chrome_api_permissions.cc revision 5d1f7b1de12d16ceb2c938c56701a3e8bfa558f7 
1// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/common/extensions/permissions/chrome_api_permissions.h"
6
7#include "chrome/common/extensions/permissions/media_galleries_permission.h"
8#include "chrome/common/extensions/permissions/socket_permission.h"
9#include "chrome/common/extensions/permissions/usb_device_permission.h"
10#include "extensions/common/permissions/api_permission.h"
11#include "extensions/common/permissions/api_permission_set.h"
12#include "extensions/common/permissions/permission_message.h"
13#include "extensions/common/permissions/permissions_info.h"
14#include "grit/generated_resources.h"
15
16namespace extensions {
17
18namespace {
19
20const char kOldUnlimitedStoragePermission[] = "unlimited_storage";
21const char kWindowsPermission[] = "windows";
22
23template<typename T> APIPermission* CreateAPIPermission(
24    const APIPermissionInfo* permission) {
25  return new T(permission);
26}
27
28}  // namespace
29
30std::vector<APIPermissionInfo*> ChromeAPIPermissions::GetAllPermissions()
31    const {
32  struct PermissionRegistration {
33    APIPermission::ID id;
34    const char* name;
35    int flags;
36    int l10n_message_id;
37    PermissionMessage::ID message_id;
38    APIPermissionInfo::APIPermissionConstructor constructor;
39  } PermissionsToRegister[] = {
40    // Register permissions for all extension types.
41    { APIPermission::kBackground, "background" },
42    { APIPermission::kClipboardRead, "clipboardRead",
43      APIPermissionInfo::kFlagNone,
44      IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD,
45      PermissionMessage::kClipboard },
46    { APIPermission::kClipboardWrite, "clipboardWrite" },
47    { APIPermission::kDeclarativeContent, "declarativeContent" },
48    { APIPermission::kDeclarativeWebRequest, "declarativeWebRequest",
49      APIPermissionInfo::kFlagNone,
50      IDS_EXTENSION_PROMPT_WARNING_DECLARATIVE_WEB_REQUEST,
51      PermissionMessage::kDeclarativeWebRequest },
52    { APIPermission::kDesktopCapture, "desktopCapture",
53      APIPermissionInfo::kFlagNone,
54      IDS_EXTENSION_PROMPT_WARNING_DESKTOP_CAPTURE,
55      PermissionMessage::kDesktopCapture },
56    { APIPermission::kDns, "dns" },
57    { APIPermission::kDownloads, "downloads", APIPermissionInfo::kFlagNone,
58      IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS,
59      PermissionMessage::kDownloads },
60    { APIPermission::kDownloadsOpen, "downloads.open",
61      APIPermissionInfo::kFlagNone,
62      IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS_OPEN,
63      PermissionMessage::kDownloadsOpen },
64    { APIPermission::kDownloadsShelf, "downloads.shelf" },
65    { APIPermission::kIdentity, "identity" },
66    { APIPermission::kExperimental, "experimental",
67      APIPermissionInfo::kFlagCannotBeOptional },
68      // NOTE(kalman): this is provided by a manifest property but needs to
69      // appear in the install permission dialogue, so we need a fake
70      // permission for it. See http://crbug.com/247857.
71    { APIPermission::kWebConnectable, "webConnectable",
72      APIPermissionInfo::kFlagCannotBeOptional |
73      APIPermissionInfo::kFlagInternal,
74      IDS_EXTENSION_PROMPT_WARNING_WEB_CONNECTABLE,
75      PermissionMessage::kWebConnectable},
76    { APIPermission::kGeolocation, "geolocation",
77      APIPermissionInfo::kFlagCannotBeOptional,
78      IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
79      PermissionMessage::kGeolocation },
80    { APIPermission::kNotification, "notifications" },
81    { APIPermission::kUnlimitedStorage, "unlimitedStorage",
82      APIPermissionInfo::kFlagCannotBeOptional },
83    { APIPermission::kGcm, "gcm" },
84
85    // Register extension permissions.
