OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/values.h" | 5 #include "base/values.h" |
6 #include "chrome/browser/extensions/extension_special_storage_policy.h" | 6 #include "chrome/browser/extensions/extension_special_storage_policy.h" |
7 #include "chrome/common/extensions/extension.h" | 7 #include "chrome/common/extensions/extension.h" |
8 #include "chrome/common/extensions/extension_constants.h" | 8 #include "chrome/common/extensions/extension_constants.h" |
9 #include "testing/gtest/include/gtest/gtest.h" | 9 #include "testing/gtest/include/gtest/gtest.h" |
10 | 10 |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
51 list->Append(Value::CreateStringValue("http://explicit/unlimited")); | 51 list->Append(Value::CreateStringValue("http://explicit/unlimited")); |
52 list->Append(Value::CreateStringValue("*://*.wildcards/unlimited")); | 52 list->Append(Value::CreateStringValue("*://*.wildcards/unlimited")); |
53 manifest.Set(keys::kWebURLs, list); | 53 manifest.Set(keys::kWebURLs, list); |
54 std::string error; | 54 std::string error; |
55 scoped_refptr<Extension> unlimited_app = Extension::Create( | 55 scoped_refptr<Extension> unlimited_app = Extension::Create( |
56 path, Extension::INVALID, manifest, Extension::STRICT_ERROR_CHECKS, | 56 path, Extension::INVALID, manifest, Extension::STRICT_ERROR_CHECKS, |
57 &error); | 57 &error); |
58 EXPECT_TRUE(unlimited_app.get()) << error; | 58 EXPECT_TRUE(unlimited_app.get()) << error; |
59 return unlimited_app; | 59 return unlimited_app; |
60 } | 60 } |
| 61 |
| 62 scoped_refptr<Extension> CreateComponentApp() { |
| 63 #if defined(OS_WIN) |
| 64 FilePath path(FILE_PATH_LITERAL("c:\\component")); |
| 65 #elif defined(OS_POSIX) |
| 66 FilePath path(FILE_PATH_LITERAL("/component")); |
| 67 #endif |
| 68 DictionaryValue manifest; |
| 69 manifest.SetString(keys::kName, "Component"); |
| 70 manifest.SetString(keys::kVersion, "1"); |
| 71 manifest.SetString(keys::kPublicKey, |
| 72 "MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDOuXEIuoK1kAkBe0SKiJn/N9oNn3oU" \ |
| 73 "xGa4dwj40MnJqPn+w0aR2vuyocm0R4Drp67aYwtLjOVPF4CICRq6ICP6eU07gGwQxGdZ" \ |
| 74 "7HJASXV8hm0tab5I70oJmRLfFJyVAMCeWlFaOGq05v2i6EbifZM0qO5xALKNGQt+yjXi" \ |
| 75 "5INM5wIBIw=="); |
| 76 ListValue* list = new ListValue(); |
| 77 list->Append(Value::CreateStringValue("unlimitedStorage")); |
| 78 list->Append(Value::CreateStringValue("fileSystem")); |
| 79 list->Append(Value::CreateStringValue("fileBrowserPrivate")); |
| 80 manifest.Set(keys::kPermissions, list); |
| 81 std::string error; |
| 82 scoped_refptr<Extension> component_app = Extension::Create( |
| 83 path, Extension::COMPONENT, manifest, Extension::STRICT_ERROR_CHECKS, |
| 84 &error); |
| 85 EXPECT_TRUE(component_app.get()) << error; |
| 86 return component_app; |
| 87 } |
| 88 |
| 89 scoped_refptr<Extension> CreateHandlerApp() { |
| 90 #if defined(OS_WIN) |
| 91 FilePath path(FILE_PATH_LITERAL("c:\\handler")); |
| 92 #elif defined(OS_POSIX) |
| 93 FilePath path(FILE_PATH_LITERAL("/handler")); |
| 94 #endif |
| 95 DictionaryValue manifest; |
| 96 manifest.SetString(keys::kName, "Handler"); |
| 97 manifest.SetString(keys::kVersion, "1"); |
| 98 manifest.SetString(keys::kPublicKey, |
| 99 "MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQChptAQ0n4R56N03nWQ1ogR7DVRBjGo" \ |
| 100 "80Vw6G9KLjzZv44D8rq5Q5IkeQrtKgWyZfXevlsCe3LaLo18rcz8iZx6lK2xhLdUR+OR" \ |
| 101 "jsjuBfdEL5a5cWeRTSxf75AcqndQsmpwMBdrMTCZ8jQNusUI+XlrihLNNJuI5TM4vNIN" \ |
| 102 "I5bYFQIBIw=="); |
| 103 ListValue* list = new ListValue(); |
| 104 list->Append(Value::CreateStringValue("unlimitedStorage")); |
| 105 list->Append(Value::CreateStringValue("fileSystem")); |
| 106 manifest.Set(keys::kPermissions, list); |
| 107 std::string error; |
| 108 scoped_refptr<Extension> handler_app = Extension::Create( |
| 109 path, Extension::INVALID, manifest, Extension::STRICT_ERROR_CHECKS, |
| 110 &error); |
| 111 EXPECT_TRUE(handler_app.get()) << error; |
| 112 return handler_app; |
| 113 } |
61 }; | 114 }; |
62 | 115 |
63 TEST_F(ExtensionSpecialStoragePolicyTest, EmptyPolicy) { | 116 TEST_F(ExtensionSpecialStoragePolicyTest, EmptyPolicy) { |
64 const GURL kHttpUrl("http://foo"); | 117 const GURL kHttpUrl("http://foo"); |
65 const GURL kExtensionUrl("chrome-extension://bar"); | 118 const GURL kExtensionUrl("chrome-extension://bar"); |
66 | 119 |
67 scoped_refptr<ExtensionSpecialStoragePolicy> policy( | 120 scoped_refptr<ExtensionSpecialStoragePolicy> policy( |
68 new ExtensionSpecialStoragePolicy); | 121 new ExtensionSpecialStoragePolicy); |
69 | 122 |
70 ASSERT_FALSE(policy->IsStorageUnlimited(kHttpUrl)); | 123 ASSERT_FALSE(policy->IsStorageUnlimited(kHttpUrl)); |
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
150 EXPECT_FALSE(policy->IsStorageUnlimited(GURL("https://bar.wildcards/"))); | 203 EXPECT_FALSE(policy->IsStorageUnlimited(GURL("https://bar.wildcards/"))); |
