Roll src/third_party/WebKit d9c6159:8139f33 (svn 201974:201975)
[chromium-blink-merge.git] / chrome / common / extensions / permissions / chrome_permission_message_rules.cc
blob2e050a27f256315ee5ce9a12f2f516a0e35c27ba
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/common/extensions/permissions/chrome_permission_message_rules.h"
7 #include "base/stl_util.h"
8 #include "base/strings/string_util.h"
9 #include "base/strings/utf_string_conversions.h"
10 #include "chrome/grit/generated_resources.h"
11 #include "grit/extensions_strings.h"
12 #include "ui/base/l10n/l10n_util.h"
14 namespace extensions {
16 namespace {
18 // The default formatter for a permission message. Simply displays the message
19 // with the given ID.
20 class DefaultPermissionMessageFormatter
21 : public ChromePermissionMessageFormatter {
22 public:
23 explicit DefaultPermissionMessageFormatter(int message_id)
24 : message_id_(message_id) {}
25 ~DefaultPermissionMessageFormatter() override {}
27 PermissionMessage GetPermissionMessage(
28 const PermissionIDSet& permissions) const override {
29 return PermissionMessage(l10n_util::GetStringUTF16(message_id_),
30 permissions);
33 private:
34 int message_id_;
36 DISALLOW_COPY_AND_ASSIGN(DefaultPermissionMessageFormatter);
39 // A formatter that substitutes the parameter into the message using string
40 // formatting.
41 // NOTE: Only one permission with the given ID is substituted using this rule.
42 class SingleParameterFormatter : public ChromePermissionMessageFormatter {
43 public:
44 explicit SingleParameterFormatter(int message_id) : message_id_(message_id) {}
45 ~SingleParameterFormatter() override {}
47 PermissionMessage GetPermissionMessage(
48 const PermissionIDSet& permissions) const override {
49 DCHECK(permissions.size() > 0);
50 std::vector<base::string16> parameters =
51 permissions.GetAllPermissionParameters();
52 DCHECK_EQ(1U, parameters.size())
53 << "Only one message with each ID can be parameterized.";
54 return PermissionMessage(
55 l10n_util::GetStringFUTF16(message_id_, parameters[0]), permissions);
58 private:
59 int message_id_;
61 DISALLOW_COPY_AND_ASSIGN(SingleParameterFormatter);
64 // Adds each parameter to a growing list, with the given |root_message_id| as
65 // the message at the top of the list.
66 class SimpleListFormatter : public ChromePermissionMessageFormatter {
67 public:
68 explicit SimpleListFormatter(int root_message_id)
69 : root_message_id_(root_message_id) {}
70 ~SimpleListFormatter() override {}
72 PermissionMessage GetPermissionMessage(
73 const PermissionIDSet& permissions) const override {
74 DCHECK(permissions.size() > 0);
75 return PermissionMessage(l10n_util::GetStringUTF16(root_message_id_),
76 permissions,
77 permissions.GetAllPermissionParameters());
80 private:
81 int root_message_id_;
83 DISALLOW_COPY_AND_ASSIGN(SimpleListFormatter);
86 // Creates a space-separated list of permissions with the given PermissionID.
87 // The list is inserted into the messages with the given IDs: one for the case
88 // where there is a single permission, and the other for the case where there
89 // are multiple.
90 // TODO(sashab): Extend this to pluralize correctly in all languages.
91 class SpaceSeparatedListFormatter : public ChromePermissionMessageFormatter {
92 public:
93 SpaceSeparatedListFormatter(int message_id_for_one_host,
94 int message_id_for_multiple_hosts)
95 : message_id_for_one_host_(message_id_for_one_host),
96 message_id_for_multiple_hosts_(message_id_for_multiple_hosts) {}
97 ~SpaceSeparatedListFormatter() override {}
99 PermissionMessage GetPermissionMessage(
100 const PermissionIDSet& permissions) const override {
101 DCHECK(permissions.size() > 0);
102 std::vector<base::string16> hostnames =
103 permissions.GetAllPermissionParameters();
104 base::string16 hosts_string =
105 base::JoinString(hostnames, base::ASCIIToUTF16(" "));
106 return PermissionMessage(
107 l10n_util::GetStringFUTF16(hostnames.size() == 1
108 ? message_id_for_one_host_
109 : message_id_for_multiple_hosts_,
110 hosts_string),
111 permissions);
114 private:
115 int message_id_for_one_host_;
116 int message_id_for_multiple_hosts_;
118 DISALLOW_COPY_AND_ASSIGN(SpaceSeparatedListFormatter);
121 // Creates a comma-separated list of permissions with the given PermissionID.
