chrome_api_permissions.cc revision a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7 
1// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/common/extensions/permissions/chrome_api_permissions.h"
6
7#include "chrome/common/extensions/permissions/bluetooth_permission.h"
8#include "chrome/common/extensions/permissions/media_galleries_permission.h"
9#include "chrome/common/extensions/permissions/socket_permission.h"
10#include "chrome/common/extensions/permissions/usb_device_permission.h"
11#include "extensions/common/permissions/api_permission.h"
12#include "extensions/common/permissions/api_permission_set.h"
13#include "extensions/common/permissions/permission_message.h"
14#include "extensions/common/permissions/permissions_info.h"
15#include "grit/generated_resources.h"
16
17namespace extensions {
18
19namespace {
20
21const char kOldUnlimitedStoragePermission[] = "unlimited_storage";
22const char kWindowsPermission[] = "windows";
23
24template<typename T> APIPermission* CreateAPIPermission(
25    const APIPermissionInfo* permission) {
26  return new T(permission);
27}
28
29}  // namespace
30
31std::vector<APIPermissionInfo*> ChromeAPIPermissions::GetAllPermissions()
32    const {
33  struct PermissionRegistration {
34    APIPermission::ID id;
35    const char* name;
36    int flags;
37    int l10n_message_id;
38    PermissionMessage::ID message_id;
39    APIPermissionInfo::APIPermissionConstructor constructor;
40  } PermissionsToRegister[] = {
41    // Register permissions for all extension types.
42    { APIPermission::kBackground, "background" },
43    { APIPermission::kClipboardRead, "clipboardRead",
44      APIPermissionInfo::kFlagNone,
45      IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD,
46      PermissionMessage::kClipboard },
47    { APIPermission::kClipboardWrite, "clipboardWrite" },
48    { APIPermission::kDeclarativeContent, "declarativeContent" },
49    { APIPermission::kDeclarativeWebRequest, "declarativeWebRequest",
50      APIPermissionInfo::kFlagNone,
51      IDS_EXTENSION_PROMPT_WARNING_DECLARATIVE_WEB_REQUEST,
52      PermissionMessage::kDeclarativeWebRequest },
53    { APIPermission::kDesktopCapture, "desktopCapture",
54      APIPermissionInfo::kFlagNone,
55      IDS_EXTENSION_PROMPT_WARNING_DESKTOP_CAPTURE,
56      PermissionMessage::kDesktopCapture },
57    { APIPermission::kDns, "dns" },
58    { APIPermission::kDownloads, "downloads", APIPermissionInfo::kFlagNone,
59      IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS,
60      PermissionMessage::kDownloads },
61    { APIPermission::kDownloadsOpen, "downloads.open",
62      APIPermissionInfo::kFlagNone,
63      IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS_OPEN,
64      PermissionMessage::kDownloadsOpen },
65    { APIPermission::kDownloadsShelf, "downloads.shelf" },
66    { APIPermission::kIdentity, "identity" },
67    { APIPermission::kExperimental, "experimental",
68      APIPermissionInfo::kFlagCannotBeOptional },
69      // NOTE(kalman): this is provided by a manifest property but needs to
70      // appear in the install permission dialogue, so we need a fake
71      // permission for it. See http://crbug.com/247857.
72    { APIPermission::kWebConnectable, "webConnectable",
73      APIPermissionInfo::kFlagCannotBeOptional |
74      APIPermissionInfo::kFlagInternal,
75      IDS_EXTENSION_PROMPT_WARNING_WEB_CONNECTABLE,
76      PermissionMessage::kWebConnectable},
77    { APIPermission::kGeolocation, "geolocation",
78      APIPermissionInfo::kFlagCannotBeOptional,
79      IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
80      PermissionMessage::kGeolocation },
81    { APIPermission::kNotification, "notifications" },
82    { APIPermission::kUnlimitedStorage, "unlimitedStorage",
83      APIPermissionInfo::kFlagCannotBeOptional },
84    { APIPermission::kGcm, "gcm" },
85
86    // Register extension permissions.
