chrome_api_permissions.cc revision 5d1f7b1de12d16ceb2c938c56701a3e8bfa558f7
1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/common/extensions/permissions/chrome_api_permissions.h" 6 7#include "chrome/common/extensions/permissions/media_galleries_permission.h" 8#include "chrome/common/extensions/permissions/socket_permission.h" 9#include "chrome/common/extensions/permissions/usb_device_permission.h" 10#include "extensions/common/permissions/api_permission.h" 11#include "extensions/common/permissions/api_permission_set.h" 12#include "extensions/common/permissions/permission_message.h" 13#include "extensions/common/permissions/permissions_info.h" 14#include "grit/generated_resources.h" 15 16namespace extensions { 17 18namespace { 19 20const char kOldUnlimitedStoragePermission[] = "unlimited_storage"; 21const char kWindowsPermission[] = "windows"; 22 23template<typename T> APIPermission* CreateAPIPermission( 24 const APIPermissionInfo* permission) { 25 return new T(permission); 26} 27 28} // namespace 29 30std::vector<APIPermissionInfo*> ChromeAPIPermissions::GetAllPermissions() 31 const { 32 struct PermissionRegistration { 33 APIPermission::ID id; 34 const char* name; 35 int flags; 36 int l10n_message_id; 37 PermissionMessage::ID message_id; 38 APIPermissionInfo::APIPermissionConstructor constructor; 39 } PermissionsToRegister[] = { 40 // Register permissions for all extension types. 41 { APIPermission::kBackground, "background" }, 42 { APIPermission::kClipboardRead, "clipboardRead", 43 APIPermissionInfo::kFlagNone, 44 IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD, 45 PermissionMessage::kClipboard }, 46 { APIPermission::kClipboardWrite, "clipboardWrite" }, 47 { APIPermission::kDeclarativeContent, "declarativeContent" }, 48 { APIPermission::kDeclarativeWebRequest, "declarativeWebRequest", 49 APIPermissionInfo::kFlagNone, 50 IDS_EXTENSION_PROMPT_WARNING_DECLARATIVE_WEB_REQUEST, 51 PermissionMessage::kDeclarativeWebRequest }, 52 { APIPermission::kDesktopCapture, "desktopCapture", 53 APIPermissionInfo::kFlagNone, 54 IDS_EXTENSION_PROMPT_WARNING_DESKTOP_CAPTURE, 55 PermissionMessage::kDesktopCapture }, 56 { APIPermission::kDns, "dns" }, 57 { APIPermission::kDownloads, "downloads", APIPermissionInfo::kFlagNone, 58 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS, 59 PermissionMessage::kDownloads }, 60 { APIPermission::kDownloadsOpen, "downloads.open", 61 APIPermissionInfo::kFlagNone, 62 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS_OPEN, 63 PermissionMessage::kDownloadsOpen }, 64 { APIPermission::kDownloadsShelf, "downloads.shelf" }, 65 { APIPermission::kIdentity, "identity" }, 66 { APIPermission::kExperimental, "experimental", 67 APIPermissionInfo::kFlagCannotBeOptional }, 68 // NOTE(kalman): this is provided by a manifest property but needs to 69 // appear in the install permission dialogue, so we need a fake 70 // permission for it. See http://crbug.com/247857. 