Roll src/third_party/WebKit d9c6159:8139f33 (svn 201974:201975)
[chromium-blink-merge.git] / extensions / common / permissions / api_permission.h
bloba316cdecc24309d47a4c8c14a238e6c3f4792e36
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
6 #define EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
8 #include <set>
9 #include <string>
10 #include <vector>
12 #include "base/callback.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/pickle.h"
15 #include "base/values.h"
17 namespace IPC {
18 class Message;
21 namespace extensions {
23 class PermissionIDSet;
24 class APIPermissionInfo;
25 class ChromeAPIPermissions;
27 // APIPermission is for handling some complex permissions. Please refer to
28 // extensions::SocketPermission as an example.
29 // There is one instance per permission per loaded extension.
30 class APIPermission {
31 public:
32 // The IDs of all permissions available to apps. Add as many permissions here
33 // as needed to generate meaningful permission messages. Add the rules for the
34 // messages to ChromePermissionMessageProvider.
35 // Do not reorder this enumeration or remove any entries. If you need to add a
36 // new entry, add it just prior to kEnumBoundary, and ensure to update the
37 // "ExtensionPermission3" enum in tools/metrics/histograms/histograms.xml
38 // (by running update_extension_permission.py).
39 // TODO(sashab): Move this to a more central location, and rename it to
40 // PermissionID.
41 enum ID {
42 // Error codes.
43 kInvalid,
44 kUnknown,
46 // Actual permission IDs. Not all of these are valid permissions on their
47 // own; some are just needed by various manifest permissions to represent
48 // their permission message rule combinations.
49 kAccessibilityFeaturesModify,
50 kAccessibilityFeaturesRead,
51 kAccessibilityPrivate,
52 kActiveTab,
53 kActivityLogPrivate,
54 kAlarms,
55 kAlphaEnabled,
56 kAlwaysOnTopWindows,
57 kAppView,
58 kAudio,
59 kAudioCapture,
60 kAudioModem,
61 kAutofillPrivate,
62 kAutomation,
63 kAutoTestPrivate,
64 kBackground,
65 kBluetoothPrivate,
66 kBookmark,
67 kBookmarkManagerPrivate,
68 kBrailleDisplayPrivate,
69 kBrowser,
70 kBrowsingData,
71 kCast,
72 kCastStreaming,
73 kChromeosInfoPrivate,
74 kClipboardRead,
75 kClipboardWrite,
76 kCloudPrintPrivate,
77 kCommandLinePrivate,
78 kCommandsAccessibility,
79 kContentSettings,
80 kContextMenus,
81 kCookie,
82 kCopresence,
83 kCopresencePrivate,
84 kCryptotokenPrivate,
85 kDataReductionProxy,
86 kDiagnostics,
87 kDial,
88 kDebugger,
89 kDeclarative,
90 kDeclarativeContent,
91 kDeclarativeWebRequest,
92 kDesktopCapture,
93 kDesktopCapturePrivate,
94 kDeveloperPrivate,
95 kDevtools,
96 kDns,
97 kDocumentScan,
98 kDownloads,
99 kDownloadsInternal,
100 kDownloadsOpen,
101 kDownloadsShelf,
102 kEasyUnlockPrivate,
103 kEchoPrivate,
104 kEmbeddedExtensionOptions,
105 kEnterprisePlatformKeys,
106 kEnterprisePlatformKeysPrivate,
107 kExperienceSamplingPrivate,
108 kExperimental,
109 kExtensionView,
110 kExternallyConnectableAllUrls,
111 kFeedbackPrivate,
112 kFileBrowserHandler,
113 kFileBrowserHandlerInternal,
114 kFileManagerPrivate,
115 kFileSystem,
116 kFileSystemDirectory,
117 kFileSystemProvider,
118 kFileSystemRequestFileSystem,
119 kFileSystemRetainEntries,
120 kFileSystemWrite,
121 kDeleted_FileSystemWriteDirectory,
122 kFirstRunPrivate,
123 kFontSettings,
124 kFullscreen,
125 kGcdPrivate,
126 kGcm,
127 kGeolocation,
128 kHid,
129 kHistory,
130 kHomepage,
131 kHotwordPrivate,
132 kIdentity,
133 kIdentityEmail,
134 kIdentityPrivate,
135 kIdltest,
136 kIdle,
137 kImeWindowEnabled,
138 kInlineInstallPrivate,
139 kInput,
140 kInputMethodPrivate,
141 kInterceptAllKeys,
142 kLauncherSearchProvider,
143 kLocation,
144 kLogPrivate,
145 kManagement,
146 kMediaGalleries,
147 kMediaPlayerPrivate,
148 kMediaRouterPrivate,
149 kMetricsPrivate,
150 kMDns,
151 kMusicManagerPrivate,
152 kNativeMessaging,
153 kNetworkingConfig,
154 kNetworkingPrivate,
155 kNotificationProvider,
