chrome_api_permissions.cc revision 3551c9c881056c480085172ff9840cab31610854
1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/common/extensions/permissions/chrome_api_permissions.h" 6 7#include "chrome/common/extensions/permissions/api_permission.h" 8#include "chrome/common/extensions/permissions/api_permission_set.h" 9#include "chrome/common/extensions/permissions/bluetooth_permission.h" 10#include "chrome/common/extensions/permissions/media_galleries_permission.h" 11#include "chrome/common/extensions/permissions/permission_message.h" 12#include "chrome/common/extensions/permissions/permissions_info.h" 13#include "chrome/common/extensions/permissions/socket_permission.h" 14#include "chrome/common/extensions/permissions/usb_device_permission.h" 15#include "grit/generated_resources.h" 16 17namespace extensions { 18 19namespace { 20 21const char kOldUnlimitedStoragePermission[] = "unlimited_storage"; 22const char kWindowsPermission[] = "windows"; 23 24template<typename T> APIPermission* CreateAPIPermission( 25 const APIPermissionInfo* permission) { 26 return new T(permission); 27} 28 29} // namespace 30 31std::vector<APIPermissionInfo*> ChromeAPIPermissions::GetAllPermissions() 32 const { 33 struct PermissionRegistration { 34 APIPermission::ID id; 35 const char* name; 36 int flags; 37 int l10n_message_id; 38 PermissionMessage::ID message_id; 39 APIPermissionInfo::APIPermissionConstructor constructor; 40 } PermissionsToRegister[] = { 41 // Register permissions for all extension types. 42 { APIPermission::kBackground, "background" }, 43 { APIPermission::kClipboardRead, "clipboardRead", 44 APIPermissionInfo::kFlagNone, 45 IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD, 46 PermissionMessage::kClipboard }, 47 { APIPermission::kClipboardWrite, "clipboardWrite" }, 48 { APIPermission::kDeclarativeContent, "declarativeContent" }, 49 { APIPermission::kDeclarativeWebRequest, "declarativeWebRequest", 50 APIPermissionInfo::kFlagNone, 51 IDS_EXTENSION_PROMPT_WARNING_DECLARATIVE_WEB_REQUEST, 52 PermissionMessage::kDeclarativeWebRequest }, 53 { APIPermission::kDesktopCapture, "desktopCapture", 54 APIPermissionInfo::kFlagNone, 55 IDS_EXTENSION_PROMPT_WARNING_DESKTOP_CAPTURE, 56 PermissionMessage::kDesktopCapture }, 57 { APIPermission::kDownloads, "downloads", APIPermissionInfo::kFlagNone, 58 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS, 59 PermissionMessage::kDownloads }, 60 { APIPermission::kDownloadsOpen, "downloads.open", 61 APIPermissionInfo::kFlagNone, 62 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS_OPEN, 63 PermissionMessage::kDownloadsOpen }, 64 { APIPermission::kDownloadsShelf, "downloads.shelf" }, 65 { APIPermission::kIdentity, "identity" }, 66 { APIPermission::kExperimental, "experimental", 67 APIPermissionInfo::kFlagCannotBeOptional }, 68 // NOTE(kalman): this is provided by a manifest property but needs to 69 // appear in the install permission dialogue, so we need a fake 70 // permission for it. See http://crbug.com/247857. 