diff options
| author | mek@chromium.org <mek@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-10-19 01:17:02 +0000 |
|---|---|---|
| committer | mek@chromium.org <mek@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-10-19 01:17:02 +0000 |
| commit | c605637e7b6470aa8c6504c67345f6668d3a769d (patch) | |
| tree | 23e82538b751e3ad9adb307d99acda3357bd97e5 /chrome | |
| parent | 82a6817ca1b748061a8cb7a5d9d46c01c3c553a0 (diff) | |
| download | chromium_src-c605637e7b6470aa8c6504c67345f6668d3a769d.zip chromium_src-c605637e7b6470aa8c6504c67345f6668d3a769d.tar.gz chromium_src-c605637e7b6470aa8c6504c67345f6668d3a769d.tar.bz2 | |
Refactor api permissions to eliminate the need for fileSystem and mediaGalleries specific classes.
This changes the permission parsing code in Extension to support parsing
permissions like [{'fileSystem': ['write']}] as equivalent to
['fileSystem', 'fileSystem.write'].
BUG=147531
BUG=156125
Review URL: https://chromiumcodereview.appspot.com/11005002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@162882 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
25 files changed, 260 insertions, 842 deletions
diff --git a/chrome/browser/extensions/api/file_system/file_system_api.cc b/chrome/browser/extensions/api/file_system/file_system_api.cc index 2c5c476..1f14517 100644 --- a/chrome/browser/extensions/api/file_system/file_system_api.cc +++ b/chrome/browser/extensions/api/file_system/file_system_api.cc @@ -18,7 +18,6 @@ #include "chrome/browser/ui/extensions/shell_window.h" #include "chrome/common/extensions/api/file_system.h" #include "chrome/common/extensions/permissions/api_permission.h" -#include "chrome/common/extensions/permissions/filesystem_permission.h" #include "grit/generated_resources.h" #include "net/base/mime_util.h" #include "content/public/browser/child_process_security_policy.h" @@ -44,7 +43,7 @@ const char kInvalidCallingPage[] = "Invalid calling page"; const char kUserCancelled[] = "User cancelled"; const char kWritableFileError[] = "Invalid file for writing"; const char kRequiresFileSystemWriteError[] = - "Operation requires fileSystemWrite permission"; + "Operation requires fileSystem.write permission"; const char kUnknownChooseEntryType[] = "Unknown type"; const char kOpenFileOption[] = "openFile"; @@ -271,7 +270,7 @@ bool FileSystemEntryFunction::HasFileSystemWritePermission() { if (!extension) return false; - return FileSystemPermission::HasWriteAccess(*extension); + return extension->HasAPIPermission(APIPermission::kFileSystemWrite); } void FileSystemEntryFunction::CheckWritableFile(const FilePath& path) { diff --git a/chrome/browser/extensions/api/media_galleries/media_galleries_api.cc b/chrome/browser/extensions/api/media_galleries/media_galleries_api.cc index 98f89cc..811f8b1 100644 --- a/chrome/browser/extensions/api/media_galleries/media_galleries_api.cc +++ b/chrome/browser/extensions/api/media_galleries/media_galleries_api.cc @@ -20,9 +20,10 @@ #include "chrome/browser/ui/chrome_select_file_policy.h" #include "chrome/browser/ui/extensions/shell_window.h" #include "chrome/browser/ui/tab_contents/tab_contents.h" +#include "chrome/common/extensions/extension.h" #include "chrome/common/extensions/api/experimental_media_galleries.h" #include "chrome/common/extensions/api/media_galleries.h" -#include "chrome/common/extensions/permissions/media_galleries_permission.h" +#include "chrome/common/extensions/permissions/api_permission.h" #include "chrome/common/pref_names.h" #include "content/public/browser/child_process_security_policy.h" #include "content/public/browser/render_process_host.h" @@ -150,7 +151,7 @@ void MediaGalleriesGetMediaFileSystemsFunction::ReturnGalleries( list->Append(file_system_dict_value.release()); if (!filesystems[i].path.empty() && - MediaGalleriesPermission::HasReadAccess(*GetExtension())) { + GetExtension()->HasAPIPermission(APIPermission::kMediaGalleriesRead)) { content::ChildProcessSecurityPolicy* policy = ChildProcessSecurityPolicy::GetInstance(); if (!policy->CanReadFile(child_id, filesystems[i].path)) diff --git a/chrome/browser/extensions/extension_prefs.cc b/chrome/browser/extensions/extension_prefs.cc index a4edbbd..beb6872 100644 --- a/chrome/browser/extensions/extension_prefs.cc +++ b/chrome/browser/extensions/extension_prefs.cc @@ -500,42 +500,7 @@ PermissionSet* ExtensionPrefs::ReadExtensionPrefPermissionSet( const ListValue* api_values = NULL; std::string api_pref = JoinPrefs(pref_key, kPrefAPIs); if (ReadExtensionPrefList(extension_id, api_pref, &api_values)) { - PermissionsInfo* info = PermissionsInfo::GetInstance(); - for (size_t i = 0; i < api_values->GetSize(); ++i) { - const DictionaryValue* permission_dict = NULL; - std::string permission_name; - if (!api_values->GetString(i, &permission_name) && - !api_values->GetDictionary(i, &permission_dict)) { - LOG(WARNING) << "Permission is not a string or dict. "; - continue; - } - - const base::Value *permission_detail = NULL; - if (permission_dict) { - if (permission_dict->size() != 1u) { - LOG(WARNING) << "Permission is not a single key dict."; - continue; - } - base::DictionaryValue::Iterator it(*permission_dict); - permission_name = it.key(); - permission_detail = &it.value(); - } - - const APIPermissionInfo *permission_info = - info->GetByName(permission_name); - if (!permission_info) { - LOG(WARNING) << "Unknown permission[" << permission_name << "]."; - continue; - } - - scoped_ptr<APIPermission> permission( - permission_info->CreateAPIPermission()); - if (!permission->FromValue(permission_detail)) { - LOG(WARNING) << "Parse permission failed."; - continue; - } - apis.insert(permission.release()); - } + APIPermissionSet::ParseFromJSON(api_values, &apis, NULL, NULL); } // Retrieve the explicit host permissions. diff --git a/chrome/browser/media_gallery/media_galleries_preferences.cc b/chrome/browser/media_gallery/media_galleries_preferences.cc index e90d2b9..645cc42 100644 --- a/chrome/browser/media_gallery/media_galleries_preferences.cc +++ b/chrome/browser/media_gallery/media_galleries_preferences.cc @@ -19,11 +19,11 @@ #include "chrome/common/chrome_paths.h" #include "chrome/common/chrome_switches.h" #include "chrome/common/extensions/extension.h" -#include "chrome/common/extensions/permissions/media_galleries_permission.h" +#include "chrome/common/extensions/permissions/api_permission.h" #include "chrome/common/pref_names.h" #include "grit/generated_resources.h" -using extensions::MediaGalleriesPermission; +using extensions::APIPermission; namespace chrome { @@ -351,7 +351,8 @@ MediaGalleryPrefIdSet MediaGalleriesPreferences::GalleriesForExtension( const extensions::Extension& extension) const { MediaGalleryPrefIdSet result; - if (MediaGalleriesPermission::HasAllGalleriesAccess(extension)) { + if (extension.HasAPIPermission( + APIPermission::kMediaGalleriesAllAutoDetected)) { for (MediaGalleriesPrefInfoMap::const_iterator it = known_galleries_.begin(); it != known_galleries_.end(); ++it) { if (it->second.type == MediaGalleryPrefInfo::kAutoDetected) @@ -392,7 +393,7 @@ void MediaGalleriesPreferences::SetGalleryPermissionForExtension( return; bool all_permission = - MediaGalleriesPermission::HasAllGalleriesAccess(extension); + extension.HasAPIPermission(APIPermission::kMediaGalleriesAllAutoDetected); if (has_permission && all_permission) { if (gallery_info->second.type == MediaGalleryPrefInfo::kAutoDetected) { GetExtensionPrefs()->UnsetMediaGalleryPermission(extension.id(), pref_id); diff --git a/chrome/chrome_common.gypi b/chrome/chrome_common.gypi index 999d0a0..adaaf99 100644 --- a/chrome/chrome_common.gypi +++ b/chrome/chrome_common.gypi @@ -187,10 +187,6 @@ 'common/extensions/permissions/api_permission.h', 'common/extensions/permissions/api_permission_set.cc', 'common/extensions/permissions/api_permission_set.h', - 'common/extensions/permissions/filesystem_permission.h', - 'common/extensions/permissions/filesystem_permission.cc', - 'common/extensions/permissions/media_galleries_permission.h', - 'common/extensions/permissions/media_galleries_permission.cc', 'common/extensions/permissions/permission_message.cc', 'common/extensions/permissions/permission_message.h', 'common/extensions/permissions/permission_set.cc', diff --git a/chrome/common/extensions/api/_permission_features.json b/chrome/common/extensions/api/_permission_features.json index b116e1a..58e0759 100644 --- a/chrome/common/extensions/api/_permission_features.json +++ b/chrome/common/extensions/api/_permission_features.json @@ -133,6 +133,10 @@ "channel": "stable", "extension_types": ["platform_app"] }, + "fileSystem.write": { + "channel": "stable", + "extension_types": ["platform_app"] + }, "fontSettings": { "channel": "stable", "extension_types": ["extension", "packaged_app"] @@ -180,6 +184,14 @@ "channel": "stable", "extension_types": [ "platform_app" ] }, + "mediaGalleries.allAutoDetected": { + "channel": "stable", + "extension_types": [ "platform_app" ] + }, + "mediaGalleries.read": { + "channel": "stable", + "extension_types": [ "platform_app" ] + }, // TODO(thestig) Remove this as part of http:://crbug.com/144496 "mediaGalleriesPrivate": { "channel": "stable", diff --git a/chrome/common/extensions/extension.cc b/chrome/common/extensions/extension.cc index ecf5e43..d15614b 100644 --- a/chrome/common/extensions/extension.cc +++ b/chrome/common/extensions/extension.cc @@ -3357,81 +3357,74 @@ bool Extension::ParsePermissions(const char* key, return false; } - for (size_t i = 0; i < permissions->GetSize(); ++i) { - std::string permission_str; - const base::Value* permission_value = NULL; - if (!permissions->GetString(i, &permission_str)) { - const base::DictionaryValue* dict = NULL; - // permission should be a string or a single key dict. - if (!permissions->GetDictionary(i, &dict) || dict->size() != 1) { - *error = ExtensionErrorUtils::FormatErrorMessageUTF16( - errors::kInvalidPermission, base::IntToString(i)); - return false; - } - base::DictionaryValue::Iterator it(*dict); - permission_str = it.key(); - permission_value = &it.value(); + // NOTE: We need to get the APIPermission before we check if features + // associated with them are available because the feature system does not + // know about aliases. + + std::vector<std::string> host_data; + if (!APIPermissionSet::ParseFromJSON(permissions, api_permissions, + error, &host_data)) + return false; + + // Verify feature availability of permissions. + std::vector<APIPermission::ID> to_remove; + SimpleFeatureProvider* permission_features = + SimpleFeatureProvider::GetPermissionFeatures(); + for (APIPermissionSet::const_iterator it = api_permissions->begin(); + it != api_permissions->end(); ++it) { + extensions::Feature* feature = + permission_features->GetFeature(it->name()); + + // The feature should exist since we just got an APIPermission + // for it. The two systems should be updated together whenever a + // permission is added. + CHECK(feature); + + Feature::Availability availability = + feature->IsAvailableToManifest( + id(), + GetType(), + Feature::ConvertLocation(location()), + manifest_version()); + if (!availability.is_available()) { + // Don't fail, but warn the developer that the manifest contains + // unrecognized permissions. This may happen legitimately if the + // extensions requests platform- or channel-specific permissions. + install_warnings_.push_back(InstallWarning(InstallWarning::FORMAT_TEXT, + availability.message())); + to_remove.push_back(it->id()); + continue; } - // NOTE: We need to get the APIPermission before the Feature - // object because the feature system does not know about aliases. - const APIPermissionInfo* permission_info = - PermissionsInfo::GetInstance()->GetByName(permission_str); - if (permission_info) { - extensions::SimpleFeatureProvider* permission_features = - extensions::SimpleFeatureProvider::GetPermissionFeatures(); - extensions::Feature* feature = - permission_features->GetFeature(permission_info->name()); - - // The feature should exist since we just got an APIPermission - // for it. The two systems should be updated together whenever a - // permission is added. - CHECK(feature); - - extensions::Feature::Availability availability = - feature->IsAvailableToManifest( - id(), - GetType(), - extensions::Feature::ConvertLocation(location()), - manifest_version()); - if (!availability.is_available()) { - // Don't fail, but warn the developer that the manifest contains - // unrecognized permissions. This may happen legitimately if the - // extensions requests platform- or channel-specific permissions. - install_warnings_.push_back(InstallWarning( - InstallWarning::FORMAT_TEXT, availability.message())); - continue; + if (it->id() == APIPermission::kExperimental) { + if (!CanSpecifyExperimentalPermission()) { + *error = ASCIIToUTF16(errors::kExperimentalFlagRequired); + return false; } + } + } - if (permission_info->id() == APIPermission::kExperimental) { - if (!CanSpecifyExperimentalPermission()) { - *error = ASCIIToUTF16(errors::kExperimentalFlagRequired); - return false; - } - } + // Remove permissions that are not available to this extension. + for (std::vector<APIPermission::ID>::const_iterator it = to_remove.begin(); + it != to_remove.end(); ++it) { + api_permissions->erase(*it); + } - scoped_ptr<APIPermission> permission( - permission_info->CreateAPIPermission()); - if (!permission->FromValue(permission_value)) { - *error = ExtensionErrorUtils::FormatErrorMessageUTF16( - errors::kInvalidPermission, base::IntToString(i)); - return false; - } + // Parse host pattern permissions. + const int kAllowedSchemes = CanExecuteScriptEverywhere() ? + URLPattern::SCHEME_ALL : kValidHostPermissionSchemes; - api_permissions->insert(permission.release()); - continue; - } + for (std::vector<std::string>::const_iterator it = host_data.begin(); + it != host_data.end(); ++it) { + const std::string& permission_str = *it; // Check if it's a host pattern permission. - const int kAllowedSchemes = CanExecuteScriptEverywhere() ? - URLPattern::SCHEME_ALL : kValidHostPermissionSchemes; - URLPattern pattern = URLPattern(kAllowedSchemes); URLPattern::ParseResult parse_result = pattern.Parse(permission_str); if (parse_result == URLPattern::PARSE_SUCCESS) { if (!CanSpecifyHostPermission(pattern, *api_permissions)) { *error = ExtensionErrorUtils::FormatErrorMessageUTF16( - errors::kInvalidPermissionScheme, base::IntToString(i)); + errors::kInvalidPermissionScheme, permission_str); return false; } diff --git a/chrome/common/extensions/extension_messages.cc b/chrome/common/extensions/extension_messages.cc index 8e024f5..f7bc04a8 100644 --- a/chrome/common/extensions/extension_messages.cc +++ b/chrome/common/extensions/extension_messages.cc @@ -15,8 +15,6 @@ using extensions::APIPermissionInfo; using extensions::APIPermissionMap; using extensions::APIPermissionSet; using extensions::Extension; -using extensions::FileSystemPermission; -using extensions::MediaGalleriesPermission; using extensions::PermissionSet; using extensions::SocketPermissionData; @@ -208,48 +206,6 @@ void ParamTraits<SocketPermissionData>::Log( LogParam(std::string("<SocketPermissionData>"), l); } -void ParamTraits<MediaGalleriesPermission::PermissionTypes>::Write( - Message* m, const param_type& p) { - WriteParam(m, - std::string(MediaGalleriesPermission::PermissionTypeToString(p))); -} - -bool ParamTraits<MediaGalleriesPermission::PermissionTypes>::Read( - const Message* m, PickleIterator* iter, param_type* r) { - std::string permission; - if (!ReadParam(m, iter, &permission)) - return false; - *r = MediaGalleriesPermission::PermissionStringToType(permission); - - return *r != MediaGalleriesPermission::kNone; -} - -void ParamTraits<MediaGalleriesPermission::PermissionTypes>::Log( - const param_type& p, std::string* l) { - LogParam(std::string("<MediaGalleriesPermission::PermissionTypes>"), l); -} - -void ParamTraits<FileSystemPermission::PermissionTypes>::Write( - Message* m, const param_type& p) { - WriteParam(m, - std::string(FileSystemPermission::PermissionTypeToString(p))); -} - -bool ParamTraits<FileSystemPermission::PermissionTypes>::Read( - const Message* m, PickleIterator* iter, param_type* r) { - std::string permission; - if (!ReadParam(m, iter, &permission)) - return false; - *r = FileSystemPermission::PermissionStringToType(permission); - - return *r != FileSystemPermission::kNone; -} - -void ParamTraits<FileSystemPermission::PermissionTypes>::Log( - const param_type& p, std::string* l) { - LogParam(std::string("<FileSystemPermission::PermissionTypes>"), l); -} - void ParamTraits<ExtensionMsg_Loaded_Params>::Write(Message* m, const param_type& p) { WriteParam(m, p.location); diff --git a/chrome/common/extensions/extension_messages.h b/chrome/common/extensions/extension_messages.h index a19c722..7b3a211 100644 --- a/chrome/common/extensions/extension_messages.h +++ b/chrome/common/extensions/extension_messages.h @@ -9,8 +9,6 @@ #include "base/values.h" #include "chrome/common/extensions/draggable_region.h" #include "chrome/common/extensions/extension.h" -#include "chrome/common/extensions/permissions/filesystem_permission.h" -#include "chrome/common/extensions/permissions/media_galleries_permission.h" #include "chrome/common/extensions/permissions/permission_set.h" #include "chrome/common/extensions/permissions/socket_permission_data.h" #include "chrome/common/extensions/url_pattern.h" @@ -196,22 +194,6 @@ struct ParamTraits<extensions::SocketPermissionData> { }; template <> -struct ParamTraits<extensions::MediaGalleriesPermission::PermissionTypes> { - typedef extensions::MediaGalleriesPermission::PermissionTypes param_type; - static void Write(Message* m, const param_type& p); - static bool Read(const Message* m, PickleIterator* iter, param_type* r); - static void Log(const param_type& p, std::string* l); -}; - -template <> -struct ParamTraits<extensions::FileSystemPermission::PermissionTypes> { - typedef extensions::FileSystemPermission::PermissionTypes param_type; - static void Write(Message* m, const param_type& p); - static bool Read(const Message* m, PickleIterator* iter, param_type* r); - static void Log(const param_type& p, std::string* l); -}; - -template <> struct ParamTraits<ExtensionMsg_Loaded_Params> { typedef ExtensionMsg_Loaded_Params param_type; static void Write(Message* m, const param_type& p); diff --git a/chrome/common/extensions/extension_unittest.cc b/chrome/common/extensions/extension_unittest.cc index 6a43079..dea6eb3 100644 --- a/chrome/common/extensions/extension_unittest.cc +++ b/chrome/common/extensions/extension_unittest.cc @@ -473,7 +473,7 @@ TEST(ExtensionTest, SocketPermissions) { &error); EXPECT_TRUE(extension == NULL); ASSERT_EQ(ExtensionErrorUtils::FormatErrorMessage( - errors::kInvalidPermission, base::IntToString(0)), error); + errors::kInvalidPermission, "socket"), error); extension = LoadManifest("socket_permissions", "socket2.json"); EXPECT_TRUE(CheckSocketPermission( @@ -901,7 +901,7 @@ TEST_F(ExtensionScriptAndCaptureVisibleTest, Permissions) { &error); EXPECT_TRUE(extension == NULL); EXPECT_EQ(ExtensionErrorUtils::FormatErrorMessage( - errors::kInvalidPermissionScheme, base::IntToString(1)), error); + errors::kInvalidPermissionScheme, "chrome://*/"), error); // Having chrome://favicon/* should not give you chrome://* extension = LoadManifestStrict("script_and_capture", diff --git a/chrome/common/extensions/permissions/api_permission.cc b/chrome/common/extensions/permissions/api_permission.cc index bf06e07..8e95638 100644 --- a/chrome/common/extensions/permissions/api_permission.cc +++ b/chrome/common/extensions/permissions/api_permission.cc @@ -4,8 +4,6 @@ #include "chrome/common/extensions/permissions/api_permission.h" -#include "chrome/common/extensions/permissions/filesystem_permission.h" -#include "chrome/common/extensions/permissions/media_galleries_permission.h" #include "chrome/common/extensions/permissions/permissions_info.h" #include "chrome/common/extensions/permissions/socket_permission.h" #include "grit/generated_resources.h" @@ -309,11 +307,16 @@ void APIPermissionInfo::RegisterAllPermissions( // present. Read-only access is only granted after the user has been shown // a file chooser dialog and selected a file. Selecting the file is // considered consent to read it. - { APIPermission::kFileSystem, "fileSystem", kFlagNone, 0, - PermissionMessage::kNone, &::CreateAPIPermission<FileSystemPermission> }, - { APIPermission::kMediaGalleries, "mediaGalleries", kFlagNone, 