122 // The list is inserted into the messages with the given IDs: one for each case
123 // of 1-3 permissions, and the other for the case where there are 4 or more
124 // permissions. In the case of 4 or more permissions, rather than insert the
125 // list into the message, the permissions are displayed as submessages in the
126 // resultant PermissionMessage.
127 class CommaSeparatedListFormatter : public ChromePermissionMessageFormatter {
128 public:
129 CommaSeparatedListFormatter(int message_id_for_one_host,
130 int message_id_for_two_hosts,
131 int message_id_for_three_hosts,
132 int message_id_for_many_hosts)
133 : message_id_for_one_host_(message_id_for_one_host),
134 message_id_for_two_hosts_(message_id_for_two_hosts),
135 message_id_for_three_hosts_(message_id_for_three_hosts),
136 message_id_for_many_hosts_(message_id_for_many_hosts) {}
137 ~CommaSeparatedListFormatter() override {}
139 PermissionMessage GetPermissionMessage(
140 const PermissionIDSet& permissions) const override {
141 DCHECK(permissions.size() > 0);
142 std::vector<base::string16> hostnames =
143 permissions.GetAllPermissionParameters();
144 PermissionMessages messages;
145 if (hostnames.size() <= 3) {
146 return PermissionMessage(
147 l10n_util::GetStringFUTF16(message_id_for_hosts(hostnames.size()),
148 hostnames, NULL),
149 permissions);
152 return PermissionMessage(
153 l10n_util::GetStringUTF16(message_id_for_many_hosts_), permissions,
154 hostnames);
157 private:
158 int message_id_for_hosts(int number_of_hosts) const {
159 switch (number_of_hosts) {
160 case 1:
161 return message_id_for_one_host_;
162 case 2:
163 return message_id_for_two_hosts_;
164 case 3:
165 return message_id_for_three_hosts_;
166 default:
167 return message_id_for_many_hosts_;
171 int message_id_for_one_host_;
172 int message_id_for_two_hosts_;
173 int message_id_for_three_hosts_;
174 int message_id_for_many_hosts_;
176 DISALLOW_COPY_AND_ASSIGN(CommaSeparatedListFormatter);
179 class USBDevicesFormatter : public ChromePermissionMessageFormatter {
180 public:
181 USBDevicesFormatter() {}
182 ~USBDevicesFormatter() override {}
184 PermissionMessage GetPermissionMessage(
185 const PermissionIDSet& permissions) const override {
186 DCHECK(permissions.size() > 0);
187 return permissions.size() == 1 ? GetItemMessage(permissions)
188 : GetMultiItemMessage(permissions);
191 private:
192 PermissionMessage GetItemMessage(const PermissionIDSet& permissions) const {
193 DCHECK(permissions.size() == 1);
194 const PermissionID& permission = *permissions.begin();
195 base::string16 msg;
196 switch (permission.id()) {
197 case APIPermission::kUsbDevice:
198 msg = l10n_util::GetStringFUTF16(
199 IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE, permission.parameter());
200 break;
201 case APIPermission::kUsbDeviceUnknownProduct:
202 msg = l10n_util::GetStringFUTF16(
203 IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_UNKNOWN_PRODUCT,
204 permission.parameter());
205 break;
206 case APIPermission::kUsbDeviceUnknownVendor:
207 msg = l10n_util::GetStringUTF16(
208 IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_UNKNOWN_VENDOR);
209 break;
210 default:
211 NOTREACHED();
213 return PermissionMessage(msg, permissions);
216 PermissionMessage GetMultiItemMessage(
217 const PermissionIDSet& permissions) const {
218 DCHECK(permissions.size() > 1);
219 // Put all the individual items into submessages.
