search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Roll src/third_party/skia 21b998b:bda7da8
[chromium-blink-merge.git] / extensions / common / permissions / api_permission.h
blobb2c6d46b7e6a23f4ffce02b3e98053ecd968709f
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
6 #define EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
7
8 #include <set>
9 #include <string>
10 #include <vector>
11
12 #include "base/callback.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/pickle.h"
15 #include "base/values.h"
16
17 namespace IPC {
18 class Message;
19 }
20
21 namespace extensions {
22
23 class PermissionIDSet;
24 class APIPermissionInfo;
25 class ChromeAPIPermissions;
26
27 // APIPermission is for handling some complex permissions. Please refer to
28 // extensions::SocketPermission as an example.
29 // There is one instance per permission per loaded extension.
30 class APIPermission {
31 public:
32 // The IDs of all permissions available to apps. Add as many permissions here
33 // as needed to generate meaningful permission messages. Add the rules for the
34 // messages to ChromePermissionMessageProvider.
35 // Do not reorder this enumeration or remove any entries. If you need to add a
36 // new entry, add it just prior to kEnumBoundary, and ensure to update the
37 // "ExtensionPermission3" enum in tools/metrics/histograms/histograms.xml
38 // (by running update_extension_permission.py).
39 // TODO(sashab): Move this to a more central location, and rename it to
40 // PermissionID.
41 enum ID {
42 // Error codes.
43 kInvalid,
44 kUnknown,
45
46 // Actual permission IDs. Not all of these are valid permissions on their
47 // own; some are just needed by various manifest permissions to represent
48 // their permission message rule combinations.
49 kAccessibilityFeaturesModify,
50 kAccessibilityFeaturesRead,
51 kAccessibilityPrivate,
52 kActiveTab,
53 kActivityLogPrivate,
54 kAlarms,
55 kAlphaEnabled,
56 kAlwaysOnTopWindows,
57 kAppView,
58 kAudio,
59 kAudioCapture,
60 kAudioModem,
61 kAutofillPrivate,
62 kAutomation,
63 kAutoTestPrivate,
64 kBackground,
65 kBluetoothPrivate,
66 kBookmark,
67 kBookmarkManagerPrivate,
68 kBrailleDisplayPrivate,
69 kBrowser,
70 kBrowsingData,
71 kCast,
72 kCastStreaming,
73 kChromeosInfoPrivate,
74 kClipboardRead,
75 kClipboardWrite,
76 kCloudPrintPrivate,
77 kCommandLinePrivate,
78 kCommandsAccessibility,
79 kContentSettings,
80 kContextMenus,
81 kCookie,
82 kCopresence,
83 kCopresencePrivate,
84 kCryptotokenPrivate,
85 kDataReductionProxy,
86 kDiagnostics,
87 kDial,
88 kDebugger,
89 kDeclarative,
90 kDeclarativeContent,
91 kDeclarativeWebRequest,
92 kDesktopCapture,
93 kDesktopCapturePrivate,
94 kDeveloperPrivate,
95 kDevtools,
96 kDns,
97 kDocumentScan,
98 kDownloads,
99 kDownloadsInternal,
100 kDownloadsOpen,
101 kDownloadsShelf,
102 kEasyUnlockPrivate,
103 kEchoPrivate,
104 kEmbeddedExtensionOptions,
105 kEnterprisePlatformKeys,
106 kEnterprisePlatformKeysPrivate,
107 kExperienceSamplingPrivate,
108 kExperimental,
109 kExtensionView,
110 kExternallyConnectableAllUrls,
111 kFeedbackPrivate,
112 kFileBrowserHandler,
113 kFileBrowserHandlerInternal,
114 kFileManagerPrivate,
115 kFileSystem,
116 kFileSystemDirectory,
117 kFileSystemProvider,
118 kFileSystemRequestFileSystem,
119 kFileSystemRetainEntries,
120 kFileSystemWrite,
121 kFileSystemWriteDirectory,
122 kFirstRunPrivate,
123 kFontSettings,
124 kFullscreen,
125 kGcdPrivate,
126 kGcm,
127 kGeolocation,
128 kHid,
129 kHistory,
130 kHomepage,
131 kHotwordPrivate,
132 kIdentity,
133 kIdentityEmail,
134 kIdentityPrivate,
135 kIdltest,
136 kIdle,
137 kImeWindowEnabled,
138 kInlineInstallPrivate,
139 kInput,
140 kInputMethodPrivate,
141 kInterceptAllKeys,
142 kLauncherSearchProvider,
143 kLocation,
144 kLogPrivate,
145 kManagement,
146 kMediaGalleries,
147 kMediaPlayerPrivate,
148 kMediaRouterPrivate,
149 kMetricsPrivate,
150 kMDns,
151 kMusicManagerPrivate,
152 kNativeMessaging,
153 kNetworkingConfig,
154 kNetworkingPrivate,
155 kNotificationProvider,
156 kNotifications,
157 kOverrideEscFullscreen,
