| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/extensions/permissions/permission_set.h" | 5 #include "chrome/common/extensions/permissions/permission_set.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <iterator> | 8 #include <iterator> |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 121 | 121 |
| 122 // static | 122 // static |
| 123 PermissionSet* PermissionSet::CreateDifference( | 123 PermissionSet* PermissionSet::CreateDifference( |
| 124 const PermissionSet* set1, | 124 const PermissionSet* set1, |
| 125 const PermissionSet* set2) { | 125 const PermissionSet* set2) { |
| 126 scoped_refptr<PermissionSet> empty = new PermissionSet(); | 126 scoped_refptr<PermissionSet> empty = new PermissionSet(); |
| 127 const PermissionSet* set1_safe = (set1 == NULL) ? empty : set1; | 127 const PermissionSet* set1_safe = (set1 == NULL) ? empty : set1; |
| 128 const PermissionSet* set2_safe = (set2 == NULL) ? empty : set2; | 128 const PermissionSet* set2_safe = (set2 == NULL) ? empty : set2; |
| 129 | 129 |
| 130 APIPermissionSet apis; | 130 APIPermissionSet apis; |
| 131 std::set_difference(set1_safe->apis().begin(), set1_safe->apis().end(), | 131 APIPermissionSet::Difference(set1_safe->apis(), set2_safe->apis(), &apis); |
| 132 set2_safe->apis().begin(), set2_safe->apis().end(), | |
| 133 std::insert_iterator<APIPermissionSet>( | |
| 134 apis, apis.begin())); | |
| 135 | 132 |
| 136 URLPatternSet explicit_hosts; | 133 URLPatternSet explicit_hosts; |
| 137 URLPatternSet::CreateDifference(set1_safe->explicit_hosts(), | 134 URLPatternSet::CreateDifference(set1_safe->explicit_hosts(), |
| 138 set2_safe->explicit_hosts(), | 135 set2_safe->explicit_hosts(), |
| 139 &explicit_hosts); | 136 &explicit_hosts); |
| 140 | 137 |
| 141 URLPatternSet scriptable_hosts; | 138 URLPatternSet scriptable_hosts; |
| 142 URLPatternSet::CreateDifference(set1_safe->scriptable_hosts(), | 139 URLPatternSet::CreateDifference(set1_safe->scriptable_hosts(), |
| 143 set2_safe->scriptable_hosts(), | 140 set2_safe->scriptable_hosts(), |
| 144 &scriptable_hosts); | 141 &scriptable_hosts); |
| 145 | 142 |
| 146 return new PermissionSet(apis, explicit_hosts, scriptable_hosts); | 143 return new PermissionSet(apis, explicit_hosts, scriptable_hosts); |
| 147 } | 144 } |
| 148 | 145 |
| 149 // static | 146 // static |
| 150 PermissionSet* PermissionSet::CreateIntersection( | 147 PermissionSet* PermissionSet::CreateIntersection( |
| 151 const PermissionSet* set1, | 148 const PermissionSet* set1, |
| 152 const PermissionSet* set2) { | 149 const PermissionSet* set2) { |
| 153 scoped_refptr<PermissionSet> empty = new PermissionSet(); | 150 scoped_refptr<PermissionSet> empty = new PermissionSet(); |
| 154 const PermissionSet* set1_safe = (set1 == NULL) ? empty : set1; | 151 const PermissionSet* set1_safe = (set1 == NULL) ? empty : set1; |
| 155 const PermissionSet* set2_safe = (set2 == NULL) ? empty : set2; | 152 const PermissionSet* set2_safe = (set2 == NULL) ? empty : set2; |
| 156 | 153 |
| 157 APIPermissionSet apis; | 154 APIPermissionSet apis; |
| 158 std::set_intersection(set1_safe->apis().begin(), set1_safe->apis().end(), | 155 APIPermissionSet::Intersection(set1_safe->apis(), set2_safe->apis(), &apis); |
| 159 set2_safe->apis().begin(), set2_safe->apis().end(), | 156 |
| 160 std::insert_iterator<APIPermissionSet>( | |
| 161 apis, apis.begin())); | |
