Support socket endpoint permissions for AppsV2 Socket API.

chrome/common/extensions/permissions/permission_set_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/command_line.h"
 #include "base/json/json_file_value_serializer.h"
 #include "base/logging.h"
 #include "base/path_service.h"
 #include "base/utf_string_conversions.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/extensions/extension.h"
 #include "chrome/common/extensions/extension_manifest_constants.h"
 #include "chrome/common/extensions/extension_error_utils.h"
 #include "chrome/common/extensions/permissions/permission_set.h"
 #include "chrome/common/extensions/permissions/permissions_info.h"
+#include "chrome/common/extensions/permissions/socket_permission.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 using extensions::Extension;
 
 namespace errors = extension_manifest_errors;
 namespace keys = extension_manifest_keys;
 namespace values = extension_manifest_values;
 namespace {
 
 static scoped_refptr<Extension> LoadManifest(const std::string& dir,
@@ skipping 57 matching lines @@
 } // namespace
 
 namespace extensions {
 
 class PermissionsTest : public testing::Test {
 };
 
 // Tests GetByID.
 TEST(PermissionsTest, GetByID) {
   PermissionsInfo* info = PermissionsInfo::GetInstance();
-  APIPermissionSet ids = info->GetAll();
-  for (APIPermissionSet::iterator i = ids.begin();
-       i != ids.end(); ++i) {
-    EXPECT_EQ(*i, info->GetByID(*i)->id());
+  APIPermissionSet apis = info->GetAll();
+  for (APIPermissionSet::const_iterator i = apis.begin();
+       i != apis.end(); ++i) {
+    EXPECT_EQ(i->id(), i->permission()->id());
   }
 }
 
 // Tests that GetByName works with normal permission names and aliases.
 TEST(PermissionsTest, GetByName) {
   PermissionsInfo* info = PermissionsInfo::GetInstance();
   EXPECT_EQ(APIPermission::kTab, info->GetByName("tabs")->id());
   EXPECT_EQ(APIPermission::kManagement,
             info->GetByName("management")->id());
   EXPECT_FALSE(info->GetByName("alsdkfjasldkfj"));
 }
 
 TEST(PermissionsTest, GetAll) {
   size_t count = 0;
   PermissionsInfo* info = PermissionsInfo::GetInstance();
   APIPermissionSet apis = info->GetAll();
-  for (APIPermissionSet::iterator api = apis.begin();
+  for (APIPermissionSet::const_iterator api = apis.begin();
        api != apis.end(); ++api) {
     // Make sure only the valid permission IDs get returned.
-    EXPECT_NE(APIPermission::kInvalid, *api);
-    EXPECT_NE(APIPermission::kUnknown, *api);
+    EXPECT_NE(APIPermission::kInvalid, api->id());
+    EXPECT_NE(APIPermission::kUnknown, api->id());
     count++;
   }
   EXPECT_EQ(count, info->get_permission_count());
 }
 
 TEST(PermissionsTest, GetAllByName) {
   std::set<std::string> names;
   names.insert("background");
   names.insert("management");
 
@@ skipping 124 matching lines @@
       GURL("http://test.google.com/")));
   ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin(
       GURL("http://www.example.com")));
   ASSERT_TRUE(perm_set->HasEffectiveAccessToURL(
       GURL("http://www.example.com")));
   ASSERT_FALSE(perm_set->HasExplicitAccessToOrigin(
       GURL("http://test.example.com")));
 }
 
 TEST(PermissionsTest, CreateUnion) {
+  scoped_refptr<APIPermissionDetail> detail;
+
   APIPermissionSet apis1;
   APIPermissionSet apis2;
   APIPermissionSet expected_apis;
 
   URLPatternSet explicit_hosts1;
   URLPatternSet explicit_hosts2;
   URLPatternSet expected_explicit_hosts;
 
   URLPatternSet scriptable_hosts1;
   URLPatternSet scriptable_hosts2;
   URLPatternSet expected_scriptable_hosts;
 
