chrome/common/extensions/permissions/permissions_data.h - platform/external/chromium_org - Git at Google

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_
 #define CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_

 #include <map>
 #include <vector>

 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/strings/string16.h"
 #include "base/synchronization/lock.h"
 #include "chrome/common/extensions/permissions/api_permission.h"
 #include "chrome/common/extensions/permissions/permission_message.h"

 class GURL;

 namespace extensions {

 class PermissionSet;
 class APIPermissionSet;
 class Extension;
 class URLPatternSet;
 class UserScript;

 // A container for the permissions data of the extension; also responsible for
 // parsing the "permissions" and "optional_permissions" manifest keys. This
 // class also contains the active (runtime) permissions for the extension.
 class PermissionsData {
  public:
   PermissionsData();
   ~PermissionsData();

   // Delegate class to allow different contexts (e.g. browser vs renderer) to
   // have control over policy decisions.
   class PolicyDelegate {
    public:
     virtual ~PolicyDelegate() {}

     // Returns false if script access should be blocked on this page.
     // Otherwise, default policy should decide.
     virtual bool CanExecuteScriptOnPage(const Extension* extension,
                                         const GURL& document_url,
                                         const GURL& top_document_url,
                                         int tab_id,
                                         const UserScript* script,
                                         int process_id,
                                         std::string* error) = 0;
   };

   static void SetPolicyDelegate(PolicyDelegate* delegate);

   // Return the optional or required permission set for the given |extension|.
   static const PermissionSet* GetOptionalPermissions(
       const Extension* extension);
   static const PermissionSet* GetRequiredPermissions(
       const Extension* extension);

   // Return the temporary API permission set which is used during extension
   // initialization. Once initialization completes, this is NULL.
   static const APIPermissionSet* GetInitialAPIPermissions(
       const Extension* extension);
   static APIPermissionSet* GetInitialAPIPermissions(Extension* extension);

   // Set the scriptable hosts for the given |extension| during initialization.
   static void SetInitialScriptableHosts(Extension* extension,
                                         const URLPatternSet& scriptable_hosts);

   // Return the active (runtime) permissions for the given |extension|.
   static scoped_refptr<const PermissionSet> GetActivePermissions(
       const Extension* extension);
   // Sets the runtime permissions of the given |extension| to |permissions|.
   static void SetActivePermissions(const Extension* extension,
                                    const PermissionSet* active);

   // Gets the tab-specific host permissions of |tab_id|, or NULL if there
   // aren't any.
   static scoped_refptr<const PermissionSet> GetTabSpecificPermissions(
       const Extension* extension,
       int tab_id);
   // Updates the tab-specific permissions of |tab_id| to include those from
   // |permissions|.
   static void UpdateTabSpecificPermissions(
       const Extension* extension,
       int tab_id,
       scoped_refptr<const PermissionSet> permissions);
   // Clears the tab-specific permissions of |tab_id|.
   static void ClearTabSpecificPermissions(const Extension* extension,
                                           int tab_id);

   // Returns true if the |extension| has the given |permission|. Prefer
   // IsExtensionWithPermissionOrSuggestInConsole when developers may be using an
   // api that requires a permission they didn't know about, e.g. open web apis.
   // Note this does not include APIs with no corresponding permission, like
   // "runtime" or "browserAction".
   // TODO(mpcomplete): drop the "API" from these names, it's confusing.
   static bool HasAPIPermission(const Extension* extension,
                                APIPermission::ID permission);
   static bool HasAPIPermission(const Extension* extension,
                                const std::string& permission_name);
   static bool HasAPIPermissionForTab(const Extension* extension,
                                      int tab_id,
                                      APIPermission::ID permission);

   static bool CheckAPIPermissionWithParam(
       const Extension* extension,
       APIPermission::ID permission,
       const APIPermission::CheckParam* param);

   static const URLPatternSet& GetEffectiveHostPermissions(
       const Extension* extension);

   // Returns true if the |extension| can silently increase its permission level.
   // Users must approve permissions for unpacked and packed extensions in the
   // following situations:
   //  - when installing or upgrading packed extensions
   //  - when installing unpacked extensions that have NPAPI plugins
   //  - when either type of extension requests optional permissions
   static bool CanSilentlyIncreasePermissions(const Extension* extension);

   // Returns true if the extension does not require permission warnings
   // to be displayed at install time.
   static bool ShouldSkipPermissionWarnings(const Extension* extension);

   // Whether the |extension| has access to the given |url|.
   static bool HasHostPermission(const Extension* extension, const GURL& url);

   // Whether the |extension| has effective access to all hosts. This is true if
   // there is a content script that matches all hosts, if there is a host
   // permission grants access to all hosts (like <all_urls>) or an api
   // permission that effectively grants access to all hosts (e.g. proxy,
   // network, etc.)
   static bool HasEffectiveAccessToAllHosts(const Extension* extension);

   // Returns the full list of permission messages that the given |extension|
   // should display at install time.
   static PermissionMessages GetPermissionMessages(const Extension* extension);
   // Returns the full list of permission messages that the given |extension|
   // should display at install time. The messages are returned as strings
   // for convenience.
   static std::vector<string16> GetPermissionMessageStrings(
       const Extension* extension);