86    { APIPermission::kActiveTab, "activeTab" },
87    { APIPermission::kAdView, "adview" },
88    { APIPermission::kAlarms, "alarms" },
89    { APIPermission::kBookmark, "bookmarks", APIPermissionInfo::kFlagNone,
90      IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS,
91      PermissionMessage::kBookmarks },
92    { APIPermission::kBrailleDisplayPrivate, "brailleDisplayPrivate",
93      APIPermissionInfo::kFlagCannotBeOptional },
94    { APIPermission::kBrowsingData, "browsingData" },
95    { APIPermission::kContentSettings, "contentSettings",
96      APIPermissionInfo::kFlagNone,
97      IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS,
98      PermissionMessage::kContentSettings },
99    { APIPermission::kContextMenus, "contextMenus" },
100    { APIPermission::kCookie, "cookies" },
101    { APIPermission::kFileBrowserHandler, "fileBrowserHandler",
102      APIPermissionInfo::kFlagCannotBeOptional },
103    { APIPermission::kFontSettings, "fontSettings",
104      APIPermissionInfo::kFlagCannotBeOptional },
105    { APIPermission::kHistory, "history", APIPermissionInfo::kFlagNone,
106      IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY,
107      PermissionMessage::kBrowsingHistory },
108    { APIPermission::kIdltest, "idltest" },
109    { APIPermission::kIdle, "idle" },
110    { APIPermission::kInfobars, "infobars" },
111    { APIPermission::kInput, "input", APIPermissionInfo::kFlagNone,
112      IDS_EXTENSION_PROMPT_WARNING_INPUT,
113      PermissionMessage::kInput },
114    { APIPermission::kLocation, "location",
115      APIPermissionInfo::kFlagCannotBeOptional,
116      IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
117      PermissionMessage::kGeolocation },
118    { APIPermission::kManagement, "management", APIPermissionInfo::kFlagNone,
119      IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT,
120      PermissionMessage::kManagement },
121    { APIPermission::kNativeMessaging, "nativeMessaging",
122      APIPermissionInfo::kFlagNone,
123      IDS_EXTENSION_PROMPT_WARNING_NATIVE_MESSAGING,
124      PermissionMessage::kNativeMessaging },
125    { APIPermission::kPower, "power", },
126    { APIPermission::kPrivacy, "privacy", APIPermissionInfo::kFlagNone,
127      IDS_EXTENSION_PROMPT_WARNING_PRIVACY,
128      PermissionMessage::kPrivacy },
129    { APIPermission::kProcesses, "processes", APIPermissionInfo::kFlagNone,
130      IDS_EXTENSION_PROMPT_WARNING_TABS,
131      PermissionMessage::kTabs },
132    { APIPermission::kSessions, "sessions" },
133    { APIPermission::kSignedInDevices, "signedInDevices",
134      APIPermissionInfo::kFlagNone,
135      IDS_EXTENSION_PROMPT_WARNING_SIGNED_IN_DEVICES,
136      PermissionMessage::kSignedInDevices },
137    { APIPermission::kStorage, "storage" },
138    { APIPermission::kSyncFileSystem, "syncFileSystem",
139      APIPermissionInfo::kFlagNone,
140      IDS_EXTENSION_PROMPT_WARNING_SYNCFILESYSTEM,
141      PermissionMessage::kSyncFileSystem },
142    { APIPermission::kTab, "tabs", APIPermissionInfo::kFlagNone,
143      IDS_EXTENSION_PROMPT_WARNING_TABS,
144      PermissionMessage::kTabs },
145    { APIPermission::kTopSites, "topSites", APIPermissionInfo::kFlagNone,
146      IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY,
147      PermissionMessage::kBrowsingHistory },
148    { APIPermission::kTts, "tts", 0, APIPermissionInfo::kFlagCannotBeOptional },
149    { APIPermission::kTtsEngine, "ttsEngine",
150      APIPermissionInfo::kFlagCannotBeOptional,
151      IDS_EXTENSION_PROMPT_WARNING_TTS_ENGINE,
152      PermissionMessage::kTtsEngine },
153    { APIPermission::kWallpaper, "wallpaper",
154      APIPermissionInfo::kFlagCannotBeOptional,
155      IDS_EXTENSION_PROMPT_WARNING_WALLPAPER,
156      PermissionMessage::kWallpaper },
157    { APIPermission::kWebNavigation, "webNavigation",
158      APIPermissionInfo::kFlagNone,
159      IDS_EXTENSION_PROMPT_WARNING_TABS, PermissionMessage::kTabs },
160    { APIPermission::kWebRequest, "webRequest" },
161    { APIPermission::kWebRequestBlocking, "webRequestBlocking" },
162    { APIPermission::kWebView, "webview",
163      APIPermissionInfo::kFlagCannotBeOptional },
164
165    // Register private permissions.
