extensions/browser/api/device_permissions_manager.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef EXTENSIONS_DEVICE_PERMISSION_MANAGER_H_
   6 #define EXTENSIONS_DEVICE_PERMISSION_MANAGER_H_
   7
   8 #include <map>
   9 #include <set>
  10 #include <vector>
  11
  12 #include "base/gtest_prod_util.h"
  13 #include "base/macros.h"
  14 #include "base/memory/ref_counted.h"
  15 #include "base/memory/scoped_ptr.h"
  16 #include "base/scoped_observer.h"
  17 #include "base/strings/string16.h"
  18 #include "base/threading/thread_checker.h"
  19 #include "components/keyed_service/content/browser_context_keyed_service_factory.h"
  20 #include "components/keyed_service/core/keyed_service.h"
  21 #include "device/usb/usb_service.h"
  22 #include "extensions/browser/process_manager.h"
  23 #include "extensions/browser/process_manager_observer.h"
  24
  25 template <typename T>
  26 struct DefaultSingletonTraits;
  27
  28 namespace base {
  29 class Value;
  30 }
  31
  32 namespace content {
  33 class BrowserContext;
  34 }
  35
  36 namespace extensions {
  37
  38 // Stores information about a device saved with access granted.
  39 class DevicePermissionEntry
  40     : public base::RefCountedThreadSafe<DevicePermissionEntry> {
  41  public:
  42   // TODO(reillyg): This function should be able to take only the
  43   // device::UsbDevice and read the strings from there. This is not yet possible
  44   // as the device can not be accessed from the UI thread. crbug.com/427985
  45   DevicePermissionEntry(scoped_refptr<device::UsbDevice> device,
  46                         const base::string16& serial_number,
  47                         const base::string16& manufacturer_string,
  48                         const base::string16& product_string);
  49   DevicePermissionEntry(uint16_t vendor_id,
  50                         uint16_t product_id,
  51                         const base::string16& serial_number,
  52                         const base::string16& manufacturer_string,
  53                         const base::string16& product_string,
  54                         const base::Time& last_used);
  55
  56   // A persistent device is one that can be recognized when it is reconnected
  57   // and can therefore be remembered persistently by writing information about
  58   // it to ExtensionPrefs. Currently this means it has a serial number string.
  59   bool IsPersistent() const;
  60
  61   // Convert the device to a serializable value, returns a null pointer if the
  62   // entry is not persistent.
  63   scoped_ptr<base::Value> ToValue() const;
  64
  65   base::string16 GetPermissionMessageString() const;
  66
  67   uint16_t vendor_id() const { return vendor_id_; }
  68   uint16_t product_id() const { return product_id_; }
  69   const base::string16& serial_number() const { return serial_number_; }
  70   const base::Time& last_used() const { return last_used_; }
  71
  72   base::string16 GetManufacturer() const;
  73   base::string16 GetProduct() const;
  74
  75  private:
  76   friend class base::RefCountedThreadSafe<DevicePermissionEntry>;
  77   friend class DevicePermissionsManager;
  78
  79   ~DevicePermissionEntry();
  80
  81   void set_last_used(const base::Time& last_used) { last_used_ = last_used; }
  82
  83   // The USB device tracked by this entry, may be null if this entry was
  84   // restored from ExtensionPrefs.
  85   scoped_refptr<device::UsbDevice> device_;
  86   // The vendor ID of this device.
  87   uint16_t vendor_id_;
  88   // The product ID of this device.
  89   uint16_t product_id_;
  90   // The serial number (possibly alphanumeric) of this device.
  91   base::string16 serial_number_;
  92   // The manufacturer string read from the device (optional).
  93   base::string16 manufacturer_string_;
  94   // The product string read from the device (optional).
  95   base::string16 product_string_;
  96   // The last time this device was used by the extension.
  97   base::Time last_used_;
  98 };
  99
 100 // Stores a copy of device permissions associated with a particular extension.
 101 class DevicePermissions {
 102  public:
 103   virtual ~DevicePermissions();
 104
 105   // Attempts to find a permission entry matching the given device. The device
 106   // serial number is presented separately so that this function does not need
 107   // to call device->GetSerialNumber() which may not be possible on the
 108   // current thread.
 109   scoped_refptr<DevicePermissionEntry> FindEntry(
 110       scoped_refptr<device::UsbDevice> device,
 111       const base::string16& serial_number) const;
 112
 113   const std::set<scoped_refptr<DevicePermissionEntry>>& entries() const {
 114     return entries_;
 115   }
 116
 117  private:
 118   friend class DevicePermissionsManager;
 119
 120   // Reads permissions out of ExtensionPrefs.
