chrome_api_permissions.cc revision f8ee788a64d60abd8f2d742a5fdedde054ecd910
1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/common/extensions/permissions/chrome_api_permissions.h" 6 7#include "extensions/common/permissions/api_permission.h" 8#include "extensions/common/permissions/api_permission_set.h" 9#include "extensions/common/permissions/media_galleries_permission.h" 10#include "extensions/common/permissions/permission_message.h" 11#include "extensions/common/permissions/permissions_info.h" 12#include "grit/extensions_strings.h" 13#include "grit/generated_resources.h" 14 15namespace extensions { 16 17namespace { 18 19const char kOldAlwaysOnTopWindowsPermission[] = "alwaysOnTopWindows"; 20const char kOldFullscreenPermission[] = "fullscreen"; 21const char kOldOverrideEscFullscreenPermission[] = "overrideEscFullscreen"; 22const char kOldUnlimitedStoragePermission[] = "unlimited_storage"; 23const char kWindowsPermission[] = "windows"; 24 25template<typename T> APIPermission* CreateAPIPermission( 26 const APIPermissionInfo* permission) { 27 return new T(permission); 28} 29 30} // namespace 31 32std::vector<APIPermissionInfo*> ChromeAPIPermissions::GetAllPermissions() 33 const { 34 APIPermissionInfo::InitInfo permissions_to_register[] = { 35 // Register permissions for all extension types. 36 {APIPermission::kBackground, "background"}, 37 {APIPermission::kClipboardRead, "clipboardRead", 38 APIPermissionInfo::kFlagNone, IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD, 39 PermissionMessage::kClipboard}, 40 {APIPermission::kClipboardWrite, "clipboardWrite"}, 41 {APIPermission::kDeclarativeContent, "declarativeContent"}, 42 {APIPermission::kDeclarativeWebRequest, "declarativeWebRequest", 43 APIPermissionInfo::kFlagNone, 44 IDS_EXTENSION_PROMPT_WARNING_DECLARATIVE_WEB_REQUEST, 45 PermissionMessage::kDeclarativeWebRequest}, 46 {APIPermission::kDesktopCapture, "desktopCapture", 47 APIPermissionInfo::kFlagNone, 48 IDS_EXTENSION_PROMPT_WARNING_DESKTOP_CAPTURE, 49 PermissionMessage::kDesktopCapture}, 50 {APIPermission::kDownloads, "downloads", APIPermissionInfo::kFlagNone, 51 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS, PermissionMessage::kDownloads}, 52 {APIPermission::kDownloadsOpen, "downloads.open", 53 APIPermissionInfo::kFlagNone, 54 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS_OPEN, 55 PermissionMessage::kDownloadsOpen}, 56 {APIPermission::kDownloadsShelf, "downloads.shelf"}, 57 {APIPermission::kIdentity, "identity"}, 58 {APIPermission::kIdentityEmail, "identity.email", 59 APIPermissionInfo::kFlagNone, 60 IDS_EXTENSION_PROMPT_WARNING_IDENTITY_EMAIL, 61 PermissionMessage::kIdentityEmail}, 62 {APIPermission::kExperimental, "experimental", 63 APIPermissionInfo::kFlagCannotBeOptional}, 64 // NOTE(kalman): this is provided by a manifest property but needs to 65 // appear in the install permission dialogue, so we need a fake 66 // permission for it. See http://crbug.com/247857. 