chrome_permission_message_provider.cc revision f2477e01787aa58f445919b809d89e252beef54f 
1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/common/extensions/permissions/chrome_permission_message_provider.h"
6
7#include "base/stl_util.h"
8#include "chrome/common/extensions/permissions/permission_message_util.h"
9#include "extensions/common/extensions_client.h"
10#include "extensions/common/permissions/permission_message.h"
11#include "extensions/common/permissions/permission_set.h"
12#include "extensions/common/url_pattern_set.h"
13#include "grit/generated_resources.h"
14#include "ui/base/l10n/l10n_util.h"
15
16namespace extensions {
17
18ChromePermissionMessageProvider::ChromePermissionMessageProvider() {
19}
20
21ChromePermissionMessageProvider::~ChromePermissionMessageProvider() {
22}
23
24// static
25PermissionMessages ChromePermissionMessageProvider::GetPermissionMessages(
26    const PermissionSet* permissions,
27    Manifest::Type extension_type) const {
28  PermissionMessages messages;
29
30  if (permissions->HasEffectiveFullAccess()) {
31    messages.push_back(PermissionMessage(
32        PermissionMessage::kFullAccess,
33        l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS)));
34    return messages;
35  }
36
37  std::set<PermissionMessage> host_msgs =
38      GetHostPermissionMessages(permissions, extension_type);
39  std::set<PermissionMessage> api_msgs = GetAPIPermissionMessages(permissions);
40  std::set<PermissionMessage> manifest_permission_msgs =
41      GetManifestPermissionMessages(permissions);
42  messages.insert(messages.end(), host_msgs.begin(), host_msgs.end());
43  messages.insert(messages.end(), api_msgs.begin(), api_msgs.end());
44  messages.insert(messages.end(), manifest_permission_msgs.begin(),
45                  manifest_permission_msgs.end());
46
47  return messages;
48}
49
50// static
51std::vector<string16> ChromePermissionMessageProvider::GetWarningMessages(
52    const PermissionSet* permissions,
53    Manifest::Type extension_type) const {
54  std::vector<string16> message_strings;
55  PermissionMessages messages =
56      GetPermissionMessages(permissions, extension_type);
57
58  bool audio_capture = false;
59  bool video_capture = false;
60  bool media_galleries_read = false;
61  bool media_galleries_copy_to = false;
62  bool media_galleries_delete = false;
63  for (PermissionMessages::const_iterator i = messages.begin();
64       i != messages.end(); ++i) {
65    switch (i->id()) {
66      case PermissionMessage::kAudioCapture:
67        audio_capture = true;
68        break;
69      case PermissionMessage::kVideoCapture:
70        video_capture = true;
71        break;
72      case PermissionMessage::kMediaGalleriesAllGalleriesRead:
73        media_galleries_read = true;
74        break;
75      case PermissionMessage::kMediaGalleriesAllGalleriesCopyTo:
76        media_galleries_copy_to = true;
77        break;
78      case PermissionMessage::kMediaGalleriesAllGalleriesDelete:
79        media_galleries_delete = true;
80        break;
81      default:
82        break;
83    }
84  }
85
86  for (PermissionMessages::const_iterator i = messages.begin();
87       i != messages.end(); ++i) {
88    int id = i->id();
89    if (audio_capture && video_capture) {
90      if (id == PermissionMessage::kAudioCapture) {
91        message_strings.push_back(l10n_util::GetStringUTF16(
92            IDS_EXTENSION_PROMPT_WARNING_AUDIO_AND_VIDEO_CAPTURE));
93        continue;
94      } else if (id == PermissionMessage::kVideoCapture) {
95        // The combined message will be pushed above.
96        continue;
97      }
98    }
99    if (media_galleries_read &&
100        (media_galleries_copy_to || media_galleries_delete)) {
101      if (id == PermissionMessage::kMediaGalleriesAllGalleriesRead) {
102        int m_id = media_galleries_copy_to ?
103            IDS_EXTENSION_PROMPT_WARNING_MEDIA_GALLERIES_READ_WRITE :
104            IDS_EXTENSION_PROMPT_WARNING_MEDIA_GALLERIES_READ_DELETE;
105        message_strings.push_back(l10n_util::GetStringUTF16(m_id));
106        continue;
107      } else if (id == PermissionMessage::kMediaGalleriesAllGalleriesCopyTo ||
108                 id == PermissionMessage::kMediaGalleriesAllGalleriesDelete) {
109        // The combined message will be pushed above.
