1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/common/extensions/permissions/chrome_api_permissions.h"
7 #include "chrome/common/extensions/permissions/media_galleries_permission.h"
8 #include "chrome/common/extensions/permissions/socket_permission.h"
9 #include "chrome/common/extensions/permissions/usb_device_permission.h"
10 #include "extensions/common/permissions/api_permission.h"
11 #include "extensions/common/permissions/api_permission_set.h"
12 #include "extensions/common/permissions/permission_message.h"
13 #include "extensions/common/permissions/permissions_info.h"
14 #include "grit/generated_resources.h"
16 namespace extensions {
20 const char kOldUnlimitedStoragePermission[] = "unlimited_storage";
21 const char kWindowsPermission[] = "windows";
23 template<typename T> APIPermission* CreateAPIPermission(
24 const APIPermissionInfo* permission) {
25 return new T(permission);
30 std::vector<APIPermissionInfo*> ChromeAPIPermissions::GetAllPermissions()
32 struct PermissionRegistration {
37 PermissionMessage::ID message_id;
38 APIPermissionInfo::APIPermissionConstructor constructor;
39 } PermissionsToRegister[] = {
40 // Register permissions for all extension types.
41 { APIPermission::kBackground, "background" },
42 { APIPermission::kClipboardRead, "clipboardRead",
43 APIPermissionInfo::kFlagNone,
44 IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD,
45 PermissionMessage::kClipboard },
46 { APIPermission::kClipboardWrite, "clipboardWrite" },
47 { APIPermission::kDeclarativeContent, "declarativeContent" },
48 { APIPermission::kDeclarativeWebRequest, "declarativeWebRequest",
49 APIPermissionInfo::kFlagNone,
50 IDS_EXTENSION_PROMPT_WARNING_DECLARATIVE_WEB_REQUEST,
51 PermissionMessage::kDeclarativeWebRequest },
52 { APIPermission::kDesktopCapture, "desktopCapture",
53 APIPermissionInfo::kFlagNone,
54 IDS_EXTENSION_PROMPT_WARNING_DESKTOP_CAPTURE,
55 PermissionMessage::kDesktopCapture },
56 { APIPermission::kDns, "dns" },
57 { APIPermission::kDownloads, "downloads", APIPermissionInfo::kFlagNone,
58 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS,
59 PermissionMessage::kDownloads },
60 { APIPermission::kDownloadsOpen, "downloads.open",
61 APIPermissionInfo::kFlagNone,
62 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS_OPEN,
63 PermissionMessage::kDownloadsOpen },
64 { APIPermission::kDownloadsShelf, "downloads.shelf" },
65 { APIPermission::kIdentity, "identity" },
66 { APIPermission::kExperimental, "experimental",
67 APIPermissionInfo::kFlagCannotBeOptional },
68 // NOTE(kalman): this is provided by a manifest property but needs to
69 // appear in the install permission dialogue, so we need a fake
70 // permission for it. See http://crbug.com/247857.
71 { APIPermission::kWebConnectable, "webConnectable",
72 APIPermissionInfo::kFlagCannotBeOptional |
73 APIPermissionInfo::kFlagInternal,
74 IDS_EXTENSION_PROMPT_WARNING_WEB_CONNECTABLE,
75 PermissionMessage::kWebConnectable},
76 { APIPermission::kGeolocation, "geolocation",
77 APIPermissionInfo::kFlagCannotBeOptional,
78 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
79 PermissionMessage::kGeolocation },
80 { APIPermission::kNotification, "notifications" },
81 { APIPermission::kUnlimitedStorage, "unlimitedStorage",
82 APIPermissionInfo::kFlagCannotBeOptional },
83 { APIPermission::kGcm, "gcm" },
85 // Register extension permissions.