0, - PermissionMessage::kNone, - &::CreateAPIPermission<MediaGalleriesPermission> }, + { APIPermission::kFileSystem, "fileSystem" }, + { APIPermission::kFileSystemWrite, "fileSystem.write", kFlagNone, + IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE, + PermissionMessage::kFileSystemWrite }, + { APIPermission::kMediaGalleries, "mediaGalleries" }, + { APIPermission::kMediaGalleriesRead, "mediaGalleries.read" }, + { APIPermission::kMediaGalleriesAllAutoDetected, + "mediaGalleries.allAutoDetected", kFlagNone, + IDS_EXTENSION_PROMPT_WARNING_MEDIA_GALLERIES_ALL_GALLERIES, + PermissionMessage::kMediaGalleriesAllGalleries }, { APIPermission::kPushMessaging, "pushMessaging", kFlagCannotBeOptional }, }; diff --git a/chrome/common/extensions/permissions/api_permission.h b/chrome/common/extensions/permissions/api_permission.h index ace695c..8f14f30 100644 --- a/chrome/common/extensions/permissions/api_permission.h +++ b/chrome/common/extensions/permissions/api_permission.h @@ -67,6 +67,7 @@ class APIPermission { kFileBrowserHandlerInternal, kFileBrowserPrivate, kFileSystem, + kFileSystemWrite, kFontSettings, kGeolocation, kHistory, @@ -76,6 +77,8 @@ class APIPermission { kManagedModePrivate, kManagement, kMediaGalleries, + kMediaGalleriesRead, + kMediaGalleriesAllAutoDetected, kMediaGalleriesPrivate, kMediaPlayerPrivate, kMetricsPrivate, diff --git a/chrome/common/extensions/permissions/api_permission_set.cc b/chrome/common/extensions/permissions/api_permission_set.cc index 4c6d6d0..0211e2a 100644 --- a/chrome/common/extensions/permissions/api_permission_set.cc +++ b/chrome/common/extensions/permissions/api_permission_set.cc @@ -5,8 +5,98 @@ #include "chrome/common/extensions/permissions/api_permission_set.h" #include "base/logging.h" +#include "base/string_number_conversions.h" +#include "base/values.h" +#include "chrome/common/extensions/extension_error_utils.h" +#include "chrome/common/extensions/extension_manifest_constants.h" #include "chrome/common/extensions/permissions/permissions_info.h" +namespace errors = extension_manifest_errors; + +namespace { + +using extensions::PermissionsInfo; +using extensions::APIPermission; +using extensions::APIPermissionInfo; +using extensions::APIPermissionSet; + +bool CreateAPIPermission( + const std::string& permission_str, + const base::Value* permission_value, + APIPermissionSet* api_permissions, + string16* error, + std::vector<std::string>* unhandled_permissions) { + PermissionsInfo* info = PermissionsInfo::GetInstance(); + + const APIPermissionInfo* permission_info = info->GetByName(permission_str); + if (permission_info) { + scoped_ptr<APIPermission> permission( + permission_info->CreateAPIPermission()); + if (!permission->FromValue(permission_value)) { + if (error) { + *error = ExtensionErrorUtils::FormatErrorMessageUTF16( + errors::kInvalidPermission, permission_info->name()); + return false; + } + LOG(WARNING) << "Parse permission failed."; + } else { + api_permissions->insert(permission.release()); + } + return true; + } + + if (unhandled_permissions) + unhandled_permissions->push_back(permission_str); + else + LOG(WARNING) << "Unknown permission[" << permission_str << "]."; + + return true; +} + +bool ParseChildPermissions(const std::string& base_name, + const Value* permission_value, + APIPermissionSet* api_permissions, + string16* error, + std::vector<std::string>* unhandled_permissions) { + if (permission_value) { + const ListValue* permissions; + if (!permission_value->GetAsList(&permissions)) { + if (error) { + *error = ExtensionErrorUtils::FormatErrorMessageUTF16( + errors::kInvalidPermission, base_name); + return false; + } + LOG(WARNING) << "Permission value is not a list."; + // Failed to parse, but since error is NULL, failures are not fatal so + // return true here anyway. + return true; + } + + for (size_t i = 0; i < permissions->GetSize(); ++i) { + std::string permission_str; + if (!permissions->GetString(i, &permission_str)) { + // permission should be a string + if (error) { + *error = ExtensionErrorUtils::FormatErrorMessageUTF16( + errors::kInvalidPermission, + base_name + '.' + base::IntToString(i)); + return false; + } + LOG(WARNING) << "Permission is not a string."; + continue; + } + + if (!CreateAPIPermission(base_name + '.' + permission_str, NULL, + api_permissions, error, unhandled_permissions)) + return false; + } + } + + return CreateAPIPermission(base_name, NULL, api_permissions, error, NULL); +} + +} // namespace + namespace extensions { APIPermissionSet::APIPermissionSet() { @@ -188,4 +278,47 @@ void APIPermissionSet::Union( } } +// static +bool APIPermissionSet::ParseFromJSON( + const ListValue* permissions, + APIPermissionSet* api_permissions, + string16* error, + std::vector<std::string>* unhandled_permissions) { + PermissionsInfo* info = PermissionsInfo::GetInstance(); + for (size_t i = 0; i < permissions->GetSize(); ++i) { + std::string permission_str; + const base::Value* permission_value = NULL; + if (!permissions->GetString(i, &permission_str)) { + const base::DictionaryValue* dict = NULL; + // permission should be a string or a single key dict. + if (!permissions->GetDictionary(i, &dict) || dict->size() != 1) { + if (error) { + *error = ExtensionErrorUtils::FormatErrorMessageUTF16( + errors::kInvalidPermission, base::IntToString(i)); + return false; + } + LOG(WARNING) << "Permission is not a string or single key dict."; + continue; + } + base::DictionaryValue::Iterator it(*dict); + permission_str = it.key(); + permission_value = &it.value(); + } + + // Check if this permission is a special case where its value should + // be treated as a list of child permissions. + if (info->HasChildPermissions(permission_str)) { + if (!ParseChildPermissions(permission_str, permission_value, + api_permissions, error, unhandled_permissions)) + return false; + continue; + } + + if (!CreateAPIPermission(permission_str, permission_value, + api_permissions, error, unhandled_permissions)) + return false; + } + return true; +} + } // namespace extensions diff --git a/chrome/common/extensions/permissions/api_permission_set.h b/chrome/common/extensions/permissions/api_permission_set.h index 13da741..848484e 100644 --- a/chrome/common/extensions/permissions/api_permission_set.h +++ b/chrome/common/extensions/permissions/api_permission_set.h @@ -11,8 +11,14 @@ #include "base/memory/linked_ptr.h" #include "chrome/common/extensions/permissions/api_permission.h" +namespace base { +class ListValue; +} // namespace base + namespace extensions { +class Extension; + typedef std::map<APIPermission::ID, linked_ptr<APIPermission> > APIPermissionMap; @@ -131,6 +137,18 @@ class APIPermissionSet { const APIPermissionSet& set2, APIPermissionSet* set3); + // Parses permissions from |permissions_data| and adds the parsed permissions + // to |api_permissions|. If |unhandled_permissions| is not NULL the names of + // all permissions that couldn't be parsed will be added to this vector. + // If |error| is NULL, parsing will continue with the next permission if + // invalid data is detected. If |error| is not NULL, it will be set to an + // error message and false is returned when an invalid permission is found. + static bool ParseFromJSON( + const base::ListValue* permissions_data, + APIPermissionSet* api_permissions, + string16* error, + std::vector<std::string>* unhandled_permissions); + private: APIPermissionMap map_; }; diff --git a/chrome/common/extensions/permissions/filesystem_permission.cc b/chrome/common/extensions/permissions/filesystem_permission.cc deleted file mode 100644 index 734b647..0000000 --- a/chrome/common/extensions/permissions/filesystem_permission.cc +++ /dev/null @@ -1,204 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "chrome/common/extensions/permissions/filesystem_permission.h" - -#include <algorithm> - -#include "base/logging.h" -#include "base/memory/scoped_ptr.h" -#include "base/stl_util.h" -#include "base/values.h" -#include "chrome/common/extensions/extension.h" -#include "chrome/common/extensions/extension_messages.h" -#include "chrome/common/extensions/permissions/api_permission.h" -#include "chrome/common/extensions/permissions/permission_message.h" -#include "chrome/common/extensions/permissions/permissions_info.h" -#include "grit/generated_resources.h" -#include "ui/base/l10n/l10n_util.h" - -namespace { - -const char kWriteString[] = "write"; -const char kInvalidString[] = "invalid"; - -} // namespace - -namespace extensions { - -FileSystemPermission::FileSystemPermission( - const APIPermissionInfo* info) - : APIPermission(info) { -} - -FileSystemPermission::~FileSystemPermission() { -} - -// static -bool FileSystemPermission::HasReadAccess(const Extension& extension) { - return extension.HasAPIPermission(extensions::APIPermission::kFileSystem); -} - -// static -bool FileSystemPermission::HasWriteAccess(const Extension& extension) { - CheckParam write_param(kWrite); - return extension.CheckAPIPermissionWithParam( - extensions::APIPermission::kFileSystem, &write_param); -} - -// static -FileSystemPermission::PermissionTypes -FileSystemPermission::PermissionStringToType(const std::string& str) { - if (str == kWriteString) - return kWrite; - return kNone; -} - -// static -const char* FileSystemPermission::PermissionTypeToString(PermissionTypes type) { - switch (type) { - case kWrite: - return kWriteString; - default: - NOTREACHED(); - return kInvalidString; - } -} - -bool FileSystemPermission::HasMessages() const { - CheckParam param(kWrite); - return Check(¶m); -} - -PermissionMessages FileSystemPermission::GetMessages() const { - CheckParam param(kWrite); - if (Check(¶m)) { - PermissionMessages result; - result.push_back(PermissionMessage( - PermissionMessage::kFileSystemWrite, - l10n_util::GetStringUTF16( - IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE))); - return result; - } - NOTREACHED(); - PermissionMessages result; - result.push_back(PermissionMessage(PermissionMessage::kUnknown, string16())); - return result; -} - -bool FileSystemPermission::Check( - const APIPermission::CheckParam* param) const { - const CheckParam* filesystem_param = - static_cast<const CheckParam*>(param); - return ContainsKey(permissions_, filesystem_param->permission); -} - -bool FileSystemPermission::Contains(const APIPermission* rhs) const { - CHECK_EQ(rhs->info(), info()); - const FileSystemPermission* perm = - static_cast<const FileSystemPermission*>(rhs); - return std::includes(permissions_.begin(), permissions_.end(), - perm->permissions_.begin(), perm->permissions_.end()); -} - -bool FileSystemPermission::Equal(const APIPermission* rhs) const { - CHECK(rhs->info() == info()); - const FileSystemPermission* perm = - static_cast<const FileSystemPermission*>(rhs); - return permissions_ == perm->permissions_; -} - -bool FileSystemPermission::FromValue(const base::Value* value) { - permissions_.clear(); - - // The simple "fileSystem" form, without an argument, is allowed. - if (!value) - return true; - - const base::ListValue* list = NULL; - if (!value->GetAsList(&list)) - return false; - - for (size_t i = 0; i < list->GetSize(); ++i) { - std::string str; - if (!list->GetString(i, &str)) - return false; - PermissionTypes type = PermissionStringToType(str); - if (type == kNone) // should never be serialized - return false; - permissions_.insert(type); - } - return true; -} - -void FileSystemPermission::ToValue(base::Value** value) const { - base::ListValue* list = new ListValue(); - - for (std::set<PermissionTypes>::const_iterator it = permissions_.begin(); - it != permissions_.end(); - ++it) { - list->Append(base::Value::CreateStringValue(PermissionTypeToString(*it))); - } - *value = list; -} - -APIPermission* FileSystemPermission::Clone() const { - FileSystemPermission* result = new FileSystemPermission(info()); - result->permissions_ = permissions_; - return result; -} - -APIPermission* FileSystemPermission::Diff(const APIPermission* rhs) const { - CHECK(rhs->info() == info()); - const FileSystemPermission* perm = - static_cast<const FileSystemPermission*>(rhs); - scoped_ptr<FileSystemPermission> result( - new FileSystemPermission(info())); - std::set_difference(permissions_.begin(), permissions_.end(), - perm->permissions_.begin(), perm->permissions_.end(), - std::inserter<std::set<PermissionTypes> >( - result->permissions_, result->permissions_.begin())); - return result->permissions_.empty() ? NULL : result.release(); -} - -APIPermission* FileSystemPermission::Union(const APIPermission* rhs) const { - CHECK(rhs->info() == info()); - const FileSystemPermission* perm = - static_cast<const FileSystemPermission*>(rhs); - scoped_ptr<FileSystemPermission> result(new FileSystemPermission(info())); - std::set_union(permissions_.begin(), permissions_.end(), - perm->permissions_.begin(), perm->permissions_.end(), - std::inserter<std::set<PermissionTypes> >( - result->permissions_, result->permissions_.begin())); - return result.release(); -} - -APIPermission* FileSystemPermission::Intersect( - const APIPermission* rhs) const { - CHECK(rhs->info() == info()); - const FileSystemPermission* perm = - static_cast<const FileSystemPermission*>(rhs); - scoped_ptr<FileSystemPermission> result(new FileSystemPermission(info())); - std::set_intersection(permissions_.begin(), permissions_.end(), - perm->permissions_.begin(), perm->permissions_.end(), - std::inserter<std::set<PermissionTypes> >( - result->permissions_, - result->permissions_.begin())); - return result.release(); -} - -void FileSystemPermission::Write(IPC::Message* m) const { - IPC::WriteParam(m, permissions_); -} - -bool FileSystemPermission::Read(const IPC::Message* m, - PickleIterator* iter) { - return IPC::ReadParam(m, iter, &permissions_); -} - -void FileSystemPermission::Log(std::string* log) const { - IPC::LogParam(permissions_, log); -} - -} // namespace diff --git a/chrome/common/extensions/permissions/filesystem_permission.h b/chrome/common/extensions/permissions/filesystem_permission.h deleted file mode 100644 index 62f21de..0000000 --- a/chrome/common/extensions/permissions/filesystem_permission.h +++ /dev/null @@ -1,108 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef CHROME_COMMON_EXTENSIONS_PERMISSIONS_FILESYSTEM_PERMISSION_H_ -#define CHROME_COMMON_EXTENSIONS_PERMISSIONS_FILESYSTEM_PERMISSION_H_ - -#include <set> -#include <string> - -#include "chrome/common/extensions/permissions/api_permission.h" - -namespace extensions { - -class Extension; - -// This file should be merged with others, see http://crbug.com/147531 - -// The default filesystem permission (no permission parameter) grants read -// access to files based on user action, i.e., through a file chooser. - -// <filesystem permissions> -// := 'write' | <filesystem permissions> - -class FileSystemPermission : public APIPermission { - public: - enum PermissionTypes { - kNone = 0, - kWrite, - }; - - struct CheckParam : APIPermission::CheckParam { - explicit CheckParam(PermissionTypes permission) : permission(permission) { - } - PermissionTypes permission; - }; - - explicit FileSystemPermission(const APIPermissionInfo* info); - - virtual ~FileSystemPermission(); - - // Returns true if the passed |extension| has implicit read filesystem - // permission. - static bool HasReadAccess(const Extension& extension); - - // Returns true if the passed |extension| has the write permission parameter. - static bool HasWriteAccess(const Extension& extension); - - // Converts a string to a PermissionType. Return kNone for an unrecognized - // input. - static PermissionTypes PermissionStringToType(const std::string& str); - - // Converts a PermissionType to a string. - static const char* PermissionTypeToString(PermissionTypes type); - - // Returns true if this permission has PermissionMessages. - virtual bool HasMessages() const OVERRIDE; - - // Returns the localized permission messages of this permission. - virtual PermissionMessages GetMessages() const OVERRIDE; - - // Returns true if the given permission in param is allowed. - virtual bool Check( - const APIPermission::CheckParam* param) const OVERRIDE; - - // Returns true if |rhs| is a subset of this. - virtual bool Contains(const APIPermission* rhs) const OVERRIDE; - - // Returns true if |rhs| is equal to this. - virtual bool Equal(const APIPermission* rhs) const OVERRIDE; - - // Parses the rhs from |value|. Returns false if error happens. - virtual bool FromValue(const base::Value* value) OVERRIDE; - - // Stores this into a new created |value|. - virtual void ToValue(base::Value** value) const OVERRIDE; - - // Clones this. - virtual APIPermission* Clone() const OVERRIDE; - - // Returns a new API permission rhs which equals this - |rhs|. - virtual APIPermission* Diff(const APIPermission* rhs) const OVERRIDE; - - // Returns a new API permission rhs which equals the union of this and - // |rhs|. - virtual APIPermission* Union(const APIPermission* rhs) const OVERRIDE; - - // Returns a new API permission rhs which equals the intersect of this and - // |rhs|. - virtual APIPermission* Intersect(const APIPermission* rhs) const OVERRIDE; - - // IPC functions - // Writes this into the given IPC message |m|. - virtual void Write(IPC::Message* m) const OVERRIDE; - - // Reads from the given IPC message |m|. - virtual bool Read(const IPC::Message* m, PickleIterator* iter) OVERRIDE; - - // Logs this rhs. - virtual void Log(std::string* log) const OVERRIDE; - - private: - std::set<PermissionTypes> permissions_; -}; - -} // namespace extensions - -#endif // CHROME_COMMON_EXTENSIONS_PERMISSIONS_FILESYSTEM_PERMISSION_H_ diff --git a/chrome/common/extensions/permissions/media_galleries_permission.cc b/chrome/common/extensions/permissions/media_galleries_permission.cc deleted file mode 100644 index f0ba097..0000000 --- a/chrome/common/extensions/permissions/media_galleries_permission.cc +++ /dev/null @@ -1,217 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "chrome/common/extensions/permissions/media_galleries_permission.h" - -#include <algorithm> - -#include "base/logging.h" -#include "base/memory/scoped_ptr.h" -#include "base/stl_util.h" -#include "base/values.h" -#include "chrome/common/extensions/extension.h" -#include "chrome/common/extensions/extension_messages.h" -#include "chrome/common/extensions/permissions/api_permission.h" -#include "chrome/common/extensions/permissions/permission_message.h" -#include "chrome/common/extensions/permissions/permissions_info.h" -#include "grit/generated_resources.h" -#include "ui/base/l10n/l10n_util.h" - -namespace { - -const char kAllAutoDetectedString[] = "allAutoDetected"; -const char kAllAutoDetectedAliasString[] = "all-auto-detected"; -const char kReadString[] = "read"; -const char kInvalidString[] = "invalid"; - -} // namespace - -namespace extensions { - -MediaGalleriesPermission::MediaGalleriesPermission( - const APIPermissionInfo* info) - : APIPermission(info) { -} - -MediaGalleriesPermission::~MediaGalleriesPermission() { -} - -// static -bool MediaGalleriesPermission::HasReadAccess(const Extension& extension) { - CheckParam read_param(kRead); - return extension.CheckAPIPermissionWithParam( - extensions::APIPermission::kMediaGalleries, &read_param); -} - -// static -bool MediaGalleriesPermission::HasAllGalleriesAccess( - const Extension& extension) { - CheckParam all_param(kAllAutoDetected); - return extension.CheckAPIPermissionWithParam( - extensions::APIPermission::kMediaGalleries, &all_param); -} - -// static -MediaGalleriesPermission::PermissionTypes -MediaGalleriesPermission::PermissionStringToType(const std::string& str) { - if (str == kAllAutoDetectedString) - return kAllAutoDetected; - if (str == kAllAutoDetectedAliasString) - return kAllAutoDetected; - if (str == kReadString) - return kRead; - return kNone; -} - -// static -const char* MediaGalleriesPermission::PermissionTypeToString( - PermissionTypes type) { - switch (type) { - case kAllAutoDetected: - return kAllAutoDetectedString; - case kRead: - return kReadString; - default: - NOTREACHED(); - return kInvalidString; - } -} - -bool MediaGalleriesPermission::HasMessages() const { - CheckParam param(kAllAutoDetected); - return Check(¶m); -} - -PermissionMessages MediaGalleriesPermission::GetMessages() const { - CheckParam param(kAllAutoDetected); - if (Check(¶m)) { - PermissionMessages