common/extensions/url_pattern.h"
 #include "chrome/common/extensions/url_pattern_set.h"
 #include "googleurl/src/gurl.h"
 #include "ui/gfx/size.h"
 
 class DictionaryValue;
 class ExtensionAction;
 class ExtensionResource;
 class ExtensionSidebarDefaults;
@@ skipping 104 matching lines @@
     bool shortcut_ctrl;
     bool shortcut_shift;
   };
 
   struct TtsVoice {
     std::string voice_name;
     std::string locale;
     std::string gender;
   };
 
-  // When prompting the user to install or approve permissions, we display
-  // messages describing the effects of the permissions and not the permissions
-  // themselves. Each PermissionMessage represents one of the messages that is
-  // shown to the user.
-  class PermissionMessage {
-   public:
-    // Do not reorder or add new enumerations in this list. If you need to add a
-    // new enum, add it just prior to ID_ENUM_BOUNDARY and enter its l10n
-    // message in kMessageIds.
-    enum MessageId {
-      ID_UNKNOWN,
-      ID_NONE,
-      ID_BOOKMARKS,
-      ID_GEOLOCATION,
-      ID_BROWSING_HISTORY,
-      ID_TABS,
-      ID_MANAGEMENT,
-      ID_DEBUGGER,
-      ID_HOSTS_1,
-      ID_HOSTS_2,
-      ID_HOSTS_3,
-      ID_HOSTS_4_OR_MORE,
-      ID_HOSTS_ALL,
-      ID_FULL_ACCESS,
-      ID_CLIPBOARD,
-      ID_ENUM_BOUNDARY
-    };
-
-    // Creates a permission message with the given |message_id| and initializes
-    // its message to the appropriate value.
-    static PermissionMessage CreateFromMessageId(MessageId message_id);
-
-    // Creates the corresponding permission message for a list of hosts. This
-    // method exists because the hosts are presented as one message that depends
-    // on what and how many hosts there are.
-    static PermissionMessage CreateFromHostList(
-        const std::vector<std::string>& hosts);
-
-    // Gets the id of the permission message, which can be used in UMA
-    // histograms.
-    MessageId message_id() const { return message_id_; }
-
-    // Gets a localized message describing this permission. Please note that
-    // the message will be empty for message types TYPE_NONE and TYPE_UNKNOWN.
-    const string16& message() const { return message_; }
-
-    // Comparator to work with std::set.
-    bool operator<(const PermissionMessage& that) const {
-      return message_id_ < that.message_id_;
-    }
-
-   private:
-    PermissionMessage(MessageId message_id, string16 message_);
-
-    // The index of the id in the array is its enum value. The first two values
-    // are non-existent message ids to act as placeholders for "unknown" and
-    // "none".
-    // Note: Do not change the order of the items in this list since they
-    // are used in a histogram. The order must match the MessageId order.
-    static const int kMessageIds[];
-
-    MessageId message_id_;
-    string16 message_;
-  };
-
-  typedef std::vector<PermissionMessage> PermissionMessages;
-
-  // A permission is defined by its |name| (what is used in the manifest),
-  // and the |message_id| that's used by install/update UI.
-  struct Permission {
-    const char* const name;
-    const PermissionMessage::MessageId message_id;
-  };
-
   enum InitFromValueFlags {
     NO_FLAGS = 0,
 
     // Usually, the id of an extension is generated by the "key" property of
     // its manifest, but if |REQUIRE_KEY| is not set, a temporary ID will be
     // generated based on the path.
     REQUIRE_KEY = 1 << 0,
 
     // |STRICT_ERROR_CHECKS| enables extra error checking, such as
     // checks that URL patterns do not contain ports.  This error
@@ skipping 20 matching lines @@
                                          std::string* error);
 
   // Return the update url used by gallery/webstore extensions.
   static GURL GalleryUpdateUrl(bool secure);
 
   // Given two install sources, return the one which should take priority
   // over the other. If an extension is installed from two sources A and B,
   // its install source should be set to GetHigherPriorityLocation(A, B).
   static Location GetHigherPriorityLocation(Location loc1, Location loc2);
 
-  // Get's the install message id for |permission|.  Returns
-  // MessageId::TYPE_NONE if none exists.
-  static PermissionMessage::MessageId GetPermissionMessageId(
-      const std::string& permission);
-
   // Returns the full list of permission messages that this extension
   // should display at install time.
-  PermissionMessages GetPermissionMessages() const;
+  ExtensionPermissionMessages GetPermissionMessages() const;
 