71 { APIPermission::kWebConnectable, "webConnectable", 72 APIPermissionInfo::kFlagCannotBeOptional | 73 APIPermissionInfo::kFlagInternal, 74 IDS_EXTENSION_PROMPT_WARNING_WEB_CONNECTABLE, 75 PermissionMessage::kWebConnectable}, 76 { APIPermission::kGeolocation, "geolocation", 77 APIPermissionInfo::kFlagCannotBeOptional, 78 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION, 79 PermissionMessage::kGeolocation }, 80 { APIPermission::kNotification, "notifications" }, 81 { APIPermission::kScreensaver, "screensaver" }, 82 { APIPermission::kUnlimitedStorage, "unlimitedStorage", 83 APIPermissionInfo::kFlagCannotBeOptional }, 84 85 // Register extension permissions. 86 { APIPermission::kActiveTab, "activeTab" }, 87 { APIPermission::kAdView, "adview" }, 88 { APIPermission::kAlarms, "alarms" }, 89 { APIPermission::kBookmark, "bookmarks", APIPermissionInfo::kFlagNone, 90 IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS, 91 PermissionMessage::kBookmarks }, 92 { APIPermission::kBrowsingData, "browsingData" }, 93 { APIPermission::kContentSettings, "contentSettings", 94 APIPermissionInfo::kFlagNone, 95 IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS, 96 PermissionMessage::kContentSettings }, 97 { APIPermission::kContextMenus, "contextMenus" }, 98 { APIPermission::kCookie, "cookies" }, 99 { APIPermission::kFileBrowserHandler, "fileBrowserHandler", 100 APIPermissionInfo::kFlagCannotBeOptional }, 101 { APIPermission::kFontSettings, "fontSettings", 102 APIPermissionInfo::kFlagCannotBeOptional }, 103 { APIPermission::kHistory, "history", APIPermissionInfo::kFlagNone, 104 IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY, 105 PermissionMessage::kBrowsingHistory }, 106 { APIPermission::kIdle, "idle" }, 107 { APIPermission::kInfobars, "infobars" }, 108 { APIPermission::kInput, "input", APIPermissionInfo::kFlagNone, 109 IDS_EXTENSION_PROMPT_WARNING_INPUT, 110 PermissionMessage::kInput }, 111 { APIPermission::kLocation, "location", 112 APIPermissionInfo::kFlagCannotBeOptional, 113 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION, 114 PermissionMessage::kGeolocation }, 115 { APIPermission::kManagement, "management", APIPermissionInfo::kFlagNone, 116 IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT, 117 PermissionMessage::kManagement }, 118 { APIPermission::kNativeMessaging, "nativeMessaging", 119 APIPermissionInfo::kFlagNone, 120 IDS_EXTENSION_PROMPT_WARNING_NATIVE_MESSAGING, 121 PermissionMessage::kNativeMessaging }, 122 { APIPermission::kPower, "power", }, 123 { APIPermission::kPrivacy, "privacy", APIPermissionInfo::kFlagNone, 124 IDS_EXTENSION_PROMPT_WARNING_PRIVACY, 125 PermissionMessage::kPrivacy }, 126 { APIPermission::kProcesses, "processes", APIPermissionInfo::kFlagNone, 127 IDS_EXTENSION_PROMPT_WARNING_TABS, 128 PermissionMessage::kTabs }, 129 { APIPermission::kSessions, "sessions" }, 130 { APIPermission::kStorage, "storage" }, 131 { APIPermission::kSyncFileSystem, "syncFileSystem", 132 APIPermissionInfo::kFlagNone, 133 IDS_EXTENSION_PROMPT_WARNING_SYNCFILESYSTEM, 134 PermissionMessage::kSyncFileSystem }, 135 { APIPermission::kTab, "tabs", APIPermissionInfo::kFlagNone, 136 IDS_EXTENSION_PROMPT_WARNING_TABS, 137 PermissionMessage::kTabs }, 138 { APIPermission::kTopSites, "topSites", APIPermissionInfo::kFlagNone, 139 IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY, 140 PermissionMessage::kBrowsingHistory }, 141 { APIPermission::kTts, "tts", 0, APIPermissionInfo::kFlagCannotBeOptional }, 142 { APIPermission::kTtsEngine, "ttsEngine", 