| // Copyright 2014 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "extensions/common/permissions/extensions_api_permissions.h" |
| |
| #include <stddef.h> |
| |
| #include <memory> |
| |
| #include "extensions/common/api/declarative_net_request/constants.h" |
| #include "extensions/common/permissions/api_permission.h" |
| #include "extensions/common/permissions/socket_permission.h" |
| #include "extensions/common/permissions/usb_device_permission.h" |
| |
| namespace extensions { |
| namespace api_permissions { |
| |
| namespace { |
| |
| template <typename T> |
| std::unique_ptr<APIPermission> CreateAPIPermission( |
| const APIPermissionInfo* permission) { |
| return std::make_unique<T>(permission); |
| } |
| |
| // WARNING: If you are modifying a permission message in this list, be sure to |
| // add the corresponding permission message rule to |
| // ChromePermissionMessageRule::GetAllRules as well. |
| constexpr APIPermissionInfo::InitInfo permissions_to_register[] = { |
| {APIPermission::kAlarms, "alarms"}, |
| {APIPermission::kAlphaEnabled, "app.window.alpha"}, |
| {APIPermission::kAlwaysOnTopWindows, "app.window.alwaysOnTop"}, |
| {APIPermission::kAppView, "appview", |
| APIPermissionInfo::kFlagCannotBeOptional}, |
| {APIPermission::kAudio, "audio"}, |
| {APIPermission::kAudioCapture, "audioCapture"}, |
| {APIPermission::kBluetoothPrivate, "bluetoothPrivate", |
| APIPermissionInfo::kFlagCannotBeOptional}, |
| {APIPermission::kCecPrivate, "cecPrivate", |
| APIPermissionInfo::kFlagCannotBeOptional}, |
| {APIPermission::kClipboard, "clipboard"}, |
| {APIPermission::kClipboardRead, "clipboardRead", |
| APIPermissionInfo::kFlagSupportsContentCapabilities}, |
| {APIPermission::kClipboardWrite, "clipboardWrite", |
| APIPermissionInfo::kFlagSupportsContentCapabilities}, |
| {APIPermission::kDeclarativeWebRequest, "declarativeWebRequest"}, |
| {APIPermission::kDiagnostics, "diagnostics", |
| APIPermissionInfo::kFlagCannotBeOptional}, |
| {APIPermission::kDisplaySource, "displaySource"}, |
| {APIPermission::kDns, "dns"}, |
| {APIPermission::kDocumentScan, "documentScan"}, |
| {APIPermission::kExtensionView, "extensionview", |
| APIPermissionInfo::kFlagCannotBeOptional}, |
| {APIPermission::kExternallyConnectableAllUrls, |
| "externally_connectable.all_urls"}, |
| {APIPermission::kFeedbackPrivate, "feedbackPrivate", |
| APIPermissionInfo::kFlagCannotBeOptional}, |
| {APIPermission::kFullscreen, "app.window.fullscreen"}, |
| |
| // The permission string for "fileSystem" is only shown when |
| // "write" or "directory" is present. Read-only access is only |
| // granted after the user has been shown a file or directory |
| // chooser dialog and selected a file or directory. Selecting |
| // the file or directory is considered consent to read it. |
| {APIPermission::kFileSystem, "fileSystem"}, |
| {APIPermission::kFileSystemDirectory, "fileSystem.directory"}, |
| {APIPermission::kFileSystemRequestFileSystem, |
| "fileSystem.requestFileSystem"}, |
| {APIPermission::kFileSystemRetainEntries, "fileSystem.retainEntries"}, |
| {APIPermission::kFileSystemWrite, "fileSystem.write"}, |
| |
| {APIPermission::kHid, "hid"}, |
| {APIPermission::kImeWindowEnabled, "app.window.ime"}, |
| {APIPermission::kOverrideEscFullscreen, |
| "app.window.fullscreen.overrideEsc"}, |
| {APIPermission::kIdle, "idle"}, |
| {APIPermission::kLockScreen, "lockScreen"}, |
