chrome_api_permissions.cc revision 5f1c94371a64b3196d4be9466099bb892df9b88e 
1// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/common/extensions/permissions/chrome_api_permissions.h"
6
7#include "extensions/common/permissions/api_permission.h"
8#include "extensions/common/permissions/api_permission_set.h"
9#include "extensions/common/permissions/media_galleries_permission.h"
10#include "extensions/common/permissions/permission_message.h"
11#include "extensions/common/permissions/permissions_info.h"
12#include "grit/extensions_strings.h"
13#include "grit/generated_resources.h"
14
15namespace extensions {
16
17namespace {
18
19const char kOldAlwaysOnTopWindowsPermission[] = "alwaysOnTopWindows";
20const char kOldFullscreenPermission[] = "fullscreen";
21const char kOldOverrideEscFullscreenPermission[] = "overrideEscFullscreen";
22const char kOldUnlimitedStoragePermission[] = "unlimited_storage";
23const char kWindowsPermission[] = "windows";
24
25template<typename T> APIPermission* CreateAPIPermission(
26    const APIPermissionInfo* permission) {
27  return new T(permission);
28}
29
30}  // namespace
31
32std::vector<APIPermissionInfo*> ChromeAPIPermissions::GetAllPermissions()
33    const {
34  APIPermissionInfo::InitInfo permissions_to_register[] = {
35      // Register permissions for all extension types.
36      {APIPermission::kAppView, "appview",
37       APIPermissionInfo::kFlagCannotBeOptional},
38      {APIPermission::kBackground, "background"},
39      {APIPermission::kClipboardRead, "clipboardRead",
40       APIPermissionInfo::kFlagNone, IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD,
41       PermissionMessage::kClipboard},
42      {APIPermission::kClipboardWrite, "clipboardWrite"},
43      {APIPermission::kDeclarativeContent, "declarativeContent"},
44      {APIPermission::kDeclarativeWebRequest, "declarativeWebRequest",
45       APIPermissionInfo::kFlagNone,
46       IDS_EXTENSION_PROMPT_WARNING_DECLARATIVE_WEB_REQUEST,
47       PermissionMessage::kDeclarativeWebRequest},
48      {APIPermission::kDesktopCapture, "desktopCapture",
49       APIPermissionInfo::kFlagNone,
50       IDS_EXTENSION_PROMPT_WARNING_DESKTOP_CAPTURE,
51       PermissionMessage::kDesktopCapture},
52      {APIPermission::kDownloads, "downloads", APIPermissionInfo::kFlagNone,
53       IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS, PermissionMessage::kDownloads},
54      {APIPermission::kDownloadsOpen, "downloads.open",
55       APIPermissionInfo::kFlagNone,
56       IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS_OPEN,
57       PermissionMessage::kDownloadsOpen},
58      {APIPermission::kDownloadsShelf, "downloads.shelf"},
59      {APIPermission::kEasyUnlockPrivate, "easyUnlockPrivate"},
60      {APIPermission::kIdentity, "identity"},
61      {APIPermission::kIdentityEmail, "identity.email",
62       APIPermissionInfo::kFlagNone,
63       IDS_EXTENSION_PROMPT_WARNING_IDENTITY_EMAIL,
64       PermissionMessage::kIdentityEmail},
65      {APIPermission::kExperimental, "experimental",
66       APIPermissionInfo::kFlagCannotBeOptional},
67      {APIPermission::kEmbeddedExtensionOptions, "embeddedExtensionOptions",
68       APIPermissionInfo::kFlagCannotBeOptional},
69      // NOTE(kalman): this is provided by a manifest property but needs to
70      // appear in the install permission dialogue, so we need a fake
71      // permission for it. See http://crbug.com/247857.
