1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_PERMISSIONS_DATA_H_
6 #define EXTENSIONS_COMMON_PERMISSIONS_PERMISSIONS_DATA_H_
12 #include "base/memory/ref_counted.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/strings/string16.h"
15 #include "base/synchronization/lock.h"
16 #include "extensions/common/extension.h"
17 #include "extensions/common/manifest.h"
18 #include "extensions/common/permissions/api_permission.h"
19 #include "extensions/common/permissions/permission_message.h"
20 #include "extensions/common/permissions/permission_set.h"
24 namespace extensions {
31 // A container for the active permissions of an extension.
32 // TODO(rdevlin.cronin): For the love of everything good, rename this class to
33 // ActivePermissions. We do *not* need PermissionsParser, PermissionSet,
34 // PermissionInfo, and PermissionsData. No one will be able to keep them
36 class PermissionsData {
38 // The possible types of access for a given frame.
40 ACCESS_DENIED, // The extension is not allowed to access the given page.
41 ACCESS_ALLOWED, // The extension is allowed to access the given page.
42 ACCESS_WITHHELD // The browser must determine if the extension can access
46 // Delegate class to allow different contexts (e.g. browser vs renderer) to
47 // have control over policy decisions.
48 class PolicyDelegate {
50 virtual ~PolicyDelegate() {}
52 // Returns false if script access should be blocked on this page.
53 // Otherwise, default policy should decide.
54 virtual bool CanExecuteScriptOnPage(const Extension* extension,
55 const GURL& document_url,
56 const GURL& top_document_url,
59 std::string* error) = 0;
62 static void SetPolicyDelegate(PolicyDelegate* delegate);
64 PermissionsData(const Extension* extension);
65 virtual ~PermissionsData();
67 // Returns true if the |extension| can silently increase its permission level.
68 // Users must approve permissions for unpacked and packed extensions in the
69 // following situations:
70 // - when installing or upgrading packed extensions
71 // - when installing unpacked extensions that have NPAPI plugins
72 // - when either type of extension requests optional permissions
73 static bool CanSilentlyIncreasePermissions(const Extension* extension);
75 // Returns true if the extension is a COMPONENT extension or is on the
76 // whitelist of extensions that can script all pages.
77 static bool CanExecuteScriptEverywhere(const Extension* extension);
79 // Returns true if we should skip the permisisons warning for the extension
80 // with the given |extension_id|.
81 static bool ShouldSkipPermissionWarnings(const std::string& extension_id);
83 // Returns true if the given |url| is restricted for the given |extension|,
84 // as is commonly the case for chrome:// urls.
85 // NOTE: You probably want to use CanAccessPage().
86 static bool IsRestrictedUrl(const GURL& document_url,
87 const GURL& top_frame_url,
88 const Extension* extension,
91 // Sets the runtime permissions of the given |extension| to |active| and
93 void SetPermissions(const scoped_refptr<const PermissionSet>& active,
94 const scoped_refptr<const PermissionSet>& withheld) const;
96 // Updates the tab-specific permissions of |tab_id| to include those from
98 void UpdateTabSpecificPermissions(
100 scoped_refptr<const PermissionSet> permissions) const;
102 // Clears the tab-specific permissions of |tab_id|.
103 void ClearTabSpecificPermissions(int tab_id) const;
105 // Returns true if the |extension| has the given |permission|. Prefer
106 // IsExtensionWithPermissionOrSuggestInConsole when developers may be using an
107 // api that requires a permission they didn't know about, e.g. open web apis.
108 // Note this does not include APIs with no corresponding permission, like
109 // "runtime" or "browserAction".
110 // TODO(mpcomplete): drop the "API" from these names, it's confusing.
111 bool HasAPIPermission(APIPermission::ID permission) const;
112 bool HasAPIPermission(const std::string& permission_name) const;
113 bool HasAPIPermissionForTab(int tab_id, APIPermission::ID permission) const;
114 bool CheckAPIPermissionWithParam(
115 APIPermission::ID permission,
116 const APIPermission::CheckParam* param) const;
118 // TODO(rdevlin.cronin): GetEffectiveHostPermissions(), HasHostPermission(),
119 // and HasEffectiveAccessToAllHosts() are just forwards for the active
120 // permissions. We should either get rid of these, and have callers use
121 // active_permissions(), or should get rid of active_permissions(), and make
122 // callers use PermissionsData for everything. We should not do both.
124 // Returns the effective hosts associated with the active permissions.
125 const URLPatternSet& GetEffectiveHostPermissions() const;
127 // Whether the extension has access to the given |url|.
128 bool HasHostPermission(const GURL& url) const;
130 // Whether the extension has effective access to all hosts. This is true if
131 // there is a content script that matches all hosts, if there is a host
132 // permission grants access to all hosts (like <all_urls>) or an api
133 // permission that effectively grants access to all hosts (e.g. proxy,
135 bool HasEffectiveAccessToAllHosts() const;
137 // Returns the full list of permission messages that should display at
139 PermissionMessages GetPermissionMessages() const;
141 // Returns the full list of permission messages that should display at install
143 std::vector<base::string16> GetPermissionMessageStrings() const;
145 // Returns the full list of permission details for messages that should
146 // display at install time as strings.
