1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_PERMISSIONS_DATA_H_
6 #define EXTENSIONS_COMMON_PERMISSIONS_PERMISSIONS_DATA_H_
12 #include "base/memory/ref_counted.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/strings/string16.h"
15 #include "base/synchronization/lock.h"
16 #include "extensions/common/extension.h"
17 #include "extensions/common/manifest.h"
18 #include "extensions/common/permissions/api_permission.h"
19 #include "extensions/common/permissions/permission_message.h"
20 #include "extensions/common/permissions/permission_set.h"
24 namespace extensions {
31 // A container for the active permissions of an extension.
32 // TODO(rdevlin.cronin): For the love of everything good, rename this class to
33 // ActivePermissions. We do *not* need PermissionsParser, PermissionSet,
34 // PermissionInfo, and PermissionsData. No one will be able to keep them
36 class PermissionsData {
38 // Delegate class to allow different contexts (e.g. browser vs renderer) to
39 // have control over policy decisions.
40 class PolicyDelegate {
42 virtual ~PolicyDelegate() {}
44 // Returns false if script access should be blocked on this page.
45 // Otherwise, default policy should decide.
46 virtual bool CanExecuteScriptOnPage(const Extension* extension,
47 const GURL& document_url,
48 const GURL& top_document_url,
51 std::string* error) = 0;
54 static void SetPolicyDelegate(PolicyDelegate* delegate);
56 PermissionsData(const Extension* extension);
57 virtual ~PermissionsData();
59 // Returns true if the |extension| can silently increase its permission level.
60 // Users must approve permissions for unpacked and packed extensions in the
61 // following situations:
62 // - when installing or upgrading packed extensions
63 // - when installing unpacked extensions that have NPAPI plugins
64 // - when either type of extension requests optional permissions
65 static bool CanSilentlyIncreasePermissions(const Extension* extension);
67 // Returns true if the extension is a COMPONENT extension or is on the
68 // whitelist of extensions that can script all pages.
69 static bool CanExecuteScriptEverywhere(const Extension* extension);
71 // Returns true if we should skip the permisisons warning for the extension
72 // with the given |extension_id|.
73 static bool ShouldSkipPermissionWarnings(const std::string& extension_id);
75 // Returns true if the given |url| is restricted for the given |extension|,
76 // as is commonly the case for chrome:// urls.
77 // NOTE: You probably want to use CanAccessPage().
78 static bool IsRestrictedUrl(const GURL& document_url,
79 const GURL& top_frame_url,
80 const Extension* extension,
83 // Sets the runtime permissions of the given |extension| to |permissions|.
84 void SetActivePermissions(const PermissionSet* active) const;
86 // Updates the tab-specific permissions of |tab_id| to include those from
88 void UpdateTabSpecificPermissions(
90 scoped_refptr<const PermissionSet> permissions) const;
92 // Clears the tab-specific permissions of |tab_id|.
93 void ClearTabSpecificPermissions(int tab_id) const;
95 // Returns true if the |extension| has the given |permission|. Prefer
96 // IsExtensionWithPermissionOrSuggestInConsole when developers may be using an
97 // api that requires a permission they didn't know about, e.g. open web apis.
98 // Note this does not include APIs with no corresponding permission, like
99 // "runtime" or "browserAction".
100 // TODO(mpcomplete): drop the "API" from these names, it's confusing.
101 bool HasAPIPermission(APIPermission::ID permission) const;
102 bool HasAPIPermission(const std::string& permission_name) const;
103 bool HasAPIPermissionForTab(int tab_id, APIPermission::ID permission) const;
104 bool CheckAPIPermissionWithParam(
105 APIPermission::ID permission,
106 const APIPermission::CheckParam* param) const;
108 // TODO(rdevlin.cronin): GetEffectiveHostPermissions(), HasHostPermission(),
109 // and HasEffectiveAccessToAllHosts() are just forwards for the active
110 // permissions. We should either get rid of these, and have callers use
111 // active_permissions(), or should get rid of active_permissions(), and make
112 // callers use PermissionsData for everything. We should not do both.
114 // Returns the effective hosts associated with the active permissions.
115 const URLPatternSet& GetEffectiveHostPermissions() const;
117 // Whether the extension has access to the given |url|.
