1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/common/extensions/permissions/chrome_api_permissions.h"
7 #include "chrome/grit/generated_resources.h"
8 #include "extensions/common/permissions/api_permission.h"
9 #include "extensions/common/permissions/api_permission_set.h"
10 #include "extensions/common/permissions/media_galleries_permission.h"
11 #include "extensions/common/permissions/permission_message.h"
12 #include "extensions/common/permissions/permissions_info.h"
13 #include "extensions/strings/grit/extensions_strings.h"
15 namespace extensions {
19 const char kOldUnlimitedStoragePermission[] = "unlimited_storage";
20 const char kWindowsPermission[] = "windows";
23 APIPermission* CreateAPIPermission(const APIPermissionInfo* permission) {
24 return new T(permission);
29 std::vector<APIPermissionInfo*> ChromeAPIPermissions::GetAllPermissions()
31 APIPermissionInfo::InitInfo permissions_to_register[] = {
32 // Register permissions for all extension types.
33 {APIPermission::kBackground, "background"},
34 {APIPermission::kClipboardRead,
36 APIPermissionInfo::kFlagNone,
37 IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD,
38 PermissionMessage::kClipboard},
39 {APIPermission::kClipboardWrite, "clipboardWrite"},
40 {APIPermission::kDeclarativeContent, "declarativeContent"},
41 {APIPermission::kDesktopCapture,
43 APIPermissionInfo::kFlagNone,
44 IDS_EXTENSION_PROMPT_WARNING_DESKTOP_CAPTURE,
45 PermissionMessage::kDesktopCapture},
46 {APIPermission::kDownloads,
48 APIPermissionInfo::kFlagNone,
49 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS,
50 PermissionMessage::kDownloads},
51 {APIPermission::kDownloadsOpen,
53 APIPermissionInfo::kFlagNone,
54 IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS_OPEN,
55 PermissionMessage::kDownloadsOpen},
56 {APIPermission::kDownloadsShelf, "downloads.shelf"},
57 {APIPermission::kEasyUnlockPrivate, "easyUnlockPrivate"},
58 {APIPermission::kIdentity, "identity"},
59 {APIPermission::kIdentityEmail,
61 APIPermissionInfo::kFlagNone,
62 IDS_EXTENSION_PROMPT_WARNING_IDENTITY_EMAIL,
63 PermissionMessage::kIdentityEmail},
64 {APIPermission::kExperimental,
66 APIPermissionInfo::kFlagCannotBeOptional},
67 {APIPermission::kEmbeddedExtensionOptions,
68 "embeddedExtensionOptions",
69 APIPermissionInfo::kFlagCannotBeOptional},
70 {APIPermission::kGeolocation,
72 APIPermissionInfo::kFlagCannotBeOptional,
73 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
74 PermissionMessage::kGeolocation},
75 {APIPermission::kNotifications, "notifications"},
76 {APIPermission::kUnlimitedStorage,
78 APIPermissionInfo::kFlagCannotBeOptional},
79 {APIPermission::kGcdPrivate, "gcdPrivate"},
80 {APIPermission::kGcm, "gcm"},
81 {APIPermission::kNotificationProvider, "notificationProvider"},
83 // Register extension permissions.