158 kPageCapture,
159 kPointerLock,
160 kPlatformKeys,
161 kPlugin,
162 kPower,
163 kPreferencesPrivate,
164 kPrincipalsPrivate,
165 kPrinterProvider,
166 kPrivacy,
167 kProcesses,
168 kProxy,
169 kImageWriterPrivate,
170 kReadingListPrivate,
171 kRtcPrivate,
172 kSearchProvider,
173 kSearchEnginesPrivate,
174 kSerial,
175 kSessions,
176 kSettingsPrivate,
177 kSignedInDevices,
178 kSocket,
179 kStartupPages,
180 kStorage,
181 kStreamsPrivate,
182 kSyncFileSystem,
183 kSystemPrivate,
184 kSystemDisplay,
185 kSystemStorage,
186 kTab,
187 kTabCapture,
188 kTabCaptureForTab,
189 kTerminalPrivate,
190 kTopSites,
191 kTts,
192 kTtsEngine,
193 kUnlimitedStorage,
194 kU2fDevices,
195 kUsb,
196 kUsbDevice,
197 kVideoCapture,
198 kVirtualKeyboardPrivate,
199 kVpnProvider,
200 kWallpaper,
201 kWallpaperPrivate,
202 kWebcamPrivate,
203 kWebConnectable, // for externally_connectable manifest key
204 kWebNavigation,
205 kWebRequest,
206 kWebRequestBlocking,
207 kWebrtcAudioPrivate,
208 kWebrtcDesktopCapturePrivate,
209 kWebrtcLoggingPrivate,
210 kWebstorePrivate,
211 kWebstoreWidgetPrivate,
212 kWebView,
213 kWindowShape,
214 kScreenlockPrivate,
215 kSystemCpu,
216 kSystemMemory,
217 kSystemNetwork,
218 kSystemInfoCpu,
219 kSystemInfoMemory,
220 kBluetooth,
221 kBluetoothDevices,
222 kFavicon,
223 kFullAccess,
224 kHostReadOnly,
225 kHostReadWrite,
226 kHostsAll,
227 kHostsAllReadOnly,
228 kMediaGalleriesAllGalleriesCopyTo,
229 kMediaGalleriesAllGalleriesDelete,
230 kMediaGalleriesAllGalleriesRead,
231 kNetworkState,
232 kOverrideBookmarksUI,
233 kShouldWarnAllHosts,
234 kSocketAnyHost,
235 kSocketDomainHosts,
236 kSocketSpecificHosts,
237 kDeleted_UsbDeviceList,
238 kUsbDeviceUnknownProduct,
239 kUsbDeviceUnknownVendor,
240 kUsersPrivate,
241 kPasswordsPrivate,
242 kLanguageSettingsPrivate,
243 kEnterpriseDeviceAttributes,
244 // Last entry: Add new entries above and ensure to update the
245 // "ExtensionPermission3" enum in tools/metrics/histograms/histograms.xml
246 // (by running update_extension_permission.py).
247 kEnumBoundary
248 };
249
250 struct CheckParam {
251 };
252
253 explicit APIPermission(const APIPermissionInfo* info);
254
255 virtual ~APIPermission();
256
257 // Returns the id of this permission.
258 ID id() const;
259
260 // Returns the name of this permission.
261 const char* name() const;
262
263 // Returns the APIPermission of this permission.
264 const APIPermissionInfo* info() const {
265 return info_;
266 }
267
268 // The set of permissions an app/extension with this API permission has. These
269 // permissions are used by PermissionMessageProvider to generate meaningful
270 // permission messages for the app/extension.
271 //
272 // For simple API permissions, this will return a set containing only the ID
273 // of the permission. More complex permissions might have multiple IDs, one
274 // for each of the capabilities the API permission has (e.g. read, write and
275 // copy, in the case of the media gallery permission). Permissions that
276 // require parameters may also contain a parameter string (along with the
277 // permission's ID) which can be substituted into the permission message if a
278 // rule is defined to do so.
279 //
280 // Permissions with multiple values, such as host permissions, are represented
281 // by multiple entries in this set. Each permission in the subset has the same
282 // ID (e.g. kHostReadOnly) but a different parameter (e.g. google.com). These
283 // are grouped to form different kinds of permission messages (e.g. 'Access to
284 // 2 hosts') depending on the number that are in the set. The rules that
285 // define the grouping of related permissions with the same ID is defined in
286 // ChromePermissionMessageProvider.
287 virtual PermissionIDSet GetPermissions() const = 0;
288
289 // Returns true if the given permission is allowed.
290 virtual bool Check(const CheckParam* param) const = 0;
291
292 // Returns true if |rhs| is a subset of this.
293 virtual bool Contains(const APIPermission* rhs) const = 0;
294
295 // Returns true if |rhs| is equal to this.
