summaryrefslogtreecommitdiff
path: root/chromium/extensions/common/permissions/permissions_data.h
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/extensions/common/permissions/permissions_data.h')
-rw-r--r--chromium/extensions/common/permissions/permissions_data.h267
1 files changed, 267 insertions, 0 deletions
diff --git a/chromium/extensions/common/permissions/permissions_data.h b/chromium/extensions/common/permissions/permissions_data.h
new file mode 100644
index 00000000000..bb8e51e9b78
--- /dev/null
+++ b/chromium/extensions/common/permissions/permissions_data.h
@@ -0,0 +1,267 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef EXTENSIONS_COMMON_PERMISSIONS_PERMISSIONS_DATA_H_
+#define EXTENSIONS_COMMON_PERMISSIONS_PERMISSIONS_DATA_H_
+
+#include <map>
+#include <string>
+#include <vector>
+
+#include "base/macros.h"
+#include "base/memory/ref_counted.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/strings/string16.h"
+#include "base/synchronization/lock.h"
+#include "base/threading/thread_checker.h"
+#include "extensions/common/manifest.h"
+#include "extensions/common/permissions/api_permission.h"
+#include "extensions/common/permissions/permission_message.h"
+#include "extensions/common/permissions/permission_set.h"
+
+class GURL;
+
+namespace extensions {
+class Extension;
+class URLPatternSet;
+
+// A container for the permissions state of an extension, including active,
+// withheld, and tab-specific permissions.
+// Thread-Safety: Since this is an object on the Extension object, *some* thread
+// safety is provided. All utility functions for checking if a permission is
+// present or an operation is allowed are thread-safe. However, permissions can
+// only be set (or updated) on the thread to which this object is bound.
+// Permissions may be accessed synchronously on that same thread.
+// Accessing on an improper thread will DCHECK().
+// This is necessary to prevent a scenario in which one thread will access
+// permissions while another thread changes them.
+class PermissionsData {
+ public:
+ // The possible types of access for a given frame.
+ enum AccessType {
+ ACCESS_DENIED, // The extension is not allowed to access the given page.
+ ACCESS_ALLOWED, // The extension is allowed to access the given page.
+ ACCESS_WITHHELD // The browser must determine if the extension can access
+ // the given page.
+ };
+
+ using TabPermissionsMap = std::map<int, scoped_ptr<const PermissionSet>>;
+
+ // Delegate class to allow different contexts (e.g. browser vs renderer) to
+ // have control over policy decisions.
+ class PolicyDelegate {
+ public:
+ virtual ~PolicyDelegate() {}
+
+ // Returns false if script access should be blocked on this page.
+ // Otherwise, default policy should decide.
+ virtual bool CanExecuteScriptOnPage(const Extension* extension,
+ const GURL& document_url,
+ int tab_id,
+ std::string* error) = 0;
+ };
+
+ static void SetPolicyDelegate(PolicyDelegate* delegate);
+
+ PermissionsData(const Extension* extension);
+ virtual ~PermissionsData();
+
+ // Returns true if the extension is a COMPONENT extension or is on the
+ // whitelist of extensions that can script all pages.
+ static bool CanExecuteScriptEverywhere(const Extension* extension);
+
+ // Returns true if we should skip the permissions warning for the extension
+ // with the given |extension_id|.
+ static bool ShouldSkipPermissionWarnings(const std::string& extension_id);
+
+ // Returns true if the given |url| is restricted for the given |extension|,
+ // as is commonly the case for chrome:// urls.
+ // NOTE: You probably want to use CanAccessPage().
+ static bool IsRestrictedUrl(const GURL& document_url,
+ const Extension* extension,
+ std::string* error);
+
+ // Locks the permissions data to the current thread. We don't do this on
+ // construction, since extensions are initialized across multiple threads.
+ void BindToCurrentThread() const;
+
+ // Sets the runtime permissions of the given |extension| to |active| and
+ // |withheld|.
