search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Adding Peter Thatcher to the owners file.
[chromium-blink-merge.git] / extensions / common / permissions / api_permission.h
blob28b7c97fdafbad59c32347dd6aef1086409034d2
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
6 #define EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
7
8 #include <map>
9 #include <set>
10 #include <string>
11 #include <vector>
12
13 #include "base/callback.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "base/pickle.h"
16 #include "base/values.h"
17 #include "extensions/common/permissions/permission_message.h"
18
19 namespace IPC {
20 class Message;
21 }
22
23 namespace extensions {
24
25 class PermissionIDSet;
26 class APIPermissionInfo;
27 class ChromeAPIPermissions;
28
29 // APIPermission is for handling some complex permissions. Please refer to
30 // extensions::SocketPermission as an example.
31 // There is one instance per permission per loaded extension.
32 class APIPermission {
33 public:
34 // The IDs of all permissions available to apps. Add as many permissions here
35 // as needed to generate meaningful permission messages. Add the rules for the
36 // messages to ChromePermissionMessageProvider.
37 // Remove permissions from this list if they have no longer have a
38 // corresponding API permission and no permission message.
39 // TODO(sashab): Move this to a more central location, and rename it to
40 // PermissionID.
41 enum ID {
42 // Error codes.
43 kInvalid = -2,
44 kUnknown = -1,
45
46 // Real permissions.
47 kAccessibilityFeaturesModify,
48 kAccessibilityFeaturesRead,
49 kAccessibilityPrivate,
50 kActiveTab,
51 kActivityLogPrivate,
52 kAlarms,
53 kAlphaEnabled,
54 kAlwaysOnTopWindows,
55 kAppView,
56 kAudio,
57 kAudioCapture,
58 kAudioModem,
59 kAutomation,
60 kAutoTestPrivate,
61 kBackground,
62 kBluetoothPrivate,
63 kBookmark,
64 kBookmarkManagerPrivate,
65 kBrailleDisplayPrivate,
66 kBrowser,
67 kBrowsingData,
68 kCast,
69 kCastStreaming,
70 kChromeosInfoPrivate,
71 kClipboardRead,
72 kClipboardWrite,
73 kCloudPrintPrivate,
74 kCommandLinePrivate,
75 kCommandsAccessibility,
76 kContentSettings,
77 kContextMenus,
78 kCookie,
79 kCopresence,
80 kCopresencePrivate,
81 kCryptotokenPrivate,
82 kDataReductionProxy,
83 kDiagnostics,
84 kDial,
85 kDebugger,
86 kDeclarative,
87 kDeclarativeContent,
88 kDeclarativeWebRequest,
89 kDesktopCapture,
90 kDesktopCapturePrivate,
91 kDeveloperPrivate,
92 kDevtools,
93 kDns,
94 kDocumentScan,
95 kDownloads,
96 kDownloadsInternal,
97 kDownloadsOpen,
98 kDownloadsShelf,
99 kEasyUnlockPrivate,
100 kEchoPrivate,
101 kEmbeddedExtensionOptions,
102 kEnterprisePlatformKeys,
103 kEnterprisePlatformKeysPrivate,
104 kExperienceSamplingPrivate,
105 kExperimental,
106 kExtensionView,
107 kExternallyConnectableAllUrls,
108 kFeedbackPrivate,
109 kFileBrowserHandler,
110 kFileBrowserHandlerInternal,
111 kFileManagerPrivate,
112 kFileSystem,
113 kFileSystemDirectory,
114 kFileSystemProvider,
115 kFileSystemRequestFileSystem,
116 kFileSystemRetainEntries,
117 kFileSystemWrite,
118 kFileSystemWriteDirectory,
119 kFirstRunPrivate,
120 kFontSettings,
121 kFullscreen,
122 kGcdPrivate,
123 kGcm,
124 kGeolocation,
125 kHid,
126 kHistory,
127 kHomepage,
128 kHotwordPrivate,
129 kIdentity,
130 kIdentityEmail,
131 kIdentityPrivate,
132 kIdltest,
133 kIdle,
134 kImeWindowEnabled,
135 kInlineInstallPrivate,
136 kInput,
137 kInputMethodPrivate,
138 kInterceptAllKeys,
139 kLauncherSearchProvider,
140 kLocation,
141 kLogPrivate,
142 kManagement,
143 kMediaGalleries,
144 kMediaPlayerPrivate,
145 kMediaRouterPrivate,
146 kMetricsPrivate,
147 kMDns,
148 kMusicManagerPrivate,
149 kNativeMessaging,
150 kNetworkingConfig,
151 kNetworkingPrivate,
152 kNotificationProvider,
153 kNotifications,
154 kOverrideEscFullscreen,
155 kPageCapture,
156 kPointerLock,
157 kPlatformKeys,
158 kPlugin,
159 kPower,
160 kPreferencesPrivate,
161 kPrincipalsPrivate,
162 kPrinterProvider,
163 kPrivacy,
164 kProcesses,
165 kProxy,
166 kImageWriterPrivate,
167 kReadingListPrivate,
168 kRtcPrivate,
169 kSearchProvider,
170 kSerial,
171 kSessions,
172 kSettingsPrivate,
173 kSignedInDevices,
174 kSocket,
175 kStartupPages,
176 kStorage,
177 kStreamsPrivate,
178 kSyncFileSystem,
179 kSystemPrivate,
180 kSystemDisplay,
181 kSystemStorage,
182 kTab,
183 kTabCapture,
184 kTabCaptureForTab,
185 kTerminalPrivate,