220 std::vector<base::string16> submessages;
221 std::vector<base::string16> devices =
222 permissions.GetAllPermissionsWithID(APIPermission::kUsbDevice)
223 .GetAllPermissionParameters();
224 for (const base::string16& device : devices) {
225 submessages.push_back(l10n_util::GetStringFUTF16(
226 IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST_ITEM, device));
228 std::vector<base::string16> vendors =
229 permissions.GetAllPermissionsWithID(
230 APIPermission::kUsbDeviceUnknownProduct)
231 .GetAllPermissionParameters();
232 for (const base::string16& vendor : vendors) {
233 submessages.push_back(l10n_util::GetStringFUTF16(
234 IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST_ITEM_UNKNOWN_PRODUCT,
235 vendor));
237 if (permissions.ContainsID(APIPermission::kUsbDeviceUnknownVendor)) {
238 submessages.push_back(l10n_util::GetStringUTF16(
239 IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST_ITEM_UNKNOWN_VENDOR));
242 return PermissionMessage(
243 l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST),
244 permissions, submessages);
247 DISALLOW_COPY_AND_ASSIGN(USBDevicesFormatter);
250 } // namespace
252 // Convenience constructors to allow inline initialization of the permission
253 // ID sets.
254 // TODO(treib): Once we're allowed to use uniform initialization (and
255 // std::initializer_list), get rid of this helper.
256 class ChromePermissionMessageRule::PermissionIDSetInitializer
257 : public std::set<APIPermission::ID> {
258 public:
259 template <typename... IDs>
260 PermissionIDSetInitializer(IDs... ids) {
261 // This effectively calls insert() with each of the ids.
262 ExpandHelper(insert(ids)...);
265 virtual ~PermissionIDSetInitializer() {}
267 private:
268 template <typename... Args>
269 void ExpandHelper(Args&&...) {}
272 ChromePermissionMessageRule::ChromePermissionMessageRule(
273 int message_id,
274 const PermissionIDSetInitializer& required,
275 const PermissionIDSetInitializer& optional)
276 : ChromePermissionMessageRule(
277 new DefaultPermissionMessageFormatter(message_id),
278 required,
279 optional) {}
281 ChromePermissionMessageRule::ChromePermissionMessageRule(
282 ChromePermissionMessageFormatter* formatter,
283 const PermissionIDSetInitializer& required,
284 const PermissionIDSetInitializer& optional)
285 : required_permissions_(required),
286 optional_permissions_(optional),
287 formatter_(formatter) {
288 DCHECK(!required_permissions_.empty());
291 ChromePermissionMessageRule::~ChromePermissionMessageRule() {
294 std::set<APIPermission::ID> ChromePermissionMessageRule::required_permissions()
295 const {
296 return required_permissions_;
298 std::set<APIPermission::ID> ChromePermissionMessageRule::optional_permissions()
299 const {
300 return optional_permissions_;
303 std::set<APIPermission::ID> ChromePermissionMessageRule::all_permissions()
304 const {
305 return base::STLSetUnion<std::set<APIPermission::ID>>(required_permissions(),
306 optional_permissions());
309 PermissionMessage ChromePermissionMessageRule::GetPermissionMessage(
310 const PermissionIDSet& permissions) const {
311 return formatter_->GetPermissionMessage(permissions);
314 // static
315 std::vector<ChromePermissionMessageRule>
316 ChromePermissionMessageRule::GetAllRules() {
317 // The rules for generating messages from permissions. Any new rules should be
318 // added directly to this list, not elsewhere in the code, so that all the
319 // logic of generating and coalescing permission messages happens here.
321 // Each rule has 3 components:
322 // 1. The message itself
323 // 2. The permissions that need to be present for the message to appear
324 // 3. Permissions that, if present, also contribute to the message, but do not
325 // form the message on their own
327 // Rules are applied in precedence order: rules that come first consume
328 // permissions (both required and optional) so they can not be used in later
329 // rules.
330 // NOTE: The order of this list matters - be careful when adding new rules!
331 // If unsure, add them near related rules and add tests to
332 // permission_message_combinations_unittest.cc (or elsewhere) to ensure your
333 // messages are being generated/coalesced correctly.
335 // Rules are not transitive: This means that if the kTab permission 'absorbs'
336 // (suppresses) the messages for kTopSites and kFavicon, and the kHistory
337 // permission suppresses kTab, be careful to also add kTopSites and kFavicon
338 // to the kHistory absorb list. Ideally, the rules system should be simple
339 // enough that rules like this should not occur; the visibility of the rules
340 // system should allow us to design a system that is simple enough to explain
341 // yet powerful enough to encapsulate all the messages we want to display.