72      {APIPermission::kWebConnectable, "webConnectable",
73       APIPermissionInfo::kFlagCannotBeOptional |
74           APIPermissionInfo::kFlagInternal,
75       IDS_EXTENSION_PROMPT_WARNING_WEB_CONNECTABLE,
76       PermissionMessage::kWebConnectable},
77      {APIPermission::kGeolocation, "geolocation",
78       APIPermissionInfo::kFlagCannotBeOptional,
79       IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
80       PermissionMessage::kGeolocation},
81      {APIPermission::kNotifications, "notifications"},
82      {APIPermission::kUnlimitedStorage, "unlimitedStorage",
83       APIPermissionInfo::kFlagCannotBeOptional},
84      {APIPermission::kGcdPrivate, "gcdPrivate"},
85      {APIPermission::kGcm, "gcm"},
86      {APIPermission::kNotificationProvider, "notificationProvider"},
87
88      // Register extension permissions.
89      {APIPermission::kAccessibilityFeaturesModify,
90       "accessibilityFeatures.modify", APIPermissionInfo::kFlagNone,
91       IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_MODIFY,
92       PermissionMessage::kAccessibilityFeaturesModify},
93      {APIPermission::kAccessibilityFeaturesRead, "accessibilityFeatures.read",
94       APIPermissionInfo::kFlagNone,
95       IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_READ,
96       PermissionMessage::kAccessibilityFeaturesRead},
97      {APIPermission::kAccessibilityPrivate, "accessibilityPrivate",
98       APIPermissionInfo::kFlagCannotBeOptional},
99      {APIPermission::kActiveTab, "activeTab"},
100      {APIPermission::kAlarms, "alarms"},
101      {APIPermission::kBookmark, "bookmarks", APIPermissionInfo::kFlagNone,
102       IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS, PermissionMessage::kBookmarks},
103      {APIPermission::kBrailleDisplayPrivate, "brailleDisplayPrivate",
104       APIPermissionInfo::kFlagCannotBeOptional},
105      {APIPermission::kBrowsingData, "browsingData"},
106      {APIPermission::kContentSettings, "contentSettings",
107       APIPermissionInfo::kFlagNone,
108       IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS,
109       PermissionMessage::kContentSettings},
110      {APIPermission::kContextMenus, "contextMenus"},
111      {APIPermission::kCookie, "cookies"},
112      {APIPermission::kCopresencePrivate, "copresencePrivate"},
113      {APIPermission::kEnterprisePlatformKeys, "enterprise.platformKeys"},
114      {APIPermission::kFileBrowserHandler, "fileBrowserHandler",
115       APIPermissionInfo::kFlagCannotBeOptional},
116      {APIPermission::kFontSettings, "fontSettings",
117       APIPermissionInfo::kFlagCannotBeOptional},
118      {APIPermission::kHistory, "history", APIPermissionInfo::kFlagNone,
119       IDS_EXTENSION_PROMPT_WARNING_HISTORY_WRITE,
120       PermissionMessage::kBrowsingHistory},
121      {APIPermission::kIdltest, "idltest"},
122      {APIPermission::kIdle, "idle"},
123      {APIPermission::kInfobars, "infobars"},
124      {APIPermission::kInput, "input", APIPermissionInfo::kFlagNone,
125       IDS_EXTENSION_PROMPT_WARNING_INPUT, PermissionMessage::kInput},
126      {APIPermission::kLedger, "ledger"},
127      {APIPermission::kLocation, "location",
128       APIPermissionInfo::kFlagCannotBeOptional,
129       IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
130       PermissionMessage::kGeolocation},
131      {APIPermission::kManagement, "management", APIPermissionInfo::kFlagNone,
132       IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT, PermissionMessage::kManagement},
133      {APIPermission::kNativeMessaging, "nativeMessaging",
134       APIPermissionInfo::kFlagNone,
135       IDS_EXTENSION_PROMPT_WARNING_NATIVE_MESSAGING,
136       PermissionMessage::kNativeMessaging},
137      {APIPermission::kPrivacy, "privacy", APIPermissionInfo::kFlagNone,
138       IDS_EXTENSION_PROMPT_WARNING_PRIVACY, PermissionMessage::kPrivacy},