   URLPatternSet effective_hosts;
 
   scoped_refptr<PermissionSet> set1;
   scoped_refptr<PermissionSet> set2;
   scoped_refptr<PermissionSet> union_set;
 
+  APIPermission* permission =
+    PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket);
+  detail = permission->CreateDetail();
+  {
+    scoped_ptr<ListValue> value(new ListValue());
+    value->Append(Value::CreateStringValue("tcp-connect:*.example.com:80"));
+    value->Append(Value::CreateStringValue("udp-bind::8080"));
+    value->Append(Value::CreateStringValue("udp-send-to::8888"));
+    if (!detail->FromValue(value.get())) {
+      NOTREACHED();
+    }
+  }
+
   // Union with an empty set.
   apis1.insert(APIPermission::kTab);
   apis1.insert(APIPermission::kBackground);
+  apis1.insert(detail);
   expected_apis.insert(APIPermission::kTab);
   expected_apis.insert(APIPermission::kBackground);
+  expected_apis.insert(detail);
 
   AddPattern(&explicit_hosts1, "http://*.google.com/*");
   AddPattern(&expected_explicit_hosts, "http://*.google.com/*");
   AddPattern(&effective_hosts, "http://*.google.com/*");
 
   set1 = new PermissionSet(apis1, explicit_hosts1, scriptable_hosts1);
   set2 = new PermissionSet(apis2, explicit_hosts2, scriptable_hosts2);
   union_set = PermissionSet::CreateUnion(set1.get(), set2.get());
   EXPECT_TRUE(set1->Contains(*set2));
   EXPECT_TRUE(set1->Contains(*union_set));
   EXPECT_FALSE(set2->Contains(*set1));
   EXPECT_FALSE(set2->Contains(*union_set));
   EXPECT_TRUE(union_set->Contains(*set1));
   EXPECT_TRUE(union_set->Contains(*set2));
 
   EXPECT_FALSE(union_set->HasEffectiveFullAccess());
   EXPECT_EQ(expected_apis, union_set->apis());
   EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts());
   EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts());
   EXPECT_EQ(expected_explicit_hosts, union_set->effective_hosts());
 
   // Now use a real second set.
   apis2.insert(APIPermission::kTab);
   apis2.insert(APIPermission::kProxy);
   apis2.insert(APIPermission::kClipboardWrite);
   apis2.insert(APIPermission::kPlugin);
+
+  detail = permission->CreateDetail();
+  {
+    scoped_ptr<ListValue> value(new ListValue());
+    value->Append(Value::CreateStringValue("tcp-connect:*.example.com:80"));
+    value->Append(Value::CreateStringValue("udp-send-to::8899"));
+    if (!detail->FromValue(value.get())) {
+      NOTREACHED();
+    }
+  }
+  apis2.insert(detail);
+
   expected_apis.insert(APIPermission::kTab);
   expected_apis.insert(APIPermission::kProxy);
   expected_apis.insert(APIPermission::kClipboardWrite);
   expected_apis.insert(APIPermission::kPlugin);
 
+  detail = permission->CreateDetail();
+  {
+    scoped_ptr<ListValue> value(new ListValue());
+    value->Append(Value::CreateStringValue("tcp-connect:*.example.com:80"));
+    value->Append(Value::CreateStringValue("udp-bind::8080"));
+    value->Append(Value::CreateStringValue("udp-send-to::8888"));
+    value->Append(Value::CreateStringValue("udp-send-to::8899"));
+    if (!detail->FromValue(value.get())) {
+      NOTREACHED();
+    }
+  }
+  // Insert a new detail socket permisssion which will replace the old one.
+  expected_apis.insert(detail);
+
   AddPattern(&explicit_hosts2, "http://*.example.com/*");
   AddPattern(&scriptable_hosts2, "http://*.google.com/*");
   AddPattern(&expected_explicit_hosts, "http://*.example.com/*");
   AddPattern(&expected_scriptable_hosts, "http://*.google.com/*");
 