87    { APIPermission::kActiveTab, "activeTab" },
88    { APIPermission::kAdView, "adview" },
89    { APIPermission::kAlarms, "alarms" },
90    { APIPermission::kBookmark, "bookmarks", APIPermissionInfo::kFlagNone,
91      IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS,
92      PermissionMessage::kBookmarks },
93    { APIPermission::kBrailleDisplayPrivate, "brailleDisplayPrivate",
94      APIPermissionInfo::kFlagCannotBeOptional },
95    { APIPermission::kBrowsingData, "browsingData" },
96    { APIPermission::kContentSettings, "contentSettings",
97      APIPermissionInfo::kFlagNone,
98      IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS,
99      PermissionMessage::kContentSettings },
100    { APIPermission::kContextMenus, "contextMenus" },
101    { APIPermission::kCookie, "cookies" },
102    { APIPermission::kFileBrowserHandler, "fileBrowserHandler",
103      APIPermissionInfo::kFlagCannotBeOptional },
104    { APIPermission::kFontSettings, "fontSettings",
105      APIPermissionInfo::kFlagCannotBeOptional },
106    { APIPermission::kHistory, "history", APIPermissionInfo::kFlagNone,
107      IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY,
108      PermissionMessage::kBrowsingHistory },
109    { APIPermission::kIdltest, "idltest" },
110    { APIPermission::kIdle, "idle" },
111    { APIPermission::kInfobars, "infobars" },
112    { APIPermission::kInput, "input", APIPermissionInfo::kFlagNone,
113      IDS_EXTENSION_PROMPT_WARNING_INPUT,
114      PermissionMessage::kInput },
115    { APIPermission::kLocation, "location",
116      APIPermissionInfo::kFlagCannotBeOptional,
117      IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
118      PermissionMessage::kGeolocation },
119    { APIPermission::kManagement, "management", APIPermissionInfo::kFlagNone,
120      IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT,
121      PermissionMessage::kManagement },
122    { APIPermission::kNativeMessaging, "nativeMessaging",
123      APIPermissionInfo::kFlagNone,
124      IDS_EXTENSION_PROMPT_WARNING_NATIVE_MESSAGING,
125      PermissionMessage::kNativeMessaging },
126    { APIPermission::kPower, "power", },
127    { APIPermission::kPrivacy, "privacy", APIPermissionInfo::kFlagNone,
128      IDS_EXTENSION_PROMPT_WARNING_PRIVACY,
129      PermissionMessage::kPrivacy },
130    { APIPermission::kProcesses, "processes", APIPermissionInfo::kFlagNone,
131      IDS_EXTENSION_PROMPT_WARNING_TABS,
132      PermissionMessage::kTabs },
133    { APIPermission::kSessions, "sessions" },
134    { APIPermission::kSignedInDevices, "signedInDevices",
135      APIPermissionInfo::kFlagNone,
136      IDS_EXTENSION_PROMPT_WARNING_SIGNED_IN_DEVICES,
137      PermissionMessage::kSignedInDevices },
138    { APIPermission::kStorage, "storage" },
139    { APIPermission::kSyncFileSystem, "syncFileSystem",
140      APIPermissionInfo::kFlagNone,
141      IDS_EXTENSION_PROMPT_WARNING_SYNCFILESYSTEM,
142      PermissionMessage::kSyncFileSystem },
143    { APIPermission::kTab, "tabs", APIPermissionInfo::kFlagNone,
144      IDS_EXTENSION_PROMPT_WARNING_TABS,
145      PermissionMessage::kTabs },
146    { APIPermission::kTopSites, "topSites", APIPermissionInfo::kFlagNone,
147      IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY,
148      PermissionMessage::kBrowsingHistory },
149    { APIPermission::kTts, "tts", 0, APIPermissionInfo::kFlagCannotBeOptional },
150    { APIPermission::kTtsEngine, "ttsEngine",
151      APIPermissionInfo::kFlagCannotBeOptional,
152      IDS_EXTENSION_PROMPT_WARNING_TTS_ENGINE,
153      PermissionMessage::kTtsEngine },
154    { APIPermission::kWallpaper, "wallpaper",
155      APIPermissionInfo::kFlagCannotBeOptional,
156      IDS_EXTENSION_PROMPT_WARNING_WALLPAPER,
157      PermissionMessage::kWallpaper },
158    { APIPermission::kWebNavigation, "webNavigation",
159      APIPermissionInfo::kFlagNone,
160      IDS_EXTENSION_PROMPT_WARNING_TABS, PermissionMessage::kTabs },
161    { APIPermission::kWebRequest, "webRequest" },
162    { APIPermission::kWebRequestBlocking, "webRequestBlocking" },
163    { APIPermission::kWebView, "webview",
164      APIPermissionInfo::kFlagCannotBeOptional },
165
166    // Register private permissions.
