1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/common/extensions/permissions/chrome_api_permissions.h"
7 #include "extensions/common/permissions/api_permission.h"
8 #include "extensions/common/permissions/api_permission_set.h"
9 #include "extensions/common/permissions/media_galleries_permission.h"
10 #include "extensions/common/permissions/permission_message.h"
11 #include "extensions/common/permissions/permissions_info.h"
12 #include "grit/extensions_strings.h"
13 #include "grit/generated_resources.h"
15 namespace extensions {
19 const char kOldAlwaysOnTopWindowsPermission[] = "alwaysOnTopWindows";
20 const char kOldFullscreenPermission[] = "fullscreen";
21 const char kOldOverrideEscFullscreenPermission[] = "overrideEscFullscreen";
22 const char kOldUnlimitedStoragePermission[] = "unlimited_storage";
23 const char kWindowsPermission[] = "windows";
25 template<typename T> APIPermission* CreateAPIPermission(
26 const APIPermissionInfo* permission) {
27 return new T(permission);
32 std::vector<APIPermissionInfo*> ChromeAPIPermissions::GetAllPermissions()
34 APIPermissionInfo::InitInfo permissions_to_register[] = {
35 // Register permissions for all extension types.
36 {APIPermission::kBackground, "background"},
37 {APIPermission::kClipboardRead, "clipboardRead",
38 APIPermissionInfo::kFlagNone, IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD,
39 PermissionMessage::kClipboard},
40 {APIPermission::kClipboardWrite, "clipboardWrite"},
41 {APIPermission::kDeclarativeContent, "declarativeContent"},
42 {APIPermission::kDeclarativeWebRequest, "declarativeWebRequest",
43 APIPermissionInfo::kFlagNone,
44 IDS_EXTENSION_PROMPT_WARNING_DECLARATIVE_WEB_REQUEST,
45 PermissionMessage::kDeclarativeWebRequest},
46 {APIPermission::kDesktopCapture, "desktopCapture",
47 APIPermissionInfo::kFlagNone,
48 IDS_EXTENSION_PROMPT_WARNING_DESKTOP_CAPTURE,
49 PermissionMessage::kDesktopCapture},
50 {APIPermission::kDownloads, "downloads", APIPermissionInfo::kFlagNone,
51 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS, PermissionMessage::kDownloads},
52 {APIPermission::kDownloadsOpen, "downloads.open",
53 APIPermissionInfo::kFlagNone,
54 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS_OPEN,
55 PermissionMessage::kDownloadsOpen},
56 {APIPermission::kDownloadsShelf, "downloads.shelf"},
57 {APIPermission::kIdentity, "identity"},
58 {APIPermission::kIdentityEmail, "identity.email",
59 APIPermissionInfo::kFlagNone,
60 IDS_EXTENSION_PROMPT_WARNING_IDENTITY_EMAIL,
61 PermissionMessage::kIdentityEmail},
62 {APIPermission::kExperimental, "experimental",
63 APIPermissionInfo::kFlagCannotBeOptional},
64 // NOTE(kalman): this is provided by a manifest property but needs to
65 // appear in the install permission dialogue, so we need a fake
66 // permission for it. See http://crbug.com/247857.
67 {APIPermission::kWebConnectable, "webConnectable",
68 APIPermissionInfo::kFlagCannotBeOptional |
69 APIPermissionInfo::kFlagInternal,
70 IDS_EXTENSION_PROMPT_WARNING_WEB_CONNECTABLE,
71 PermissionMessage::kWebConnectable},
72 {APIPermission::kGeolocation, "geolocation",
73 APIPermissionInfo::kFlagCannotBeOptional,
74 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
75 PermissionMessage::kGeolocation},
76 {APIPermission::kNotification, "notifications"},
77 {APIPermission::kUnlimitedStorage, "unlimitedStorage",
78 APIPermissionInfo::kFlagCannotBeOptional},
79 {APIPermission::kGcdPrivate, "gcdPrivate"},
80 {APIPermission::kGcm, "gcm"},
82 // Register extension permissions.
