chrome_api_permissions.cc revision a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7
1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/common/extensions/permissions/chrome_api_permissions.h" 6 7#include "chrome/common/extensions/permissions/bluetooth_permission.h" 8#include "chrome/common/extensions/permissions/media_galleries_permission.h" 9#include "chrome/common/extensions/permissions/socket_permission.h" 10#include "chrome/common/extensions/permissions/usb_device_permission.h" 11#include "extensions/common/permissions/api_permission.h" 12#include "extensions/common/permissions/api_permission_set.h" 13#include "extensions/common/permissions/permission_message.h" 14#include "extensions/common/permissions/permissions_info.h" 15#include "grit/generated_resources.h" 16 17namespace extensions { 18 19namespace { 20 21const char kOldUnlimitedStoragePermission[] = "unlimited_storage"; 22const char kWindowsPermission[] = "windows"; 23 24template<typename T> APIPermission* CreateAPIPermission( 25 const APIPermissionInfo* permission) { 26 return new T(permission); 27} 28 29} // namespace 30 31std::vector<APIPermissionInfo*> ChromeAPIPermissions::GetAllPermissions() 32 const { 33 struct PermissionRegistration { 34 APIPermission::ID id; 35 const char* name; 36 int flags; 37 int l10n_message_id; 38 PermissionMessage::ID message_id; 39 APIPermissionInfo::APIPermissionConstructor constructor; 40 } PermissionsToRegister[] = { 41 // Register permissions for all extension types. 42 { APIPermission::kBackground, "background" }, 43 { APIPermission::kClipboardRead, "clipboardRead", 44 APIPermissionInfo::kFlagNone, 45 IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD, 46 PermissionMessage::kClipboard }, 47 { APIPermission::kClipboardWrite, "clipboardWrite" }, 48 { APIPermission::kDeclarativeContent, "declarativeContent" }, 49 { APIPermission::kDeclarativeWebRequest, "declarativeWebRequest", 50 APIPermissionInfo::kFlagNone, 51 IDS_EXTENSION_PROMPT_WARNING_DECLARATIVE_WEB_REQUEST, 52 PermissionMessage::kDeclarativeWebRequest }, 53 { APIPermission::kDesktopCapture, "desktopCapture", 54 APIPermissionInfo::kFlagNone, 55 IDS_EXTENSION_PROMPT_WARNING_DESKTOP_CAPTURE, 56 PermissionMessage::kDesktopCapture }, 57 { APIPermission::kDns, "dns" }, 58 { APIPermission::kDownloads, "downloads", APIPermissionInfo::kFlagNone, 59 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS, 60 PermissionMessage::kDownloads }, 61 { APIPermission::kDownloadsOpen, "downloads.open", 62 APIPermissionInfo::kFlagNone, 63 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS_OPEN, 64 PermissionMessage::kDownloadsOpen }, 65 { APIPermission::kDownloadsShelf, "downloads.shelf" }, 66 { APIPermission::kIdentity, "identity" }, 67 { APIPermission::kExperimental, "experimental", 68 APIPermissionInfo::kFlagCannotBeOptional }, 69 // NOTE(kalman): this is provided by a manifest property but needs to 70 // appear in the install permission dialogue, so we need a fake 71 // permission for it. See http://crbug.com/247857. 