167    { APIPermission::kScreenlockPrivate, "screenlockPrivate",
168      APIPermissionInfo::kFlagCannotBeOptional,
169      IDS_EXTENSION_PROMPT_WARNING_SCREENLOCK_PRIVATE,
170      PermissionMessage::kScreenlockPrivate },
171    { APIPermission::kActivityLogPrivate, "activityLogPrivate",
172      APIPermissionInfo::kFlagCannotBeOptional,
173      IDS_EXTENSION_PROMPT_WARNING_ACTIVITY_LOG_PRIVATE,
174      PermissionMessage::kActivityLogPrivate },
175    { APIPermission::kAutoTestPrivate, "autotestPrivate",
176      APIPermissionInfo::kFlagCannotBeOptional },
177    { APIPermission::kBookmarkManagerPrivate, "bookmarkManagerPrivate",
178      APIPermissionInfo::kFlagCannotBeOptional },
179    { APIPermission::kCast, "cast",
180      APIPermissionInfo::kFlagCannotBeOptional },
181    { APIPermission::kChromeosInfoPrivate, "chromeosInfoPrivate",
182      APIPermissionInfo::kFlagCannotBeOptional },
183    { APIPermission::kCommandLinePrivate, "commandLinePrivate",
184      APIPermissionInfo::kFlagCannotBeOptional },
185    { APIPermission::kDeveloperPrivate, "developerPrivate",
186      APIPermissionInfo::kFlagCannotBeOptional },
187    { APIPermission::kDiagnostics, "diagnostics",
188      APIPermissionInfo::kFlagCannotBeOptional },
189    { APIPermission::kDial, "dial", APIPermissionInfo::kFlagCannotBeOptional },
190    { APIPermission::kDownloadsInternal, "downloadsInternal" },
191    { APIPermission::kFileBrowserHandlerInternal, "fileBrowserHandlerInternal",
192      APIPermissionInfo::kFlagCannotBeOptional },
193    { APIPermission::kFileBrowserPrivate, "fileBrowserPrivate",
194      APIPermissionInfo::kFlagCannotBeOptional },
195    { APIPermission::kIdentityPrivate, "identityPrivate",
196      APIPermissionInfo::kFlagCannotBeOptional },
197    { APIPermission::kLogPrivate, "logPrivate"},
198    { APIPermission::kNetworkingPrivate, "networkingPrivate",
199      APIPermissionInfo::kFlagCannotBeOptional,
200      IDS_EXTENSION_PROMPT_WARNING_NETWORKING_PRIVATE,
201      PermissionMessage::kNetworkingPrivate },
202    { APIPermission::kMediaPlayerPrivate, "mediaPlayerPrivate",
203      APIPermissionInfo::kFlagCannotBeOptional },
204    { APIPermission::kMetricsPrivate, "metricsPrivate",
205      APIPermissionInfo::kFlagCannotBeOptional },
206    { APIPermission::kMDns, "mdns", APIPermissionInfo::kFlagCannotBeOptional },
207    { APIPermission::kMusicManagerPrivate, "musicManagerPrivate",
208      APIPermissionInfo::kFlagCannotBeOptional,