83 {APIPermission::kAccessibilityFeaturesModify,
84 "accessibilityFeatures.modify", APIPermissionInfo::kFlagNone,
85 IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_MODIFY,
86 PermissionMessage::kAccessibilityFeaturesModify},
87 {APIPermission::kAccessibilityFeaturesRead, "accessibilityFeatures.read",
88 APIPermissionInfo::kFlagNone,
89 IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_READ,
90 PermissionMessage::kAccessibilityFeaturesRead},
91 {APIPermission::kAccessibilityPrivate, "accessibilityPrivate",
92 APIPermissionInfo::kFlagCannotBeOptional},
93 {APIPermission::kActiveTab, "activeTab"},
94 {APIPermission::kAlarms, "alarms"},
95 {APIPermission::kBookmark, "bookmarks", APIPermissionInfo::kFlagNone,
96 IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS, PermissionMessage::kBookmarks},
97 {APIPermission::kBrailleDisplayPrivate, "brailleDisplayPrivate",
98 APIPermissionInfo::kFlagCannotBeOptional},
99 {APIPermission::kBrowsingData, "browsingData"},
100 {APIPermission::kContentSettings, "contentSettings",
101 APIPermissionInfo::kFlagNone,
102 IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS,
103 PermissionMessage::kContentSettings},
104 {APIPermission::kContextMenus, "contextMenus"},
105 {APIPermission::kCookie, "cookies"},
106 {APIPermission::kEnterprisePlatformKeys, "enterprise.platformKeys"},
107 {APIPermission::kFileBrowserHandler, "fileBrowserHandler",
108 APIPermissionInfo::kFlagCannotBeOptional},
109 {APIPermission::kFontSettings, "fontSettings",
110 APIPermissionInfo::kFlagCannotBeOptional},
111 {APIPermission::kHistory, "history", APIPermissionInfo::kFlagNone,
112 IDS_EXTENSION_PROMPT_WARNING_HISTORY_WRITE,
113 PermissionMessage::kBrowsingHistory},
114 {APIPermission::kIdltest, "idltest"},
115 {APIPermission::kIdle, "idle"},
116 {APIPermission::kInfobars, "infobars"},
117 {APIPermission::kInput, "input", APIPermissionInfo::kFlagNone,
118 IDS_EXTENSION_PROMPT_WARNING_INPUT, PermissionMessage::kInput},
119 {APIPermission::kLedger, "ledger"},
120 {APIPermission::kLocation, "location",
121 APIPermissionInfo::kFlagCannotBeOptional,
122 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
123 PermissionMessage::kGeolocation},
124 {APIPermission::kManagement, "management", APIPermissionInfo::kFlagNone,
125 IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT, PermissionMessage::kManagement},
126 {APIPermission::kNativeMessaging, "nativeMessaging",
127 APIPermissionInfo::kFlagNone,
128 IDS_EXTENSION_PROMPT_WARNING_NATIVE_MESSAGING,
129 PermissionMessage::kNativeMessaging},
130 {APIPermission::kPower, "power"},
131 {APIPermission::kPrivacy, "privacy", APIPermissionInfo::kFlagNone,
132 IDS_EXTENSION_PROMPT_WARNING_PRIVACY, PermissionMessage::kPrivacy},
133 {APIPermission::kProcesses, "processes", APIPermissionInfo::kFlagNone,
134 IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ, PermissionMessage::kTabs},
135 {APIPermission::kSessions, "sessions"},
136 {APIPermission::kSignedInDevices, "signedInDevices",
137 APIPermissionInfo::kFlagNone,
138 IDS_EXTENSION_PROMPT_WARNING_SIGNED_IN_DEVICES,
139 PermissionMessage::kSignedInDevices},
140 {APIPermission::kSyncFileSystem, "syncFileSystem",
