Collapse multiple USB device manifest permissions into a single entry.

Like the hosts permission messages an app can request access to a
single kind of USB device (identified by vendor and product ID pair)
or many different kinds of devices. In the latter case Chrome
previously listed only one of the requested devices, hiding the rest.

This patch follows the example of the hosts permission messages and
provides two different message formats; one for a single USB device
and one that indicates access to multiple devices is permitted and
includes the full list in the details string. As there may be
permissions involving devices without a known vendor and/or product ID
special strings for "devices from vendor A" and "devices from an
unknown vendor" are provided. These messages are de-duplicated as
necessary.

As it provides no additional information the general "Access your USB
devices" message associated with the "usb" permission has been removed,
following the example of there being no message associated with the
"fileSystem" permission. An app with this permission can this use the
chrome.usb.getUserSelectedDevices function to request access to a
particular device at runtime. This device will then be listed in the
app's permissions and be revocable.

BUG=400897

Review URL: https://codereview.chromium.org/714453002

Cr-Commit-Position: refs/heads/master@{#303553}

9 files changed, 143 insertions, 187 deletions

diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd
index 61c1960..9873fb2 100644
--- a/chrome/app/generated_resources.grd
+++ b/chrome/app/generated_resources.grd
@@ -4510,18 +4510,9 @@ Make sure you do not expose any sensitive information.
       <message name="IDS_EXTENSION_PROMPT_WARNING_SIGNED_IN_DEVICES" desc="Permission string for access to privacy settings.">
         Read the list of your signed-in devices
       </message>
-      <message name="IDS_EXTENSION_PROMPT_WARNING_USB_BLUETOOTH" desc="Permission string for access to USB and Bluetooth devices.">
-        Access your USB and Bluetooth devices
-      </message>
-      <message name="IDS_EXTENSION_PROMPT_WARNING_USB_SERIAL" desc="Permission string for access to USB and serial connected devices.">
-        Access your USB and Serial devices
-      </message>
       <message name="IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH_SERIAL" desc="Permission string for access to Bluetooth and serial connected devices.">
         Access your Bluetooth and Serial devices
       </message>
-      <message name="IDS_EXTENSION_PROMPT_WARNING_ALL_DEVICES" desc="Permission string for access all user's connected devices.">
-        Access all your hardware devices
-      </message>
       <message name="IDS_EXTENSION_PROMPT_WARNING_DOWNLOADS" desc="Permission string for access to downloads.">
         Manage your downloads
       </message>
diff --git a/chrome/browser/extensions/permission_messages_unittest.cc b/chrome/browser/extensions/permission_messages_unittest.cc
index 3c89f88..0e6fa5b 100644
--- a/chrome/browser/extensions/permission_messages_unittest.cc
+++ b/chrome/browser/extensions/permission_messages_unittest.cc
@@ -129,20 +129,6 @@ class PermissionMessagesUnittest : public ExtensionServiceTestBase {
   DISALLOW_COPY_AND_ASSIGN(PermissionMessagesUnittest);
 };
 