143 APIPermissionInfo::kFlagCannotBeOptional, 144 IDS_EXTENSION_PROMPT_WARNING_TTS_ENGINE, 145 PermissionMessage::kTtsEngine }, 146 { APIPermission::kWebNavigation, "webNavigation", 147 APIPermissionInfo::kFlagNone, 148 IDS_EXTENSION_PROMPT_WARNING_TABS, PermissionMessage::kTabs }, 149 { APIPermission::kWebRequest, "webRequest" }, 150 { APIPermission::kWebRequestBlocking, "webRequestBlocking" }, 151 { APIPermission::kWebView, "webview", 152 APIPermissionInfo::kFlagCannotBeOptional }, 153 154 // Register private permissions. 155 { APIPermission::kActivityLogPrivate, "activityLogPrivate", 156 APIPermissionInfo::kFlagCannotBeOptional, 157 IDS_EXTENSION_PROMPT_WARNING_ACTIVITY_LOG_PRIVATE, 158 PermissionMessage::kActivityLogPrivate }, 159 { APIPermission::kAutoTestPrivate, "autotestPrivate", 160 APIPermissionInfo::kFlagCannotBeOptional }, 161 { APIPermission::kBookmarkManagerPrivate, "bookmarkManagerPrivate", 162 APIPermissionInfo::kFlagCannotBeOptional }, 163 { APIPermission::kChromeosInfoPrivate, "chromeosInfoPrivate", 164 APIPermissionInfo::kFlagCannotBeOptional }, 165 { APIPermission::kCommandLinePrivate, "commandLinePrivate", 166 APIPermissionInfo::kFlagCannotBeOptional }, 167 { APIPermission::kDeveloperPrivate, "developerPrivate", 168 APIPermissionInfo::kFlagCannotBeOptional }, 169 { APIPermission::kDiagnostics, "diagnostics", 170 APIPermissionInfo::kFlagCannotBeOptional }, 171 { APIPermission::kDial, "dial", APIPermissionInfo::kFlagCannotBeOptional }, 172 { APIPermission::kDownloadsInternal, "downloadsInternal" }, 173 { APIPermission::kFileBrowserHandlerInternal, "fileBrowserHandlerInternal", 174 APIPermissionInfo::kFlagCannotBeOptional }, 175 { APIPermission::kFileBrowserPrivate, "fileBrowserPrivate", 176 APIPermissionInfo::kFlagCannotBeOptional }, 177 { APIPermission::kIdentityPrivate, "identityPrivate", 178 APIPermissionInfo::kFlagCannotBeOptional }, 179 { APIPermission::kLogPrivate, "logPrivate"}, 180 { APIPermission::kNetworkingPrivate, "networkingPrivate", 181 APIPermissionInfo::kFlagCannotBeOptional, 182 IDS_EXTENSION_PROMPT_WARNING_NETWORKING_PRIVATE, 183 PermissionMessage::kNetworkingPrivate }, 184 { APIPermission::kMediaPlayerPrivate, "mediaPlayerPrivate", 185 APIPermissionInfo::kFlagCannotBeOptional }, 186 { APIPermission::kMetricsPrivate, "metricsPrivate", 187 APIPermissionInfo::kFlagCannotBeOptional }, 188 { APIPermission::kMusicManagerPrivate, "musicManagerPrivate", 189 APIPermissionInfo::kFlagCannotBeOptional, 190 IDS_EXTENSION_PROMPT_WARNING_MUSIC_MANAGER_PRIVATE, 191 PermissionMessage::kMusicManagerPrivate }, 192 { APIPermission::kPreferencesPrivate, "preferencesPrivate", 193 APIPermissionInfo::kFlagCannotBeOptional }, 194 { APIPermission::kSystemPrivate, "systemPrivate", 195 APIPermissionInfo::kFlagCannotBeOptional }, 196 { APIPermission::kCloudPrintPrivate, "cloudPrintPrivate", 197 APIPermissionInfo::kFlagCannotBeOptional }, 198 { APIPermission::kInputMethodPrivate, "inputMethodPrivate", 199 APIPermissionInfo::kFlagCannotBeOptional }, 200 { APIPermission::kEchoPrivate, "echoPrivate", 201 APIPermissionInfo::kFlagCannotBeOptional }, 202 { APIPermission::kFeedbackPrivate, "feedbackPrivate", 203 APIPermissionInfo::kFlagCannotBeOptional }, 204 { APIPermission::kRecoveryPrivate, "recoveryPrivate", 205 APIPermissionInfo::kFlagCannotBeOptional }, 206 { APIPermission::kRtcPrivate, "rtcPrivate", 207 APIPermissionInfo::kFlagCannotBeOptional }, 208 { APIPermission::kTerminalPrivate, "terminalPrivate", 209 APIPermissionInfo::kFlagCannotBeOptional }, 210 { APIPermission::kWallpaperPrivate, "wallpaperPrivate", 211 APIPermissionInfo::kFlagCannotBeOptional }, 212 { APIPermission::kWebRequestInternal, "webRequestInternal" }, 213 { APIPermission::kWebstorePrivate, "webstorePrivate", 214 APIPermissionInfo::kFlagCannotBeOptional }, 215 { APIPermission::kMediaGalleriesPrivate, "mediaGalleriesPrivate", 216 APIPermissionInfo::kFlagCannotBeOptional }, 217 { APIPermission::kStreamsPrivate, "streamsPrivate", 218 APIPermissionInfo::kFlagCannotBeOptional }, 219 { APIPermission::kEnterprisePlatformKeysPrivate, 220 "enterprise.platformKeysPrivate", 221 APIPermissionInfo::kFlagCannotBeOptional }, 222 223 // Full url access permissions. 224 { APIPermission::kDebugger, "debugger", 225 APIPermissionInfo::kFlagImpliesFullURLAccess | 226 APIPermissionInfo::kFlagCannotBeOptional, 227 IDS_EXTENSION_PROMPT_WARNING_DEBUGGER, 228 PermissionMessage::kDebugger }, 229 { APIPermission::kDevtools, "devtools", 230 APIPermissionInfo::kFlagImpliesFullURLAccess | 231 APIPermissionInfo::kFlagCannotBeOptional | 232 APIPermissionInfo::kFlagInternal }, 233 { APIPermission::kPageCapture, "pageCapture", 234 APIPermissionInfo::kFlagImpliesFullURLAccess }, 235 { APIPermission::kTabCapture, "tabCapture", 236 APIPermissionInfo::kFlagImpliesFullURLAccess }, 237 { APIPermission::kPlugin, "plugin", 238 APIPermissionInfo::kFlagImpliesFullURLAccess | 239 APIPermissionInfo::kFlagImpliesFullAccess | 240 APIPermissionInfo::kFlagCannotBeOptional | 241 APIPermissionInfo::kFlagInternal, 242 IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS, 243 PermissionMessage::kFullAccess }, 244 { APIPermission::kProxy, "proxy", 245 APIPermissionInfo::kFlagImpliesFullURLAccess | 246 APIPermissionInfo::kFlagCannotBeOptional }, 247 248 // Platform-app permissions. 249 { APIPermission::kSerial, "serial", APIPermissionInfo::kFlagNone, 250 IDS_EXTENSION_PROMPT_WARNING_SERIAL, 251 PermissionMessage::kSerial }, 252 // Because warning messages for the "socket" permission vary based on the 253 // permissions parameters, no message ID or message text is specified here. 254 // The message ID and text used will be determined at run-time in the 255 // |SocketPermission| class. 256 { APIPermission::kSocket, "socket", 257 APIPermissionInfo::kFlagCannotBeOptional, 0, 258 PermissionMessage::kNone, &CreateAPIPermission<SocketPermission> }, 259 { APIPermission::kSocketsUdp, "sockets.udp" }, 260 { APIPermission::kAppCurrentWindowInternal, "app.currentWindowInternal" }, 261 { APIPermission::kAppRuntime, "app.runtime" }, 262 { APIPermission::kAppWindow, "app.window" }, 263 { APIPermission::kAudioCapture, "audioCapture", 264 APIPermissionInfo::kFlagNone, 265 IDS_EXTENSION_PROMPT_WARNING_AUDIO_CAPTURE, 266 PermissionMessage::kAudioCapture }, 267 { APIPermission::kVideoCapture, "videoCapture", 268 APIPermissionInfo::kFlagNone, 269 IDS_EXTENSION_PROMPT_WARNING_VIDEO_CAPTURE, 270 PermissionMessage::kVideoCapture }, 271 // The permission string for "fileSystem" is