141 APIPermissionInfo::kFlagNone,
142 IDS_EXTENSION_PROMPT_WARNING_SYNCFILESYSTEM,
143 PermissionMessage::kSyncFileSystem},
144 {APIPermission::kTab, "tabs", APIPermissionInfo::kFlagNone,
145 IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ, PermissionMessage::kTabs},
146 {APIPermission::kTopSites, "topSites", APIPermissionInfo::kFlagNone,
147 IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ, PermissionMessage::kTabs},
148 {APIPermission::kTts, "tts", 0, APIPermissionInfo::kFlagCannotBeOptional},
149 {APIPermission::kTtsEngine, "ttsEngine",
150 APIPermissionInfo::kFlagCannotBeOptional,
151 IDS_EXTENSION_PROMPT_WARNING_TTS_ENGINE, PermissionMessage::kTtsEngine},
152 {APIPermission::kWallpaper, "wallpaper",
153 APIPermissionInfo::kFlagCannotBeOptional,
154 IDS_EXTENSION_PROMPT_WARNING_WALLPAPER, PermissionMessage::kWallpaper},
155 {APIPermission::kWebNavigation, "webNavigation",
156 APIPermissionInfo::kFlagNone, IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ,
157 PermissionMessage::kTabs},
158 {APIPermission::kWebRequest, "webRequest"},
159 {APIPermission::kWebRequestBlocking, "webRequestBlocking"},
160 {APIPermission::kWebView, "webview",
161 APIPermissionInfo::kFlagCannotBeOptional},
163 // Register private permissions.
164 {APIPermission::kScreenlockPrivate, "screenlockPrivate",
165 APIPermissionInfo::kFlagCannotBeOptional,
166 IDS_EXTENSION_PROMPT_WARNING_SCREENLOCK_PRIVATE,
167 PermissionMessage::kScreenlockPrivate},
168 {APIPermission::kActivityLogPrivate, "activityLogPrivate",
169 APIPermissionInfo::kFlagCannotBeOptional,
170 IDS_EXTENSION_PROMPT_WARNING_ACTIVITY_LOG_PRIVATE,
171 PermissionMessage::kActivityLogPrivate},
172 {APIPermission::kAutoTestPrivate, "autotestPrivate",
173 APIPermissionInfo::kFlagCannotBeOptional},
174 {APIPermission::kBookmarkManagerPrivate, "bookmarkManagerPrivate",
175 APIPermissionInfo::kFlagCannotBeOptional},
176 {APIPermission::kCast, "cast", APIPermissionInfo::kFlagCannotBeOptional},
177 {APIPermission::kChromeosInfoPrivate, "chromeosInfoPrivate",
178 APIPermissionInfo::kFlagCannotBeOptional},
179 {APIPermission::kCommandLinePrivate, "commandLinePrivate",
180 APIPermissionInfo::kFlagCannotBeOptional},
181 {APIPermission::kDeveloperPrivate, "developerPrivate",
182 APIPermissionInfo::kFlagCannotBeOptional},
183 {APIPermission::kDiagnostics, "diagnostics",
184 APIPermissionInfo::kFlagCannotBeOptional},
185 {APIPermission::kDial, "dial", APIPermissionInfo::kFlagCannotBeOptional},
186 {APIPermission::kDownloadsInternal, "downloadsInternal"},
187 {APIPermission::kFileBrowserHandlerInternal, "fileBrowserHandlerInternal",
188 APIPermissionInfo::kFlagCannotBeOptional},
189 {APIPermission::kFileBrowserPrivate, "fileBrowserPrivate",
190 APIPermissionInfo::kFlagCannotBeOptional},
191 {APIPermission::kHotwordPrivate, "hotwordPrivate",
192 APIPermissionInfo::kFlagCannotBeOptional},
193 {APIPermission::kIdentityPrivate, "identityPrivate",
194 APIPermissionInfo::kFlagCannotBeOptional},
195 {APIPermission::kLogPrivate, "logPrivate"},
196 {APIPermission::kWebcamPrivate, "webcamPrivate"},
197 {APIPermission::kNetworkingPrivate, "networkingPrivate",