-// If an app has both the 'serial' and 'USB' permission, they should coalesce
-// into a single permission message.
-TEST_F(PermissionMessagesUnittest, RequiredPermissionMessagesCoalesce) {
-  CreateAndInstallAppWithPermissions(
-      ListBuilder().Append("serial").Append("usb").Pass(),
-      ListBuilder().Pass());
-
-  ASSERT_EQ(1U, required_permissions().size());
-  EXPECT_EQ(l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_USB_SERIAL),
-            required_permissions()[0]);
-
-  ASSERT_EQ(0U, optional_permissions().size());
-}
-
 // If an app has both the 'history' and 'tabs' permission, one should hide the
 // other (the 'history' permission has superset permissions).
 TEST_F(PermissionMessagesUnittest, HistoryHidesTabsMessage) {
diff --git a/chrome/common/extensions/permissions/chrome_permission_message_provider.cc b/chrome/common/extensions/permissions/chrome_permission_message_provider.cc
index a6b14ef..afa8426 100644
--- a/chrome/common/extensions/permissions/chrome_permission_message_provider.cc
+++ b/chrome/common/extensions/permissions/chrome_permission_message_provider.cc
@@ -157,38 +157,9 @@ std::vector<base::string16> ChromePermissionMessageProvider::GetWarningMessages(
        i != messages.end(); ++i) {
     int id = i->id();
     // Access to users' devices should provide a single warning message
-    // specifying the transport method used; USB, serial and/or Bluetooth.
+    // specifying the transport method used; serial and/or Bluetooth.
     if (id == PermissionMessage::kBluetooth ||
-        id == PermissionMessage::kSerial ||
-        id == PermissionMessage::kUsb) {
-      if (ContainsMessages(messages,
-                           PermissionMessage::kBluetooth,
-                           PermissionMessage::kSerial,
-                           PermissionMessage::kUsb)) {
-        if (id == PermissionMessage::kBluetooth) {
-          message_strings.push_back(l10n_util::GetStringUTF16(
-              IDS_EXTENSION_PROMPT_WARNING_ALL_DEVICES));
-        }
-        continue;
-      }
-      if (ContainsMessages(messages,
-                           PermissionMessage::kBluetooth,
-                           PermissionMessage::kUsb)) {
-        if (id == PermissionMessage::kBluetooth) {
-          message_strings.push_back(l10n_util::GetStringUTF16(
-              IDS_EXTENSION_PROMPT_WARNING_USB_BLUETOOTH));
-        }
-        continue;
-      }
-      if (ContainsMessages(messages,
-                           PermissionMessage::kSerial,
-                           PermissionMessage::kUsb)) {
-        if (id == PermissionMessage::kSerial) {
-          message_strings.push_back(l10n_util::GetStringUTF16(
-              IDS_EXTENSION_PROMPT_WARNING_USB_SERIAL));
-        }
-        continue;
-      }
+        id == PermissionMessage::kSerial) {
       if (ContainsMessages(messages,
                            PermissionMessage::kBluetooth,
                            PermissionMessage::kSerial)) {
diff --git a/chrome/common/extensions/permissions/chrome_permission_message_provider_unittest.cc b/chrome/common/extensions/permissions/chrome_permission_message_provider_unittest.cc
index 0c6e31b..dbdced0 100644
--- a/chrome/common/extensions/permissions/chrome_permission_message_provider_unittest.cc
+++ b/chrome/common/extensions/permissions/chrome_permission_message_provider_unittest.cc
@@ -38,35 +38,6 @@ class ChromePermissionMessageProviderUnittest : public testing::Test {
   DISALLOW_COPY_AND_ASSIGN(ChromePermissionMessageProviderUnittest);
 };
 
-// Checks that two related permissions display individual messages when they are
-// the only permission, but combine into one message when they are both present.
-TEST_F(ChromePermissionMessageProviderUnittest, RelatedPermissionsCoalesce) {
-  APIPermissionSet permissions;
-  std::vector<base::string16> messages;
-
-  permissions.clear();
-  permissions.insert(APIPermission::kUsb);
-  messages = GetMessages(permissions, Manifest::TYPE_PLATFORM_APP);
-  ASSERT_EQ(1U, messages.size());
-  EXPECT_EQ(l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_USB),
-            messages[0]);
-
-  permissions.clear();
-  permissions.insert(APIPermission::kSerial);
-  messages = GetMessages(permissions, Manifest::TYPE_PLATFORM_APP);
-  ASSERT_EQ(1U, messages.size());
-  EXPECT_EQ(l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_SERIAL),
-            messages[0]);
-
-  permissions.clear();
-  permissions.insert(APIPermission::kSerial);
-  permissions.insert(APIPermission::kUsb);
-  messages = GetMessages(permissions, Manifest::TYPE_PLATFORM_APP);
-  ASSERT_EQ(1U, messages.size());
-  EXPECT_EQ(l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_USB_SERIAL),
-            messages[0]);
-}
-
 // Checks that if an app has a superset and a subset permission, only the
 // superset permission message is displayed if thye are both present.
 TEST_F(ChromePermissionMessageProviderUnittest,
diff --git a/chrome/common/extensions/permissions/permission_set_unittest.cc b/chrome/common/extensions/permissions/permission_set_unittest.cc
index ea36c2f..e1d1ac9 100644
--- a/chrome/common/extensions/permissions/permission_set_unittest.cc
+++ b/chrome/common/extensions/permissions/permission_set_unittest.cc
@@ -768,6 +768,7 @@ TEST(PermissionsTest, PermissionMessages) {
   skip.insert(APIPermission::kFileSystemRetainEntries);
   skip.insert(APIPermission::kFileSystemWrite);
   skip.insert(APIPermission::kSocket);
+  skip.insert(APIPermission::kUsb);
   skip.insert(APIPermission::kUsbDevice);
 
