chrome_api_permissions.cc revision f8ee788a64d60abd8f2d742a5fdedde054ecd910 
1// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/common/extensions/permissions/chrome_api_permissions.h"
6
7#include "extensions/common/permissions/api_permission.h"
8#include "extensions/common/permissions/api_permission_set.h"
9#include "extensions/common/permissions/media_galleries_permission.h"
10#include "extensions/common/permissions/permission_message.h"
11#include "extensions/common/permissions/permissions_info.h"
12#include "grit/extensions_strings.h"
13#include "grit/generated_resources.h"
14
15namespace extensions {
16
17namespace {
18
19const char kOldAlwaysOnTopWindowsPermission[] = "alwaysOnTopWindows";
20const char kOldFullscreenPermission[] = "fullscreen";
21const char kOldOverrideEscFullscreenPermission[] = "overrideEscFullscreen";
22const char kOldUnlimitedStoragePermission[] = "unlimited_storage";
23const char kWindowsPermission[] = "windows";
24
25template<typename T> APIPermission* CreateAPIPermission(
26    const APIPermissionInfo* permission) {
27  return new T(permission);
28}
29
30}  // namespace
31
32std::vector<APIPermissionInfo*> ChromeAPIPermissions::GetAllPermissions()
33    const {
34  APIPermissionInfo::InitInfo permissions_to_register[] = {
35      // Register permissions for all extension types.
36      {APIPermission::kBackground, "background"},
37      {APIPermission::kClipboardRead, "clipboardRead",
38       APIPermissionInfo::kFlagNone, IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD,
39       PermissionMessage::kClipboard},
40      {APIPermission::kClipboardWrite, "clipboardWrite"},
41      {APIPermission::kDeclarativeContent, "declarativeContent"},
42      {APIPermission::kDeclarativeWebRequest, "declarativeWebRequest",
43       APIPermissionInfo::kFlagNone,
44       IDS_EXTENSION_PROMPT_WARNING_DECLARATIVE_WEB_REQUEST,
45       PermissionMessage::kDeclarativeWebRequest},
46      {APIPermission::kDesktopCapture, "desktopCapture",
47       APIPermissionInfo::kFlagNone,
48       IDS_EXTENSION_PROMPT_WARNING_DESKTOP_CAPTURE,
49       PermissionMessage::kDesktopCapture},
50      {APIPermission::kDownloads, "downloads", APIPermissionInfo::kFlagNone,
51       IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS, PermissionMessage::kDownloads},
52      {APIPermission::kDownloadsOpen, "downloads.open",
53       APIPermissionInfo::kFlagNone,
54       IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS_OPEN,
55       PermissionMessage::kDownloadsOpen},
56      {APIPermission::kDownloadsShelf, "downloads.shelf"},
57      {APIPermission::kIdentity, "identity"},
58      {APIPermission::kIdentityEmail, "identity.email",
59       APIPermissionInfo::kFlagNone,
60       IDS_EXTENSION_PROMPT_WARNING_IDENTITY_EMAIL,
61       PermissionMessage::kIdentityEmail},
62      {APIPermission::kExperimental, "experimental",
63       APIPermissionInfo::kFlagCannotBeOptional},
64      // NOTE(kalman): this is provided by a manifest property but needs to
65      // appear in the install permission dialogue, so we need a fake
66      // permission for it. See http://crbug.com/247857.
67      {APIPermission::kWebConnectable, "webConnectable",
68       APIPermissionInfo::kFlagCannotBeOptional |
69           APIPermissionInfo::kFlagInternal,
70       IDS_EXTENSION_PROMPT_WARNING_WEB_CONNECTABLE,
71       PermissionMessage::kWebConnectable},
72      {APIPermission::kGeolocation, "geolocation",
73       APIPermissionInfo::kFlagCannotBeOptional,
74       IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
75       PermissionMessage::kGeolocation},
76      {APIPermission::kNotification, "notifications"},
77      {APIPermission::kUnlimitedStorage, "unlimitedStorage",
78       APIPermissionInfo::kFlagCannotBeOptional},
79      {APIPermission::kGcdPrivate, "gcdPrivate"},
80      {APIPermission::kGcm, "gcm"},
81
82      // Register extension permissions.
