1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/common/extensions/permissions/chrome_api_permissions.h"
7 #include "chrome/grit/generated_resources.h"
8 #include "extensions/common/permissions/api_permission.h"
9 #include "extensions/common/permissions/api_permission_set.h"
10 #include "extensions/common/permissions/media_galleries_permission.h"
11 #include "extensions/common/permissions/permission_message.h"
12 #include "extensions/common/permissions/permissions_info.h"
13 #include "extensions/strings/grit/extensions_strings.h"
15 namespace extensions {
19 const char kOldUnlimitedStoragePermission[] = "unlimited_storage";
20 const char kWindowsPermission[] = "windows";
22 template<typename T> APIPermission* CreateAPIPermission(
23 const APIPermissionInfo* permission) {
24 return new T(permission);
29 std::vector<APIPermissionInfo*> ChromeAPIPermissions::GetAllPermissions()
31 APIPermissionInfo::InitInfo permissions_to_register[] = {
32 // Register permissions for all extension types.
33 {APIPermission::kAppView, "appview",
34 APIPermissionInfo::kFlagCannotBeOptional},
35 {APIPermission::kBackground, "background"},
36 {APIPermission::kClipboardRead, "clipboardRead",
37 APIPermissionInfo::kFlagNone, IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD,
38 PermissionMessage::kClipboard},
39 {APIPermission::kClipboardWrite, "clipboardWrite"},
40 {APIPermission::kDeclarativeContent, "declarativeContent"},
41 {APIPermission::kDeclarativeWebRequest, "declarativeWebRequest",
42 APIPermissionInfo::kFlagNone,
43 IDS_EXTENSION_PROMPT_WARNING_DECLARATIVE_WEB_REQUEST,
44 PermissionMessage::kDeclarativeWebRequest},
45 {APIPermission::kDesktopCapture, "desktopCapture",
46 APIPermissionInfo::kFlagNone,
47 IDS_EXTENSION_PROMPT_WARNING_DESKTOP_CAPTURE,
48 PermissionMessage::kDesktopCapture},
49 {APIPermission::kDownloads, "downloads", APIPermissionInfo::kFlagNone,
50 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS, PermissionMessage::kDownloads},
51 {APIPermission::kDownloadsOpen, "downloads.open",
52 APIPermissionInfo::kFlagNone,
53 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS_OPEN,
54 PermissionMessage::kDownloadsOpen},
55 {APIPermission::kDownloadsShelf, "downloads.shelf"},
56 {APIPermission::kEasyUnlockPrivate, "easyUnlockPrivate"},
57 {APIPermission::kIdentity, "identity"},
58 {APIPermission::kIdentityEmail, "identity.email",
59 APIPermissionInfo::kFlagNone,
60 IDS_EXTENSION_PROMPT_WARNING_IDENTITY_EMAIL,
61 PermissionMessage::kIdentityEmail},
62 {APIPermission::kExperimental, "experimental",
63 APIPermissionInfo::kFlagCannotBeOptional},
64 {APIPermission::kEmbeddedExtensionOptions, "embeddedExtensionOptions",
65 APIPermissionInfo::kFlagCannotBeOptional},
66 {APIPermission::kGeolocation, "geolocation",
67 APIPermissionInfo::kFlagCannotBeOptional,
68 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
69 PermissionMessage::kGeolocation},
70 {APIPermission::kNotifications, "notifications"},
71 {APIPermission::kUnlimitedStorage, "unlimitedStorage",
72 APIPermissionInfo::kFlagCannotBeOptional},
73 {APIPermission::kGcdPrivate, "gcdPrivate"},
74 {APIPermission::kGcm, "gcm"},
75 {APIPermission::kNotificationProvider, "notificationProvider"},
77 // Register extension permissions.