67 {APIPermission::kWebConnectable, "webConnectable", 68 APIPermissionInfo::kFlagCannotBeOptional | 69 APIPermissionInfo::kFlagInternal, 70 IDS_EXTENSION_PROMPT_WARNING_WEB_CONNECTABLE, 71 PermissionMessage::kWebConnectable}, 72 {APIPermission::kGeolocation, "geolocation", 73 APIPermissionInfo::kFlagCannotBeOptional, 74 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION, 75 PermissionMessage::kGeolocation}, 76 {APIPermission::kNotification, "notifications"}, 77 {APIPermission::kUnlimitedStorage, "unlimitedStorage", 78 APIPermissionInfo::kFlagCannotBeOptional}, 79 {APIPermission::kGcdPrivate, "gcdPrivate"}, 80 {APIPermission::kGcm, "gcm"}, 81 82 // Register extension permissions. 83 {APIPermission::kAccessibilityFeaturesModify, 84 "accessibilityFeatures.modify", APIPermissionInfo::kFlagNone, 85 IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_MODIFY, 86 PermissionMessage::kAccessibilityFeaturesModify}, 87 {APIPermission::kAccessibilityFeaturesRead, "accessibilityFeatures.read", 88 APIPermissionInfo::kFlagNone, 89 IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_READ, 90 PermissionMessage::kAccessibilityFeaturesRead}, 91 {APIPermission::kAccessibilityPrivate, "accessibilityPrivate", 92 APIPermissionInfo::kFlagCannotBeOptional}, 93 {APIPermission::kActiveTab, "activeTab"}, 94 {APIPermission::kAlarms, "alarms"}, 95 {APIPermission::kBookmark, "bookmarks", APIPermissionInfo::kFlagNone, 96 IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS, PermissionMessage::kBookmarks}, 97 {APIPermission::kBrailleDisplayPrivate, "brailleDisplayPrivate", 98 APIPermissionInfo::kFlagCannotBeOptional}, 99 {APIPermission::kBrowsingData, "browsingData"}, 100 {APIPermission::kContentSettings, "contentSettings", 101 APIPermissionInfo::kFlagNone, 102 IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS, 103 PermissionMessage::kContentSettings}, 104 {APIPermission::kContextMenus, "contextMenus"}, 105 {APIPermission::kCookie, "cookies"}, 106 {APIPermission::kEnterprisePlatformKeys, "enterprise.platformKeys"}, 107 {APIPermission::kFileBrowserHandler, "fileBrowserHandler", 108 APIPermissionInfo::kFlagCannotBeOptional}, 109 {APIPermission::kFontSettings, "fontSettings", 110 APIPermissionInfo::kFlagCannotBeOptional}, 111 {APIPermission::kHistory, "history", APIPermissionInfo::kFlagNone, 112 IDS_EXTENSION_PROMPT_WARNING_HISTORY_WRITE, 113 PermissionMessage::kBrowsingHistory}, 114 {APIPermission::kIdltest, "idltest"}, 115 {APIPermission::kIdle, "idle"}, 116 {APIPermission::kInfobars, "infobars"}, 117 {APIPermission::kInput, "input", APIPermissionInfo::kFlagNone, 118 IDS_EXTENSION_PROMPT_WARNING_INPUT, PermissionMessage::kInput}, 119 {APIPermission::kLedger, "ledger"}, 120 {APIPermission::kLocation, "location", 121 APIPermissionInfo::kFlagCannotBeOptional, 122 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION, 123 PermissionMessage::kGeolocation}, 124 {APIPermission::kManagement, "management", APIPermissionInfo::kFlagNone, 125 IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT, PermissionMessage::kManagement}, 126 {APIPermission::kNativeMessaging, "nativeMessaging", 127 APIPermissionInfo::kFlagNone, 128 IDS_EXTENSION_PROMPT_WARNING_NATIVE_MESSAGING, 129 PermissionMessage::kNativeMessaging}, 130 {APIPermission::kPower, "power"}, 131 {APIPermission::kPrivacy, "privacy", APIPermissionInfo::kFlagNone, 132 