+ void SetPermissions(scoped_ptr<const PermissionSet> active,
+ scoped_ptr<const PermissionSet> withheld) const;
+
+ // Sets the active permissions, leaving withheld the same.
+ void SetActivePermissions(scoped_ptr<const PermissionSet> active) const;
+
+ // Updates the tab-specific permissions of |tab_id| to include those from
+ // |permissions|.
+ void UpdateTabSpecificPermissions(int tab_id,
+ const PermissionSet& permissions) const;
+
+ // Clears the tab-specific permissions of |tab_id|.
+ void ClearTabSpecificPermissions(int tab_id) const;
+
+ // Returns true if the |extension| has the given |permission|. Prefer
+ // IsExtensionWithPermissionOrSuggestInConsole when developers may be using an
+ // api that requires a permission they didn't know about, e.g. open web apis.
+ // Note this does not include APIs with no corresponding permission, like
+ // "runtime" or "browserAction".
+ // TODO(mpcomplete): drop the "API" from these names, it's confusing.
+ bool HasAPIPermission(APIPermission::ID permission) const;
+ bool HasAPIPermission(const std::string& permission_name) const;
+ bool HasAPIPermissionForTab(int tab_id, APIPermission::ID permission) const;
+ bool CheckAPIPermissionWithParam(
+ APIPermission::ID permission,
+ const APIPermission::CheckParam* param) const;
+
+ // Returns the hosts this extension effectively has access to, including
+ // explicit and scriptable hosts, and any hosts on tabs the extension has
+ // active tab permissions for.
+ URLPatternSet GetEffectiveHostPermissions() const;
+
+ // TODO(rdevlin.cronin): HasHostPermission() and
+ // HasEffectiveAccessToAllHosts() are just forwards for the active
+ // permissions. We should either get rid of these, and have callers use
+ // active_permissions(), or should get rid of active_permissions(), and make
+ // callers use PermissionsData for everything. We should not do both.
+
+ // Whether the extension has access to the given |url|.
+ bool HasHostPermission(const GURL& url) const;
+
+ // Whether the extension has effective access to all hosts. This is true if
+ // there is a content script that matches all hosts, if there is a host
+ // permission grants access to all hosts (like <all_urls>) or an api
+ // permission that effectively grants access to all hosts (e.g. proxy,
+ // network, etc.)
+ bool HasEffectiveAccessToAllHosts() const;
+
+ // Returns the full list of permission details for messages that should
+ // display at install time, in a nested format ready for display.
+ PermissionMessages GetPermissionMessages() const;
+
+ // Returns true if the extension has requested all-hosts permissions (or
+ // something close to it), but has had it withheld.
+ bool HasWithheldImpliedAllHosts() const;
+
+ // Returns true if the |extension| has permission to access and interact with
+ // the specified page, in order to do things like inject scripts or modify
+ // the content.
+ // If this returns false and |error| is non-NULL, |error| will be popualted
+ // with the reason the extension cannot access the page.
+ bool CanAccessPage(const Extension* extension,
+ const GURL& document_url,
+ int tab_id,
+ std::string* error) const;
+ // Like CanAccessPage, but also takes withheld permissions into account.
+ // TODO(rdevlin.cronin) We shouldn't have two functions, but not all callers
+ // know how to wait for permission.
+ AccessType GetPageAccess(const Extension* extension,
+ const GURL& document_url,
+ int tab_id,
+ std::string* error) const;
+
+ // Returns true if the |extension| has permission to inject a content script
+ // on the page.
+ // If this returns false and |error| is non-NULL, |error| will be popualted
+ // with the reason the extension cannot script the page.
+ // NOTE: You almost certainly want to use CanAccessPage() instead of this
+ // method.
+ bool CanRunContentScriptOnPage(const Extension* extension,
+ const GURL& document_url,
+ int tab_id,
+ std::string* error) const;
+ // Like CanRunContentScriptOnPage, but also takes withheld permissions into
+ // account.