78 {APIPermission::kAccessibilityFeaturesModify,
79 "accessibilityFeatures.modify", APIPermissionInfo::kFlagNone,
80 IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_MODIFY,
81 PermissionMessage::kAccessibilityFeaturesModify},
82 {APIPermission::kAccessibilityFeaturesRead, "accessibilityFeatures.read",
83 APIPermissionInfo::kFlagNone,
84 IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_READ,
85 PermissionMessage::kAccessibilityFeaturesRead},
86 {APIPermission::kAccessibilityPrivate, "accessibilityPrivate",
87 APIPermissionInfo::kFlagCannotBeOptional},
88 {APIPermission::kActiveTab, "activeTab"},
89 {APIPermission::kAlarms, "alarms"},
90 {APIPermission::kBookmark, "bookmarks", APIPermissionInfo::kFlagNone,
91 IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS, PermissionMessage::kBookmarks},
92 {APIPermission::kBrailleDisplayPrivate, "brailleDisplayPrivate",
93 APIPermissionInfo::kFlagCannotBeOptional},
94 {APIPermission::kBrowsingData, "browsingData"},
95 {APIPermission::kContentSettings, "contentSettings",
96 APIPermissionInfo::kFlagNone,
97 IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS,
98 PermissionMessage::kContentSettings},
99 {APIPermission::kContextMenus, "contextMenus"},
100 {APIPermission::kCookie, "cookies"},
101 {APIPermission::kCopresence, "copresence", APIPermissionInfo::kFlagNone,
102 IDS_EXTENSION_PROMPT_WARNING_COPRESENCE, PermissionMessage::kCopresence},
103 {APIPermission::kCopresencePrivate, "copresencePrivate"},
104 {APIPermission::kEnterprisePlatformKeys, "enterprise.platformKeys"},
105 {APIPermission::kFileBrowserHandler, "fileBrowserHandler",
106 APIPermissionInfo::kFlagCannotBeOptional},
107 {APIPermission::kFontSettings, "fontSettings",
108 APIPermissionInfo::kFlagCannotBeOptional},
109 {APIPermission::kHistory, "history", APIPermissionInfo::kFlagNone,
110 IDS_EXTENSION_PROMPT_WARNING_HISTORY_WRITE,
111 PermissionMessage::kBrowsingHistory},
112 {APIPermission::kIdltest, "idltest"},
113 {APIPermission::kIdle, "idle"},
114 {APIPermission::kInfobars, "infobars"},
115 {APIPermission::kInput, "input", APIPermissionInfo::kFlagNone,
116 IDS_EXTENSION_PROMPT_WARNING_INPUT, PermissionMessage::kInput},
117 {APIPermission::kLocation, "location",
118 APIPermissionInfo::kFlagCannotBeOptional,
119 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
120 PermissionMessage::kGeolocation},
121 {APIPermission::kManagement, "management", APIPermissionInfo::kFlagNone,
122 IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT, PermissionMessage::kManagement},
123 {APIPermission::kNativeMessaging, "nativeMessaging",
124 APIPermissionInfo::kFlagNone,
125 IDS_EXTENSION_PROMPT_WARNING_NATIVE_MESSAGING,
126 PermissionMessage::kNativeMessaging},
127 {APIPermission::kPrivacy, "privacy", APIPermissionInfo::kFlagNone,
128 IDS_EXTENSION_PROMPT_WARNING_PRIVACY, PermissionMessage::kPrivacy},
129 {APIPermission::kProcesses, "processes", APIPermissionInfo::kFlagNone,
130 IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ, PermissionMessage::kTabs},
131 {APIPermission::kSessions, "sessions"},
132 {APIPermission::kSignedInDevices, "signedInDevices",
133 APIPermissionInfo::kFlagNone,
134 IDS_EXTENSION_PROMPT_WARNING_SIGNED_IN_DEVICES,
135 PermissionMessage::kSignedInDevices},
136 {APIPermission::kSyncFileSystem, "syncFileSystem",
137 APIPermissionInfo::kFlagNone,
138 IDS_EXTENSION_PROMPT_WARNING_SYNCFILESYSTEM,
139 PermissionMessage::kSyncFileSystem},
140 {APIPermission::kTab, "tabs", APIPermissionInfo::kFlagNone,
141 IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ, PermissionMessage::kTabs},
142 {APIPermission::kTopSites, "topSites", APIPermissionInfo::kFlagNone,
143 IDS_EXTENSION_PROMPT_WARNING_TOPSITES, PermissionMessage::kTopSites},
144 {APIPermission::kTts, "tts", 0, APIPermissionInfo::kFlagCannotBeOptional},
145 {APIPermission::kTtsEngine, "ttsEngine",
146 APIPermissionInfo::kFlagCannotBeOptional,
147 IDS_EXTENSION_PROMPT_WARNING_TTS_ENGINE, PermissionMessage::kTtsEngine},
148 {APIPermission::kWallpaper, "wallpaper",
149 APIPermissionInfo::kFlagCannotBeOptional,
150 IDS_EXTENSION_PROMPT_WARNING_WALLPAPER, PermissionMessage::kWallpaper},
151 {APIPermission::kWebNavigation, "webNavigation",
152 APIPermissionInfo::kFlagNone, IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ,
153 PermissionMessage::kTabs},
154 {APIPermission::kWebRequest, "webRequest"},
155 {APIPermission::kWebRequestBlocking, "webRequestBlocking"},
157 // Register private permissions.