296 virtual bool Equal(const APIPermission* rhs) const = 0;
297
298 // Parses the APIPermission from |value|. Returns false if an error happens
299 // and optionally set |error| if |error| is not NULL. If |value| represents
300 // multiple permissions, some are invalid, and |unhandled_permissions| is
301 // not NULL, the invalid ones are put into |unhandled_permissions| and the
302 // function returns true.
303 virtual bool FromValue(const base::Value* value,
304 std::string* error,
305 std::vector<std::string>* unhandled_permissions) = 0;
306
307 // Stores this into a new created |value|.
308 virtual scoped_ptr<base::Value> ToValue() const = 0;
309
310 // Clones this.
311 virtual APIPermission* Clone() const = 0;
312
313 // Returns a new API permission which equals this - |rhs|.
314 virtual APIPermission* Diff(const APIPermission* rhs) const = 0;
315
316 // Returns a new API permission which equals the union of this and |rhs|.
317 virtual APIPermission* Union(const APIPermission* rhs) const = 0;
318
319 // Returns a new API permission which equals the intersect of this and |rhs|.
320 virtual APIPermission* Intersect(const APIPermission* rhs) const = 0;
321
322 // IPC functions
323 // Writes this into the given IPC message |m|.
324 virtual void Write(IPC::Message* m) const = 0;
325
326 // Reads from the given IPC message |m|.
327 virtual bool Read(const IPC::Message* m, base::PickleIterator* iter) = 0;
328
329 // Logs this permission.
330 virtual void Log(std::string* log) const = 0;
331
332 private:
333 const APIPermissionInfo* const info_;
334 };
335
336
337 // The APIPermissionInfo is an immutable class that describes a single
338 // named permission (API permission).
339 // There is one instance per permission.
340 class APIPermissionInfo {
341 public:
342 enum Flag {
343 kFlagNone = 0,
344
345 // Indicates if the permission implies full access (native code).
346 kFlagImpliesFullAccess = 1 << 0,
347
348 // Indicates if the permission implies full URL access.
349 kFlagImpliesFullURLAccess = 1 << 1,
350
351 // Indicates that extensions cannot specify the permission as optional.
352 kFlagCannotBeOptional = 1 << 3,
353
354 // Indicates that the permission is internal to the extensions
355 // system and cannot be specified in the "permissions" list.
356 kFlagInternal = 1 << 4,
357
358 // Indicates that the permission may be granted to web contents by
359 // extensions using the content_capabilities manifest feature.
360 kFlagSupportsContentCapabilities = 1 << 5,
361 };
362
363 typedef APIPermission* (*APIPermissionConstructor)(const APIPermissionInfo*);
364
365 typedef std::set<APIPermission::ID> IDSet;
366
367 ~APIPermissionInfo();
368
369 // Creates a APIPermission instance.
370 APIPermission* CreateAPIPermission() const;
371
372 int flags() const { return flags_; }
373
374 APIPermission::ID id() const { return id_; }
375
376 // Returns the name of this permission.
377 const char* name() const { return name_; }
378
379 // Returns true if this permission implies full access (e.g., native code).
380 bool implies_full_access() const {
381 return (flags_ & kFlagImpliesFullAccess) != 0;
382 }
383
384 // Returns true if this permission implies full URL access.
385 bool implies_full_url_access() const {
386 return (flags_ & kFlagImpliesFullURLAccess) != 0;
387 }
388
389 // Returns true if this permission can be added and removed via the
390 // optional permissions extension API.
391 bool supports_optional() const {
392 return (flags_ & kFlagCannotBeOptional) == 0;
393 }
394
395 // Returns true if this permission is internal rather than a
396 // "permissions" list entry.
397 bool is_internal() const {
398 return (flags_ & kFlagInternal) != 0;
399 }
400
401 // Returns true if this permission can be granted to web contents by an
402 // extension through the content_capabilities manifest feature.
403 bool supports_content_capabilities() const {
404 return (flags_ & kFlagSupportsContentCapabilities) != 0;
405 }
406
407 private:
408 // Instances should only be constructed from within a PermissionsProvider.
409 friend class ChromeAPIPermissions;
410 friend class ExtensionsAPIPermissions;
411 // Implementations of APIPermission will want to get the permission message,
412 // but this class's implementation should be hidden from everyone else.
413 friend class APIPermission;
414
415 // This exists to allow aggregate initialization, so that default values
416 // for flags, etc. can be omitted.
417 // TODO(yoz): Simplify the way initialization is done. APIPermissionInfo
418 // should be the simple data struct.
419 struct InitInfo {
420 APIPermission::ID id;
421 const char* name;
422 int flags;
423 APIPermissionInfo::APIPermissionConstructor constructor;
424 };
425
426 explicit APIPermissionInfo(const InitInfo& info);
427
428 const APIPermission::ID id_;
429 const char* const name_;
430 const int flags_;
431 const APIPermissionConstructor api_permission_constructor_;
432 };
433
434 } // namespace extensions
435
436 #endif // EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_