Move RuntimeData and related permissions out of Extension class

chrome/common/extensions/permissions/permissions_data.h

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_
 #define CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_
 
+#include <map>
+#include <vector>
+
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/string16.h"
+#include "base/synchronization/lock.h"
+#include "chrome/common/extensions/permissions/api_permission.h"
+#include "chrome/common/extensions/permissions/permission_message.h"
+
+class GURL;
 
 namespace extensions {
 
 class PermissionSet;
 class APIPermissionSet;
 class Extension;
+class URLPatternSet;
+class UserScript;
 
 // A container for the permissions data of the extension; also responsible for
-// parsing the "permissions" and "optional_permissions" manifest keys.
-// This class holds the permissions which were established in the extension's
-// manifest; the runtime extensions of the extension (which may be different)
-// are stored in Extension::RuntimeData.
+// parsing the "permissions" and "optional_permissions" manifest keys. This
+// class also contains the active (runtime) permissions for the extension.
 class PermissionsData {
  public:
   PermissionsData();
   ~PermissionsData();
 
-  // Parse the permissions of a given extension in the initialization process.
-  bool ParsePermissions(Extension* extension, string16* error);
-
-  // Finalize permissions after the initialization process completes.
-  void FinalizePermissions(Extension* extension);
-
   // Return the optional or required permission set for the given |extension|.
   static const PermissionSet* GetOptionalPermissions(
       const Extension* extension);
   static const PermissionSet* GetRequiredPermissions(
       const Extension* extension);
 
   // Return the temporary API permission set which is used during extension
   // initialization. Once initialization completes, this is NULL.
   static const APIPermissionSet* GetInitialAPIPermissions(
       const Extension* extension);
   static APIPermissionSet* GetInitialAPIPermissions(Extension* extension);
 
+  // Return the active (runtime) permissions for the given |extension|.
+  static scoped_refptr<const PermissionSet> GetActivePermissions(
+      const Extension* extension);
+  // Sets the runtime permissions of the given |extension| to |permissions|.
+  static void SetActivePermissions(const Extension* extension,
+                                   const PermissionSet* active);
+
+  // Gets the tab-specific host permissions of |tab_id|, or NULL if there
+  // aren't any.
+  static scoped_refptr<const PermissionSet> GetTabSpecificPermissions(
+      const Extension* extension,
+      int tab_id);
+  // Updates the tab-specific permissions of |tab_id| to include those from
+  // |permissions|.
+  static void UpdateTabSpecificPermissions(
+      const Extension* extension,
+      int tab_id,
+      scoped_refptr<const PermissionSet> permissions);
+  // Clears the tab-specific permissions of |tab_id|.
+  static void ClearTabSpecificPermissions(const Extension* extension,
+                                          int tab_id);
+
+  // Returns true if the |extension| has the given |permission|. Prefer
+  // IsExtensionWithPermissionOrSuggestInConsole when developers may be using an
+  // api that requires a permission they didn't know about, e.g. open web apis.
+  static bool HasAPIPermission(const Extension* extension,
+                               APIPermission::ID permission);
+  static bool HasAPIPermission(const Extension* extension,
+                               const std::string& function_name);
+  static bool HasAPIPermissionForTab(const Extension* extension,
+                                     int tab_id,
+                                     APIPermission::ID permission);
+
+  static bool CheckAPIPermissionWithParam(
+      const Extension* extension,
+      APIPermission::ID permission,
+      const APIPermission::CheckParam* param);
+
+  static const URLPatternSet& GetEffectiveHostPermissions(
+      const Extension* extension);
+
+  // Returns true if the |extension| can silently increase its permission level.
+  // Users must approve permissions for unpacked and packed extensions in the
+  // following situations:
+  //  - when installing or upgrading packed extensions
+  //  - when installing unpacked extensions that have NPAPI plugins
+  //  - when either type of extension requests optional permissions
+  static bool CanSilentlyIncreasePermissions(const Extension* extension);
+
+  // Returns true if the extension does not require permission warnings
+  // to be displayed at install time.
+  static bool ShouldSkipPermissionWarnings(const Extension* extension);
+
+  // Whether the |extension| has access to the given |url|.
+  static bool HasHostPermission(const Extension* extension, const GURL& url);
+
+  // Whether the |extension| has effective access to all hosts. This is true if
+  // there is a content script that matches all hosts, if there is a host
+  // permission grants access to all hosts (like <all_urls>) or an api
+  // permission that effectively grants access to all hosts (e.g. proxy,
+  // network, etc.)
+  static bool HasEffectiveAccessToAllHosts(const Extension* extension);
+
+  // Returns the full list of permission messages that the given |extension|
+  // should display at install time.
+  static PermissionMessages GetPermissionMessages(const Extension* extension);
+  // Returns the full list of permission messages that the given |extension|
+  // should display at install time. The messages are returned as strings
+  // for convenience.
+  static std::vector<string16> GetPermissionMessageStrings(
+      const Extension* extension);
+
+  // Returns true if the given |extension| can execute script on a page. If a
+  // UserScript object is passed, permission to run that specific script is
+  // checked (using its matches list). Otherwise, permission to execute script
+  // programmatically is checked (using the extension's host permission).
+  //
+  // This method is also aware of certain special pages that extensions are
+  // usually not allowed to run script on.
+  static bool CanExecuteScriptOnPage(const Extension* extension,
+                                     const GURL& document_url,
+                                     const GURL& top_document_url,
+                                     int tab_id,
+                                     const UserScript* script,
+                                     std::string* error);
+
+  // Returns true if the given |extension| is a COMPONENT extension, or if it is
+  // on the whitelist of extensions that can script all pages.
+  static bool CanExecuteScriptEverywhere(const Extension* extension);
+
+  // Returns true if the |extension| is allowed to obtain the contents of a
+  // page as an image.  Since a page may contain sensitive information, this
+  // is restricted to the extension's host permissions as well as the
+  // extension page itself.
+  static bool CanCaptureVisiblePage(const Extension* extension,
+                                    const GURL& page_url,
+                                    int tab_id,
+                                    std::string* error);
+
+  // Parse the permissions of a given extension in the initialization process.
+  bool ParsePermissions(Extension* extension, string16* error);
+
+  // Finalize permissions after the initialization process completes.
+  void FinalizePermissions(Extension* extension);
+
  private:
   struct InitialPermissions;
+  typedef std::map<int, scoped_refptr<const PermissionSet> > TabPermissionsMap;
 
   // Temporary permissions during the initialization process; NULL after
   // initialization completes.
   scoped_ptr<InitialPermissions> initial_required_permissions_;
   scoped_ptr<InitialPermissions> initial_optional_permissions_;
 
   // The set of permissions the extension can request at runtime.
   scoped_refptr<const PermissionSet> optional_permission_set_;
 
   // The extension's required / default set of permissions.
   scoped_refptr<const PermissionSet> required_permission_set_;
 
+  mutable base::Lock runtime_lock_;
+
+  // The permission's which are currently active on the extension during
+  // runtime.
+  mutable scoped_refptr<const PermissionSet> active_permissions_;
+
+  mutable TabPermissionsMap tab_specific_permissions_;
+
   DISALLOW_COPY_AND_ASSIGN(PermissionsData);
 };
 
 }  // namespace extensions
 
 #endif  // CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_