209      IDS_EXTENSION_PROMPT_WARNING_MUSIC_MANAGER_PRIVATE,
210      PermissionMessage::kMusicManagerPrivate },
211    { APIPermission::kPreferencesPrivate, "preferencesPrivate",
212      APIPermissionInfo::kFlagCannotBeOptional },
213    { APIPermission::kSystemPrivate, "systemPrivate",
214      APIPermissionInfo::kFlagCannotBeOptional },
215    { APIPermission::kCloudPrintPrivate, "cloudPrintPrivate",
216      APIPermissionInfo::kFlagCannotBeOptional },
217    { APIPermission::kInputMethodPrivate, "inputMethodPrivate",
218      APIPermissionInfo::kFlagCannotBeOptional },
219    { APIPermission::kEchoPrivate, "echoPrivate",
220      APIPermissionInfo::kFlagCannotBeOptional },
221    { APIPermission::kFeedbackPrivate, "feedbackPrivate",
222      APIPermissionInfo::kFlagCannotBeOptional },
223    { APIPermission::kImageWriterPrivate, "imageWriterPrivate",
224      APIPermissionInfo::kFlagCannotBeOptional },
225    { APIPermission::kRtcPrivate, "rtcPrivate",
226      APIPermissionInfo::kFlagCannotBeOptional },
227    { APIPermission::kTerminalPrivate, "terminalPrivate",
228      APIPermissionInfo::kFlagCannotBeOptional },
229    { APIPermission::kVirtualKeyboardPrivate, "virtualKeyboardPrivate",
230      APIPermissionInfo::kFlagCannotBeOptional },
231    { APIPermission::kWallpaperPrivate, "wallpaperPrivate",
232      APIPermissionInfo::kFlagCannotBeOptional },
233    { APIPermission::kWebRequestInternal, "webRequestInternal" },
234    { APIPermission::kWebstorePrivate, "webstorePrivate",
235      APIPermissionInfo::kFlagCannotBeOptional },
236    { APIPermission::kMediaGalleriesPrivate, "mediaGalleriesPrivate",
237      APIPermissionInfo::kFlagCannotBeOptional },
238    { APIPermission::kStreamsPrivate, "streamsPrivate",
239      APIPermissionInfo::kFlagCannotBeOptional },
240    { APIPermission::kEnterprisePlatformKeysPrivate,
241      "enterprise.platformKeysPrivate",
242      APIPermissionInfo::kFlagCannotBeOptional },
243    { APIPermission::kWebrtcAudioPrivate, "webrtcAudioPrivate",
244      APIPermissionInfo::kFlagCannotBeOptional },
245    { APIPermission::kWebrtcLoggingPrivate, "webrtcLoggingPrivate",
246      APIPermissionInfo::kFlagCannotBeOptional },
247    { APIPermission::kPrincipalsPrivate, "principalsPrivate",
248      APIPermissionInfo::kFlagCannotBeOptional },
249    { APIPermission::kFirstRunPrivate, "firstRunPrivate",
250      APIPermissionInfo::kFlagCannotBeOptional},
251
252    // Full url access permissions.