   // We already have a generic message for declaring externally_connectable.
@@ -970,38 +971,6 @@ TEST(PermissionsTest, SuppressedPermissionMessages) {
 TEST(PermissionsTest, AccessToDevicesMessages) {
   {
     APIPermissionSet api_permissions;
-    api_permissions.insert(APIPermission::kUsb);
-    scoped_refptr<PermissionSet> permissions(
-        new PermissionSet(api_permissions,
-                          ManifestPermissionSet(),
-                          URLPatternSet(),
-                          URLPatternSet()));
-    std::vector<base::string16> messages =
-        PermissionMessageProvider::Get()->GetWarningMessages(
-            permissions.get(), Manifest::TYPE_EXTENSION);
-    EXPECT_EQ(1u, messages.size());
-    EXPECT_EQ(l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_USB),
-              messages[0]);
-  }
-  {
-    // Testing that multiple permissions will show the one message.
-    APIPermissionSet api_permissions;
-    api_permissions.insert(APIPermission::kUsb);
-    api_permissions.insert(APIPermission::kUsb);
-    scoped_refptr<PermissionSet> permissions(
-        new PermissionSet(api_permissions,
-                          ManifestPermissionSet(),
-                          URLPatternSet(),
-                          URLPatternSet()));
-    std::vector<base::string16> messages =
-        PermissionMessageProvider::Get()->GetWarningMessages(
-            permissions.get(), Manifest::TYPE_EXTENSION);
-    EXPECT_EQ(1u, messages.size());
-    EXPECT_EQ(l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_USB),
-              messages[0]);
-  }
-  {
-    APIPermissionSet api_permissions;
     api_permissions.insert(APIPermission::kSerial);
     scoped_refptr<PermissionSet> permissions(
         new PermissionSet(api_permissions,
@@ -1016,28 +985,10 @@ TEST(PermissionsTest, AccessToDevicesMessages) {
               messages[0]);
   }
   {
+    // Testing that multiple permissions will show the one message.
     APIPermissionSet api_permissions;
-    api_permissions.insert(APIPermission::kUsb);
     api_permissions.insert(APIPermission::kSerial);
-    scoped_refptr<PermissionSet> permissions(
-        new PermissionSet(api_permissions,
-                          ManifestPermissionSet(),
-                          URLPatternSet(),
-                          URLPatternSet()));
-    std::vector<base::string16> messages =
-        PermissionMessageProvider::Get()->GetWarningMessages(
-            permissions.get(), Manifest::TYPE_EXTENSION);
-    EXPECT_EQ(1u, messages.size());
-    EXPECT_EQ(
-        l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_USB_SERIAL),
-        messages[0]);
-  }
-  {
-    // Testing that the same permission(s) will show one message.
-    APIPermissionSet api_permissions;
-    api_permissions.insert(APIPermission::kUsb);
     api_permissions.insert(APIPermission::kSerial);
-    api_permissions.insert(APIPermission::kUsb);
     scoped_refptr<PermissionSet> permissions(
         new PermissionSet(api_permissions,
                           ManifestPermissionSet(),
@@ -1047,9 +998,8 @@ TEST(PermissionsTest, AccessToDevicesMessages) {
         PermissionMessageProvider::Get()->GetWarningMessages(
             permissions.get(), Manifest::TYPE_EXTENSION);
     EXPECT_EQ(1u, messages.size());
-    EXPECT_EQ(
-        l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_USB_SERIAL),
-        messages[0]);
+    EXPECT_EQ(l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_SERIAL),
+              messages[0]);
   }
   {
     scoped_refptr<Extension> extension =
@@ -1072,22 +1022,6 @@ TEST(PermissionsTest, AccessToDevicesMessages) {
                   IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH_SERIAL),
               warnings[0]);
     set->apis_.erase(APIPermission::kSerial);
-
-    // Test USB and Bluetooth
-    set->apis_.insert(APIPermission::kUsb);
-    warnings = provider->GetWarningMessages(set, extension->GetType());
-    EXPECT_EQ(1u, warnings.size());
-    EXPECT_EQ(
-        l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_USB_BLUETOOTH),
-        warnings[0]);
-
-    // Test USB, Bluetooth and Serial
-    set->apis_.insert(APIPermission::kSerial);
-    warnings = provider->GetWarningMessages(set, extension->GetType());
-    EXPECT_EQ(1u, warnings.size());
-    EXPECT_EQ(
-        l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_ALL_DEVICES),
-        warnings[0]);
   }
 }
 
