1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
|
// Copyright 2013 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "extensions/common/permissions/api_permission_set.h"
#include <algorithm>
#include "base/containers/contains.h"
#include "base/logging.h"
#include "base/stl_util.h"
#include "base/strings/string_number_conversions.h"
#include "base/values.h"
#include "extensions/common/error_utils.h"
#include "extensions/common/manifest_constants.h"
#include "extensions/common/permissions/permissions_info.h"
using extensions::mojom::APIPermissionID;
namespace extensions {
namespace errors = manifest_errors;
namespace {
// Helper object that is implicitly constructible from both a PermissionID and
// from an mojom::APIPermissionID.
struct PermissionIDCompareHelper {
PermissionIDCompareHelper(const PermissionID& id) : id(id.id()) {}
PermissionIDCompareHelper(const APIPermissionID id) : id(id) {}
APIPermissionID id;
};
bool CreateAPIPermission(const std::string& permission_str,
const base::Value* permission_value,
APIPermissionSet::ParseSource source,
APIPermissionSet* api_permissions,
std::u16string* error,
std::vector<std::string>* unhandled_permissions) {
const APIPermissionInfo* permission_info =
PermissionsInfo::GetInstance()->GetByName(permission_str);
if (permission_info) {
if (source != APIPermissionSet::kAllowInternalPermissions &&
permission_info->is_internal()) {
// Treat internal permissions as unhandled if we don't allow them. This
// prevents us from hard erroring in the case that we ever change a
// permission from internal to not or vice versa.
if (unhandled_permissions) {
unhandled_permissions->push_back(permission_str);
}
return true;
}
std::unique_ptr<APIPermission> permission(
permission_info->CreateAPIPermission());
std::string error_details;
if (!permission->FromValue(permission_value, &error_details,
unhandled_permissions)) {
if (error) {
if (error_details.empty()) {
*error = ErrorUtils::FormatErrorMessageUTF16(
errors::kInvalidPermission,
permission_info->name());
} else {
*error = ErrorUtils::FormatErrorMessageUTF16(
errors::kInvalidPermissionWithDetail,
permission_info->name(),
error_details);
}
return false;
}
VLOG(1) << "Parse permission failed.";
} else {
api_permissions->insert(std::move(permission));
}
return true;
}
if (unhandled_permissions)
unhandled_permissions->push_back(permission_str);
else
VLOG(1) << "Unknown permission[" << permission_str << "].";
return true;
}
bool ParseChildPermissions(const std::string& base_name,
const base::Value* permission_value,
APIPermissionSet::ParseSource source,
APIPermissionSet* api_permissions,
std::u16string* error,
std::vector<std::string>* unhandled_permissions) {
if (permission_value) {
if (!permission_value->is_list()) {
if (error) {
*error = ErrorUtils::FormatErrorMessageUTF16(
errors::kInvalidPermission, base_name);
return false;
}
VLOG(1) << "Permission value is not a list.";
// Failed to parse, but since error is NULL, failures are not fatal so
// return true here anyway.
return true;
}
const base::Value::List& list = permission_value->GetList();
for (size_t i = 0; i < list.size(); ++i) {
std::string permission_str;
if (!list[i].is_string()) {
// permission should be a string
if (error) {
*error = ErrorUtils::FormatErrorMessageUTF16(
errors::kInvalidPermission,
base_name + '.' + base::NumberToString(i));
return false;
}
VLOG(1) << "Permission is not a string.";
continue;
}
if (!CreateAPIPermission(base_name + '.' + list[i].GetString(), nullptr,
source, api_permissions, error,
unhandled_permissions))
return false;
}
}
return CreateAPIPermission(base_name, nullptr, source, api_permissions, error,
nullptr);
}
} // namespace
void APIPermissionSet::insert(APIPermissionID id) {
const APIPermissionInfo* permission_info =
PermissionsInfo::GetInstance()->GetByID(id);
DCHECK(permission_info);
insert(permission_info->CreateAPIPermission());
}
void APIPermissionSet::insert(std::unique_ptr<APIPermission> permission) {
BaseSetOperators<APIPermissionSet>::insert(std::move(permission));
}
// static
bool APIPermissionSet::ParseFromJSON(
const base::Value::List& permissions,
APIPermissionSet::ParseSource source,
APIPermissionSet* api_permissions,
std::u16string* error,
std::vector<std::string>* unhandled_permissions) {
for (size_t i = 0; i < permissions.size(); ++i) {
std::string permission_str;
const base::Value* permission_value = nullptr;
// permission should be a string or a single key dict.
if (permissions[i].is_string()) {
permission_str = permissions[i].GetString();
} else if (permissions[i].is_dict() &&
permissions[i].GetDict().size() == 1) {
auto dict_iter = permissions[i].GetDict().begin();
permission_str = dict_iter->first;
permission_value = &dict_iter->second;
} else {
if (error) {
*error = ErrorUtils::FormatErrorMessageUTF16(errors::kInvalidPermission,
base::NumberToString(i));
return false;
}
VLOG(1) << "Permission is not a string or single key dict.";
continue;
}
// Check if this permission is a special case where its value should
// be treated as a list of child permissions.