156 kNotifications,
157 kOverrideEscFullscreen,
158 kPageCapture,
159 kPointerLock,
160 kPlatformKeys,
161 kPlugin,
162 kPower,
163 kPreferencesPrivate,
164 kPrincipalsPrivate,
165 kPrinterProvider,
166 kPrivacy,
167 kProcesses,
168 kProxy,
169 kImageWriterPrivate,
170 kReadingListPrivate,
171 kRtcPrivate,
172 kSearchProvider,
173 kSearchEnginesPrivate,
174 kSerial,
175 kSessions,
176 kSettingsPrivate,
177 kSignedInDevices,
178 kSocket,
179 kStartupPages,
180 kStorage,
181 kStreamsPrivate,
182 kSyncFileSystem,
183 kSystemPrivate,
184 kSystemDisplay,
185 kSystemStorage,
186 kTab,
187 kTabCapture,
188 kTabCaptureForTab,
189 kTerminalPrivate,
190 kTopSites,
191 kTts,
192 kTtsEngine,
193 kUnlimitedStorage,
194 kU2fDevices,
195 kUsb,
196 kUsbDevice,
197 kVideoCapture,
198 kVirtualKeyboardPrivate,
199 kVpnProvider,
200 kWallpaper,
201 kWallpaperPrivate,
202 kWebcamPrivate,
203 kWebConnectable, // for externally_connectable manifest key
204 kWebNavigation,
205 kWebRequest,
206 kWebRequestBlocking,
207 kWebrtcAudioPrivate,
208 kWebrtcDesktopCapturePrivate,
209 kWebrtcLoggingPrivate,
210 kWebstorePrivate,
211 kWebstoreWidgetPrivate,
212 kWebView,
213 kWindowShape,
214 kScreenlockPrivate,
215 kSystemCpu,
216 kSystemMemory,
217 kSystemNetwork,
218 kSystemInfoCpu,
219 kSystemInfoMemory,
220 kBluetooth,
221 kBluetoothDevices,
222 kFavicon,
223 kFullAccess,
224 kHostReadOnly,
225 kHostReadWrite,
226 kHostsAll,
227 kHostsAllReadOnly,
228 kMediaGalleriesAllGalleriesCopyTo,
229 kMediaGalleriesAllGalleriesDelete,
230 kMediaGalleriesAllGalleriesRead,
231 kNetworkState,
232 kOverrideBookmarksUI,
233 kShouldWarnAllHosts,
234 kSocketAnyHost,
235 kSocketDomainHosts,
236 kSocketSpecificHosts,
237 kDeleted_UsbDeviceList,
238 kUsbDeviceUnknownProduct,
239 kUsbDeviceUnknownVendor,
240 kUsersPrivate,
241 kPasswordsPrivate,
242 kLanguageSettingsPrivate,
243 kEnterpriseDeviceAttributes,
244 kCertificateProvider,
245 // Last entry: Add new entries above and ensure to update the
246 // "ExtensionPermission3" enum in tools/metrics/histograms/histograms.xml
247 // (by running update_extension_permission.py).
248 kEnumBoundary
251 struct CheckParam {
254 explicit APIPermission(const APIPermissionInfo* info);
256 virtual ~APIPermission();
258 // Returns the id of this permission.
259 ID id() const;
261 // Returns the name of this permission.
262 const char* name() const;
264 // Returns the APIPermission of this permission.
265 const APIPermissionInfo* info() const {
266 return info_;
269 // The set of permissions an app/extension with this API permission has. These
270 // permissions are used by PermissionMessageProvider to generate meaningful
271 // permission messages for the app/extension.
273 // For simple API permissions, this will return a set containing only the ID
274 // of the permission. More complex permissions might have multiple IDs, one
275 // for each of the capabilities the API permission has (e.g. read, write and
276 // copy, in the case of the media gallery permission). Permissions that
277 // require parameters may also contain a parameter string (along with the
278 // permission's ID) which can be substituted into the permission message if a
279 // rule is defined to do so.
281 // Permissions with multiple values, such as host permissions, are represented
282 // by multiple entries in this set. Each permission in the subset has the same
283 // ID (e.g. kHostReadOnly) but a different parameter (e.g. google.com). These
284 // are grouped to form different kinds of permission messages (e.g. 'Access to
285 // 2 hosts') depending on the number that are in the set. The rules that
286 // define the grouping of related permissions with the same ID is defined in
287 // ChromePermissionMessageProvider.
288 virtual PermissionIDSet GetPermissions() const = 0;
290 // Returns true if the given permission is allowed.
291 virtual bool Check(const CheckParam* param) const = 0;
293 // Returns true if |rhs| is a subset of this.