84 {APIPermission::kAccessibilityFeaturesModify,
85 "accessibilityFeatures.modify",
86 APIPermissionInfo::kFlagNone,
87 IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_MODIFY,
88 PermissionMessage::kAccessibilityFeaturesModify},
89 {APIPermission::kAccessibilityFeaturesRead,
90 "accessibilityFeatures.read",
91 APIPermissionInfo::kFlagNone,
92 IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_READ,
93 PermissionMessage::kAccessibilityFeaturesRead},
94 {APIPermission::kAccessibilityPrivate,
95 "accessibilityPrivate",
96 APIPermissionInfo::kFlagCannotBeOptional},
97 {APIPermission::kActiveTab, "activeTab"},
98 {APIPermission::kAlarms, "alarms"},
99 {APIPermission::kBookmark,
101 APIPermissionInfo::kFlagNone,
102 IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS,
103 PermissionMessage::kBookmarks},
104 {APIPermission::kBrailleDisplayPrivate,
105 "brailleDisplayPrivate",
106 APIPermissionInfo::kFlagCannotBeOptional},
107 {APIPermission::kBrowsingData, "browsingData"},
108 {APIPermission::kContentSettings,
110 APIPermissionInfo::kFlagNone,
111 IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS,
112 PermissionMessage::kContentSettings},
113 {APIPermission::kContextMenus, "contextMenus"},
114 {APIPermission::kCookie, "cookies"},
115 {APIPermission::kCopresence,
117 APIPermissionInfo::kFlagNone,
118 IDS_EXTENSION_PROMPT_WARNING_COPRESENCE,
119 PermissionMessage::kCopresence},
120 {APIPermission::kCopresencePrivate, "copresencePrivate"},
121 {APIPermission::kDocumentScan, "documentScan",
122 APIPermissionInfo::kFlagNone, IDS_EXTENSION_PROMPT_WARNING_DOCUMENT_SCAN,
123 PermissionMessage::kDocumentScan},
124 {APIPermission::kEnterprisePlatformKeys, "enterprise.platformKeys"},
125 {APIPermission::kFileBrowserHandler,
126 "fileBrowserHandler",
127 APIPermissionInfo::kFlagCannotBeOptional},
128 {APIPermission::kFontSettings,
130 APIPermissionInfo::kFlagCannotBeOptional},
131 {APIPermission::kHistory,
133 APIPermissionInfo::kFlagNone,
134 IDS_EXTENSION_PROMPT_WARNING_HISTORY_WRITE,
135 PermissionMessage::kBrowsingHistory},
136 {APIPermission::kIdltest, "idltest"},
137 {APIPermission::kIdle, "idle"},
138 {APIPermission::kInfobars, "infobars"},
139 {APIPermission::kInput,
141 APIPermissionInfo::kFlagNone,
142 IDS_EXTENSION_PROMPT_WARNING_INPUT,
143 PermissionMessage::kInput},
144 {APIPermission::kLocation,
146 APIPermissionInfo::kFlagCannotBeOptional,
147 IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
148 PermissionMessage::kGeolocation},
149 {APIPermission::kManagement,
151 APIPermissionInfo::kFlagNone,
152 IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT,
153 PermissionMessage::kManagement},
154 {APIPermission::kNativeMessaging,
156 APIPermissionInfo::kFlagNone,
157 IDS_EXTENSION_PROMPT_WARNING_NATIVE_MESSAGING,
158 PermissionMessage::kNativeMessaging},
159 {APIPermission::kPrivacy,
161 APIPermissionInfo::kFlagNone,
162 IDS_EXTENSION_PROMPT_WARNING_PRIVACY,
163 PermissionMessage::kPrivacy},
164 {APIPermission::kProcesses,
166 APIPermissionInfo::kFlagNone,
167 IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ,
168 PermissionMessage::kTabs},
169 {APIPermission::kSessions, "sessions"},
170 {APIPermission::kSignedInDevices,
172 APIPermissionInfo::kFlagNone,
173 IDS_EXTENSION_PROMPT_WARNING_SIGNED_IN_DEVICES,
174 PermissionMessage::kSignedInDevices},
175 {APIPermission::kSyncFileSystem,
177 APIPermissionInfo::kFlagNone,
178 IDS_EXTENSION_PROMPT_WARNING_SYNCFILESYSTEM,
179 PermissionMessage::kSyncFileSystem},
180 {APIPermission::kTab,
182 APIPermissionInfo::kFlagNone,
183 IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ,
184 PermissionMessage::kTabs},
185 {APIPermission::kTopSites,
187 APIPermissionInfo::kFlagNone,
188 IDS_EXTENSION_PROMPT_WARNING_TOPSITES,
189 PermissionMessage::kTopSites},
190 {APIPermission::kTts, "tts", 0, APIPermissionInfo::kFlagCannotBeOptional},
191 {APIPermission::kTtsEngine,
193 APIPermissionInfo::kFlagCannotBeOptional,
194 IDS_EXTENSION_PROMPT_WARNING_TTS_ENGINE,
195 PermissionMessage::kTtsEngine},
196 {APIPermission::kWallpaper,
198 APIPermissionInfo::kFlagCannotBeOptional,
199 IDS_EXTENSION_PROMPT_WARNING_WALLPAPER,
200 PermissionMessage::kWallpaper},
201 {APIPermission::kWebNavigation,
203 APIPermissionInfo::kFlagNone,
204 IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ,
205 PermissionMessage::kTabs},
207 // Register private permissions.