   // Returns the full list of permission messages that this extension
   // should display at install time. The messages are returned as strings
   // for convenience.
   std::vector<string16> GetPermissionMessageStrings() const;
 
-  // Returns the distinct hosts that should be displayed in the install UI
-  // for the URL patterns |list|. This discards some of the detail that is
-  // present in the manifest to make it as easy as possible to process by
-  // users. In particular we disregard the scheme and path components of
-  // URLPatterns and de-dupe the result, which includes filtering out common
-  // hosts with differing RCDs (aka Registry Controlled Domains, most of which
-  // are Top Level Domains but also include exceptions like co.uk).
-  // NOTE: when de-duping hosts the preferred RCD will be returned, given this
-  // order of preference: .com, .net, .org, first in list.
-  static std::vector<std::string> GetDistinctHostsForDisplay(
-      const URLPatternList& list);
-
-  // Compares two URLPatternLists for security equality by returning whether
-  // the URL patterns in |new_list| contain additional distinct hosts compared
-  // to |old_list|.
-  static bool IsElevatedHostList(
-      const URLPatternList& old_list, const URLPatternList& new_list);
-
   // Icon sizes used by the extension system.
   static const int kIconSizes[];
 
   // Max size (both dimensions) for browser and page actions.
   static const int kPageActionIconMaxSize;
   static const int kBrowserActionIconMaxSize;
   static const int kSidebarIconMaxSize;
 
-  // Each permission is a module that the extension is permitted to use.
-  //
-  // NOTE: To add a new permission, define it here, and add an entry to
-  // Extension::kPermissions.
-  static const char kBackgroundPermission[];
-  static const char kBookmarkPermission[];
-  static const char kClipboardReadPermission[];
-  static const char kClipboardWritePermission[];
-  static const char kContentSettingsPermission[];
-  static const char kContextMenusPermission[];
-  static const char kCookiePermission[];
-  static const char kChromePrivatePermission[];
-  static const char kChromeosInfoPrivatePermission[];
-  static const char kDebuggerPermission[];
-  static const char kExperimentalPermission[];
-  static const char kFileBrowserHandlerPermission[];
-  static const char kFileBrowserPrivatePermission[];
-  static const char kGeolocationPermission[];
-  static const char kHistoryPermission[];
-  static const char kIdlePermission[];
-  static const char kManagementPermission[];
-  static const char kMediaPlayerPrivatePermission[];
-  static const char kNotificationPermission[];
-  static const char kProxyPermission[];
-  static const char kTabPermission[];
-  static const char kUnlimitedStoragePermission[];
-  static const char kWebstorePrivatePermission[];
-  static const char kWebSocketProxyPrivatePermission[];
-
-  static const Permission kPermissions[];
-  static const size_t kNumPermissions;
-  static const char* const kHostedAppPermissionNames[];
-  static const size_t kNumHostedAppPermissions;
-  static const char* const kComponentPrivatePermissionNames[];
-  static const size_t kNumComponentPrivatePermissions;
-
-  // The old name for the unlimited storage permission, which is deprecated but
-  // still accepted as meaning the same thing as kUnlimitedStoragePermission.
-  static const char kOldUnlimitedStoragePermission[];
-
   // Valid schemes for web extent URLPatterns.
   static const int kValidWebExtentSchemes;
 
   // Valid schemes for host permission URLPatterns.
   static const int kValidHostPermissionSchemes;
 
-  // Returns true if the string is one of the known hosted app permissions (see
-  // kHostedAppPermissionNames).
-  static bool IsHostedAppPermission(const std::string& permission);
-
   // The name of the manifest inside an extension.
   static const FilePath::CharType kManifestFilename[];
 
   // The name of locale folder inside an extension.
   static const FilePath::CharType kLocaleFolder[];
 
   // The name of the messages file inside an extension.
   static const FilePath::CharType kMessagesFilename[];
 
 #if defined(OS_WIN)
@@ skipping 89 matching lines @@
   // Generates an extension ID from arbitrary input. The same input string will
   // always generate the same output ID.
   static bool GenerateId(const std::string& input, std::string* output);
 