   URLPatternSet::CreateUnion(
       explicit_hosts2, scriptable_hosts2, &effective_hosts);
 
   set2 = new PermissionSet(apis2, explicit_hosts2, scriptable_hosts2);
   union_set = PermissionSet::CreateUnion(set1.get(), set2.get());
 
   EXPECT_FALSE(set1->Contains(*set2));
   EXPECT_FALSE(set1->Contains(*union_set));
   EXPECT_FALSE(set2->Contains(*set1));
   EXPECT_FALSE(set2->Contains(*union_set));
   EXPECT_TRUE(union_set->Contains(*set1));
   EXPECT_TRUE(union_set->Contains(*set2));
 
   EXPECT_TRUE(union_set->HasEffectiveFullAccess());
   EXPECT_TRUE(union_set->HasEffectiveAccessToAllHosts());
   EXPECT_EQ(expected_apis, union_set->apis());
   EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts());
   EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts());
   EXPECT_EQ(effective_hosts, union_set->effective_hosts());
 }
 
 TEST(PermissionsTest, CreateIntersection) {
+  scoped_refptr<APIPermissionDetail> detail;
+
   APIPermissionSet apis1;
   APIPermissionSet apis2;
   APIPermissionSet expected_apis;
 
   URLPatternSet explicit_hosts1;
   URLPatternSet explicit_hosts2;
   URLPatternSet expected_explicit_hosts;
 
   URLPatternSet scriptable_hosts1;
   URLPatternSet scriptable_hosts2;
   URLPatternSet expected_scriptable_hosts;
 
   URLPatternSet effective_hosts;
 
   scoped_refptr<PermissionSet> set1;
   scoped_refptr<PermissionSet> set2;
   scoped_refptr<PermissionSet> new_set;
 
+  APIPermission* permission =
+    PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket);
+
   // Intersection with an empty set.
   apis1.insert(APIPermission::kTab);
   apis1.insert(APIPermission::kBackground);
+  detail = permission->CreateDetail();
+  {
+    scoped_ptr<ListValue> value(new ListValue());
+    value->Append(Value::CreateStringValue("tcp-connect:*.example.com:80"));
+    value->Append(Value::CreateStringValue("udp-bind::8080"));
+    value->Append(Value::CreateStringValue("udp-send-to::8888"));
+    if (!detail->FromValue(value.get())) {
+      NOTREACHED();
+    }
+  }
+  apis1.insert(detail);
 
   AddPattern(&explicit_hosts1, "http://*.google.com/*");
   AddPattern(&scriptable_hosts1, "http://www.reddit.com/*");
 
   set1 = new PermissionSet(apis1, explicit_hosts1, scriptable_hosts1);
   set2 = new PermissionSet(apis2, explicit_hosts2, scriptable_hosts2);
   new_set = PermissionSet::CreateIntersection(set1.get(), set2.get());
   EXPECT_TRUE(set1->Contains(*new_set));
   EXPECT_TRUE(set2->Contains(*new_set));
   EXPECT_TRUE(set1->Contains(*set2));
   EXPECT_FALSE(set2->Contains(*set1));
   EXPECT_FALSE(new_set->Contains(*set1));
   EXPECT_TRUE(new_set->Contains(*set2));
 
   EXPECT_TRUE(new_set->IsEmpty());
   EXPECT_FALSE(new_set->HasEffectiveFullAccess());
   EXPECT_EQ(expected_apis, new_set->apis());
   EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
   EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
   EXPECT_EQ(expected_explicit_hosts, new_set->effective_hosts());
 
