1// Copyright 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// This features file defines permissions for extension APIs implemented
6// under src/extensions.
7
8// See extensions/common/features/* to understand this file, in particular
9// feature.h, simple_feature.h, and base_feature_provider.h.
10
11// To add a new whitelisted ID, SHA-1 it and force it to uppercase. In Bash:
12//
13// $ echo -n "aaaabbbbccccddddeeeeffffgggghhhh" | \
14// sha1sum | tr '[:lower:]' '[:upper:]'
15// 9A0417016F345C934A1A88F55CA17C05014EEEBA  -
16//
17// Google employees: please update http://go/chrome-api-whitelist to map
18// hashes back to ids.
19
20// If you add a new platform_app permission please update the "stubs_app" test:
21// chrome/test/data/extensions/api_test/stubs_app/manifest.json
22
23{
24  "app.window.alwaysOnTop": {
25    "channel": "stable",
26    "extension_types": ["platform_app"]
27  },
28  "app.window.fullscreen": {
29    "channel": "stable",
30    "extension_types": ["platform_app"]
31  },
32  "app.window.fullscreen.overrideEsc": {
33    "channel": "stable",
34    "extension_types": ["platform_app"]
35  },
36  "app.window.alpha": [
37    {
38      "channel": "dev",
39      "extension_types": ["platform_app"]
40    },
41    {
42      "channel": "stable",
43      "extension_types": ["platform_app"],
44      "whitelist": [
45        "0F42756099D914A026DADFA182871C015735DD95",  // http://crbug.com/323773
46        "2D22CDB6583FD0A13758AEBE8B15E45208B4E9A7",
47        "E7E2461CE072DF036CF9592740196159E2D7C089",  // http://crbug.com/356200
48        "A74A4D44C7CFCD8844830E6140C8D763E12DD8F3",
49        "312745D9BF916161191143F6490085EEA0434997",
50        "53041A2FA309EECED01FFC751E7399186E860B2C",
51        "A07A5B743CD82A1C2579DB77D353C98A23201EEF",  // http://crbug.com/413748
52        "F16F23C83C5F6DAD9B65A120448B34056DD80691",
53        "0F585FB1D0FDFBEBCE1FEB5E9DFFB6DA476B8C9B"
54      ]
55    }
56  ],
57  "app.window.shape": {
58    "channel": "stable",
59    "extension_types": ["platform_app"]
60  },
61  "audioCapture": [
62    {
63      "channel": "stable",
64      "extension_types": ["platform_app"]
65    },
66    {
67      "channel": "stable",
68      "extension_types": ["extension"],
69      "whitelist": [
70        // http://crbug.com/292856
71        "3F50C3A83839D9C76334BCE81CDEC06174F266AF",
72        "09FDCB5851B8F3378DB630D06E316076E89C95A6",
73        "39BE69F11F68E4EED080DA3DC2394F7885B7AFF9",
74        "FF78670081967CE21DB86A04AD94A0498F01E20A",
75        // Hotword component extension
76        "62CCAAD339E6451BBF97C4BBDF758E934A05AD0B"
77      ]
78    }
79  ],
80  "bluetoothPrivate": {
81    "channel": "stable",
82    "extension_types": ["platform_app"],
83    "platforms": ["chromeos", "win", "mac"],
84    "whitelist": [
85      "1C93BD3CF875F4A73C0B2A163BB8FBDA8B8B3D80",  // http://crbug.com/387169
86      "A3BC37E2148AC4E99BE4B16AF9D42DD1E592BBBE",  // http://crbug.com/387169
87      "E703483CEF33DEC18B4B6DD84B5C776FB9182BDB",  // http://crbug.com/387169
88      "307E96539209F95A1A8740C713E6998A73657D96",  // http://crbug.com/387169
89      "4F25792AF1AA7483936DE29C07806F203C7170A0",  // http://crbug.com/407693
90      "BD8781D757D830FC2E85470A1B6E8A718B7EE0D9",  // http://crbug.com/407693
91      "4AC2B6C63C6480D150DFDA13E4A5956EB1D0DDBB",  // http://crbug.com/407693
92      "81986D4F846CEDDDB962643FA501D1780DD441BB"   // http://crbug.com/407693
93    ]
94  },
95  "dns": [
96    {
97      "channel": "dev",
98      "extension_types": ["extension", "platform_app"]
99    },
100    {
101      "channel": "stable",
102      "extension_types": ["extension", "platform_app"],
103      "whitelist": [
104        "7AE714FFD394E073F0294CFA134C9F91DB5FBAA4",  // CCD Development
105        "C7DA3A55C2355F994D3FDDAD120B426A0DF63843",  // CCD Testing
106        "75E3CFFFC530582C583E4690EF97C70B9C8423B7"   // CCD Release
107      ]
108    }
109  ],
110  "externally_connectable.all_urls": {
111    "channel": "stable",
112    "extension_types": [
113      "extension", "hosted_app", "legacy_packaged_app", "platform_app"
114    ],
115    "whitelist": [
116      "54ECAB4579BDE8FDAF9B29ED335F9946EE504A52",  // Used in unit tests
117      "E24F1786D842E91E74C27929B0B3715A4689A473"   // http://crbug.com/417494
118    ]
119  },
120  "hid": [
121    {
122      "channel": "stable",
123      "extension_types": ["platform_app"]
124    },
125    {
126      "channel": "stable",
127      "extension_types": ["extension"],
128      "whitelist": [
129        "496B6890097EB6E19809ADEADD095A8721FBB2E0",  // FIDO U2F APIs
130        "E24F1786D842E91E74C27929B0B3715A4689A473"   // CryptoToken
131      ]
132    }
133  ],
134  "u2fDevices": [
135    {
136      "channel": "stable",
137      "extension_types": ["extension", "platform_app"],
138      "whitelist": [
139        "496B6890097EB6E19809ADEADD095A8721FBB2E0",  // FIDO U2F APIs
140        "E24F1786D842E91E74C27929B0B3715A4689A473",  // CryptoToken
141        "6F9E349A0561C78A0D3F41496FE521C5151C7F71",  // Security Key
142        "C06709A259378015404ED20F75C7D08547E0F10B"   // Security Key (dev)
143      ]
144    }
145  ],
146  "power": {
147    "channel": "stable",
148    "extension_types": [ "extension", "legacy_packaged_app", "platform_app" ]
149  },
150  // Note: runtime is not actually a permission, but some systems check these
151  // values to verify restrictions.