83      {APIPermission::kAccessibilityFeaturesModify,
84       "accessibilityFeatures.modify", APIPermissionInfo::kFlagNone,
85       IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_MODIFY,
86       PermissionMessage::kAccessibilityFeaturesModify},
87      {APIPermission::kAccessibilityFeaturesRead, "accessibilityFeatures.read",
88       APIPermissionInfo::kFlagNone,
89       IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_READ,
90       PermissionMessage::kAccessibilityFeaturesRead},
91      {APIPermission::kAccessibilityPrivate, "accessibilityPrivate",
92       APIPermissionInfo::kFlagCannotBeOptional},
93      {APIPermission::kActiveTab, "activeTab"},
94      {APIPermission::kAlarms, "alarms"},
95      {APIPermission::kBookmark, "bookmarks", APIPermissionInfo::kFlagNone,
96       IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS, PermissionMessage::kBookmarks},
97      {APIPermission::kBrailleDisplayPrivate, "brailleDisplayPrivate",
98       APIPermissionInfo::kFlagCannotBeOptional},
99      {APIPermission::kBrowsingData, "browsingData"},
100      {APIPermission::kContentSettings, "contentSettings",
101       APIPermissionInfo::kFlagNone,
102       IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS,
103       PermissionMessage::kContentSettings},
104      {APIPermission::kContextMenus, "contextMenus"},
105      {APIPermission::kCookie, "cookies"},
106      {APIPermission::kEnterprisePlatformKeys, "enterprise.platformKeys"},
107      {APIPermission::kFileBrowserHandler, "fileBrowserHandler",
108       APIPermissionInfo::kFlagCannotBeOptional},
109      {APIPermission::kFontSettings, "fontSettings",
110       APIPermissionInfo::kFlagCannotBeOptional},
111      {APIPermission::kHistory, "history", APIPermissionInfo::kFlagNone,
112       IDS_EXTENSION_PROMPT_WARNING_HISTORY_WRITE,
113       PermissionMessage::kBrowsingHistory},
114      {APIPermission::kIdltest, "idltest"},
115      {APIPermission::kIdle, "idle"},
116      {APIPermission::kInfobars, "infobars"},
117      {APIPermission::kInput, "input", APIPermissionInfo::kFlagNone,
118       IDS_EXTENSION_PROMPT_WARNING_INPUT, PermissionMessage::kInput},
119      {APIPermission::kLedger, "ledger"},
120      {APIPermission::kLocation, "location",
121       APIPermissionInfo::kFlagCannotBeOptional,
122       IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
123       PermissionMessage::kGeolocation},
124      {APIPermission::kManagement, "management", APIPermissionInfo::kFlagNone,
125       IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT, PermissionMessage::kManagement},
126      {APIPermission::kNativeMessaging, "nativeMessaging",
127       APIPermissionInfo::kFlagNone,
128       IDS_EXTENSION_PROMPT_WARNING_NATIVE_MESSAGING,
129       PermissionMessage::kNativeMessaging},
130      {APIPermission::kPower, "power"},
131      {APIPermission::kPrivacy, "privacy", APIPermissionInfo::kFlagNone,
132       IDS_EXTENSION_PROMPT_WARNING_PRIVACY, PermissionMessage::kPrivacy},
133      {APIPermission::kProcesses, "processes", APIPermissionInfo::kFlagNone,
134       IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ, PermissionMessage::kTabs},
135      {APIPermission::kSessions, "sessions"},
136      {APIPermission::kSignedInDevices, "signedInDevices",
137       APIPermissionInfo::kFlagNone,
138       IDS_EXTENSION_PROMPT_WARNING_SIGNED_IN_DEVICES,
139       PermissionMessage::kSignedInDevices},
140      {APIPermission::kSyncFileSystem, "syncFileSystem",
