summaryrefslogtreecommitdiffstats
path: root/extensions/common/permissions
diff options
context:
space:
mode:
authorryoh <ryoh@chromium.org>2016-02-14 18:14:19 -0800
committerCommit bot <commit-bot@chromium.org>2016-02-15 02:15:31 +0000
commitf2076791a3ed010fcacba4bb4e14bc2844c6813e (patch)
treeac8c6d0b73a52de9b4be631d1afa27c93f215de9 /extensions/common/permissions
parentee522d4758a5084b46311b802d6791e7e5953c31 (diff)
downloadchromium_src-f2076791a3ed010fcacba4bb4e14bc2844c6813e.zip
chromium_src-f2076791a3ed010fcacba4bb4e14bc2844c6813e.tar.gz
chromium_src-f2076791a3ed010fcacba4bb4e14bc2844c6813e.tar.bz2
introduce a permission without sub-permissions in mediaGalleries API
We use mediaGalleries.getMetadata API to fetch media metadata in our Files.app(Chrome OS FileManager). We pass the blob object(~binary data) to the API, so we don't need any permissions. This API has "read" permission, but this permission means "reading files in the MediaGallery", but we don't read it - the blob objects we pass is from filesystem, not from MediaGallery. We need "empty" permissions, but if we pass a empty list as permissions, it causes permission error and the app doesn't start at all. In this patch, I introduce a permission without sub-permissions, and you can specify this permission in a manifest file like: > "mediaGalleries", https://developer.chrome.com/apps/mediaGalleries BUG=581614 Review URL: https://codereview.chromium.org/1643183002 Cr-Commit-Position: refs/heads/master@{#375400}
Diffstat (limited to 'extensions/common/permissions')
-rw-r--r--extensions/common/permissions/media_galleries_permission.h4
-rw-r--r--extensions/common/permissions/set_disjunction_permission.h9
-rw-r--r--extensions/common/permissions/socket_permission.cc15
-rw-r--r--extensions/common/permissions/socket_permission.h6
-rw-r--r--extensions/common/permissions/usb_device_permission.cc15
-rw-r--r--extensions/common/permissions/usb_device_permission.h5
6 files changed, 52 insertions, 2 deletions
diff --git a/extensions/common/permissions/media_galleries_permission.h b/extensions/common/permissions/media_galleries_permission.h
index 870a0a9..40a2277 100644
--- a/extensions/common/permissions/media_galleries_permission.h
+++ b/extensions/common/permissions/media_galleries_permission.h
@@ -21,6 +21,10 @@ namespace extensions {
// 'delete' <tertiary-access>
// <tertiary-access>
// := 'copyTo' | 'copyTo' <tertiary-access>
+// An example of a line for mediaGalleries permissions in a manifest file:
+// {"mediaGalleries": "read delete"},
+// We also allow a permission without any sub-permissions:
+// "mediaGalleries",
class MediaGalleriesPermission
: public SetDisjunctionPermission<MediaGalleriesPermissionData,
MediaGalleriesPermission> {
diff --git a/extensions/common/permissions/set_disjunction_permission.h b/extensions/common/permissions/set_disjunction_permission.h
index 0e97e9d..ce1c6ee 100644
--- a/extensions/common/permissions/set_disjunction_permission.h
+++ b/extensions/common/permissions/set_disjunction_permission.h
@@ -105,9 +105,14 @@ class SetDisjunctionPermission : public APIPermission {
data_set_.clear();
const base::ListValue* list = NULL;
- if (!value || !value->GetAsList(&list) || list->GetSize() == 0) {
+ if (!value) {
+ // treat null as an empty list.
+ return true;
+ }
+
+ if (!value->GetAsList(&list)) {
if (error)
- *error = "NULL or empty permission list";
+ *error = "Cannot parse the permission list. It's not a list.";
return false;
}
diff --git a/extensions/common/permissions/socket_permission.cc b/extensions/common/permissions/socket_permission.cc
index c2ca223..a8e5c18 100644
--- a/extensions/common/permissions/socket_permission.cc
+++ b/extensions/common/permissions/socket_permission.cc
@@ -38,6 +38,21 @@ SocketPermission::SocketPermission(const APIPermissionInfo* info)
SocketPermission::~SocketPermission() {}
+bool SocketPermission::FromValue(
+ const base::Value* value,
+ std::string* error,
+ std::vector<std::string>* unhandled_permissions) {
+ bool parsed_ok = SetDisjunctionPermission<
+ SocketPermissionData, SocketPermission>::FromValue(value, error,
+ unhandled_permissions);
+ if (parsed_ok && data_set_.empty()) {
+ if (error)
+ *error = "NULL or empty permission list";
+ return false;
+ }
+ return parsed_ok;
+}
+
PermissionIDSet SocketPermission::GetPermissions() const {
PermissionIDSet ids;
SocketPermissionEntrySet entries = ExtractSocketEntries(data_set_);
diff --git a/extensions/common/permissions/socket_permission.h b/extensions/common/permissions/socket_permission.h
index 01be06c..590ed5d 100644
--- a/extensions/common/permissions/socket_permission.h
+++ b/extensions/common/permissions/socket_permission.h
@@ -30,6 +30,12 @@ class SocketPermission
~SocketPermission() override;
+ // SetDisjunctionPermission overrides.
+ bool FromValue(const base::Value* value,
+ std::string* error,
+ std::vector<std::string>* unhandled_permissions) override;
+
+ // APIPermission overrides
PermissionIDSet GetPermissions() const override;
};
diff --git a/extensions/common/permissions/usb_device_permission.cc b/extensions/common/permissions/usb_device_permission.cc
index ab279b6..fd94783 100644
--- a/extensions/common/permissions/usb_device_permission.cc
+++ b/extensions/common/permissions/usb_device_permission.cc
@@ -25,6 +25,21 @@ UsbDevicePermission::UsbDevicePermission(const APIPermissionInfo* info)
UsbDevicePermission::~UsbDevicePermission() {}
+bool UsbDevicePermission::FromValue(
+ const base::Value* value,
+ std::string* error,
+ std::vector<std::string>* unhandled_permissions) {
+ bool parsed_ok =
+ SetDisjunctionPermission<UsbDevicePermissionData, UsbDevicePermission>::
+ FromValue(value, error, unhandled_permissions);
+ if (parsed_ok && data_set_.empty()) {
+ if (error)
+ *error = "NULL or empty permission list";
+ return false;
+ }
+ return parsed_ok;
+}
+
PermissionIDSet UsbDevicePermission::GetPermissions() const {
PermissionIDSet ids;
diff --git a/extensions/common/permissions/usb_device_permission.h b/extensions/common/permissions/usb_device_permission.h
index 7cba580..2658011 100644
--- a/extensions/common/permissions/usb_device_permission.h
+++ b/extensions/common/permissions/usb_device_permission.h
@@ -30,6 +30,11 @@ class UsbDevicePermission
explicit UsbDevicePermission(const APIPermissionInfo* info);
~UsbDevicePermission() override;
+ // SetDisjunctionPermission overrides.
+ bool FromValue(const base::Value* value,
+ std::string* error,
+ std::vector<std::string>* unhandled_permissions) override;
+
// APIPermission overrides
PermissionIDSet GetPermissions() const override;
};