diff --git a/extensions/common/permissions/extensions_api_permissions.cc b/extensions/common/permissions/extensions_api_permissions.cc
index 7e8a1ee..6ac14ae 100644
--- a/extensions/common/permissions/extensions_api_permissions.cc
+++ b/extensions/common/permissions/extensions_api_permissions.cc
@@ -73,8 +73,7 @@ std::vector<APIPermissionInfo*> ExtensionsAPIPermissions::GetAllPermissions()
       {APIPermission::kU2fDevices, "u2fDevices", APIPermissionInfo::kFlagNone,
        IDS_EXTENSION_PROMPT_WARNING_U2F_DEVICES,
        PermissionMessage::kU2fDevices},
-      {APIPermission::kUsb, "usb", APIPermissionInfo::kFlagNone,
-       IDS_EXTENSION_PROMPT_WARNING_USB, PermissionMessage::kUsb},
+      {APIPermission::kUsb, "usb", APIPermissionInfo::kFlagNone},
       {APIPermission::kUsbDevice, "usbDevices", APIPermissionInfo::kFlagNone, 0,
        PermissionMessage::kNone, &CreateAPIPermission<UsbDevicePermission>},
       {APIPermission::kVideoCapture, "videoCapture",
diff --git a/extensions/common/permissions/usb_device_permission.cc b/extensions/common/permissions/usb_device_permission.cc
index c482e86..851fbd3 100644
--- a/extensions/common/permissions/usb_device_permission.cc
+++ b/extensions/common/permissions/usb_device_permission.cc
@@ -9,6 +9,8 @@
 
 #include "base/logging.h"
 #include "base/strings/string16.h"
+#include "base/strings/string_util.h"
+#include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
 #include "device/usb/usb_ids.h"
 #include "extensions/common/permissions/permissions_info.h"
@@ -30,35 +32,73 @@ PermissionMessages UsbDevicePermission::GetMessages() const {
   DCHECK(HasMessages());
   PermissionMessages result;
 
-  // //device/usb/usb.gyp:device_usb is not available when extensions are
-  // disabled.
-  for (std::set<UsbDevicePermissionData>::const_iterator i =
-      data_set_.begin(); i != data_set_.end(); ++i) {
-    const char* vendor = device::UsbIds::GetVendorName(i->vendor_id());
+  if (data_set_.size() == 1) {
+    const UsbDevicePermissionData& data = *data_set_.begin();
 