86 { APIPermission::kActiveTab, "activeTab" },
87 { APIPermission::kAdView, "adview" },
88 { APIPermission::kAlarms, "alarms" },
89 { APIPermission::kBookmark, "bookmarks", APIPermissionInfo::kFlagNone,
90 IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS,
91 PermissionMessage::kBookmarks },
92 { APIPermission::kBrailleDisplayPrivate, "brailleDisplayPrivate",
93 APIPermissionInfo::kFlagCannotBeOptional },
94 { APIPermission::kBrowsingData, "browsingData" },
95 { APIPermission::kContentSettings, "contentSettings",
96 APIPermissionInfo::kFlagNone,
97 IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS,
98 PermissionMessage::kContentSettings },
99 { APIPermission::kContextMenus, "contextMenus" },
100 { APIPermission::kCookie, "cookies" },
101 { APIPermission::kFileBrowserHandler, "fileBrowserHandler",
102 APIPermissionInfo::kFlagCannotBeOptional },
103 { APIPermission::kFontSettings, "fontSettings",
104 APIPermissionInfo::kFlagCannotBeOptional },
105 { APIPermission::kHistory, "history", APIPermissionInfo::kFlagNone,
106 IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY,
107 PermissionMessage::kBrowsingHistory },
108 { APIPermission::kIdltest, "idltest" },
109 { APIPermission::kIdle, "idle" },
110 { APIPermission::kInfobars, "infobars" },
111 { APIPermission::kInput, "input", APIPermissionInfo::kFlagNone,
112 IDS_EXTENSION_PROMPT_WARNING_INPUT,
113 PermissionMessage::kInput },
114 { APIPermission::kLocation, "location",
115 APIPermissionInfo::kFlagCannotBeOptional,
116 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
117 PermissionMessage::kGeolocation },
118 { APIPermission::kManagement, "management", APIPermissionInfo::kFlagNone,
119 IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT,
120 PermissionMessage::kManagement },
121 { APIPermission::kNativeMessaging, "nativeMessaging",
122 APIPermissionInfo::kFlagNone,
123 IDS_EXTENSION_PROMPT_WARNING_NATIVE_MESSAGING,
124 PermissionMessage::kNativeMessaging },
125 { APIPermission::kPower, "power", },
126 { APIPermission::kPrivacy, "privacy", APIPermissionInfo::kFlagNone,
127 IDS_EXTENSION_PROMPT_WARNING_PRIVACY,
128 PermissionMessage::kPrivacy },
129 { APIPermission::kProcesses, "processes", APIPermissionInfo::kFlagNone,
130 IDS_EXTENSION_PROMPT_WARNING_TABS,
131 PermissionMessage::kTabs },
132 { APIPermission::kSessions, "sessions" },
133 { APIPermission::kSignedInDevices, "signedInDevices",
134 APIPermissionInfo::kFlagNone,
135 IDS_EXTENSION_PROMPT_WARNING_SIGNED_IN_DEVICES,
136 PermissionMessage::kSignedInDevices },
137 { APIPermission::kStorage, "storage" },
138 { APIPermission::kSyncFileSystem, "syncFileSystem",
139 APIPermissionInfo::kFlagNone,
140 IDS_EXTENSION_PROMPT_WARNING_SYNCFILESYSTEM,
141 PermissionMessage::kSyncFileSystem },
142 { APIPermission::kTab, "tabs", APIPermissionInfo::kFlagNone,
143 IDS_EXTENSION_PROMPT_WARNING_TABS,
144 PermissionMessage::kTabs },
145 { APIPermission::kTopSites, "topSites", APIPermissionInfo::kFlagNone,
146 IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY,
147 PermissionMessage::kBrowsingHistory },
148 { APIPermission::kTts, "tts", 0, APIPermissionInfo::kFlagCannotBeOptional },
149 { APIPermission::kTtsEngine, "ttsEngine",
150 APIPermissionInfo::kFlagCannotBeOptional,
151 IDS_EXTENSION_PROMPT_WARNING_TTS_ENGINE,
152 PermissionMessage::kTtsEngine },
153 { APIPermission::kWallpaper, "wallpaper",
154 APIPermissionInfo::kFlagCannotBeOptional,
155 IDS_EXTENSION_PROMPT_WARNING_WALLPAPER,
156 PermissionMessage::kWallpaper },
157 { APIPermission::kWebNavigation, "webNavigation",
158 APIPermissionInfo::kFlagNone,
159 IDS_EXTENSION_PROMPT_WARNING_TABS, PermissionMessage::kTabs },
160 { APIPermission::kWebRequest, "webRequest" },
161 { APIPermission::kWebRequestBlocking, "webRequestBlocking" },
162 { APIPermission::kWebView, "webview",
163 APIPermissionInfo::kFlagCannotBeOptional },
165 // Register private permissions.
