search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ozone: evdev: Sync caps lock LED state to evdev
[chromium-blink-merge.git] / extensions / common / permissions / api_permission.h
blob23a8c822ae7f83e87daa4987eee7cbfb8e7c0f79
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
6 #define EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
7
8 #include <map>
9 #include <set>
10 #include <string>
11 #include <vector>
12
13 #include "base/callback.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "base/pickle.h"
16 #include "base/values.h"
17 #include "extensions/common/permissions/permission_message.h"
18
19 namespace IPC {
20 class Message;
21 }
22
23 namespace extensions {
24
25 class PermissionIDSet;
26 class APIPermissionInfo;
27 class ChromeAPIPermissions;
28
29 // APIPermission is for handling some complex permissions. Please refer to
30 // extensions::SocketPermission as an example.
31 // There is one instance per permission per loaded extension.
32 class APIPermission {
33 public:
34 // The IDs of all permissions available to apps. Add as many permissions here
35 // as needed to generate meaningful permission messages. Add the rules for the
36 // messages to ChromePermissionMessageProvider.
37 // Remove permissions from this list if they have no longer have a
38 // corresponding API permission and no permission message.
39 // TODO(sashab): Move this to a more central location, and rename it to
40 // PermissionID.
41 enum ID {
42 // Error codes.
43 kInvalid = -2,
44 kUnknown = -1,
45
46 // Real permissions.
47 kAccessibilityFeaturesModify,
48 kAccessibilityFeaturesRead,
49 kAccessibilityPrivate,
50 kActiveTab,
51 kActivityLogPrivate,
52 kAlarms,
53 kAlphaEnabled,
54 kAlwaysOnTopWindows,
55 kAppView,
56 kAudio,
57 kAudioCapture,
58 kAudioModem,
59 kAutomation,
60 kAutoTestPrivate,
61 kBackground,
62 kBluetoothPrivate,
63 kBookmark,
64 kBookmarkManagerPrivate,
65 kBrailleDisplayPrivate,
66 kBrowser,
67 kBrowsingData,
68 kCast,
69 kCastStreaming,
70 kChromeosInfoPrivate,
71 kClipboardRead,
72 kClipboardWrite,
73 kCloudPrintPrivate,
74 kCommandLinePrivate,
75 kCommandsAccessibility,
76 kContentSettings,
77 kContextMenus,
78 kCookie,
79 kCopresence,
80 kCopresencePrivate,
81 kCryptotokenPrivate,
82 kDataReductionProxy,
83 kDiagnostics,
84 kDial,
85 kDebugger,
86 kDeclarative,
87 kDeclarativeContent,
88 kDeclarativeWebRequest,
89 kDesktopCapture,
90 kDesktopCapturePrivate,
91 kDeveloperPrivate,
92 kDevtools,
93 kDns,
94 kDocumentScan,
95 kDownloads,
96 kDownloadsInternal,
97 kDownloadsOpen,
98 kDownloadsShelf,
99 kEasyUnlockPrivate,
100 kEchoPrivate,
101 kEmbeddedExtensionOptions,
102 kEnterprisePlatformKeys,
103 kEnterprisePlatformKeysPrivate,
104 kExperienceSamplingPrivate,
105 kExperimental,
106 kExtensionView,
107 kExternallyConnectableAllUrls,
108 kFeedbackPrivate,
109 kFileBrowserHandler,
110 kFileBrowserHandlerInternal,
111 kFileManagerPrivate,
112 kFileSystem,
113 kFileSystemDirectory,
114 kFileSystemProvider,
115 kFileSystemRetainEntries,
116 kFileSystemWrite,
117 kFileSystemWriteDirectory,
118 kFirstRunPrivate,
119 kFontSettings,
120 kFullscreen,
121 kGcdPrivate,
122 kGcm,
123 kGeolocation,
124 kHid,
125 kHistory,
126 kHomepage,
127 kHotwordPrivate,
128 kIdentity,
129 kIdentityEmail,
130 kIdentityPrivate,
131 kIdltest,
132 kIdle,
133 kImeWindowEnabled,
134 kInlineInstallPrivate,
135 kInput,
136 kInputMethodPrivate,
137 kInterceptAllKeys,
138 kLocation,
139 kLogPrivate,
140 kManagement,
141 kMediaGalleries,
142 kMediaPlayerPrivate,
143 kMetricsPrivate,
144 kMDns,
145 kMusicManagerPrivate,
146 kNativeMessaging,
147 kNetworkingConfig,
148 kNetworkingPrivate,
149 kNotificationProvider,
150 kNotifications,
151 kOverrideEscFullscreen,
152 kPageCapture,
153 kPointerLock,
154 kPlatformKeys,
155 kPlugin,
156 kPower,
157 kPreferencesPrivate,
158 kPrincipalsPrivate,
159 kPrinterProvider,
160 kPrivacy,
161 kProcesses,
162 kProxy,
163 kPushMessaging,
164 kImageWriterPrivate,
165 kReadingListPrivate,
166 kRtcPrivate,
167 kSearchProvider,
168 kSerial,
169 kSessions,
170 kSignedInDevices,
171 kSocket,
172 kStartupPages,
173 kStorage,
174 kStreamsPrivate,
175 kSyncFileSystem,
176 kSystemPrivate,
177 kSystemDisplay,
178 kSystemStorage,
179 kTab,
180 kTabCapture,
181 kTabCaptureForTab,
182 kTerminalPrivate,
183 kTopSites,
184 kTts,
185 kTtsEngine,
186 kUnlimitedStorage,
187 kU2fDevices,
188 kUsb,
189 kUsbDevice,
190 kVideoCapture,
191 kVirtualKeyboardPrivate,
192 kVpnProvider,
193 kWallpaper,
194 kWallpaperPrivate,
195 kWebcamPrivate,
196 kWebConnectable, // for externally_connectable manifest key
197 kWebNavigation,
198 kWebRequest,
199 kWebRequestBlocking,
200 kWebrtcAudioPrivate,
201 kWebrtcLoggingPrivate,
202 kWebstorePrivate,
203 kWebView,
204 kWindowShape,
205 kScreenlockPrivate,
206 kSystemCpu,
207 kSystemMemory,
208 kSystemNetwork,
209 kSystemInfoCpu,
210 kSystemInfoMemory,
211
212 // Permission message IDs that are not currently valid permissions on their
213 // own, but are needed by various manifest permissions to represent their
214 // permission message rule combinations.