71 { APIPermission::kWebConnectable, "webConnectable", 72 APIPermissionInfo::kFlagCannotBeOptional | 73 APIPermissionInfo::kFlagInternal, 74 IDS_EXTENSION_PROMPT_WARNING_WEB_CONNECTABLE, 75 PermissionMessage::kWebConnectable}, 76 { APIPermission::kGeolocation, "geolocation", 77 APIPermissionInfo::kFlagCannotBeOptional, 78 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION, 79 PermissionMessage::kGeolocation }, 80 { APIPermission::kNotification, "notifications" }, 81 { APIPermission::kUnlimitedStorage, "unlimitedStorage", 82 APIPermissionInfo::kFlagCannotBeOptional }, 83 { APIPermission::kGcm, "gcm" }, 84 85 // Register extension permissions. 86 { APIPermission::kActiveTab, "activeTab" }, 87 { APIPermission::kAdView, "adview" }, 88 { APIPermission::kAlarms, "alarms" }, 89 { APIPermission::kBookmark, "bookmarks", APIPermissionInfo::kFlagNone, 90 IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS, 91 PermissionMessage::kBookmarks }, 92 { APIPermission::kBrailleDisplayPrivate, "brailleDisplayPrivate", 93 APIPermissionInfo::kFlagCannotBeOptional }, 94 { APIPermission::kBrowsingData, "browsingData" }, 95 { APIPermission::kContentSettings, "contentSettings", 96 APIPermissionInfo::kFlagNone, 97 IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS, 98 PermissionMessage::kContentSettings }, 99 { APIPermission::kContextMenus, "contextMenus" }, 100 { APIPermission::kCookie, "cookies" }, 101 { APIPermission::kFileBrowserHandler, "fileBrowserHandler", 102 APIPermissionInfo::kFlagCannotBeOptional }, 103 { APIPermission::kFontSettings, "fontSettings", 104 APIPermissionInfo::kFlagCannotBeOptional }, 105 { APIPermission::kHistory, "history", APIPermissionInfo::kFlagNone, 106 IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY, 107 PermissionMessage::kBrowsingHistory }, 108 { APIPermission::kIdltest, "idltest" }, 109 { APIPermission::kIdle, "idle" }, 110 { APIPermission::kInfobars, "infobars" }, 111 { APIPermission::kInput, "input", APIPermissionInfo::kFlagNone, 112 IDS_EXTENSION_PROMPT_WARNING_INPUT, 113 PermissionMessage::kInput }, 114 { APIPermission::kLocation, "location", 115 APIPermissionInfo::kFlagCannotBeOptional, 116 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION, 117 PermissionMessage::kGeolocation }, 118 { APIPermission::kManagement, "management", APIPermissionInfo::kFlagNone, 119 IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT, 120 PermissionMessage::kManagement }, 121 { APIPermission::kNativeMessaging, "nativeMessaging", 122 APIPermissionInfo::kFlagNone, 123 IDS_EXTENSION_PROMPT_WARNING_NATIVE_MESSAGING, 124 PermissionMessage::kNativeMessaging }, 125 { APIPermission::kPower, "power", }, 126 { APIPermission::kPrivacy, "privacy", APIPermissionInfo::kFlagNone, 127 IDS_EXTENSION_PROMPT_WARNING_PRIVACY, 128 PermissionMessage::kPrivacy }, 129 { APIPermission::kProcesses, "processes", APIPermissionInfo::kFlagNone, 130 IDS_EXTENSION_PROMPT_WARNING_TABS, 131 PermissionMessage::kTabs }, 132 { APIPermission::kSessions, "sessions" }, 133 { APIPermission::kSignedInDevices, "signedInDevices", 134 APIPermissionInfo::kFlagNone, 135 IDS_EXTENSION_PROMPT_WARNING_SIGNED_IN_DEVICES, 136 PermissionMessage::kSignedInDevices }, 137 { APIPermission::kStorage, "storage" }, 138 { APIPermission::kSyncFileSystem, "syncFileSystem", 139 APIPermissionInfo::kFlagNone, 140 IDS_EXTENSION_PROMPT_WARNING_SYNCFILESYSTEM, 141 PermissionMessage::kSyncFileSystem }, 142 { APIPermission::kTab, "tabs", APIPermissionInfo::kFlagNone, 143 IDS_EXTENSION_PROMPT_WARNING_TABS, 144 PermissionMessage::kTabs }, 145 { APIPermission::kTopSites, "topSites", APIPermissionInfo::kFlagNone, 146 IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY, 147 PermissionMessage::kBrowsingHistory }, 148 { APIPermission::kTts, "tts", 0, APIPermissionInfo::kFlagCannotBeOptional }, 149 { APIPermission::kTtsEngine, "ttsEngine", 150 APIPermissionInfo::kFlagCannotBeOptional, 151 IDS_EXTENSION_PROMPT_WARNING_TTS_ENGINE, 152 PermissionMessage::kTtsEngine }, 153 { APIPermission::kWallpaper, "wallpaper", 154 APIPermissionInfo::kFlagCannotBeOptional, 155 IDS_EXTENSION_PROMPT_WARNING_WALLPAPER, 156 PermissionMessage::kWallpaper }, 157 { APIPermission::kWebNavigation, "webNavigation", 158 APIPermissionInfo::kFlagNone, 159 IDS_EXTENSION_PROMPT_WARNING_TABS, PermissionMessage::kTabs }, 160 { APIPermission::kWebRequest, "webRequest" }, 161 { APIPermission::kWebRequestBlocking, "webRequestBlocking" }, 162 { APIPermission::kWebView, "webview", 163 APIPermissionInfo::kFlagCannotBeOptional }, 164 165 // Register private permissions. 166 { APIPermission::kScreenlockPrivate, "screenlockPrivate", 167 APIPermissionInfo::kFlagCannotBeOptional, 168 IDS_EXTENSION_PROMPT_WARNING_SCREENLOCK_PRIVATE, 169 PermissionMessage::kScreenlockPrivate }, 170 { APIPermission::kActivityLogPrivate, "activityLogPrivate", 171 APIPermissionInfo::kFlagCannotBeOptional, 172 IDS_EXTENSION_PROMPT_WARNING_ACTIVITY_LOG_PRIVATE, 173 PermissionMessage::kActivityLogPrivate }, 174 { APIPermission::kAutoTestPrivate, "autotestPrivate", 175 APIPermissionInfo::kFlagCannotBeOptional }, 176 { APIPermission::kBookmarkManagerPrivate, "bookmarkManagerPrivate", 177 APIPermissionInfo::kFlagCannotBeOptional }, 178 { APIPermission::kCast, "cast", 179 APIPermissionInfo::kFlagCannotBeOptional }, 180 { APIPermission::kChromeosInfoPrivate, "chromeosInfoPrivate", 181 APIPermissionInfo::kFlagCannotBeOptional }, 182 { APIPermission::kCommandLinePrivate, "commandLinePrivate", 183 APIPermissionInfo::kFlagCannotBeOptional }, 184 { APIPermission::kDeveloperPrivate, "developerPrivate", 185 APIPermissionInfo::kFlagCannotBeOptional }, 186 { APIPermission::kDiagnostics, "diagnostics", 187 APIPermissionInfo::kFlagCannotBeOptional }, 188 { APIPermission::kDial, "dial", APIPermissionInfo::kFlagCannotBeOptional }, 189 { APIPermission::kDownloadsInternal, "downloadsInternal" }, 190 { APIPermission::kFileBrowserHandlerInternal, "fileBrowserHandlerInternal", 191 APIPermissionInfo::kFlagCannotBeOptional }, 192 { APIPermission::kFileBrowserPrivate, "fileBrowserPrivate", 193 APIPermissionInfo::kFlagCannotBeOptional }, 194 { APIPermission::kHotwordPrivate, "hotwordPrivate", 195 APIPermissionInfo::kFlagCannotBeOptional }, 196 { APIPermission::kIdentityPrivate, "identityPrivate", 197 APIPermissionInfo::kFlagCannotBeOptional }, 198 { APIPermission::kLogPrivate, "logPrivate"}, 199 { APIPermission::kNetworkingPrivate, "networkingPrivate", 200 APIPermissionInfo::kFlagCannotBeOptional, 201 IDS_EXTENSION_PROMPT_WARNING_NETWORKING_PRIVATE, 202 PermissionMessage::kNetworkingPrivate }, 203 { APIPermission::kMediaPlayerPrivate, "mediaPlayerPrivate", 204 APIPermissionInfo::kFlagCannotBeOptional }, 205 { APIPermission::kMetricsPrivate, "metricsPrivate", 206 APIPermissionInfo::kFlagCannotBeOptional }, 207 { APIPermission::kMDns, "mdns", APIPermissionInfo::kFlagCannotBeOptional }, 208 { APIPermission::kMusicManagerPrivate, "musicManagerPrivate", 209 APIPermissionInfo::kFlagCannotBeOptional, 210 IDS_EXTENSION_PROMPT_WARNING_MUSIC_MANAGER_PRIVATE, 211 PermissionMessage::kMusicManagerPrivate }, 212 { APIPermission::kPreferencesPrivate, "preferencesPrivate", 213 APIPermissionInfo::kFlagCannotBeOptional }, 214 { APIPermission::kSystemPrivate, "systemPrivate", 215 APIPermissionInfo::kFlagCannotBeOptional }, 216 { APIPermission::kCloudPrintPrivate, "cloudPrintPrivate", 217 APIPermissionInfo::kFlagCannotBeOptional }, 218 { APIPermission::kInputMethodPrivate, "inputMethodPrivate", 219 APIPermissionInfo::kFlagCannotBeOptional }, 220 { APIPermission::kEchoPrivate, "echoPrivate", 221 APIPermissionInfo::kFlagCannotBeOptional }, 222 { APIPermission::kFeedbackPrivate, "feedbackPrivate", 223 APIPermissionInfo::kFlagCannotBeOptional }, 224 { APIPermission::kImageWriterPrivate, "imageWriterPrivate", 225 APIPermissionInfo::kFlagCannotBeOptional }, 226 { APIPermission::kReadingListPrivate, "readingListPrivate", 227 APIPermissionInfo::kFlagCannotBeOptional }, 228 { APIPermission::kRtcPrivate, "rtcPrivate", 229 APIPermissionInfo::kFlagCannotBeOptional }, 230 { APIPermission::kTerminalPrivate, "terminalPrivate", 231 APIPermissionInfo::kFlagCannotBeOptional }, 232 { APIPermission::kVirtualKeyboardPrivate, "virtualKeyboardPrivate", 233 APIPermissionInfo::kFlagCannotBeOptional }, 234 { APIPermission::kWallpaperPrivate, "wallpaperPrivate", 235 APIPermissionInfo::kFlagCannotBeOptional }, 236 { APIPermission::kWebRequestInternal, "webRequestInternal" }, 237 { APIPermission::kWebstorePrivate, "webstorePrivate", 238 APIPermissionInfo::kFlagCannotBeOptional }, 239 { APIPermission::kMediaGalleriesPrivate, "mediaGalleriesPrivate", 240 APIPermissionInfo::kFlagCannotBeOptional }, 241 { APIPermission::kStreamsPrivate, "streamsPrivate", 242 APIPermissionInfo::kFlagCannotBeOptional }, 243 { APIPermission::kEnterprisePlatformKeysPrivate, 244 "enterprise.platformKeysPrivate", 245 APIPermissionInfo::kFlagCannotBeOptional }, 246 { APIPermission::kWebrtcAudioPrivate, "webrtcAudioPrivate", 247 APIPermissionInfo::kFlagCannotBeOptional }, 248 { APIPermission::kWebrtcLoggingPrivate, "webrtcLoggingPrivate", 249 APIPermissionInfo::kFlagCannotBeOptional }, 250 { APIPermission::kPrincipalsPrivate, "principalsPrivate", 251 APIPermissionInfo::kFlagCannotBeOptional }, 252 { APIPermission::kFirstRunPrivate, "firstRunPrivate", 253 APIPermissionInfo::kFlagCannotBeOptional}, 254 255 // Full url access permissions. 