139      {APIPermission::kProcesses, "processes", APIPermissionInfo::kFlagNone,
140       IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ, PermissionMessage::kTabs},
141      {APIPermission::kSessions, "sessions"},
142      {APIPermission::kSignedInDevices, "signedInDevices",
143       APIPermissionInfo::kFlagNone,
144       IDS_EXTENSION_PROMPT_WARNING_SIGNED_IN_DEVICES,
145       PermissionMessage::kSignedInDevices},
146      {APIPermission::kSyncFileSystem, "syncFileSystem",
147       APIPermissionInfo::kFlagNone,
148       IDS_EXTENSION_PROMPT_WARNING_SYNCFILESYSTEM,
149       PermissionMessage::kSyncFileSystem},
150      {APIPermission::kTab, "tabs", APIPermissionInfo::kFlagNone,
151       IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ, PermissionMessage::kTabs},
152      {APIPermission::kTopSites, "topSites", APIPermissionInfo::kFlagNone,
153       IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ, PermissionMessage::kTabs},
154      {APIPermission::kTts, "tts", 0, APIPermissionInfo::kFlagCannotBeOptional},
155      {APIPermission::kTtsEngine, "ttsEngine",
156       APIPermissionInfo::kFlagCannotBeOptional,
157       IDS_EXTENSION_PROMPT_WARNING_TTS_ENGINE, PermissionMessage::kTtsEngine},
158      {APIPermission::kWallpaper, "wallpaper",
159       APIPermissionInfo::kFlagCannotBeOptional,
160       IDS_EXTENSION_PROMPT_WARNING_WALLPAPER, PermissionMessage::kWallpaper},
161      {APIPermission::kWebNavigation, "webNavigation",
162       APIPermissionInfo::kFlagNone, IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ,
163       PermissionMessage::kTabs},
164      {APIPermission::kWebRequest, "webRequest"},
165      {APIPermission::kWebRequestBlocking, "webRequestBlocking"},
166      {APIPermission::kWebView, "webview",
167       APIPermissionInfo::kFlagCannotBeOptional},
168
169      // Register private permissions.
170      {APIPermission::kScreenlockPrivate, "screenlockPrivate",
171       APIPermissionInfo::kFlagCannotBeOptional,
172       IDS_EXTENSION_PROMPT_WARNING_SCREENLOCK_PRIVATE,
173       PermissionMessage::kScreenlockPrivate},
174      {APIPermission::kActivityLogPrivate, "activityLogPrivate",
175       APIPermissionInfo::kFlagCannotBeOptional,
176       IDS_EXTENSION_PROMPT_WARNING_ACTIVITY_LOG_PRIVATE,
177       PermissionMessage::kActivityLogPrivate},
178      {APIPermission::kAutoTestPrivate, "autotestPrivate",
179       APIPermissionInfo::kFlagCannotBeOptional},
180      {APIPermission::kBookmarkManagerPrivate, "bookmarkManagerPrivate",
181       APIPermissionInfo::kFlagCannotBeOptional},
182      {APIPermission::kCast, "cast", APIPermissionInfo::kFlagCannotBeOptional},
183      {APIPermission::kChromeosInfoPrivate, "chromeosInfoPrivate",
184       APIPermissionInfo::kFlagCannotBeOptional},
185      {APIPermission::kCommandLinePrivate, "commandLinePrivate",
186       APIPermissionInfo::kFlagCannotBeOptional},
187      {APIPermission::kDeveloperPrivate, "developerPrivate",
188       APIPermissionInfo::kFlagCannotBeOptional},
189      {APIPermission::kDiagnostics, "diagnostics",
190       APIPermissionInfo::kFlagCannotBeOptional},
191      {APIPermission::kDial, "dial", APIPermissionInfo::kFlagCannotBeOptional},
192      {APIPermission::kDownloadsInternal, "downloadsInternal"},
193      {APIPermission::kExperienceSamplingPrivate, "experienceSamplingPrivate",
194       APIPermissionInfo::kFlagCannotBeOptional,
195       IDS_EXTENSION_PROMPT_WARNING_EXPERIENCE_SAMPLING_PRIVATE,
196       PermissionMessage::kExperienceSamplingPrivate},
197      {APIPermission::kFileBrowserHandlerInternal, "fileBrowserHandlerInternal",
198       APIPermissionInfo::kFlagCannotBeOptional},
199      {APIPermission::kFileBrowserPrivate, "fileBrowserPrivate",
200       APIPermissionInfo::kFlagCannotBeOptional},
201      {APIPermission::kHotwordPrivate, "hotwordPrivate",