   // Returns the full list of permission details for messages that the given
   // |extension| should display at install time. The messages are returned as
   // strings for convenience.
   static std::vector<string16> GetPermissionMessageDetailsStrings(
       const Extension* extension);

   // Returns true if the given |extension| can execute script on a page. If a
   // UserScript object is passed, permission to run that specific script is
   // checked (using its matches list). Otherwise, permission to execute script
   // programmatically is checked (using the extension's host permission).
   //
   // This method is also aware of certain special pages that extensions are
   // usually not allowed to run script on.
   static bool CanExecuteScriptOnPage(const Extension* extension,
                                      const GURL& document_url,
                                      const GURL& top_document_url,
                                      int tab_id,
                                      const UserScript* script,
                                      int process_id,
                                      std::string* error);

   // Returns true if the given |extension| is a COMPONENT extension, or if it is
   // on the whitelist of extensions that can script all pages.
   static bool CanExecuteScriptEverywhere(const Extension* extension);

   // Returns true if the |extension| is allowed to obtain the contents of a
   // page as an image.  Since a page may contain sensitive information, this
   // is restricted to the extension's host permissions as well as the
   // extension page itself.
   static bool CanCaptureVisiblePage(const Extension* extension,
                                     const GURL& page_url,
                                     int tab_id,
                                     std::string* error);

   // Parse the permissions of a given extension in the initialization process.
   bool ParsePermissions(Extension* extension, string16* error);

   // Finalize permissions after the initialization process completes.
   void FinalizePermissions(Extension* extension);

  private:
   struct InitialPermissions;
   typedef std::map<int, scoped_refptr<const PermissionSet> > TabPermissionsMap;

   // Temporary permissions during the initialization process; NULL after
   // initialization completes.
   scoped_ptr<InitialPermissions> initial_required_permissions_;
   scoped_ptr<InitialPermissions> initial_optional_permissions_;

   // The set of permissions the extension can request at runtime.
   scoped_refptr<const PermissionSet> optional_permission_set_;

   // The extension's required / default set of permissions.
   scoped_refptr<const PermissionSet> required_permission_set_;

   mutable base::Lock runtime_lock_;

   // The permission's which are currently active on the extension during
   // runtime.
   mutable scoped_refptr<const PermissionSet> active_permissions_;

   mutable TabPermissionsMap tab_specific_permissions_;

   DISALLOW_COPY_AND_ASSIGN(PermissionsData);
 };

 }  // namespace extensions

 #endif  // CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_
	// Copyright (c) 2013 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_
	#define CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_

	#include <map>
	#include <vector>

	#include "base/memory/ref_counted.h"
	#include "base/memory/scoped_ptr.h"
	#include "base/strings/string16.h"
	#include "base/synchronization/lock.h"
	#include "chrome/common/extensions/permissions/api_permission.h"
	#include "chrome/common/extensions/permissions/permission_message.h"

	class GURL;

	namespace extensions {

	class PermissionSet;
	class APIPermissionSet;
	class Extension;
	class URLPatternSet;
	class UserScript;

	// A container for the permissions data of the extension; also responsible for
	// parsing the "permissions" and "optional_permissions" manifest keys. This
	// class also contains the active (runtime) permissions for the extension.
	class PermissionsData {
	public:
	PermissionsData();
	~PermissionsData();

	// Delegate class to allow different contexts (e.g. browser vs renderer) to
	// have control over policy decisions.
	class PolicyDelegate {
	public:
	virtual ~PolicyDelegate() {}

	// Returns false if script access should be blocked on this page.
	// Otherwise, default policy should decide.
	virtual bool CanExecuteScriptOnPage(const Extension* extension,
	const GURL& document_url,
	const GURL& top_document_url,
	int tab_id,
	const UserScript* script,
	int process_id,
	std::string* error) = 0;
	};

	static void SetPolicyDelegate(PolicyDelegate* delegate);

	// Return the optional or required permission set for the given \|extension\|.
	static const PermissionSet* GetOptionalPermissions(
	const Extension* extension);
	static const PermissionSet* GetRequiredPermissions(
	const Extension* extension);

	// Return the temporary API permission set which is used during extension
	// initialization. Once initialization completes, this is NULL.
	static const APIPermissionSet* GetInitialAPIPermissions(
	const Extension* extension);
	static APIPermissionSet* GetInitialAPIPermissions(Extension* extension);

	// Set the scriptable hosts for the given \|extension\| during initialization.
	static void SetInitialScriptableHosts(Extension* extension,
	const URLPatternSet& scriptable_hosts);

	// Return the active (runtime) permissions for the given \|extension\|.
	static scoped_refptr<const PermissionSet> GetActivePermissions(
	const Extension* extension);
	// Sets the runtime permissions of the given \|extension\| to \|permissions\|.
	static void SetActivePermissions(const Extension* extension,
	const PermissionSet* active);