72 { APIPermission::kWebConnectable, "webConnectable", 73 APIPermissionInfo::kFlagCannotBeOptional | 74 APIPermissionInfo::kFlagInternal, 75 IDS_EXTENSION_PROMPT_WARNING_WEB_CONNECTABLE, 76 PermissionMessage::kWebConnectable}, 77 { APIPermission::kGeolocation, "geolocation", 78 APIPermissionInfo::kFlagCannotBeOptional, 79 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION, 80 PermissionMessage::kGeolocation }, 81 { APIPermission::kNotification, "notifications" }, 82 { APIPermission::kUnlimitedStorage, "unlimitedStorage", 83 APIPermissionInfo::kFlagCannotBeOptional }, 84 { APIPermission::kGcm, "gcm" }, 85 86 // Register extension permissions. 87 { APIPermission::kActiveTab, "activeTab" }, 88 { APIPermission::kAdView, "adview" }, 89 { APIPermission::kAlarms, "alarms" }, 90 { APIPermission::kBookmark, "bookmarks", APIPermissionInfo::kFlagNone, 91 IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS, 92 PermissionMessage::kBookmarks }, 93 { APIPermission::kBrailleDisplayPrivate, "brailleDisplayPrivate", 94 APIPermissionInfo::kFlagCannotBeOptional }, 95 { APIPermission::kBrowsingData, "browsingData" }, 96 { APIPermission::kContentSettings, "contentSettings", 97 APIPermissionInfo::kFlagNone, 98 IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS, 99 PermissionMessage::kContentSettings }, 100 { APIPermission::kContextMenus, "contextMenus" }, 101 { APIPermission::kCookie, "cookies" }, 102 { APIPermission::kFileBrowserHandler, "fileBrowserHandler", 103 APIPermissionInfo::kFlagCannotBeOptional }, 104 { APIPermission::kFontSettings, "fontSettings", 105 APIPermissionInfo::kFlagCannotBeOptional }, 106 { APIPermission::kHistory, "history", APIPermissionInfo::kFlagNone, 107 IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY, 108 PermissionMessage::kBrowsingHistory }, 109 { APIPermission::kIdltest, "idltest" }, 110 { APIPermission::kIdle, "idle" }, 111 { APIPermission::kInfobars, "infobars" }, 112 { APIPermission::kInput, "input", APIPermissionInfo::kFlagNone, 113 IDS_EXTENSION_PROMPT_WARNING_INPUT, 114 PermissionMessage::kInput }, 115 { APIPermission::kLocation, "location", 116 APIPermissionInfo::kFlagCannotBeOptional, 117 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION, 118 PermissionMessage::kGeolocation }, 119 { APIPermission::kManagement, "management", APIPermissionInfo::kFlagNone, 120 IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT, 121 PermissionMessage::kManagement }, 122 { APIPermission::kNativeMessaging, "nativeMessaging", 123 APIPermissionInfo::kFlagNone, 124 IDS_EXTENSION_PROMPT_WARNING_NATIVE_MESSAGING, 125 PermissionMessage::kNativeMessaging }, 126 { APIPermission::kPower, "power", }, 127 { APIPermission::kPrivacy, "privacy", APIPermissionInfo::kFlagNone, 128 IDS_EXTENSION_PROMPT_WARNING_PRIVACY, 129 PermissionMessage::kPrivacy }, 130 { APIPermission::kProcesses, "processes", APIPermissionInfo::kFlagNone, 131 IDS_EXTENSION_PROMPT_WARNING_TABS, 132 PermissionMessage::kTabs }, 133 { APIPermission::kSessions, "sessions" }, 134 { APIPermission::kSignedInDevices, "signedInDevices", 135 APIPermissionInfo::kFlagNone, 136 IDS_EXTENSION_PROMPT_WARNING_SIGNED_IN_DEVICES, 137 PermissionMessage::kSignedInDevices }, 138 { APIPermission::kStorage, "storage" }, 139 { APIPermission::kSyncFileSystem, "syncFileSystem", 140 APIPermissionInfo::kFlagNone, 141 IDS_EXTENSION_PROMPT_WARNING_SYNCFILESYSTEM, 142 PermissionMessage::kSyncFileSystem }, 143 { APIPermission::kTab, "tabs", APIPermissionInfo::kFlagNone, 144 IDS_EXTENSION_PROMPT_WARNING_TABS, 145 PermissionMessage::kTabs }, 146 { APIPermission::kTopSites, "topSites", APIPermissionInfo::kFlagNone, 147 IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY, 148 PermissionMessage::kBrowsingHistory }, 149 { APIPermission::kTts, "tts", 0, APIPermissionInfo::kFlagCannotBeOptional }, 150 { APIPermission::kTtsEngine, "ttsEngine", 151 APIPermissionInfo::kFlagCannotBeOptional, 152 IDS_EXTENSION_PROMPT_WARNING_TTS_ENGINE, 153 PermissionMessage::kTtsEngine }, 154 { APIPermission::kWallpaper, "wallpaper", 155 APIPermissionInfo::kFlagCannotBeOptional, 156 IDS_EXTENSION_PROMPT_WARNING_WALLPAPER, 157 PermissionMessage::kWallpaper }, 158 { APIPermission::kWebNavigation, "webNavigation", 159 APIPermissionInfo::kFlagNone, 160 IDS_EXTENSION_PROMPT_WARNING_TABS, PermissionMessage::kTabs }, 161 { APIPermission::kWebRequest, "webRequest" }, 162 { APIPermission::kWebRequestBlocking, "webRequestBlocking" }, 163 { APIPermission::kWebView, "webview", 164 APIPermissionInfo::kFlagCannotBeOptional }, 165 166 // Register private permissions. 167 { APIPermission::kScreenlockPrivate, "screenlockPrivate", 168 APIPermissionInfo::kFlagCannotBeOptional, 169 IDS_EXTENSION_PROMPT_WARNING_SCREENLOCK_PRIVATE, 170 PermissionMessage::kScreenlockPrivate }, 171 { APIPermission::kActivityLogPrivate, "activityLogPrivate", 172 APIPermissionInfo::kFlagCannotBeOptional, 173 IDS_EXTENSION_PROMPT_WARNING_ACTIVITY_LOG_PRIVATE, 174 PermissionMessage::kActivityLogPrivate }, 175 { APIPermission::kAutoTestPrivate, "autotestPrivate", 176 APIPermissionInfo::kFlagCannotBeOptional }, 177 { APIPermission::kBookmarkManagerPrivate, "bookmarkManagerPrivate", 178 APIPermissionInfo::kFlagCannotBeOptional }, 179 { APIPermission::kCast, "cast", 180 APIPermissionInfo::kFlagCannotBeOptional }, 181 { APIPermission::kChromeosInfoPrivate, "chromeosInfoPrivate", 182 APIPermissionInfo::kFlagCannotBeOptional }, 183 { APIPermission::kCommandLinePrivate, "commandLinePrivate", 184 APIPermissionInfo::kFlagCannotBeOptional }, 185 { APIPermission::kDeveloperPrivate, "developerPrivate", 186 APIPermissionInfo::kFlagCannotBeOptional }, 187 { APIPermission::kDiagnostics, "diagnostics", 188 APIPermissionInfo::kFlagCannotBeOptional }, 189 { APIPermission::kDial, "dial", APIPermissionInfo::kFlagCannotBeOptional }, 190 { APIPermission::kDownloadsInternal, "downloadsInternal" }, 191 { APIPermission::kFileBrowserHandlerInternal, "fileBrowserHandlerInternal", 192 APIPermissionInfo::kFlagCannotBeOptional }, 193 { APIPermission::kFileBrowserPrivate, "fileBrowserPrivate", 194 APIPermissionInfo::kFlagCannotBeOptional }, 195 { APIPermission::kIdentityPrivate, "identityPrivate", 196 APIPermissionInfo::kFlagCannotBeOptional }, 197 { APIPermission::kLogPrivate, "logPrivate"}, 198 { APIPermission::kNetworkingPrivate, "networkingPrivate", 199 APIPermissionInfo::kFlagCannotBeOptional, 200 IDS_EXTENSION_PROMPT_WARNING_NETWORKING_PRIVATE, 201 PermissionMessage::kNetworkingPrivate }, 202 { APIPermission::kMediaPlayerPrivate, "mediaPlayerPrivate", 203 APIPermissionInfo::kFlagCannotBeOptional }, 204 { APIPermission::kMetricsPrivate, "metricsPrivate", 205 APIPermissionInfo::kFlagCannotBeOptional }, 206 { APIPermission::kMDns, "mdns", APIPermissionInfo::kFlagCannotBeOptional }, 207 { APIPermission::kMusicManagerPrivate, "musicManagerPrivate", 208 APIPermissionInfo::kFlagCannotBeOptional, 209 IDS_EXTENSION_PROMPT_WARNING_MUSIC_MANAGER_PRIVATE, 210 PermissionMessage::kMusicManagerPrivate }, 211 { APIPermission::kPreferencesPrivate, "preferencesPrivate", 212 APIPermissionInfo::kFlagCannotBeOptional }, 213 { APIPermission::kSystemPrivate, "systemPrivate", 214 APIPermissionInfo::kFlagCannotBeOptional }, 215 { APIPermission::kCloudPrintPrivate, "cloudPrintPrivate", 216 APIPermissionInfo::kFlagCannotBeOptional }, 217 { APIPermission::kInputMethodPrivate, "inputMethodPrivate", 218 APIPermissionInfo::kFlagCannotBeOptional }, 219 { APIPermission::kEchoPrivate, "echoPrivate", 220 APIPermissionInfo::kFlagCannotBeOptional }, 221 { APIPermission::kFeedbackPrivate, "feedbackPrivate", 222 APIPermissionInfo::kFlagCannotBeOptional }, 223 { APIPermission::kImageWriterPrivate, "imageWriterPrivate", 224 APIPermissionInfo::kFlagCannotBeOptional }, 225 { APIPermission::kRtcPrivate, "rtcPrivate", 226 APIPermissionInfo::kFlagCannotBeOptional }, 227 { APIPermission::kTerminalPrivate, "terminalPrivate", 228 APIPermissionInfo::kFlagCannotBeOptional }, 229 { APIPermission::kVirtualKeyboardPrivate, "virtualKeyboardPrivate", 230 APIPermissionInfo::kFlagCannotBeOptional }, 231 { APIPermission::kWallpaperPrivate, "wallpaperPrivate", 232 APIPermissionInfo::kFlagCannotBeOptional }, 233 { APIPermission::kWebRequestInternal, "webRequestInternal" }, 234 { APIPermission::kWebstorePrivate, "webstorePrivate", 235 APIPermissionInfo::kFlagCannotBeOptional }, 236 { APIPermission::kMediaGalleriesPrivate, "mediaGalleriesPrivate", 237 APIPermissionInfo::kFlagCannotBeOptional }, 238 { APIPermission::kStreamsPrivate, "streamsPrivate", 239 APIPermissionInfo::kFlagCannotBeOptional }, 240 { APIPermission::kEnterprisePlatformKeysPrivate, 241 "enterprise.platformKeysPrivate", 242 APIPermissionInfo::kFlagCannotBeOptional }, 243 { APIPermission::kWebrtcAudioPrivate, "webrtcAudioPrivate", 244 APIPermissionInfo::kFlagCannotBeOptional }, 245 { APIPermission::kWebrtcLoggingPrivate, "webrtcLoggingPrivate", 246 APIPermissionInfo::kFlagCannotBeOptional }, 247 { APIPermission::kPrincipalsPrivate, "principalsPrivate", 248 APIPermissionInfo::kFlagCannotBeOptional }, 249 { APIPermission::kFirstRunPrivate, "firstRunPrivate", 250 APIPermissionInfo::kFlagCannotBeOptional}, 251 252 // Full url access permissions. 253 { APIPermission::kDebugger, "debugger", 254 APIPermissionInfo::kFlagImpliesFullURLAccess | 255 APIPermissionInfo::kFlagCannotBeOptional, 256 IDS_EXTENSION_PROMPT_WARNING_DEBUGGER, 257 PermissionMessage::kDebugger }, 258 { APIPermission::kDevtools, "devtools", 259 APIPermissionInfo::kFlagImpliesFullURLAccess | 260 APIPermissionInfo::kFlagCannotBeOptional | 261 APIPermissionInfo::kFlagInternal }, 262 { APIPermission::kPageCapture, "pageCapture", 263 APIPermissionInfo::kFlagImpliesFullURLAccess }, 264 { APIPermission::kTabCapture, "tabCapture", 265 APIPermissionInfo::kFlagImpliesFullURLAccess }, 266 { APIPermission::kTabCaptureForTab, "tabCaptureForTab", 267 APIPermissionInfo::kFlagInternal }, 268 { APIPermission::kPlugin, "plugin", 269 APIPermissionInfo::kFlagImpliesFullURLAccess | 270 APIPermissionInfo::kFlagImpliesFullAccess | 271 APIPermissionInfo::kFlagCannotBeOptional | 272 APIPermissionInfo::kFlagInternal, 273 IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS, 274 PermissionMessage::kFullAccess }, 275 { APIPermission::kProxy, "proxy", 276 APIPermissionInfo::kFlagImpliesFullURLAccess | 277 APIPermissionInfo::kFlagCannotBeOptional }, 278 279 // Platform-app permissions. 