256 { APIPermission::kDebugger, "debugger", 257 APIPermissionInfo::kFlagImpliesFullURLAccess | 258 APIPermissionInfo::kFlagCannotBeOptional, 259 IDS_EXTENSION_PROMPT_WARNING_DEBUGGER, 260 PermissionMessage::kDebugger }, 261 { APIPermission::kDevtools, "devtools", 262 APIPermissionInfo::kFlagImpliesFullURLAccess | 263 APIPermissionInfo::kFlagCannotBeOptional | 264 APIPermissionInfo::kFlagInternal }, 265 { APIPermission::kPageCapture, "pageCapture", 266 APIPermissionInfo::kFlagImpliesFullURLAccess }, 267 { APIPermission::kTabCapture, "tabCapture", 268 APIPermissionInfo::kFlagImpliesFullURLAccess }, 269 { APIPermission::kTabCaptureForTab, "tabCaptureForTab", 270 APIPermissionInfo::kFlagInternal }, 271 { APIPermission::kPlugin, "plugin", 272 APIPermissionInfo::kFlagImpliesFullURLAccess | 273 APIPermissionInfo::kFlagImpliesFullAccess | 274 APIPermissionInfo::kFlagCannotBeOptional | 275 APIPermissionInfo::kFlagInternal, 276 IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS, 277 PermissionMessage::kFullAccess }, 278 { APIPermission::kProxy, "proxy", 279 APIPermissionInfo::kFlagImpliesFullURLAccess | 280 APIPermissionInfo::kFlagCannotBeOptional }, 281 282 // Platform-app permissions. 283 { APIPermission::kSerial, "serial", APIPermissionInfo::kFlagNone, 284 IDS_EXTENSION_PROMPT_WARNING_SERIAL, 285 PermissionMessage::kSerial }, 286 // Because warning messages for the "socket" permission vary based on the 287 // permissions parameters, no message ID or message text is specified here. 288 // The message ID and text used will be determined at run-time in the 289 // |SocketPermission| class. 290 { APIPermission::kSocket, "socket", 291 APIPermissionInfo::kFlagCannotBeOptional, 0, 292 PermissionMessage::kNone, &CreateAPIPermission<SocketPermission> }, 293 { APIPermission::kAlwaysOnTopWindows, "alwaysOnTopWindows" }, 294 { APIPermission::kAudioCapture, "audioCapture", 295 APIPermissionInfo::kFlagNone, 296 IDS_EXTENSION_PROMPT_WARNING_AUDIO_CAPTURE, 297 PermissionMessage::kAudioCapture }, 298 { APIPermission::kVideoCapture, "videoCapture", 299 APIPermissionInfo::kFlagNone, 300 IDS_EXTENSION_PROMPT_WARNING_VIDEO_CAPTURE, 301 PermissionMessage::kVideoCapture }, 302 // The permission string for "fileSystem" is only shown when "write" or 303 // "directory" is present. Read-only access is only granted after the user 304 // has been shown a file or directory chooser dialog and selected a file or 305 // directory . Selecting the file or directory is considered consent to 306 // read it. 307 { APIPermission::kFileSystem, "fileSystem" }, 308 { APIPermission::kFileSystemDirectory, "fileSystem.directory", 309 APIPermissionInfo::kFlagNone, 310 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_DIRECTORY, 311 PermissionMessage::kFileSystemDirectory }, 312 { APIPermission::kFileSystemProvider, "fileSystemProvider" }, 313 { APIPermission::kFileSystemRetainEntries, "fileSystem.retainEntries" }, 314 { APIPermission::kFileSystemWrite, "fileSystem.write", 315 APIPermissionInfo::kFlagNone, 316 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE, 317 PermissionMessage::kFileSystemWrite }, 318 { APIPermission::kFileSystemWriteDirectory, "fileSystem.writeDirectory", 319 APIPermissionInfo::kFlagNone, 320 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY, 321 PermissionMessage::kFileSystemWriteDirectory }, 322 { APIPermission::kHid, "hid", APIPermissionInfo::kFlagNone, 323 IDS_EXTENSION_PROMPT_WARNING_HID, 324 PermissionMessage::kHid }, 325 // Because warning messages for the "mediaGalleries" permission vary based 326 // on the permissions parameters, no message ID or message text is 327 // specified here. 328 // The message ID and text used will be determined at run-time in the 329 // |MediaGalleriesPermission| class. 