151 EXPECT_TRUE(policy->IsStorageProtected(GURL("http://explicit/"))); | 204 EXPECT_TRUE(policy->IsStorageProtected(GURL("http://explicit/"))); |
152 EXPECT_TRUE(policy->IsStorageProtected(GURL("http://foo.wildcards/"))); | 205 EXPECT_TRUE(policy->IsStorageProtected(GURL("http://foo.wildcards/"))); |
153 EXPECT_TRUE(policy->IsStorageProtected(GURL("https://bar.wildcards/"))); | 206 EXPECT_TRUE(policy->IsStorageProtected(GURL("https://bar.wildcards/"))); |
154 | 207 |
155 policy->RevokeRightsForExtension(protected_app); | 208 policy->RevokeRightsForExtension(protected_app); |
156 EXPECT_FALSE(policy->IsStorageProtected(GURL("http://explicit/"))); | 209 EXPECT_FALSE(policy->IsStorageProtected(GURL("http://explicit/"))); |
157 EXPECT_FALSE(policy->IsStorageProtected(GURL("http://foo.wildcards/"))); | 210 EXPECT_FALSE(policy->IsStorageProtected(GURL("http://foo.wildcards/"))); |
158 EXPECT_FALSE(policy->IsStorageProtected(GURL("https://bar.wildcards/"))); | 211 EXPECT_FALSE(policy->IsStorageProtected(GURL("https://bar.wildcards/"))); |
159 } | 212 } |
| 213 |
| 214 TEST_F(ExtensionSpecialStoragePolicyTest, LocalFileAccess) { |
| 215 scoped_refptr<Extension> component_app(CreateComponentApp()); |
| 216 scoped_refptr<Extension> handler_app(CreateHandlerApp()); |
| 217 scoped_refptr<ExtensionSpecialStoragePolicy> policy( |
| 218 new ExtensionSpecialStoragePolicy); |
| 219 policy->GrantRightsForExtension(component_app); |
| 220 policy->GrantRightsForExtension(handler_app); |
| 221 |
| 222 const GURL& component_url = component_app->url(); |
| 223 const GURL& handler_url = handler_app->url(); |
| 224 #if defined(OS_WIN) |
| 225 FilePath good_dir(FILE_PATH_LITERAL("c:\\root\\dir")); |
| 226 FilePath bad_dir(FILE_PATH_LITERAL("c:\\root")); |
| 227 FilePath good_file(FILE_PATH_LITERAL("c:\\root\\dir\\good_file.txt")); |
| 228 FilePath bad_file(FILE_PATH_LITERAL("c:\\root\\dir\\bad_file.txt")); |
| 229 #elif defined(OS_POSIX) |
| 230 FilePath good_dir(FILE_PATH_LITERAL("/root/dir")); |
| 231 FilePath bad_dir(FILE_PATH_LITERAL("/root")); |
| 232 FilePath good_file(FILE_PATH_LITERAL("/root/dir/good_file.txt")); |
| 233 FilePath bad_file(FILE_PATH_LITERAL("/root/dir/bad_file.txt")); |
| 234 #endif |
| 235 |
| 236 // This test is testing local file access permissions for two extensions cases |
| 237 // - component (private) and handler (3rd party). |
| 238 // The component extension has access to all files of the local file system |
| 239 // and does not need explicit per-file permissions to be granted. |
| 240 EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(component_url, good_dir)); |
| 241 EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(component_url, good_file)); |
| 242 EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(component_url, bad_file)); |
| 243 |
| 244 // By default handler extension has no access to any local file. |
| 245 EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_dir)); |
| 246 EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_file)); |
| 247 EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, bad_file)); |
| 248 |
| 249 // After granting file access to the handler extension for a given file, it |
| 250 // can only access that file an nothing else. |
| 251 policy->GrantLocalFileSystemAccess(handler_url, good_file); |
| 252 EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_dir)); |
| 253 EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_file)); |
| 254 EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, bad_file)); |
| 255 |
| 256 // After granting file access to the handler extension for a given directory, |
| 257 // it can access that directory and all files within it. |
| 258 policy->GrantLocalFileSystemAccess(handler_url, good_dir); |
| 259 EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_dir)); |
| 260 EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_file)); |
| 261 EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(handler_url, bad_file)); |
| 262 |
| 263 // After revoking rights for extensions, they should not be able to access |
| 264 // any file system element anymore. |
| 265 policy->RevokeRightsForExtension(handler_app); |
| 266 EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_dir)); |
| 267 EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_file)); |
| 268 EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, bad_file)); |
| 269 |
| 270 policy->RevokeRightsForExtension(component_app); |
| 271 EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(component_url, good_dir)); |
| 272 EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(component_url, |
| 273 good_file)); |
| 274 EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(component_url, bad_file)); |
| 275 } |
OLD | NEW |