File API changes needed for safely passing user selected file entities from the file browser comp...

chrome/browser/extensions/extension_special_storage_policy_unittest.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/values.h"
 #include "chrome/browser/extensions/extension_special_storage_policy.h"
 #include "chrome/common/extensions/extension.h"
 #include "chrome/common/extensions/extension_constants.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ skipping 40 matching lines @@
     list->Append(Value::CreateStringValue("http://explicit/unlimited"));
     list->Append(Value::CreateStringValue("*://*.wildcards/unlimited"));
     manifest.Set(keys::kWebURLs, list);
     std::string error;
     scoped_refptr<Extension> unlimited_app = Extension::Create(
         path, Extension::INVALID, manifest, Extension::STRICT_ERROR_CHECKS,
         &error);
     EXPECT_TRUE(unlimited_app.get()) << error;
     return unlimited_app;
   }
+
+  scoped_refptr<Extension> CreateComponentApp() {
+#if defined(OS_WIN)
+    FilePath path(FILE_PATH_LITERAL("c:\\component"));
+#elif defined(OS_POSIX)
+    FilePath path(FILE_PATH_LITERAL("/component"));
+#endif
+    DictionaryValue manifest;
+    manifest.SetString(keys::kName, "Component");
+    manifest.SetString(keys::kVersion, "1");
+    manifest.SetString(keys::kPublicKey,
+        "MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDOuXEIuoK1kAkBe0SKiJn/N9oNn3oU" \
+        "xGa4dwj40MnJqPn+w0aR2vuyocm0R4Drp67aYwtLjOVPF4CICRq6ICP6eU07gGwQxGdZ" \
+        "7HJASXV8hm0tab5I70oJmRLfFJyVAMCeWlFaOGq05v2i6EbifZM0qO5xALKNGQt+yjXi" \
+        "5INM5wIBIw==");
+    ListValue* list = new ListValue();
+    list->Append(Value::CreateStringValue("unlimitedStorage"));
+    list->Append(Value::CreateStringValue("fileSystem"));
+    list->Append(Value::CreateStringValue("fileBrowserPrivate"));
+    manifest.Set(keys::kPermissions, list);
+    std::string error;
+    scoped_refptr<Extension> component_app = Extension::Create(
+        path, Extension::COMPONENT, manifest, Extension::STRICT_ERROR_CHECKS,
+        &error);
+    EXPECT_TRUE(component_app.get()) << error;
+    return component_app;
+  }
+
+  scoped_refptr<Extension> CreateHandlerApp() {
+#if defined(OS_WIN)
+    FilePath path(FILE_PATH_LITERAL("c:\\handler"));
+#elif defined(OS_POSIX)
+    FilePath path(FILE_PATH_LITERAL("/handler"));
+#endif
+    DictionaryValue manifest;
+    manifest.SetString(keys::kName, "Handler");
+    manifest.SetString(keys::kVersion, "1");
+    manifest.SetString(keys::kPublicKey,
+        "MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQChptAQ0n4R56N03nWQ1ogR7DVRBjGo" \
+        "80Vw6G9KLjzZv44D8rq5Q5IkeQrtKgWyZfXevlsCe3LaLo18rcz8iZx6lK2xhLdUR+OR" \
+        "jsjuBfdEL5a5cWeRTSxf75AcqndQsmpwMBdrMTCZ8jQNusUI+XlrihLNNJuI5TM4vNIN" \
+        "I5bYFQIBIw==");
+    ListValue* list = new ListValue();
+    list->Append(Value::CreateStringValue("unlimitedStorage"));
+    list->Append(Value::CreateStringValue("fileSystem"));
+    manifest.Set(keys::kPermissions, list);
+    std::string error;
+    scoped_refptr<Extension> handler_app = Extension::Create(
+        path, Extension::INVALID, manifest, Extension::STRICT_ERROR_CHECKS,
+        &error);
+    EXPECT_TRUE(handler_app.get()) << error;
+    return handler_app;
+  }
 };
 
