Does Google Chrome alerts you for every extension permission requested ?

Google Chrome provides lot of additional features under the “Chrome App” umbrella. There are lot of new features that is not accessible to the script running in the “internet” script domain are accessible to the script running in the “Chrome” script domain. Chrome application follows “Install-time Permission Model”.

I have few questions to answer:
    Does chrome ask user for each and every extra feature that is supported only the “chrome” script domain ?
    Is there any advantage of not showing all the features to the users ?

Let’s check the Chrome code.

chromium/src/chrome/common/extensions/extension_permission_set.h
    ExtensionPermissionsInfo class -  Holds all permission information.

Alerts for:
    clipboardRead
    geolocation
    bookmarks
    contentSettings
    history
    ime
    management
    pageCapture
    tabs
    ttsEngine
    webNavigation
    debugger
    plugin

   
No Alerts for:
    background
    clipboardWrite
    experimental
    notifications
    unlimitedStorage
    chromePrivate
    chromeAuthPrivate
    webstorePrivate
    appNotifications
    contextMenus
    cookies
    fileBrowserHandler
    idle
    inputMethodPrivate
    tts
    webRequest
    webRequestBlocking
    webSocketProxyPrivate
    chromeosInfoPrivate
    fileBrowserPrivate
    mediaPlayerPrivate
    metricsPrivate
    systemPrivate
    terminalPrivate
    proxy
    devtools
    socket

Especially Chrome doesn’t alert you for every permission especially for “Private” permissions. Yes Chrome has included some whitelisting mechanism for the private permissions. Only whitelisted extensions can use these “private” features. Need to check whether somebody can use the chromePrivate, chromeAuthPrivate, webstorePrivate. Not sure why Chrome does not alert people for “cookies” permissions and other private permissions. We need to do more research in this area.

Here is the code that registers this permissions:

void ExtensionAPIPermission::RegisterAllPermissions(ExtensionPermissionsInfo* info) {

  // Register permissions for all extension types.
  info->RegisterPermission(kBackground,            "background",0,ExtensionPermissionMessage::kNone, kFlagSupportsOptional, kTypeAll);
  info->RegisterPermission(kClipboardWrite,        "clipboardWrite",0,ExtensionPermissionMessage::kNone, kFlagSupportsOptional, kTypeAll);
  info->RegisterPermission(kExperimental,          "experimental",0,ExtensionPermissionMessage::kNone, kFlagNone, kTypeAll);
  info->RegisterPermission(kNotification,          "notifications",0,ExtensionPermissionMessage::kNone, kFlagSupportsOptional, kTypeAll);
  info->RegisterPermission(kUnlimitedStorage,      "unlimitedStorage",0,ExtensionPermissionMessage::kNone, kFlagNone, kTypeAll);
 
  info->RegisterPermission(kClipboardRead,         "clipboardRead",IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD,ExtensionPermissionMessage::kClipboard,kFlagSupportsOptional, kTypeAll);
  info->RegisterPermission(kGeolocation,           "geolocation",IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,    ExtensionPermissionMessage::kGeolocation, kFlagNone, kTypeAll);
 

  // Register hosted app permissions that are also private.
  info->RegisterPermission(kChromePrivate,         "chromePrivate",0,ExtensionPermissionMessage::kNone, kFlagNone,kTypeAll – kTypePlatformApp);
  info->RegisterPermission(kChromeAuthPrivate,     "chromeAuthPrivate",0,ExtensionPermissionMessage::kNone, kFlagComponentOnly,kTypeAll – kTypePlatformApp);
  info->RegisterPermission(kWebstorePrivate,       "webstorePrivate",0,ExtensionPermissionMessage::kNone, kFlagComponentOnly,kTypeAll – kTypePlatformApp);

  // Register hosted and packaged app permissions.
  info->RegisterPermission(kAppNotifications,      "appNotifications",0,ExtensionPermissionMessage::kNone, kFlagSupportsOptional,kTypeHostedApp | kTypePackagedApp);

  // Register extension permissions.
  info->RegisterPermission(kContextMenus,          "contextMenus", 0,ExtensionPermissionMessage::kNone, kFlagSupportsOptional, kTypeDefault);
  info->RegisterPermission(kCookie,                "cookies",0,ExtensionPermissionMessage::kNone, kFlagSupportsOptional,kTypeDefault – kTypePlatformApp);
  info->RegisterPermission(kFileBrowserHandler,    "fileBrowserHandler",0,ExtensionPermissionMessage::kNone, kFlagNone, kTypeDefault);
  info->RegisterPermission(kIdle,                  "idle",0, ExtensionPermissionMessage::kNone,kFlagSupportsOptional, kTypeDefault);
  info->RegisterPermission(kInputMethodPrivate,    "inputMethodPrivate",0,ExtensionPermissionMessage::kNone, kFlagNone, kTypeDefault);
  info->RegisterPermission(kTts,                   "tts",0,ExtensionPermissionMessage::kNone, kFlagNone, kTypeDefault);
  info->RegisterPermission(kWebRequest,            "webRequest",0,ExtensionPermissionMessage::kNone, kFlagSupportsOptional,kTypeDefault – kTypePlatformApp);
  info->RegisterPermission(kWebRequestBlocking,    "webRequestBlocking",0,ExtensionPermissionMessage::kNone, kFlagSupportsOptional,kTypeDefault – kTypePlatformApp);
  info->RegisterPermission(kWebSocketProxyPrivate, "webSocketProxyPrivate",0,ExtensionPermissionMessage::kNone, kFlagNone,kTypeDefault – kTypePlatformApp);
 