202       APIPermissionInfo::kFlagCannotBeOptional},
203      {APIPermission::kIdentityPrivate, "identityPrivate",
204       APIPermissionInfo::kFlagCannotBeOptional},
205      {APIPermission::kLogPrivate, "logPrivate",
206       APIPermissionInfo::kFlagCannotBeOptional},
207      {APIPermission::kWebcamPrivate, "webcamPrivate"},
208      {APIPermission::kNetworkingPrivate, "networkingPrivate",
209       APIPermissionInfo::kFlagCannotBeOptional,
210       IDS_EXTENSION_PROMPT_WARNING_NETWORKING_PRIVATE,
211       PermissionMessage::kNetworkingPrivate},
212      {APIPermission::kMediaPlayerPrivate, "mediaPlayerPrivate",
213       APIPermissionInfo::kFlagCannotBeOptional},
214      {APIPermission::kMetricsPrivate, "metricsPrivate",
215       APIPermissionInfo::kFlagCannotBeOptional},
216      {APIPermission::kMDns, "mdns", APIPermissionInfo::kFlagCannotBeOptional},
217      {APIPermission::kMusicManagerPrivate, "musicManagerPrivate",
218       APIPermissionInfo::kFlagCannotBeOptional,
219       IDS_EXTENSION_PROMPT_WARNING_MUSIC_MANAGER_PRIVATE,
220       PermissionMessage::kMusicManagerPrivate},
221      {APIPermission::kPreferencesPrivate, "preferencesPrivate",
222       APIPermissionInfo::kFlagCannotBeOptional},
223      {APIPermission::kSystemPrivate, "systemPrivate",
224       APIPermissionInfo::kFlagCannotBeOptional},
225      {APIPermission::kCloudPrintPrivate, "cloudPrintPrivate",
226       APIPermissionInfo::kFlagCannotBeOptional},
227      {APIPermission::kInputMethodPrivate, "inputMethodPrivate",
228       APIPermissionInfo::kFlagCannotBeOptional},
229      {APIPermission::kEchoPrivate, "echoPrivate",
230       APIPermissionInfo::kFlagCannotBeOptional},
231      {APIPermission::kFeedbackPrivate, "feedbackPrivate",
232       APIPermissionInfo::kFlagCannotBeOptional},
233      {APIPermission::kImageWriterPrivate, "imageWriterPrivate",
234       APIPermissionInfo::kFlagCannotBeOptional},
235      {APIPermission::kReadingListPrivate, "readingListPrivate",
236       APIPermissionInfo::kFlagCannotBeOptional},
237      {APIPermission::kRtcPrivate, "rtcPrivate",
238       APIPermissionInfo::kFlagCannotBeOptional},
239      {APIPermission::kSyncedNotificationsPrivate,
240       "syncedNotificationsPrivate"},
241      {APIPermission::kTerminalPrivate, "terminalPrivate",
242       APIPermissionInfo::kFlagCannotBeOptional},
243      {APIPermission::kVirtualKeyboardPrivate, "virtualKeyboardPrivate",
244       APIPermissionInfo::kFlagCannotBeOptional},
245      {APIPermission::kWallpaperPrivate, "wallpaperPrivate",
246       APIPermissionInfo::kFlagCannotBeOptional},
247      {APIPermission::kWebstorePrivate, "webstorePrivate",
248       APIPermissionInfo::kFlagCannotBeOptional},
249      {APIPermission::kMediaGalleriesPrivate, "mediaGalleriesPrivate",
250       APIPermissionInfo::kFlagCannotBeOptional},
251      {APIPermission::kStreamsPrivate, "streamsPrivate",
252       APIPermissionInfo::kFlagCannotBeOptional},
253      {APIPermission::kEnterprisePlatformKeysPrivate,
254       "enterprise.platformKeysPrivate",
255       APIPermissionInfo::kFlagCannotBeOptional},
256      {APIPermission::kWebrtcAudioPrivate, "webrtcAudioPrivate",
257       APIPermissionInfo::kFlagCannotBeOptional},
258      {APIPermission::kWebrtcLoggingPrivate, "webrtcLoggingPrivate",
259       APIPermissionInfo::kFlagCannotBeOptional},
260      {APIPermission::kPrincipalsPrivate, "principalsPrivate",
261       APIPermissionInfo::kFlagCannotBeOptional},
262      {APIPermission::kFirstRunPrivate, "firstRunPrivate",
263       APIPermissionInfo::kFlagCannotBeOptional},
264      {APIPermission::kBluetoothPrivate, "bluetoothPrivate",
265       APIPermissionInfo::kFlagCannotBeOptional,
266       IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH_PRIVATE,
267       PermissionMessage::kBluetoothPrivate},
268
269      // Full url access permissions.