215 // TODO(sashab): Move these in-line with the other permission IDs.
216 kBluetooth,
217 kBluetoothDevices,
218 kFavicon,
219 kFullAccess,
220 kHostReadOnly,
221 kHostReadWrite,
222 kHostsAll,
223 kHostsAllReadOnly,
224 kMediaGalleriesAllGalleriesCopyTo,
225 kMediaGalleriesAllGalleriesDelete,
226 kMediaGalleriesAllGalleriesRead,
227 kNetworkState,
228 kOverrideBookmarksUI,
229 kShouldWarnAllHosts,
230 kSocketAnyHost,
231 kSocketDomainHosts,
232 kSocketSpecificHosts,
233 kUsbDeviceList,
234 kUsbDeviceUnknownProduct,
235 kUsbDeviceUnknownVendor,
236
237 kEnumBoundary
238 };
239
240 struct CheckParam {
241 };
242
243 explicit APIPermission(const APIPermissionInfo* info);
244
245 virtual ~APIPermission();
246
247 // Returns the id of this permission.
248 ID id() const;
249
250 // Returns the name of this permission.
251 const char* name() const;
252
253 // Returns the APIPermission of this permission.
254 const APIPermissionInfo* info() const {
255 return info_;
256 }
257
258 // The set of permissions an app/extension with this API permission has. These
259 // permissions are used by PermissionMessageProvider to generate meaningful
260 // permission messages for the app/extension.
261 //
262 // For simple API permissions, this will return a set containing only the ID
263 // of the permission. More complex permissions might have multiple IDs, one
264 // for each of the capabilities the API permission has (e.g. read, write and
265 // copy, in the case of the media gallery permission). Permissions that
266 // require parameters may also contain a parameter string (along with the
267 // permission's ID) which can be substituted into the permission message if a
268 // rule is defined to do so.
269 //
270 // Permissions with multiple values, such as host permissions, are represented
271 // by multiple entries in this set. Each permission in the subset has the same
272 // ID (e.g. kHostReadOnly) but a different parameter (e.g. google.com). These
273 // are grouped to form different kinds of permission messages (e.g. 'Access to
274 // 2 hosts') depending on the number that are in the set. The rules that
275 // define the grouping of related permissions with the same ID is defined in
276 // ChromePermissionMessageProvider.
277 virtual PermissionIDSet GetPermissions() const = 0;
278
279 // Returns true if this permission has any PermissionMessages.
280 // TODO(sashab): Deprecate this in favor of GetPermissions() above.
281 virtual bool HasMessages() const = 0;
282
283 // Returns the localized permission messages of this permission.
284 // TODO(sashab): Deprecate this in favor of GetPermissions() above.
285 virtual PermissionMessages GetMessages() const = 0;
286
287 // Returns true if the given permission is allowed.
288 virtual bool Check(const CheckParam* param) const = 0;
289
290 // Returns true if |rhs| is a subset of this.
291 virtual bool Contains(const APIPermission* rhs) const = 0;
292
293 // Returns true if |rhs| is equal to this.
294 virtual bool Equal(const APIPermission* rhs) const = 0;
295
296 // Parses the APIPermission from |value|. Returns false if an error happens
297 // and optionally set |error| if |error| is not NULL. If |value| represents
298 // multiple permissions, some are invalid, and |unhandled_permissions| is
299 // not NULL, the invalid ones are put into |unhandled_permissions| and the
300 // function returns true.
301 virtual bool FromValue(const base::Value* value,
302 std::string* error,
303 std::vector<std::string>* unhandled_permissions) = 0;
304
305 // Stores this into a new created |value|.