+    const char* vendor = device::UsbIds::GetVendorName(data.vendor_id());
     if (vendor) {
       const char* product =
-          device::UsbIds::GetProductName(i->vendor_id(), i->product_id());
+          device::UsbIds::GetProductName(data.vendor_id(), data.product_id());
       if (product) {
         result.push_back(PermissionMessage(
             PermissionMessage::kUsbDevice,
-            l10n_util::GetStringFUTF16(
-                IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE,
-                base::ASCIIToUTF16(product),
-                base::ASCIIToUTF16(vendor))));
+            l10n_util::GetStringFUTF16(IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE,
+                                       base::UTF8ToUTF16(product),
+                                       base::UTF8ToUTF16(vendor))));
       } else {
         result.push_back(PermissionMessage(
             PermissionMessage::kUsbDevice,
             l10n_util::GetStringFUTF16(
-                IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_MISSING_PRODUCT,
-                base::ASCIIToUTF16(vendor))));
+                IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_UNKNOWN_PRODUCT,
+                base::UTF8ToUTF16(vendor))));
       }
     } else {
       result.push_back(PermissionMessage(
           PermissionMessage::kUsbDevice,
           l10n_util::GetStringUTF16(
-              IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_MISSING_VENDOR)));
+              IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_UNKNOWN_VENDOR)));
+    }
+  } else if (data_set_.size() > 1) {
+    std::vector<base::string16> details;
+    std::set<uint16> unknown_product_vendors;
+    bool found_unknown_vendor = false;
+
+    for (const UsbDevicePermissionData& data : data_set_) {
+      const char* vendor = device::UsbIds::GetVendorName(data.vendor_id());
+      if (vendor) {
+        const char* product =
+            device::UsbIds::GetProductName(data.vendor_id(), data.product_id());
+        if (product) {
+          details.push_back(l10n_util::GetStringFUTF16(
+              IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST_ITEM,
+              base::UTF8ToUTF16(product), base::UTF8ToUTF16(vendor)));
+        } else {
+          unknown_product_vendors.insert(data.vendor_id());
+        }
+      } else {
+        found_unknown_vendor = true;
+      }
     }
+
+    // List generic "devices from this vendor" entries after specific devices.
+    for (const uint16& vendor_id : unknown_product_vendors) {
+      const char* vendor = device::UsbIds::GetVendorName(vendor_id);
+      DCHECK(vendor);
+      details.push_back(l10n_util::GetStringFUTF16(
+          IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST_ITEM_UNKNOWN_PRODUCT,
+          base::UTF8ToUTF16(vendor)));
+    }
+
+    // Display the catch all "device from an unknown vendor" last.
+    if (found_unknown_vendor) {
+      details.push_back(l10n_util::GetStringUTF16(
+          IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST_ITEM_UNKNOWN_VENDOR));
+    }
+
+    result.push_back(PermissionMessage(
+        PermissionMessage::kUsbDevice,
+        l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST),
+        JoinString(details, base::char16('\n'))));
   }
 
   return result;
diff --git a/extensions/common/permissions/usb_device_permission_unittest.cc b/extensions/common/permissions/usb_device_permission_unittest.cc
index 25d3137..345a000 100644
--- a/extensions/common/permissions/usb_device_permission_unittest.cc
+++ b/extensions/common/permissions/usb_device_permission_unittest.cc
@@ -27,31 +27,86 @@ TEST(USBDevicePermissionTest, PermissionDataOrder) {
             UsbDevicePermissionData(0x02ad, 0x138c, 0));
 }
 
-TEST(USBDevicePermissionTest, PermissionMessage) {
+TEST(USBDevicePermissionTest, SingleDevicePermissionMessages) {
   const char* const kMessages[] = {
-      "Access the USB device PVR Mass Storage from HUMAX Co., Ltd.",
-      "Access the USB device from HUMAX Co., Ltd.",
-      "Access the USB device",
+      "Access any PVR Mass Storage from HUMAX Co., Ltd. via USB",
+      "Access USB devices from HUMAX Co., Ltd.",
+      "Access USB devices from an unknown vendor",
   };
 
