extensions/browser/api/device_permissions_manager.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef EXTENSIONS_DEVICE_PERMISSION_MANAGER_H_
   6 #define EXTENSIONS_DEVICE_PERMISSION_MANAGER_H_
   7
   8 #include <map>
   9 #include <set>
  10 #include <vector>
  11
  12 #include "base/gtest_prod_util.h"
  13 #include "base/macros.h"
  14 #include "base/memory/ref_counted.h"
  15 #include "base/memory/scoped_ptr.h"
  16 #include "base/scoped_observer.h"
  17 #include "base/strings/string16.h"
  18 #include "base/threading/thread_checker.h"
  19 #include "components/keyed_service/content/browser_context_keyed_service_factory.h"
  20 #include "components/keyed_service/core/keyed_service.h"
  21 #include "content/public/browser/browser_thread.h"
  22 #include "device/usb/usb_service.h"
  23 #include "extensions/browser/process_manager.h"
  24 #include "extensions/browser/process_manager_observer.h"
  25
  26 template <typename T>
  27 struct DefaultSingletonTraits;
  28
  29 namespace base {
  30 class Value;
  31 }
  32
  33 namespace content {
  34 class BrowserContext;
  35 }
  36
  37 namespace extensions {
  38
  39 // Stores information about a device saved with access granted.
  40 class DevicePermissionEntry
  41     : public base::RefCountedThreadSafe<DevicePermissionEntry> {
  42  public:
  43   // TODO(reillyg): This function should be able to take only the
  44   // device::UsbDevice and read the strings from there. This is not yet possible
  45   // as the device can not be accessed from the UI thread. crbug.com/427985
  46   DevicePermissionEntry(scoped_refptr<device::UsbDevice> device,
  47                         const base::string16& serial_number,
  48                         const base::string16& manufacturer_string,
  49                         const base::string16& product_string);
  50   DevicePermissionEntry(uint16_t vendor_id,
  51                         uint16_t product_id,
  52                         const base::string16& serial_number,
  53                         const base::string16& manufacturer_string,
  54                         const base::string16& product_string,
  55                         const base::Time& last_used);
  56
  57   // A persistent device is one that can be recognized when it is reconnected
  58   // and can therefore be remembered persistently by writing information about
  59   // it to ExtensionPrefs. Currently this means it has a serial number string.
  60   bool IsPersistent() const;
  61
  62   // Convert the device to a serializable value, returns a null pointer if the
  63   // entry is not persistent.
  64   scoped_ptr<base::Value> ToValue() const;
  65
  66   base::string16 GetPermissionMessageString() const;
  67
  68   uint16_t vendor_id() const { return vendor_id_; }
  69   uint16_t product_id() const { return product_id_; }
  70   const base::string16& serial_number() const { return serial_number_; }
  71   const base::Time& last_used() const { return last_used_; }
  72
  73   base::string16 GetManufacturer() const;
  74   base::string16 GetProduct() const;
  75
  76  private:
  77   friend class base::RefCountedThreadSafe<DevicePermissionEntry>;
  78   friend class DevicePermissionsManager;
  79
  80   ~DevicePermissionEntry();
  81
  82   void set_last_used(const base::Time& last_used) { last_used_ = last_used; }
  83
  84   // The USB device tracked by this entry, may be null if this entry was
  85   // restored from ExtensionPrefs.
  86   scoped_refptr<device::UsbDevice> device_;
  87   // The vendor ID of this device.
  88   uint16_t vendor_id_;
  89   // The product ID of this device.
  90   uint16_t product_id_;
  91   // The serial number (possibly alphanumeric) of this device.
  92   base::string16 serial_number_;
  93   // The manufacturer string read from the device (optional).
  94   base::string16 manufacturer_string_;
  95   // The product string read from the device (optional).
  96   base::string16 product_string_;
  97   // The last time this device was used by the extension.
  98   base::Time last_used_;
  99 };
 100
 101 // Stores a copy of device permissions associated with a particular extension.
 102 class DevicePermissions {
 103  public:
 104   virtual ~DevicePermissions();
 105
 106   // Attempts to find a permission entry matching the given device. The device
 107   // serial number is presented separately so that this function does not need
 108   // to call device->GetSerialNumber() which may not be possible on the
 109   // current thread.
 110   scoped_refptr<DevicePermissionEntry> FindEntry(
 111       scoped_refptr<device::UsbDevice> device,
 112       const base::string16& serial_number) const;
 113
 114   const std::set<scoped_refptr<DevicePermissionEntry>>& entries() const {
 115     return entries_;
 116   }
 117
 118  private:
 119   friend class DevicePermissionsManager;
 120
 121   // Reads permissions out of ExtensionPrefs.