166    { APIPermission::kScreenlockPrivate, "screenlockPrivate",
167      APIPermissionInfo::kFlagCannotBeOptional,
168      IDS_EXTENSION_PROMPT_WARNING_SCREENLOCK_PRIVATE,
169      PermissionMessage::kScreenlockPrivate },
170    { APIPermission::kActivityLogPrivate, "activityLogPrivate",
171      APIPermissionInfo::kFlagCannotBeOptional,
172      IDS_EXTENSION_PROMPT_WARNING_ACTIVITY_LOG_PRIVATE,
173      PermissionMessage::kActivityLogPrivate },
174    { APIPermission::kAutoTestPrivate, "autotestPrivate",
175      APIPermissionInfo::kFlagCannotBeOptional },
176    { APIPermission::kBookmarkManagerPrivate, "bookmarkManagerPrivate",
177      APIPermissionInfo::kFlagCannotBeOptional },
178    { APIPermission::kCast, "cast",
179      APIPermissionInfo::kFlagCannotBeOptional },
180    { APIPermission::kChromeosInfoPrivate, "chromeosInfoPrivate",
181      APIPermissionInfo::kFlagCannotBeOptional },
182    { APIPermission::kCommandLinePrivate, "commandLinePrivate",
183      APIPermissionInfo::kFlagCannotBeOptional },
184    { APIPermission::kDeveloperPrivate, "developerPrivate",
185      APIPermissionInfo::kFlagCannotBeOptional },
186    { APIPermission::kDiagnostics, "diagnostics",
187      APIPermissionInfo::kFlagCannotBeOptional },
188    { APIPermission::kDial, "dial", APIPermissionInfo::kFlagCannotBeOptional },
189    { APIPermission::kDownloadsInternal, "downloadsInternal" },
190    { APIPermission::kFileBrowserHandlerInternal, "fileBrowserHandlerInternal",
191      APIPermissionInfo::kFlagCannotBeOptional },
192    { APIPermission::kFileBrowserPrivate, "fileBrowserPrivate",
193      APIPermissionInfo::kFlagCannotBeOptional },
194    { APIPermission::kHotwordPrivate, "hotwordPrivate",
195      APIPermissionInfo::kFlagCannotBeOptional },
196    { APIPermission::kIdentityPrivate, "identityPrivate",
197      APIPermissionInfo::kFlagCannotBeOptional },
198    { APIPermission::kLogPrivate, "logPrivate"},
199    { APIPermission::kNetworkingPrivate, "networkingPrivate",
200      APIPermissionInfo::kFlagCannotBeOptional,
201      IDS_EXTENSION_PROMPT_WARNING_NETWORKING_PRIVATE,
202      PermissionMessage::kNetworkingPrivate },
203    { APIPermission::kMediaPlayerPrivate, "mediaPlayerPrivate",
204      APIPermissionInfo::kFlagCannotBeOptional },
205    { APIPermission::kMetricsPrivate, "metricsPrivate",
206      APIPermissionInfo::kFlagCannotBeOptional },
207    { APIPermission::kMDns, "mdns", APIPermissionInfo::kFlagCannotBeOptional },
208    { APIPermission::kMusicManagerPrivate, "musicManagerPrivate",
209      APIPermissionInfo::kFlagCannotBeOptional,