| 162 URLPatternSet explicit_hosts; | 157 URLPatternSet explicit_hosts; |
| 163 URLPatternSet::CreateIntersection(set1_safe->explicit_hosts(), | 158 URLPatternSet::CreateIntersection(set1_safe->explicit_hosts(), |
| 164 set2_safe->explicit_hosts(), | 159 set2_safe->explicit_hosts(), |
| 165 &explicit_hosts); | 160 &explicit_hosts); |
| 166 | 161 |
| 167 URLPatternSet scriptable_hosts; | 162 URLPatternSet scriptable_hosts; |
| 168 URLPatternSet::CreateIntersection(set1_safe->scriptable_hosts(), | 163 URLPatternSet::CreateIntersection(set1_safe->scriptable_hosts(), |
| 169 set2_safe->scriptable_hosts(), | 164 set2_safe->scriptable_hosts(), |
| 170 &scriptable_hosts); | 165 &scriptable_hosts); |
| 171 | 166 |
| 172 return new PermissionSet(apis, explicit_hosts, scriptable_hosts); | 167 return new PermissionSet(apis, explicit_hosts, scriptable_hosts); |
| 173 } | 168 } |
| 174 | 169 |
| 175 // static | 170 // static |
| 176 PermissionSet* PermissionSet::CreateUnion( | 171 PermissionSet* PermissionSet::CreateUnion( |
| 177 const PermissionSet* set1, | 172 const PermissionSet* set1, |
| 178 const PermissionSet* set2) { | 173 const PermissionSet* set2) { |
| 179 scoped_refptr<PermissionSet> empty = new PermissionSet(); | 174 scoped_refptr<PermissionSet> empty = new PermissionSet(); |
| 180 const PermissionSet* set1_safe = (set1 == NULL) ? empty : set1; | 175 const PermissionSet* set1_safe = (set1 == NULL) ? empty : set1; |
| 181 const PermissionSet* set2_safe = (set2 == NULL) ? empty : set2; | 176 const PermissionSet* set2_safe = (set2 == NULL) ? empty : set2; |
| 182 | 177 |
| 183 APIPermissionSet apis; | 178 APIPermissionSet apis; |
| 184 std::set_union(set1_safe->apis().begin(), set1_safe->apis().end(), | 179 APIPermissionSet::Union(set1_safe->apis(), set2_safe->apis(), &apis); |
| 185 set2_safe->apis().begin(), set2_safe->apis().end(), | |
| 186 std::insert_iterator<APIPermissionSet>( | |
| 187 apis, apis.begin())); | |
| 188 | 180 |
| 189 URLPatternSet explicit_hosts; | 181 URLPatternSet explicit_hosts; |
| 190 URLPatternSet::CreateUnion(set1_safe->explicit_hosts(), | 182 URLPatternSet::CreateUnion(set1_safe->explicit_hosts(), |
| 191 set2_safe->explicit_hosts(), | 183 set2_safe->explicit_hosts(), |
| 192 &explicit_hosts); | 184 &explicit_hosts); |
| 193 | 185 |
| 194 URLPatternSet scriptable_hosts; | 186 URLPatternSet scriptable_hosts; |
| 195 URLPatternSet::CreateUnion(set1_safe->scriptable_hosts(), | 187 URLPatternSet::CreateUnion(set1_safe->scriptable_hosts(), |
| 196 set2_safe->scriptable_hosts(), | 188 set2_safe->scriptable_hosts(), |
| 197 &scriptable_hosts); | 189 &scriptable_hosts); |
| 198 | 190 |
| 199 return new PermissionSet(apis, explicit_hosts, scriptable_hosts); | 191 return new PermissionSet(apis, explicit_hosts, scriptable_hosts); |
| 200 } | 192 } |
| 201 | 193 |
| 202 bool PermissionSet::operator==( | 194 bool PermissionSet::operator==( |
| 203 const PermissionSet& rhs) const { | 195 const PermissionSet& rhs) const { |
| 204 return apis_ == rhs.apis_ && | 196 return apis_ == rhs.apis_ && |
| 205 scriptable_hosts_ == rhs.scriptable_hosts_ && | 197 scriptable_hosts_ == rhs.scriptable_hosts_ && |
| 206 explicit_hosts_ == rhs.explicit_hosts_; | 198 explicit_hosts_ == rhs.explicit_hosts_; |
| 207 } | 199 } |
| 208 | 200 |