253    { APIPermission::kDebugger, "debugger",
254      APIPermissionInfo::kFlagImpliesFullURLAccess |
255          APIPermissionInfo::kFlagCannotBeOptional,
256      IDS_EXTENSION_PROMPT_WARNING_DEBUGGER,
257      PermissionMessage::kDebugger },
258    { APIPermission::kDevtools, "devtools",
259      APIPermissionInfo::kFlagImpliesFullURLAccess |
260      APIPermissionInfo::kFlagCannotBeOptional |
261      APIPermissionInfo::kFlagInternal },
262    { APIPermission::kPageCapture, "pageCapture",
263      APIPermissionInfo::kFlagImpliesFullURLAccess },
264    { APIPermission::kTabCapture, "tabCapture",
265      APIPermissionInfo::kFlagImpliesFullURLAccess },
266    { APIPermission::kTabCaptureForTab, "tabCaptureForTab",
267      APIPermissionInfo::kFlagInternal },
268    { APIPermission::kPlugin, "plugin",
269      APIPermissionInfo::kFlagImpliesFullURLAccess |
270      APIPermissionInfo::kFlagImpliesFullAccess |
271      APIPermissionInfo::kFlagCannotBeOptional |
272      APIPermissionInfo::kFlagInternal,
273      IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS,
274      PermissionMessage::kFullAccess },
275    { APIPermission::kProxy, "proxy",
276      APIPermissionInfo::kFlagImpliesFullURLAccess |
277          APIPermissionInfo::kFlagCannotBeOptional },
278
279    // Platform-app permissions.
280    { APIPermission::kSerial, "serial", APIPermissionInfo::kFlagNone,
281      IDS_EXTENSION_PROMPT_WARNING_SERIAL,
282      PermissionMessage::kSerial },
283    // Because warning messages for the "socket" permission vary based on the
284    // permissions parameters, no message ID or message text is specified here.
285    // The message ID and text used will be determined at run-time in the
286    // |SocketPermission| class.
287    { APIPermission::kSocket, "socket",
288      APIPermissionInfo::kFlagCannotBeOptional, 0,
289      PermissionMessage::kNone, &CreateAPIPermission<SocketPermission> },
290    { APIPermission::kSocketsUdp, "sockets.udp" },
291    { APIPermission::kAppCurrentWindowInternal, "app.currentWindowInternal" },
292    { APIPermission::kAppRuntime, "app.runtime" },
293    { APIPermission::kAppWindow, "app.window" },
294    { APIPermission::kAlwaysOnTopWindows, "alwaysOnTopWindows" },
295    { APIPermission::kAudioCapture, "audioCapture",
296      APIPermissionInfo::kFlagNone,
297      IDS_EXTENSION_PROMPT_WARNING_AUDIO_CAPTURE,
298      PermissionMessage::kAudioCapture },
299    { APIPermission::kVideoCapture, "videoCapture",
300      APIPermissionInfo::kFlagNone,
301      IDS_EXTENSION_PROMPT_WARNING_VIDEO_CAPTURE,
302      PermissionMessage::kVideoCapture },
303    // The permission string for "fileSystem" is only shown when "write" or
304    // "directory" is present. Read-only access is only granted after the user
305    // has been shown a file or directory  chooser dialog and selected a file or
306    // directory . Selecting the file or directory  is considered consent to
307    // read it.
308    { APIPermission::kFileSystem, "fileSystem" },
309    { APIPermission::kFileSystemDirectory, "fileSystem.directory",
310      APIPermissionInfo::kFlagNone,
311      IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_DIRECTORY,
312      PermissionMessage::kFileSystemDirectory },
313    { APIPermission::kFileSystemProvider, "fileSystemProvider" },
314    { APIPermission::kFileSystemRetainEntries, "fileSystem.retainEntries" },
315    { APIPermission::kFileSystemWrite, "fileSystem.write",
316      APIPermissionInfo::kFlagNone,
317      IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE,
318      PermissionMessage::kFileSystemWrite },
319    { APIPermission::kFileSystemWriteDirectory, "fileSystem.writeDirectory",
320      APIPermissionInfo::kFlagNone,
321      IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY,
322      PermissionMessage::kFileSystemWriteDirectory },
323    // Because warning messages for the "mediaGalleries" permission vary based
324    // on the permissions parameters, no message ID or message text is
325    // specified here.
326    // The message ID and text used will be determined at run-time in the
327    // |MediaGalleriesPermission| class.