210      IDS_EXTENSION_PROMPT_WARNING_MUSIC_MANAGER_PRIVATE,
211      PermissionMessage::kMusicManagerPrivate },
212    { APIPermission::kPreferencesPrivate, "preferencesPrivate",
213      APIPermissionInfo::kFlagCannotBeOptional },
214    { APIPermission::kSystemPrivate, "systemPrivate",
215      APIPermissionInfo::kFlagCannotBeOptional },
216    { APIPermission::kCloudPrintPrivate, "cloudPrintPrivate",
217      APIPermissionInfo::kFlagCannotBeOptional },
218    { APIPermission::kInputMethodPrivate, "inputMethodPrivate",
219      APIPermissionInfo::kFlagCannotBeOptional },
220    { APIPermission::kEchoPrivate, "echoPrivate",
221      APIPermissionInfo::kFlagCannotBeOptional },
222    { APIPermission::kFeedbackPrivate, "feedbackPrivate",
223      APIPermissionInfo::kFlagCannotBeOptional },
224    { APIPermission::kImageWriterPrivate, "imageWriterPrivate",
225      APIPermissionInfo::kFlagCannotBeOptional },
226    { APIPermission::kReadingListPrivate, "readingListPrivate",
227      APIPermissionInfo::kFlagCannotBeOptional },
228    { APIPermission::kRtcPrivate, "rtcPrivate",
229      APIPermissionInfo::kFlagCannotBeOptional },
230    { APIPermission::kTerminalPrivate, "terminalPrivate",
231      APIPermissionInfo::kFlagCannotBeOptional },
232    { APIPermission::kVirtualKeyboardPrivate, "virtualKeyboardPrivate",
233      APIPermissionInfo::kFlagCannotBeOptional },
234    { APIPermission::kWallpaperPrivate, "wallpaperPrivate",
235      APIPermissionInfo::kFlagCannotBeOptional },
236    { APIPermission::kWebRequestInternal, "webRequestInternal" },
237    { APIPermission::kWebstorePrivate, "webstorePrivate",
238      APIPermissionInfo::kFlagCannotBeOptional },
239    { APIPermission::kMediaGalleriesPrivate, "mediaGalleriesPrivate",
240      APIPermissionInfo::kFlagCannotBeOptional },
241    { APIPermission::kStreamsPrivate, "streamsPrivate",
242      APIPermissionInfo::kFlagCannotBeOptional },
243    { APIPermission::kEnterprisePlatformKeysPrivate,
244      "enterprise.platformKeysPrivate",
245      APIPermissionInfo::kFlagCannotBeOptional },
246    { APIPermission::kWebrtcAudioPrivate, "webrtcAudioPrivate",
247      APIPermissionInfo::kFlagCannotBeOptional },
248    { APIPermission::kWebrtcLoggingPrivate, "webrtcLoggingPrivate",
249      APIPermissionInfo::kFlagCannotBeOptional },
250    { APIPermission::kPrincipalsPrivate, "principalsPrivate",
251      APIPermissionInfo::kFlagCannotBeOptional },
252    { APIPermission::kFirstRunPrivate, "firstRunPrivate",
253      APIPermissionInfo::kFlagCannotBeOptional},
254
255    // Full url access permissions.