270      {APIPermission::kDebugger, "debugger",
271       APIPermissionInfo::kFlagImpliesFullURLAccess |
272           APIPermissionInfo::kFlagCannotBeOptional,
273       IDS_EXTENSION_PROMPT_WARNING_DEBUGGER, PermissionMessage::kDebugger},
274      {APIPermission::kDevtools, "devtools",
275       APIPermissionInfo::kFlagImpliesFullURLAccess |
276           APIPermissionInfo::kFlagCannotBeOptional |
277           APIPermissionInfo::kFlagInternal},
278      {APIPermission::kPageCapture, "pageCapture",
279       APIPermissionInfo::kFlagImpliesFullURLAccess},
280      {APIPermission::kTabCapture, "tabCapture",
281       APIPermissionInfo::kFlagImpliesFullURLAccess},
282      {APIPermission::kTabCaptureForTab, "tabCaptureForTab",
283       APIPermissionInfo::kFlagInternal},
284      {APIPermission::kPlugin, "plugin",
285       APIPermissionInfo::kFlagImpliesFullURLAccess |
286           APIPermissionInfo::kFlagImpliesFullAccess |
287           APIPermissionInfo::kFlagCannotBeOptional |
288           APIPermissionInfo::kFlagInternal,
289       IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS,
290       PermissionMessage::kFullAccess},
291      {APIPermission::kProxy, "proxy",
292       APIPermissionInfo::kFlagImpliesFullURLAccess |
293           APIPermissionInfo::kFlagCannotBeOptional},
294
295      // Platform-app permissions.
296      {APIPermission::kAlwaysOnTopWindows, "app.window.alwaysOnTop"},
297      {APIPermission::kAudioCapture, "audioCapture",
298       APIPermissionInfo::kFlagNone, IDS_EXTENSION_PROMPT_WARNING_AUDIO_CAPTURE,
299       PermissionMessage::kAudioCapture},
300      {APIPermission::kVideoCapture, "videoCapture",
301       APIPermissionInfo::kFlagNone, IDS_EXTENSION_PROMPT_WARNING_VIDEO_CAPTURE,
302       PermissionMessage::kVideoCapture},
303      // The permission string for "fileSystem" is only shown when
304      // "write" or "directory" is present. Read-only access is only
305      // granted after the user has been shown a file or directory
306      // chooser dialog and selected a file or directory. Selecting
307      // the file or directory is considered consent to read it.