118 bool HasHostPermission(const GURL& url) const;
120 // Whether the extension has effective access to all hosts. This is true if
121 // there is a content script that matches all hosts, if there is a host
122 // permission grants access to all hosts (like <all_urls>) or an api
123 // permission that effectively grants access to all hosts (e.g. proxy,
125 bool HasEffectiveAccessToAllHosts() const;
127 // Returns the full list of permission messages that should display at
129 PermissionMessages GetPermissionMessages() const;
131 // Returns the full list of permission messages that should display at install
133 std::vector<base::string16> GetPermissionMessageStrings() const;
135 // Returns the full list of permission details for messages that should
136 // display at install time as strings.
137 std::vector<base::string16> GetPermissionMessageDetailsStrings() const;
139 // Returns true if the |extension| has permission to access and interact with
140 // the specified page, in order to do things like inject scripts or modify
142 // If this returns false and |error| is non-NULL, |error| will be popualted
143 // with the reason the extension cannot access the page.
144 bool CanAccessPage(const Extension* extension,
145 const GURL& document_url,
146 const GURL& top_document_url,
149 std::string* error) const;
151 // Returns true if the |extension| has permission to inject a content script
153 // If this returns false and |error| is non-NULL, |error| will be popualted
154 // with the reason the extension cannot script the page.
155 // NOTE: You almost certainly want to use CanAccessPage() instead of this
157 bool CanRunContentScriptOnPage(const Extension* extension,
158 const GURL& document_url,
159 const GURL& top_document_url,
162 std::string* error) const;
164 // Returns true if extension is allowed to obtain the contents of a page as
165 // an image. Since a page may contain sensitive information, this is
166 // restricted to the extension's host permissions as well as the extension
168 bool CanCaptureVisiblePage(int tab_id, std::string* error) const;
170 // Returns true if the user should be alerted that the |extension| is running
171 // a script. If |tab_id| and |url| are included, this also considers tab-
172 // specific permissions.
173 bool RequiresActionForScriptExecution(const Extension* extension) const;
174 bool RequiresActionForScriptExecution(const Extension* extension,
176 const GURL& url) const;
178 scoped_refptr<const PermissionSet> active_permissions() const {
179 base::AutoLock auto_lock(runtime_lock_);
180 return active_permissions_unsafe_;
183 #if defined(UNIT_TEST)
184 scoped_refptr<const PermissionSet> GetTabSpecificPermissionsForTesting(
186 return GetTabSpecificPermissions(tab_id);
191 typedef std::map<int, scoped_refptr<const PermissionSet> > TabPermissionsMap;
193 // Gets the tab-specific host permissions of |tab_id|, or NULL if there
195 scoped_refptr<const PermissionSet> GetTabSpecificPermissions(
198 // Returns true if the |extension| has tab-specific permission to operate on
199 // the tab specified by |tab_id| with the given |url|.
200 // Note that if this returns false, it doesn't mean the extension can't run on
201 // the given tab, only that it does not have tab-specific permission to do so.
202 bool HasTabSpecificPermissionToExecuteScript(int tab_id,
203 const GURL& url) const;
205 // Returns true if the extension is permitted to run on the given page,
206 // checking against |permitted_url_patterns| in addition to blocking special
207 // sites (like the webstore or chrome:// urls).
208 bool CanRunOnPage(const Extension* extension,
209 const GURL& document_url,
210 const GURL& top_document_url,
213 const URLPatternSet& permitted_url_patterns,
214 std::string* error) const;
216 // The associated extension's id.
217 std::string extension_id_;
219 // The associated extension's manifest type.
220 Manifest::Type manifest_type_;
222 mutable base::Lock runtime_lock_;
224 // The permission's which are currently active on the extension during
226 // Unsafe indicates that we must lock anytime this is directly accessed.
227 // Unless you need to change |active_permissions_unsafe_|, use the (safe)
228 // active_permissions() accessor.
229 mutable scoped_refptr<const PermissionSet> active_permissions_unsafe_;
231 mutable TabPermissionsMap tab_specific_permissions_;
233 DISALLOW_COPY_AND_ASSIGN(PermissionsData);
236 } // namespace extensions
238 #endif // EXTENSIONS_COMMON_PERMISSIONS_PERMISSIONS_DATA_H_