166 { APIPermission::kScreenlockPrivate, "screenlockPrivate",
167 APIPermissionInfo::kFlagCannotBeOptional,
168 IDS_EXTENSION_PROMPT_WARNING_SCREENLOCK_PRIVATE,
169 PermissionMessage::kScreenlockPrivate },
170 { APIPermission::kActivityLogPrivate, "activityLogPrivate",
171 APIPermissionInfo::kFlagCannotBeOptional,
172 IDS_EXTENSION_PROMPT_WARNING_ACTIVITY_LOG_PRIVATE,
173 PermissionMessage::kActivityLogPrivate },
174 { APIPermission::kAutoTestPrivate, "autotestPrivate",
175 APIPermissionInfo::kFlagCannotBeOptional },
176 { APIPermission::kBookmarkManagerPrivate, "bookmarkManagerPrivate",
177 APIPermissionInfo::kFlagCannotBeOptional },
178 { APIPermission::kCast, "cast",
179 APIPermissionInfo::kFlagCannotBeOptional },
180 { APIPermission::kChromeosInfoPrivate, "chromeosInfoPrivate",
181 APIPermissionInfo::kFlagCannotBeOptional },
182 { APIPermission::kCommandLinePrivate, "commandLinePrivate",
183 APIPermissionInfo::kFlagCannotBeOptional },
184 { APIPermission::kDeveloperPrivate, "developerPrivate",
185 APIPermissionInfo::kFlagCannotBeOptional },
186 { APIPermission::kDiagnostics, "diagnostics",
187 APIPermissionInfo::kFlagCannotBeOptional },
188 { APIPermission::kDial, "dial", APIPermissionInfo::kFlagCannotBeOptional },
189 { APIPermission::kDownloadsInternal, "downloadsInternal" },
190 { APIPermission::kFileBrowserHandlerInternal, "fileBrowserHandlerInternal",
191 APIPermissionInfo::kFlagCannotBeOptional },
192 { APIPermission::kFileBrowserPrivate, "fileBrowserPrivate",
193 APIPermissionInfo::kFlagCannotBeOptional },
194 { APIPermission::kHotwordPrivate, "hotwordPrivate",
195 APIPermissionInfo::kFlagCannotBeOptional },
196 { APIPermission::kIdentityPrivate, "identityPrivate",
197 APIPermissionInfo::kFlagCannotBeOptional },
198 { APIPermission::kLogPrivate, "logPrivate"},
199 { APIPermission::kNetworkingPrivate, "networkingPrivate",
200 APIPermissionInfo::kFlagCannotBeOptional,
201 IDS_EXTENSION_PROMPT_WARNING_NETWORKING_PRIVATE,
202 PermissionMessage::kNetworkingPrivate },
203 { APIPermission::kMediaPlayerPrivate, "mediaPlayerPrivate",
204 APIPermissionInfo::kFlagCannotBeOptional },
205 { APIPermission::kMetricsPrivate, "metricsPrivate",
206 APIPermissionInfo::kFlagCannotBeOptional },
207 { APIPermission::kMDns, "mdns", APIPermissionInfo::kFlagCannotBeOptional },
208 { APIPermission::kMusicManagerPrivate, "musicManagerPrivate",
209 APIPermissionInfo::kFlagCannotBeOptional,
210 IDS_EXTENSION_PROMPT_WARNING_MUSIC_MANAGER_PRIVATE,
211 PermissionMessage::kMusicManagerPrivate },
212 { APIPermission::kPreferencesPrivate, "preferencesPrivate",
213 APIPermissionInfo::kFlagCannotBeOptional },
214 { APIPermission::kSystemPrivate, "systemPrivate",
215 APIPermissionInfo::kFlagCannotBeOptional },
216 { APIPermission::kCloudPrintPrivate, "cloudPrintPrivate",
217 APIPermissionInfo::kFlagCannotBeOptional },
218 { APIPermission::kInputMethodPrivate, "inputMethodPrivate",
219 APIPermissionInfo::kFlagCannotBeOptional },
220 { APIPermission::kEchoPrivate, "echoPrivate",
221 APIPermissionInfo::kFlagCannotBeOptional },
222 { APIPermission::kFeedbackPrivate, "feedbackPrivate",
223 APIPermissionInfo::kFlagCannotBeOptional },
224 { APIPermission::kImageWriterPrivate, "imageWriterPrivate",
225 APIPermissionInfo::kFlagCannotBeOptional },
226 { APIPermission::kReadingListPrivate, "readingListPrivate",
227 APIPermissionInfo::kFlagCannotBeOptional },
228 { APIPermission::kRtcPrivate, "rtcPrivate",
229 APIPermissionInfo::kFlagCannotBeOptional },
230 { APIPermission::kTerminalPrivate, "terminalPrivate",
231 APIPermissionInfo::kFlagCannotBeOptional },
232 { APIPermission::kVirtualKeyboardPrivate, "virtualKeyboardPrivate",
233 APIPermissionInfo::kFlagCannotBeOptional },
234 { APIPermission::kWallpaperPrivate, "wallpaperPrivate",
235 APIPermissionInfo::kFlagCannotBeOptional },
236 { APIPermission::kWebRequestInternal, "webRequestInternal" },
237 { APIPermission::kWebstorePrivate, "webstorePrivate",
238 APIPermissionInfo::kFlagCannotBeOptional },
239 { APIPermission::kMediaGalleriesPrivate, "mediaGalleriesPrivate",
240 APIPermissionInfo::kFlagCannotBeOptional },
241 { APIPermission::kStreamsPrivate, "streamsPrivate",
242 APIPermissionInfo::kFlagCannotBeOptional },
243 { APIPermission::kEnterprisePlatformKeysPrivate,
244 "enterprise.platformKeysPrivate",
245 APIPermissionInfo::kFlagCannotBeOptional },
246 { APIPermission::kWebrtcAudioPrivate, "webrtcAudioPrivate",
247 APIPermissionInfo::kFlagCannotBeOptional },
248 { APIPermission::kWebrtcLoggingPrivate, "webrtcLoggingPrivate",
249 APIPermissionInfo::kFlagCannotBeOptional },
250 { APIPermission::kPrincipalsPrivate, "principalsPrivate",
251 APIPermissionInfo::kFlagCannotBeOptional },
252 { APIPermission::kFirstRunPrivate, "firstRunPrivate",
253 APIPermissionInfo::kFlagCannotBeOptional},
255 // Full url access permissions.
