chrome_api_permissions.cc revision 90dce4d38c5ff5333bea97d859d4e484e27edf0c
1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/common/extensions/permissions/chrome_api_permissions.h" 6 7#include "chrome/common/extensions/permissions/api_permission.h" 8#include "chrome/common/extensions/permissions/api_permission_set.h" 9#include "chrome/common/extensions/permissions/bluetooth_device_permission.h" 10#include "chrome/common/extensions/permissions/media_galleries_permission.h" 11#include "chrome/common/extensions/permissions/permission_message.h" 12#include "chrome/common/extensions/permissions/permissions_info.h" 13#include "chrome/common/extensions/permissions/socket_permission.h" 14#include "chrome/common/extensions/permissions/usb_device_permission.h" 15#include "grit/generated_resources.h" 16 17namespace extensions { 18 19namespace { 20 21const char kOldUnlimitedStoragePermission[] = "unlimited_storage"; 22const char kWindowsPermission[] = "windows"; 23 24template<typename T> APIPermission* CreateAPIPermission( 25 const APIPermissionInfo* permission) { 26 return new T(permission); 27} 28 29} // namespace 30 31std::vector<APIPermissionInfo*> ChromeAPIPermissions::GetAllPermissions() 32 const { 33 struct PermissionRegistration { 34 APIPermission::ID id; 35 const char* name; 36 int flags; 37 int l10n_message_id; 38 PermissionMessage::ID message_id; 39 APIPermissionInfo::APIPermissionConstructor constructor; 40 } PermissionsToRegister[] = { 41 // Register permissions for all extension types. 42 { APIPermission::kBackground, "background" }, 43 { APIPermission::kClipboardRead, "clipboardRead", 44 APIPermissionInfo::kFlagNone, 45 IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD, 46 PermissionMessage::kClipboard }, 47 { APIPermission::kClipboardWrite, "clipboardWrite" }, 48 { APIPermission::kDeclarativeContent, "declarativeContent" }, 49 { APIPermission::kDeclarativeWebRequest, "declarativeWebRequest" }, 50 { APIPermission::kDownloads, "downloads", APIPermissionInfo::kFlagNone, 51 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS, 52 PermissionMessage::kDownloads }, 53 { APIPermission::kIdentity, "identity" }, 54 { APIPermission::kExperimental, "experimental", 55 APIPermissionInfo::kFlagCannotBeOptional }, 56 { APIPermission::kGeolocation, "geolocation", 57 APIPermissionInfo::kFlagCannotBeOptional, 58 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION, 59 PermissionMessage::kGeolocation }, 60 { APIPermission::kNotification, "notifications" }, 61 { APIPermission::kScreensaver, "screensaver" }, 62 { APIPermission::kUnlimitedStorage, "unlimitedStorage", 63 APIPermissionInfo::kFlagCannotBeOptional }, 64 65 // Register extension permissions. 66 { APIPermission::kActiveTab, "activeTab" }, 67 { APIPermission::kAdView, "adview" }, 68 { APIPermission::kAlarms, "alarms" }, 69 { APIPermission::kBookmark, "bookmarks", APIPermissionInfo::kFlagNone, 70 IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS, 71 PermissionMessage::kBookmarks }, 72 { APIPermission::kBrowsingData, "browsingData" }, 73 { APIPermission::kContentSettings, "contentSettings", 74 APIPermissionInfo::kFlagNone, 75 IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS, 76 PermissionMessage::kContentSettings }, 77 { APIPermission::kContextMenus, "contextMenus" }, 78 { APIPermission::kCookie, "cookies" }, 79 { APIPermission::kFileBrowserHandler, "fileBrowserHandler", 80 APIPermissionInfo::kFlagCannotBeOptional }, 81 { APIPermission::kFontSettings, "fontSettings", 82 APIPermissionInfo::kFlagCannotBeOptional }, 83 { APIPermission::kHistory, "history", APIPermissionInfo::kFlagNone, 84 IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY, 85 PermissionMessage::kBrowsingHistory }, 86 { APIPermission::kIdle, "idle" }, 87 { APIPermission::kInput, "input", APIPermissionInfo::kFlagNone, 88 IDS_EXTENSION_PROMPT_WARNING_INPUT, 89 PermissionMessage::kInput }, 90 { APIPermission::kLocation, "location", 91 APIPermissionInfo::kFlagCannotBeOptional, 92 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION, 93 PermissionMessage::kGeolocation }, 94 { APIPermission::kManagement, "management", APIPermissionInfo::kFlagNone, 95 IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT, 96 PermissionMessage::kManagement }, 97 { APIPermission::kNativeMessaging, "nativeMessaging" }, 98 { APIPermission::kPower, "power", }, 99 { APIPermission::kPrivacy, "privacy", APIPermissionInfo::kFlagNone, 100 IDS_EXTENSION_PROMPT_WARNING_PRIVACY, 101 PermissionMessage::kPrivacy }, 102 { APIPermission::kSessionRestore, "sessionRestore" }, 103 { APIPermission::kStorage, "storage" }, 104 { APIPermission::kSyncFileSystem, "syncFileSystem", 105 APIPermissionInfo::kFlagNone, 106 IDS_EXTENSION_PROMPT_WARNING_SYNCFILESYSTEM, 107 PermissionMessage::kSyncFileSystem }, 108 { APIPermission::kTab, "tabs", APIPermissionInfo::kFlagNone, 109 IDS_EXTENSION_PROMPT_WARNING_TABS, 110 PermissionMessage::kTabs }, 111 { APIPermission::kTopSites, "topSites", APIPermissionInfo::kFlagNone, 112 IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY, 113 PermissionMessage::kBrowsingHistory }, 114 { APIPermission::kTts, "tts", 0, APIPermissionInfo::kFlagCannotBeOptional }, 115 { APIPermission::kTtsEngine, "ttsEngine", 116 APIPermissionInfo::kFlagCannotBeOptional, 117 IDS_EXTENSION_PROMPT_WARNING_TTS_ENGINE, 118 PermissionMessage::kTtsEngine }, 119 { APIPermission::kWebNavigation, "webNavigation", 120 APIPermissionInfo::kFlagNone, 121 IDS_EXTENSION_PROMPT_WARNING_TABS, PermissionMessage::kTabs }, 122 { APIPermission::kWebRequest, "webRequest" }, 123 { APIPermission::kWebRequestBlocking, "webRequestBlocking" }, 124 { APIPermission::kWebView, "webview", 125 APIPermissionInfo::kFlagCannotBeOptional }, 126 127 // Register private permissions. 128 { APIPermission::kAutoTestPrivate, "autotestPrivate", 129 APIPermissionInfo::kFlagCannotBeOptional }, 130 { APIPermission::kBookmarkManagerPrivate, "bookmarkManagerPrivate", 131 APIPermissionInfo::kFlagCannotBeOptional }, 132 { APIPermission::kChromeosInfoPrivate, "chromeosInfoPrivate", 133 APIPermissionInfo::kFlagCannotBeOptional }, 134 { APIPermission::kCommandLinePrivate, "commandLinePrivate", 135 APIPermissionInfo::kFlagCannotBeOptional }, 136 { APIPermission::kDeveloperPrivate, "developerPrivate", 137 APIPermissionInfo::kFlagCannotBeOptional }, 138 { APIPermission::kDial, "dial", APIPermissionInfo::kFlagCannotBeOptional }, 139 { APIPermission::kDownloadsInternal, "downloadsInternal" }, 140 { APIPermission::kFileBrowserHandlerInternal, "fileBrowserHandlerInternal", 141 APIPermissionInfo::kFlagCannotBeOptional }, 142 { APIPermission::kFileBrowserPrivate, "fileBrowserPrivate", 143 APIPermissionInfo::kFlagCannotBeOptional }, 144 { APIPermission::kIdentityPrivate, "identityPrivate", 145 APIPermissionInfo::kFlagCannotBeOptional }, 146 { APIPermission::kNetworkingPrivate, "networkingPrivate", 147 APIPermissionInfo::kFlagCannotBeOptional }, 148 { APIPermission::kManagedModePrivate, "managedModePrivate", 149 APIPermissionInfo::kFlagCannotBeOptional }, 150 { APIPermission::kMediaPlayerPrivate, "mediaPlayerPrivate", 151 APIPermissionInfo::kFlagCannotBeOptional }, 152 { APIPermission::kMetricsPrivate, "metricsPrivate", 153 APIPermissionInfo::kFlagCannotBeOptional }, 154 { APIPermission::kSystemPrivate, "systemPrivate", 155 APIPermissionInfo::kFlagCannotBeOptional }, 156 { APIPermission::kCloudPrintPrivate, "cloudPrintPrivate", 157 APIPermissionInfo::kFlagCannotBeOptional }, 158 { APIPermission::kInputMethodPrivate, "inputMethodPrivate", 159 APIPermissionInfo::kFlagCannotBeOptional }, 160 { APIPermission::kEchoPrivate, "echoPrivate", 161 APIPermissionInfo::kFlagCannotBeOptional }, 162 { APIPermission::kRtcPrivate, "rtcPrivate", 163 APIPermissionInfo::kFlagCannotBeOptional }, 164 { APIPermission::kTerminalPrivate, "terminalPrivate", 165 APIPermissionInfo::kFlagCannotBeOptional }, 166 { APIPermission::kWallpaperPrivate, "wallpaperPrivate", 167 APIPermissionInfo::kFlagCannotBeOptional }, 168 { APIPermission::kWebRequestInternal, "webRequestInternal" }, 169 { APIPermission::kWebSocketProxyPrivate, "webSocketProxyPrivate", 170 APIPermissionInfo::kFlagCannotBeOptional }, 171 { APIPermission::kWebstorePrivate, "webstorePrivate", 172 APIPermissionInfo::kFlagCannotBeOptional }, 173 { APIPermission::kMediaGalleriesPrivate, "mediaGalleriesPrivate", 174 APIPermissionInfo::kFlagCannotBeOptional }, 175 { APIPermission::kStreamsPrivate, "streamsPrivate", 176 APIPermissionInfo::kFlagCannotBeOptional }, 177 { APIPermission::kEnterprisePlatformKeysPrivate, 178 "enterprise.platformKeysPrivate", 179 APIPermissionInfo::kFlagCannotBeOptional }, 180 181 // Full url access permissions. 182 { APIPermission::kDebugger, "debugger", 183 APIPermissionInfo::kFlagImpliesFullURLAccess | 184 APIPermissionInfo::kFlagCannotBeOptional, 185 IDS_EXTENSION_PROMPT_WARNING_DEBUGGER, 186 PermissionMessage::kDebugger }, 187 { APIPermission::kDevtools, "devtools", 188 APIPermissionInfo::kFlagImpliesFullURLAccess | 189 APIPermissionInfo::kFlagCannotBeOptional }, 190 { APIPermission::kPageCapture, "pageCapture", 191 APIPermissionInfo::kFlagImpliesFullURLAccess }, 192 { APIPermission::kTabCapture, "tabCapture", 193 APIPermissionInfo::kFlagImpliesFullURLAccess }, 194 { APIPermission::kPlugin, "plugin", 195 APIPermissionInfo::kFlagImpliesFullURLAccess | 196 APIPermissionInfo::kFlagImpliesFullAccess | 197 APIPermissionInfo::kFlagCannotBeOptional, 198 IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS, 199 PermissionMessage::kFullAccess }, 200 { APIPermission::kProxy, "proxy", 201 APIPermissionInfo::kFlagImpliesFullURLAccess | 202 APIPermissionInfo::kFlagCannotBeOptional }, 203 204 // Platform-app permissions. 205 { APIPermission::kSerial, "serial", APIPermissionInfo::kFlagNone, 206 IDS_EXTENSION_PROMPT_WARNING_SERIAL, 207 PermissionMessage::kSerial }, 208 // Because warning messages for the "socket" permission vary based on the 209 // permissions parameters, no message ID or message text is specified here. 210 // The message ID and text used will be determined at run-time in the 211 // |SocketPermission| class. 