| 209 bool PermissionSet::Contains(const PermissionSet& set) const { | 201 bool PermissionSet::Contains(const PermissionSet& set) const { |
| 210 // Every set includes the empty set. | 202 // Every set includes the empty set. |
| 211 if (set.IsEmpty()) | 203 if (set.IsEmpty()) |
| 212 return true; | 204 return true; |
| 213 | 205 |
| 214 if (!std::includes(apis_.begin(), apis_.end(), | 206 if (!apis_.Contains(set.apis())) |
| 215 set.apis().begin(), set.apis().end())) | 207 return false; |
| 216 return false; | |
| 217 | 208 |
| 218 if (!explicit_hosts().Contains(set.explicit_hosts())) | 209 if (!explicit_hosts().Contains(set.explicit_hosts())) |
| 219 return false; | 210 return false; |
| 220 | 211 |
| 221 if (!scriptable_hosts().Contains(set.scriptable_hosts())) | 212 if (!scriptable_hosts().Contains(set.scriptable_hosts())) |
| 222 return false; | 213 return false; |
| 223 | 214 |
| 224 return true; | 215 return true; |
| 225 } | 216 } |
| 226 | 217 |
| 227 std::set<std::string> PermissionSet::GetAPIsAsStrings() const { | 218 std::set<std::string> PermissionSet::GetAPIsAsStrings() const { |
| 228 PermissionsInfo* info = PermissionsInfo::GetInstance(); | |
| 229 std::set<std::string> apis_str; | 219 std::set<std::string> apis_str; |
| 230 for (APIPermissionSet::const_iterator i = apis_.begin(); | 220 for (APIPermissionSet::const_iterator i = apis_.begin(); |
| 231 i != apis_.end(); ++i) { | 221 i != apis_.end(); ++i) { |
| 232 APIPermission* permission = info->GetByID(*i); | 222 apis_str.insert(i->name()); |
| 233 if (permission) | |
| 234 apis_str.insert(permission->name()); | |
| 235 } | 223 } |
| 236 return apis_str; | 224 return apis_str; |
| 237 } | 225 } |
| 238 | 226 |
| 239 std::set<std::string> PermissionSet:: | 227 std::set<std::string> PermissionSet:: |
| 240 GetAPIsWithAnyAccessAsStrings() const { | 228 GetAPIsWithAnyAccessAsStrings() const { |
| 241 std::set<std::string> result = GetAPIsAsStrings(); | 229 std::set<std::string> result = GetAPIsAsStrings(); |
| 242 for (size_t i = 0; i < kNumNonPermissionModuleNames; ++i) | 230 for (size_t i = 0; i < kNumNonPermissionModuleNames; ++i) |
| 243 result.insert(kNonPermissionModuleNames[i]); | 231 result.insert(kNonPermissionModuleNames[i]); |
| 244 for (size_t i = 0; i < kNumNonPermissionFunctionNames; ++i) | 232 for (size_t i = 0; i < kNumNonPermissionFunctionNames; ++i) |
| (...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 333 bool PermissionSet::IsEmpty() const { | 321 bool PermissionSet::IsEmpty() const { |
| 334 // Not default if any host permissions are present. | 322 // Not default if any host permissions are present. |
| 335 if (!(explicit_hosts().is_empty() && scriptable_hosts().is_empty())) | 323 if (!(explicit_hosts().is_empty() && scriptable_hosts().is_empty())) |
| 336 return false; | 324 return false; |
| 337 | 325 |
| 338 // Or if it has no api permissions. | 326 // Or if it has no api permissions. |
| 339 return apis().empty(); | 327 return apis().empty(); |
| 340 } | 328 } |
| 341 | 329 |
| 342 bool PermissionSet::HasAPIPermission( | 330 bool PermissionSet::HasAPIPermission( |
| 343 APIPermission::ID permission) const { | 331 APIPermission::ID id) const { |
| 344 return apis().find(permission) != apis().end(); | 332 return apis().find(id) != apis().end(); |
| 333 } |
| 334 |
| 335 bool PermissionSet::CheckAPIPermission(APIPermission::ID permission) const { |