141       APIPermissionInfo::kFlagNone,
142       IDS_EXTENSION_PROMPT_WARNING_SYNCFILESYSTEM,
143       PermissionMessage::kSyncFileSystem},
144      {APIPermission::kTab, "tabs", APIPermissionInfo::kFlagNone,
145       IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ, PermissionMessage::kTabs},
146      {APIPermission::kTopSites, "topSites", APIPermissionInfo::kFlagNone,
147       IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ, PermissionMessage::kTabs},
148      {APIPermission::kTts, "tts", 0, APIPermissionInfo::kFlagCannotBeOptional},
149      {APIPermission::kTtsEngine, "ttsEngine",
150       APIPermissionInfo::kFlagCannotBeOptional,
151       IDS_EXTENSION_PROMPT_WARNING_TTS_ENGINE, PermissionMessage::kTtsEngine},
152      {APIPermission::kWallpaper, "wallpaper",
153       APIPermissionInfo::kFlagCannotBeOptional,
154       IDS_EXTENSION_PROMPT_WARNING_WALLPAPER, PermissionMessage::kWallpaper},
155      {APIPermission::kWebNavigation, "webNavigation",
156       APIPermissionInfo::kFlagNone, IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ,
157       PermissionMessage::kTabs},
158      {APIPermission::kWebRequest, "webRequest"},
159      {APIPermission::kWebRequestBlocking, "webRequestBlocking"},
160      {APIPermission::kWebView, "webview",
161       APIPermissionInfo::kFlagCannotBeOptional},
162
163      // Register private permissions.
164      {APIPermission::kScreenlockPrivate, "screenlockPrivate",
165       APIPermissionInfo::kFlagCannotBeOptional,
166       IDS_EXTENSION_PROMPT_WARNING_SCREENLOCK_PRIVATE,
167       PermissionMessage::kScreenlockPrivate},
168      {APIPermission::kActivityLogPrivate, "activityLogPrivate",
169       APIPermissionInfo::kFlagCannotBeOptional,
170       IDS_EXTENSION_PROMPT_WARNING_ACTIVITY_LOG_PRIVATE,
171       PermissionMessage::kActivityLogPrivate},
172      {APIPermission::kAutoTestPrivate, "autotestPrivate",
173       APIPermissionInfo::kFlagCannotBeOptional},
174      {APIPermission::kBookmarkManagerPrivate, "bookmarkManagerPrivate",
175       APIPermissionInfo::kFlagCannotBeOptional},
176      {APIPermission::kCast, "cast", APIPermissionInfo::kFlagCannotBeOptional},
177      {APIPermission::kChromeosInfoPrivate, "chromeosInfoPrivate",
178       APIPermissionInfo::kFlagCannotBeOptional},
179      {APIPermission::kCommandLinePrivate, "commandLinePrivate",
180       APIPermissionInfo::kFlagCannotBeOptional},
181      {APIPermission::kDeveloperPrivate, "developerPrivate",
182       APIPermissionInfo::kFlagCannotBeOptional},
183      {APIPermission::kDiagnostics, "diagnostics",
184       APIPermissionInfo::kFlagCannotBeOptional},
185      {APIPermission::kDial, "dial", APIPermissionInfo::kFlagCannotBeOptional},
186      {APIPermission::kDownloadsInternal, "downloadsInternal"},
187      {APIPermission::kFileBrowserHandlerInternal, "fileBrowserHandlerInternal",
188       APIPermissionInfo::kFlagCannotBeOptional},
189      {APIPermission::kFileBrowserPrivate, "fileBrowserPrivate",
190       APIPermissionInfo::kFlagCannotBeOptional},
191      {APIPermission::kHotwordPrivate, "hotwordPrivate",
192       APIPermissionInfo::kFlagCannotBeOptional},
193      {APIPermission::kIdentityPrivate, "identityPrivate",
194       APIPermissionInfo::kFlagCannotBeOptional},
195      {APIPermission::kLogPrivate, "logPrivate"},
196      {APIPermission::kWebcamPrivate, "webcamPrivate"},
197      {APIPermission::kNetworkingPrivate, "networkingPrivate",