158 {APIPermission::kScreenlockPrivate, "screenlockPrivate",
159 APIPermissionInfo::kFlagCannotBeOptional,
160 IDS_EXTENSION_PROMPT_WARNING_SCREENLOCK_PRIVATE,
161 PermissionMessage::kScreenlockPrivate},
162 {APIPermission::kActivityLogPrivate, "activityLogPrivate",
163 APIPermissionInfo::kFlagCannotBeOptional,
164 IDS_EXTENSION_PROMPT_WARNING_ACTIVITY_LOG_PRIVATE,
165 PermissionMessage::kActivityLogPrivate},
166 {APIPermission::kAutoTestPrivate, "autotestPrivate",
167 APIPermissionInfo::kFlagCannotBeOptional},
168 {APIPermission::kBookmarkManagerPrivate, "bookmarkManagerPrivate",
169 APIPermissionInfo::kFlagCannotBeOptional},
170 {APIPermission::kCast, "cast", APIPermissionInfo::kFlagCannotBeOptional},
171 {APIPermission::kChromeosInfoPrivate, "chromeosInfoPrivate",
172 APIPermissionInfo::kFlagCannotBeOptional},
173 {APIPermission::kCommandsAccessibility, "commands.accessibility",
174 APIPermissionInfo::kFlagCannotBeOptional},
175 {APIPermission::kCommandLinePrivate, "commandLinePrivate",
176 APIPermissionInfo::kFlagCannotBeOptional},
177 {APIPermission::kDeveloperPrivate, "developerPrivate",
178 APIPermissionInfo::kFlagCannotBeOptional},
179 {APIPermission::kDiagnostics, "diagnostics",
180 APIPermissionInfo::kFlagCannotBeOptional},
181 {APIPermission::kDial, "dial", APIPermissionInfo::kFlagCannotBeOptional},
182 {APIPermission::kDownloadsInternal, "downloadsInternal"},
183 {APIPermission::kExperienceSamplingPrivate, "experienceSamplingPrivate",
184 APIPermissionInfo::kFlagCannotBeOptional,
185 IDS_EXTENSION_PROMPT_WARNING_EXPERIENCE_SAMPLING_PRIVATE,
186 PermissionMessage::kExperienceSamplingPrivate},
187 {APIPermission::kFileBrowserHandlerInternal, "fileBrowserHandlerInternal",
188 APIPermissionInfo::kFlagCannotBeOptional},
189 {APIPermission::kFileManagerPrivate, "fileManagerPrivate",
190 APIPermissionInfo::kFlagCannotBeOptional},
191 {APIPermission::kHotwordPrivate, "hotwordPrivate",
192 APIPermissionInfo::kFlagCannotBeOptional},
193 {APIPermission::kIdentityPrivate, "identityPrivate",
194 APIPermissionInfo::kFlagCannotBeOptional},
195 {APIPermission::kLogPrivate, "logPrivate",
196 APIPermissionInfo::kFlagCannotBeOptional},
197 {APIPermission::kWebcamPrivate, "webcamPrivate"},
198 {APIPermission::kNetworkingPrivate, "networkingPrivate",
199 APIPermissionInfo::kFlagCannotBeOptional,
200 IDS_EXTENSION_PROMPT_WARNING_NETWORKING_PRIVATE,
201 PermissionMessage::kNetworkingPrivate},
202 {APIPermission::kMediaPlayerPrivate, "mediaPlayerPrivate",
203 APIPermissionInfo::kFlagCannotBeOptional},
204 {APIPermission::kMetricsPrivate, "metricsPrivate",
205 APIPermissionInfo::kFlagCannotBeOptional},
206 {APIPermission::kMDns, "mdns", APIPermissionInfo::kFlagCannotBeOptional},