result; - result.push_back(PermissionMessage( - PermissionMessage::kMediaGalleriesAllGalleries, - l10n_util::GetStringUTF16( - IDS_EXTENSION_PROMPT_WARNING_MEDIA_GALLERIES_ALL_GALLERIES))); - return result; - } - NOTREACHED(); - PermissionMessages result; - result.push_back(PermissionMessage(PermissionMessage::kUnknown, string16())); - return result; -} - -bool MediaGalleriesPermission::Check( - const APIPermission::CheckParam* param) const { - const CheckParam* media_galleries_param = - static_cast<const CheckParam*>(param); - return ContainsKey(permissions_, media_galleries_param->permission); -} - -bool MediaGalleriesPermission::Contains(const APIPermission* rhs) const { - CHECK_EQ(rhs->info(), info()); - const MediaGalleriesPermission* perm = - static_cast<const MediaGalleriesPermission*>(rhs); - return std::includes(permissions_.begin(), permissions_.end(), - perm->permissions_.begin(), perm->permissions_.end()); -} - -bool MediaGalleriesPermission::Equal(const APIPermission* rhs) const { - CHECK(rhs->info() == info()); - const MediaGalleriesPermission* perm = - static_cast<const MediaGalleriesPermission*>(rhs); - return permissions_ == perm->permissions_; -} - -bool MediaGalleriesPermission::FromValue(const base::Value* value) { - permissions_.clear(); - - if (!value) - return false; - - const base::ListValue* list = NULL; - if (!value->GetAsList(&list) || list->GetSize() == 0) - return false; - - for (size_t i = 0; i < list->GetSize(); ++i) { - std::string str; - if (!list->GetString(i, &str)) - return false; - PermissionTypes type = PermissionStringToType(str); - if (type == kNone) - return false; - permissions_.insert(type); - } - return true; -} - -void MediaGalleriesPermission::ToValue(base::Value** value) const { - base::ListValue* list = new ListValue(); - - for (std::set<PermissionTypes>::const_iterator it = permissions_.begin(); - it != permissions_.end(); - ++it) { - list->Append(base::Value::CreateStringValue(PermissionTypeToString(*it))); - } - *value = list; -} - -APIPermission* MediaGalleriesPermission::Clone() const { - MediaGalleriesPermission* result = new MediaGalleriesPermission(info()); - result->permissions_ = permissions_; - return result; -} - -APIPermission* MediaGalleriesPermission::Diff(const APIPermission* rhs) const { - CHECK(rhs->info() == info()); - const MediaGalleriesPermission* perm = - static_cast<const MediaGalleriesPermission*>(rhs); - scoped_ptr<MediaGalleriesPermission> result( - new MediaGalleriesPermission(info())); - std::set_difference(permissions_.begin(), permissions_.end(), - perm->permissions_.begin(), perm->permissions_.end(), - std::inserter<std::set<PermissionTypes> >( - result->permissions_, result->permissions_.begin())); - return result->permissions_.empty() ? NULL : result.release(); -} - -APIPermission* MediaGalleriesPermission::Union(const APIPermission* rhs) const { - CHECK(rhs->info() == info()); - const MediaGalleriesPermission* perm = - static_cast<const MediaGalleriesPermission*>(rhs); - scoped_ptr<MediaGalleriesPermission> result( - new MediaGalleriesPermission(info())); - std::set_union(permissions_.begin(), permissions_.end(), - perm->permissions_.begin(), perm->permissions_.end(), - std::inserter<std::set<PermissionTypes> >( - result->permissions_, result->permissions_.begin())); - return result->permissions_.empty() ? NULL : result.release(); -} - -APIPermission* MediaGalleriesPermission::Intersect( - const APIPermission* rhs) const { - CHECK(rhs->info() == info()); - const MediaGalleriesPermission* perm = - static_cast<const MediaGalleriesPermission*>(rhs); - scoped_ptr<MediaGalleriesPermission> result( - new MediaGalleriesPermission(info())); - std::set_intersection(permissions_.begin(), permissions_.end(), - perm->permissions_.begin(), perm->permissions_.end(), - std::inserter<std::set<PermissionTypes> >( - result->permissions_, - result->permissions_.begin())); - return result->permissions_.empty() ? NULL : result.release(); -} - -void MediaGalleriesPermission::Write(IPC::Message* m) const { - IPC::WriteParam(m, permissions_); -} - -bool MediaGalleriesPermission::Read(const IPC::Message* m, - PickleIterator* iter) { - return IPC::ReadParam(m, iter, &permissions_); -} - -void MediaGalleriesPermission::Log(std::string* log) const { - IPC::LogParam(permissions_, log); -} - -} // namespace extensions diff --git a/chrome/common/extensions/permissions/media_galleries_permission.h b/chrome/common/extensions/permissions/media_galleries_permission.h deleted file mode 100644 index c575d5f..0000000 --- a/chrome/common/extensions/permissions/media_galleries_permission.h +++ /dev/null @@ -1,127 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef CHROME_COMMON_EXTENSIONS_PERMISSIONS_MEDIA_GALLERIES_PERMISSION_H_ -#define CHROME_COMMON_EXTENSIONS_PERMISSIONS_MEDIA_GALLERIES_PERMISSION_H_ - -#include <set> -#include <string> - -#include "chrome/common/extensions/permissions/api_permission.h" - -namespace base { -class Value; -} - -namespace IPC { -class Message; -} - -namespace extensions { - -class Extension; - -// There's room to share code with related classes, see http://crbug.com/147531 - -// There are two kinds of media galleries permissions, location permissions -// and access type permissions. -// -// The default location permission (no permission parameter) does not grant -// access to any galleries, but lets the user grant access on a per gallery -// basis. The other location permission "allAutoDetected" gives the user -// access to all auto detected galleries. This includes per platform default -// galleries and removable devices that are detected as media devices. -// -// Access type will include several different types in the future, but right -// now we only have one access type, "read." Future access types may include -// "write," "delete," and "add-file." -// -// <media galleries permissions> -// := 'allAutoDetected' | 'read' | <media galleries permissions> - -class MediaGalleriesPermission : public APIPermission { - public: - enum PermissionTypes { - kNone = 0, - kAllAutoDetected, - kRead, - }; - - struct CheckParam : APIPermission::CheckParam { - explicit CheckParam(PermissionTypes permission) : permission(permission) { - } - PermissionTypes permission; - }; - - explicit MediaGalleriesPermission(const APIPermissionInfo* info); - - virtual ~MediaGalleriesPermission(); - - // Returns true if the passed |extension| has the read permission parameter. - static bool HasReadAccess(const Extension& extension); - - // Returns true if the passed |extension| has the all galleries permission - // parameter. - static bool HasAllGalleriesAccess(const Extension& extension); - - // Converts a string to a PermissionType. Return kNone for an unrecognized - // input. - static PermissionTypes PermissionStringToType(const std::string& str); - - // Converts a PermissionType