| Index: chrome/browser/extensions/extension_special_storage_policy_unittest.cc
|
| ===================================================================
|
| --- chrome/browser/extensions/extension_special_storage_policy_unittest.cc (revision 81212)
|
| +++ chrome/browser/extensions/extension_special_storage_policy_unittest.cc (working copy)
|
| @@ -58,6 +58,59 @@
|
| EXPECT_TRUE(unlimited_app.get()) << error;
|
| return unlimited_app;
|
| }
|
| +
|
| + scoped_refptr<Extension> CreateComponentApp() {
|
| +#if defined(OS_WIN)
|
| + FilePath path(FILE_PATH_LITERAL("c:\\component"));
|
| +#elif defined(OS_POSIX)
|
| + FilePath path(FILE_PATH_LITERAL("/component"));
|
| +#endif
|
| + DictionaryValue manifest;
|
| + manifest.SetString(keys::kName, "Component");
|
| + manifest.SetString(keys::kVersion, "1");
|
| + manifest.SetString(keys::kPublicKey,
|
| + "MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDOuXEIuoK1kAkBe0SKiJn/N9oNn3oU" \
|
| + "xGa4dwj40MnJqPn+w0aR2vuyocm0R4Drp67aYwtLjOVPF4CICRq6ICP6eU07gGwQxGdZ" \
|
| + "7HJASXV8hm0tab5I70oJmRLfFJyVAMCeWlFaOGq05v2i6EbifZM0qO5xALKNGQt+yjXi" \
|
| + "5INM5wIBIw==");
|
| + ListValue* list = new ListValue();
|
| + list->Append(Value::CreateStringValue("unlimitedStorage"));
|
| + list->Append(Value::CreateStringValue("fileSystem"));
|
| + list->Append(Value::CreateStringValue("fileBrowserPrivate"));
|
| + manifest.Set(keys::kPermissions, list);
|
| + std::string error;
|
| + scoped_refptr<Extension> component_app = Extension::Create(
|
| + path, Extension::COMPONENT, manifest, Extension::STRICT_ERROR_CHECKS,
|
| + &error);
|
| + EXPECT_TRUE(component_app.get()) << error;
|
| + return component_app;
|
| + }
|
| +
|
| + scoped_refptr<Extension> CreateHandlerApp() {
|
| +#if defined(OS_WIN)
|
| + FilePath path(FILE_PATH_LITERAL("c:\\handler"));
|
| +#elif defined(OS_POSIX)
|
| + FilePath path(FILE_PATH_LITERAL("/handler"));
|
| +#endif
|
| + DictionaryValue manifest;
|
| + manifest.SetString(keys::kName, "Handler");
|
| + manifest.SetString(keys::kVersion, "1");
|
| + manifest.SetString(keys::kPublicKey,
|
| + "MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQChptAQ0n4R56N03nWQ1ogR7DVRBjGo" \
|
| + "80Vw6G9KLjzZv44D8rq5Q5IkeQrtKgWyZfXevlsCe3LaLo18rcz8iZx6lK2xhLdUR+OR" \
|
| + "jsjuBfdEL5a5cWeRTSxf75AcqndQsmpwMBdrMTCZ8jQNusUI+XlrihLNNJuI5TM4vNIN" \
|
| + "I5bYFQIBIw==");
|
| + ListValue* list = new ListValue();
|
| + list->Append(Value::CreateStringValue("unlimitedStorage"));
|
| + list->Append(Value::CreateStringValue("fileSystem"));
|
| + manifest.Set(keys::kPermissions, list);
|
| + std::string error;
|
| + scoped_refptr<Extension> handler_app = Extension::Create(
|
| + path, Extension::INVALID, manifest, Extension::STRICT_ERROR_CHECKS,
|
| + &error);
|
| + EXPECT_TRUE(handler_app.get()) << error;
|
| + return handler_app;
|
| + }
|
| };
|
|
|
| TEST_F(ExtensionSpecialStoragePolicyTest, EmptyPolicy) {
|
| @@ -157,3 +210,66 @@
|
| EXPECT_FALSE(policy->IsStorageProtected(GURL("http://foo.wildcards/")));
|
| EXPECT_FALSE(policy->IsStorageProtected(GURL("https://bar.wildcards/")));
|
| }
|
| +
|
| +TEST_F(ExtensionSpecialStoragePolicyTest, LocalFileAccess) {
|
| + scoped_refptr<Extension> component_app(CreateComponentApp());
|
| + scoped_refptr<Extension> handler_app(CreateHandlerApp());
|
| + scoped_refptr<ExtensionSpecialStoragePolicy> policy(
|
| + new ExtensionSpecialStoragePolicy);
|
| + policy->GrantRightsForExtension(component_app);
|
| + policy->GrantRightsForExtension(handler_app);
|
| +
|
| + const GURL& component_url = component_app->url();
|
| + const GURL& handler_url = handler_app->url();
|
| +#if defined(OS_WIN)
|
| + FilePath good_dir(FILE_PATH_LITERAL("c:\\root\\dir"));
|
| + FilePath bad_dir(FILE_PATH_LITERAL("c:\\root"));
|
| + FilePath good_file(FILE_PATH_LITERAL("c:\\root\\dir\\good_file.txt"));
|
| + FilePath bad_file(FILE_PATH_LITERAL("c:\\root\\dir\\bad_file.txt"));
|
| +#elif defined(OS_POSIX)
|
| + FilePath good_dir(FILE_PATH_LITERAL("/root/dir"));
|
| + FilePath bad_dir(FILE_PATH_LITERAL("/root"));
|
| + FilePath good_file(FILE_PATH_LITERAL("/root/dir/good_file.txt"));
|
| + FilePath bad_file(FILE_PATH_LITERAL("/root/dir/bad_file.txt"));
|
| +#endif
|
| +
|
| + // This test is testing local file access permissions for two extensions cases
|
| + // - component (private) and handler (3rd party).
|
| + // The component extension has access to all files of the local file system
|
| + // and does not need explicit per-file permissions to be granted.
|
| + EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(component_url, good_dir));
|
| + EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(component_url, good_file));
|
| + EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(component_url, bad_file));
|
| +
|
| + // By default handler extension has no access to any local file.
|
| + EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_dir));
|
| + EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_file));
|
| + EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, bad_file));
|
| +
|
| + // After granting file access to the handler extension for a given file, it
|
| + // can only access that file an nothing else.
|
| + policy->GrantLocalFileSystemAccess(handler_url, good_file);
|
| + EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_dir));
|
| + EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_file));
|
| + EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, bad_file));
|
| +
|
| + // After granting file access to the handler extension for a given directory,
|
| + // it can access that directory and all files within it.
|
| + policy->GrantLocalFileSystemAccess(handler_url, good_dir);
|
| + EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_dir));
|
| + EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_file));
|
| + EXPECT_TRUE(policy->IsLocalFileSystemAccessAllowed(handler_url, bad_file));
|
| +
|
| + // After revoking rights for extensions, they should not be able to access
|
| + // any file system element anymore.
|
| + policy->RevokeRightsForExtension(handler_app);
|
| + EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_dir));
|
| + EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, good_file));
|
| + EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(handler_url, bad_file));
|
| +
|
| + policy->RevokeRightsForExtension(component_app);
|
| + EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(component_url, good_dir));
|
| + EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(component_url,
|
| + good_file));
|
| + EXPECT_FALSE(policy->IsLocalFileSystemAccessAllowed(component_url, bad_file));
|
| +}
|
|
|
Chromium Code Reviews
Issue 6810037:
File API changes needed for safely passing user selected file entities from the file browser comp... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/