198       APIPermissionInfo::kFlagCannotBeOptional,
199       IDS_EXTENSION_PROMPT_WARNING_NETWORKING_PRIVATE,
200       PermissionMessage::kNetworkingPrivate},
201      {APIPermission::kMediaPlayerPrivate, "mediaPlayerPrivate",
202       APIPermissionInfo::kFlagCannotBeOptional},
203      {APIPermission::kMetricsPrivate, "metricsPrivate",
204       APIPermissionInfo::kFlagCannotBeOptional},
205      {APIPermission::kMDns, "mdns", APIPermissionInfo::kFlagCannotBeOptional},
206      {APIPermission::kMusicManagerPrivate, "musicManagerPrivate",
207       APIPermissionInfo::kFlagCannotBeOptional,
208       IDS_EXTENSION_PROMPT_WARNING_MUSIC_MANAGER_PRIVATE,
209       PermissionMessage::kMusicManagerPrivate},
210      {APIPermission::kPreferencesPrivate, "preferencesPrivate",
211       APIPermissionInfo::kFlagCannotBeOptional},
212      {APIPermission::kSystemPrivate, "systemPrivate",
213       APIPermissionInfo::kFlagCannotBeOptional},
214      {APIPermission::kCloudPrintPrivate, "cloudPrintPrivate",
215       APIPermissionInfo::kFlagCannotBeOptional},
216      {APIPermission::kInputMethodPrivate, "inputMethodPrivate",
217       APIPermissionInfo::kFlagCannotBeOptional},
218      {APIPermission::kEchoPrivate, "echoPrivate",
219       APIPermissionInfo::kFlagCannotBeOptional},
220      {APIPermission::kFeedbackPrivate, "feedbackPrivate",
221       APIPermissionInfo::kFlagCannotBeOptional},
222      {APIPermission::kImageWriterPrivate, "imageWriterPrivate",
223       APIPermissionInfo::kFlagCannotBeOptional},
224      {APIPermission::kReadingListPrivate, "readingListPrivate",
225       APIPermissionInfo::kFlagCannotBeOptional},
226      {APIPermission::kRtcPrivate, "rtcPrivate",
227       APIPermissionInfo::kFlagCannotBeOptional},
228      {APIPermission::kSyncedNotificationsPrivate,
229       "syncedNotificationsPrivate"},
230      {APIPermission::kTerminalPrivate, "terminalPrivate",
231       APIPermissionInfo::kFlagCannotBeOptional},
232      {APIPermission::kVirtualKeyboardPrivate, "virtualKeyboardPrivate",
233       APIPermissionInfo::kFlagCannotBeOptional},
234      {APIPermission::kWallpaperPrivate, "wallpaperPrivate",
235       APIPermissionInfo::kFlagCannotBeOptional},
236      {APIPermission::kWebstorePrivate, "webstorePrivate",
237       APIPermissionInfo::kFlagCannotBeOptional},
238      {APIPermission::kMediaGalleriesPrivate, "mediaGalleriesPrivate",
239       APIPermissionInfo::kFlagCannotBeOptional},
240      {APIPermission::kStreamsPrivate, "streamsPrivate",
241       APIPermissionInfo::kFlagCannotBeOptional},
242      {APIPermission::kEnterprisePlatformKeysPrivate,
243       "enterprise.platformKeysPrivate",
244       APIPermissionInfo::kFlagCannotBeOptional},
245      {APIPermission::kWebrtcAudioPrivate, "webrtcAudioPrivate",
246       APIPermissionInfo::kFlagCannotBeOptional},
247      {APIPermission::kWebrtcLoggingPrivate, "webrtcLoggingPrivate",
248       APIPermissionInfo::kFlagCannotBeOptional},
249      {APIPermission::kPrincipalsPrivate, "principalsPrivate",
250       APIPermissionInfo::kFlagCannotBeOptional},
251      {APIPermission::kFirstRunPrivate, "firstRunPrivate",
252       APIPermissionInfo::kFlagCannotBeOptional},
253      {APIPermission::kBluetoothPrivate, "bluetoothPrivate",
254       APIPermissionInfo::kFlagCannotBeOptional,
255       IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH_PRIVATE,
256       PermissionMessage::kBluetoothPrivate},
257
258      // Full url access permissions.
