Roll src/third_party/WebKit d9c6159:8139f33 (svn 201974:201975)
[chromium-blink-merge.git] / extensions / common / permissions / permissions_data.h
blob43be869029d784ff470ae8db08d9ae3ce46fcd1c
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_PERMISSIONS_DATA_H_
6 #define EXTENSIONS_COMMON_PERMISSIONS_PERMISSIONS_DATA_H_
8 #include <map>
9 #include <string>
10 #include <vector>
12 #include "base/memory/ref_counted.h"
13 #include "base/strings/string16.h"
14 #include "base/synchronization/lock.h"
15 #include "extensions/common/manifest.h"
16 #include "extensions/common/permissions/api_permission.h"
17 #include "extensions/common/permissions/permission_message.h"
18 #include "extensions/common/permissions/permission_set.h"
20 class GURL;
22 namespace extensions {
23 class Extension;
24 class URLPatternSet;
26 // A container for the permissions state of an extension, including active,
27 // withheld, and tab-specific permissions.
28 class PermissionsData {
29 public:
30 // The possible types of access for a given frame.
31 enum AccessType {
32 ACCESS_DENIED, // The extension is not allowed to access the given page.
33 ACCESS_ALLOWED, // The extension is allowed to access the given page.
34 ACCESS_WITHHELD // The browser must determine if the extension can access
35 // the given page.
38 using TabPermissionsMap = std::map<int, scoped_refptr<const PermissionSet>>;
40 // Delegate class to allow different contexts (e.g. browser vs renderer) to
41 // have control over policy decisions.
42 class PolicyDelegate {
43 public:
44 virtual ~PolicyDelegate() {}
46 // Returns false if script access should be blocked on this page.
47 // Otherwise, default policy should decide.
48 virtual bool CanExecuteScriptOnPage(const Extension* extension,
49 const GURL& document_url,
50 int tab_id,
51 int process_id,
52 std::string* error) = 0;
55 static void SetPolicyDelegate(PolicyDelegate* delegate);
57 PermissionsData(const Extension* extension);
58 virtual ~PermissionsData();
60 // Returns true if the extension is a COMPONENT extension or is on the
61 // whitelist of extensions that can script all pages.
62 static bool CanExecuteScriptEverywhere(const Extension* extension);
64 // Returns true if the --scripts-require-action flag would possibly affect
65 // the given |extension| and |permissions|. We pass in the |permissions|
66 // explicitly, as we may need to check with permissions other than the ones
67 // that are currently on the extension's PermissionsData.
68 static bool ScriptsMayRequireActionForExtension(
69 const Extension* extension,
70 const PermissionSet* permissions);
72 // Returns true if we should skip the permissions warning for the extension
73 // with the given |extension_id|.
74 static bool ShouldSkipPermissionWarnings(const std::string& extension_id);
76 // Returns true if the given |url| is restricted for the given |extension|,
77 // as is commonly the case for chrome:// urls.
78 // NOTE: You probably want to use CanAccessPage().
79 static bool IsRestrictedUrl(const GURL& document_url,
80 const Extension* extension,
81 std::string* error);
83 // Sets the runtime permissions of the given |extension| to |active| and
84 // |withheld|.
85 void SetPermissions(const scoped_refptr<const PermissionSet>& active,
86 const scoped_refptr<const PermissionSet>& withheld) const;
88 // Updates the tab-specific permissions of |tab_id| to include those from
89 // |permissions|.
90 void UpdateTabSpecificPermissions(
91 int tab_id,
92 scoped_refptr<const PermissionSet> permissions) const;
94 // Clears the tab-specific permissions of |tab_id|.
95 void ClearTabSpecificPermissions(int tab_id) const;
97 // Returns true if the |extension| has the given |permission|. Prefer
98 // IsExtensionWithPermissionOrSuggestInConsole when developers may be using an
99 // api that requires a permission they didn't know about, e.g. open web apis.
100 // Note this does not include APIs with no corresponding permission, like
101 // "runtime" or "browserAction".
102 // TODO(mpcomplete): drop the "API" from these names, it's confusing.
103 bool HasAPIPermission(APIPermission::ID permission) const;
104 bool HasAPIPermission(const std::string& permission_name) const;
105 bool HasAPIPermissionForTab(int tab_id, APIPermission::ID permission) const;
106 bool CheckAPIPermissionWithParam(
107 APIPermission::ID permission,
108 const APIPermission::CheckParam* param) const;
110 // Returns the hosts this extension effectively has access to, including
111 // explicit and scriptable hosts, and any hosts on tabs the extension has
112 // active tab permissions for.
113 URLPatternSet GetEffectiveHostPermissions() const;
115 // TODO(rdevlin.cronin): HasHostPermission() and
116 // HasEffectiveAccessToAllHosts() are just forwards for the active
117 // permissions. We should either get rid of these, and have callers use
118 // active_permissions(), or should get rid of active_permissions(), and make
119 // callers use PermissionsData for everything. We should not do both.
121 // Whether the extension has access to the given |url|.
122 bool HasHostPermission(const GURL& url) const;
124 // Whether the extension has effective access to all hosts. This is true if
125 // there is a content script that matches all hosts, if there is a host
126 // permission grants access to all hosts (like <all_urls>) or an api
127 // permission that effectively grants access to all hosts (e.g. proxy,
128 // network, etc.)