198 APIPermissionInfo::kFlagCannotBeOptional,
199 IDS_EXTENSION_PROMPT_WARNING_NETWORKING_PRIVATE,
200 PermissionMessage::kNetworkingPrivate},
201 {APIPermission::kMediaPlayerPrivate, "mediaPlayerPrivate",
202 APIPermissionInfo::kFlagCannotBeOptional},
203 {APIPermission::kMetricsPrivate, "metricsPrivate",
204 APIPermissionInfo::kFlagCannotBeOptional},
205 {APIPermission::kMDns, "mdns", APIPermissionInfo::kFlagCannotBeOptional},
206 {APIPermission::kMusicManagerPrivate, "musicManagerPrivate",
207 APIPermissionInfo::kFlagCannotBeOptional,
208 IDS_EXTENSION_PROMPT_WARNING_MUSIC_MANAGER_PRIVATE,
209 PermissionMessage::kMusicManagerPrivate},
210 {APIPermission::kPreferencesPrivate, "preferencesPrivate",
211 APIPermissionInfo::kFlagCannotBeOptional},
212 {APIPermission::kSystemPrivate, "systemPrivate",
213 APIPermissionInfo::kFlagCannotBeOptional},
214 {APIPermission::kCloudPrintPrivate, "cloudPrintPrivate",
215 APIPermissionInfo::kFlagCannotBeOptional},
216 {APIPermission::kInputMethodPrivate, "inputMethodPrivate",
217 APIPermissionInfo::kFlagCannotBeOptional},
218 {APIPermission::kEchoPrivate, "echoPrivate",
219 APIPermissionInfo::kFlagCannotBeOptional},
220 {APIPermission::kFeedbackPrivate, "feedbackPrivate",
221 APIPermissionInfo::kFlagCannotBeOptional},
222 {APIPermission::kImageWriterPrivate, "imageWriterPrivate",
223 APIPermissionInfo::kFlagCannotBeOptional},
224 {APIPermission::kReadingListPrivate, "readingListPrivate",
225 APIPermissionInfo::kFlagCannotBeOptional},
226 {APIPermission::kRtcPrivate, "rtcPrivate",
227 APIPermissionInfo::kFlagCannotBeOptional},
228 {APIPermission::kSyncedNotificationsPrivate,
229 "syncedNotificationsPrivate"},
230 {APIPermission::kTerminalPrivate, "terminalPrivate",
231 APIPermissionInfo::kFlagCannotBeOptional},
232 {APIPermission::kVirtualKeyboardPrivate, "virtualKeyboardPrivate",
233 APIPermissionInfo::kFlagCannotBeOptional},
234 {APIPermission::kWallpaperPrivate, "wallpaperPrivate",
235 APIPermissionInfo::kFlagCannotBeOptional},
236 {APIPermission::kWebstorePrivate, "webstorePrivate",
237 APIPermissionInfo::kFlagCannotBeOptional},
238 {APIPermission::kMediaGalleriesPrivate, "mediaGalleriesPrivate",
239 APIPermissionInfo::kFlagCannotBeOptional},
240 {APIPermission::kStreamsPrivate, "streamsPrivate",
241 APIPermissionInfo::kFlagCannotBeOptional},
242 {APIPermission::kEnterprisePlatformKeysPrivate,
243 "enterprise.platformKeysPrivate",
244 APIPermissionInfo::kFlagCannotBeOptional},
245 {APIPermission::kWebrtcAudioPrivate, "webrtcAudioPrivate",
246 APIPermissionInfo::kFlagCannotBeOptional},
247 {APIPermission::kWebrtcLoggingPrivate, "webrtcLoggingPrivate",
248 APIPermissionInfo::kFlagCannotBeOptional},
249 {APIPermission::kPrincipalsPrivate, "principalsPrivate",
250 APIPermissionInfo::kFlagCannotBeOptional},
251 {APIPermission::kFirstRunPrivate, "firstRunPrivate",
252 APIPermissionInfo::kFlagCannotBeOptional},
253 {APIPermission::kBluetoothPrivate, "bluetoothPrivate",
254 APIPermissionInfo::kFlagCannotBeOptional,
255 IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH_PRIVATE,
256 PermissionMessage::kBluetoothPrivate},
258 // Full url access permissions.