259      {APIPermission::kDebugger, "debugger",
260       APIPermissionInfo::kFlagImpliesFullURLAccess |
261           APIPermissionInfo::kFlagCannotBeOptional,
262       IDS_EXTENSION_PROMPT_WARNING_DEBUGGER, PermissionMessage::kDebugger},
263      {APIPermission::kDevtools, "devtools",
264       APIPermissionInfo::kFlagImpliesFullURLAccess |
265           APIPermissionInfo::kFlagCannotBeOptional |
266           APIPermissionInfo::kFlagInternal},
267      {APIPermission::kPageCapture, "pageCapture",
268       APIPermissionInfo::kFlagImpliesFullURLAccess},
269      {APIPermission::kTabCapture, "tabCapture",
270       APIPermissionInfo::kFlagImpliesFullURLAccess},
271      {APIPermission::kTabCaptureForTab, "tabCaptureForTab",
272       APIPermissionInfo::kFlagInternal},
273      {APIPermission::kPlugin, "plugin",
274       APIPermissionInfo::kFlagImpliesFullURLAccess |
275           APIPermissionInfo::kFlagImpliesFullAccess |
276           APIPermissionInfo::kFlagCannotBeOptional |
277           APIPermissionInfo::kFlagInternal,
278       IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS,
279       PermissionMessage::kFullAccess},
280      {APIPermission::kProxy, "proxy",
281       APIPermissionInfo::kFlagImpliesFullURLAccess |
282           APIPermissionInfo::kFlagCannotBeOptional},
283
284      // Platform-app permissions.
285      {APIPermission::kSerial, "serial", APIPermissionInfo::kFlagNone,
286       IDS_EXTENSION_PROMPT_WARNING_SERIAL, PermissionMessage::kSerial},
287      {APIPermission::kAlwaysOnTopWindows, "app.window.alwaysOnTop"},
288      {APIPermission::kAudioCapture, "audioCapture",
289       APIPermissionInfo::kFlagNone, IDS_EXTENSION_PROMPT_WARNING_AUDIO_CAPTURE,
290       PermissionMessage::kAudioCapture},
291      {APIPermission::kVideoCapture, "videoCapture",
292       APIPermissionInfo::kFlagNone, IDS_EXTENSION_PROMPT_WARNING_VIDEO_CAPTURE,
293       PermissionMessage::kVideoCapture},
294      // The permission string for "fileSystem" is only shown when
295      // "write" or "directory" is present. Read-only access is only
296      // granted after the user has been shown a file or directory
297      // chooser dialog and selected a file or directory. Selecting
298      // the file or directory is considered consent to read it.
299      {APIPermission::kFileSystem, "fileSystem"},
300      {APIPermission::kFileSystemDirectory, "fileSystem.directory",
301       APIPermissionInfo::kFlagNone,
302       IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_DIRECTORY,
303       PermissionMessage::kFileSystemDirectory},
304      {APIPermission::kFileSystemProvider, "fileSystemProvider"},
305      {APIPermission::kFileSystemRetainEntries, "fileSystem.retainEntries"},
306      {APIPermission::kFileSystemWrite, "fileSystem.write"},
307      {APIPermission::kFileSystemWriteDirectory, "fileSystem.writeDirectory",
308       APIPermissionInfo::kFlagNone,
309       IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY,
310       PermissionMessage::kFileSystemWriteDirectory},
311      {APIPermission::kHid, "hid", APIPermissionInfo::kFlagNone,
312       IDS_EXTENSION_PROMPT_WARNING_HID, PermissionMessage::kHid},
313      // Because warning messages for the "mediaGalleries" permission
314      // vary based on the permissions parameters, no message ID or
315      // message text is specified here.  The message ID and text used
316      // will be determined at run-time in the
317      // |MediaGalleriesPermission| class.