208 {APIPermission::kScreenlockPrivate,
210 APIPermissionInfo::kFlagCannotBeOptional,
211 IDS_EXTENSION_PROMPT_WARNING_SCREENLOCK_PRIVATE,
212 PermissionMessage::kScreenlockPrivate},
213 {APIPermission::kActivityLogPrivate,
214 "activityLogPrivate",
215 APIPermissionInfo::kFlagCannotBeOptional,
216 IDS_EXTENSION_PROMPT_WARNING_ACTIVITY_LOG_PRIVATE,
217 PermissionMessage::kActivityLogPrivate},
218 {APIPermission::kAutoTestPrivate,
220 APIPermissionInfo::kFlagCannotBeOptional},
221 {APIPermission::kBookmarkManagerPrivate,
222 "bookmarkManagerPrivate",
223 APIPermissionInfo::kFlagCannotBeOptional},
224 {APIPermission::kCast, "cast", APIPermissionInfo::kFlagCannotBeOptional},
225 {APIPermission::kChromeosInfoPrivate,
226 "chromeosInfoPrivate",
227 APIPermissionInfo::kFlagCannotBeOptional},
228 {APIPermission::kCommandsAccessibility,
229 "commands.accessibility",
230 APIPermissionInfo::kFlagCannotBeOptional},
231 {APIPermission::kCommandLinePrivate,
232 "commandLinePrivate",
233 APIPermissionInfo::kFlagCannotBeOptional},
234 {APIPermission::kDeveloperPrivate,
236 APIPermissionInfo::kFlagCannotBeOptional},
237 {APIPermission::kDiagnostics,
239 APIPermissionInfo::kFlagCannotBeOptional},
240 {APIPermission::kDial, "dial", APIPermissionInfo::kFlagCannotBeOptional},
241 {APIPermission::kDownloadsInternal, "downloadsInternal"},
242 {APIPermission::kExperienceSamplingPrivate,
243 "experienceSamplingPrivate",
244 APIPermissionInfo::kFlagCannotBeOptional,
245 IDS_EXTENSION_PROMPT_WARNING_EXPERIENCE_SAMPLING_PRIVATE,
246 PermissionMessage::kExperienceSamplingPrivate},
247 {APIPermission::kFileBrowserHandlerInternal,
248 "fileBrowserHandlerInternal",
249 APIPermissionInfo::kFlagCannotBeOptional},
250 {APIPermission::kFileManagerPrivate,
251 "fileManagerPrivate",
252 APIPermissionInfo::kFlagCannotBeOptional},
253 {APIPermission::kHotwordPrivate,
255 APIPermissionInfo::kFlagCannotBeOptional},
256 {APIPermission::kIdentityPrivate,
258 APIPermissionInfo::kFlagCannotBeOptional},
259 {APIPermission::kLogPrivate,
261 APIPermissionInfo::kFlagCannotBeOptional},
262 {APIPermission::kWebcamPrivate, "webcamPrivate"},
263 {APIPermission::kNetworkingPrivate,
265 APIPermissionInfo::kFlagCannotBeOptional,
266 IDS_EXTENSION_PROMPT_WARNING_NETWORKING_PRIVATE,
267 PermissionMessage::kNetworkingPrivate},
268 {APIPermission::kMediaPlayerPrivate,
269 "mediaPlayerPrivate",
270 APIPermissionInfo::kFlagCannotBeOptional},
271 {APIPermission::kMetricsPrivate,
273 APIPermissionInfo::kFlagCannotBeOptional},
274 {APIPermission::kMDns, "mdns", APIPermissionInfo::kFlagCannotBeOptional},
275 {APIPermission::kMusicManagerPrivate,
276 "musicManagerPrivate",
277 APIPermissionInfo::kFlagCannotBeOptional,
278 IDS_EXTENSION_PROMPT_WARNING_MUSIC_MANAGER_PRIVATE,
279 PermissionMessage::kMusicManagerPrivate},
280 {APIPermission::kPreferencesPrivate,
281 "preferencesPrivate",
282 APIPermissionInfo::kFlagCannotBeOptional},
283 {APIPermission::kSystemPrivate,
285 APIPermissionInfo::kFlagCannotBeOptional},
