| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSION_SET_H_ |
| 6 #define CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSION_SET_H_ |
| 7 #pragma once |
| 8 |
| 9 #include <map> |
| 10 #include <set> |
| 11 #include <string> |
| 12 #include <vector> |
| 13 |
| 14 #include "base/gtest_prod_util.h" |
| 15 #include "base/memory/ref_counted.h" |
| 16 #include "base/memory/singleton.h" |
| 17 #include "base/string16.h" |
| 18 #include "chrome/common/extensions/permissions/api_permission.h" |
| 19 #include "chrome/common/extensions/permissions/permission_message.h" |
| 20 #include "chrome/common/extensions/url_pattern_set.h" |
| 21 |
| 22 namespace extensions { |
| 23 |
| 24 class Extension; |
| 25 |
| 26 typedef std::set<std::string> OAuth2Scopes; |
| 27 |
| 28 // The PermissionSet is an immutable class that encapsulates an |
| 29 // extension's permissions. The class exposes set operations for combining and |
| 30 // manipulating the permissions. |
| 31 class PermissionSet |
| 32 : public base::RefCountedThreadSafe<PermissionSet> { |
| 33 public: |
| 34 // Creates an empty permission set (e.g. default permissions). |
| 35 PermissionSet(); |
| 36 |
| 37 // Creates a new permission set based on the |extension| manifest data, and |
| 38 // the api and host permissions (|apis| and |hosts|). The effective hosts |
| 39 // of the newly created permission set will be inferred from the |extension| |
| 40 // manifest, |apis| and |hosts|. |
| 41 PermissionSet(const extensions::Extension* extension, |
| 42 const APIPermissionSet& apis, |
| 43 const URLPatternSet& explicit_hosts, |
| 44 const OAuth2Scopes& scopes); |
| 45 |
| 46 |
| 47 // Creates a new permission set based on the specified data. |
| 48 PermissionSet(const APIPermissionSet& apis, |
| 49 const URLPatternSet& explicit_hosts, |
| 50 const URLPatternSet& scriptable_hosts); |
| 51 |
| 52 // Creates a new permission set that has oauth scopes in it. |
| 53 PermissionSet(const APIPermissionSet& apis, |
| 54 const URLPatternSet& explicit_hosts, |
| 55 const URLPatternSet& scriptable_hosts, |
| 56 const OAuth2Scopes& scopes); |
| 57 |
| 58 // Creates a new permission set containing only oauth scopes. |
| 59 explicit PermissionSet(const OAuth2Scopes& scopes); |
| 60 |
| 61 // Creates a new permission set equal to |set1| - |set2|, passing ownership of |
| 62 // the new set to the caller. |
| 63 static PermissionSet* CreateDifference( |
| 64 const PermissionSet* set1, const PermissionSet* set2); |
| 65 |
| 66 // Creates a new permission set equal to the intersection of |set1| and |
| 67 // |set2|, passing ownership of the new set to the caller. |
| 68 static PermissionSet* CreateIntersection( |
| 69 const PermissionSet* set1, const PermissionSet* set2); |
| 70 |
| 71 // Creates a new permission set equal to the union of |set1| and |set2|. |
| 72 // Passes ownership of the new set to the caller. |
| 73 static PermissionSet* CreateUnion( |
| 74 const PermissionSet* set1, const PermissionSet* set2); |
| 75 |
| 76 bool operator==(const PermissionSet& rhs) const; |
| 77 |
| 78 // Returns true if |set| is a subset of this. |
| 79 bool Contains(const PermissionSet& set) const; |
| 80 |
| 81 // Gets the API permissions in this set as a set of strings. |
| 82 std::set<std::string> GetAPIsAsStrings() const; |
| 83 |
| 84 // Gets the API permissions in this set, plus any that have implicit access |
| 85 // (such as APIs that require no permissions, or APIs with functions that |
| 86 // require no permissions). |
| 87 // TODO(kalman): return scoped_ptr to avoid copying. |
| 88 std::set<std::string> GetAPIsWithAnyAccessAsStrings() const; |
| 89 |
| 90 // Returns whether this namespace has any functions which the extension has |
| 91 // permission to use. For example, even though the extension may not have |
| 92 // the "tabs" permission, "tabs.create" requires no permissions so |
| 93 // HasAnyAPIPermission("tabs") will return true. |
| 94 bool HasAnyAccessToAPI(const std::string& api_name) const; |
| 95 |
| 96 // Gets a list of the distinct hosts for displaying to the user. |
| 97 // NOTE: do not use this for comparing permissions, since this disgards some |
| 98 // information. |
| 99 std::set<std::string> GetDistinctHostsForDisplay() const; |
| 100 |
| 101 // Gets the localized permission messages that represent this set. |
| 102 PermissionMessages GetPermissionMessages() const; |
| 103 |
| 104 // Gets the localized permission messages that represent this set (represented |
| 105 // as strings). |