256 { APIPermission::kDebugger, "debugger",
257 APIPermissionInfo::kFlagImpliesFullURLAccess |
258 APIPermissionInfo::kFlagCannotBeOptional,
259 IDS_EXTENSION_PROMPT_WARNING_DEBUGGER,
260 PermissionMessage::kDebugger },
261 { APIPermission::kDevtools, "devtools",
262 APIPermissionInfo::kFlagImpliesFullURLAccess |
263 APIPermissionInfo::kFlagCannotBeOptional |
264 APIPermissionInfo::kFlagInternal },
265 { APIPermission::kPageCapture, "pageCapture",
266 APIPermissionInfo::kFlagImpliesFullURLAccess },
267 { APIPermission::kTabCapture, "tabCapture",
268 APIPermissionInfo::kFlagImpliesFullURLAccess },
269 { APIPermission::kTabCaptureForTab, "tabCaptureForTab",
270 APIPermissionInfo::kFlagInternal },
271 { APIPermission::kPlugin, "plugin",
272 APIPermissionInfo::kFlagImpliesFullURLAccess |
273 APIPermissionInfo::kFlagImpliesFullAccess |
274 APIPermissionInfo::kFlagCannotBeOptional |
275 APIPermissionInfo::kFlagInternal,
276 IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS,
277 PermissionMessage::kFullAccess },
278 { APIPermission::kProxy, "proxy",
279 APIPermissionInfo::kFlagImpliesFullURLAccess |
280 APIPermissionInfo::kFlagCannotBeOptional },
282 // Platform-app permissions.
283 { APIPermission::kSerial, "serial", APIPermissionInfo::kFlagNone,
284 IDS_EXTENSION_PROMPT_WARNING_SERIAL,
285 PermissionMessage::kSerial },
286 // Because warning messages for the "socket" permission vary based on the
287 // permissions parameters, no message ID or message text is specified here.
288 // The message ID and text used will be determined at run-time in the
289 // |SocketPermission| class.
290 { APIPermission::kSocket, "socket",
291 APIPermissionInfo::kFlagCannotBeOptional, 0,
292 PermissionMessage::kNone, &CreateAPIPermission<SocketPermission> },
293 { APIPermission::kAlwaysOnTopWindows, "alwaysOnTopWindows" },
294 { APIPermission::kAudioCapture, "audioCapture",
295 APIPermissionInfo::kFlagNone,
296 IDS_EXTENSION_PROMPT_WARNING_AUDIO_CAPTURE,
297 PermissionMessage::kAudioCapture },
298 { APIPermission::kVideoCapture, "videoCapture",
299 APIPermissionInfo::kFlagNone,
300 IDS_EXTENSION_PROMPT_WARNING_VIDEO_CAPTURE,
301 PermissionMessage::kVideoCapture },
302 // The permission string for "fileSystem" is only shown when "write" or
303 // "directory" is present. Read-only access is only granted after the user
304 // has been shown a file or directory chooser dialog and selected a file or
305 // directory . Selecting the file or directory is considered consent to
307 { APIPermission::kFileSystem, "fileSystem" },
308 { APIPermission::kFileSystemDirectory, "fileSystem.directory",
309 APIPermissionInfo::kFlagNone,
310 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_DIRECTORY,
311 PermissionMessage::kFileSystemDirectory },
312 { APIPermission::kFileSystemProvider, "fileSystemProvider" },
313 { APIPermission::kFileSystemRetainEntries, "fileSystem.retainEntries" },
314 { APIPermission::kFileSystemWrite, "fileSystem.write",
315 APIPermissionInfo::kFlagNone,
316 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE,
317 PermissionMessage::kFileSystemWrite },
318 { APIPermission::kFileSystemWriteDirectory, "fileSystem.writeDirectory",
319 APIPermissionInfo::kFlagNone,
320 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY,
321 PermissionMessage::kFileSystemWriteDirectory },
322 { APIPermission::kHid, "hid", APIPermissionInfo::kFlagNone,
323 IDS_EXTENSION_PROMPT_WARNING_HID,
324 PermissionMessage::kHid },
325 // Because warning messages for the "mediaGalleries" permission vary based
326 // on the permissions parameters, no message ID or message text is
328 // The message ID and text used will be determined at run-time in the
329 // |MediaGalleriesPermission| class.