   // Expects base64 encoded |input| and formats into |output| including
   // the appropriate header & footer.
   static bool FormatPEMForFileOutput(const std::string& input,
                                      std::string* output,
                                      bool is_public);
 
-  // Determine whether |new_extension| has increased privileges compared to
-  // its previously granted permissions, specified by |granted_apis|,
-  // |granted_extent| and |granted_full_access|.
-  static bool IsPrivilegeIncrease(const bool granted_full_access,
-                                  const std::set<std::string>& granted_apis,
-                                  const URLPatternSet& granted_extent,
-                                  const Extension* new_extension);
-
   // Given an extension and icon size, read it if present and decode it into
   // result. In the browser process, this will DCHECK if not called on the
   // file thread. To easily load extension images on the UI thread, see
   // ImageLoadingTracker.
   static void DecodeIcon(const Extension* extension,
                          Icons icon_size,
                          scoped_ptr<SkBitmap>* result);
 
   // Given an icon_path and icon size, read it if present and decode it into
   // result. In the browser process, this will DCHECK if not called on the
@@ skipping 14 matching lines @@
   // --apps-gallery-url switch. The URL returned will not contain a trailing
   // slash. Do not use this as a prefix/extent for the store.  Instead see
   // ExtensionService::GetWebStoreApp or
   // ExtensionService::IsDownloadFromGallery
   static std::string ChromeStoreLaunchURL();
 
   // Adds an extension to the scripting whitelist. Used for testing only.
   static void SetScriptingWhitelist(const ScriptingWhitelist& whitelist);
   static const ScriptingWhitelist* GetScriptingWhitelist();
 
-  // Returns true if the extension has the specified API permission.
-  static bool HasApiPermission(const std::set<std::string>& api_permissions,
-                               const std::string& function_name);
+  bool HasAPIPermission(ExtensionAPIPermission::ID permission) const;
+  bool HasAPIPermission(const std::string& function_name) const;
 
-  // Whether the |effective_host_permissions| and |api_permissions| include
-  // effective access to all hosts. See the non-static version of the method
-  // for more details.
-  static bool HasEffectiveAccessToAllHosts(
-      const URLPatternSet& effective_host_permissions,
-      const std::set<std::string>& api_permissions);
-
-  bool HasApiPermission(const std::string& function_name) const {
-    return HasApiPermission(this->api_permissions(), function_name);
-  }
-
-  const URLPatternSet& GetEffectiveHostPermissions() const {
-    return effective_host_permissions_;
-  }
+  const URLPatternSet& GetEffectiveHostPermissions() const;
 
   // Whether or not the extension is allowed permission for a URL pattern from
   // the manifest.  http, https, and chrome://favicon/ is allowed for all
   // extensions, while component extensions are allowed access to
   // chrome://resources.
   bool CanSpecifyHostPermission(const URLPattern& pattern) const;
 
   // Whether the extension has access to the given URL.
   bool HasHostPermission(const GURL& url) const;
 
@@ skipping 95 matching lines @@
   const std::vector<NaClModuleInfo>& nacl_modules() const {
     return nacl_modules_;
   }
   const std::vector<InputComponentInfo>& input_components() const {
     return input_components_;
   }
   const GURL& background_url() const { return background_url_; }
   const GURL& options_url() const { return options_url_; }
   const GURL& devtools_url() const { return devtools_url_; }
   const std::vector<GURL>& toolstrips() const { return toolstrips_; }
-  const std::set<std::string>& api_permissions() const {
-    return api_permissions_;
+  const ExtensionPermissionSet* permission_set() const {
+    return permission_set_.get();
   }
-  const URLPatternList& host_permissions() const { return host_permissions_; }
   const GURL& update_url() const { return update_url_; }
   const ExtensionIconSet& icons() const { return icons_; }
   const DictionaryValue* manifest_value() const {
     return manifest_value_.get();
   }
   const std::string default_locale() const { return default_locale_; }
   const URLOverrideMap& GetChromeURLOverrides() const {
     return chrome_url_overrides_;
   }
   const std::string omnibox_keyword() const { return omnibox_keyword_; }
@@ skipping 112 matching lines @@
       const ListValue* extension_actions, std::string* error);
   // Helper method to load an FileBrowserHandler from manifest.
   FileBrowserHandler* LoadFileBrowserHandler(
       const DictionaryValue* file_browser_handlers, std::string* error);
 