only shown when "write" is 272 // present. Read-only access is only granted after the user has been shown 273 // a file chooser dialog and selected a file. Selecting the file is 274 // considered consent to read it. 275 { APIPermission::kFileSystem, "fileSystem" }, 276 { APIPermission::kFileSystemRetainEntries, "fileSystem.retainEntries" }, 277 { APIPermission::kFileSystemWrite, "fileSystem.write", 278 APIPermissionInfo::kFlagNone, 279 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE, 280 PermissionMessage::kFileSystemWrite }, 281 // Because warning messages for the "mediaGalleries" permission vary based 282 // on the permissions parameters, no message ID or message text is 283 // specified here. 284 // The message ID and text used will be determined at run-time in the 285 // |MediaGalleriesPermission| class. 286 { APIPermission::kMediaGalleries, "mediaGalleries", 287 APIPermissionInfo::kFlagNone, 0, 288 PermissionMessage::kNone, 289 &CreateAPIPermission<MediaGalleriesPermission> }, 290 { APIPermission::kPushMessaging, "pushMessaging", 291 APIPermissionInfo::kFlagCannotBeOptional }, 292 // Because warning messages for the "bluetooth" permission vary based on 293 // the permissions parameters, no message ID or message text is specified 294 // here. The message ID and text used will be determined at run-time in the 295 // |BluetoothPermission| class. 296 { APIPermission::kBluetooth, "bluetooth", APIPermissionInfo::kFlagNone, 297 0, PermissionMessage::kNone, 298 &CreateAPIPermission<BluetoothPermission> }, 299 { APIPermission::kUsb, "usb", APIPermissionInfo::kFlagNone, 300 IDS_EXTENSION_PROMPT_WARNING_USB, 301 PermissionMessage::kUsb }, 302 { APIPermission::kUsbDevice, "usbDevices", 303 APIPermissionInfo::kFlagNone, 0, PermissionMessage::kNone, 304 &CreateAPIPermission<UsbDevicePermission> }, 305 { APIPermission::kSystemIndicator, "systemIndicator", 306 APIPermissionInfo::kFlagNone, 307 IDS_EXTENSION_PROMPT_WARNING_SYSTEM_INDICATOR, 308 PermissionMessage::kSystemIndicator }, 309 { APIPermission::kSystemCpu, "system.cpu" }, 310 { APIPermission::kSystemMemory, "system.memory" }, 311 { APIPermission::kSystemDisplay, "system.display" }, 312 { APIPermission::kSystemStorage, "system.storage" }, 313 { APIPermission::kPointerLock, "pointerLock" }, 314 { APIPermission::kFullscreen, "fullscreen" }, 315 { APIPermission::kAudio, "audio" }, 316 }; 317 318 std::vector<APIPermissionInfo*> permissions; 319 320 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(PermissionsToRegister); ++i) { 321 const PermissionRegistration& pr = PermissionsToRegister[i]; 322 permissions.push_back(new APIPermissionInfo( 323 pr.id, pr.name, pr.l10n_message_id, 324 pr.message_id ? pr.message_id : PermissionMessage::kNone, 325 pr.flags, 326 pr.constructor)); 327 } 328 return permissions; 329} 330 331std::vector<PermissionsProvider::AliasInfo> 332ChromeAPIPermissions::GetAllAliases() const { 333 // Register aliases. 334 std::vector<PermissionsProvider::AliasInfo> aliases; 335 aliases.push_back(PermissionsProvider::AliasInfo( 336 "unlimitedStorage", kOldUnlimitedStoragePermission)); 337 aliases.push_back(PermissionsProvider::AliasInfo( 338 "tabs", kWindowsPermission)); 339 return aliases; 340} 341 342} // namespace extensions 343