| 106 std::vector<string16> GetWarningMessages() const; |
| 107 |
| 108 // Returns true if this is an empty set (e.g., the default permission set). |
| 109 bool IsEmpty() const; |
| 110 |
| 111 // Returns true if the set has the specified API permission. |
| 112 bool HasAPIPermission(APIPermission::ID permission) const; |
| 113 |
| 114 // Returns true if the permissions in this set grant access to the specified |
| 115 // |function_name|. |
| 116 bool HasAccessToFunction(const std::string& function_name) const; |
| 117 |
| 118 // Returns true if this includes permission to access |origin|. |
| 119 bool HasExplicitAccessToOrigin(const GURL& origin) const; |
| 120 |
| 121 // Returns true if this permission set includes access to script |url|. |
| 122 bool HasScriptableAccessToURL(const GURL& url) const; |
| 123 |
| 124 // Returns true if this permission set includes effective access to all |
| 125 // origins. |
| 126 bool HasEffectiveAccessToAllHosts() const; |
| 127 |
| 128 // Returns true if this permission set includes effective access to |url|. |
| 129 bool HasEffectiveAccessToURL(const GURL& url) const; |
| 130 |
| 131 // Returns ture if this permission set effectively represents full access |
| 132 // (e.g. native code). |
| 133 bool HasEffectiveFullAccess() const; |
| 134 |
| 135 // Returns true if |permissions| has a greater privilege level than this |
| 136 // permission set (e.g., this permission set has less permissions). |
| 137 bool HasLessPrivilegesThan(const PermissionSet* permissions) const; |
| 138 |
| 139 const APIPermissionSet& apis() const { return apis_; } |
| 140 |
| 141 const URLPatternSet& effective_hosts() const { return effective_hosts_; } |
| 142 |
| 143 const URLPatternSet& explicit_hosts() const { return explicit_hosts_; } |
| 144 |
| 145 const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; } |
| 146 |
| 147 const OAuth2Scopes& scopes() const { return scopes_; } |
| 148 |
| 149 private: |
| 150 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, HasLessHostPrivilegesThan); |
| 151 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, GetWarningMessages_AudioVideo); |
| 152 friend class base::RefCountedThreadSafe<PermissionSet>; |
| 153 |
| 154 ~PermissionSet(); |
| 155 |
| 156 static std::set<std::string> GetDistinctHosts( |
| 157 const URLPatternSet& host_patterns, |
| 158 bool include_rcd, |
| 159 bool exclude_file_scheme); |
| 160 |
| 161 // Initializes the set based on |extension|'s manifest data. |
| 162 void InitImplicitExtensionPermissions(const extensions::Extension* extension); |
| 163 |
| 164 // Initializes the effective host permission based on the data in this set. |
| 165 void InitEffectiveHosts(); |
| 166 |
| 167 // Gets the permission messages for the API permissions. |
| 168 std::set<PermissionMessage> GetSimplePermissionMessages() const; |
| 169 |
| 170 // Returns true if |permissions| has an elevated API privilege level than |
| 171 // this set. |
| 172 bool HasLessAPIPrivilegesThan( |
| 173 const PermissionSet* permissions) const; |
| 174 |
| 175 // Returns true if |permissions| has more host permissions compared to this |
| 176 // set. |
| 177 bool HasLessHostPrivilegesThan( |
| 178 const PermissionSet* permissions) const; |
| 179 |
| 180 // Returns true if |permissions| has more oauth2 scopes compared to this set. |
| 181 bool HasLessScopesThan(const PermissionSet* permissions) const; |
| 182 |
| 183 // The api list is used when deciding if an extension can access certain |
| 184 // extension APIs and features. |
| 185 APIPermissionSet apis_; |
| 186 |
| 187 // The list of hosts that can be accessed directly from the extension. |
| 188 // TODO(jstritar): Rename to "hosts_"? |
| 189 URLPatternSet explicit_hosts_; |
| 190 |
| 191 // The list of hosts that can be scripted by content scripts. |
| 192 // TODO(jstritar): Rename to "user_script_hosts_"? |
| 193 URLPatternSet scriptable_hosts_; |
| 194 |
| 195 // The list of hosts this effectively grants access to. |
| 196 URLPatternSet effective_hosts_; |
| 197 |
| 198 // A set of oauth2 scopes that are used by the identity API to create OAuth2 |
| 199 // tokens for accessing the Google Account of the signed-in sync account. |
| 200 OAuth2Scopes scopes_; |
| 201 }; |
| 202 |
| 203 } // namespace extensions |
| 204 |
| 205 #endif // CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSION_SET_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10649003:
Move each permission classes to its own files in extensions/permissions (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master