294 virtual bool Contains(const APIPermission* rhs) const = 0;
296 // Returns true if |rhs| is equal to this.
297 virtual bool Equal(const APIPermission* rhs) const = 0;
299 // Parses the APIPermission from |value|. Returns false if an error happens
300 // and optionally set |error| if |error| is not NULL. If |value| represents
301 // multiple permissions, some are invalid, and |unhandled_permissions| is
302 // not NULL, the invalid ones are put into |unhandled_permissions| and the
303 // function returns true.
304 virtual bool FromValue(const base::Value* value,
305 std::string* error,
306 std::vector<std::string>* unhandled_permissions) = 0;
308 // Stores this into a new created |value|.
309 virtual scoped_ptr<base::Value> ToValue() const = 0;
311 // Clones this.
312 virtual APIPermission* Clone() const = 0;
314 // Returns a new API permission which equals this - |rhs|.
315 virtual APIPermission* Diff(const APIPermission* rhs) const = 0;
317 // Returns a new API permission which equals the union of this and |rhs|.
318 virtual APIPermission* Union(const APIPermission* rhs) const = 0;
320 // Returns a new API permission which equals the intersect of this and |rhs|.
321 virtual APIPermission* Intersect(const APIPermission* rhs) const = 0;
323 // IPC functions
324 // Writes this into the given IPC message |m|.
325 virtual void Write(IPC::Message* m) const = 0;
327 // Reads from the given IPC message |m|.
328 virtual bool Read(const IPC::Message* m, base::PickleIterator* iter) = 0;
330 // Logs this permission.
331 virtual void Log(std::string* log) const = 0;
333 private:
334 const APIPermissionInfo* const info_;
338 // The APIPermissionInfo is an immutable class that describes a single
339 // named permission (API permission).
340 // There is one instance per permission.
341 class APIPermissionInfo {
342 public:
343 enum Flag {
344 kFlagNone = 0,
346 // Indicates if the permission implies full access (native code).
347 kFlagImpliesFullAccess = 1 << 0,
349 // Indicates if the permission implies full URL access.
350 kFlagImpliesFullURLAccess = 1 << 1,
352 // Indicates that extensions cannot specify the permission as optional.
353 kFlagCannotBeOptional = 1 << 3,
355 // Indicates that the permission is internal to the extensions
356 // system and cannot be specified in the "permissions" list.
357 kFlagInternal = 1 << 4,
359 // Indicates that the permission may be granted to web contents by
360 // extensions using the content_capabilities manifest feature.
361 kFlagSupportsContentCapabilities = 1 << 5,
364 typedef APIPermission* (*APIPermissionConstructor)(const APIPermissionInfo*);
366 typedef std::set<APIPermission::ID> IDSet;
368 ~APIPermissionInfo();
370 // Creates a APIPermission instance.
371 APIPermission* CreateAPIPermission() const;
373 int flags() const { return flags_; }
375 APIPermission::ID id() const { return id_; }
377 // Returns the name of this permission.
378 const char* name() const { return name_; }
380 // Returns true if this permission implies full access (e.g., native code).
381 bool implies_full_access() const {
382 return (flags_ & kFlagImpliesFullAccess) != 0;
385 // Returns true if this permission implies full URL access.
386 bool implies_full_url_access() const {
387 return (flags_ & kFlagImpliesFullURLAccess) != 0;
390 // Returns true if this permission can be added and removed via the
391 // optional permissions extension API.
392 bool supports_optional() const {
393 return (flags_ & kFlagCannotBeOptional) == 0;
396 // Returns true if this permission is internal rather than a
397 // "permissions" list entry.
398 bool is_internal() const {
399 return (flags_ & kFlagInternal) != 0;
402 // Returns true if this permission can be granted to web contents by an
403 // extension through the content_capabilities manifest feature.
404 bool supports_content_capabilities() const {
405 return (flags_ & kFlagSupportsContentCapabilities) != 0;
408 private:
409 // Instances should only be constructed from within a PermissionsProvider.
410 friend class ChromeAPIPermissions;
411 friend class ExtensionsAPIPermissions;
412 // Implementations of APIPermission will want to get the permission message,
413 // but this class's implementation should be hidden from everyone else.
414 friend class APIPermission;
416 // This exists to allow aggregate initialization, so that default values
417 // for flags, etc. can be omitted.
418 // TODO(yoz): Simplify the way initialization is done. APIPermissionInfo
419 // should be the simple data struct.
420 struct InitInfo {
421 APIPermission::ID id;
422 const char* name;
423 int flags;
424 APIPermissionInfo::APIPermissionConstructor constructor;
427 explicit APIPermissionInfo(const InitInfo& info);
429 const APIPermission::ID id_;
430 const char* const name_;
431 const int flags_;
432 const APIPermissionConstructor api_permission_constructor_;
435 } // namespace extensions
437 #endif // EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_