IDS_EXTENSION_PROMPT_WARNING_PRIVACY, PermissionMessage::kPrivacy}, 133 {APIPermission::kProcesses, "processes", APIPermissionInfo::kFlagNone, 134 IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ, PermissionMessage::kTabs}, 135 {APIPermission::kSessions, "sessions"}, 136 {APIPermission::kSignedInDevices, "signedInDevices", 137 APIPermissionInfo::kFlagNone, 138 IDS_EXTENSION_PROMPT_WARNING_SIGNED_IN_DEVICES, 139 PermissionMessage::kSignedInDevices}, 140 {APIPermission::kSyncFileSystem, "syncFileSystem", 141 APIPermissionInfo::kFlagNone, 142 IDS_EXTENSION_PROMPT_WARNING_SYNCFILESYSTEM, 143 PermissionMessage::kSyncFileSystem}, 144 {APIPermission::kTab, "tabs", APIPermissionInfo::kFlagNone, 145 IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ, PermissionMessage::kTabs}, 146 {APIPermission::kTopSites, "topSites", APIPermissionInfo::kFlagNone, 147 IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ, PermissionMessage::kTabs}, 148 {APIPermission::kTts, "tts", 0, APIPermissionInfo::kFlagCannotBeOptional}, 149 {APIPermission::kTtsEngine, "ttsEngine", 150 APIPermissionInfo::kFlagCannotBeOptional, 151 IDS_EXTENSION_PROMPT_WARNING_TTS_ENGINE, PermissionMessage::kTtsEngine}, 152 {APIPermission::kWallpaper, "wallpaper", 153 APIPermissionInfo::kFlagCannotBeOptional, 154 IDS_EXTENSION_PROMPT_WARNING_WALLPAPER, PermissionMessage::kWallpaper}, 155 {APIPermission::kWebNavigation, "webNavigation", 156 APIPermissionInfo::kFlagNone, IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ, 157 PermissionMessage::kTabs}, 158 {APIPermission::kWebRequest, "webRequest"}, 159 {APIPermission::kWebRequestBlocking, "webRequestBlocking"}, 160 {APIPermission::kWebView, "webview", 161 APIPermissionInfo::kFlagCannotBeOptional}, 162 163 // Register private permissions. 164 {APIPermission::kScreenlockPrivate, "screenlockPrivate", 165 APIPermissionInfo::kFlagCannotBeOptional, 166 IDS_EXTENSION_PROMPT_WARNING_SCREENLOCK_PRIVATE, 167 PermissionMessage::kScreenlockPrivate}, 168 {APIPermission::kActivityLogPrivate, "activityLogPrivate", 169 APIPermissionInfo::kFlagCannotBeOptional, 170 IDS_EXTENSION_PROMPT_WARNING_ACTIVITY_LOG_PRIVATE, 171 PermissionMessage::kActivityLogPrivate}, 172 {APIPermission::kAutoTestPrivate, "autotestPrivate", 173 APIPermissionInfo::kFlagCannotBeOptional}, 174 {APIPermission::kBookmarkManagerPrivate, "bookmarkManagerPrivate", 175 APIPermissionInfo::kFlagCannotBeOptional}, 176 {APIPermission::kCast, "cast", APIPermissionInfo::kFlagCannotBeOptional}, 177 {APIPermission::kChromeosInfoPrivate, "chromeosInfoPrivate", 178 APIPermissionInfo::kFlagCannotBeOptional}, 179 {APIPermission::kCommandLinePrivate, "commandLinePrivate", 180 APIPermissionInfo::kFlagCannotBeOptional}, 181 {APIPermission::kDeveloperPrivate, "developerPrivate", 182 APIPermissionInfo::kFlagCannotBeOptional}, 183 {APIPermission::kDiagnostics, "diagnostics", 184 APIPermissionInfo::kFlagCannotBeOptional}, 185 {APIPermission::kDial, "dial", APIPermissionInfo::kFlagCannotBeOptional}, 186 {APIPermission::kDownloadsInternal, "downloadsInternal"}, 187 {APIPermission::kFileBrowserHandlerInternal, "fileBrowserHandlerInternal", 188 APIPermissionInfo::kFlagCannotBeOptional}, 189 {APIPermission::kFileBrowserPrivate, "fileBrowserPrivate", 190 APIPermissionInfo::kFlagCannotBeOptional}, 191 {APIPermission::kHotwordPrivate, "hotwordPrivate", 192 APIPermissionInfo::kFlagCannotBeOptional}, 193 {APIPermission::kIdentityPrivate, "identityPrivate", 194 APIPermissionInfo::kFlagCannotBeOptional}, 195 {APIPermission::kLogPrivate, "logPrivate"}, 196 {APIPermission::kWebcamPrivate, "webcamPrivate"}, 197 {APIPermission::kNetworkingPrivate, "networkingPrivate", 198 APIPermissionInfo::kFlagCannotBeOptional, 199 IDS_EXTENSION_PROMPT_WARNING_NETWORKING_PRIVATE, 200 PermissionMessage::kNetworkingPrivate}, 201 {APIPermission::kMediaPlayerPrivate, "mediaPlayerPrivate", 202 APIPermissionInfo::kFlagCannotBeOptional}, 203 {APIPermission::kMetricsPrivate, "metricsPrivate", 204 APIPermissionInfo::kFlagCannotBeOptional}, 205 {APIPermission::kMDns, "mdns", APIPermissionInfo::kFlagCannotBeOptional}, 206 {APIPermission::kMusicManagerPrivate, "musicManagerPrivate", 207 APIPermissionInfo::kFlagCannotBeOptional, 208 IDS_EXTENSION_PROMPT_WARNING_MUSIC_MANAGER_PRIVATE, 209 PermissionMessage::kMusicManagerPrivate}, 210 {APIPermission::kPreferencesPrivate, "preferencesPrivate", 211 APIPermissionInfo::kFlagCannotBeOptional}, 212 {APIPermission::kSystemPrivate, "systemPrivate", 213 APIPermissionInfo::kFlagCannotBeOptional}, 214 {APIPermission::kCloudPrintPrivate, "cloudPrintPrivate", 215 APIPermissionInfo::kFlagCannotBeOptional}, 216 {APIPermission::kInputMethodPrivate, "inputMethodPrivate", 217 APIPermissionInfo::kFlagCannotBeOptional}, 218 {APIPermission::kEchoPrivate, "echoPrivate", 219 APIPermissionInfo::kFlagCannotBeOptional}, 220 {APIPermission::kFeedbackPrivate, "feedbackPrivate", 221 APIPermissionInfo::kFlagCannotBeOptional}, 222 {APIPermission::kImageWriterPrivate, "imageWriterPrivate", 223 APIPermissionInfo::kFlagCannotBeOptional}, 224 {APIPermission::kReadingListPrivate, "readingListPrivate", 225 APIPermissionInfo::kFlagCannotBeOptional}, 226 {APIPermission::kRtcPrivate, "rtcPrivate", 227 APIPermissionInfo::kFlagCannotBeOptional}, 228 {APIPermission::kSyncedNotificationsPrivate, 229 "syncedNotificationsPrivate"}, 230 {APIPermission::kTerminalPrivate, "terminalPrivate", 231 APIPermissionInfo::kFlagCannotBeOptional}, 232 {APIPermission::kVirtualKeyboardPrivate, "virtualKeyboardPrivate", 233 APIPermissionInfo::kFlagCannotBeOptional}, 234 {APIPermission::kWallpaperPrivate, "wallpaperPrivate", 235 APIPermissionInfo::kFlagCannotBeOptional}, 236 {APIPermission::kWebstorePrivate, "webstorePrivate", 237 APIPermissionInfo::kFlagCannotBeOptional}, 238 {APIPermission::kMediaGalleriesPrivate, "mediaGalleriesPrivate", 239 APIPermissionInfo::kFlagCannotBeOptional}, 240 {APIPermission::kStreamsPrivate, "streamsPrivate", 241 APIPermissionInfo::kFlagCannotBeOptional}, 242 {APIPermission::kEnterprisePlatformKeysPrivate, 243 "enterprise.platformKeysPrivate", 244 APIPermissionInfo::kFlagCannotBeOptional}, 245 {APIPermission::kWebrtcAudioPrivate, "webrtcAudioPrivate", 246 APIPermissionInfo::kFlagCannotBeOptional}, 247 {APIPermission::kWebrtcLoggingPrivate, "webrtcLoggingPrivate", 248 APIPermissionInfo::kFlagCannotBeOptional}, 249 {APIPermission::kPrincipalsPrivate, "principalsPrivate", 250 APIPermissionInfo::kFlagCannotBeOptional}, 251 {APIPermission::kFirstRunPrivate, "firstRunPrivate", 252 APIPermissionInfo::kFlagCannotBeOptional}, 253 {APIPermission::kBluetoothPrivate, "bluetoothPrivate", 254 APIPermissionInfo::kFlagCannotBeOptional, 255 IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH_PRIVATE, 256 PermissionMessage::kBluetoothPrivate}, 257 258 // Full url access permissions. 