   // Now use a real second set.
   apis2.insert(APIPermission::kTab);
   apis2.insert(APIPermission::kProxy);
   apis2.insert(APIPermission::kClipboardWrite);
   apis2.insert(APIPermission::kPlugin);
+  detail = permission->CreateDetail();
+  {
+    scoped_ptr<ListValue> value(new ListValue());
+    value->Append(Value::CreateStringValue("udp-bind::8080"));
+    value->Append(Value::CreateStringValue("udp-send-to::8888"));
+    value->Append(Value::CreateStringValue("udp-send-to::8899"));
+    if (!detail->FromValue(value.get())) {
+      NOTREACHED();
+    }
+  }
+  apis2.insert(detail);
+
   expected_apis.insert(APIPermission::kTab);
+  detail = permission->CreateDetail();
+  {
+    scoped_ptr<ListValue> value(new ListValue());
+    value->Append(Value::CreateStringValue("udp-bind::8080"));
+    value->Append(Value::CreateStringValue("udp-send-to::8888"));
+    if (!detail->FromValue(value.get())) {
+      NOTREACHED();
+    }
+  }
+  expected_apis.insert(detail);
 
   AddPattern(&explicit_hosts2, "http://*.example.com/*");
   AddPattern(&explicit_hosts2, "http://*.google.com/*");
   AddPattern(&scriptable_hosts2, "http://*.google.com/*");
   AddPattern(&expected_explicit_hosts, "http://*.google.com/*");
 
   effective_hosts.ClearPatterns();
   AddPattern(&effective_hosts, "http://*.google.com/*");
 
   set2 = new PermissionSet(apis2, explicit_hosts2, scriptable_hosts2);
   new_set = PermissionSet::CreateIntersection(set1.get(), set2.get());
 
   EXPECT_TRUE(set1->Contains(*new_set));
   EXPECT_TRUE(set2->Contains(*new_set));
   EXPECT_FALSE(set1->Contains(*set2));
   EXPECT_FALSE(set2->Contains(*set1));
   EXPECT_FALSE(new_set->Contains(*set1));
   EXPECT_FALSE(new_set->Contains(*set2));
 
   EXPECT_FALSE(new_set->HasEffectiveFullAccess());
   EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts());
   EXPECT_EQ(expected_apis, new_set->apis());
   EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
   EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
   EXPECT_EQ(effective_hosts, new_set->effective_hosts());
 }
 
 TEST(PermissionsTest, CreateDifference) {
+  scoped_refptr<APIPermissionDetail> detail;
+
   APIPermissionSet apis1;
   APIPermissionSet apis2;
   APIPermissionSet expected_apis;
 
   URLPatternSet explicit_hosts1;
   URLPatternSet explicit_hosts2;
   URLPatternSet expected_explicit_hosts;
 
   URLPatternSet scriptable_hosts1;
   URLPatternSet scriptable_hosts2;
   URLPatternSet expected_scriptable_hosts;
 
   URLPatternSet effective_hosts;
 
   scoped_refptr<PermissionSet> set1;
   scoped_refptr<PermissionSet> set2;
   scoped_refptr<PermissionSet> new_set;
 
+  APIPermission* permission =
+    PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket);
+
   // Difference with an empty set.
   apis1.insert(APIPermission::kTab);
   apis1.insert(APIPermission::kBackground);
+  detail = permission->CreateDetail();
+  {
+    scoped_ptr<ListValue> value(new ListValue());
+    value->Append(Value::CreateStringValue("tcp-connect:*.example.com:80"));
+    value->Append(Value::CreateStringValue("udp-bind::8080"));
+    value->Append(Value::CreateStringValue("udp-send-to::8888"));
+    if (!detail->FromValue(value.get())) {
+      NOTREACHED();
+    }
+  }
+  apis1.insert(detail);
 
   AddPattern(&explicit_hosts1, "http://*.google.com/*");
   AddPattern(&scriptable_hosts1, "http://www.reddit.com/*");
 
   set1 = new PermissionSet(apis1, explicit_hosts1, scriptable_hosts1);
   set2 = new PermissionSet(apis2, explicit_hosts2, scriptable_hosts2);
   new_set = PermissionSet::CreateDifference(set1.get(), set2.get());
   EXPECT_EQ(*set1, *new_set);
 