 TEST_F(ExtensionSpecialStoragePolicyTest, EmptyPolicy) {
   const GURL kHttpUrl("http://foo");
   const GURL kExtensionUrl("chrome-extension://bar");
 
   scoped_refptr<ExtensionSpecialStoragePolicy> policy(
       new ExtensionSpecialStoragePolicy);
 
   ASSERT_FALSE(policy->IsStorageUnlimited(kHttpUrl));
@@ skipping 79 matching lines @@
   EXPECT_FALSE(policy->IsStorageUnlimited(GURL("https://bar.wildcards/")));
   EXPECT_TRUE(policy->IsStorageProtected(GURL("http://explicit/")));
   EXPECT_TRUE(policy->IsStorageProtected(GURL("http://foo.wildcards/")));
   EXPECT_TRUE(policy->IsStorageProtected(GURL("https://bar.wildcards/")));
 
   policy->RevokeRightsForExtension(protected_app);
   EXPECT_FALSE(policy->IsStorageProtected(GURL("http://explicit/")));
   EXPECT_FALSE(policy->IsStorageProtected(GURL("http://foo.wildcards/")));
   EXPECT_FALSE(policy->IsStorageProtected(GURL("https://bar.wildcards/")));
 }
+
+TEST_F(ExtensionSpecialStoragePolicyTest, LocalFileAccess) {
+  scoped_refptr<Extension> component_app(CreateComponentApp());
+  scoped_refptr<Extension> handler_app(CreateHandlerApp());
+  scoped_refptr<ExtensionSpecialStoragePolicy> policy(
+      new ExtensionSpecialStoragePolicy);
+  policy->GrantRightsForExtension(component_app);
+  policy->GrantRightsForExtension(handler_app);
+
+  const GURL& component_url = component_app->url();
+  const GURL& handler_url = handler_app->url();
+#if defined(OS_WIN)
+  FilePath good_dir(FILE_PATH_LITERAL("c:\\root\\dir"));
+  FilePath bad_dir(FILE_PATH_LITERAL("c:\\root"));
+  FilePath good_file(FILE_PATH_LITERAL("c:\\root\\dir\\good_file.txt"));
+  FilePath bad_file(FILE_PATH_LITERAL("c:\\root\\dir\\bad_file.txt"));
+#elif defined(OS_POSIX)
+  FilePath good_dir(FILE_PATH_LITERAL("/root/dir"));
+  FilePath bad_dir(FILE_PATH_LITERAL("/root"));
+  FilePath good_file(FILE_PATH_LITERAL("/root/dir/good_file.txt"));
+  FilePath bad_file(FILE_PATH_LITERAL("/root/dir/bad_file.txt"));
+#endif
+
+  // This test is testing local file access permissions for two extensions cases
+  // - component (private) and handler (3rd party).
+  // The component extension has access to all files of the local file system
+  // and does not need explicit per-file permissions to be granted.
+  EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(component_url, good_dir));
+  EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(component_url, good_file));
+  EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(component_url, bad_file));
+
+  // By default handler extension has no access to any local file.
+  EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_dir));
+  EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_file));
+  EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, bad_file));
+
+  // After granting file access to the handler extension for a given file, it
+  // can only access that file an nothing else.
+  policy->GrantLocalFileSystemAccess(handler_url, good_file);
+  EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_dir));
+  EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_file));
+  EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, bad_file));
+
+  // After granting file access to the handler extension for a given directory,
+  // it can access that directory and all files within it.
+  policy->GrantLocalFileSystemAccess(handler_url, good_dir);
+  EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_dir));
+  EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_file));
+  EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(handler_url, bad_file));
+
+  // After revoking rights for extensions, they should not be able to access
+  // any file system element anymore.
+  policy->RevokeRightsForExtension(handler_app);
+  EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_dir));
+  EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_file));
+  EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, bad_file));
+
+  policy->RevokeRightsForExtension(component_app);
+  EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(component_url, good_dir));
+  EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(component_url,
+                                                      good_file));
+  EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(component_url, bad_file));
+}