  info->RegisterPermission(kBookmark,              "bookmarks",IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS,ExtensionPermissionMessage::kBookmarks,kFlagSupportsOptional, kTypeDefault);
  info->RegisterPermission(kContentSettings,       "contentSettings",IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS,ExtensionPermissionMessage::kContentSettings,kFlagSupportsOptional, kTypeDefault);
  info->RegisterPermission(kHistory,               "history",IDS_EXTENSION_PROMPT_WARNING_BROWSING_HISTORY,ExtensionPermissionMessage::kBrowsingHistory,kFlagSupportsOptional, kTypeDefault);
  info->RegisterPermission(kIme,                   "ime",IDS_EXTENSION_PROMPT_WARNING_IME,ExtensionPermissionMessage::kIme,kFlagSupportsOptional, kTypeDefault);
  info->RegisterPermission(kManagement,            "management",IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT,ExtensionPermissionMessage::kManagement,kFlagSupportsOptional, kTypeDefault);
  info->RegisterPermission(kPageCapture,           "pageCapture",IDS_EXTENSION_PROMPT_WARNING_ALL_PAGES_CONTENT,ExtensionPermissionMessage::kAllPageContent,kFlagSupportsOptional, kTypeDefault);
  info->RegisterPermission(kTab,                   "tabs",IDS_EXTENSION_PROMPT_WARNING_TABS,ExtensionPermissionMessage::kTabs, kFlagSupportsOptional,kTypeDefault – kTypePlatformApp);
  info->RegisterPermission(kTtsEngine,             "ttsEngine",IDS_EXTENSION_PROMPT_WARNING_TTS_ENGINE,ExtensionPermissionMessage::kTtsEngine, kFlagNone, kTypeDefault);
  info->RegisterPermission(kWebNavigation,         "webNavigation",IDS_EXTENSION_PROMPT_WARNING_TABS,ExtensionPermissionMessage::kTabs, kFlagSupportsOptional,kTypeDefault – kTypePlatformApp);

  // Register private permissions.
  info->RegisterPermission(kChromeosInfoPrivate,   "chromeosInfoPrivate",0,ExtensionPermissionMessage::kNone, kFlagComponentOnly, kTypeDefault);
  info->RegisterPermission(kFileBrowserPrivate,    "fileBrowserPrivate",0,ExtensionPermissionMessage::kNone, kFlagComponentOnly, kTypeDefault);
  info->RegisterPermission(kMediaPlayerPrivate,    "mediaPlayerPrivate",0,ExtensionPermissionMessage::kNone, kFlagComponentOnly, kTypeDefault);
  info->RegisterPermission(kMetricsPrivate,        "metricsPrivate",0,ExtensionPermissionMessage::kNone, kFlagComponentOnly, kTypeDefault);
  info->RegisterPermission(kSystemPrivate,         "systemPrivate",0,ExtensionPermissionMessage::kNone, kFlagComponentOnly, kTypeDefault);
  info->RegisterPermission(kTerminalPrivate,       "terminalPrivate",0,ExtensionPermissionMessage::kNone, kFlagComponentOnly, kTypeDefault);

  // Full url access permissions.
  info->RegisterPermission(kProxy,                 "proxy", 0, ExtensionPermissionMessage::kNone,kFlagImpliesFullURLAccess, kTypeDefault);
  info->RegisterPermission(kDevtools,              "devtools", 0, ExtensionPermissionMessage::kNone,kFlagImpliesFullURLAccess, kTypeDefault);
 
  info->RegisterPermission(kDebugger,              "debugger", IDS_EXTENSION_PROMPT_WARNING_DEBUGGER,ExtensionPermissionMessage::kDebugger,kFlagImpliesFullURLAccess, kTypeDefault);
  info->RegisterPermission(kPlugin,                "plugin", IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS,ExtensionPermissionMessage::kFullAccess,kFlagImpliesFullURLAccess | kFlagImpliesFullAccess, kTypeDefault);

  // Platform-app permissions.
  info->RegisterPermission(kSocket,                "socket", 0,ExtensionPermissionMessage::kNone, kFlagNone, kTypePlatformApp);

  // Register aliases.
  info->RegisterAlias("unlimitedStorage", kOldUnlimitedStoragePermission);
  info->RegisterAlias("tabs", kWindowsPermission);
}

Advertisements
This entry was posted in browser, Chrome, Cr-48, webKit and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s