147 std::vector<base::string16> GetPermissionMessageDetailsStrings() const;
149 // Returns true if the extension has requested all-hosts permissions (or
150 // something close to it), but has had it withheld.
151 bool HasWithheldImpliedAllHosts() const;
153 // Returns true if the |extension| has permission to access and interact with
154 // the specified page, in order to do things like inject scripts or modify
156 // If this returns false and |error| is non-NULL, |error| will be popualted
157 // with the reason the extension cannot access the page.
158 bool CanAccessPage(const Extension* extension,
159 const GURL& document_url,
160 const GURL& top_document_url,
163 std::string* error) const;
164 // Like CanAccessPage, but also takes withheld permissions into account.
165 // TODO(rdevlin.cronin) We shouldn't have two functions, but not all callers
166 // know how to wait for permission.
167 AccessType GetPageAccess(const Extension* extension,
168 const GURL& document_url,
169 const GURL& top_document_url,
172 std::string* error) const;
174 // Returns true if the |extension| has permission to inject a content script
176 // If this returns false and |error| is non-NULL, |error| will be popualted
177 // with the reason the extension cannot script the page.
178 // NOTE: You almost certainly want to use CanAccessPage() instead of this
180 bool CanRunContentScriptOnPage(const Extension* extension,
181 const GURL& document_url,
182 const GURL& top_document_url,
185 std::string* error) const;
186 // Like CanRunContentScriptOnPage, but also takes withheld permissions into
188 // TODO(rdevlin.cronin) We shouldn't have two functions, but not all callers
189 // know how to wait for permission.
190 AccessType GetContentScriptAccess(const Extension* extension,
191 const GURL& document_url,
192 const GURL& top_document_url,
195 std::string* error) const;
197 // Returns true if extension is allowed to obtain the contents of a page as
198 // an image. Since a page may contain sensitive information, this is
199 // restricted to the extension's host permissions as well as the extension
201 bool CanCaptureVisiblePage(int tab_id, std::string* error) const;
203 scoped_refptr<const PermissionSet> active_permissions() const {
204 base::AutoLock auto_lock(runtime_lock_);
205 return active_permissions_unsafe_;
208 scoped_refptr<const PermissionSet> withheld_permissions() const {
209 base::AutoLock auto_lock(runtime_lock_);
210 return withheld_permissions_unsafe_;
213 #if defined(UNIT_TEST)
214 scoped_refptr<const PermissionSet> GetTabSpecificPermissionsForTesting(
216 return GetTabSpecificPermissions(tab_id);
221 typedef std::map<int, scoped_refptr<const PermissionSet> > TabPermissionsMap;
223 // Gets the tab-specific host permissions of |tab_id|, or NULL if there
225 scoped_refptr<const PermissionSet> GetTabSpecificPermissions(
228 // Returns true if the |extension| has tab-specific permission to operate on
229 // the tab specified by |tab_id| with the given |url|.
230 // Note that if this returns false, it doesn't mean the extension can't run on
231 // the given tab, only that it does not have tab-specific permission to do so.
232 bool HasTabSpecificPermissionToExecuteScript(int tab_id,
233 const GURL& url) const;
235 // Returns whether or not the extension is permitted to run on the given page,
236 // checking against |permitted_url_patterns| in addition to blocking special
237 // sites (like the webstore or chrome:// urls).
238 AccessType CanRunOnPage(const Extension* extension,
239 const GURL& document_url,
240 const GURL& top_document_url,
243 const URLPatternSet& permitted_url_patterns,
244 const URLPatternSet& withheld_url_patterns,
245 std::string* error) const;
247 // The associated extension's id.
248 std::string extension_id_;
250 // The associated extension's manifest type.
251 Manifest::Type manifest_type_;
253 mutable base::Lock runtime_lock_;
255 // The permission's which are currently active on the extension during
257 // Unsafe indicates that we must lock anytime this is directly accessed.
258 // Unless you need to change |active_permissions_unsafe_|, use the (safe)
259 // active_permissions() accessor.
260 mutable scoped_refptr<const PermissionSet> active_permissions_unsafe_;
262 // The permissions the extension requested, but was not granted due because
263 // they are too powerful. This includes things like all_hosts.
264 // Unsafe indicates that we must lock anytime this is directly accessed.
265 // Unless you need to change |withheld_permissions_unsafe_|, use the (safe)
266 // withheld_permissions() accessor.
267 mutable scoped_refptr<const PermissionSet> withheld_permissions_unsafe_;
269 mutable TabPermissionsMap tab_specific_permissions_;
271 DISALLOW_COPY_AND_ASSIGN(PermissionsData);
274 } // namespace extensions
276 #endif // EXTENSIONS_COMMON_PERMISSIONS_PERMISSIONS_DATA_H_