| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_ | |
| 6 #define CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_ | |
| 7 | |
| 8 #include <map> | |
| 9 #include <vector> | |
| 10 | |
| 11 #include "base/memory/ref_counted.h" | |
| 12 #include "base/memory/scoped_ptr.h" | |
| 13 #include "base/strings/string16.h" | |
| 14 #include "base/synchronization/lock.h" | |
| 15 #include "extensions/common/permissions/api_permission.h" | |
| 16 #include "extensions/common/permissions/permission_message.h" | |
| 17 | |
| 18 class GURL; | |
| 19 | |
| 20 namespace extensions { | |
| 21 | |
| 22 class PermissionSet; | |
| 23 class APIPermissionSet; | |
| 24 class Extension; | |
| 25 class ManifestPermissionSet; | |
| 26 class URLPatternSet; | |
| 27 class UserScript; | |
| 28 | |
| 29 // A container for the permissions data of the extension; also responsible for | |
| 30 // parsing the "permissions" and "optional_permissions" manifest keys. This | |
| 31 // class also contains the active (runtime) permissions for the extension. | |
| 32 class PermissionsData { | |
| 33 public: | |
| 34 PermissionsData(); | |
| 35 ~PermissionsData(); | |
| 36 | |
| 37 // Delegate class to allow different contexts (e.g. browser vs renderer) to | |
| 38 // have control over policy decisions. | |
| 39 class PolicyDelegate { | |
| 40 public: | |
| 41 virtual ~PolicyDelegate() {} | |
| 42 | |
| 43 // Returns false if script access should be blocked on this page. | |
| 44 // Otherwise, default policy should decide. | |
| 45 virtual bool CanExecuteScriptOnPage(const Extension* extension, | |
| 46 const GURL& document_url, | |
| 47 const GURL& top_document_url, | |
| 48 int tab_id, | |
| 49 const UserScript* script, | |
| 50 int process_id, | |
| 51 std::string* error) = 0; | |
| 52 }; | |
| 53 | |
| 54 static void SetPolicyDelegate(PolicyDelegate* delegate); | |
| 55 | |
| 56 // Return the optional or required permission set for the given |extension|. | |
| 57 static const PermissionSet* GetOptionalPermissions( | |
| 58 const Extension* extension); | |
| 59 static const PermissionSet* GetRequiredPermissions( | |
| 60 const Extension* extension); | |
| 61 | |
| 62 // Return the temporary API permission set which is used during extension | |
| 63 // initialization. Once initialization completes, this is NULL. | |
| 64 static const APIPermissionSet* GetInitialAPIPermissions( | |
| 65 const Extension* extension); | |
| 66 static APIPermissionSet* GetInitialAPIPermissions(Extension* extension); | |
| 67 | |
| 68 // Set the scriptable hosts for the given |extension| during initialization. | |
| 69 static void SetInitialScriptableHosts(Extension* extension, | |
| 70 const URLPatternSet& scriptable_hosts); | |
| 71 | |
| 72 // Return the active (runtime) permissions for the given |extension|. | |
| 73 static scoped_refptr<const PermissionSet> GetActivePermissions( | |
| 74 const Extension* extension); | |
| 75 // Sets the runtime permissions of the given |extension| to |permissions|. | |
| 76 static void SetActivePermissions(const Extension* extension, | |
| 77 const PermissionSet* active); | |
| 78 | |
| 79 // Gets the tab-specific host permissions of |tab_id|, or NULL if there | |
| 80 // aren't any. | |
| 81 static scoped_refptr<const PermissionSet> GetTabSpecificPermissions( | |
| 82 const Extension* extension, | |
| 83 int tab_id); | |
| 84 // Updates the tab-specific permissions of |tab_id| to include those from | |
| 85 // |permissions|. | |
| 86 static void UpdateTabSpecificPermissions( | |
| 87 const Extension* extension, | |
| 88 int tab_id, | |
| 89 scoped_refptr<const PermissionSet> permissions); | |
| 90 // Clears the tab-specific permissions of |tab_id|. | |
| 91 static void ClearTabSpecificPermissions(const Extension* extension, | |
| 92 int tab_id); | |
| 93 | |
| 94 // Returns true if the |extension| has the given |permission|. Prefer | |
| 95 // IsExtensionWithPermissionOrSuggestInConsole when developers may be using an | |
| 96 // api that requires a permission they didn't know about, e.g. open web apis. | |
| 97 // Note this does not include APIs with no corresponding permission, like | |
| 98 // "runtime" or "browserAction". | |
| 99 // TODO(mpcomplete): drop the "API" from these names, it's confusing. | |
| 100 static bool HasAPIPermission(const Extension* extension, | |
| 101 APIPermission::ID permission); | |
| 102 static bool HasAPIPermission(const Extension* extension, | |
| 103 const std::string& permission_name); | |
| 104 static bool HasAPIPermissionForTab(const Extension* extension, | |
| 105 int tab_id, | |
| 106 APIPermission::ID permission); | |
| 107 | |
| 108 static bool CheckAPIPermissionWithParam( | |
| 109 const Extension* extension, | |
| 110 APIPermission::ID permission, | |
| 111 const APIPermission::CheckParam* param); | |
| 112 | |
| 113 static const URLPatternSet& GetEffectiveHostPermissions( | |
| 114 const Extension* extension); | |
| 115 | |
| 116 // Returns true if the |extension| can silently increase its permission level. | |
| 117 // Users must approve permissions for unpacked and packed extensions in the | |
| 118 // following situations: | |
| 119 // - when installing or upgrading packed extensions | |