186 kTopSites,
187 kTts,
188 kTtsEngine,
189 kUnlimitedStorage,
190 kU2fDevices,
191 kUsb,
192 kUsbDevice,
193 kVideoCapture,
194 kVirtualKeyboardPrivate,
195 kVpnProvider,
196 kWallpaper,
197 kWallpaperPrivate,
198 kWebcamPrivate,
199 kWebConnectable, // for externally_connectable manifest key
200 kWebNavigation,
201 kWebRequest,
202 kWebRequestBlocking,
203 kWebrtcAudioPrivate,
204 kWebrtcLoggingPrivate,
205 kWebstorePrivate,
206 kWebView,
207 kWindowShape,
208 kScreenlockPrivate,
209 kSystemCpu,
210 kSystemMemory,
211 kSystemNetwork,
212 kSystemInfoCpu,
213 kSystemInfoMemory,
214
215 // Permission message IDs that are not currently valid permissions on their
216 // own, but are needed by various manifest permissions to represent their
217 // permission message rule combinations.
218 // TODO(sashab): Move these in-line with the other permission IDs.
219 kBluetooth,
220 kBluetoothDevices,
221 kFavicon,
222 kFullAccess,
223 kHostReadOnly,
224 kHostReadWrite,
225 kHostsAll,
226 kHostsAllReadOnly,
227 kMediaGalleriesAllGalleriesCopyTo,
228 kMediaGalleriesAllGalleriesDelete,
229 kMediaGalleriesAllGalleriesRead,
230 kNetworkState,
231 kOverrideBookmarksUI,
232 kShouldWarnAllHosts,
233 kSocketAnyHost,
234 kSocketDomainHosts,
235 kSocketSpecificHosts,
236 kUsbDeviceList,
237 kUsbDeviceUnknownProduct,
238 kUsbDeviceUnknownVendor,
239
240 kEnumBoundary
241 };
242
243 struct CheckParam {
244 };
245
246 explicit APIPermission(const APIPermissionInfo* info);
247
248 virtual ~APIPermission();
249
250 // Returns the id of this permission.
251 ID id() const;
252
253 // Returns the name of this permission.
254 const char* name() const;
255
256 // Returns the APIPermission of this permission.
257 const APIPermissionInfo* info() const {
258 return info_;
259 }
260
261 // The set of permissions an app/extension with this API permission has. These
262 // permissions are used by PermissionMessageProvider to generate meaningful
263 // permission messages for the app/extension.
264 //
265 // For simple API permissions, this will return a set containing only the ID
266 // of the permission. More complex permissions might have multiple IDs, one
267 // for each of the capabilities the API permission has (e.g. read, write and
268 // copy, in the case of the media gallery permission). Permissions that
269 // require parameters may also contain a parameter string (along with the
270 // permission's ID) which can be substituted into the permission message if a
271 // rule is defined to do so.
272 //
273 // Permissions with multiple values, such as host permissions, are represented
274 // by multiple entries in this set. Each permission in the subset has the same
275 // ID (e.g. kHostReadOnly) but a different parameter (e.g. google.com). These
276 // are grouped to form different kinds of permission messages (e.g. 'Access to
277 // 2 hosts') depending on the number that are in the set. The rules that
278 // define the grouping of related permissions with the same ID is defined in
279 // ChromePermissionMessageProvider.
280 virtual PermissionIDSet GetPermissions() const = 0;
281
282 // Returns true if this permission has any PermissionMessages.
283 // TODO(sashab): Deprecate this in favor of GetPermissions() above.
284 virtual bool HasMessages() const = 0;
285
286 // Returns the localized permission messages of this permission.
287 // TODO(sashab): Deprecate this in favor of GetPermissions() above.
288 virtual PermissionMessages GetMessages() const = 0;
289
290 // Returns true if the given permission is allowed.
291 virtual bool Check(const CheckParam* param) const = 0;
292
293 // Returns true if |rhs| is a subset of this.
294 virtual bool Contains(const APIPermission* rhs) const = 0;
295
296 // Returns true if |rhs| is equal to this.
297 virtual bool Equal(const APIPermission* rhs) const = 0;
298
299 // Parses the APIPermission from |value|. Returns false if an error happens
300 // and optionally set |error| if |error| is not NULL. If |value| represents
301 // multiple permissions, some are invalid, and |unhandled_permissions| is
302 // not NULL, the invalid ones are put into |unhandled_permissions| and the
303 // function returns true.
304 virtual bool FromValue(const base::Value* value,
305 std::string* error,
306 std::vector<std::string>* unhandled_permissions) = 0;
307
308 // Stores this into a new created |value|.
