Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(91)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/extensions/permissions/permission_set.cc

Issue 23506021: Require confirmation for writable directory access. (Closed) Base URL: http://git.chromium.org/chromium/src.git@directory-permission-hack
Patch Set: Created 7 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/common/extensions/permissions/chrome_api_permissions.cc ('k') | chrome/common/extensions/permissions/permission_set_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/common/extensions/permissions/permission_set.h" 5 #include "chrome/common/extensions/permissions/permission_set.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <iterator> 8 #include <iterator>
9 #include <string> 9 #include <string>
10 10
(...skipping 464 matching lines...) Expand 10 before | Expand all | Expand 10 after
475 std::set<PermissionMessage> PermissionSet::GetAPIPermissionMessages() const { 475 std::set<PermissionMessage> PermissionSet::GetAPIPermissionMessages() const {
476 std::set<PermissionMessage> messages; 476 std::set<PermissionMessage> messages;
477 for (APIPermissionSet::const_iterator permission_it = apis_.begin(); 477 for (APIPermissionSet::const_iterator permission_it = apis_.begin();
478 permission_it != apis_.end(); ++permission_it) { 478 permission_it != apis_.end(); ++permission_it) {
479 if (permission_it->HasMessages()) { 479 if (permission_it->HasMessages()) {
480 PermissionMessages new_messages = permission_it->GetMessages(); 480 PermissionMessages new_messages = permission_it->GetMessages();
481 messages.insert(new_messages.begin(), new_messages.end()); 481 messages.insert(new_messages.begin(), new_messages.end());
482 } 482 }
483 } 483 }
484 484
485 // A special hack: If both kFileSystemDirectory and and kFileSystemWrite 485 // A special hack: If kFileSystemWriteDirectory would be displayed, hide
486 // would be displayed, instead show kFileSystemWriteDirectory. 486 // kFileSystemDirectory and and kFileSystemWrite as the write directory
487 // TODO(sammc): Remove this when http://crbug.com/282118 is fixed. 487 // message implies the other two.
488 std::set<PermissionMessage>::iterator read_directory_message = messages.find( 488 // TODO(sammc): Remove this. See http://crbug.com/284849.
489 PermissionMessage(PermissionMessage::kFileSystemDirectory, string16())); 489 std::set<PermissionMessage>::iterator write_directory_message =
490 std::set<PermissionMessage>::iterator write_message = messages.find( 490 messages.find(PermissionMessage(
491 PermissionMessage(PermissionMessage::kFileSystemWrite, string16())); 491 PermissionMessage::kFileSystemWriteDirectory, string16()));
492 if (read_directory_message != messages.end() && 492 if (write_directory_message != messages.end()) {
493 write_message != messages.end()) { 493 messages.erase(
494 messages.erase(read_directory_message); 494 PermissionMessage(PermissionMessage::kFileSystemWrite, string16()));
495 messages.erase(write_message); 495 messages.erase(
496 messages.insert(PermissionMessage( 496 PermissionMessage(PermissionMessage::kFileSystemDirectory, string16()));
497 PermissionMessage::kFileSystemWriteDirectory,
498 l10n_util::GetStringUTF16(
499 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY)));
500 } 497 }
501 return messages; 498 return messages;
502 } 499 }
503 500
504 std::set<PermissionMessage> PermissionSet::GetHostPermissionMessages( 501 std::set<PermissionMessage> PermissionSet::GetHostPermissionMessages(
505 Manifest::Type extension_type) const { 502 Manifest::Type extension_type) const {
506 // Since platform apps always use isolated storage, they can't (silently) 503 // Since platform apps always use isolated storage, they can't (silently)
507 // access user data on other domains, so there's no need to prompt. 504 // access user data on other domains, so there's no need to prompt.
508 // Note: this must remain consistent with HasLessHostPrivilegesThan. 505 // Note: this must remain consistent with HasLessHostPrivilegesThan.
509 // See crbug.com/255229. 506 // See crbug.com/255229.
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
542 // A special hack: the DWR permission is weaker than all hosts permission. 539 // A special hack: the DWR permission is weaker than all hosts permission.
543 if (delta_warnings.size() == 1u && 540 if (delta_warnings.size() == 1u &&
544 delta_warnings.begin()->id() == 541 delta_warnings.begin()->id() ==
545 PermissionMessage::kDeclarativeWebRequest && 542 PermissionMessage::kDeclarativeWebRequest &&
546 HasEffectiveAccessToAllHosts()) { 543 HasEffectiveAccessToAllHosts()) {
547 return false; 544 return false;
548 } 545 }
549 546
550 // A special hack: kFileSystemWriteDirectory implies kFileSystemDirectory and 547 // A special hack: kFileSystemWriteDirectory implies kFileSystemDirectory and
551 // kFileSystemWrite. 548 // kFileSystemWrite.
552 // TODO(sammc): Remove this when http://crbug.com/282118 is fixed. 549 // TODO(sammc): Remove this. See http://crbug.com/284849.
553 if (current_warnings.find(PermissionMessage( 550 if (current_warnings.find(PermissionMessage(
554 PermissionMessage::kFileSystemWriteDirectory, string16())) != 551 PermissionMessage::kFileSystemWriteDirectory, string16())) !=
555 current_warnings.end()) { 552 current_warnings.end()) {
556 delta_warnings.erase( 553 delta_warnings.erase(
557 PermissionMessage(PermissionMessage::kFileSystemDirectory, string16())); 554 PermissionMessage(PermissionMessage::kFileSystemDirectory, string16()));
558 delta_warnings.erase( 555 delta_warnings.erase(
559 PermissionMessage(PermissionMessage::kFileSystemWrite, string16())); 556 PermissionMessage(PermissionMessage::kFileSystemWrite, string16()));
560 } 557 }
561 558
562 // We have less privileges if there are additional warnings present. 559 // We have less privileges if there are additional warnings present.
(...skipping 26 matching lines...) Expand all
589 std::set<std::string> new_hosts_set(GetDistinctHosts(new_list, false, false)); 586 std::set<std::string> new_hosts_set(GetDistinctHosts(new_list, false, false));
590 std::set<std::string> old_hosts_set(GetDistinctHosts(old_list, false, false)); 587 std::set<std::string> old_hosts_set(GetDistinctHosts(old_list, false, false));
591 std::set<std::string> new_hosts_only = 588 std::set<std::string> new_hosts_only =
592 base::STLSetDifference<std::set<std::string> >(new_hosts_set, 589 base::STLSetDifference<std::set<std::string> >(new_hosts_set,
593 old_hosts_set); 590 old_hosts_set);
594 591
595 return !new_hosts_only.empty(); 592 return !new_hosts_only.empty();
596 } 593 }
597 594
598 } // namespace extensions 595 } // namespace extensions
OLDNEW
« no previous file with comments | « chrome/common/extensions/permissions/chrome_api_permissions.cc ('k') | chrome/common/extensions/permissions/permission_set_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698