342 ChromePermissionMessageRule rules_arr[] = {
343 // Full access permission messages.
344 {IDS_EXTENSION_PROMPT_WARNING_DEBUGGER, {APIPermission::kDebugger}, {}},
345 {IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS,
346 {APIPermission::kPlugin},
347 {APIPermission::kDeclarativeWebRequest, APIPermission::kFavicon,
348 APIPermission::kFullAccess, APIPermission::kHostsAll,
349 APIPermission::kHostsAllReadOnly, APIPermission::kProcesses,
350 APIPermission::kTab, APIPermission::kTopSites,
351 APIPermission::kWebNavigation}},
352 {IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS,
353 {APIPermission::kFullAccess},
354 {APIPermission::kDeclarativeWebRequest, APIPermission::kFavicon,
355 APIPermission::kHostsAll, APIPermission::kHostsAllReadOnly,
356 APIPermission::kProcesses, APIPermission::kTab,
357 APIPermission::kTopSites, APIPermission::kWebNavigation}},
359 // Hosts permission messages.
360 // Full host access already allows DeclarativeWebRequest, reading the list
361 // of most frequently visited sites, and tab access.
362 // The warning message for declarativeWebRequest permissions speaks about
363 // blocking parts of pages, which is a subset of what the "<all_urls>"
364 // access allows. Therefore we display only the "<all_urls>" warning
365 // message if both permissions are required.
366 {IDS_EXTENSION_PROMPT_WARNING_ALL_HOSTS,
367 {APIPermission::kHostsAll},
368 {APIPermission::kDeclarativeWebRequest, APIPermission::kFavicon,
369 APIPermission::kHostsAllReadOnly, APIPermission::kHostReadOnly,
370 APIPermission::kHostReadWrite, APIPermission::kProcesses,
371 APIPermission::kTab, APIPermission::kTopSites,
372 APIPermission::kWebNavigation}},
373 {IDS_EXTENSION_PROMPT_WARNING_ALL_HOSTS_READ_ONLY,
374 {APIPermission::kHostsAllReadOnly},
375 {APIPermission::kFavicon, APIPermission::kHostReadOnly,
376 APIPermission::kProcesses, APIPermission::kTab,
377 APIPermission::kTopSites, APIPermission::kWebNavigation}},
379 {new CommaSeparatedListFormatter(IDS_EXTENSION_PROMPT_WARNING_1_HOST,
380 IDS_EXTENSION_PROMPT_WARNING_2_HOSTS,
381 IDS_EXTENSION_PROMPT_WARNING_3_HOSTS,
382 IDS_EXTENSION_PROMPT_WARNING_HOSTS_LIST),
383 {APIPermission::kHostReadWrite},
384 {}},
385 {new CommaSeparatedListFormatter(
386 IDS_EXTENSION_PROMPT_WARNING_1_HOST_READ_ONLY,
387 IDS_EXTENSION_PROMPT_WARNING_2_HOSTS_READ_ONLY,
388 IDS_EXTENSION_PROMPT_WARNING_3_HOSTS_READ_ONLY,
389 IDS_EXTENSION_PROMPT_WARNING_HOSTS_LIST_READ_ONLY),
390 {APIPermission::kHostReadOnly},
391 {}},
393 // History-related permission messages.
394 // History already allows reading favicons, tab access and accessing the
395 // list of most frequently visited sites.
396 {IDS_EXTENSION_PROMPT_WARNING_HISTORY_WRITE_AND_SESSIONS,
397 {APIPermission::kHistory, APIPermission::kSessions},
398 {APIPermission::kFavicon, APIPermission::kProcesses, APIPermission::kTab,
399 APIPermission::kTopSites, APIPermission::kWebNavigation}},
400 {IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ_AND_SESSIONS,
401 {APIPermission::kTab, APIPermission::kSessions},
402 {APIPermission::kFavicon, APIPermission::kProcesses,
403 APIPermission::kTopSites, APIPermission::kWebNavigation}},
404 {IDS_EXTENSION_PROMPT_WARNING_HISTORY_WRITE,
405 {APIPermission::kHistory},
406 {APIPermission::kFavicon, APIPermission::kProcesses, APIPermission::kTab,
407 APIPermission::kTopSites, APIPermission::kWebNavigation}},
408 // Note: kSessions allows reading history from other devices only if kTab
409 // is also present. Therefore, there are no _AND_SESSIONS versions of
410 // the other rules that generate the HISTORY_READ warning.