	// Gets the tab-specific host permissions of \|tab_id\|, or NULL if there
	// aren't any.
	static scoped_refptr<const PermissionSet> GetTabSpecificPermissions(
	const Extension* extension,
	int tab_id);
	// Updates the tab-specific permissions of \|tab_id\| to include those from
	// \|permissions\|.
	static void UpdateTabSpecificPermissions(
	const Extension* extension,
	int tab_id,
	scoped_refptr<const PermissionSet> permissions);
	// Clears the tab-specific permissions of \|tab_id\|.
	static void ClearTabSpecificPermissions(const Extension* extension,
	int tab_id);

	// Returns true if the \|extension\| has the given \|permission\|. Prefer
	// IsExtensionWithPermissionOrSuggestInConsole when developers may be using an
	// api that requires a permission they didn't know about, e.g. open web apis.
	// Note this does not include APIs with no corresponding permission, like
	// "runtime" or "browserAction".
	// TODO(mpcomplete): drop the "API" from these names, it's confusing.
	static bool HasAPIPermission(const Extension* extension,
	APIPermission::ID permission);
	static bool HasAPIPermission(const Extension* extension,
	const std::string& permission_name);
	static bool HasAPIPermissionForTab(const Extension* extension,
	int tab_id,
	APIPermission::ID permission);

	static bool CheckAPIPermissionWithParam(
	const Extension* extension,
	APIPermission::ID permission,
	const APIPermission::CheckParam* param);

	static const URLPatternSet& GetEffectiveHostPermissions(
	const Extension* extension);

	// Returns true if the \|extension\| can silently increase its permission level.
	// Users must approve permissions for unpacked and packed extensions in the
	// following situations:
	// - when installing or upgrading packed extensions
	// - when installing unpacked extensions that have NPAPI plugins
	// - when either type of extension requests optional permissions
	static bool CanSilentlyIncreasePermissions(const Extension* extension);

	// Returns true if the extension does not require permission warnings
	// to be displayed at install time.
	static bool ShouldSkipPermissionWarnings(const Extension* extension);

	// Whether the \|extension\| has access to the given \|url\|.
	static bool HasHostPermission(const Extension* extension, const GURL& url);

	// Whether the \|extension\| has effective access to all hosts. This is true if
	// there is a content script that matches all hosts, if there is a host
	// permission grants access to all hosts (like <all_urls>) or an api
	// permission that effectively grants access to all hosts (e.g. proxy,
	// network, etc.)
	static bool HasEffectiveAccessToAllHosts(const Extension* extension);

	// Returns the full list of permission messages that the given \|extension\|
	// should display at install time.
	static PermissionMessages GetPermissionMessages(const Extension* extension);
	// Returns the full list of permission messages that the given \|extension\|
	// should display at install time. The messages are returned as strings
	// for convenience.
	static std::vector<string16> GetPermissionMessageStrings(
	const Extension* extension);

	// Returns the full list of permission details for messages that the given
	// \|extension\| should display at install time. The messages are returned as
	// strings for convenience.
	static std::vector<string16> GetPermissionMessageDetailsStrings(
	const Extension* extension);

	// Returns true if the given \|extension\| can execute script on a page. If a
	// UserScript object is passed, permission to run that specific script is
	// checked (using its matches list). Otherwise, permission to execute script
	// programmatically is checked (using the extension's host permission).
	//
	// This method is also aware of certain special pages that extensions are
	// usually not allowed to run script on.
	static bool CanExecuteScriptOnPage(const Extension* extension,
	const GURL& document_url,
	const GURL& top_document_url,
	int tab_id,
	const UserScript* script,
	int process_id,
	std::string* error);

	// Returns true if the given \|extension\| is a COMPONENT extension, or if it is
	// on the whitelist of extensions that can script all pages.
	static bool CanExecuteScriptEverywhere(const Extension* extension);

	// Returns true if the \|extension\| is allowed to obtain the contents of a
	// page as an image. Since a page may contain sensitive information, this
	// is restricted to the extension's host permissions as well as the
	// extension page itself.
	static bool CanCaptureVisiblePage(const Extension* extension,
	const GURL& page_url,
	int tab_id,
	std::string* error);

	// Parse the permissions of a given extension in the initialization process.
	bool ParsePermissions(Extension* extension, string16* error);

	// Finalize permissions after the initialization process completes.
	void FinalizePermissions(Extension* extension);

	private:
	struct InitialPermissions;
	typedef std::map<int, scoped_refptr<const PermissionSet> > TabPermissionsMap;

	// Temporary permissions during the initialization process; NULL after
	// initialization completes.
	scoped_ptr<InitialPermissions> initial_required_permissions_;
	scoped_ptr<InitialPermissions> initial_optional_permissions_;

	// The set of permissions the extension can request at runtime.
	scoped_refptr<const PermissionSet> optional_permission_set_;

	// The extension's required / default set of permissions.
	scoped_refptr<const PermissionSet> required_permission_set_;

	mutable base::Lock runtime_lock_;

	// The permission's which are currently active on the extension during
	// runtime.
	mutable scoped_refptr<const PermissionSet> active_permissions_;

	mutable TabPermissionsMap tab_specific_permissions_;

	DISALLOW_COPY_AND_ASSIGN(PermissionsData);
	};

	} // namespace extensions

	#endif // CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_