309 virtual scoped_ptr<base::Value> ToValue() const = 0;
310
311 // Clones this.
312 virtual APIPermission* Clone() const = 0;
313
314 // Returns a new API permission which equals this - |rhs|.
315 virtual APIPermission* Diff(const APIPermission* rhs) const = 0;
316
317 // Returns a new API permission which equals the union of this and |rhs|.
318 virtual APIPermission* Union(const APIPermission* rhs) const = 0;
319
320 // Returns a new API permission which equals the intersect of this and |rhs|.
321 virtual APIPermission* Intersect(const APIPermission* rhs) const = 0;
322
323 // IPC functions
324 // Writes this into the given IPC message |m|.
325 virtual void Write(IPC::Message* m) const = 0;
326
327 // Reads from the given IPC message |m|.
328 virtual bool Read(const IPC::Message* m, PickleIterator* iter) = 0;
329
330 // Logs this permission.
331 virtual void Log(std::string* log) const = 0;
332
333 protected:
334 // Returns the localized permission message associated with this api.
335 // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows.
336 PermissionMessage GetMessage_() const;
337
338 private:
339 const APIPermissionInfo* const info_;
340 };
341
342
343 // The APIPermissionInfo is an immutable class that describes a single
344 // named permission (API permission).
345 // There is one instance per permission.
346 class APIPermissionInfo {
347 public:
348 enum Flag {
349 kFlagNone = 0,
350
351 // Indicates if the permission implies full access (native code).
352 kFlagImpliesFullAccess = 1 << 0,
353
354 // Indicates if the permission implies full URL access.
355 kFlagImpliesFullURLAccess = 1 << 1,
356
357 // Indicates that extensions cannot specify the permission as optional.
358 kFlagCannotBeOptional = 1 << 3,
359
360 // Indicates that the permission is internal to the extensions
361 // system and cannot be specified in the "permissions" list.
362 kFlagInternal = 1 << 4,
363
364 // Indicates that the permission may be granted to web contents by
365 // extensions using the content_capabilities manifest feature.
366 kFlagSupportsContentCapabilities = 1 << 5,
367 };
368
369 typedef APIPermission* (*APIPermissionConstructor)(const APIPermissionInfo*);
370
371 typedef std::set<APIPermission::ID> IDSet;
372
373 ~APIPermissionInfo();
374
375 // Creates a APIPermission instance.
376 APIPermission* CreateAPIPermission() const;
377
378 int flags() const { return flags_; }
379
380 APIPermission::ID id() const { return id_; }
381
382 // Returns the message id associated with this permission.
383 PermissionMessage::ID message_id() const {
384 return message_id_;
385 }
386
387 // Returns the name of this permission.
388 const char* name() const { return name_; }
389
390 // Returns true if this permission implies full access (e.g., native code).
391 bool implies_full_access() const {
392 return (flags_ & kFlagImpliesFullAccess) != 0;
393 }
394
395 // Returns true if this permission implies full URL access.
396 bool implies_full_url_access() const {
397 return (flags_ & kFlagImpliesFullURLAccess) != 0;
398 }
399
400 // Returns true if this permission can be added and removed via the
401 // optional permissions extension API.
402 bool supports_optional() const {
403 return (flags_ & kFlagCannotBeOptional) == 0;
404 }
405
406 // Returns true if this permission is internal rather than a
407 // "permissions" list entry.
408 bool is_internal() const {
409 return (flags_ & kFlagInternal) != 0;
410 }
411
412 // Returns true if this permission can be granted to web contents by an
413 // extension through the content_capabilities manifest feature.
414 bool supports_content_capabilities() const {
415 return (flags_ & kFlagSupportsContentCapabilities) != 0;
416 }
417
418 private:
419 // Instances should only be constructed from within a PermissionsProvider.
420 friend class ChromeAPIPermissions;
421 friend class ExtensionsAPIPermissions;
422 // Implementations of APIPermission will want to get the permission message,
423 // but this class's implementation should be hidden from everyone else.
424 friend class APIPermission;
425
426 // This exists to allow aggregate initialization, so that default values
427 // for flags, etc. can be omitted.
428 // TODO(yoz): Simplify the way initialization is done. APIPermissionInfo
429 // should be the simple data struct.
430 struct InitInfo {
431 APIPermission::ID id;
432 const char* name;
433 int flags;
434 int l10n_message_id;
435 PermissionMessage::ID message_id;
436 APIPermissionInfo::APIPermissionConstructor constructor;
437 };
438
439 explicit APIPermissionInfo(const InitInfo& info);
440
441 // Returns the localized permission message associated with this api.
442 // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows.
443 PermissionMessage GetMessage_() const;
444
445 const APIPermission::ID id_;
446 const char* const name_;
447 const int flags_;
448 const int l10n_message_id_;
449 const PermissionMessage::ID message_id_;
450 const APIPermissionConstructor api_permission_constructor_;
451 };
452
453 } // namespace extensions
454
455 #endif // EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_