 121   DevicePermissions(content::BrowserContext* context,
 122                     const std::string& extension_id);
 123   // Does a shallow copy, duplicating the device lists so that the resulting
 124   // object can be used from a different thread.
 125   DevicePermissions(const DevicePermissions* original);
 126
 127   std::set<scoped_refptr<DevicePermissionEntry>> entries_;
 128   std::map<scoped_refptr<device::UsbDevice>,
 129            scoped_refptr<DevicePermissionEntry>> ephemeral_devices_;
 130
 131   DISALLOW_COPY_AND_ASSIGN(DevicePermissions);
 132 };
 133
 134 // Manages saved device permissions for all extensions.
 135 class DevicePermissionsManager : public KeyedService,
 136                                  public base::NonThreadSafe,
 137                                  public ProcessManagerObserver,
 138                                  public device::UsbService::Observer {
 139  public:
 140   static DevicePermissionsManager* Get(content::BrowserContext* context);
 141
 142   // Returns a copy of the DevicePermissions object for a given extension that
 143   // can be used by any thread.
 144   scoped_ptr<DevicePermissions> GetForExtension(
 145       const std::string& extension_id);
 146
 147   // Equivalent to calling GetForExtension and extracting the permission string
 148   // for each entry.
 149   std::vector<base::string16> GetPermissionMessageStrings(
 150       const std::string& extension_id) const;
 151
 152   // TODO(reillyg): AllowUsbDevice should only take the extension ID and
 153   // device, with the strings read from the device. This isn't possible now as
 154   // the device can not be accessed from the UI thread yet. crbug.com/427985
 155   void AllowUsbDevice(const std::string& extension_id,
 156                       scoped_refptr<device::UsbDevice> device,
 157                       const base::string16& serial_number,
 158                       const base::string16& manufacturer_string,
 159                       const base::string16& product_string);
 160
 161   // Updates the "last used" timestamp on the given device entry and writes it
 162   // out to ExtensionPrefs.
 163   void UpdateLastUsed(const std::string& extension_id,
 164                       scoped_refptr<DevicePermissionEntry> entry);
 165
 166   // Revokes permission for the extension to access the given device.
 167   void RemoveEntry(const std::string& extension_id,
 168                    scoped_refptr<DevicePermissionEntry> entry);
 169
 170   // Revokes permission for the extension to access all allowed devices.
 171   void Clear(const std::string& extension_id);
 172
 173  private:
 174   friend class DevicePermissionsManagerFactory;
 175   FRIEND_TEST_ALL_PREFIXES(DevicePermissionsManagerTest, SuspendExtension);
 176
 177   DevicePermissionsManager(content::BrowserContext* context);
 178   ~DevicePermissionsManager() override;
 179
 180   DevicePermissions* Get(const std::string& extension_id) const;
 181   DevicePermissions* GetOrInsert(const std::string& extension_id);
 182
 183   // ProcessManagerObserver implementation
 184   void OnBackgroundHostClose(const std::string& extension_id) override;
 185
 186   // device::UsbService::Observer implementation
 187   void OnDeviceRemoved(scoped_refptr<device::UsbDevice> device) override;
 188
 189   content::BrowserContext* context_;
 190   std::map<std::string, DevicePermissions*> extension_id_to_device_permissions_;
 191   ScopedObserver<ProcessManager, ProcessManagerObserver>
 192       process_manager_observer_;
 193   ScopedObserver<device::UsbService, device::UsbService::Observer>
 194       usb_service_observer_;
 195
 196   DISALLOW_COPY_AND_ASSIGN(DevicePermissionsManager);
 197 };
 198
 199 class DevicePermissionsManagerFactory
 200     : public BrowserContextKeyedServiceFactory {
 201  public:
 202   static DevicePermissionsManager* GetForBrowserContext(
 203       content::BrowserContext* context);
 204   static DevicePermissionsManagerFactory* GetInstance();
 205
 206  private:
 207   friend struct DefaultSingletonTraits<DevicePermissionsManagerFactory>;
 208
 209   DevicePermissionsManagerFactory();
 210   ~DevicePermissionsManagerFactory() override;
 211
 212   // BrowserContextKeyedServiceFactory implementation
 213   KeyedService* BuildServiceInstanceFor(
 214       content::BrowserContext* context) const override;
 215   content::BrowserContext* GetBrowserContextToUse(
 216       content::BrowserContext* context) const override;
 217
 218   DISALLOW_COPY_AND_ASSIGN(DevicePermissionsManagerFactory);
 219 };
 220
 221 }  // namespace extensions
 222
 223 #endif  // EXTENSIONS_DEVICE_PERMISSION_MANAGER_H_