 122   DevicePermissions(content::BrowserContext* context,
 123                     const std::string& extension_id);
 124   // Does a shallow copy, duplicating the device lists so that the resulting
 125   // object can be used from a different thread.
 126   DevicePermissions(const DevicePermissions* original);
 127
 128   std::set<scoped_refptr<DevicePermissionEntry>> entries_;
 129   std::map<scoped_refptr<device::UsbDevice>,
 130            scoped_refptr<DevicePermissionEntry>> ephemeral_devices_;
 131
 132   DISALLOW_COPY_AND_ASSIGN(DevicePermissions);
 133 };
 134
 135 // Manages saved device permissions for all extensions.
 136 class DevicePermissionsManager : public KeyedService,
 137                                  public base::NonThreadSafe,
 138                                  public ProcessManagerObserver {
 139  public:
 140   static DevicePermissionsManager* Get(content::BrowserContext* context);
 141
 142   // Returns a copy of the DevicePermissions object for a given extension that
 143   // can be used by any thread.
 144   scoped_ptr<DevicePermissions> GetForExtension(
 145       const std::string& extension_id);
 146
 147   // Equivalent to calling GetForExtension and extracting the permission string
 148   // for each entry.
 149   std::vector<base::string16> GetPermissionMessageStrings(
 150       const std::string& extension_id) const;
 151
 152   // TODO(reillyg): AllowUsbDevice should only take the extension ID and
 153   // device, with the strings read from the device. This isn't possible now as
 154   // the device can not be accessed from the UI thread yet. crbug.com/427985
 155   void AllowUsbDevice(const std::string& extension_id,
 156                       scoped_refptr<device::UsbDevice> device,
 157                       const base::string16& serial_number,
 158                       const base::string16& manufacturer_string,
 159                       const base::string16& product_string);
 160
 161   // Updates the "last used" timestamp on the given device entry and writes it
 162   // out to ExtensionPrefs.
 163   void UpdateLastUsed(const std::string& extension_id,
 164                       scoped_refptr<DevicePermissionEntry> entry);
 165
 166   // Revokes permission for the extension to access the given device.
 167   void RemoveEntry(const std::string& extension_id,
 168                    scoped_refptr<DevicePermissionEntry> entry);
 169
 170   // Revokes permission for the extension to access all allowed devices.
 171   void Clear(const std::string& extension_id);
 172
 173  private:
 174   class FileThreadHelper;
 175
 176   friend class DevicePermissionsManagerFactory;
 177   FRIEND_TEST_ALL_PREFIXES(DevicePermissionsManagerTest, SuspendExtension);
 178
 179   DevicePermissionsManager(content::BrowserContext* context);
 180   ~DevicePermissionsManager() override;
 181
 182   DevicePermissions* Get(const std::string& extension_id) const;
 183   DevicePermissions* GetOrInsert(const std::string& extension_id);
 184   void OnDeviceRemoved(scoped_refptr<device::UsbDevice> device);
 185
 186   // ProcessManagerObserver implementation
 187   void OnBackgroundHostClose(const std::string& extension_id) override;
 188
 189   content::BrowserContext* context_;
 190   std::map<std::string, DevicePermissions*> extension_id_to_device_permissions_;
 191   ScopedObserver<ProcessManager, ProcessManagerObserver>
 192       process_manager_observer_;
 193   FileThreadHelper* helper_;
 194
 195   base::WeakPtrFactory<DevicePermissionsManager> weak_factory_;
 196
 197   DISALLOW_COPY_AND_ASSIGN(DevicePermissionsManager);
 198 };
 199
 200 class DevicePermissionsManagerFactory
 201     : public BrowserContextKeyedServiceFactory {
 202  public:
 203   static DevicePermissionsManager* GetForBrowserContext(
 204       content::BrowserContext* context);
 205   static DevicePermissionsManagerFactory* GetInstance();
 206
 207  private:
 208   friend struct DefaultSingletonTraits<DevicePermissionsManagerFactory>;
 209
 210   DevicePermissionsManagerFactory();
 211   ~DevicePermissionsManagerFactory() override;
 212
 213   // BrowserContextKeyedServiceFactory implementation
 214   KeyedService* BuildServiceInstanceFor(
 215       content::BrowserContext* context) const override;
 216   content::BrowserContext* GetBrowserContextToUse(
 217       content::BrowserContext* context) const override;
 218
 219   DISALLOW_COPY_AND_ASSIGN(DevicePermissionsManagerFactory);
 220 };
 221
 222 }  // namespace extensions
 223
 224 #endif  // EXTENSIONS_DEVICE_PERMISSION_MANAGER_H_