| 336 return CheckAPIPermissionWithDetail(permission, NULL); |
| 337 } |
| 338 |
| 339 bool PermissionSet::CheckAPIPermissionWithDetail( |
| 340 APIPermission::ID permission, |
| 341 const APIPermissionDetail::CheckParam* param) const { |
| 342 APIPermissionSet::const_iterator iter = apis().find(permission); |
| 343 if (iter == apis().end()) |
| 344 return false; |
| 345 return iter->Check(param); |
| 345 } | 346 } |
| 346 | 347 |
| 347 bool PermissionSet::HasAccessToFunction( | 348 bool PermissionSet::HasAccessToFunction( |
| 348 const std::string& function_name) const { | 349 const std::string& function_name) const { |
| 349 // TODO(jstritar): Embed this information in each permission and add a method | 350 // TODO(jstritar): Embed this information in each permission and add a method |
| 350 // like GrantsAccess(function_name) to APIPermission. A "default" | 351 // like GrantsAccess(function_name) to APIPermission. A "default" |
| 351 // permission can then handle the modules and functions that everyone can | 352 // permission can then handle the modules and functions that everyone can |
| 352 // access. | 353 // access. |
| 353 for (size_t i = 0; i < kNumNonPermissionFunctionNames; ++i) { | 354 for (size_t i = 0; i < kNumNonPermissionFunctionNames; ++i) { |
| 354 if (function_name == kNonPermissionFunctionNames[i]) | 355 if (function_name == kNonPermissionFunctionNames[i]) |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 387 // There are two ways this set can have effective access to all hosts: | 388 // There are two ways this set can have effective access to all hosts: |
| 388 // 1) it has an <all_urls> URL pattern. | 389 // 1) it has an <all_urls> URL pattern. |
| 389 // 2) it has a named permission with implied full URL access. | 390 // 2) it has a named permission with implied full URL access. |
| 390 for (URLPatternSet::const_iterator host = effective_hosts().begin(); | 391 for (URLPatternSet::const_iterator host = effective_hosts().begin(); |
| 391 host != effective_hosts().end(); ++host) { | 392 host != effective_hosts().end(); ++host) { |
| 392 if (host->match_all_urls() || | 393 if (host->match_all_urls() || |
| 393 (host->match_subdomains() && host->host().empty())) | 394 (host->match_subdomains() && host->host().empty())) |
| 394 return true; | 395 return true; |
| 395 } | 396 } |
| 396 | 397 |
| 397 PermissionsInfo* info = PermissionsInfo::GetInstance(); | |
| 398 for (APIPermissionSet::const_iterator i = apis().begin(); | 398 for (APIPermissionSet::const_iterator i = apis().begin(); |
| 399 i != apis().end(); ++i) { | 399 i != apis().end(); ++i) { |
| 400 APIPermission* permission = info->GetByID(*i); | 400 if (i->permission()->implies_full_url_access()) |
| 401 if (permission->implies_full_url_access()) | |
| 402 return true; | 401 return true; |
| 403 } | 402 } |
| 404 return false; | 403 return false; |
| 405 } | 404 } |
| 406 | 405 |
| 407 bool PermissionSet::HasEffectiveAccessToURL( | 406 bool PermissionSet::HasEffectiveAccessToURL( |
| 408 const GURL& url) const { | 407 const GURL& url) const { |
| 409 return effective_hosts().MatchesURL(url); | 408 return effective_hosts().MatchesURL(url); |
| 410 } | 409 } |
| 411 | 410 |
| 412 bool PermissionSet::HasEffectiveFullAccess() const { | 411 bool PermissionSet::HasEffectiveFullAccess() const { |
| 413 PermissionsInfo* info = PermissionsInfo::GetInstance(); | |