306 virtual scoped_ptr<base::Value> ToValue() const = 0;
307
308 // Clones this.
309 virtual APIPermission* Clone() const = 0;
310
311 // Returns a new API permission which equals this - |rhs|.
312 virtual APIPermission* Diff(const APIPermission* rhs) const = 0;
313
314 // Returns a new API permission which equals the union of this and |rhs|.
315 virtual APIPermission* Union(const APIPermission* rhs) const = 0;
316
317 // Returns a new API permission which equals the intersect of this and |rhs|.
318 virtual APIPermission* Intersect(const APIPermission* rhs) const = 0;
319
320 // IPC functions
321 // Writes this into the given IPC message |m|.
322 virtual void Write(IPC::Message* m) const = 0;
323
324 // Reads from the given IPC message |m|.
325 virtual bool Read(const IPC::Message* m, PickleIterator* iter) = 0;
326
327 // Logs this permission.
328 virtual void Log(std::string* log) const = 0;
329
330 protected:
331 // Returns the localized permission message associated with this api.
332 // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows.
333 PermissionMessage GetMessage_() const;
334
335 private:
336 const APIPermissionInfo* const info_;
337 };
338
339
340 // The APIPermissionInfo is an immutable class that describes a single
341 // named permission (API permission).
342 // There is one instance per permission.
343 class APIPermissionInfo {
344 public:
345 enum Flag {
346 kFlagNone = 0,
347
348 // Indicates if the permission implies full access (native code).
349 kFlagImpliesFullAccess = 1 << 0,
350
351 // Indicates if the permission implies full URL access.
352 kFlagImpliesFullURLAccess = 1 << 1,
353
354 // Indicates that extensions cannot specify the permission as optional.
355 kFlagCannotBeOptional = 1 << 3,
356
357 // Indicates that the permission is internal to the extensions
358 // system and cannot be specified in the "permissions" list.
359 kFlagInternal = 1 << 4,
360
361 // Indicates that the permission may be granted to web contents by
362 // extensions using the content_capabilities manifest feature.
363 kFlagSupportsContentCapabilities = 1 << 5,
364 };
365
366 typedef APIPermission* (*APIPermissionConstructor)(const APIPermissionInfo*);
367
368 typedef std::set<APIPermission::ID> IDSet;
369
370 ~APIPermissionInfo();
371
372 // Creates a APIPermission instance.
373 APIPermission* CreateAPIPermission() const;
374
375 int flags() const { return flags_; }
376
377 APIPermission::ID id() const { return id_; }
378
379 // Returns the message id associated with this permission.
380 PermissionMessage::ID message_id() const {
381 return message_id_;
382 }
383
384 // Returns the name of this permission.
385 const char* name() const { return name_; }
386
387 // Returns true if this permission implies full access (e.g., native code).
388 bool implies_full_access() const {
389 return (flags_ & kFlagImpliesFullAccess) != 0;
390 }
391
392 // Returns true if this permission implies full URL access.
393 bool implies_full_url_access() const {
394 return (flags_ & kFlagImpliesFullURLAccess) != 0;
395 }
396
397 // Returns true if this permission can be added and removed via the
398 // optional permissions extension API.
399 bool supports_optional() const {
400 return (flags_ & kFlagCannotBeOptional) == 0;
401 }
402
403 // Returns true if this permission is internal rather than a
404 // "permissions" list entry.
405 bool is_internal() const {
406 return (flags_ & kFlagInternal) != 0;
407 }
408
409 // Returns true if this permission can be granted to web contents by an
410 // extension through the content_capabilities manifest feature.
411 bool supports_content_capabilities() const {
412 return (flags_ & kFlagSupportsContentCapabilities) != 0;
413 }
414
415 private:
416 // Instances should only be constructed from within a PermissionsProvider.
417 friend class ChromeAPIPermissions;
418 friend class ExtensionsAPIPermissions;
419 // Implementations of APIPermission will want to get the permission message,
420 // but this class's implementation should be hidden from everyone else.
421 friend class APIPermission;
422
423 // This exists to allow aggregate initialization, so that default values
424 // for flags, etc. can be omitted.
425 // TODO(yoz): Simplify the way initialization is done. APIPermissionInfo
426 // should be the simple data struct.
427 struct InitInfo {
428 APIPermission::ID id;
429 const char* name;
430 int flags;
431 int l10n_message_id;
432 PermissionMessage::ID message_id;
433 APIPermissionInfo::APIPermissionConstructor constructor;
434 };
435
436 explicit APIPermissionInfo(const InitInfo& info);
437
438 // Returns the localized permission message associated with this api.
439 // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows.
440 PermissionMessage GetMessage_() const;
441
442 const APIPermission::ID id_;
443 const char* const name_;
444 const int flags_;
445 const int l10n_message_id_;
446 const PermissionMessage::ID message_id_;
447 const APIPermissionConstructor api_permission_constructor_;
448 };
449
450 } // namespace extensions
451
452 #endif // EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_