| Index: chrome/common/extensions/permissions/permissions_data.h
|
| diff --git a/chrome/common/extensions/permissions/permissions_data.h b/chrome/common/extensions/permissions/permissions_data.h
|
| index 95c26c618e893f84500bc3e00bba5bf47cf963a3..3a8d41b8374319f99d8837cb59aee1f5e2852db7 100644
|
| --- a/chrome/common/extensions/permissions/permissions_data.h
|
| +++ b/chrome/common/extensions/permissions/permissions_data.h
|
| @@ -5,32 +5,34 @@
|
| #ifndef CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_
|
| #define CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_
|
|
|
| +#include <map>
|
| +#include <vector>
|
| +
|
| #include "base/memory/ref_counted.h"
|
| #include "base/memory/scoped_ptr.h"
|
| #include "base/string16.h"
|
| +#include "base/synchronization/lock.h"
|
| +#include "chrome/common/extensions/permissions/api_permission.h"
|
| +#include "chrome/common/extensions/permissions/permission_message.h"
|
| +
|
| +class GURL;
|
|
|
| namespace extensions {
|
|
|
| class PermissionSet;
|
| class APIPermissionSet;
|
| class Extension;
|
| +class URLPatternSet;
|
| +class UserScript;
|
|
|
| // A container for the permissions data of the extension; also responsible for
|
| -// parsing the "permissions" and "optional_permissions" manifest keys.
|
| -// This class holds the permissions which were established in the extension's
|
| -// manifest; the runtime extensions of the extension (which may be different)
|
| -// are stored in Extension::RuntimeData.
|
| +// parsing the "permissions" and "optional_permissions" manifest keys. This
|
| +// class also contains the active (runtime) permissions for the extension.
|
| class PermissionsData {
|
| public:
|
| PermissionsData();
|
| ~PermissionsData();
|
|
|
| - // Parse the permissions of a given extension in the initialization process.
|
| - bool ParsePermissions(Extension* extension, string16* error);
|
| -
|
| - // Finalize permissions after the initialization process completes.
|
| - void FinalizePermissions(Extension* extension);
|
| -
|
| // Return the optional or required permission set for the given |extension|.
|
| static const PermissionSet* GetOptionalPermissions(
|
| const Extension* extension);
|
| @@ -43,8 +45,114 @@ class PermissionsData {
|
| const Extension* extension);
|
| static APIPermissionSet* GetInitialAPIPermissions(Extension* extension);
|
|
|
| + // Return the active (runtime) permissions for the given |extension|.
|
| + static scoped_refptr<const PermissionSet> GetActivePermissions(
|
| + const Extension* extension);
|
| + // Sets the runtime permissions of the given |extension| to |permissions|.
|
| + static void SetActivePermissions(const Extension* extension,
|
| + const PermissionSet* active);
|
| +
|
| + // Gets the tab-specific host permissions of |tab_id|, or NULL if there
|
| + // aren't any.
|
| + static scoped_refptr<const PermissionSet> GetTabSpecificPermissions(
|
| + const Extension* extension,
|
| + int tab_id);
|
| + // Updates the tab-specific permissions of |tab_id| to include those from
|
| + // |permissions|.
|
| + static void UpdateTabSpecificPermissions(
|
| + const Extension* extension,
|
| + int tab_id,
|
| + scoped_refptr<const PermissionSet> permissions);
|
| + // Clears the tab-specific permissions of |tab_id|.
|
| + static void ClearTabSpecificPermissions(const Extension* extension,
|
| + int tab_id);
|
| +
|
| + // Returns true if the |extension| has the given |permission|. Prefer
|
| + // IsExtensionWithPermissionOrSuggestInConsole when developers may be using an
|
| + // api that requires a permission they didn't know about, e.g. open web apis.
|
| + static bool HasAPIPermission(const Extension* extension,
|
| + APIPermission::ID permission);
|
| + static bool HasAPIPermission(const Extension* extension,
|
| + const std::string& function_name);
|
| + static bool HasAPIPermissionForTab(const Extension* extension,
|
| + int tab_id,
|
| + APIPermission::ID permission);
|
| +
|
| + static bool CheckAPIPermissionWithParam(
|
| + const Extension* extension,
|
| + APIPermission::ID permission,
|
| + const APIPermission::CheckParam* param);
|
| +
|
| + static const URLPatternSet& GetEffectiveHostPermissions(
|
| + const Extension* extension);
|
| +
|
| + // Returns true if the |extension| can silently increase its permission level.