to a string. - static const char* PermissionTypeToString(PermissionTypes type); - - // Returns true if this permission has PermissionMessages. - virtual bool HasMessages() const OVERRIDE; - - // Returns the localized permission messages of this permission. - virtual PermissionMessages GetMessages() const OVERRIDE; - - // Returns true if the given permission in param is allowed. - virtual bool Check( - const APIPermission::CheckParam* param) const OVERRIDE; - - // Returns true if |rhs| is a subset of this. - virtual bool Contains(const APIPermission* rhs) const OVERRIDE; - - // Returns true if |rhs| is equal to this. - virtual bool Equal(const APIPermission* rhs) const OVERRIDE; - - // Parses the rhs from |value|. Returns false if error happens. - virtual bool FromValue(const base::Value* value) OVERRIDE; - - // Stores this into a new created |value|. - virtual void ToValue(base::Value** value) const OVERRIDE; - - // Clones this. - virtual APIPermission* Clone() const OVERRIDE; - - // Returns a new API permission rhs which equals this - |rhs|. - virtual APIPermission* Diff(const APIPermission* rhs) const OVERRIDE; - - // Returns a new API permission rhs which equals the union of this and - // |rhs|. - virtual APIPermission* Union(const APIPermission* rhs) const OVERRIDE; - - // Returns a new API permission rhs which equals the intersect of this and - // |rhs|. - virtual APIPermission* Intersect(const APIPermission* rhs) const OVERRIDE; - - // IPC functions - // Writes this into the given IPC message |m|. - virtual void Write(IPC::Message* m) const OVERRIDE; - - // Reads from the given IPC message |m|. - virtual bool Read(const IPC::Message* m, PickleIterator* iter) OVERRIDE; - - // Logs this rhs. - virtual void Log(std::string* log) const OVERRIDE; - - private: - std::set<PermissionTypes> permissions_; -}; - -} // namespace extensions - -#endif // CHROME_COMMON_EXTENSIONS_PERMISSIONS_MEDIA_GALLERIES_PERMISSION_H_ diff --git a/chrome/common/extensions/permissions/permission_set_unittest.cc b/chrome/common/extensions/permissions/permission_set_unittest.cc index c0de819..1f5b7dd 100644 --- a/chrome/common/extensions/permissions/permission_set_unittest.cc +++ b/chrome/common/extensions/permissions/permission_set_unittest.cc @@ -689,6 +689,7 @@ TEST(PermissionsTest, PermissionMessages) { // These permissions require explicit user action (configuration dialog) // so we don't prompt for them at install time. skip.insert(APIPermission::kMediaGalleries); + skip.insert(APIPermission::kMediaGalleriesRead); // If you've turned on the experimental command-line flag, we don't need // to warn you further. diff --git a/chrome/common/extensions/permissions/permissions_info.cc b/chrome/common/extensions/permissions/permissions_info.cc index 61fb423..a7be3e1 100644 --- a/chrome/common/extensions/permissions/permissions_info.cc +++ b/chrome/common/extensions/permissions/permissions_info.cc @@ -5,6 +5,7 @@ #include "chrome/common/extensions/permissions/permissions_info.h" #include "base/logging.h" +#include "base/string_util.h" namespace extensions { @@ -44,6 +45,12 @@ APIPermissionSet PermissionsInfo::GetAllByName( return permissions; } +bool PermissionsInfo::HasChildPermissions(const std::string& name) const { + NameMap::const_iterator i = name_map_.lower_bound(name + '.'); + if (i == name_map_.end()) return false; + return StartsWithASCII(i->first, name + '.', true); +} + PermissionsInfo::~PermissionsInfo() { for (IDMap::iterator i = id_map_.begin(); i != id_map_.end(); ++i) delete i->second; diff --git a/chrome/common/extensions/permissions/permissions_info.h b/chrome/common/extensions/permissions/permissions_info.h index 3a8be85..e79abb4 100644 --- a/chrome/common/extensions/permissions/permissions_info.h +++ b/chrome/common/extensions/permissions/permissions_info.h @@ -38,6 +38,10 @@ class PermissionsInfo { APIPermissionSet GetAllByName( const std::set<std::string>& permission_names) const; + // Checks if any permissions have names that start with |name| followed by a + // period. + bool HasChildPermissions(const std::string& name) const; + // Gets the total number of API permissions. size_t get_permission_count() const { return permission_count_; } diff --git a/chrome/test/data/extensions/api_test/file_system/get_writable_file_entry/test.js b/chrome/test/data/extensions/api_test/file_system/get_writable_file_entry/test.js index d016da7..f3a55c4 100644 --- a/chrome/test/data/extensions/api_test/file_system/get_writable_file_entry/test.js +++ b/chrome/test/data/extensions/api_test/file_system/get_writable_file_entry/test.js @@ -9,7 +9,7 @@ chrome.test.runTests([ // Test that we cannot get a writable entry when we don't have permission // to. chrome.fileSystem.getWritableEntry(entry, chrome.test.callbackFail( - 'Operation requires fileSystemWrite permission', function() {})); + 'Operation requires fileSystem.write permission', function() {})); })); } ]); diff --git a/chrome/test/data/extensions/api_test/file_system/open_writable_existing/test.js b/chrome/test/data/extensions/api_test/file_system/open_writable_existing/test.js index c05bb39..d0a8cd9 100644 --- a/chrome/test/data/extensions/api_test/file_system/open_writable_existing/test.js +++ b/chrome/test/data/extensions/api_test/file_system/open_writable_existing/test.js @@ -6,7 +6,7 @@ chrome.test.runTests([ function openFile() { chrome.fileSystem.chooseEntry({type: 'openWritableFile'}, chrome.test.callbackFail( - 'Operation requires fileSystemWrite permission', + 'Operation requires fileSystem.write permission', function(entry) {})); } ]); diff --git a/chrome/test/data/extensions/api_test/file_system/save_existing/test.js b/chrome/test/data/extensions/api_test/file_system/save_existing/test.js index b6e633d..79c8921 100644 --- a/chrome/test/data/extensions/api_test/file_system/save_existing/test.js +++ b/chrome/test/data/extensions/api_test/file_system/save_existing/test.js @@ -5,6 +5,6 @@ chrome.test.runTests([ function saveFile() { chrome.fileSystem.chooseEntry({type: 'saveFile'}, chrome.test.callbackFail( - 'Operation requires fileSystemWrite permission', function() {})); + 'Operation requires fileSystem.write permission', function() {})); } ]); diff --git a/chrome/test/data/extensions/api_test/file_system/save_new/test.js b/chrome/test/data/extensions/api_test/file_system/save_new/test.js index b6e633d..79c8921 100644 --- a/chrome/test/data/extensions/api_test/file_system/save_new/test.js +++ b/chrome/test/data/extensions/api_test/file_system/save_new/test.js @@ -5,6 +5,6 @@ chrome.test.runTests([ function saveFile() { chrome.fileSystem.chooseEntry({type: 'saveFile'}, chrome.test.callbackFail( - 'Operation requires fileSystemWrite permission', function() {})); + 'Operation requires fileSystem.write permission', function() {})); } ]); |