| 414 for (APIPermissionSet::const_iterator i = apis().begin(); | 412 for (APIPermissionSet::const_iterator i = apis().begin(); |
| 415 i != apis().end(); ++i) { | 413 i != apis().end(); ++i) { |
| 416 APIPermission* permission = info->GetByID(*i); | 414 if (i->permission()->implies_full_access()) |
| 417 if (permission->implies_full_access()) | |
| 418 return true; | 415 return true; |
| 419 } | 416 } |
| 420 return false; | 417 return false; |
| 421 } | 418 } |
| 422 | 419 |
| 423 bool PermissionSet::HasLessPrivilegesThan( | 420 bool PermissionSet::HasLessPrivilegesThan( |
| 424 const PermissionSet* permissions) const { | 421 const PermissionSet* permissions) const { |
| 425 // Things can't get worse than native code access. | 422 // Things can't get worse than native code access. |
| 426 if (HasEffectiveFullAccess()) | 423 if (HasEffectiveFullAccess()) |
| 427 return false; | 424 return false; |
| (...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 537 } | 534 } |
| 538 | 535 |
| 539 std::set<PermissionMessage> | 536 std::set<PermissionMessage> |
| 540 PermissionSet::GetSimplePermissionMessages() const { | 537 PermissionSet::GetSimplePermissionMessages() const { |
| 541 std::set<PermissionMessage> messages; | 538 std::set<PermissionMessage> messages; |
| 542 PermissionsInfo* info = PermissionsInfo::GetInstance(); | 539 PermissionsInfo* info = PermissionsInfo::GetInstance(); |
| 543 for (APIPermissionSet::const_iterator i = apis_.begin(); | 540 for (APIPermissionSet::const_iterator i = apis_.begin(); |
| 544 i != apis_.end(); ++i) { | 541 i != apis_.end(); ++i) { |
| 545 DCHECK_GT(PermissionMessage::kNone, | 542 DCHECK_GT(PermissionMessage::kNone, |
| 546 PermissionMessage::kUnknown); | 543 PermissionMessage::kUnknown); |
| 547 APIPermission* perm = info->GetByID(*i); | 544 APIPermission* perm = info->GetByID(i->id()); |
| 548 if (perm && perm->message_id() > PermissionMessage::kNone) | 545 if (perm && perm->message_id() > PermissionMessage::kNone) |
| 549 messages.insert(perm->GetMessage_()); | 546 messages.insert(perm->GetMessage_()); |
| 550 } | 547 } |
| 551 return messages; | 548 return messages; |
| 552 } | 549 } |
| 553 | 550 |
| 554 bool PermissionSet::HasLessAPIPrivilegesThan( | 551 bool PermissionSet::HasLessAPIPrivilegesThan( |
| 555 const PermissionSet* permissions) const { | 552 const PermissionSet* permissions) const { |
| 556 if (permissions == NULL) | 553 if (permissions == NULL) |
| 557 return false; | 554 return false; |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 591 std::set<std::string> new_hosts_only; | 588 std::set<std::string> new_hosts_only; |
| 592 | 589 |
| 593 std::set_difference(new_hosts_set.begin(), new_hosts_set.end(), | 590 std::set_difference(new_hosts_set.begin(), new_hosts_set.end(), |
| 594 old_hosts_set.begin(), old_hosts_set.end(), | 591 old_hosts_set.begin(), old_hosts_set.end(), |
| 595 std::inserter(new_hosts_only, new_hosts_only.begin())); | 592 std::inserter(new_hosts_only, new_hosts_only.begin())); |
| 596 | 593 |
| 597 return !new_hosts_only.empty(); | 594 return !new_hosts_only.empty(); |
| 598 } | 595 } |
| 599 | 596 |
| 600 } // namespace extensions | 597 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10692160:
Support socket endpoint permissions for AppsV2 Socket API. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master