2 files changed, 44 insertions, 12 deletions

diff --git a/chrome/browser/extensions/api/permissions/permissions_api_helpers.cc b/chrome/browser/extensions/api/permissions/permissions_api_helpers.cc
index 6168852..2400d5c 100644
--- a/chrome/browser/extensions/api/permissions/permissions_api_helpers.cc
+++ b/chrome/browser/extensions/api/permissions/permissions_api_helpers.cc
@@ -4,12 +4,14 @@
 
 #include "chrome/browser/extensions/api/permissions/permissions_api_helpers.h"
 
+#include "base/json/json_reader.h"
 #include "base/values.h"
 #include "chrome/common/extensions/api/permissions.h"
 #include "chrome/common/extensions/extension.h"
 #include "chrome/common/extensions/permissions/bluetooth_device_permission.h"
 #include "chrome/common/extensions/permissions/permission_set.h"
 #include "chrome/common/extensions/permissions/permissions_info.h"
+#include "chrome/common/extensions/permissions/usb_device_permission.h"
 #include "extensions/common/error_utils.h"
 #include "extensions/common/url_pattern_set.h"
 
@@ -25,12 +27,14 @@ namespace permissions_api_helpers {
 
 namespace {
 
+const char kInvalidParameter[] =
+    "Invalid argument for permission '*'.";
 const char kInvalidOrigin[] =
     "Invalid value for origin pattern *: *";
 const char kUnknownPermissionError[] =
     "'*' is not a recognized permission.";
-const char kNonBluetoothPermissionWithArgument[] =
-    "Only the bluetoothDevice permission supports arguments.";
+const char kUnsupportedPermissionId[] =
+    "Only the bluetoothDevice and usbDevice permissions support arguments.";
 
 }  // namespace
 
@@ -68,20 +72,36 @@ scoped_refptr<PermissionSet> UnpackPermissionSet(
         std::string permission_name = it->substr(0, delimiter);
         std::string permission_arg = it->substr(delimiter + 1);
 
-        // Restrict this to the bluetoothDevice permission for now, to
-        // discourage the use of this style of permission spreading until it is
-        // better supported.
-        const APIPermissionInfo* permission_info = info->GetByID(
-            APIPermission::kBluetoothDevice);
-        if (permission_name != permission_info->name()) {
-          *error = kNonBluetoothPermissionWithArgument;
+        scoped_ptr<base::Value> permission_json(
+            base::JSONReader::Read(permission_arg));
+        if (!permission_json.get()) {
+          *error = ErrorUtils::FormatErrorMessage(kInvalidParameter, *it);
           return NULL;
         }
 
-        BluetoothDevicePermission *permission =
-            new BluetoothDevicePermission(permission_info);
-        permission->AddDevicesFromString(permission_arg);
+        APIPermission* permission = NULL;
+
+        // Explicitly check the permissions that accept arguments until the bug
+        // referenced above is fixed.
+        const APIPermissionInfo* bluetooth_device_permission_info =
+            info->GetByID(APIPermission::kBluetoothDevice);
+        const APIPermissionInfo* usb_device_permission_info =
+            info->GetByID(APIPermission::kUsbDevice);
+        if (permission_name == bluetooth_device_permission_info->name()) {
+          permission = new BluetoothDevicePermission(
+              bluetooth_device_permission_info);
+        } else if (permission_name == usb_device_permission_info->name()) {
+          permission = new UsbDevicePermission(usb_device_permission_info);
+        } else {
+          *error = kUnsupportedPermissionId;
+          return NULL;
+        }
 
+        CHECK(permission);
+        if (!permission->FromValue(permission_json.get())) {
+          *error = ErrorUtils::FormatErrorMessage(kInvalidParameter, *it);
+          return NULL;
+        }
         apis.insert(permission);
       } else {
         const APIPermissionInfo* permission_info = info->GetByName(*it);
diff --git a/chrome/browser/extensions/api/usb/usb_api.cc b/chrome/browser/extensions/api/usb/usb_api.cc
index 9fa26cf..1b2d7b6 100644
--- a/chrome/browser/extensions/api/usb/usb_api.cc
+++ b/chrome/browser/extensions/api/usb/usb_api.cc
@@ -14,6 +14,7 @@
 #include "chrome/browser/usb/usb_service.h"
 #include "chrome/browser/usb/usb_service_factory.h"
 #include "chrome/common/extensions/api/usb.h"
+#include "chrome/common/extensions/permissions/usb_device_permission.h"
 
 namespace BulkTransfer = extensions::api::usb::BulkTransfer;
 namespace ClaimInterface = extensions::api::usb::ClaimInterface;
@@ -68,6 +69,8 @@ static const char* kErrorConvertRecipient = "Invalid transfer recipient.";
 static const char* kErrorConvertRequestType = "Invalid request type.";
 static const char* kErrorMalformedParameters = "Error parsing parameters.";
 static const char* kErrorNoDevice = "No such device.";
+static const char* kErrorPermissionDenied =
+    "Permission to access device was denied";
 
 static UsbDevice* device_for_test_ = NULL;
 
@@ -298,6 +301,15 @@ void UsbFindDevicesFunction::AsyncWorkStart() {
     return;
   }
 
+  UsbDevicePermission::CheckParam param(
+      parameters_->vendor_id, parameters_->product_id);
+  if (!GetExtension()->CheckAPIPermissionWithParam(
+        APIPermission::kUsbDevice, &param)) {
+    LOG(WARNING) << "Insufficient permissions to access device.";
+    CompleteWithError(kErrorPermissionDenied);
+    return;
+  }
+
   UsbService* const service = UsbServiceFactory::GetInstance()->GetForProfile(
       profile());
   if (!service) {