259 {APIPermission::kDebugger, "debugger", 260 APIPermissionInfo::kFlagImpliesFullURLAccess | 261 APIPermissionInfo::kFlagCannotBeOptional, 262 IDS_EXTENSION_PROMPT_WARNING_DEBUGGER, PermissionMessage::kDebugger}, 263 {APIPermission::kDevtools, "devtools", 264 APIPermissionInfo::kFlagImpliesFullURLAccess | 265 APIPermissionInfo::kFlagCannotBeOptional | 266 APIPermissionInfo::kFlagInternal}, 267 {APIPermission::kPageCapture, "pageCapture", 268 APIPermissionInfo::kFlagImpliesFullURLAccess}, 269 {APIPermission::kTabCapture, "tabCapture", 270 APIPermissionInfo::kFlagImpliesFullURLAccess}, 271 {APIPermission::kTabCaptureForTab, "tabCaptureForTab", 272 APIPermissionInfo::kFlagInternal}, 273 {APIPermission::kPlugin, "plugin", 274 APIPermissionInfo::kFlagImpliesFullURLAccess | 275 APIPermissionInfo::kFlagImpliesFullAccess | 276 APIPermissionInfo::kFlagCannotBeOptional | 277 APIPermissionInfo::kFlagInternal, 278 IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS, 279 PermissionMessage::kFullAccess}, 280 {APIPermission::kProxy, "proxy", 281 APIPermissionInfo::kFlagImpliesFullURLAccess | 282 APIPermissionInfo::kFlagCannotBeOptional}, 283 284 // Platform-app permissions. 285 {APIPermission::kSerial, "serial", APIPermissionInfo::kFlagNone, 286 IDS_EXTENSION_PROMPT_WARNING_SERIAL, PermissionMessage::kSerial}, 287 {APIPermission::kAlwaysOnTopWindows, "app.window.alwaysOnTop"}, 288 {APIPermission::kAudioCapture, "audioCapture", 289 APIPermissionInfo::kFlagNone, IDS_EXTENSION_PROMPT_WARNING_AUDIO_CAPTURE, 290 PermissionMessage::kAudioCapture}, 291 {APIPermission::kVideoCapture, "videoCapture", 292 APIPermissionInfo::kFlagNone, IDS_EXTENSION_PROMPT_WARNING_VIDEO_CAPTURE, 293 PermissionMessage::kVideoCapture}, 294 // The permission string for "fileSystem" is only shown when 295 // "write" or "directory" is present. Read-only access is only 296 // granted after the user has been shown a file or directory 297 // chooser dialog and selected a file or directory. Selecting 298 // the file or directory is considered consent to read it. 299 {APIPermission::kFileSystem, "fileSystem"}, 300 {APIPermission::kFileSystemDirectory, "fileSystem.directory", 301 APIPermissionInfo::kFlagNone, 302 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_DIRECTORY, 303 PermissionMessage::kFileSystemDirectory}, 304 {APIPermission::kFileSystemProvider, "fileSystemProvider"}, 305 {APIPermission::kFileSystemRetainEntries, "fileSystem.retainEntries"}, 306 {APIPermission::kFileSystemWrite, "fileSystem.write"}, 307 {APIPermission::kFileSystemWriteDirectory, "fileSystem.writeDirectory", 308 APIPermissionInfo::kFlagNone, 309 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY, 310 PermissionMessage::kFileSystemWriteDirectory}, 311 {APIPermission::kHid, "hid", APIPermissionInfo::kFlagNone, 312 IDS_EXTENSION_PROMPT_WARNING_HID, PermissionMessage::kHid}, 313 // Because warning messages for the "mediaGalleries" permission 314 // vary based on the permissions parameters, no message ID or 315 // message text is specified here. The message ID and text used 316 // will be determined at run-time in the 317 // |MediaGalleriesPermission| class. 