1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_
6 #define EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_
13 #include "base/gtest_prod_util.h"
14 #include "base/memory/ref_counted.h"
15 #include "base/memory/singleton.h"
16 #include "base/strings/string16.h"
17 #include "extensions/common/manifest.h"
18 #include "extensions/common/permissions/api_permission.h"
19 #include "extensions/common/permissions/api_permission_set.h"
20 #include "extensions/common/url_pattern_set.h"
22 namespace extensions {
25 // The PermissionSet is an immutable class that encapsulates an
26 // extension's permissions. The class exposes set operations for combining and
27 // manipulating the permissions.
29 : public base::RefCountedThreadSafe<PermissionSet> {
31 // Creates an empty permission set (e.g. default permissions).
34 // Creates a new permission set based on the specified data: the API
35 // permissions, host permissions, and scriptable hosts. The effective hosts
36 // of the newly created permission set will be inferred from the given
38 PermissionSet(const APIPermissionSet& apis,
39 const URLPatternSet& explicit_hosts,
40 const URLPatternSet& scriptable_hosts);
42 // Creates a new permission set equal to |set1| - |set2|, passing ownership of
43 // the new set to the caller.
44 static PermissionSet* CreateDifference(
45 const PermissionSet* set1, const PermissionSet* set2);
47 // Creates a new permission set equal to the intersection of |set1| and
48 // |set2|, passing ownership of the new set to the caller.
49 static PermissionSet* CreateIntersection(
50 const PermissionSet* set1, const PermissionSet* set2);
52 // Creates a new permission set equal to the union of |set1| and |set2|.
53 // Passes ownership of the new set to the caller.
54 static PermissionSet* CreateUnion(
55 const PermissionSet* set1, const PermissionSet* set2);
57 bool operator==(const PermissionSet& rhs) const;
59 // Returns true if every API or host permission available to |set| is also
60 // available to this. In other words, if the API permissions of |set| are a
61 // subset of this, and the host permissions in this encompass those in |set|.
62 bool Contains(const PermissionSet& set) const;
64 // Gets the API permissions in this set as a set of strings.
65 std::set<std::string> GetAPIsAsStrings() const;
67 // Returns true if this is an empty set (e.g., the default permission set).
70 // Returns true if the set has the specified API permission.
71 bool HasAPIPermission(APIPermission::ID permission) const;
73 // Returns true if the |extension| explicitly requests access to the given
74 // |permission_name|. Note this does not include APIs without no corresponding
75 // permission, like "runtime" or "browserAction".
76 bool HasAPIPermission(const std::string& permission_name) const;
78 // Returns true if the set allows the given permission with the default
80 bool CheckAPIPermission(APIPermission::ID permission) const;
82 // Returns true if the set allows the given permission and permission param.
83 bool CheckAPIPermissionWithParam(APIPermission::ID permission,
84 const APIPermission::CheckParam* param) const;
86 // Returns true if this includes permission to access |origin|.
87 bool HasExplicitAccessToOrigin(const GURL& origin) const;
89 // Returns true if this permission set includes access to script |url|.
90 bool HasScriptableAccessToURL(const GURL& url) const;
92 // Returns true if this permission set includes effective access to all
94 bool HasEffectiveAccessToAllHosts() const;
96 // Returns true if this permission set includes effective access to |url|.
97 bool HasEffectiveAccessToURL(const GURL& url) const;
99 // Returns true if this permission set effectively represents full access
100 // (e.g. native code).
101 bool HasEffectiveFullAccess() const;
103 const APIPermissionSet& apis() const { return apis_; }
105 const URLPatternSet& effective_hosts() const { return effective_hosts_; }
107 const URLPatternSet& explicit_hosts() const { return explicit_hosts_; }
109 const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; }
112 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, GetWarningMessages_AudioVideo);
113 friend class base::RefCountedThreadSafe<PermissionSet>;
117 void AddAPIPermission(APIPermission::ID id);
119 // Adds permissions implied independently of other context.
120 void InitImplicitPermissions();
122 // Initializes the effective host permission based on the data in this set.
123 void InitEffectiveHosts();
125 // The api list is used when deciding if an extension can access certain
126 // extension APIs and features.
127 APIPermissionSet apis_;
129 // The list of hosts that can be accessed directly from the extension.
130 // TODO(jstritar): Rename to "hosts_"?
131 URLPatternSet explicit_hosts_;
133 // The list of hosts that can be scripted by content scripts.
134 // TODO(jstritar): Rename to "user_script_hosts_"?
135 URLPatternSet scriptable_hosts_;
137 // The list of hosts this effectively grants access to.
138 URLPatternSet effective_hosts_;
141 } // namespace extensions
143 #endif // EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_