286 {APIPermission::kCloudPrintPrivate,
288 APIPermissionInfo::kFlagCannotBeOptional},
289 {APIPermission::kInputMethodPrivate,
290 "inputMethodPrivate",
291 APIPermissionInfo::kFlagCannotBeOptional},
292 {APIPermission::kEchoPrivate,
294 APIPermissionInfo::kFlagCannotBeOptional},
295 {APIPermission::kFeedbackPrivate,
297 APIPermissionInfo::kFlagCannotBeOptional},
298 {APIPermission::kImageWriterPrivate,
299 "imageWriterPrivate",
300 APIPermissionInfo::kFlagCannotBeOptional},
301 {APIPermission::kReadingListPrivate,
302 "readingListPrivate",
303 APIPermissionInfo::kFlagCannotBeOptional},
304 {APIPermission::kRtcPrivate,
306 APIPermissionInfo::kFlagCannotBeOptional},
307 {APIPermission::kSyncedNotificationsPrivate,
308 "syncedNotificationsPrivate"},
309 {APIPermission::kTerminalPrivate,
311 APIPermissionInfo::kFlagCannotBeOptional},
312 {APIPermission::kVirtualKeyboardPrivate,
313 "virtualKeyboardPrivate",
314 APIPermissionInfo::kFlagCannotBeOptional},
315 {APIPermission::kWallpaperPrivate,
317 APIPermissionInfo::kFlagCannotBeOptional},
318 {APIPermission::kWebstorePrivate,
320 APIPermissionInfo::kFlagCannotBeOptional},
321 {APIPermission::kMediaGalleriesPrivate,
322 "mediaGalleriesPrivate",
323 APIPermissionInfo::kFlagCannotBeOptional},
324 {APIPermission::kStreamsPrivate,
326 APIPermissionInfo::kFlagCannotBeOptional},
327 {APIPermission::kEnterprisePlatformKeysPrivate,
328 "enterprise.platformKeysPrivate",
329 APIPermissionInfo::kFlagCannotBeOptional},
330 {APIPermission::kWebrtcAudioPrivate,
331 "webrtcAudioPrivate",
332 APIPermissionInfo::kFlagCannotBeOptional},
333 {APIPermission::kWebrtcLoggingPrivate,
334 "webrtcLoggingPrivate",
335 APIPermissionInfo::kFlagCannotBeOptional},
336 {APIPermission::kPrincipalsPrivate,
338 APIPermissionInfo::kFlagCannotBeOptional},
339 {APIPermission::kFirstRunPrivate,
341 APIPermissionInfo::kFlagCannotBeOptional},
343 // Full url access permissions.
344 {APIPermission::kDebugger,
346 APIPermissionInfo::kFlagImpliesFullURLAccess |
347 APIPermissionInfo::kFlagCannotBeOptional,
348 IDS_EXTENSION_PROMPT_WARNING_DEBUGGER,
349 PermissionMessage::kDebugger},
350 {APIPermission::kDevtools,
352 APIPermissionInfo::kFlagImpliesFullURLAccess |
353 APIPermissionInfo::kFlagCannotBeOptional |
354 APIPermissionInfo::kFlagInternal},
355 {APIPermission::kPageCapture,
357 APIPermissionInfo::kFlagImpliesFullURLAccess},
358 {APIPermission::kTabCapture,
360 APIPermissionInfo::kFlagImpliesFullURLAccess},
361 {APIPermission::kTabCaptureForTab,
363 APIPermissionInfo::kFlagInternal},
364 {APIPermission::kPlugin,
366 APIPermissionInfo::kFlagImpliesFullURLAccess |
367 APIPermissionInfo::kFlagImpliesFullAccess |
368 APIPermissionInfo::kFlagCannotBeOptional |
369 APIPermissionInfo::kFlagInternal,
370 IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS,
371 PermissionMessage::kFullAccess},
372 {APIPermission::kProxy,
374 APIPermissionInfo::kFlagImpliesFullURLAccess |
375 APIPermissionInfo::kFlagCannotBeOptional},
377 // Platform-app permissions.
