1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
|
// Copyright 2013 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_
#define EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_
#include <set>
#include <string>
#include "base/gtest_prod_util.h"
#include "extensions/common/mojom/api_permission_id.mojom-shared.h"
#include "extensions/common/permissions/api_permission.h"
#include "extensions/common/permissions/api_permission_set.h"
#include "extensions/common/permissions/manifest_permission.h"
#include "extensions/common/permissions/manifest_permission_set.h"
#include "extensions/common/url_pattern_set.h"
namespace extensions {
// The PermissionSet is a class that encapsulates extension permissions of
// different types (manifest permissions, API permissions, explicit hosts, and
// scriptable hosts).
class PermissionSet {
public:
// Creates an empty permission set (e.g. default permissions).
PermissionSet();
// Creates a new permission set based on the specified data: the API
// permissions, manifest key permissions, host permissions, and scriptable
// hosts. The effective hosts of the newly created permission set will be
// inferred from the given host permissions.
PermissionSet(APIPermissionSet apis,
ManifestPermissionSet manifest_permissions,
URLPatternSet explicit_hosts,
URLPatternSet scriptable_hosts);
PermissionSet& operator=(const PermissionSet&) = delete;
~PermissionSet();
PermissionSet(PermissionSet&& other);
PermissionSet& operator=(PermissionSet&& other);
// Creates a new permission set equal to |set1| - |set2|.
static std::unique_ptr<PermissionSet> CreateDifference(
const PermissionSet& set1,
const PermissionSet& set2);
// Creates a new permission set equal to the intersection of |set1| and
// |set2|.
// TODO(crbug.com/40586635): Audit callers of CreateIntersection() and
// have them determine the proper intersection behavior.
static std::unique_ptr<PermissionSet> CreateIntersection(
const PermissionSet& set1,
const PermissionSet& set2,
URLPatternSet::IntersectionBehavior intersection_behavior =
URLPatternSet::IntersectionBehavior::kPatternsContainedByBoth);
// Creates a new permission set equal to the union of |set1| and |set2|.
static std::unique_ptr<PermissionSet> CreateUnion(const PermissionSet& set1,
const PermissionSet& set2);
bool operator==(const PermissionSet& rhs) const;
bool operator!=(const PermissionSet& rhs) const;
// Returns a copy of this PermissionSet.
std::unique_ptr<PermissionSet> Clone() const;
// Returns true if every API or host permission available to `set` is also
// available to this. In other words, if the API permissions of `set` are a
// subset of this, and the host permissions in this encompass those in `set`.
bool Contains(const PermissionSet& set) const;
// Gets the API permissions in this set as a set of strings.
std::set<std::string> GetAPIsAsStrings() const;
// Returns true if this is an empty set (e.g., the default permission set).
bool IsEmpty() const;
// Returns true if the set has the specified API permission.
bool HasAPIPermission(mojom::APIPermissionID permission) const;
// Returns true if the `extension` explicitly requests access to the given
// `permission_name`. Note this does not include APIs without no corresponding
// permission, like "runtime" or "browserAction".
bool HasAPIPermission(const std::string& permission_name) const;
// Returns true if the set allows the given permission with the default
// permission detal.
bool CheckAPIPermission(mojom::APIPermissionID permission) const;
// Returns true if the set allows the given permission and permission param.
bool CheckAPIPermissionWithParam(
mojom::APIPermissionID permission,
const APIPermission::CheckParam* param) const;
// Returns true if this includes permission to access `origin`.
bool HasExplicitAccessToOrigin(const GURL& origin) const;
// Returns true if this permission set includes effective access to all
// origins.
bool HasEffectiveAccessToAllHosts() const;
// Returns true if this permission set has access to so many hosts, that we
// should treat it as all hosts for warning purposes.
// For example, '*://*.com/*'.
// If `include_api_permissions` is true, this will look at both host
// permissions and API permissions. Otherwise, this only looks at
// host permissions.
bool ShouldWarnAllHosts(bool include_api_permissions = true) const;
// Returns true if this permission set includes effective access to `url`.
bool HasEffectiveAccessToURL(const GURL& url) const;
// Sets the different permissions on the PermissionSet.
void SetAPIPermissions(APIPermissionSet new_apis);
void SetManifestPermissions(ManifestPermissionSet new_manifest_permissions);
void SetExplicitHosts(URLPatternSet new_explicit_hosts);
void SetScriptableHosts(URLPatternSet new_scriptable_hosts);
const APIPermissionSet& apis() const { return apis_; }
const ManifestPermissionSet& manifest_permissions() const {
return manifest_permissions_;
}
const URLPatternSet& effective_hosts() const { return effective_hosts_; }
const URLPatternSet& explicit_hosts() const { return explicit_hosts_; }
const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; }
private:
FRIEND_TEST_ALL_PREFIXES(PermissionsTest, GetWarningMessages_AudioVideo);
FRIEND_TEST_ALL_PREFIXES(PermissionsTest, AccessToDevicesMessages);
// Deliberate copy constructor for cloning the set.
PermissionSet(const PermissionSet& permission_set);
// Cleans up any explicit host paths - explicit hosts require the path to be
// "/*", and we implicitly make this change.
void CleanExplicitHostPaths();
// Initializes the effective host permission based on the data in this set.
void InitEffectiveHosts();
// Initializes whether we should present the user with the "all hosts" warning
// for either the included host permissions or API permissions.
void InitShouldWarnAllHostsForHostPermissions() const;
void InitShouldWarnAllHostsForAPIPermissions() const;
// The api list is used when deciding if an extension can access certain
// extension APIs and features.
APIPermissionSet apis_;
// The manifest key permission list is used when deciding if an extension
// can access certain extension APIs and features.
ManifestPermissionSet manifest_permissions_;
// The list of hosts that can be accessed directly from the extension.
URLPatternSet explicit_hosts_;
// The list of hosts that can be scripted by content scripts.
URLPatternSet scriptable_hosts_;
// The list of hosts this effectively grants access to.
URLPatternSet effective_hosts_;
enum ShouldWarnAllHostsType {
UNINITIALIZED = 0,
WARN_ALL_HOSTS,
DONT_WARN_ALL_HOSTS
};
// Cache whether this set implies access to all hosts, because it's
// non-trivial to compute (lazily initialized).
mutable ShouldWarnAllHostsType host_permissions_should_warn_all_hosts_ =
UNINITIALIZED;
mutable ShouldWarnAllHostsType api_permissions_should_warn_all_hosts_ =
UNINITIALIZED;
};
} // namespace extensions
#endif // EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_
|