|
| + // Users must approve permissions for unpacked and packed extensions in the
|
| + // following situations:
|
| + // - when installing or upgrading packed extensions
|
| + // - when installing unpacked extensions that have NPAPI plugins
|
| + // - when either type of extension requests optional permissions
|
| + static bool CanSilentlyIncreasePermissions(const Extension* extension);
|
| +
|
| + // Returns true if the extension does not require permission warnings
|
| + // to be displayed at install time.
|
| + static bool ShouldSkipPermissionWarnings(const Extension* extension);
|
| +
|
| + // Whether the |extension| has access to the given |url|.
|
| + static bool HasHostPermission(const Extension* extension, const GURL& url);
|
| +
|
| + // Whether the |extension| has effective access to all hosts. This is true if
|
| + // there is a content script that matches all hosts, if there is a host
|
| + // permission grants access to all hosts (like <all_urls>) or an api
|
| + // permission that effectively grants access to all hosts (e.g. proxy,
|
| + // network, etc.)
|
| + static bool HasEffectiveAccessToAllHosts(const Extension* extension);
|
| +
|
| + // Returns the full list of permission messages that the given |extension|
|
| + // should display at install time.
|
| + static PermissionMessages GetPermissionMessages(const Extension* extension);
|
| + // Returns the full list of permission messages that the given |extension|
|
| + // should display at install time. The messages are returned as strings
|
| + // for convenience.
|
| + static std::vector<string16> GetPermissionMessageStrings(
|
| + const Extension* extension);
|
| +
|
| + // Returns true if the given |extension| can execute script on a page. If a
|
| + // UserScript object is passed, permission to run that specific script is
|
| + // checked (using its matches list). Otherwise, permission to execute script
|
| + // programmatically is checked (using the extension's host permission).
|
| + //
|
| + // This method is also aware of certain special pages that extensions are
|
| + // usually not allowed to run script on.
|
| + static bool CanExecuteScriptOnPage(const Extension* extension,
|
| + const GURL& document_url,
|
| + const GURL& top_document_url,
|
| + int tab_id,
|
| + const UserScript* script,
|
| + std::string* error);
|
| +
|
| + // Returns true if the given |extension| is a COMPONENT extension, or if it is
|
| + // on the whitelist of extensions that can script all pages.
|
| + static bool CanExecuteScriptEverywhere(const Extension* extension);
|
| +
|
| + // Returns true if the |extension| is allowed to obtain the contents of a
|
| + // page as an image. Since a page may contain sensitive information, this
|
| + // is restricted to the extension's host permissions as well as the
|
| + // extension page itself.
|
| + static bool CanCaptureVisiblePage(const Extension* extension,
|
| + const GURL& page_url,
|
| + int tab_id,
|
| + std::string* error);
|
| +
|
| + // Parse the permissions of a given extension in the initialization process.
|
| + bool ParsePermissions(Extension* extension, string16* error);
|
| +
|
| + // Finalize permissions after the initialization process completes.
|
| + void FinalizePermissions(Extension* extension);
|
| +
|
| private:
|
| struct InitialPermissions;
|
| + typedef std::map<int, scoped_refptr<const PermissionSet> > TabPermissionsMap;
|
|
|
| // Temporary permissions during the initialization process; NULL after
|
| // initialization completes.
|
| @@ -57,6 +165,14 @@ class PermissionsData {
|
| // The extension's required / default set of permissions.
|
| scoped_refptr<const PermissionSet> required_permission_set_;
|
|
|
| + mutable base::Lock runtime_lock_;
|
| +
|
| + // The permission's which are currently active on the extension during
|
| + // runtime.
|
| + mutable scoped_refptr<const PermissionSet> active_permissions_;
|
| +
|
| + mutable TabPermissionsMap tab_specific_permissions_;
|
| +
|
| DISALLOW_COPY_AND_ASSIGN(PermissionsData);
|
| };
|
|
|
|
|
Chromium Code Reviews
Issue 14651017:
Move RuntimeData and related permissions out of Extension class (Closed)
Base URL: http://git.chromium.org/chromium/src.git@dc_unref_permissions