207 {APIPermission::kMusicManagerPrivate, "musicManagerPrivate",
208 APIPermissionInfo::kFlagCannotBeOptional,
209 IDS_EXTENSION_PROMPT_WARNING_MUSIC_MANAGER_PRIVATE,
210 PermissionMessage::kMusicManagerPrivate},
211 {APIPermission::kPreferencesPrivate, "preferencesPrivate",
212 APIPermissionInfo::kFlagCannotBeOptional},
213 {APIPermission::kSystemPrivate, "systemPrivate",
214 APIPermissionInfo::kFlagCannotBeOptional},
215 {APIPermission::kCloudPrintPrivate, "cloudPrintPrivate",
216 APIPermissionInfo::kFlagCannotBeOptional},
217 {APIPermission::kInputMethodPrivate, "inputMethodPrivate",
218 APIPermissionInfo::kFlagCannotBeOptional},
219 {APIPermission::kEchoPrivate, "echoPrivate",
220 APIPermissionInfo::kFlagCannotBeOptional},
221 {APIPermission::kFeedbackPrivate, "feedbackPrivate",
222 APIPermissionInfo::kFlagCannotBeOptional},
223 {APIPermission::kImageWriterPrivate, "imageWriterPrivate",
224 APIPermissionInfo::kFlagCannotBeOptional},
225 {APIPermission::kReadingListPrivate, "readingListPrivate",
226 APIPermissionInfo::kFlagCannotBeOptional},
227 {APIPermission::kRtcPrivate, "rtcPrivate",
228 APIPermissionInfo::kFlagCannotBeOptional},
229 {APIPermission::kSyncedNotificationsPrivate,
230 "syncedNotificationsPrivate"},
231 {APIPermission::kTerminalPrivate, "terminalPrivate",
232 APIPermissionInfo::kFlagCannotBeOptional},
233 {APIPermission::kVirtualKeyboardPrivate, "virtualKeyboardPrivate",
234 APIPermissionInfo::kFlagCannotBeOptional},
235 {APIPermission::kWallpaperPrivate, "wallpaperPrivate",
236 APIPermissionInfo::kFlagCannotBeOptional},
237 {APIPermission::kWebstorePrivate, "webstorePrivate",
238 APIPermissionInfo::kFlagCannotBeOptional},
239 {APIPermission::kMediaGalleriesPrivate, "mediaGalleriesPrivate",
240 APIPermissionInfo::kFlagCannotBeOptional},
241 {APIPermission::kStreamsPrivate, "streamsPrivate",
242 APIPermissionInfo::kFlagCannotBeOptional},
243 {APIPermission::kEnterprisePlatformKeysPrivate,
244 "enterprise.platformKeysPrivate",
245 APIPermissionInfo::kFlagCannotBeOptional},
246 {APIPermission::kWebrtcAudioPrivate, "webrtcAudioPrivate",
247 APIPermissionInfo::kFlagCannotBeOptional},
248 {APIPermission::kWebrtcLoggingPrivate, "webrtcLoggingPrivate",
249 APIPermissionInfo::kFlagCannotBeOptional},
250 {APIPermission::kPrincipalsPrivate, "principalsPrivate",
251 APIPermissionInfo::kFlagCannotBeOptional},
252 {APIPermission::kFirstRunPrivate, "firstRunPrivate",
253 APIPermissionInfo::kFlagCannotBeOptional},
254 {APIPermission::kBluetoothPrivate, "bluetoothPrivate",
255 APIPermissionInfo::kFlagCannotBeOptional,
256 IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH_PRIVATE,
257 PermissionMessage::kBluetoothPrivate},
259 // Full url access permissions.