110        continue;
111      }
112    }
113
114    message_strings.push_back(i->message());
115  }
116
117  return message_strings;
118}
119
120// static
121std::vector<string16>
122ChromePermissionMessageProvider::GetWarningMessagesDetails(
123    const PermissionSet* permissions,
124    Manifest::Type extension_type) const {
125  std::vector<string16> message_strings;
126  PermissionMessages messages =
127      GetPermissionMessages(permissions, extension_type);
128
129  for (PermissionMessages::const_iterator i = messages.begin();
130       i != messages.end(); ++i)
131    message_strings.push_back(i->details());
132
133  return message_strings;
134}
135
136// static
137bool ChromePermissionMessageProvider::IsPrivilegeIncrease(
138    const PermissionSet* old_permissions,
139    const PermissionSet* new_permissions,
140    Manifest::Type extension_type) const {
141  // Things can't get worse than native code access.
142  if (old_permissions->HasEffectiveFullAccess())
143    return false;
144
145  // Otherwise, it's a privilege increase if the new one has full access.
146  if (new_permissions->HasEffectiveFullAccess())
147    return true;
148
149  if (IsHostPrivilegeIncrease(old_permissions, new_permissions, extension_type))
150    return true;
151
152  if (IsAPIPrivilegeIncrease(old_permissions, new_permissions))
153    return true;
154
155  if (IsManifestPermissionPrivilegeIncrease(old_permissions, new_permissions))
156    return true;
157
158  return false;
159}
160
161std::set<PermissionMessage>
162ChromePermissionMessageProvider::GetAPIPermissionMessages(
163    const PermissionSet* permissions) const {
164  std::set<PermissionMessage> messages;
165  for (APIPermissionSet::const_iterator permission_it =
166           permissions->apis().begin();
167       permission_it != permissions->apis().end(); ++permission_it) {
168    if (permission_it->HasMessages()) {
169      PermissionMessages new_messages = permission_it->GetMessages();
170      messages.insert(new_messages.begin(), new_messages.end());
171    }
172  }
173
174  // A special hack: If kFileSystemWriteDirectory would be displayed, hide
175  // kFileSystemDirectory and and kFileSystemWrite as the write directory
176  // message implies the other two.
177  // TODO(sammc): Remove this. See http://crbug.com/284849.
178  std::set<PermissionMessage>::iterator write_directory_message =
179      messages.find(PermissionMessage(
180          PermissionMessage::kFileSystemWriteDirectory, string16()));
181  if (write_directory_message != messages.end()) {
182    messages.erase(
183        PermissionMessage(PermissionMessage::kFileSystemWrite, string16()));
184    messages.erase(
185        PermissionMessage(PermissionMessage::kFileSystemDirectory, string16()));
186  }
187
188  // A special hack: The warning message for declarativeWebRequest
189  // permissions speaks about blocking parts of pages, which is a
190  // subset of what the "<all_urls>" access allows. Therefore we
191  // display only the "<all_urls>" warning message if both permissions
192  // are required.
193  if (permissions->HasEffectiveAccessToAllHosts()) {
194    messages.erase(
195        PermissionMessage(
196            PermissionMessage::kDeclarativeWebRequest, string16()));
197  }
198
199  return messages;
200}
201
202std::set<PermissionMessage>
203ChromePermissionMessageProvider::GetManifestPermissionMessages(
204    const PermissionSet* permissions) const {
205  std::set<PermissionMessage> messages;
206  for (ManifestPermissionSet::const_iterator permission_it =
207           permissions->manifest_permissions().begin();
208      permission_it != permissions->manifest_permissions().end();
209      ++permission_it) {
210    if (permission_it->HasMessages()) {
211      PermissionMessages new_messages = permission_it->GetMessages();
212      messages.insert(new_messages.begin(), new_messages.end());
213    }
214  }
215  return messages;
216}
217
218std::set<PermissionMessage>
219ChromePermissionMessageProvider::GetHostPermissionMessages(
220    const PermissionSet* permissions,
221    Manifest::Type extension_type) const {
222  std::set<PermissionMessage> messages;
223  // Since platform apps always use isolated storage, they can't (silently)
224  // access user data on other domains, so there's no need to prompt.
225  // Note: this must remain consistent with IsHostPrivilegeIncrease.
226  // See crbug.com/255229.
