Add whitelisted permission for access to Universal 2nd Factor devices.

This permission allows an application to access any connected U2F device (as identified by its HID Usage Page) through the chrome.hid API. BUG=374307 Review URL: https://codereview.chromium.org/518963002 Cr-Commit-Position: refs/heads/master@{#293020}

Add whitelisted permission for access to Universal 2nd Factor devices.
This permission allows an application to access any connected U2F device (as identified by its HID Usage Page) through the chrome.hid API. BUG=374307 Review URL: https://codereview.chromium.org/518963002 Cr-Commit-Position: refs/heads/master@{#293020}
667c5595 · reillyg · Commit bot · be1f70ab · 667c5595 · 667c5595
Commit 667c5595 authored Sep 02, 2014 by reillyg Committed by Commit bot Sep 02, 2014
6 changed files
--- a/extensions/browser/api/hid/hid_device_manager.cc
+++ b/extensions/browser/api/hid/hid_device_manager.cc
@@ -128,6 +128,15 @@ bool HidDeviceManager::HasPermission(const Extension* extension,
    return true;
  }
+  if (extension->permissions_data()->HasAPIPermission(
+          APIPermission::kU2fDevices)) {
+    HidDeviceFilter u2f_filter;
+    u2f_filter.SetUsagePage(0xF1D0);
+    if (u2f_filter.Matches(device_info)) {
+      return true;
+    }
+  }
  return false;
 }

--- a/extensions/common/api/_permission_features.json
+++ b/extensions/common/api/_permission_features.json
@@ -69,6 +69,18 @@
      ]
    }
  ],
+  "u2fDevices": [
+    {
+      "channel": "dev",
+      "extension_types": ["extension", "platform_app"],
+      "whitelist": [
+        "496B6890097EB6E19809ADEADD095A8721FBB2E0",  // FIDO U2F APIs
+        "E24F1786D842E91E74C27929B0B3715A4689A473",  // CryptoToken
+        "6F9E349A0561C78A0D3F41496FE521C5151C7F71",  // Security Key
+        "C06709A259378015404ED20F75C7D08547E0F10B"   // Security Key (dev)
+      ]
+    }
+  ],
  "power": {
    "channel": "stable",
    "extension_types": [ "extension", "legacy_packaged_app", "platform_app" ]

--- a/extensions/common/permissions/api_permission.h
+++ b/extensions/common/permissions/api_permission.h
@@ -163,6 +163,7 @@ class APIPermission {
    kTts,
    kTtsEngine,
    kUnlimitedStorage,
+    kU2fDevices,
    kUsb,
    kUsbDevice,
    kVideoCapture,

--- a/extensions/common/permissions/extensions_api_permissions.cc
+++ b/extensions/common/permissions/extensions_api_permissions.cc
@@ -41,6 +41,9 @@ std::vector<APIPermissionInfo*> ExtensionsAPIPermissions::GetAllPermissions()
       APIPermissionInfo::kFlagCannotBeOptional, 0, PermissionMessage::kNone,
       &CreateAPIPermission<SocketPermission>},
      {APIPermission::kStorage, "storage"},
+      {APIPermission::kU2fDevices, "u2fDevices", APIPermissionInfo::kFlagNone,
+       IDS_EXTENSION_PROMPT_WARNING_U2F_DEVICES,
+       PermissionMessage::kU2fDevices},
      {APIPermission::kUsb, "usb", APIPermissionInfo::kFlagNone,
       IDS_EXTENSION_PROMPT_WARNING_USB, PermissionMessage::kUsb},
      {APIPermission::kUsbDevice, "usbDevices", APIPermissionInfo::kFlagNone, 0,

--- a/extensions/common/permissions/permission_message.h
+++ b/extensions/common/permissions/permission_message.h
@@ -89,6 +89,7 @@ class PermissionMessage {
    kExperienceSamplingPrivate,
    kCopresence,
    kTopSites,
+    kU2fDevices,
    kEnumBoundary,
  };
  COMPILE_ASSERT(PermissionMessage::kNone > PermissionMessage::kUnknown,

--- a/extensions/extensions_strings.grd
+++ b/extensions/extensions_strings.grd
@@ -340,7 +340,9 @@
      <message name="IDS_EXTENSION_WARNING_RELOAD_TOO_FREQUENT" desc="Warning message which indates that an extension got stuck in a reload loop.">
        This extension reloaded itself too frequently.
      </message>
+      <message name="IDS_EXTENSION_PROMPT_WARNING_U2F_DEVICES" desc="Warning message which indicates that an extension has access to Universal 2nd Factor devices.">
+        Access your Universal 2nd Factor devices
+      </message>
    </messages>
  </release>
 </grit>