| 120 // - when installing unpacked extensions that have NPAPI plugins | |
| 121 // - when either type of extension requests optional permissions | |
| 122 static bool CanSilentlyIncreasePermissions(const Extension* extension); | |
| 123 | |
| 124 // Returns true if the extension does not require permission warnings | |
| 125 // to be displayed at install time. | |
| 126 static bool ShouldSkipPermissionWarnings(const Extension* extension); | |
| 127 | |
| 128 // Whether the |extension| has access to the given |url|. | |
| 129 static bool HasHostPermission(const Extension* extension, const GURL& url); | |
| 130 | |
| 131 // Whether the |extension| has effective access to all hosts. This is true if | |
| 132 // there is a content script that matches all hosts, if there is a host | |
| 133 // permission grants access to all hosts (like <all_urls>) or an api | |
| 134 // permission that effectively grants access to all hosts (e.g. proxy, | |
| 135 // network, etc.) | |
| 136 static bool HasEffectiveAccessToAllHosts(const Extension* extension); | |
| 137 | |
| 138 // Returns the full list of permission messages that the given |extension| | |
| 139 // should display at install time. | |
| 140 static PermissionMessages GetPermissionMessages(const Extension* extension); | |
| 141 // Returns the full list of permission messages that the given |extension| | |
| 142 // should display at install time. The messages are returned as strings | |
| 143 // for convenience. | |
| 144 static std::vector<string16> GetPermissionMessageStrings( | |
| 145 const Extension* extension); | |
| 146 | |
| 147 // Returns the full list of permission details for messages that the given | |
| 148 // |extension| should display at install time. The messages are returned as | |
| 149 // strings for convenience. | |
| 150 static std::vector<string16> GetPermissionMessageDetailsStrings( | |
| 151 const Extension* extension); | |
| 152 | |
| 153 // Returns true if the given |extension| can execute script on a page. If a | |
| 154 // UserScript object is passed, permission to run that specific script is | |
| 155 // checked (using its matches list). Otherwise, permission to execute script | |
| 156 // programmatically is checked (using the extension's host permission). | |
| 157 // | |
| 158 // This method is also aware of certain special pages that extensions are | |
| 159 // usually not allowed to run script on. | |
| 160 static bool CanExecuteScriptOnPage(const Extension* extension, | |
| 161 const GURL& document_url, | |
| 162 const GURL& top_document_url, | |
| 163 int tab_id, | |
| 164 const UserScript* script, | |
| 165 int process_id, | |
| 166 std::string* error); | |
| 167 | |
| 168 // Returns true if the given |extension| is a COMPONENT extension, or if it is | |
| 169 // on the whitelist of extensions that can script all pages. | |
| 170 static bool CanExecuteScriptEverywhere(const Extension* extension); | |
| 171 | |
| 172 // Returns true if the |extension| is allowed to obtain the contents of a | |
| 173 // page as an image. Since a page may contain sensitive information, this | |
| 174 // is restricted to the extension's host permissions as well as the | |
| 175 // extension page itself. | |
| 176 static bool CanCaptureVisiblePage(const Extension* extension, | |
| 177 const GURL& page_url, | |
| 178 int tab_id, | |
| 179 std::string* error); | |
| 180 | |
| 181 // Parse the permissions of a given extension in the initialization process. | |
| 182 bool ParsePermissions(Extension* extension, string16* error); | |
| 183 | |
| 184 // Ensure manifest handlers provide their custom manifest permissions. | |
| 185 void InitializeManifestPermissions(Extension* extension); | |
| 186 | |
| 187 // Finalize permissions after the initialization process completes. | |
| 188 void FinalizePermissions(Extension* extension); | |
| 189 | |
| 190 private: | |
| 191 struct InitialPermissions; | |
| 192 typedef std::map<int, scoped_refptr<const PermissionSet> > TabPermissionsMap; | |
| 193 | |
| 194 // Temporary permissions during the initialization process; NULL after | |
| 195 // initialization completes. | |
| 196 scoped_ptr<InitialPermissions> initial_required_permissions_; | |
| 197 scoped_ptr<InitialPermissions> initial_optional_permissions_; | |
| 198 | |
| 199 // The set of permissions the extension can request at runtime. | |
| 200 scoped_refptr<const PermissionSet> optional_permission_set_; | |
| 201 | |
| 202 // The extension's required / default set of permissions. | |
| 203 scoped_refptr<const PermissionSet> required_permission_set_; | |
| 204 | |
| 205 mutable base::Lock runtime_lock_; | |
| 206 | |
| 207 // The permission's which are currently active on the extension during | |
| 208 // runtime. | |
| 209 mutable scoped_refptr<const PermissionSet> active_permissions_; | |
| 210 | |
| 211 mutable TabPermissionsMap tab_specific_permissions_; | |
| 212 | |
| 213 DISALLOW_COPY_AND_ASSIGN(PermissionsData); | |
| 214 }; | |
| 215 | |
| 216 } // namespace extensions | |
| 217 | |
| 218 #endif // CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 15239002:
Move Extension and PermissionsData to extensions/common. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src