411 {IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ,
412 {APIPermission::kTab},
413 {APIPermission::kFavicon, APIPermission::kProcesses,
414 APIPermission::kTopSites, APIPermission::kWebNavigation}},
415 {IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ,
416 {APIPermission::kProcesses},
417 {APIPermission::kFavicon, APIPermission::kTopSites,
418 APIPermission::kWebNavigation}},
419 {IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ,
420 {APIPermission::kWebNavigation},
421 {APIPermission::kFavicon, APIPermission::kTopSites}},
422 {IDS_EXTENSION_PROMPT_WARNING_FAVICON, {APIPermission::kFavicon}, {}},
423 {IDS_EXTENSION_PROMPT_WARNING_TOPSITES, {APIPermission::kTopSites}, {}},
425 {IDS_EXTENSION_PROMPT_WARNING_DECLARATIVE_WEB_REQUEST,
426 {APIPermission::kDeclarativeWebRequest},
427 {}},
429 // Messages generated by the sockets permission.
430 {IDS_EXTENSION_PROMPT_WARNING_SOCKET_ANY_HOST,
431 {APIPermission::kSocketAnyHost},
432 {APIPermission::kSocketDomainHosts,
433 APIPermission::kSocketSpecificHosts}},
434 {new SpaceSeparatedListFormatter(
435 IDS_EXTENSION_PROMPT_WARNING_SOCKET_HOSTS_IN_DOMAIN,
436 IDS_EXTENSION_PROMPT_WARNING_SOCKET_HOSTS_IN_DOMAINS),
437 {APIPermission::kSocketDomainHosts},
438 {}},
439 {new SpaceSeparatedListFormatter(
440 IDS_EXTENSION_PROMPT_WARNING_SOCKET_SPECIFIC_HOST,
441 IDS_EXTENSION_PROMPT_WARNING_SOCKET_SPECIFIC_HOSTS),
442 {APIPermission::kSocketSpecificHosts},
443 {}},
445 // Devices-related messages.
446 // USB Device Permission rules. Think of these three rules as a single one
447 // that applies when any of the three kUsb* IDs is there, and pulls them
448 // all into a single formatter.
449 {new USBDevicesFormatter,
450 {APIPermission::kUsbDevice},
451 {APIPermission::kUsbDeviceUnknownProduct,
452 APIPermission::kUsbDeviceUnknownVendor}},
453 {new USBDevicesFormatter,
454 {APIPermission::kUsbDeviceUnknownProduct},
455 {APIPermission::kUsbDeviceUnknownVendor}},
456 {new USBDevicesFormatter, {APIPermission::kUsbDeviceUnknownVendor}, {}},
457 // Access to users' devices should provide a single warning message
458 // specifying the transport method used; serial and/or Bluetooth.
459 {IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH_SERIAL,
460 {APIPermission::kBluetooth, APIPermission::kSerial},
461 {APIPermission::kBluetoothDevices}},
462 {IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH,
463 {APIPermission::kBluetooth},
464 {APIPermission::kBluetoothDevices}},
465 {IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH_DEVICES,
466 {APIPermission::kBluetoothDevices},
467 {}},
468 {IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH_PRIVATE,
469 {APIPermission::kBluetoothPrivate},
470 {}},
471 {IDS_EXTENSION_PROMPT_WARNING_SERIAL, {APIPermission::kSerial}, {}},
472 // Universal 2nd Factor devices.
473 {IDS_EXTENSION_PROMPT_WARNING_U2F_DEVICES,
474 {APIPermission::kU2fDevices},
475 {}},
477 // Accessibility features.
478 {IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_READ_MODIFY,
479 {APIPermission::kAccessibilityFeaturesModify,
480 APIPermission::kAccessibilityFeaturesRead},
481 {}},
482 {IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_MODIFY,
483 {APIPermission::kAccessibilityFeaturesModify},
484 {}},
485 {IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_READ,
486 {APIPermission::kAccessibilityFeaturesRead},
487 {}},
489 // Media galleries permissions. We don't have strings for every possible
490 // combination, e.g. we don't bother with a special string for "write, but
491 // not read" - just show the "read and write" string instead, etc.