152  "runtime": {
153    "channel": "stable",
154    "extension_types": ["extension", "legacy_packaged_app", "platform_app"]
155  },
156  "serial": {
157    "channel": "stable",
158    "extension_types": ["platform_app"]
159  },
160  "socket": [
161    {
162      "channel": "stable",
163      "extension_types": ["platform_app"]
164    },
165    {
166      "channel": "stable",
167      "extension_types": ["extension"],
168      "whitelist": [
169        // The connectivity diagnostic utility is a component extension that is
170        // used to try to provide suggestions on how to fix connection issues.
171        // It should be the only non-app allowed to use the socket API.
172        "32A1BA997F8AB8DE29ED1BA94AAF00CF2A3FEFA7"
173      ]
174    }
175  ],
176  "storage": {
177    "channel": "stable",
178    "extension_types": ["extension", "legacy_packaged_app", "platform_app"],
179    "min_manifest_version": 2
180  },
181  "system.cpu": [
182    {
183      "channel": "stable",
184      "extension_types": ["extension", "legacy_packaged_app", "platform_app"]
185    },
186    {
187      "channel": "stable",
188      "extension_types": ["hosted_app"],
189      "whitelist": ["B44D08FD98F1523ED5837D78D0A606EA9D6206E5"]  // Web Store
190    }
191  ],
192  "system.memory": [
193    {
194      "channel": "stable",
195      "extension_types": ["extension", "legacy_packaged_app", "platform_app"]
196    },
197    {
198      "channel": "stable",
199      "extension_types": ["hosted_app"],
200      "whitelist": ["B44D08FD98F1523ED5837D78D0A606EA9D6206E5"]  // Web Store
201    }
202  ],
203  "system.network": [
204    {
205      "channel": "stable",
206      "extension_types": ["platform_app"]
207    },
208    {
209      "channel": "stable",
210      "extension_types": ["hosted_app"],
211      "whitelist": ["B44D08FD98F1523ED5837D78D0A606EA9D6206E5"]  // Web Store
212    }
213  ],
214  "system.storage": [
215    {
216      "channel": "stable",
217      "extension_types": ["extension", "legacy_packaged_app", "platform_app"]
218    },
219    {
220      "channel": "stable",
221      "extension_types": ["hosted_app"],
222      "whitelist": ["B44D08FD98F1523ED5837D78D0A606EA9D6206E5"]  // Web Store
223    }
224  ],
225  "system.display": [
226    {
227      "channel": "stable",
228      "extension_types": ["extension", "legacy_packaged_app", "platform_app"]
229    },
230    {
231      "channel": "stable",
232      "extension_types": ["hosted_app"],
233      "whitelist": ["B44D08FD98F1523ED5837D78D0A606EA9D6206E5"]  // Web Store
234    }
235  ],
236  "usb": [
237    {
238      "channel": "stable",
239      "extension_types": ["platform_app"]
240    },
241    {
242      "channel": "stable",
243      "extension_types": ["extension"],
244      "whitelist": [
245        "496B6890097EB6E19809ADEADD095A8721FBB2E0",  // FIDO U2F APIs
246        "E24F1786D842E91E74C27929B0B3715A4689A473"   // CryptoToken
247      ]
248    }
249  ],
250  "usbDevices": [
251    {
252      "channel": "stable",
253      "extension_types": ["platform_app"]
254    },
255    {
256      "channel": "stable",
257      "extension_types": ["extension"],
258      "whitelist": [
259        "496B6890097EB6E19809ADEADD095A8721FBB2E0",  // FIDO U2F APIs
260        "E24F1786D842E91E74C27929B0B3715A4689A473"   // CryptoToken
261      ]
262    }
263  ],
264  "videoCapture": [
265    {
266      "channel": "stable",
267      "extension_types": ["platform_app"]
268    },
269    {
270      "channel": "stable",
271      "extension_types": ["extension"],
272      "whitelist": [
273        // http://crbug.com/292856
274        "3F50C3A83839D9C76334BCE81CDEC06174F266AF",
275        "09FDCB5851B8F3378DB630D06E316076E89C95A6",
276        "A434B90223C3C52F2B69DB494736B63C612C774D"
277      ]
278    }
279  ],
280  "webview": [
281    {
282      "channel": "stable",
283      "extension_types": ["platform_app"]
284    },
285    {
286      // General support for webview in component extensions still in progress.
287      // Only allowed for whitelisted extensions until all the caveats are
288      // addressed. Tracked in crbug/285151.
289      "channel": "stable",
290      "extension_types": ["extension"],
291      "location": "component",
292      "whitelist": [
293        "D519188F86D9ACCEE0412007B227D9936EB9676B"  // GAIA Component Extension
294      ]
295    }
296  ]
297}
298