   // Now use a real second set.
   apis2.insert(APIPermission::kTab);
   apis2.insert(APIPermission::kProxy);
   apis2.insert(APIPermission::kClipboardWrite);
   apis2.insert(APIPermission::kPlugin);
+  detail = permission->CreateDetail();
+  {
+    scoped_ptr<ListValue> value(new ListValue());
+    value->Append(Value::CreateStringValue("tcp-connect:*.example.com:80"));
+    value->Append(Value::CreateStringValue("udp-send-to::8899"));
+    if (!detail->FromValue(value.get())) {
+      NOTREACHED();
+    }
+  }
+  apis2.insert(detail);
+
   expected_apis.insert(APIPermission::kBackground);
+  detail = permission->CreateDetail();
+  {
+    scoped_ptr<ListValue> value(new ListValue());
+    value->Append(Value::CreateStringValue("udp-bind::8080"));
+    value->Append(Value::CreateStringValue("udp-send-to::8888"));

[miket_OOO, 2012/08/06 21:04:06]

These tests are all good, just make sure that they really need to be part of
this class, and not part of a simpler class.

[Peng, 2012/08/07 21:31:55]

Done. I also added some unittests for APIPermissionSet.

+    if (!detail->FromValue(value.get())) {
+      NOTREACHED();
+    }
+  }
+  expected_apis.insert(detail);
 
   AddPattern(&explicit_hosts2, "http://*.example.com/*");
   AddPattern(&explicit_hosts2, "http://*.google.com/*");
   AddPattern(&scriptable_hosts2, "http://*.google.com/*");
   AddPattern(&expected_scriptable_hosts, "http://www.reddit.com/*");
 
   effective_hosts.ClearPatterns();
   AddPattern(&effective_hosts, "http://www.reddit.com/*");
 
   set2 = new PermissionSet(apis2, explicit_hosts2, scriptable_hosts2);
@@ skipping 95 matching lines @@
   // permissions.
   skip.insert(APIPermission::kCookie);
 
   // The ime, proxy, and webRequest permissions are warned as part of host
   // permission checks.
   skip.insert(APIPermission::kProxy);
   skip.insert(APIPermission::kWebRequest);
   skip.insert(APIPermission::kWebRequestBlocking);
   skip.insert(APIPermission::kDeclarativeWebRequest);
 
-
   // This permission requires explicit user action (context menu handler)
   // so we won't prompt for it for now.
   skip.insert(APIPermission::kFileBrowserHandler);
 
   // This permission requires explicit user action (shortcut) so we don't
   // prompt for it.
   skip.insert(APIPermission::kCommands);
 
   // These permissions require explicit user action (configuration dialog)
   // so we don't prompt for them at install time.
@@ skipping 26 matching lines @@
 
   // Platform apps. TODO(miket): must we skip?
   skip.insert(APIPermission::kFileSystem);
   skip.insert(APIPermission::kSocket);
   skip.insert(APIPermission::kUsb);
 
   PermissionsInfo* info = PermissionsInfo::GetInstance();
   APIPermissionSet permissions = info->GetAll();
   for (APIPermissionSet::const_iterator i = permissions.begin();
        i != permissions.end(); ++i) {
-    APIPermission* permission = info->GetByID(*i);
+    const APIPermission* permission = i->permission();
     EXPECT_TRUE(permission);
-    if (skip.count(*i)) {
+    if (skip.count(i->id())) {
       EXPECT_EQ(PermissionMessage::kNone, permission->message_id())
           << "unexpected message_id for " << permission->name();
     } else {
       EXPECT_NE(PermissionMessage::kNone, permission->message_id())
           << "missing message_id for " << permission->name();
     }
   }
 }
 
 // Tests the default permissions (empty API permission set).
@@ skipping 516 matching lines @@
   apis.insert(APIPermission::kWebRequest);
   apis.insert(APIPermission::kFileBrowserHandler);
   EXPECT_EQ(2U, apis.size());
 
   scoped_refptr<PermissionSet> perm_set;
   perm_set = new PermissionSet(apis, empty_extent, empty_extent);
   EXPECT_EQ(4U, perm_set->apis().size());
 }
 
 }  // namespace extensions