Add network-status socket permission.

The new socket permission will be used when PPB_NetworkMonitor 
interface becomes public.

BUG=281781

Review URL: https://chromiumcodereview.appspot.com/23703008

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@223564 0039d316-1c4b-4281-b951-d872f2087c98

chrome/app/generated_resources.grd

@@ -4225,6 +4225,9 @@ Make sure you do not expose any sensitive information.
       <message name="IDS_EXTENSION_PROMPT_WARNING_DECLARATIVE_WEB_REQUEST" desc="Permission string for Declarative Web Request API.">
         Block parts of web pages
       </message>
+      <message name="IDS_EXTENSION_PROMPT_WARNING_NETWORK_STATE" desc="Permission string for network list access.">
+        Access list of network connections
+      </message>
 
       <!-- Extension/App error messages -->
       <message name="IDS_EXTENSION_CANT_GET_ABSOLUTE_PATH" desc="Warning displayed in pack dialog when the absolute path to the extension directory can not be found.">

chrome/common/extensions/permissions/permission_message.h

@@ -74,6 +74,7 @@ class PermissionMessage {
     kFileSystemWriteDirectory,
     kSignedInDevices,
     kWallpaper,
+    kNetworkState,
     kEnumBoundary,
   };
   COMPILE_ASSERT(PermissionMessage::kNone > PermissionMessage::kUnknown,

chrome/common/extensions/permissions/socket_permission.cc

@@ -30,26 +30,27 @@ PermissionMessages SocketPermission::GetMessages() const {
     AddSpecificHostMessage(result);
     AddSubdomainHostMessage(result);
   }
+  AddNetworkListMessage(result);
   return result;
 }
 
-bool SocketPermission::AddAnyHostMessage(PermissionMessages& messages)
-    const {
+bool SocketPermission::AddAnyHostMessage(PermissionMessages& messages) const {
   std::set<SocketPermissionData>::const_iterator i;
   for (i = data_set_.begin(); i != data_set_.end(); ++i) {
-    if (i->GetHostType() == SocketPermissionData::ANY_HOST) {
+    if (i->IsAddressBoundType() &&
+        i->GetHostType() == SocketPermissionData::ANY_HOST) {
       messages.push_back(PermissionMessage(
-            PermissionMessage::kSocketAnyHost,
-            l10n_util::GetStringUTF16(
-                IDS_EXTENSION_PROMPT_WARNING_SOCKET_ANY_HOST)));
+          PermissionMessage::kSocketAnyHost,
+          l10n_util::GetStringUTF16(
+              IDS_EXTENSION_PROMPT_WARNING_SOCKET_ANY_HOST)));
       return true;
     }
   }
   return false;
 }
 
-void SocketPermission::AddSubdomainHostMessage(PermissionMessages& messages)
-    const {
+void SocketPermission::AddSubdomainHostMessage(
+    PermissionMessages& messages) const {
   std::set<string16> domains;
   std::set<SocketPermissionData>::const_iterator i;
   for (i = data_set_.begin(); i != data_set_.end(); ++i) {
@@ -61,17 +62,17 @@ void SocketPermission::AddSubdomainHostMessage(PermissionMessages& messages)
              IDS_EXTENSION_PROMPT_WARNING_SOCKET_HOSTS_IN_DOMAIN :
              IDS_EXTENSION_PROMPT_WARNING_SOCKET_HOSTS_IN_DOMAINS;
     messages.push_back(PermissionMessage(
-          PermissionMessage::kSocketDomainHosts,
-          l10n_util::GetStringFUTF16(
-              id,
-              JoinString(
-                  std::vector<string16>(
-                      domains.begin(), domains.end()), ' '))));
+        PermissionMessage::kSocketDomainHosts,
+        l10n_util::GetStringFUTF16(
+            id,
+            JoinString(
+                std::vector<string16>(
+                    domains.begin(), domains.end()), ' '))));
   }
 }
 
-void SocketPermission::AddSpecificHostMessage(PermissionMessages& messages)
-    const {
+void SocketPermission::AddSpecificHostMessage(
+    PermissionMessages& messages) const {
   std::set<string16> hostnames;
   std::set<SocketPermissionData>::const_iterator i;
   for (i = data_set_.begin(); i != data_set_.end(); ++i) {
@@ -83,12 +84,25 @@ void SocketPermission::AddSpecificHostMessage(PermissionMessages& messages)
              IDS_EXTENSION_PROMPT_WARNING_SOCKET_SPECIFIC_HOST :
              IDS_EXTENSION_PROMPT_WARNING_SOCKET_SPECIFIC_HOSTS;
     messages.push_back(PermissionMessage(
-          PermissionMessage::kSocketSpecificHosts,
-          l10n_util::GetStringFUTF16(
-              id,
-              JoinString(
-                  std::vector<string16>(
-                      hostnames.begin(), hostnames.end()), ' '))));
+        PermissionMessage::kSocketSpecificHosts,
+        l10n_util::GetStringFUTF16(
+            id,
+            JoinString(
+                std::vector<string16>(
+                    hostnames.begin(), hostnames.end()), ' '))));
+  }
+}
+
+void SocketPermission::AddNetworkListMessage(
+    PermissionMessages& messages) const {
+  std::set<SocketPermissionData>::const_iterator i;
+  for (i = data_set_.begin(); i != data_set_.end(); ++i) {
+    if (i->pattern().type == content::SocketPermissionRequest::NETWORK_STATE) {
+      messages.push_back(PermissionMessage(
+          PermissionMessage::kNetworkState,
+          l10n_util::GetStringUTF16(
+              IDS_EXTENSION_PROMPT_WARNING_NETWORK_STATE)));
+    }
   }
 }
 

chrome/common/extensions/permissions/socket_permission.h

@@ -35,6 +35,7 @@ class SocketPermission : public SetDisjunctionPermission<SocketPermissionData,
   bool AddAnyHostMessage(PermissionMessages& messages) const;
   void AddSubdomainHostMessage(PermissionMessages& messages) const;
   void AddSpecificHostMessage(PermissionMessages& messages) const;
+  void AddNetworkListMessage(PermissionMessages& messages) const;
 };
 