227  if (extension_type == Manifest::TYPE_PLATFORM_APP)
228    return messages;
229
230  if (permissions->HasEffectiveAccessToAllHosts()) {
231    messages.insert(PermissionMessage(
232        PermissionMessage::kHostsAll,
233        l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_ALL_HOSTS)));
234  } else {
235    URLPatternSet regular_hosts;
236    ExtensionsClient::Get()->FilterHostPermissions(
237        permissions->effective_hosts(), &regular_hosts, &messages);
238
239    std::set<std::string> hosts =
240        permission_message_util::GetDistinctHosts(regular_hosts, true, true);
241    if (!hosts.empty())
242      messages.insert(permission_message_util::CreateFromHostList(hosts));
243  }
244  return messages;
245}
246
247bool ChromePermissionMessageProvider::IsAPIPrivilegeIncrease(
248    const PermissionSet* old_permissions,
249    const PermissionSet* new_permissions) const {
250  if (new_permissions == NULL)
251    return false;
252
253  typedef std::set<PermissionMessage> PermissionMsgSet;
254  PermissionMsgSet old_warnings = GetAPIPermissionMessages(old_permissions);
255  PermissionMsgSet new_warnings = GetAPIPermissionMessages(new_permissions);
256  PermissionMsgSet delta_warnings =
257      base::STLSetDifference<PermissionMsgSet>(new_warnings, old_warnings);
258
259  // A special hack: kFileSystemWriteDirectory implies kFileSystemDirectory and
260  // kFileSystemWrite.
261  // TODO(sammc): Remove this. See http://crbug.com/284849.
262  if (old_warnings.find(PermissionMessage(
263          PermissionMessage::kFileSystemWriteDirectory, string16())) !=
264      old_warnings.end()) {
265    delta_warnings.erase(
266        PermissionMessage(PermissionMessage::kFileSystemDirectory, string16()));
267    delta_warnings.erase(
268        PermissionMessage(PermissionMessage::kFileSystemWrite, string16()));
269  }
270
271  // It is a privilege increase if there are additional warnings present.
272  return !delta_warnings.empty();
273}
274
275bool ChromePermissionMessageProvider::IsManifestPermissionPrivilegeIncrease(
276    const PermissionSet* old_permissions,
277    const PermissionSet* new_permissions) const {
278  if (new_permissions == NULL)
279    return false;
280
281  typedef std::set<PermissionMessage> PermissionMsgSet;
282  PermissionMsgSet old_warnings =
283      GetManifestPermissionMessages(old_permissions);
284  PermissionMsgSet new_warnings =
285      GetManifestPermissionMessages(new_permissions);
286  PermissionMsgSet delta_warnings =
287      base::STLSetDifference<PermissionMsgSet>(new_warnings, old_warnings);
288
289  // It is a privilege increase if there are additional warnings present.
290  return !delta_warnings.empty();
291}
292
293bool ChromePermissionMessageProvider::IsHostPrivilegeIncrease(
294    const PermissionSet* old_permissions,
295    const PermissionSet* new_permissions,
296    Manifest::Type extension_type) const {
297  // Platform apps host permission changes do not count as privilege increases.
298  // Note: this must remain consistent with GetHostPermissionMessages.
299  if (extension_type == Manifest::TYPE_PLATFORM_APP)
300    return false;
301
302  // If the old permission set can access any host, then it can't be elevated.
303  if (old_permissions->HasEffectiveAccessToAllHosts())
304    return false;
305
306  // Likewise, if the new permission set has full host access, then it must be
307  // a privilege increase.
308  if (new_permissions->HasEffectiveAccessToAllHosts())
309    return true;
310
311  const URLPatternSet& old_list = old_permissions->effective_hosts();
312  const URLPatternSet& new_list = new_permissions->effective_hosts();
313
314  // TODO(jstritar): This is overly conservative with respect to subdomains.
315  // For example, going from *.google.com to www.google.com will be
316  // considered an elevation, even though it is not (http://crbug.com/65337).
317  std::set<std::string> new_hosts_set(
318      permission_message_util::GetDistinctHosts(new_list, false, false));
319  std::set<std::string> old_hosts_set(
320      permission_message_util::GetDistinctHosts(old_list, false, false));
321  std::set<std::string> new_hosts_only =
322      base::STLSetDifference<std::set<std::string> >(new_hosts_set,
323                                                     old_hosts_set);
324
325  return !new_hosts_only.empty();
326}
327
328}  // namespace extensions
329