259 {APIPermission::kDebugger, "debugger",
260 APIPermissionInfo::kFlagImpliesFullURLAccess |
261 APIPermissionInfo::kFlagCannotBeOptional,
262 IDS_EXTENSION_PROMPT_WARNING_DEBUGGER, PermissionMessage::kDebugger},
263 {APIPermission::kDevtools, "devtools",
264 APIPermissionInfo::kFlagImpliesFullURLAccess |
265 APIPermissionInfo::kFlagCannotBeOptional |
266 APIPermissionInfo::kFlagInternal},
267 {APIPermission::kPageCapture, "pageCapture",
268 APIPermissionInfo::kFlagImpliesFullURLAccess},
269 {APIPermission::kTabCapture, "tabCapture",
270 APIPermissionInfo::kFlagImpliesFullURLAccess},
271 {APIPermission::kTabCaptureForTab, "tabCaptureForTab",
272 APIPermissionInfo::kFlagInternal},
273 {APIPermission::kPlugin, "plugin",
274 APIPermissionInfo::kFlagImpliesFullURLAccess |
275 APIPermissionInfo::kFlagImpliesFullAccess |
276 APIPermissionInfo::kFlagCannotBeOptional |
277 APIPermissionInfo::kFlagInternal,
278 IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS,
279 PermissionMessage::kFullAccess},
280 {APIPermission::kProxy, "proxy",
281 APIPermissionInfo::kFlagImpliesFullURLAccess |
282 APIPermissionInfo::kFlagCannotBeOptional},
284 // Platform-app permissions.
285 {APIPermission::kSerial, "serial", APIPermissionInfo::kFlagNone,
286 IDS_EXTENSION_PROMPT_WARNING_SERIAL, PermissionMessage::kSerial},
287 {APIPermission::kAlwaysOnTopWindows, "app.window.alwaysOnTop"},
288 {APIPermission::kAudioCapture, "audioCapture",
289 APIPermissionInfo::kFlagNone, IDS_EXTENSION_PROMPT_WARNING_AUDIO_CAPTURE,
290 PermissionMessage::kAudioCapture},
291 {APIPermission::kVideoCapture, "videoCapture",
292 APIPermissionInfo::kFlagNone, IDS_EXTENSION_PROMPT_WARNING_VIDEO_CAPTURE,
293 PermissionMessage::kVideoCapture},
294 // The permission string for "fileSystem" is only shown when
295 // "write" or "directory" is present. Read-only access is only
296 // granted after the user has been shown a file or directory
297 // chooser dialog and selected a file or directory. Selecting
298 // the file or directory is considered consent to read it.
299 {APIPermission::kFileSystem, "fileSystem"},
300 {APIPermission::kFileSystemDirectory, "fileSystem.directory",
301 APIPermissionInfo::kFlagNone,
302 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_DIRECTORY,
303 PermissionMessage::kFileSystemDirectory},
304 {APIPermission::kFileSystemProvider, "fileSystemProvider"},
305 {APIPermission::kFileSystemRetainEntries, "fileSystem.retainEntries"},
306 {APIPermission::kFileSystemWrite, "fileSystem.write"},
307 {APIPermission::kFileSystemWriteDirectory, "fileSystem.writeDirectory",
308 APIPermissionInfo::kFlagNone,
309 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY,
310 PermissionMessage::kFileSystemWriteDirectory},
311 {APIPermission::kHid, "hid", APIPermissionInfo::kFlagNone,
312 IDS_EXTENSION_PROMPT_WARNING_HID, PermissionMessage::kHid},
313 // Because warning messages for the "mediaGalleries" permission
314 // vary based on the permissions parameters, no message ID or
315 // message text is specified here. The message ID and text used
316 // will be determined at run-time in the
317 // |MediaGalleriesPermission| class.