280 { APIPermission::kSerial, "serial", APIPermissionInfo::kFlagNone, 281 IDS_EXTENSION_PROMPT_WARNING_SERIAL, 282 PermissionMessage::kSerial }, 283 // Because warning messages for the "socket" permission vary based on the 284 // permissions parameters, no message ID or message text is specified here. 285 // The message ID and text used will be determined at run-time in the 286 // |SocketPermission| class. 287 { APIPermission::kSocket, "socket", 288 APIPermissionInfo::kFlagCannotBeOptional, 0, 289 PermissionMessage::kNone, &CreateAPIPermission<SocketPermission> }, 290 { APIPermission::kSocketsUdp, "sockets.udp" }, 291 { APIPermission::kAppCurrentWindowInternal, "app.currentWindowInternal" }, 292 { APIPermission::kAppRuntime, "app.runtime" }, 293 { APIPermission::kAppWindow, "app.window" }, 294 { APIPermission::kAlwaysOnTopWindows, "alwaysOnTopWindows" }, 295 { APIPermission::kAudioCapture, "audioCapture", 296 APIPermissionInfo::kFlagNone, 297 IDS_EXTENSION_PROMPT_WARNING_AUDIO_CAPTURE, 298 PermissionMessage::kAudioCapture }, 299 { APIPermission::kVideoCapture, "videoCapture", 300 APIPermissionInfo::kFlagNone, 301 IDS_EXTENSION_PROMPT_WARNING_VIDEO_CAPTURE, 302 PermissionMessage::kVideoCapture }, 303 // The permission string for "fileSystem" is only shown when "write" or 304 // "directory" is present. Read-only access is only granted after the user 305 // has been shown a file or directory chooser dialog and selected a file or 306 // directory . Selecting the file or directory is considered consent to 307 // read it. 308 { APIPermission::kFileSystem, "fileSystem" }, 309 { APIPermission::kFileSystemDirectory, "fileSystem.directory", 310 APIPermissionInfo::kFlagNone, 311 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_DIRECTORY, 312 PermissionMessage::kFileSystemDirectory }, 313 { APIPermission::kFileSystemProvider, "fileSystemProvider" }, 314 { APIPermission::kFileSystemRetainEntries, "fileSystem.retainEntries" }, 315 { APIPermission::kFileSystemWrite, "fileSystem.write", 316 APIPermissionInfo::kFlagNone, 317 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE, 318 PermissionMessage::kFileSystemWrite }, 319 { APIPermission::kFileSystemWriteDirectory, "fileSystem.writeDirectory", 320 APIPermissionInfo::kFlagNone, 321 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY, 322 PermissionMessage::kFileSystemWriteDirectory }, 323 // Because warning messages for the "mediaGalleries" permission vary based 324 // on the permissions parameters, no message ID or message text is 325 // specified here. 326 // The message ID and text used will be determined at run-time in the 327 // |MediaGalleriesPermission| class. 