1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
6 #define EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
12 #include "base/callback.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/pickle.h"
15 #include "base/values.h"
16 #include "extensions/common/permissions/permission_message.h"
22 namespace extensions {
24 class APIPermissionInfo;
25 class ChromeAPIPermissions;
27 // APIPermission is for handling some complex permissions. Please refer to
28 // extensions::SocketPermission as an example.
29 // There is one instance per permission per loaded extension.
38 kAccessibilityFeaturesModify,
39 kAccessibilityFeaturesRead,
40 kAccessibilityPrivate,
54 kBookmarkManagerPrivate,
55 kBrailleDisplayPrivate,
74 kDeclarativeWebRequest,
85 kEmbeddedExtensionOptions,
86 kEnterprisePlatformKeys,
87 kEnterprisePlatformKeysPrivate,
88 kExperienceSamplingPrivate,
92 kFileBrowserHandlerInternal,
97 kFileSystemRetainEntries,
99 kFileSystemWriteDirectory,
122 kMediaGalleriesPrivate,
126 kMusicManagerPrivate,
129 kNotificationProvider,
131 kOverrideEscFullscreen,
154 kSyncedNotificationsPrivate,
169 kVirtualKeyboardPrivate,
173 kWebConnectable, // for externally_connectable manifest key
178 kWebrtcLoggingPrivate,
196 explicit APIPermission(const APIPermissionInfo* info);
198 virtual ~APIPermission();
200 // Returns the id of this permission.
203 // Returns the name of this permission.
204 const char* name() const;
206 // Returns the APIPermission of this permission.
207 const APIPermissionInfo* info() const {
211 // Returns true if this permission has any PermissionMessages.
212 virtual bool HasMessages() const = 0;
214 // Returns the localized permission messages of this permission.
215 virtual PermissionMessages GetMessages() const = 0;
217 // Returns true if the given permission is allowed.
218 virtual bool Check(const CheckParam* param) const = 0;
220 // Returns true if |rhs| is a subset of this.
221 virtual bool Contains(const APIPermission* rhs) const = 0;
223 // Returns true if |rhs| is equal to this.
224 virtual bool Equal(const APIPermission* rhs) const = 0;
226 // Parses the APIPermission from |value|. Returns false if an error happens
227 // and optionally set |error| if |error| is not NULL. If |value| represents
228 // multiple permissions, some are invalid, and |unhandled_permissions| is
229 // not NULL, the invalid ones are put into |unhandled_permissions| and the
230 // function returns true.
231 virtual bool FromValue(const base::Value* value,
233 std::vector<std::string>* unhandled_permissions) = 0;
235 // Stores this into a new created |value|.
236 virtual scoped_ptr<base::Value> ToValue() const = 0;
239 virtual APIPermission* Clone() const = 0;
241 // Returns a new API permission which equals this - |rhs|.
242 virtual APIPermission* Diff(const APIPermission* rhs) const = 0;
244 // Returns a new API permission which equals the union of this and |rhs|.
245 virtual APIPermission* Union(const APIPermission* rhs) const = 0;
247 // Returns a new API permission which equals the intersect of this and |rhs|.
248 virtual APIPermission* Intersect(const APIPermission* rhs) const = 0;
251 // Writes this into the given IPC message |m|.
252 virtual void Write(IPC::Message* m) const = 0;
254 // Reads from the given IPC message |m|.
255 virtual bool Read(const IPC::Message* m, PickleIterator* iter) = 0;
257 // Logs this permission.
258 virtual void Log(std::string* log) const = 0;
261 // Returns the localized permission message associated with this api.
262 // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows.
263 PermissionMessage GetMessage_() const;
266 const APIPermissionInfo* const info_;
270 // The APIPermissionInfo is an immutable class that describes a single
271 // named permission (API permission).
272 // There is one instance per permission.
273 class APIPermissionInfo {
278 // Indicates if the permission implies full access (native code).
279 kFlagImpliesFullAccess = 1 << 0,
281 // Indicates if the permission implies full URL access.
282 kFlagImpliesFullURLAccess = 1 << 1,
284 // Indicates that extensions cannot specify the permission as optional.
285 kFlagCannotBeOptional = 1 << 3,
287 // Indicates that the permission is internal to the extensions
288 // system and cannot be specified in the "permissions" list.
289 kFlagInternal = 1 << 4,
292 typedef APIPermission* (*APIPermissionConstructor)(const APIPermissionInfo*);
294 typedef std::set<APIPermission::ID> IDSet;
296 ~APIPermissionInfo();
298 // Creates a APIPermission instance.
299 APIPermission* CreateAPIPermission() const;
301 int flags() const { return flags_; }
303 APIPermission::ID id() const { return id_; }
305 // Returns the message id associated with this permission.
306 PermissionMessage::ID message_id() const {
310 // Returns the name of this permission.
311 const char* name() const { return name_; }
313 // Returns true if this permission implies full access (e.g., native code).
314 bool implies_full_access() const {
315 return (flags_ & kFlagImpliesFullAccess) != 0;
318 // Returns true if this permission implies full URL access.
319 bool implies_full_url_access() const {
320 return (flags_ & kFlagImpliesFullURLAccess) != 0;
323 // Returns true if this permission can be added and removed via the
324 // optional permissions extension API.
325 bool supports_optional() const {
326 return (flags_ & kFlagCannotBeOptional) == 0;
329 // Returns true if this permission is internal rather than a
330 // "permissions" list entry.
331 bool is_internal() const {
332 return (flags_ & kFlagInternal) != 0;
336 // Instances should only be constructed from within a PermissionsProvider.
337 friend class ChromeAPIPermissions;
338 friend class ExtensionsAPIPermissions;
339 // Implementations of APIPermission will want to get the permission message,
340 // but this class's implementation should be hidden from everyone else.
341 friend class APIPermission;
343 // This exists to allow aggregate initialization, so that default values
344 // for flags, etc. can be omitted.
345 // TODO(yoz): Simplify the way initialization is done. APIPermissionInfo
346 // should be the simple data struct.
348 APIPermission::ID id;
352 PermissionMessage::ID message_id;
353 APIPermissionInfo::APIPermissionConstructor constructor;
356 explicit APIPermissionInfo(const InitInfo& info);
358 // Returns the localized permission message associated with this api.
359 // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows.
360 PermissionMessage GetMessage_() const;
362 const APIPermission::ID id_;
363 const char* const name_;
365 const int l10n_message_id_;
366 const PermissionMessage::ID message_id_;
367 const APIPermissionConstructor api_permission_constructor_;
370 } // namespace extensions
372 #endif // EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_