492 {IDS_EXTENSION_PROMPT_WARNING_MEDIA_GALLERIES_READ_WRITE_DELETE,
493 {APIPermission::kMediaGalleriesAllGalleriesCopyTo,
494 APIPermission::kMediaGalleriesAllGalleriesDelete},
495 {APIPermission::kMediaGalleriesAllGalleriesRead}},
496 {IDS_EXTENSION_PROMPT_WARNING_MEDIA_GALLERIES_READ_WRITE,
497 {APIPermission::kMediaGalleriesAllGalleriesCopyTo},
498 {APIPermission::kMediaGalleriesAllGalleriesRead}},
499 {IDS_EXTENSION_PROMPT_WARNING_MEDIA_GALLERIES_READ_DELETE,
500 {APIPermission::kMediaGalleriesAllGalleriesDelete},
501 {APIPermission::kMediaGalleriesAllGalleriesRead}},
502 {IDS_EXTENSION_PROMPT_WARNING_MEDIA_GALLERIES_READ,
503 {APIPermission::kMediaGalleriesAllGalleriesRead},
504 {}},
506 // The permission string for "fileSystem" is only shown when
507 // "write" or "directory" is present. Read-only access is only
508 // granted after the user has been shown a file or directory
509 // chooser dialog and selected a file or directory. Selecting
510 // the file or directory is considered consent to read it.
511 {IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY,
512 {APIPermission::kFileSystemWrite, APIPermission::kFileSystemDirectory},
513 {}},
514 {IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_DIRECTORY,
515 {APIPermission::kFileSystemDirectory},
516 {}},
518 // Video and audio capture.
519 {IDS_EXTENSION_PROMPT_WARNING_AUDIO_AND_VIDEO_CAPTURE,
520 {APIPermission::kAudioCapture, APIPermission::kVideoCapture},
521 {}},
522 {IDS_EXTENSION_PROMPT_WARNING_AUDIO_CAPTURE,
523 {APIPermission::kAudioCapture},
524 {}},
525 {IDS_EXTENSION_PROMPT_WARNING_VIDEO_CAPTURE,
526 {APIPermission::kVideoCapture},
527 {}},
529 // Network-related permissions.
530 {IDS_EXTENSION_PROMPT_WARNING_NETWORKING_PRIVATE,
531 {APIPermission::kNetworkingPrivate},
532 {}},
533 {IDS_EXTENSION_PROMPT_WARNING_NETWORKING_CONFIG,
534 {APIPermission::kNetworkingConfig},
535 {}},
536 {IDS_EXTENSION_PROMPT_WARNING_NETWORK_STATE,
537 {APIPermission::kNetworkState},
538 {}},
539 {IDS_EXTENSION_PROMPT_WARNING_VPN, {APIPermission::kVpnProvider}, {}},
540 {IDS_EXTENSION_PROMPT_WARNING_WEB_CONNECTABLE,
541 {APIPermission::kWebConnectable},
542 {}},
543 {new SingleParameterFormatter(
544 IDS_EXTENSION_PROMPT_WARNING_HOME_PAGE_SETTING_OVERRIDE),
545 {APIPermission::kHomepage},
546 {}},
547 {new SingleParameterFormatter(
548 IDS_EXTENSION_PROMPT_WARNING_SEARCH_SETTINGS_OVERRIDE),
549 {APIPermission::kSearchProvider},
550 {}},
551 {new SingleParameterFormatter(
552 IDS_EXTENSION_PROMPT_WARNING_START_PAGE_SETTING_OVERRIDE),
553 {APIPermission::kStartupPages},
554 {}},
556 {IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS,
557 {APIPermission::kBookmark},
558 {APIPermission::kOverrideBookmarksUI}},
559 {IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD,
560 {APIPermission::kClipboardRead},
561 {}},
562 {IDS_EXTENSION_PROMPT_WARNING_DESKTOP_CAPTURE,
563 {APIPermission::kDesktopCapture},
564 {}},
565 {IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS, {APIPermission::kDownloads}, {}},
566 {IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS_OPEN,
567 {APIPermission::kDownloadsOpen},
568 {}},
569 {IDS_EXTENSION_PROMPT_WARNING_IDENTITY_EMAIL,
570 {APIPermission::kIdentityEmail},
571 {}},
572 {IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
573 {APIPermission::kGeolocation},
574 {}},
575 {IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
576 {APIPermission::kLocation},
577 {}},
579 {IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS,
580 {APIPermission::kContentSettings},
581 {}},
582 {IDS_EXTENSION_PROMPT_WARNING_COPRESENCE,
583 {APIPermission::kCopresence},
584 {}},
585 {IDS_EXTENSION_PROMPT_WARNING_DOCUMENT_SCAN,
586 {APIPermission::kDocumentScan},
587 {}},
588 {IDS_EXTENSION_PROMPT_WARNING_INTERCEPT_ALL_KEYS,
589 {APIPermission::kInterceptAllKeys},
590 {}}, // TODO(treib): This should probably suppress kInput.