+  {
+    scoped_ptr<base::ListValue> permission_list(new base::ListValue());
+    permission_list->Append(
+        UsbDevicePermissionData(0x02ad, 0x138c, -1).ToValue().release());
+
+    UsbDevicePermission permission(
+        PermissionsInfo::GetInstance()->GetByID(APIPermission::kUsbDevice));
+    ASSERT_TRUE(permission.FromValue(permission_list.get(), NULL, NULL));
+
+    PermissionMessages messages = permission.GetMessages();
+    ASSERT_EQ(1U, messages.size());
+    EXPECT_EQ(base::ASCIIToUTF16(kMessages[0]), messages.at(0).message());
+  }
+  {
+    scoped_ptr<base::ListValue> permission_list(new base::ListValue());
+    permission_list->Append(
+        UsbDevicePermissionData(0x02ad, 0x138d, -1).ToValue().release());
+
+    UsbDevicePermission permission(
+        PermissionsInfo::GetInstance()->GetByID(APIPermission::kUsbDevice));
+    ASSERT_TRUE(permission.FromValue(permission_list.get(), NULL, NULL));
+
+    PermissionMessages messages = permission.GetMessages();
+    ASSERT_EQ(1U, messages.size());
+    EXPECT_EQ(base::ASCIIToUTF16(kMessages[1]), messages.at(0).message());
+  }
+  {
+    scoped_ptr<base::ListValue> permission_list(new base::ListValue());
+    permission_list->Append(
+        UsbDevicePermissionData(0x02ae, 0x138d, -1).ToValue().release());
+
+    UsbDevicePermission permission(
+        PermissionsInfo::GetInstance()->GetByID(APIPermission::kUsbDevice));
+    ASSERT_TRUE(permission.FromValue(permission_list.get(), NULL, NULL));
+
+    PermissionMessages messages = permission.GetMessages();
+    ASSERT_EQ(1U, messages.size());
+    EXPECT_EQ(base::ASCIIToUTF16(kMessages[2]), messages.at(0).message());
+  }
+}
+
+TEST(USBDevicePermissionTest, MultipleDevicePermissionMessage) {
+  const char* const kMessage = "Access any of these USB devices";
+  const char* const kDetails =
+      "PVR Mass Storage from HUMAX Co., Ltd.\n"
+      "unknown devices from HUMAX Co., Ltd.\n"
+      "devices from an unknown vendor";
+
   // Prepare data set
   scoped_ptr<base::ListValue> permission_list(new base::ListValue());
   permission_list->Append(
-      UsbDevicePermissionData(0x02ad, 0x138c, -1).ToValue()->DeepCopy());
+      UsbDevicePermissionData(0x02ad, 0x138c, -1).ToValue().release());
+  // This device's product ID is not in Chrome's database.
+  permission_list->Append(
+      UsbDevicePermissionData(0x02ad, 0x138d, -1).ToValue().release());
+  // This additional unknown product will be collapsed into the entry above.
+  permission_list->Append(
+      UsbDevicePermissionData(0x02ad, 0x138e, -1).ToValue().release());
+  // This device's vendor ID is not in Chrome's database.
   permission_list->Append(
-      UsbDevicePermissionData(0x02ad, 0x138d, -1).ToValue()->DeepCopy());
+      UsbDevicePermissionData(0x02ae, 0x138d, -1).ToValue().release());
+  // This additional unknown vendor will be collapsed into the entry above.
   permission_list->Append(
-      UsbDevicePermissionData(0x02ae, 0x138d, -1).ToValue()->DeepCopy());
+      UsbDevicePermissionData(0x02af, 0x138d, -1).ToValue().release());
 
   UsbDevicePermission permission(
       PermissionsInfo::GetInstance()->GetByID(APIPermission::kUsbDevice));
   ASSERT_TRUE(permission.FromValue(permission_list.get(), NULL, NULL));
 
