Updating trunk VERSION from 2139.0 to 2140.0
[chromium-blink-merge.git] / extensions / common / permissions / permission_set.h
blob3afd799e9bd621360799831328b1997d4564675f
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_
6 #define EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_
8 #include <map>
9 #include <set>
10 #include <string>
11 #include <vector>
13 #include "base/gtest_prod_util.h"
14 #include "base/memory/ref_counted.h"
15 #include "base/memory/singleton.h"
16 #include "base/strings/string16.h"
17 #include "extensions/common/manifest.h"
18 #include "extensions/common/permissions/api_permission.h"
19 #include "extensions/common/permissions/api_permission_set.h"
20 #include "extensions/common/permissions/manifest_permission.h"
21 #include "extensions/common/permissions/manifest_permission_set.h"
22 #include "extensions/common/url_pattern_set.h"
24 namespace extensions {
25 class Extension;
27 // The PermissionSet is an immutable class that encapsulates an
28 // extension's permissions. The class exposes set operations for combining and
29 // manipulating the permissions.
30 class PermissionSet
31 : public base::RefCountedThreadSafe<PermissionSet> {
32 public:
33 // Creates an empty permission set (e.g. default permissions).
34 PermissionSet();
36 // Creates a new permission set based on the specified data: the API
37 // permissions, manifest key permissions, host permissions, and scriptable
38 // hosts. The effective hosts of the newly created permission set will be
39 // inferred from the given host permissions.
40 PermissionSet(const APIPermissionSet& apis,
41 const ManifestPermissionSet& manifest_permissions,
42 const URLPatternSet& explicit_hosts,
43 const URLPatternSet& scriptable_hosts);
45 // Creates a new permission set equal to |set1| - |set2|, passing ownership of
46 // the new set to the caller.
47 static PermissionSet* CreateDifference(
48 const PermissionSet* set1, const PermissionSet* set2);
50 // Creates a new permission set equal to the intersection of |set1| and
51 // |set2|, passing ownership of the new set to the caller.
52 static PermissionSet* CreateIntersection(
53 const PermissionSet* set1, const PermissionSet* set2);
55 // Creates a new permission set equal to the union of |set1| and |set2|.
56 // Passes ownership of the new set to the caller.
57 static PermissionSet* CreateUnion(
58 const PermissionSet* set1, const PermissionSet* set2);
60 bool operator==(const PermissionSet& rhs) const;
62 // Returns true if every API or host permission available to |set| is also
63 // available to this. In other words, if the API permissions of |set| are a
64 // subset of this, and the host permissions in this encompass those in |set|.
65 bool Contains(const PermissionSet& set) const;
67 // Gets the API permissions in this set as a set of strings.
68 std::set<std::string> GetAPIsAsStrings() const;
70 // Returns true if this is an empty set (e.g., the default permission set).
71 bool IsEmpty() const;
73 // Returns true if the set has the specified API permission.
74 bool HasAPIPermission(APIPermission::ID permission) const;
76 // Returns true if the |extension| explicitly requests access to the given
77 // |permission_name|. Note this does not include APIs without no corresponding
78 // permission, like "runtime" or "browserAction".
79 bool HasAPIPermission(const std::string& permission_name) const;
81 // Returns true if the set allows the given permission with the default
82 // permission detal.
83 bool CheckAPIPermission(APIPermission::ID permission) const;
85 // Returns true if the set allows the given permission and permission param.
86 bool CheckAPIPermissionWithParam(APIPermission::ID permission,
87 const APIPermission::CheckParam* param) const;
89 // Returns true if this includes permission to access |origin|.
90 bool HasExplicitAccessToOrigin(const GURL& origin) const;
92 // Returns true if this permission set includes access to script |url|.
93 bool HasScriptableAccessToURL(const GURL& url) const;
95 // Returns true if this permission set includes effective access to all
96 // origins.
97 bool HasEffectiveAccessToAllHosts() const;
99 // Returns true if this permission set has access to so many hosts, that we
100 // should treat it as all hosts for warning purposes.
101 // For example, '*://*.com/*'.
102 bool ShouldWarnAllHosts() const;
104 // Returns true if this permission set includes effective access to |url|.
105 bool HasEffectiveAccessToURL(const GURL& url) const;
107 // Returns true if this permission set effectively represents full access
108 // (e.g. native code).
109 bool HasEffectiveFullAccess() const;
111 const APIPermissionSet& apis() const { return apis_; }
113 const ManifestPermissionSet& manifest_permissions() const {
114 return manifest_permissions_;
117 const URLPatternSet& effective_hosts() const { return effective_hosts_; }
119 const URLPatternSet& explicit_hosts() const { return explicit_hosts_; }
121 const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; }
123 private:
124 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, GetWarningMessages_AudioVideo);
125 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, AccessToDevicesMessages);
126 friend class base::RefCountedThreadSafe<PermissionSet>;
128 ~PermissionSet();
130 // Adds permissions implied independently of other context.
131 void InitImplicitPermissions();
133 // Initializes the effective host permission based on the data in this set.
134 void InitEffectiveHosts();
136 // Initializes |has_access_to_most_hosts_|.
137 void InitShouldWarnAllHosts() const;
139 // The api list is used when deciding if an extension can access certain
140 // extension APIs and features.
141 APIPermissionSet apis_;
143 // The manifest key permission list is used when deciding if an extension
144 // can access certain extension APIs and features.
145 ManifestPermissionSet manifest_permissions_;
147 // The list of hosts that can be accessed directly from the extension.
148 // TODO(jstritar): Rename to "hosts_"?
149 URLPatternSet explicit_hosts_;
151 // The list of hosts that can be scripted by content scripts.
152 // TODO(jstritar): Rename to "user_script_hosts_"?
153 URLPatternSet scriptable_hosts_;
155 // The list of hosts this effectively grants access to.
156 URLPatternSet effective_hosts_;
158 enum ShouldWarnAllHostsType {
159 UNINITIALIZED = 0,
160 WARN_ALL_HOSTS,
161 DONT_WARN_ALL_HOSTS
163 // Whether or not this permission set includes access to so many origins, we
164 // should treat it as all_hosts for warning purposes.
165 // Lazily initialized (and therefore mutable).
166 mutable ShouldWarnAllHostsType should_warn_all_hosts_;
169 } // namespace extensions
171 #endif // EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_