318 {APIPermission::kMediaGalleries, "mediaGalleries", 319 APIPermissionInfo::kFlagNone, 0, PermissionMessage::kNone, 320 &CreateAPIPermission<MediaGalleriesPermission>}, 321 {APIPermission::kPushMessaging, "pushMessaging", 322 APIPermissionInfo::kFlagCannotBeOptional}, 323 {APIPermission::kSystemCpu, "system.cpu"}, 324 {APIPermission::kSystemMemory, "system.memory"}, 325 {APIPermission::kSystemNetwork, "system.network"}, 326 {APIPermission::kSystemDisplay, "system.display"}, 327 {APIPermission::kSystemStorage, "system.storage"}, 328 {APIPermission::kPointerLock, "pointerLock"}, 329 {APIPermission::kFullscreen, "app.window.fullscreen"}, 330 {APIPermission::kAudio, "audio"}, 331 {APIPermission::kCastStreaming, "cast.streaming"}, 332 {APIPermission::kOverrideEscFullscreen, 333 "app.window.fullscreen.overrideEsc"}, 334 {APIPermission::kWindowShape, "app.window.shape"}, 335 {APIPermission::kBrowser, "browser"}, 336 337 // Settings override permissions. 338 {APIPermission::kHomepage, "homepage", 339 APIPermissionInfo::kFlagCannotBeOptional | 340 APIPermissionInfo::kFlagInternal, 341 IDS_EXTENSION_PROMPT_WARNING_HOME_PAGE_SETTING_OVERRIDE, 342 PermissionMessage::kHomepage}, 343 {APIPermission::kSearchProvider, "searchProvider", 344 APIPermissionInfo::kFlagCannotBeOptional | 345 APIPermissionInfo::kFlagInternal, 346 IDS_EXTENSION_PROMPT_WARNING_SEARCH_SETTINGS_OVERRIDE, 347 PermissionMessage::kSearchProvider}, 348 {APIPermission::kStartupPages, "startupPages", 349 APIPermissionInfo::kFlagCannotBeOptional | 350 APIPermissionInfo::kFlagInternal, 351 IDS_EXTENSION_PROMPT_WARNING_START_PAGE_SETTING_OVERRIDE, 352 PermissionMessage::kStartupPages}, 353 }; 354 355 std::vector<APIPermissionInfo*> permissions; 356 357 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(permissions_to_register); ++i) 358 permissions.push_back(new APIPermissionInfo(permissions_to_register[i])); 359 return permissions; 360} 361 362std::vector<PermissionsProvider::AliasInfo> 363ChromeAPIPermissions::GetAllAliases() const { 364 // Register aliases. 365 std::vector<PermissionsProvider::AliasInfo> aliases; 366 aliases.push_back(PermissionsProvider::AliasInfo( 367 "app.window.alwaysOnTop", kOldAlwaysOnTopWindowsPermission)); 368 aliases.push_back(PermissionsProvider::AliasInfo("app.window.fullscreen", 369 kOldFullscreenPermission)); 370 aliases.push_back( 371 PermissionsProvider::AliasInfo("app.window.fullscreen.overrideEsc", 372 kOldOverrideEscFullscreenPermission)); 373 aliases.push_back(PermissionsProvider::AliasInfo( 374 "unlimitedStorage", kOldUnlimitedStoragePermission)); 375 aliases.push_back(PermissionsProvider::AliasInfo( 376 "tabs", kWindowsPermission)); 377 return aliases; 378} 379 380} // namespace extensions 381