129 bool HasEffectiveAccessToAllHosts() const;
131 // Returns the full list of permission details for messages that should
132 // display at install time, in a nested format ready for display.
133 PermissionMessages GetPermissionMessages() const;
135 // Returns true if the extension has requested all-hosts permissions (or
136 // something close to it), but has had it withheld.
137 bool HasWithheldImpliedAllHosts() const;
139 // Returns true if the |extension| has permission to access and interact with
140 // the specified page, in order to do things like inject scripts or modify
141 // the content.
142 // If this returns false and |error| is non-NULL, |error| will be popualted
143 // with the reason the extension cannot access the page.
144 bool CanAccessPage(const Extension* extension,
145 const GURL& document_url,
146 int tab_id,
147 int process_id,
148 std::string* error) const;
149 // Like CanAccessPage, but also takes withheld permissions into account.
150 // TODO(rdevlin.cronin) We shouldn't have two functions, but not all callers
151 // know how to wait for permission.
152 AccessType GetPageAccess(const Extension* extension,
153 const GURL& document_url,
154 int tab_id,
155 int process_id,
156 std::string* error) const;
158 // Returns true if the |extension| has permission to inject a content script
159 // on the page.
160 // If this returns false and |error| is non-NULL, |error| will be popualted
161 // with the reason the extension cannot script the page.
162 // NOTE: You almost certainly want to use CanAccessPage() instead of this
163 // method.
164 bool CanRunContentScriptOnPage(const Extension* extension,
165 const GURL& document_url,
166 int tab_id,
167 int process_id,
168 std::string* error) const;
169 // Like CanRunContentScriptOnPage, but also takes withheld permissions into
170 // account.
171 // TODO(rdevlin.cronin) We shouldn't have two functions, but not all callers
172 // know how to wait for permission.
173 AccessType GetContentScriptAccess(const Extension* extension,
174 const GURL& document_url,
175 int tab_id,
176 int process_id,
177 std::string* error) const;
179 // Returns true if extension is allowed to obtain the contents of a page as
180 // an image. Since a page may contain sensitive information, this is
181 // restricted to the extension's host permissions as well as the extension
182 // page itself.
183 bool CanCaptureVisiblePage(int tab_id, std::string* error) const;
185 // Returns the tab permissions map.
186 TabPermissionsMap CopyTabSpecificPermissionsMap() const;
188 scoped_refptr<const PermissionSet> active_permissions() const {
189 // We lock so that we can't also be setting the permissions while returning.
190 base::AutoLock auto_lock(runtime_lock_);
191 return active_permissions_unsafe_;
194 scoped_refptr<const PermissionSet> withheld_permissions() const {
195 // We lock so that we can't also be setting the permissions while returning.
196 base::AutoLock auto_lock(runtime_lock_);
197 return withheld_permissions_unsafe_;
200 #if defined(UNIT_TEST)
201 scoped_refptr<const PermissionSet> GetTabSpecificPermissionsForTesting(
202 int tab_id) const {
203 return GetTabSpecificPermissions(tab_id);
205 #endif
207 private:
208 // Gets the tab-specific host permissions of |tab_id|, or NULL if there
209 // aren't any.
210 scoped_refptr<const PermissionSet> GetTabSpecificPermissions(
211 int tab_id) const;
213 // Returns true if the |extension| has tab-specific permission to operate on
214 // the tab specified by |tab_id| with the given |url|.
215 // Note that if this returns false, it doesn't mean the extension can't run on
216 // the given tab, only that it does not have tab-specific permission to do so.
217 bool HasTabSpecificPermissionToExecuteScript(int tab_id,
218 const GURL& url) const;
220 // Returns whether or not the extension is permitted to run on the given page,
221 // checking against |permitted_url_patterns| in addition to blocking special
222 // sites (like the webstore or chrome:// urls).
223 AccessType CanRunOnPage(const Extension* extension,
224 const GURL& document_url,
225 int tab_id,
226 int process_id,
227 const URLPatternSet& permitted_url_patterns,
228 const URLPatternSet& withheld_url_patterns,
229 std::string* error) const;
231 // The associated extension's id.
232 std::string extension_id_;
234 // The associated extension's manifest type.
235 Manifest::Type manifest_type_;
237 mutable base::Lock runtime_lock_;
239 // The permission's which are currently active on the extension during
240 // runtime.
241 // Unsafe indicates that we must lock anytime this is directly accessed.
242 // Unless you need to change |active_permissions_unsafe_|, use the (safe)
243 // active_permissions() accessor.
244 mutable scoped_refptr<const PermissionSet> active_permissions_unsafe_;
246 // The permissions the extension requested, but was not granted due because
247 // they are too powerful. This includes things like all_hosts.
248 // Unsafe indicates that we must lock anytime this is directly accessed.
249 // Unless you need to change |withheld_permissions_unsafe_|, use the (safe)
250 // withheld_permissions() accessor.
251 mutable scoped_refptr<const PermissionSet> withheld_permissions_unsafe_;
253 mutable TabPermissionsMap tab_specific_permissions_;
255 DISALLOW_COPY_AND_ASSIGN(PermissionsData);
258 } // namespace extensions
260 #endif // EXTENSIONS_COMMON_PERMISSIONS_PERMISSIONS_DATA_H_