591 {IDS_EXTENSION_PROMPT_WARNING_INPUT, {APIPermission::kInput}, {}},
592 {IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT,
593 {APIPermission::kManagement},
594 {}},
595 {IDS_EXTENSION_PROMPT_WARNING_MDNS, {APIPermission::kMDns}, {}},
596 {IDS_EXTENSION_PROMPT_WARNING_NATIVE_MESSAGING,
597 {APIPermission::kNativeMessaging},
598 {}},
599 {IDS_EXTENSION_PROMPT_WARNING_PRIVACY, {APIPermission::kPrivacy}, {}},
600 {IDS_EXTENSION_PROMPT_WARNING_SIGNED_IN_DEVICES,
601 {APIPermission::kSignedInDevices},
602 {}},
603 {IDS_EXTENSION_PROMPT_WARNING_SYNCFILESYSTEM,
604 {APIPermission::kSyncFileSystem},
605 {}},
606 {IDS_EXTENSION_PROMPT_WARNING_TTS_ENGINE,
607 {APIPermission::kTtsEngine},
608 {}},
609 {IDS_EXTENSION_PROMPT_WARNING_WALLPAPER, {APIPermission::kWallpaper}, {}},
610 {IDS_EXTENSION_PROMPT_WARNING_PLATFORMKEYS,
611 {APIPermission::kPlatformKeys},
612 {}},
613 {IDS_EXTENSION_PROMPT_WARNING_CERTIFICATEPROVIDER,
614 {APIPermission::kCertificateProvider},
615 {}},
617 {IDS_EXTENSION_PROMPT_WARNING_SCREENLOCK_PRIVATE,
618 {APIPermission::kScreenlockPrivate},
619 {}},
620 {IDS_EXTENSION_PROMPT_WARNING_ACTIVITY_LOG_PRIVATE,
621 {APIPermission::kActivityLogPrivate},
622 {}},
623 {IDS_EXTENSION_PROMPT_WARNING_EXPERIENCE_SAMPLING_PRIVATE,
624 {APIPermission::kExperienceSamplingPrivate},
625 {}},
626 {IDS_EXTENSION_PROMPT_WARNING_MUSIC_MANAGER_PRIVATE,
627 {APIPermission::kMusicManagerPrivate},
628 {}},
629 {IDS_EXTENSION_PROMPT_WARNING_SEARCH_ENGINES_PRIVATE,
630 {APIPermission::kSearchEnginesPrivate},
631 {}},
632 {IDS_EXTENSION_PROMPT_WARNING_SETTINGS_PRIVATE,
633 {APIPermission::kSettingsPrivate},
634 {}},
635 {IDS_EXTENSION_PROMPT_WARNING_AUTOFILL_PRIVATE,
636 {APIPermission::kAutofillPrivate},
637 {}},
638 {IDS_EXTENSION_PROMPT_WARNING_PASSWORDS_PRIVATE,
639 {APIPermission::kPasswordsPrivate},
640 {}},
641 {IDS_EXTENSION_PROMPT_WARNING_USERS_PRIVATE,
642 {APIPermission::kUsersPrivate},
643 {}},
646 return std::vector<ChromePermissionMessageRule>(
647 rules_arr, rules_arr + arraysize(rules_arr));
650 } // namespace extensions