1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
6 #define EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
12 #include "base/callback.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/pickle.h"
15 #include "base/values.h"
16 #include "extensions/common/permissions/permission_message.h"
22 namespace extensions {
24 class APIPermissionInfo;
25 class ChromeAPIPermissions;
27 // APIPermission is for handling some complex permissions. Please refer to
28 // extensions::SocketPermission as an example.
29 // There is one instance per permission per loaded extension.
38 kAccessibilityFeaturesModify,
39 kAccessibilityFeaturesRead,
40 kAccessibilityPrivate,
54 kBookmarkManagerPrivate,
55 kBrailleDisplayPrivate,
65 kCommandsAccessibility,
76 kDeclarativeWebRequest,
88 kEmbeddedExtensionOptions,
89 kEnterprisePlatformKeys,
90 kEnterprisePlatformKeysPrivate,
91 kExperienceSamplingPrivate,
93 kExternallyConnectableAllUrls,
96 kFileBrowserHandlerInternal,
101 kFileSystemRetainEntries,
103 kFileSystemWriteDirectory,
127 kMediaGalleriesPrivate,
131 kMusicManagerPrivate,
134 kNotificationProvider,
136 kOverrideEscFullscreen,
160 kSyncedNotificationsPrivate,
176 kVirtualKeyboardPrivate,
181 kWebConnectable, // for externally_connectable manifest key
186 kWebrtcLoggingPrivate,
202 explicit APIPermission(const APIPermissionInfo* info);
204 virtual ~APIPermission();
206 // Returns the id of this permission.
209 // Returns the name of this permission.
210 const char* name() const;
212 // Returns the APIPermission of this permission.
213 const APIPermissionInfo* info() const {
217 // Returns true if this permission has any PermissionMessages.
218 virtual bool HasMessages() const = 0;
220 // Returns the localized permission messages of this permission.
221 virtual PermissionMessages GetMessages() const = 0;
223 // Returns true if the given permission is allowed.
224 virtual bool Check(const CheckParam* param) const = 0;
226 // Returns true if |rhs| is a subset of this.
227 virtual bool Contains(const APIPermission* rhs) const = 0;
229 // Returns true if |rhs| is equal to this.
230 virtual bool Equal(const APIPermission* rhs) const = 0;
232 // Parses the APIPermission from |value|. Returns false if an error happens
233 // and optionally set |error| if |error| is not NULL. If |value| represents
234 // multiple permissions, some are invalid, and |unhandled_permissions| is
235 // not NULL, the invalid ones are put into |unhandled_permissions| and the
236 // function returns true.
237 virtual bool FromValue(const base::Value* value,
239 std::vector<std::string>* unhandled_permissions) = 0;
241 // Stores this into a new created |value|.
242 virtual scoped_ptr<base::Value> ToValue() const = 0;
245 virtual APIPermission* Clone() const = 0;
247 // Returns a new API permission which equals this - |rhs|.
248 virtual APIPermission* Diff(const APIPermission* rhs) const = 0;
250 // Returns a new API permission which equals the union of this and |rhs|.
251 virtual APIPermission* Union(const APIPermission* rhs) const = 0;
253 // Returns a new API permission which equals the intersect of this and |rhs|.
254 virtual APIPermission* Intersect(const APIPermission* rhs) const = 0;
257 // Writes this into the given IPC message |m|.
258 virtual void Write(IPC::Message* m) const = 0;
260 // Reads from the given IPC message |m|.
261 virtual bool Read(const IPC::Message* m, PickleIterator* iter) = 0;
263 // Logs this permission.
264 virtual void Log(std::string* log) const = 0;
267 // Returns the localized permission message associated with this api.
268 // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows.
269 PermissionMessage GetMessage_() const;
272 const APIPermissionInfo* const info_;
276 // The APIPermissionInfo is an immutable class that describes a single
277 // named permission (API permission).
278 // There is one instance per permission.
279 class APIPermissionInfo {
284 // Indicates if the permission implies full access (native code).
285 kFlagImpliesFullAccess = 1 << 0,
287 // Indicates if the permission implies full URL access.
288 kFlagImpliesFullURLAccess = 1 << 1,
290 // Indicates that extensions cannot specify the permission as optional.
291 kFlagCannotBeOptional = 1 << 3,
293 // Indicates that the permission is internal to the extensions
294 // system and cannot be specified in the "permissions" list.
295 kFlagInternal = 1 << 4,
298 typedef APIPermission* (*APIPermissionConstructor)(const APIPermissionInfo*);
300 typedef std::set<APIPermission::ID> IDSet;
302 ~APIPermissionInfo();
304 // Creates a APIPermission instance.
305 APIPermission* CreateAPIPermission() const;
307 int flags() const { return flags_; }
309 APIPermission::ID id() const { return id_; }
311 // Returns the message id associated with this permission.
312 PermissionMessage::ID message_id() const {
316 // Returns the name of this permission.
317 const char* name() const { return name_; }
319 // Returns true if this permission implies full access (e.g., native code).
320 bool implies_full_access() const {
321 return (flags_ & kFlagImpliesFullAccess) != 0;
324 // Returns true if this permission implies full URL access.
325 bool implies_full_url_access() const {
326 return (flags_ & kFlagImpliesFullURLAccess) != 0;
329 // Returns true if this permission can be added and removed via the
330 // optional permissions extension API.
331 bool supports_optional() const {
332 return (flags_ & kFlagCannotBeOptional) == 0;
335 // Returns true if this permission is internal rather than a
336 // "permissions" list entry.
337 bool is_internal() const {
338 return (flags_ & kFlagInternal) != 0;
342 // Instances should only be constructed from within a PermissionsProvider.
343 friend class ChromeAPIPermissions;
344 friend class ExtensionsAPIPermissions;
345 // Implementations of APIPermission will want to get the permission message,
346 // but this class's implementation should be hidden from everyone else.
347 friend class APIPermission;
349 // This exists to allow aggregate initialization, so that default values
350 // for flags, etc. can be omitted.
351 // TODO(yoz): Simplify the way initialization is done. APIPermissionInfo
352 // should be the simple data struct.
354 APIPermission::ID id;
358 PermissionMessage::ID message_id;
359 APIPermissionInfo::APIPermissionConstructor constructor;
362 explicit APIPermissionInfo(const InitInfo& info);
364 // Returns the localized permission message associated with this api.
365 // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows.
366 PermissionMessage GetMessage_() const;
368 const APIPermission::ID id_;
369 const char* const name_;
371 const int l10n_message_id_;
372 const PermissionMessage::ID message_id_;
373 const APIPermissionConstructor api_permission_constructor_;
376 } // namespace extensions
378 #endif // EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_