318 {APIPermission::kMediaGalleries, "mediaGalleries",
319 APIPermissionInfo::kFlagNone, 0, PermissionMessage::kNone,
320 &CreateAPIPermission<MediaGalleriesPermission>},
321 {APIPermission::kPushMessaging, "pushMessaging",
322 APIPermissionInfo::kFlagCannotBeOptional},
323 {APIPermission::kSystemCpu, "system.cpu"},
324 {APIPermission::kSystemMemory, "system.memory"},
325 {APIPermission::kSystemNetwork, "system.network"},
326 {APIPermission::kSystemDisplay, "system.display"},
327 {APIPermission::kSystemStorage, "system.storage"},
328 {APIPermission::kPointerLock, "pointerLock"},
329 {APIPermission::kFullscreen, "app.window.fullscreen"},
330 {APIPermission::kAudio, "audio"},
331 {APIPermission::kCastStreaming, "cast.streaming"},
332 {APIPermission::kOverrideEscFullscreen,
333 "app.window.fullscreen.overrideEsc"},
334 {APIPermission::kWindowShape, "app.window.shape"},
335 {APIPermission::kBrowser, "browser"},
337 // Settings override permissions.
338 {APIPermission::kHomepage, "homepage",
339 APIPermissionInfo::kFlagCannotBeOptional |
340 APIPermissionInfo::kFlagInternal,
341 IDS_EXTENSION_PROMPT_WARNING_HOME_PAGE_SETTING_OVERRIDE,
342 PermissionMessage::kHomepage},
343 {APIPermission::kSearchProvider, "searchProvider",
344 APIPermissionInfo::kFlagCannotBeOptional |
345 APIPermissionInfo::kFlagInternal,
346 IDS_EXTENSION_PROMPT_WARNING_SEARCH_SETTINGS_OVERRIDE,
347 PermissionMessage::kSearchProvider},
348 {APIPermission::kStartupPages, "startupPages",
349 APIPermissionInfo::kFlagCannotBeOptional |
350 APIPermissionInfo::kFlagInternal,
351 IDS_EXTENSION_PROMPT_WARNING_START_PAGE_SETTING_OVERRIDE,
352 PermissionMessage::kStartupPages},
355 std::vector<APIPermissionInfo*> permissions;
357 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(permissions_to_register); ++i)
358 permissions.push_back(new APIPermissionInfo(permissions_to_register[i]));
362 std::vector<PermissionsProvider::AliasInfo>
363 ChromeAPIPermissions::GetAllAliases() const {
365 std::vector<PermissionsProvider::AliasInfo> aliases;
366 aliases.push_back(PermissionsProvider::AliasInfo(
367 "app.window.alwaysOnTop", kOldAlwaysOnTopWindowsPermission));
368 aliases.push_back(PermissionsProvider::AliasInfo("app.window.fullscreen",
369 kOldFullscreenPermission));
371 PermissionsProvider::AliasInfo("app.window.fullscreen.overrideEsc",
372 kOldOverrideEscFullscreenPermission));
373 aliases.push_back(PermissionsProvider::AliasInfo(
374 "unlimitedStorage", kOldUnlimitedStoragePermission));
375 aliases.push_back(PermissionsProvider::AliasInfo(
376 "tabs", kWindowsPermission));
380 } // namespace extensions