256    { APIPermission::kDebugger, "debugger",
257      APIPermissionInfo::kFlagImpliesFullURLAccess |
258          APIPermissionInfo::kFlagCannotBeOptional,
259      IDS_EXTENSION_PROMPT_WARNING_DEBUGGER,
260      PermissionMessage::kDebugger },
261    { APIPermission::kDevtools, "devtools",
262      APIPermissionInfo::kFlagImpliesFullURLAccess |
263      APIPermissionInfo::kFlagCannotBeOptional |
264      APIPermissionInfo::kFlagInternal },
265    { APIPermission::kPageCapture, "pageCapture",
266      APIPermissionInfo::kFlagImpliesFullURLAccess },
267    { APIPermission::kTabCapture, "tabCapture",
268      APIPermissionInfo::kFlagImpliesFullURLAccess },
269    { APIPermission::kTabCaptureForTab, "tabCaptureForTab",
270      APIPermissionInfo::kFlagInternal },
271    { APIPermission::kPlugin, "plugin",
272      APIPermissionInfo::kFlagImpliesFullURLAccess |
273      APIPermissionInfo::kFlagImpliesFullAccess |
274      APIPermissionInfo::kFlagCannotBeOptional |
275      APIPermissionInfo::kFlagInternal,
276      IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS,
277      PermissionMessage::kFullAccess },
278    { APIPermission::kProxy, "proxy",
279      APIPermissionInfo::kFlagImpliesFullURLAccess |
280          APIPermissionInfo::kFlagCannotBeOptional },
281
282    // Platform-app permissions.
283    { APIPermission::kSerial, "serial", APIPermissionInfo::kFlagNone,
284      IDS_EXTENSION_PROMPT_WARNING_SERIAL,
285      PermissionMessage::kSerial },
286    // Because warning messages for the "socket" permission vary based on the
287    // permissions parameters, no message ID or message text is specified here.
288    // The message ID and text used will be determined at run-time in the
289    // |SocketPermission| class.
290    { APIPermission::kSocket, "socket",
291      APIPermissionInfo::kFlagCannotBeOptional, 0,
292      PermissionMessage::kNone, &CreateAPIPermission<SocketPermission> },
293    { APIPermission::kAlwaysOnTopWindows, "alwaysOnTopWindows" },
294    { APIPermission::kAudioCapture, "audioCapture",
295      APIPermissionInfo::kFlagNone,
296      IDS_EXTENSION_PROMPT_WARNING_AUDIO_CAPTURE,
297      PermissionMessage::kAudioCapture },
298    { APIPermission::kVideoCapture, "videoCapture",
299      APIPermissionInfo::kFlagNone,
300      IDS_EXTENSION_PROMPT_WARNING_VIDEO_CAPTURE,
301      PermissionMessage::kVideoCapture },
302    // The permission string for "fileSystem" is only shown when "write" or
303    // "directory" is present. Read-only access is only granted after the user
304    // has been shown a file or directory  chooser dialog and selected a file or
305    // directory . Selecting the file or directory  is considered consent to
306    // read it.
307    { APIPermission::kFileSystem, "fileSystem" },
308    { APIPermission::kFileSystemDirectory, "fileSystem.directory",
309      APIPermissionInfo::kFlagNone,
310      IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_DIRECTORY,
311      PermissionMessage::kFileSystemDirectory },
312    { APIPermission::kFileSystemProvider, "fileSystemProvider" },
313    { APIPermission::kFileSystemRetainEntries, "fileSystem.retainEntries" },
314    { APIPermission::kFileSystemWrite, "fileSystem.write",
315      APIPermissionInfo::kFlagNone,
316      IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE,
317      PermissionMessage::kFileSystemWrite },
318    { APIPermission::kFileSystemWriteDirectory, "fileSystem.writeDirectory",
319      APIPermissionInfo::kFlagNone,
320      IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY,
321      PermissionMessage::kFileSystemWriteDirectory },
322    { APIPermission::kHid, "hid", APIPermissionInfo::kFlagNone,
323      IDS_EXTENSION_PROMPT_WARNING_HID,
324      PermissionMessage::kHid },
325    // Because warning messages for the "mediaGalleries" permission vary based
326    // on the permissions parameters, no message ID or message text is
327    // specified here.