308      {APIPermission::kFileSystem, "fileSystem"},
309      {APIPermission::kFileSystemDirectory, "fileSystem.directory",
310       APIPermissionInfo::kFlagNone,
311       IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_DIRECTORY,
312       PermissionMessage::kFileSystemDirectory},
313      {APIPermission::kFileSystemProvider, "fileSystemProvider"},
314      {APIPermission::kFileSystemRetainEntries, "fileSystem.retainEntries"},
315      {APIPermission::kFileSystemWrite, "fileSystem.write"},
316      {APIPermission::kFileSystemWriteDirectory, "fileSystem.writeDirectory",
317       APIPermissionInfo::kFlagNone,
318       IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY,
319       PermissionMessage::kFileSystemWriteDirectory},
320      // Because warning messages for the "mediaGalleries" permission
321      // vary based on the permissions parameters, no message ID or
322      // message text is specified here.  The message ID and text used
323      // will be determined at run-time in the
324      // |MediaGalleriesPermission| class.
325      {APIPermission::kMediaGalleries, "mediaGalleries",
326       APIPermissionInfo::kFlagNone, 0, PermissionMessage::kNone,
327       &CreateAPIPermission<MediaGalleriesPermission>},
328      {APIPermission::kPushMessaging, "pushMessaging",
329       APIPermissionInfo::kFlagCannotBeOptional},
330      {APIPermission::kSystemCpu, "system.cpu"},
331      {APIPermission::kSystemMemory, "system.memory"},
332      {APIPermission::kSystemNetwork, "system.network"},
333      {APIPermission::kSystemDisplay, "system.display"},
334      {APIPermission::kSystemStorage, "system.storage"},
335      {APIPermission::kPointerLock, "pointerLock"},
336      {APIPermission::kFullscreen, "app.window.fullscreen"},
337      {APIPermission::kAudio, "audio"},
338      {APIPermission::kCastStreaming, "cast.streaming"},
339      {APIPermission::kOverrideEscFullscreen,
340       "app.window.fullscreen.overrideEsc"},
341      {APIPermission::kWindowShape, "app.window.shape"},
342      {APIPermission::kBrowser, "browser"},
343
344      // Settings override permissions.
345      {APIPermission::kHomepage, "homepage",
346       APIPermissionInfo::kFlagCannotBeOptional |
347           APIPermissionInfo::kFlagInternal,
348       IDS_EXTENSION_PROMPT_WARNING_HOME_PAGE_SETTING_OVERRIDE,
349       PermissionMessage::kHomepage},
350      {APIPermission::kSearchProvider, "searchProvider",
351       APIPermissionInfo::kFlagCannotBeOptional |
352           APIPermissionInfo::kFlagInternal,
353       IDS_EXTENSION_PROMPT_WARNING_SEARCH_SETTINGS_OVERRIDE,
354       PermissionMessage::kSearchProvider},
355      {APIPermission::kStartupPages, "startupPages",
356       APIPermissionInfo::kFlagCannotBeOptional |
357           APIPermissionInfo::kFlagInternal,
358       IDS_EXTENSION_PROMPT_WARNING_START_PAGE_SETTING_OVERRIDE,
359       PermissionMessage::kStartupPages},
360  };
361
362  std::vector<APIPermissionInfo*> permissions;
363
364  for (size_t i = 0; i < ARRAYSIZE_UNSAFE(permissions_to_register); ++i)
365    permissions.push_back(new APIPermissionInfo(permissions_to_register[i]));
366  return permissions;
367}
368
369std::vector<PermissionsProvider::AliasInfo>
370ChromeAPIPermissions::GetAllAliases() const {
371  // Register aliases.
372  std::vector<PermissionsProvider::AliasInfo> aliases;
373  aliases.push_back(PermissionsProvider::AliasInfo(
374      "app.window.alwaysOnTop", kOldAlwaysOnTopWindowsPermission));
375  aliases.push_back(PermissionsProvider::AliasInfo("app.window.fullscreen",
376                                                   kOldFullscreenPermission));
377  aliases.push_back(
378      PermissionsProvider::AliasInfo("app.window.fullscreen.overrideEsc",
379                                     kOldOverrideEscFullscreenPermission));
380  aliases.push_back(PermissionsProvider::AliasInfo(
381      "unlimitedStorage", kOldUnlimitedStoragePermission));
382  aliases.push_back(PermissionsProvider::AliasInfo(
383      "tabs", kWindowsPermission));
384  return aliases;
385}
386
387}  // namespace extensions
388