318      {APIPermission::kMediaGalleries, "mediaGalleries",
319       APIPermissionInfo::kFlagNone, 0, PermissionMessage::kNone,
320       &CreateAPIPermission<MediaGalleriesPermission>},
321      {APIPermission::kPushMessaging, "pushMessaging",
322       APIPermissionInfo::kFlagCannotBeOptional},
323      {APIPermission::kSystemCpu, "system.cpu"},
324      {APIPermission::kSystemMemory, "system.memory"},
325      {APIPermission::kSystemNetwork, "system.network"},
326      {APIPermission::kSystemDisplay, "system.display"},
327      {APIPermission::kSystemStorage, "system.storage"},
328      {APIPermission::kPointerLock, "pointerLock"},
329      {APIPermission::kFullscreen, "app.window.fullscreen"},
330      {APIPermission::kAudio, "audio"},
331      {APIPermission::kCastStreaming, "cast.streaming"},
332      {APIPermission::kOverrideEscFullscreen,
333       "app.window.fullscreen.overrideEsc"},
334      {APIPermission::kWindowShape, "app.window.shape"},
335      {APIPermission::kBrowser, "browser"},
336
337      // Settings override permissions.
338      {APIPermission::kHomepage, "homepage",
339       APIPermissionInfo::kFlagCannotBeOptional |
340           APIPermissionInfo::kFlagInternal,
341       IDS_EXTENSION_PROMPT_WARNING_HOME_PAGE_SETTING_OVERRIDE,
342       PermissionMessage::kHomepage},
343      {APIPermission::kSearchProvider, "searchProvider",
344       APIPermissionInfo::kFlagCannotBeOptional |
345           APIPermissionInfo::kFlagInternal,
346       IDS_EXTENSION_PROMPT_WARNING_SEARCH_SETTINGS_OVERRIDE,
347       PermissionMessage::kSearchProvider},
348      {APIPermission::kStartupPages, "startupPages",
349       APIPermissionInfo::kFlagCannotBeOptional |
350           APIPermissionInfo::kFlagInternal,
351       IDS_EXTENSION_PROMPT_WARNING_START_PAGE_SETTING_OVERRIDE,
352       PermissionMessage::kStartupPages},
353  };
354
355  std::vector<APIPermissionInfo*> permissions;
356
357  for (size_t i = 0; i < ARRAYSIZE_UNSAFE(permissions_to_register); ++i)
358    permissions.push_back(new APIPermissionInfo(permissions_to_register[i]));
359  return permissions;
360}
361
362std::vector<PermissionsProvider::AliasInfo>
363ChromeAPIPermissions::GetAllAliases() const {
364  // Register aliases.
365  std::vector<PermissionsProvider::AliasInfo> aliases;
366  aliases.push_back(PermissionsProvider::AliasInfo(
367      "app.window.alwaysOnTop", kOldAlwaysOnTopWindowsPermission));
368  aliases.push_back(PermissionsProvider::AliasInfo("app.window.fullscreen",
369                                                   kOldFullscreenPermission));
370  aliases.push_back(
371      PermissionsProvider::AliasInfo("app.window.fullscreen.overrideEsc",
372                                     kOldOverrideEscFullscreenPermission));
373  aliases.push_back(PermissionsProvider::AliasInfo(
374      "unlimitedStorage", kOldUnlimitedStoragePermission));
375  aliases.push_back(PermissionsProvider::AliasInfo(
376      "tabs", kWindowsPermission));
377  return aliases;
378}
379
380}  // namespace extensions
381