328    { APIPermission::kMediaGalleries, "mediaGalleries",
329      APIPermissionInfo::kFlagNone, 0,
330      PermissionMessage::kNone,
331      &CreateAPIPermission<MediaGalleriesPermission> },
332    { APIPermission::kPushMessaging, "pushMessaging",
333      APIPermissionInfo::kFlagCannotBeOptional },
334    // Because warning messages for the "bluetooth" permission vary based on
335    // the permissions parameters, no message ID or message text is specified
336    // here. The message ID and text used will be determined at run-time in the
337    // |BluetoothPermission| class.
338    { APIPermission::kBluetooth, "bluetooth", APIPermissionInfo::kFlagNone,
339      0, PermissionMessage::kNone,
340      &CreateAPIPermission<BluetoothPermission> },
341    { APIPermission::kUsb, "usb", APIPermissionInfo::kFlagNone,
342      IDS_EXTENSION_PROMPT_WARNING_USB,
343      PermissionMessage::kUsb },
344    { APIPermission::kUsbDevice, "usbDevices",
345      APIPermissionInfo::kFlagNone, 0, PermissionMessage::kNone,
346      &CreateAPIPermission<UsbDevicePermission> },
347    { APIPermission::kSystemIndicator, "systemIndicator",
348      APIPermissionInfo::kFlagNone,
349      IDS_EXTENSION_PROMPT_WARNING_SYSTEM_INDICATOR,
350      PermissionMessage::kSystemIndicator },
351    { APIPermission::kSystemCpu, "system.cpu" },
352    { APIPermission::kSystemMemory, "system.memory" },
353    { APIPermission::kSystemNetwork, "system.network" },
354    { APIPermission::kSystemDisplay, "system.display" },
355    { APIPermission::kSystemStorage, "system.storage" },
356    { APIPermission::kPointerLock, "pointerLock" },
357    { APIPermission::kFullscreen, "fullscreen" },
358    { APIPermission::kAudio, "audio" },
359    { APIPermission::kCastStreaming, "cast.streaming" },
360    { APIPermission::kOverrideEscFullscreen, "overrideEscFullscreen" },
361
362    // Settings override permissions.
363    { APIPermission::kHomepage, "homepage",
364      APIPermissionInfo::kFlagCannotBeOptional |
365      APIPermissionInfo::kFlagInternal,
366      IDS_EXTENSION_PROMPT_WARNING_HOME_PAGE_SETTING_OVERRIDE,
367      PermissionMessage::kHomepage },
368    { APIPermission::kSearchProvider, "searchProvider",
369      APIPermissionInfo::kFlagCannotBeOptional |
370      APIPermissionInfo::kFlagInternal,
371      IDS_EXTENSION_PROMPT_WARNING_SEARCH_SETTINGS_OVERRIDE,
372      PermissionMessage::kSearchProvider },
373    { APIPermission::kStartupPages, "startupPages",
374      APIPermissionInfo::kFlagCannotBeOptional |
375      APIPermissionInfo::kFlagInternal,
376      IDS_EXTENSION_PROMPT_WARNING_START_PAGE_SETTING_OVERRIDE,
377      PermissionMessage::kStartupPages },
378  };
379
380  std::vector<APIPermissionInfo*> permissions;
381
382  for (size_t i = 0; i < ARRAYSIZE_UNSAFE(PermissionsToRegister); ++i) {
383    const PermissionRegistration& pr = PermissionsToRegister[i];
384    permissions.push_back(new APIPermissionInfo(
385        pr.id, pr.name, pr.l10n_message_id,
386        pr.message_id ? pr.message_id : PermissionMessage::kNone,
387        pr.flags,
388        pr.constructor));
389  }
390  return permissions;
391}
392
393std::vector<PermissionsProvider::AliasInfo>
394ChromeAPIPermissions::GetAllAliases() const {
395  // Register aliases.
396  std::vector<PermissionsProvider::AliasInfo> aliases;
397  aliases.push_back(PermissionsProvider::AliasInfo(
398      "unlimitedStorage", kOldUnlimitedStoragePermission));
399  aliases.push_back(PermissionsProvider::AliasInfo(
400      "tabs", kWindowsPermission));
401  return aliases;
402}
403
404}  // namespace extensions
405