+ // TODO(rdevlin.cronin) We shouldn't have two functions, but not all callers
+ // know how to wait for permission.
+ AccessType GetContentScriptAccess(const Extension* extension,
+ const GURL& document_url,
+ int tab_id,
+ std::string* error) const;
+
+ // Returns true if extension is allowed to obtain the contents of a page as
+ // an image. Since a page may contain sensitive information, this is
+ // restricted to the extension's host permissions as well as the extension
+ // page itself.
+ bool CanCaptureVisiblePage(int tab_id, std::string* error) const;
+
+ const TabPermissionsMap& tab_specific_permissions() const {
+ DCHECK(!thread_checker_ || thread_checker_->CalledOnValidThread());
+ return tab_specific_permissions_;
+ }
+
+ const PermissionSet& active_permissions() const {
+ DCHECK(!thread_checker_ || thread_checker_->CalledOnValidThread());
+ return *active_permissions_unsafe_;
+ }
+
+ const PermissionSet& withheld_permissions() const {
+ DCHECK(!thread_checker_ || thread_checker_->CalledOnValidThread());
+ return *withheld_permissions_unsafe_;
+ }
+
+#if defined(UNIT_TEST)
+ const PermissionSet* GetTabSpecificPermissionsForTesting(int tab_id) const {
+ base::AutoLock auto_lock(runtime_lock_);
+ return GetTabSpecificPermissions(tab_id);
+ }
+#endif
+
+ private:
+ // Gets the tab-specific host permissions of |tab_id|, or NULL if there
+ // aren't any.
+ // Must be called with |runtime_lock_| acquired.
+ const PermissionSet* GetTabSpecificPermissions(int tab_id) const;
+
+ // Returns true if the |extension| has tab-specific permission to operate on
+ // the tab specified by |tab_id| with the given |url|.
+ // Note that if this returns false, it doesn't mean the extension can't run on
+ // the given tab, only that it does not have tab-specific permission to do so.
+ // Must be called with |runtime_lock_| acquired.
+ bool HasTabSpecificPermissionToExecuteScript(int tab_id,
+ const GURL& url) const;
+
+ // Returns whether or not the extension is permitted to run on the given page,
+ // checking against |permitted_url_patterns| in addition to blocking special
+ // sites (like the webstore or chrome:// urls).
+ // Must be called with |runtime_lock_| acquired.
+ AccessType CanRunOnPage(const Extension* extension,
+ const GURL& document_url,
+ int tab_id,
+ const URLPatternSet& permitted_url_patterns,
+ const URLPatternSet& withheld_url_patterns,
+ std::string* error) const;
+
+ // The associated extension's id.
+ std::string extension_id_;
+
+ // The associated extension's manifest type.
+ Manifest::Type manifest_type_;
+
+ mutable base::Lock runtime_lock_;
+
+ // The permission's which are currently active on the extension during
+ // runtime.
+ // Unsafe indicates that we must lock anytime this is directly accessed.
+ // Unless you need to change |active_permissions_unsafe_|, use the (safe)
+ // active_permissions() accessor.
+ mutable scoped_ptr<const PermissionSet> active_permissions_unsafe_;
+
+ // The permissions the extension requested, but was not granted due because
+ // they are too powerful. This includes things like all_hosts.
+ // Unsafe indicates that we must lock anytime this is directly accessed.
+ // Unless you need to change |withheld_permissions_unsafe_|, use the (safe)
+ // withheld_permissions() accessor.
+ mutable scoped_ptr<const PermissionSet> withheld_permissions_unsafe_;
+
+ mutable TabPermissionsMap tab_specific_permissions_;
+
+ mutable scoped_ptr<base::ThreadChecker> thread_checker_;
+
+ DISALLOW_COPY_AND_ASSIGN(PermissionsData);
+};
+
+} // namespace extensions
+
+#endif // EXTENSIONS_COMMON_PERMISSIONS_PERMISSIONS_DATA_H_
View Lorry Controller Status