330 { APIPermission::kMediaGalleries, "mediaGalleries",
331 APIPermissionInfo::kFlagNone, 0,
332 PermissionMessage::kNone,
333 &CreateAPIPermission<MediaGalleriesPermission> },
334 { APIPermission::kPushMessaging, "pushMessaging",
335 APIPermissionInfo::kFlagCannotBeOptional },
336 { APIPermission::kUsb, "usb", APIPermissionInfo::kFlagNone,
337 IDS_EXTENSION_PROMPT_WARNING_USB,
338 PermissionMessage::kUsb },
339 { APIPermission::kUsbDevice, "usbDevices",
340 APIPermissionInfo::kFlagNone, 0, PermissionMessage::kNone,
341 &CreateAPIPermission<UsbDevicePermission> },
342 { APIPermission::kSystemIndicator, "systemIndicator",
343 APIPermissionInfo::kFlagNone,
344 IDS_EXTENSION_PROMPT_WARNING_SYSTEM_INDICATOR,
345 PermissionMessage::kSystemIndicator },
346 { APIPermission::kSystemCpu, "system.cpu" },
347 { APIPermission::kSystemMemory, "system.memory" },
348 { APIPermission::kSystemNetwork, "system.network" },
349 { APIPermission::kSystemDisplay, "system.display" },
350 { APIPermission::kSystemStorage, "system.storage" },
351 { APIPermission::kPointerLock, "pointerLock" },
352 { APIPermission::kFullscreen, "fullscreen" },
353 { APIPermission::kAudio, "audio" },
354 { APIPermission::kCastStreaming, "cast.streaming" },
355 { APIPermission::kOverrideEscFullscreen, "overrideEscFullscreen" },
357 // Settings override permissions.
358 { APIPermission::kHomepage, "homepage",
359 APIPermissionInfo::kFlagCannotBeOptional |
360 APIPermissionInfo::kFlagInternal,
361 IDS_EXTENSION_PROMPT_WARNING_HOME_PAGE_SETTING_OVERRIDE,
362 PermissionMessage::kHomepage },
363 { APIPermission::kSearchProvider, "searchProvider",
364 APIPermissionInfo::kFlagCannotBeOptional |
365 APIPermissionInfo::kFlagInternal,
366 IDS_EXTENSION_PROMPT_WARNING_SEARCH_SETTINGS_OVERRIDE,
367 PermissionMessage::kSearchProvider },
368 { APIPermission::kStartupPages, "startupPages",
369 APIPermissionInfo::kFlagCannotBeOptional |
370 APIPermissionInfo::kFlagInternal,
371 IDS_EXTENSION_PROMPT_WARNING_START_PAGE_SETTING_OVERRIDE,
372 PermissionMessage::kStartupPages },
375 std::vector<APIPermissionInfo*> permissions;
377 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(PermissionsToRegister); ++i) {
378 const PermissionRegistration& pr = PermissionsToRegister[i];
379 permissions.push_back(new APIPermissionInfo(
380 pr.id, pr.name, pr.l10n_message_id,
381 pr.message_id ? pr.message_id : PermissionMessage::kNone,
388 std::vector<PermissionsProvider::AliasInfo>
389 ChromeAPIPermissions::GetAllAliases() const {
391 std::vector<PermissionsProvider::AliasInfo> aliases;
392 aliases.push_back(PermissionsProvider::AliasInfo(
393 "unlimitedStorage", kOldUnlimitedStoragePermission));
394 aliases.push_back(PermissionsProvider::AliasInfo(
395 "tabs", kWindowsPermission));
399 } // namespace extensions