| {APIPermission::kLockWindowFullscreenPrivate, "lockWindowFullscreenPrivate", |
| APIPermissionInfo::kFlagCannotBeOptional}, |
| {APIPermission::kMediaPerceptionPrivate, "mediaPerceptionPrivate"}, |
| {APIPermission::kMetricsPrivate, "metricsPrivate", |
| APIPermissionInfo::kFlagCannotBeOptional}, |
| {APIPermission::kNativeMessaging, "nativeMessaging"}, |
| {APIPermission::kNetworkingConfig, "networking.config"}, |
| {APIPermission::kNetworkingOnc, "networking.onc"}, |
| {APIPermission::kNetworkingPrivate, "networkingPrivate", |
| APIPermissionInfo::kFlagCannotBeOptional}, |
| {APIPermission::kNewTabPageOverride, "newTabPageOverride", |
| APIPermissionInfo::kFlagCannotBeOptional}, |
| {APIPermission::kPower, "power"}, |
| {APIPermission::kPrinterProvider, "printerProvider"}, |
| {APIPermission::kSerial, "serial"}, |
| {APIPermission::kSocket, "socket", APIPermissionInfo::kFlagCannotBeOptional, |
| &CreateAPIPermission<SocketPermission>}, |
| {APIPermission::kStorage, "storage"}, |
| {APIPermission::kSystemCpu, "system.cpu"}, |
| {APIPermission::kSystemMemory, "system.memory"}, |
| {APIPermission::kSystemNetwork, "system.network"}, |
| {APIPermission::kSystemDisplay, "system.display"}, |
| {APIPermission::kSystemPowerSource, "system.powerSource"}, |
| {APIPermission::kSystemStorage, "system.storage"}, |
| {APIPermission::kU2fDevices, "u2fDevices"}, |
| {APIPermission::kUnlimitedStorage, "unlimitedStorage", |
| APIPermissionInfo::kFlagCannotBeOptional | |
| APIPermissionInfo::kFlagSupportsContentCapabilities}, |
| {APIPermission::kUsb, "usb", APIPermissionInfo::kFlagNone}, |
| {APIPermission::kUsbDevice, "usbDevices", APIPermissionInfo::kFlagNone, |
| &CreateAPIPermission<UsbDevicePermission>}, |
| {APIPermission::kVideoCapture, "videoCapture"}, |
| {APIPermission::kVirtualKeyboard, "virtualKeyboard"}, |
| {APIPermission::kVpnProvider, "vpnProvider", |
| APIPermissionInfo::kFlagCannotBeOptional}, |
| // NOTE(kalman): This is provided by a manifest property but needs to |
| // appear in the install permission dialogue, so we need a fake |
| // permission for it. See http://crbug.com/247857. |
| {APIPermission::kWebConnectable, "webConnectable", |
| APIPermissionInfo::kFlagCannotBeOptional | |
| APIPermissionInfo::kFlagInternal}, |
| {APIPermission::kWebRequest, "webRequest"}, |
| {APIPermission::kWebRequestBlocking, "webRequestBlocking"}, |
| {APIPermission::kDeclarativeNetRequest, |
| declarative_net_request::kAPIPermission, |
| APIPermissionInfo::kFlagCannotBeOptional}, |
| {APIPermission::kWebView, "webview", |
| APIPermissionInfo::kFlagCannotBeOptional}, |
| {APIPermission::kWindowShape, "app.window.shape"}, |
| {APIPermission::kFileSystemRequestDownloads, "fileSystem.requestDownloads"}, |
| }; |
| |
| } // namespace |
| |
| base::span<const APIPermissionInfo::InitInfo> GetPermissionInfos() { |
| return base::make_span(permissions_to_register); |
| } |
| |
| base::span<const Alias> GetPermissionAliases() { |
| // In alias constructor, first value is the alias name; second value is the |
| // real name. See also alias.h. |
| static constexpr Alias aliases[] = { |
| Alias("alwaysOnTopWindows", "app.window.alwaysOnTop"), |
| Alias("fullscreen", "app.window.fullscreen"), |
| Alias("overrideEscFullscreen", "app.window.fullscreen.overrideEsc"), |
| Alias("unlimited_storage", "unlimitedStorage")}; |
| |
| return base::make_span(aliases); |
| } |
| |
| } // namespace api_permissions |
| } // namespace extensions |