if (PermissionsInfo::GetInstance()->HasChildPermissions(permission_str)) {
if (!ParseChildPermissions(permission_str, permission_value, source,
api_permissions, error, unhandled_permissions))
return false;
continue;
}
if (!CreateAPIPermission(permission_str, permission_value, source,
api_permissions, error, unhandled_permissions))
return false;
}
return true;
}
PermissionID::PermissionID(APIPermissionID id)
: std::pair<APIPermissionID, std::u16string>(id, std::u16string()) {}
PermissionID::PermissionID(APIPermissionID id, const std::u16string& parameter)
: std::pair<APIPermissionID, std::u16string>(id, parameter) {}
PermissionID::~PermissionID() {
}
PermissionIDSet::PermissionIDSet() {
}
PermissionIDSet::PermissionIDSet(
std::initializer_list<APIPermissionID> permissions) {
for (auto permission : permissions) {
permissions_.insert(PermissionID(permission));
}
}
PermissionIDSet::PermissionIDSet(const PermissionIDSet& other) = default;
PermissionIDSet::~PermissionIDSet() {
}
void PermissionIDSet::insert(APIPermissionID permission_id) {
insert(permission_id, std::u16string());
}
void PermissionIDSet::insert(APIPermissionID permission_id,
const std::u16string& permission_detail) {
permissions_.insert(PermissionID(permission_id, permission_detail));
}
void PermissionIDSet::InsertAll(const PermissionIDSet& permission_set) {
for (const auto& permission : permission_set.permissions_) {
permissions_.insert(permission);
}
}
void PermissionIDSet::erase(APIPermissionID permission_id) {
auto lower_bound = permissions_.lower_bound(PermissionID(permission_id));
auto upper_bound = lower_bound;
while (upper_bound != permissions_.end() &&
upper_bound->id() == permission_id) {
++upper_bound;
}
permissions_.erase(lower_bound, upper_bound);
}
std::vector<std::u16string> PermissionIDSet::GetAllPermissionParameters()
const {
std::vector<std::u16string> params;
for (const auto& permission : permissions_) {
params.push_back(permission.parameter());
}
return params;
}
bool PermissionIDSet::ContainsID(PermissionID permission_id) const {
auto it = permissions_.lower_bound(permission_id);
return it != permissions_.end() && it->id() == permission_id.id();
}
bool PermissionIDSet::ContainsID(APIPermissionID permission_id) const {
return ContainsID(PermissionID(permission_id));
}
bool PermissionIDSet::ContainsAllIDs(
const std::set<APIPermissionID>& permission_ids) const {
return std::includes(permissions_.begin(), permissions_.end(),
permission_ids.begin(), permission_ids.end(),
[] (const PermissionIDCompareHelper& lhs,
const PermissionIDCompareHelper& rhs) {
return lhs.id < rhs.id;
});
}
bool PermissionIDSet::ContainsAnyID(
const std::set<APIPermissionID>& permission_ids) const {
for (APIPermissionID id : permission_ids) {
if (ContainsID(id))
return true;
}
return false;
}
bool PermissionIDSet::ContainsAnyID(const PermissionIDSet& other) const {
for (const auto& id : other) {
if (ContainsID(id))
return true;
}
return false;
}
PermissionIDSet PermissionIDSet::GetAllPermissionsWithID(
APIPermissionID permission_id) const {
PermissionIDSet subset;
auto it = permissions_.lower_bound(PermissionID(permission_id));
while (it != permissions_.end() && it->id() == permission_id) {
subset.permissions_.insert(*it);
++it;
}
return subset;
}
PermissionIDSet PermissionIDSet::GetAllPermissionsWithIDs(
const std::set<APIPermissionID>& permission_ids) const {
PermissionIDSet subset;
for (const auto& permission : permissions_) {
if (base::Contains(permission_ids, permission.id())) {
subset.permissions_.insert(permission);
}
}
return subset;
}
bool PermissionIDSet::Includes(const PermissionIDSet& subset) const {
return std::ranges::includes(permissions_, subset.permissions_);
}
bool PermissionIDSet::Equals(const PermissionIDSet& set) const {
return permissions_ == set.permissions_;
}
// static
PermissionIDSet PermissionIDSet::Difference(const PermissionIDSet& set_1,
const PermissionIDSet& set_2) {
return PermissionIDSet(base::STLSetDifference<std::set<PermissionID>>(
set_1.permissions_, set_2.permissions_));
}
size_t PermissionIDSet::size() const {
return permissions_.size();
}
bool PermissionIDSet::empty() const {
return permissions_.empty();
}
PermissionIDSet::PermissionIDSet(const std::set<PermissionID>& permissions)
: permissions_(permissions) {
}
} // namespace extensions
|