328    // The message ID and text used will be determined at run-time in the
329    // |MediaGalleriesPermission| class.
330    { APIPermission::kMediaGalleries, "mediaGalleries",
331      APIPermissionInfo::kFlagNone, 0,
332      PermissionMessage::kNone,
333      &CreateAPIPermission<MediaGalleriesPermission> },
334    { APIPermission::kPushMessaging, "pushMessaging",
335      APIPermissionInfo::kFlagCannotBeOptional },
336    { APIPermission::kUsb, "usb", APIPermissionInfo::kFlagNone,
337      IDS_EXTENSION_PROMPT_WARNING_USB,
338      PermissionMessage::kUsb },
339    { APIPermission::kUsbDevice, "usbDevices",
340      APIPermissionInfo::kFlagNone, 0, PermissionMessage::kNone,
341      &CreateAPIPermission<UsbDevicePermission> },
342    { APIPermission::kSystemIndicator, "systemIndicator",
343      APIPermissionInfo::kFlagNone,
344      IDS_EXTENSION_PROMPT_WARNING_SYSTEM_INDICATOR,
345      PermissionMessage::kSystemIndicator },
346    { APIPermission::kSystemCpu, "system.cpu" },
347    { APIPermission::kSystemMemory, "system.memory" },
348    { APIPermission::kSystemNetwork, "system.network" },
349    { APIPermission::kSystemDisplay, "system.display" },
350    { APIPermission::kSystemStorage, "system.storage" },
351    { APIPermission::kPointerLock, "pointerLock" },
352    { APIPermission::kFullscreen, "fullscreen" },
353    { APIPermission::kAudio, "audio" },
354    { APIPermission::kCastStreaming, "cast.streaming" },
355    { APIPermission::kOverrideEscFullscreen, "overrideEscFullscreen" },
356
357    // Settings override permissions.
358    { APIPermission::kHomepage, "homepage",
359      APIPermissionInfo::kFlagCannotBeOptional |
360      APIPermissionInfo::kFlagInternal,
361      IDS_EXTENSION_PROMPT_WARNING_HOME_PAGE_SETTING_OVERRIDE,
362      PermissionMessage::kHomepage },
363    { APIPermission::kSearchProvider, "searchProvider",
364      APIPermissionInfo::kFlagCannotBeOptional |
365      APIPermissionInfo::kFlagInternal,
366      IDS_EXTENSION_PROMPT_WARNING_SEARCH_SETTINGS_OVERRIDE,
367      PermissionMessage::kSearchProvider },
368    { APIPermission::kStartupPages, "startupPages",
369      APIPermissionInfo::kFlagCannotBeOptional |
370      APIPermissionInfo::kFlagInternal,
371      IDS_EXTENSION_PROMPT_WARNING_START_PAGE_SETTING_OVERRIDE,
372      PermissionMessage::kStartupPages },
373  };
374
375  std::vector<APIPermissionInfo*> permissions;
376
377  for (size_t i = 0; i < ARRAYSIZE_UNSAFE(PermissionsToRegister); ++i) {
378    const PermissionRegistration& pr = PermissionsToRegister[i];
379    permissions.push_back(new APIPermissionInfo(
380        pr.id, pr.name, pr.l10n_message_id,
381        pr.message_id ? pr.message_id : PermissionMessage::kNone,
382        pr.flags,
383        pr.constructor));
384  }
385  return permissions;
386}
387
388std::vector<PermissionsProvider::AliasInfo>
389ChromeAPIPermissions::GetAllAliases() const {
390  // Register aliases.
391  std::vector<PermissionsProvider::AliasInfo> aliases;
392  aliases.push_back(PermissionsProvider::AliasInfo(
393      "unlimitedStorage", kOldUnlimitedStoragePermission));
394  aliases.push_back(PermissionsProvider::AliasInfo(
395      "tabs", kWindowsPermission));
396  return aliases;
397}
398
399}  // namespace extensions
400