   // Helper method to load an ExtensionSidebarDefaults from the sidebar manifest
   // entry.
   ExtensionSidebarDefaults* LoadExtensionSidebarDefaults(
       const DictionaryValue* sidebar, std::string* error);
 
-  // Calculates the effective host permissions from the permissions and content
-  // script petterns.
-  void InitEffectiveHostPermissions();
-
   // Returns true if the extension has more than one "UI surface". For example,
   // an extension that has a browser action and a page action.
   bool HasMultipleUISurfaces() const;
 
   // Figures out if a source contains keys not associated with themes - we
   // don't want to allow scripts and such to be bundled with themes.
   bool ContainsNonThemeKeys(const DictionaryValue& source) const;
 
   // Only allow the experimental API permission if the command line
   // flag is present.
-  bool IsDisallowedExperimentalPermission(const std::string& permission) const;
-
-  // Returns true if the string is one of the known api permissions (see
-  // kPermissions).
-  bool IsAPIPermission(const std::string& permission) const;
+  bool IsDisallowedExperimentalPermission(
+      ExtensionAPIPermission::ID permission) const;
 
   // Returns true if this is a component, or we are not attempting to access a
   // component-private permission.
-  bool IsComponentOnlyPermission(const std::string& permission) const;
-
-  // The set of unique API install messages that the extension has.
-  // NOTE: This only includes messages related to permissions declared in the
-  // "permissions" key in the manifest.  Permissions implied from other features
-  // of the manifest, like plugins and content scripts are not included.
-  std::set<PermissionMessage> GetSimplePermissionMessages() const;
+  bool IsComponentOnlyPermission(const ExtensionAPIPermission* api) const;
 
   // Cached images for this extension. This should only be touched on the UI
   // thread.
   mutable ImageCache image_cache_;
 
   // A persistent, globally unique ID. An extension's ID is used in things
   // like directory structures and URLs, and is expected to not change across
   // versions. It is generated as a SHA-256 hash of the extension's public
   // key, or as a hash of the path in the case of unpacked extensions.
   std::string id_;
@@ skipping 10 matching lines @@
   // Default locale for fall back. Can be empty if extension is not localized.
   std::string default_locale_;
 
   // If true, a separate process will be used for the extension in incognito
   // mode.
   bool incognito_split_mode_;
 
   // Defines the set of URLs in the extension's web content.
   URLPatternSet extent_;
 
-  // The set of host permissions that the extension effectively has access to,
-  // which is a merge of host_permissions_ and all of the match patterns in
-  // any content scripts the extension has. This is used to determine which
-  // URLs have the ability to load an extension's resources via embedded
-  // chrome-extension: URLs (see extension_protocols.cc).
-  URLPatternSet effective_host_permissions_;
-
-  // The set of module-level APIs this extension can use.
-  std::set<std::string> api_permissions_;
+  // The set of permissions that the extension effectively has access to.
+  scoped_ptr<ExtensionPermissionSet> permission_set_;
 
   // The icons for the extension.
   ExtensionIconSet icons_;
 
   // The base extension url for the extension.
   GURL extension_url_;
 
   // The location the extension was loaded from.
   Location location_;
 
@@ skipping 55 matching lines @@
 
   // A map of color names to colors.
   scoped_ptr<DictionaryValue> theme_tints_;
 
   // A map of display properties.
   scoped_ptr<DictionaryValue> theme_display_properties_;
 
   // Whether the extension is a theme.
   bool is_theme_;
 
-  // The sites this extension has permission to talk to (using XHR, etc).
-  URLPatternList host_permissions_;
-
   // The homepage for this extension. Useful if it is not hosted by Google and
   // therefore does not have a Gallery URL.
   GURL homepage_url_;
 
   // URL for fetching an update manifest
   GURL update_url_;
 
   // A copy of the manifest that this extension was created from.
   scoped_ptr<DictionaryValue> manifest_value_;
 
@@ skipping 98 matching lines @@
   // Was the extension already disabled?
   bool already_disabled;
 
   // The extension being unloaded - this should always be non-NULL.
   const Extension* extension;
 
   UnloadedExtensionInfo(const Extension* extension, Reason reason);
 };
 
 #endif  // CHROME_COMMON_EXTENSIONS_EXTENSION_H_