From f2076791a3ed010fcacba4bb4e14bc2844c6813e Mon Sep 17 00:00:00 2001 From: ryoh Date: Sun, 14 Feb 2016 18:14:19 -0800 Subject: introduce a permission without sub-permissions in mediaGalleries API We use mediaGalleries.getMetadata API to fetch media metadata in our Files.app(Chrome OS FileManager). We pass the blob object(~binary data) to the API, so we don't need any permissions. This API has "read" permission, but this permission means "reading files in the MediaGallery", but we don't read it - the blob objects we pass is from filesystem, not from MediaGallery. We need "empty" permissions, but if we pass a empty list as permissions, it causes permission error and the app doesn't start at all. In this patch, I introduce a permission without sub-permissions, and you can specify this permission in a manifest file like: > "mediaGalleries", https://developer.chrome.com/apps/mediaGalleries BUG=581614 Review URL: https://codereview.chromium.org/1643183002 Cr-Commit-Position: refs/heads/master@{#375400} --- .../common/permissions/media_galleries_permission.h | 4 ++++ .../common/permissions/set_disjunction_permission.h | 9 +++++++-- extensions/common/permissions/socket_permission.cc | 15 +++++++++++++++ extensions/common/permissions/socket_permission.h | 6 ++++++ extensions/common/permissions/usb_device_permission.cc | 15 +++++++++++++++ extensions/common/permissions/usb_device_permission.h | 5 +++++ 6 files changed, 52 insertions(+), 2 deletions(-) (limited to 'extensions/common') diff --git a/extensions/common/permissions/media_galleries_permission.h b/extensions/common/permissions/media_galleries_permission.h index 870a0a9..40a2277 100644 --- a/extensions/common/permissions/media_galleries_permission.h +++ b/extensions/common/permissions/media_galleries_permission.h @@ -21,6 +21,10 @@ namespace extensions { // 'delete' // // := 'copyTo' | 'copyTo' +// An example of a line for mediaGalleries permissions in a manifest file: +// {"mediaGalleries": "read delete"}, +// We also allow a permission without any sub-permissions: +// "mediaGalleries", class MediaGalleriesPermission : public SetDisjunctionPermission { diff --git a/extensions/common/permissions/set_disjunction_permission.h b/extensions/common/permissions/set_disjunction_permission.h index 0e97e9d..ce1c6ee 100644 --- a/extensions/common/permissions/set_disjunction_permission.h +++ b/extensions/common/permissions/set_disjunction_permission.h @@ -105,9 +105,14 @@ class SetDisjunctionPermission : public APIPermission { data_set_.clear(); const base::ListValue* list = NULL; - if (!value || !value->GetAsList(&list) || list->GetSize() == 0) { + if (!value) { + // treat null as an empty list. + return true; + } + + if (!value->GetAsList(&list)) { if (error) - *error = "NULL or empty permission list"; + *error = "Cannot parse the permission list. It's not a list."; return false; } diff --git a/extensions/common/permissions/socket_permission.cc b/extensions/common/permissions/socket_permission.cc index c2ca223..a8e5c18 100644 --- a/extensions/common/permissions/socket_permission.cc +++ b/extensions/common/permissions/socket_permission.cc @@ -38,6 +38,21 @@ SocketPermission::SocketPermission(const APIPermissionInfo* info) SocketPermission::~SocketPermission() {} +bool SocketPermission::FromValue( + const base::Value* value, + std::string* error, + std::vector* unhandled_permissions) { + bool parsed_ok = SetDisjunctionPermission< + SocketPermissionData, SocketPermission>::FromValue(value, error, + unhandled_permissions); + if (parsed_ok && data_set_.empty()) { + if (error) + *error = "NULL or empty permission list"; + return false; + } + return parsed_ok; +} + PermissionIDSet SocketPermission::GetPermissions() const { PermissionIDSet ids; SocketPermissionEntrySet entries = ExtractSocketEntries(data_set_); diff --git a/extensions/common/permissions/socket_permission.h b/extensions/common/permissions/socket_permission.h index 01be06c..590ed5d 100644 --- a/extensions/common/permissions/socket_permission.h +++ b/extensions/common/permissions/socket_permission.h @@ -30,6 +30,12 @@ class SocketPermission ~SocketPermission() override; + // SetDisjunctionPermission overrides. + bool FromValue(const base::Value* value, + std::string* error, + std::vector* unhandled_permissions) override; + + // APIPermission overrides PermissionIDSet GetPermissions() const override; }; diff --git a/extensions/common/permissions/usb_device_permission.cc b/extensions/common/permissions/usb_device_permission.cc index ab279b6..fd94783 100644 --- a/extensions/common/permissions/usb_device_permission.cc +++ b/extensions/common/permissions/usb_device_permission.cc @@ -25,6 +25,21 @@ UsbDevicePermission::UsbDevicePermission(const APIPermissionInfo* info) UsbDevicePermission::~UsbDevicePermission() {} +bool UsbDevicePermission::FromValue( + const base::Value* value, + std::string* error, + std::vector* unhandled_permissions) { + bool parsed_ok = + SetDisjunctionPermission:: + FromValue(value, error, unhandled_permissions); + if (parsed_ok && data_set_.empty()) { + if (error) + *error = "NULL or empty permission list"; + return false; + } + return parsed_ok; +} + PermissionIDSet UsbDevicePermission::GetPermissions() const { PermissionIDSet ids; diff --git a/extensions/common/permissions/usb_device_permission.h b/extensions/common/permissions/usb_device_permission.h index 7cba580..2658011 100644 --- a/extensions/common/permissions/usb_device_permission.h +++ b/extensions/common/permissions/usb_device_permission.h @@ -30,6 +30,11 @@ class UsbDevicePermission explicit UsbDevicePermission(const APIPermissionInfo* info); ~UsbDevicePermission() override; + // SetDisjunctionPermission overrides. + bool FromValue(const base::Value* value, + std::string* error, + std::vector* unhandled_permissions) override; + // APIPermission overrides PermissionIDSet GetPermissions() const override; }; -- cgit v1.1