260 {APIPermission::kDebugger, "debugger",
261 APIPermissionInfo::kFlagImpliesFullURLAccess |
262 APIPermissionInfo::kFlagCannotBeOptional,
263 IDS_EXTENSION_PROMPT_WARNING_DEBUGGER, PermissionMessage::kDebugger},
264 {APIPermission::kDevtools, "devtools",
265 APIPermissionInfo::kFlagImpliesFullURLAccess |
266 APIPermissionInfo::kFlagCannotBeOptional |
267 APIPermissionInfo::kFlagInternal},
268 {APIPermission::kPageCapture, "pageCapture",
269 APIPermissionInfo::kFlagImpliesFullURLAccess},
270 {APIPermission::kTabCapture, "tabCapture",
271 APIPermissionInfo::kFlagImpliesFullURLAccess},
272 {APIPermission::kTabCaptureForTab, "tabCaptureForTab",
273 APIPermissionInfo::kFlagInternal},
274 {APIPermission::kPlugin, "plugin",
275 APIPermissionInfo::kFlagImpliesFullURLAccess |
276 APIPermissionInfo::kFlagImpliesFullAccess |
277 APIPermissionInfo::kFlagCannotBeOptional |
278 APIPermissionInfo::kFlagInternal,
279 IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS,
280 PermissionMessage::kFullAccess},
281 {APIPermission::kProxy, "proxy",
282 APIPermissionInfo::kFlagImpliesFullURLAccess |
283 APIPermissionInfo::kFlagCannotBeOptional},
285 // Platform-app permissions.
287 // The permission string for "fileSystem" is only shown when
288 // "write" or "directory" is present. Read-only access is only
289 // granted after the user has been shown a file or directory
290 // chooser dialog and selected a file or directory. Selecting
291 // the file or directory is considered consent to read it.
292 {APIPermission::kFileSystem, "fileSystem"},
293 {APIPermission::kFileSystemDirectory, "fileSystem.directory",
294 APIPermissionInfo::kFlagNone,
295 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_DIRECTORY,
296 PermissionMessage::kFileSystemDirectory},
297 {APIPermission::kFileSystemProvider, "fileSystemProvider"},
298 {APIPermission::kFileSystemRetainEntries, "fileSystem.retainEntries"},
299 {APIPermission::kFileSystemWrite, "fileSystem.write"},
300 {APIPermission::kFileSystemWriteDirectory, "fileSystem.writeDirectory",
301 APIPermissionInfo::kFlagNone,
302 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY,
303 PermissionMessage::kFileSystemWriteDirectory},
304 // Because warning messages for the "mediaGalleries" permission
305 // vary based on the permissions parameters, no message ID or
306 // message text is specified here. The message ID and text used
307 // will be determined at run-time in the
308 // |MediaGalleriesPermission| class.
309 {APIPermission::kMediaGalleries, "mediaGalleries",
310 APIPermissionInfo::kFlagNone, 0, PermissionMessage::kNone,
311 &CreateAPIPermission<MediaGalleriesPermission>},
312 {APIPermission::kPushMessaging, "pushMessaging",
313 APIPermissionInfo::kFlagCannotBeOptional},
314 {APIPermission::kPointerLock, "pointerLock"},
315 {APIPermission::kAudio, "audio"},
316 {APIPermission::kCastStreaming, "cast.streaming"},
317 {APIPermission::kBrowser, "browser"},
319 // Settings override permissions.
320 {APIPermission::kHomepage, "homepage",
321 APIPermissionInfo::kFlagCannotBeOptional |
322 APIPermissionInfo::kFlagInternal,
323 IDS_EXTENSION_PROMPT_WARNING_HOME_PAGE_SETTING_OVERRIDE,
324 PermissionMessage::kHomepage},
325 {APIPermission::kSearchProvider, "searchProvider",
326 APIPermissionInfo::kFlagCannotBeOptional |
327 APIPermissionInfo::kFlagInternal,
328 IDS_EXTENSION_PROMPT_WARNING_SEARCH_SETTINGS_OVERRIDE,
329 PermissionMessage::kSearchProvider},
330 {APIPermission::kStartupPages, "startupPages",
331 APIPermissionInfo::kFlagCannotBeOptional |
332 APIPermissionInfo::kFlagInternal,
333 IDS_EXTENSION_PROMPT_WARNING_START_PAGE_SETTING_OVERRIDE,
334 PermissionMessage::kStartupPages},
337 std::vector<APIPermissionInfo*> permissions;
339 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(permissions_to_register); ++i)
340 permissions.push_back(new APIPermissionInfo(permissions_to_register[i]));
344 std::vector<PermissionsProvider::AliasInfo>
345 ChromeAPIPermissions::GetAllAliases() const {
347 std::vector<PermissionsProvider::AliasInfo> aliases;
348 aliases.push_back(PermissionsProvider::AliasInfo(
349 "unlimitedStorage", kOldUnlimitedStoragePermission));
350 aliases.push_back(PermissionsProvider::AliasInfo(
351 "tabs", kWindowsPermission));
355 } // namespace extensions