330 { APIPermission::kMediaGalleries, "mediaGalleries", 331 APIPermissionInfo::kFlagNone, 0, 332 PermissionMessage::kNone, 333 &CreateAPIPermission<MediaGalleriesPermission> }, 334 { APIPermission::kPushMessaging, "pushMessaging", 335 APIPermissionInfo::kFlagCannotBeOptional }, 336 { APIPermission::kUsb, "usb", APIPermissionInfo::kFlagNone, 337 IDS_EXTENSION_PROMPT_WARNING_USB, 338 PermissionMessage::kUsb }, 339 { APIPermission::kUsbDevice, "usbDevices", 340 APIPermissionInfo::kFlagNone, 0, PermissionMessage::kNone, 341 &CreateAPIPermission<UsbDevicePermission> }, 342 { APIPermission::kSystemIndicator, "systemIndicator", 343 APIPermissionInfo::kFlagNone, 344 IDS_EXTENSION_PROMPT_WARNING_SYSTEM_INDICATOR, 345 PermissionMessage::kSystemIndicator }, 346 { APIPermission::kSystemCpu, "system.cpu" }, 347 { APIPermission::kSystemMemory, "system.memory" }, 348 { APIPermission::kSystemNetwork, "system.network" }, 349 { APIPermission::kSystemDisplay, "system.display" }, 350 { APIPermission::kSystemStorage, "system.storage" }, 351 { APIPermission::kPointerLock, "pointerLock" }, 352 { APIPermission::kFullscreen, "fullscreen" }, 353 { APIPermission::kAudio, "audio" }, 354 { APIPermission::kCastStreaming, "cast.streaming" }, 355 { APIPermission::kOverrideEscFullscreen, "overrideEscFullscreen" }, 356 357 // Settings override permissions. 358 { APIPermission::kHomepage, "homepage", 359 APIPermissionInfo::kFlagCannotBeOptional | 360 APIPermissionInfo::kFlagInternal, 361 IDS_EXTENSION_PROMPT_WARNING_HOME_PAGE_SETTING_OVERRIDE, 362 PermissionMessage::kHomepage }, 363 { APIPermission::kSearchProvider, "searchProvider", 364 APIPermissionInfo::kFlagCannotBeOptional | 365 APIPermissionInfo::kFlagInternal, 366 IDS_EXTENSION_PROMPT_WARNING_SEARCH_SETTINGS_OVERRIDE, 367 PermissionMessage::kSearchProvider }, 368 { APIPermission::kStartupPages, "startupPages", 369 APIPermissionInfo::kFlagCannotBeOptional | 370 APIPermissionInfo::kFlagInternal, 371 IDS_EXTENSION_PROMPT_WARNING_START_PAGE_SETTING_OVERRIDE, 372 PermissionMessage::kStartupPages }, 373 }; 374 375 std::vector<APIPermissionInfo*> permissions; 376 377 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(PermissionsToRegister); ++i) { 378 const PermissionRegistration& pr = PermissionsToRegister[i]; 379 permissions.push_back(new APIPermissionInfo( 380 pr.id, pr.name, pr.l10n_message_id, 381 pr.message_id ? pr.message_id : PermissionMessage::kNone, 382 pr.flags, 383 pr.constructor)); 384 } 385 return permissions; 386} 387 388std::vector<PermissionsProvider::AliasInfo> 389ChromeAPIPermissions::GetAllAliases() const { 390 // Register aliases. 391 std::vector<PermissionsProvider::AliasInfo> aliases; 392 aliases.push_back(PermissionsProvider::AliasInfo( 393 "unlimitedStorage", kOldUnlimitedStoragePermission)); 394 aliases.push_back(PermissionsProvider::AliasInfo( 395 "tabs", kWindowsPermission)); 396 return aliases; 397} 398 399} // namespace extensions 400