328 { APIPermission::kMediaGalleries, "mediaGalleries", 329 APIPermissionInfo::kFlagNone, 0, 330 PermissionMessage::kNone, 331 &CreateAPIPermission<MediaGalleriesPermission> }, 332 { APIPermission::kPushMessaging, "pushMessaging", 333 APIPermissionInfo::kFlagCannotBeOptional }, 334 // Because warning messages for the "bluetooth" permission vary based on 335 // the permissions parameters, no message ID or message text is specified 336 // here. The message ID and text used will be determined at run-time in the 337 // |BluetoothPermission| class. 338 { APIPermission::kBluetooth, "bluetooth", APIPermissionInfo::kFlagNone, 339 0, PermissionMessage::kNone, 340 &CreateAPIPermission<BluetoothPermission> }, 341 { APIPermission::kUsb, "usb", APIPermissionInfo::kFlagNone, 342 IDS_EXTENSION_PROMPT_WARNING_USB, 343 PermissionMessage::kUsb }, 344 { APIPermission::kUsbDevice, "usbDevices", 345 APIPermissionInfo::kFlagNone, 0, PermissionMessage::kNone, 346 &CreateAPIPermission<UsbDevicePermission> }, 347 { APIPermission::kSystemIndicator, "systemIndicator", 348 APIPermissionInfo::kFlagNone, 349 IDS_EXTENSION_PROMPT_WARNING_SYSTEM_INDICATOR, 350 PermissionMessage::kSystemIndicator }, 351 { APIPermission::kSystemCpu, "system.cpu" }, 352 { APIPermission::kSystemMemory, "system.memory" }, 353 { APIPermission::kSystemNetwork, "system.network" }, 354 { APIPermission::kSystemDisplay, "system.display" }, 355 { APIPermission::kSystemStorage, "system.storage" }, 356 { APIPermission::kPointerLock, "pointerLock" }, 357 { APIPermission::kFullscreen, "fullscreen" }, 358 { APIPermission::kAudio, "audio" }, 359 { APIPermission::kCastStreaming, "cast.streaming" }, 360 { APIPermission::kOverrideEscFullscreen, "overrideEscFullscreen" }, 361 362 // Settings override permissions. 363 { APIPermission::kHomepage, "homepage", 364 APIPermissionInfo::kFlagCannotBeOptional | 365 APIPermissionInfo::kFlagInternal, 366 IDS_EXTENSION_PROMPT_WARNING_HOME_PAGE_SETTING_OVERRIDE, 367 PermissionMessage::kHomepage }, 368 { APIPermission::kSearchProvider, "searchProvider", 369 APIPermissionInfo::kFlagCannotBeOptional | 370 APIPermissionInfo::kFlagInternal, 371 IDS_EXTENSION_PROMPT_WARNING_SEARCH_SETTINGS_OVERRIDE, 372 PermissionMessage::kSearchProvider }, 373 { APIPermission::kStartupPages, "startupPages", 374 APIPermissionInfo::kFlagCannotBeOptional | 375 APIPermissionInfo::kFlagInternal, 376 IDS_EXTENSION_PROMPT_WARNING_START_PAGE_SETTING_OVERRIDE, 377 PermissionMessage::kStartupPages }, 378 }; 379 380 std::vector<APIPermissionInfo*> permissions; 381 382 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(PermissionsToRegister); ++i) { 383 const PermissionRegistration& pr = PermissionsToRegister[i]; 384 permissions.push_back(new APIPermissionInfo( 385 pr.id, pr.name, pr.l10n_message_id, 386 pr.message_id ? pr.message_id : PermissionMessage::kNone, 387 pr.flags, 388 pr.constructor)); 389 } 390 return permissions; 391} 392 393std::vector<PermissionsProvider::AliasInfo> 394ChromeAPIPermissions::GetAllAliases() const { 395 // Register aliases. 396 std::vector<PermissionsProvider::AliasInfo> aliases; 397 aliases.push_back(PermissionsProvider::AliasInfo( 398 "unlimitedStorage", kOldUnlimitedStoragePermission)); 399 aliases.push_back(PermissionsProvider::AliasInfo( 400 "tabs", kWindowsPermission)); 401 return aliases; 402} 403 404} // namespace extensions 405