   PermissionMessages messages = permission.GetMessages();
-  ASSERT_EQ(3U, messages.size());
-  EXPECT_EQ(base::ASCIIToUTF16(kMessages[0]), messages.at(0).message());
-  EXPECT_EQ(base::ASCIIToUTF16(kMessages[1]), messages.at(1).message());
-  EXPECT_EQ(base::ASCIIToUTF16(kMessages[2]), messages.at(2).message());
+  ASSERT_EQ(1U, messages.size());
+  EXPECT_EQ(base::ASCIIToUTF16(kMessage), messages.at(0).message());
+  EXPECT_EQ(base::ASCIIToUTF16(kDetails), messages.at(0).details());
 }
 
 }  // namespace extensions
diff --git a/extensions/extensions_strings.grd b/extensions/extensions_strings.grd
index 87505d7..0c530d2 100644
--- a/extensions/extensions_strings.grd
+++ b/extensions/extensions_strings.grd
@@ -346,20 +346,29 @@
       <message name="IDS_EXTENSION_PROMPT_WARNING_SERIAL" desc="Permission string for access to serial devices.">
         Access your serial devices
       </message>
-      <message name="IDS_EXTENSION_PROMPT_WARNING_USB" desc="Permission string for access to USB devices.">
-        Access your USB devices
-      </message>
       <message name="IDS_EXTENSION_PROMPT_WARNING_VPN" desc="Permission string for access to VPN API.">
         Access your network traffic
       </message>
       <message name="IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE" desc="Permission string for access to a specific USB device.">
-        Access the USB device <ph name="PRODUCT_NAME">$1<ex>SoundKnob</ex></ph> from <ph name="VENDOR_NAME">$2<ex>Griffin Technology</ex></ph>
+        Access any <ph name="PRODUCT_NAME">$1<ex>SoundKnob</ex></ph> from <ph name="VENDOR_NAME">$2<ex>Griffin Technology</ex></ph> via USB
+      </message>
+      <message name="IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_UNKNOWN_PRODUCT" desc="Permission string for access to a specific USB device with an unknown product ID.">
+        Access USB devices from <ph name="VENDOR_NAME">$1<ex>Griffin Technology</ex></ph>
+      </message>
+      <message name="IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_UNKNOWN_VENDOR" desc="Permission string for acceess to a specific USB device with an unknown vendor ID.">
+        Access USB devices from an unknown vendor
+      </message>
+      <message name="IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST" desc="Permission string for access to a list of USB devices.">
+        Access any of these USB devices
+      </message>
+      <message name="IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST_ITEM" desc="Line item for a USB device listed under IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST.">
+        <ph name="PRODUCT_NAME">$1<ex>SoundKnob</ex></ph> from <ph name="VENDOR_NAME">$2<ex>Griffin Technology</ex></ph>
       </message>
-      <message name="IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_MISSING_PRODUCT" desc="Permission string for access to a specific USB device when a product name cannot be established for a USB device.">
-        Access the USB device from <ph name="VENDOR_NAME">$1<ex>Griffin Technology</ex></ph>
+      <message name="IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST_ITEM_UNKNOWN_PRODUCT" desc="Line item for a USB device listed under IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST that has an unknown product ID.">
+        unknown devices from <ph name="VENDOR_NAME">$1<ex>Griffin Technology</ex></ph>
       </message>
-      <message name="IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_MISSING_VENDOR" desc="Permission string for access to a specific USB device when a vendor name cannot be established for a USB device.">
-        Access the USB device
+      <message name="IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST_ITEM_UNKNOWN_VENDOR" desc="Line item for a USB device listed under IDS_EXTENSION_PROMPT_WARNING_USB_DEVICE_LIST that has an unknown vendor ID.">
+        devices from an unknown vendor
       </message>
       <message name="IDS_EXTENSION_TASK_MANAGER_APPVIEW_TAG_PREFIX" desc="The prefix for a guest page loaded in an appview tag in the Task Manager">
         Appview: <ph name="APPVIEW_TAG_NAME">$1<ex>Google Hangouts</ex></ph>