379 // The permission string for "fileSystem" is only shown when
380 // "write" or "directory" is present. Read-only access is only
381 // granted after the user has been shown a file or directory
382 // chooser dialog and selected a file or directory. Selecting
383 // the file or directory is considered consent to read it.
384 {APIPermission::kFileSystem, "fileSystem"},
385 {APIPermission::kFileSystemDirectory,
386 "fileSystem.directory",
387 APIPermissionInfo::kFlagNone,
388 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_DIRECTORY,
389 PermissionMessage::kFileSystemDirectory},
390 {APIPermission::kFileSystemProvider, "fileSystemProvider"},
391 {APIPermission::kFileSystemRetainEntries, "fileSystem.retainEntries"},
392 {APIPermission::kFileSystemWrite, "fileSystem.write"},
393 {APIPermission::kFileSystemWriteDirectory,
394 "fileSystem.writeDirectory",
395 APIPermissionInfo::kFlagNone,
396 IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY,
397 PermissionMessage::kFileSystemWriteDirectory},
398 // Because warning messages for the "mediaGalleries" permission
399 // vary based on the permissions parameters, no message ID or
400 // message text is specified here. The message ID and text used
401 // will be determined at run-time in the
402 // |MediaGalleriesPermission| class.
403 {APIPermission::kMediaGalleries,
405 APIPermissionInfo::kFlagNone,
407 PermissionMessage::kNone,
408 &CreateAPIPermission<MediaGalleriesPermission>},
409 {APIPermission::kPushMessaging,
411 APIPermissionInfo::kFlagCannotBeOptional},
412 {APIPermission::kPointerLock, "pointerLock"},
413 {APIPermission::kPrinterProvider, "printerProvider"},
414 {APIPermission::kAudio, "audio"},
415 {APIPermission::kCastStreaming, "cast.streaming"},
416 {APIPermission::kBrowser, "browser"},
418 // Settings override permissions.
419 {APIPermission::kHomepage,
421 APIPermissionInfo::kFlagCannotBeOptional |
422 APIPermissionInfo::kFlagInternal,
423 IDS_EXTENSION_PROMPT_WARNING_HOME_PAGE_SETTING_OVERRIDE,
424 PermissionMessage::kHomepage},
425 {APIPermission::kSearchProvider,
427 APIPermissionInfo::kFlagCannotBeOptional |
428 APIPermissionInfo::kFlagInternal,
429 IDS_EXTENSION_PROMPT_WARNING_SEARCH_SETTINGS_OVERRIDE,
430 PermissionMessage::kSearchProvider},
431 {APIPermission::kStartupPages,
433 APIPermissionInfo::kFlagCannotBeOptional |
434 APIPermissionInfo::kFlagInternal,
435 IDS_EXTENSION_PROMPT_WARNING_START_PAGE_SETTING_OVERRIDE,
436 PermissionMessage::kStartupPages},
439 std::vector<APIPermissionInfo*> permissions;
441 for (size_t i = 0; i < arraysize(permissions_to_register); ++i)
442 permissions.push_back(new APIPermissionInfo(permissions_to_register[i]));
446 std::vector<PermissionsProvider::AliasInfo>
447 ChromeAPIPermissions::GetAllAliases() const {
449 std::vector<PermissionsProvider::AliasInfo> aliases;
450 aliases.push_back(PermissionsProvider::AliasInfo(
451 "unlimitedStorage", kOldUnlimitedStoragePermission));
452 aliases.push_back(PermissionsProvider::AliasInfo("tabs", kWindowsPermission));
456 } // namespace extensions