212 { APIPermission::kSocket, "socket", 213 APIPermissionInfo::kFlagCannotBeOptional, 0, 214 PermissionMessage::kNone, &CreateAPIPermission<SocketPermission> }, 215 { APIPermission::kAppCurrentWindowInternal, "app.currentWindowInternal" }, 216 { APIPermission::kAppRuntime, "app.runtime" }, 217 { APIPermission::kAppWindow, "app.window" }, 218 { APIPermission::kAudioCapture, "audioCapture", 219 APIPermissionInfo::kFlagNone, 220 IDS_EXTENSION_PROMPT_WARNING_AUDIO_CAPTURE, 221 PermissionMessage::kAudioCapture }, 222 { APIPermission::kVideoCapture, "videoCapture", 223 APIPermissionInfo::kFlagNone, 224 IDS_EXTENSION_PROMPT_WARNING_VIDEO_CAPTURE, 225 PermissionMessage::kVideoCapture }, 226 // The permission string for "fileSystem" is only shown when "write" is 227 // present. Read-only access is only granted after the user has been shown 228 // a file chooser dialog and selected a file. Selecting the file is 229 // considered consent to read it. 230 { APIPermission::kFileSystem, "fileSystem" }, 231 { APIPermission::kFileSystemRetainFiles, "fileSystem.retainFiles" }, 232 { APIPermission::kFileSystemWrite, "fileSystem.write", 233 APIPermissionInfo::kFlagNone, 234 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE, 235 PermissionMessage::kFileSystemWrite }, 236 // Because warning messages for the "mediaGalleries" permission vary based 237 // on the permissions parameters, no message ID or message text is 238 // specified here. 239 // The message ID and text used will be determined at run-time in the 240 // |MediaGalleriesPermission| class. 241 { APIPermission::kMediaGalleries, "mediaGalleries", 242 APIPermissionInfo::kFlagNone, 0, 243 PermissionMessage::kNone, 244 &CreateAPIPermission<MediaGalleriesPermission> }, 245 { APIPermission::kPushMessaging, "pushMessaging", 246 APIPermissionInfo::kFlagCannotBeOptional }, 247 { APIPermission::kBluetooth, "bluetooth", APIPermissionInfo::kFlagNone, 248 IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH, 249 PermissionMessage::kBluetooth }, 250 { APIPermission::kBluetoothDevice, "bluetoothDevices", 251 APIPermissionInfo::kFlagNone, 0, PermissionMessage::kNone, 252 &CreateAPIPermission<BluetoothDevicePermission> }, 253 { APIPermission::kUsb, "usb", APIPermissionInfo::kFlagNone, 254 IDS_EXTENSION_PROMPT_WARNING_USB, 255 PermissionMessage::kUsb }, 256 { APIPermission::kUsbDevice, "usbDevices", 257 APIPermissionInfo::kFlagNone, 0, PermissionMessage::kNone, 258 &CreateAPIPermission<UsbDevicePermission> }, 259 { APIPermission::kSystemIndicator, "systemIndicator", 260 APIPermissionInfo::kFlagNone, 261 IDS_EXTENSION_PROMPT_WARNING_SYSTEM_INDICATOR, 262 PermissionMessage::kSystemIndicator }, 263 { APIPermission::kSystemInfoDisplay, "systemInfo.display" }, 264 { APIPermission::kPointerLock, "pointerLock" }, 265 { APIPermission::kFullscreen, "fullscreen" }, 266 { APIPermission::kAudio, "audio" }, 267 }; 268 269 std::vector<APIPermissionInfo*> permissions; 270 271 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(PermissionsToRegister); ++i) { 272 const PermissionRegistration& pr = PermissionsToRegister[i]; 273 permissions.push_back(new APIPermissionInfo( 274 pr.id, pr.name, pr.l10n_message_id, 275 pr.message_id ? pr.message_id : PermissionMessage::kNone, 276 pr.flags, 277 pr.constructor)); 278 } 279 return permissions; 280} 281 282std::vector<PermissionsInfo::AliasInfo> ChromeAPIPermissions::GetAllAliases() 283 const { 284 // Register aliases. 285 std::vector<PermissionsInfo::AliasInfo> aliases; 286 aliases.push_back(PermissionsInfo::AliasInfo( 287 "unlimitedStorage", kOldUnlimitedStoragePermission)); 288 aliases.push_back(PermissionsInfo::AliasInfo( 289 "tabs", kWindowsPermission)); 290 return aliases; 291} 292 293} // namespace extensions 294