 }  // namespace extensions

chrome/common/extensions/permissions/socket_permission_data.cc

@@ -33,6 +33,7 @@ const char kUDPSendTo[] = "udp-send-to";
 const char kUDPMulticastMembership[] = "udp-multicast-membership";
 const char kResolveHost[] = "resolve-host";
 const char kResolveProxy[] = "resolve-proxy";
+const char kNetworkState[] = "network-state";
 const int kWildcardPortNumber = 0;
 const int kInvalidPort = -1;
 
@@ -51,6 +52,8 @@ SocketPermissionRequest::OperationType StringToType(const std::string& s) {
     return SocketPermissionRequest::RESOLVE_HOST;
   if (s == kResolveProxy)
     return SocketPermissionRequest::RESOLVE_PROXY;
+  if (s == kNetworkState)
+    return SocketPermissionRequest::NETWORK_STATE;
   return SocketPermissionRequest::NONE;
 }
 
@@ -70,6 +73,8 @@ const char* TypeToString(SocketPermissionRequest::OperationType type) {
       return kResolveHost;
     case SocketPermissionRequest::RESOLVE_PROXY:
       return kResolveProxy;
+    case SocketPermissionRequest::NETWORK_STATE:
+      return kNetworkState;
     default:
       return kInvalid;
   }
@@ -180,6 +185,13 @@ bool SocketPermissionData::FromValue(const base::Value* value) {
   return Parse(spec);
 }
 
+bool SocketPermissionData::IsAddressBoundType() const {
+  return pattern_.type == SocketPermissionRequest::TCP_CONNECT ||
+      pattern_.type == SocketPermissionRequest::TCP_LISTEN ||
+      pattern_.type == SocketPermissionRequest::UDP_BIND ||
+      pattern_.type == SocketPermissionRequest::UDP_SEND_TO;
+}
+
 SocketPermissionData::HostType SocketPermissionData::GetHostType() const {
   return pattern_.host.empty() ? SocketPermissionData::ANY_HOST :
          match_subdomains_     ? SocketPermissionData::HOSTS_IN_DOMAINS :
@@ -223,11 +235,9 @@ bool SocketPermissionData::Parse(const std::string& permission) {
     if (tokens.size() == 1)
       return true;
 
-    // Multicast membership, resolve proxy and resolve host permission strings
-    // do not carry an address.
-    if (pattern_.type == SocketPermissionRequest::UDP_MULTICAST_MEMBERSHIP ||
-        pattern_.type == SocketPermissionRequest::RESOLVE_PROXY ||
-        pattern_.type == SocketPermissionRequest::RESOLVE_HOST)
+    // Return an error if address is specified for permissions that don't
+    // need it (such as 'resolve-host').
+    if (!IsAddressBoundType())
       break;
 
     pattern_.host = tokens[1];
@@ -273,9 +283,7 @@ const std::string& SocketPermissionData::GetAsString() const {
   spec_.reserve(64);
   spec_.append(TypeToString(pattern_.type));
 
-  if (pattern_.type == SocketPermissionRequest::UDP_MULTICAST_MEMBERSHIP ||
-      pattern_.type == SocketPermissionRequest::RESOLVE_PROXY ||
-      pattern_.type == SocketPermissionRequest::RESOLVE_HOST)
+  if (!IsAddressBoundType())
     return spec_;
 
   if (match_subdomains_) {

chrome/common/extensions/permissions/socket_permission_data.h

@@ -22,7 +22,11 @@ namespace extensions {
 //   <op>   := 'tcp-connect' |
 //             'tcp-listen' |
 //             'udp-bind' |
-//             'udp-send-to'
+//             'udp-send-to' |
+//             'udp-multicast-membership' |
+//             'resolve-host' |
+//             'resolve-proxy' |
+//             'network-state'
 //   <host> := '*' |
 //             '*.' <anychar except '/' and '*'>+ |
 //             <anychar except '/' and '*'>+
@@ -55,6 +59,9 @@ class SocketPermissionData {
   // Populate |this| from a base::Value.
   bool FromValue(const base::Value* value);
 
+  // Returns true if the permission type can be bound to a host or port.
+  bool IsAddressBoundType() const;
+
   HostType GetHostType() const;
   const std::string GetHost() const;
 

chrome/common/extensions/permissions/socket_permission_unittest.cc

@@ -249,6 +249,17 @@ TEST(SocketPermissionTest, Match) {
   param.reset(new SocketPermission::CheckParam(
       SocketPermissionRequest::TCP_CONNECT, "127.0.0.1", 8800));
   EXPECT_FALSE(data.Check(param.get()));
+
+  ASSERT_TRUE(data.ParseForTest("network-state"));
+  param.reset(new SocketPermission::CheckParam(
+      SocketPermissionRequest::NETWORK_STATE, std::string(), 0));
+  EXPECT_TRUE(data.Check(param.get()));
+  param.reset(new SocketPermission::CheckParam(
+      SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8800));
+  EXPECT_FALSE(data.Check(param.get()));
+  param.reset(new SocketPermission::CheckParam(
+      SocketPermissionRequest::TCP_CONNECT, "127.0.0.1", 8800));
+  EXPECT_FALSE(data.Check(param.get()));
 }
 
 TEST(SocketPermissionTest, IPC) {