| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/extensions/extension_permission_set.h" | 5 #include "chrome/common/extensions/extension_permission_set.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/path_service.h" | 8 #include "base/path_service.h" |
| 9 #include "base/utf_string_conversions.h" | 9 #include "base/utf_string_conversions.h" |
| 10 #include "chrome/common/chrome_paths.h" | 10 #include "chrome/common/chrome_paths.h" |
| (...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 145 hosted_perms.insert(ExtensionAPIPermission::kBackground); | 145 hosted_perms.insert(ExtensionAPIPermission::kBackground); |
| 146 hosted_perms.insert(ExtensionAPIPermission::kClipboardRead); | 146 hosted_perms.insert(ExtensionAPIPermission::kClipboardRead); |
| 147 hosted_perms.insert(ExtensionAPIPermission::kClipboardWrite); | 147 hosted_perms.insert(ExtensionAPIPermission::kClipboardWrite); |
| 148 hosted_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate); | 148 hosted_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate); |
| 149 hosted_perms.insert(ExtensionAPIPermission::kChromePrivate); | 149 hosted_perms.insert(ExtensionAPIPermission::kChromePrivate); |
| 150 hosted_perms.insert(ExtensionAPIPermission::kExperimental); | 150 hosted_perms.insert(ExtensionAPIPermission::kExperimental); |
| 151 hosted_perms.insert(ExtensionAPIPermission::kGeolocation); | 151 hosted_perms.insert(ExtensionAPIPermission::kGeolocation); |
| 152 hosted_perms.insert(ExtensionAPIPermission::kNotification); | 152 hosted_perms.insert(ExtensionAPIPermission::kNotification); |
| 153 hosted_perms.insert(ExtensionAPIPermission::kUnlimitedStorage); | 153 hosted_perms.insert(ExtensionAPIPermission::kUnlimitedStorage); |
| 154 hosted_perms.insert(ExtensionAPIPermission::kWebstorePrivate); | 154 hosted_perms.insert(ExtensionAPIPermission::kWebstorePrivate); |
| 155 hosted_perms.insert(ExtensionAPIPermission::kPermissions); |
| 155 | 156 |
| 156 ExtensionAPIPermissionSet perms = info->GetAll(); | 157 ExtensionAPIPermissionSet perms = info->GetAll(); |
| 157 size_t count = 0; | 158 size_t count = 0; |
| 158 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); | 159 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); |
| 159 i != perms.end(); ++i) { | 160 i != perms.end(); ++i) { |
| 160 count += hosted_perms.count(*i); | 161 count += hosted_perms.count(*i); |
| 161 EXPECT_EQ(hosted_perms.count(*i) > 0, info->GetByID(*i)->is_hosted_app()); | 162 EXPECT_EQ(hosted_perms.count(*i) > 0, info->GetByID(*i)->is_hosted_app()); |
| 162 } | 163 } |
| 163 | 164 |
| 164 EXPECT_EQ(10u, count); | 165 EXPECT_EQ(hosted_perms.size(), count); |
| 165 EXPECT_EQ(10u, info->get_hosted_app_permission_count()); | 166 EXPECT_EQ(hosted_perms.size(), info->get_hosted_app_permission_count()); |
| 166 } | 167 } |
| 167 | 168 |
| 168 TEST(ExtensionAPIPermissionTest, ComponentOnlyPermissions) { | 169 TEST(ExtensionAPIPermissionTest, ComponentOnlyPermissions) { |
| 169 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 170 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 170 ExtensionAPIPermissionSet private_perms; | 171 ExtensionAPIPermissionSet private_perms; |
| 171 private_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate); | 172 private_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate); |
| 172 private_perms.insert(ExtensionAPIPermission::kChromeosInfoPrivate); | 173 private_perms.insert(ExtensionAPIPermission::kChromeosInfoPrivate); |
| 173 private_perms.insert(ExtensionAPIPermission::kFileBrowserPrivate); | 174 private_perms.insert(ExtensionAPIPermission::kFileBrowserPrivate); |
| 174 private_perms.insert(ExtensionAPIPermission::kMediaPlayerPrivate); | 175 private_perms.insert(ExtensionAPIPermission::kMediaPlayerPrivate); |
| 175 private_perms.insert(ExtensionAPIPermission::kWebstorePrivate); | 176 private_perms.insert(ExtensionAPIPermission::kWebstorePrivate); |
| 176 | 177 |
| 177 ExtensionAPIPermissionSet perms = info->GetAll(); | 178 ExtensionAPIPermissionSet perms = info->GetAll(); |
| 178 int count = 0; | 179 int count = 0; |
| 179 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); | 180 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); |
| 180 i != perms.end(); ++i) { | 181 i != perms.end(); ++i) { |
| 181 count += private_perms.count(*i); | 182 count += private_perms.count(*i); |
| 182 EXPECT_EQ(private_perms.count(*i) > 0, | 183 EXPECT_EQ(private_perms.count(*i) > 0, |
| 183 info->GetByID(*i)->is_component_only()); | 184 info->GetByID(*i)->is_component_only()); |
| 184 } | 185 } |
| 185 | 186 |
| 186 EXPECT_EQ(5, count); | 187 EXPECT_EQ(5, count); |
| 187 } | 188 } |
| 188 | 189 |
| 189 TEST(ExtensionPermissionSetTest, EffectiveHostPermissions) { | 190 TEST(ExtensionPermissionSetTest, EffectiveHostPermissions) { |
| 190 scoped_refptr<Extension> extension; | 191 scoped_refptr<Extension> extension; |
| 191 const ExtensionPermissionSet* permissions = NULL; | 192 scoped_refptr<const ExtensionPermissionSet> permissions; |
| 192 | 193 |
| 193 extension = LoadManifest("effective_host_permissions", "empty.json"); | 194 extension = LoadManifest("effective_host_permissions", "empty.json"); |
| 194 permissions = extension->permission_set(); | 195 permissions = extension->GetActivePermissions(); |
| 195 EXPECT_EQ(0u, extension->GetEffectiveHostPermissions().patterns().size()); | 196 EXPECT_EQ(0u, extension->GetEffectiveHostPermissions().patterns().size()); |
| 196 EXPECT_FALSE(permissions->HasEffectiveAccessToURL( | 197 EXPECT_FALSE(permissions->HasEffectiveAccessToURL( |
| 197 GURL("http://www.google.com"))); | 198 GURL("http://www.google.com"))); |
| 198 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); | 199 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); |
| 199 | 200 |
| 200 extension = LoadManifest("effective_host_permissions", "one_host.json"); | 201 extension = LoadManifest("effective_host_permissions", "one_host.json"); |
| 201 permissions = extension->permission_set(); | 202 permissions = extension->GetActivePermissions(); |
| 202 EXPECT_TRUE(permissions->HasEffectiveAccessToURL( | 203 EXPECT_TRUE(permissions->HasEffectiveAccessToURL( |
| 203 GURL("http://www.google.com"))); | 204 GURL("http://www.google.com"))); |
| 204 EXPECT_FALSE(permissions->HasEffectiveAccessToURL( | 205 EXPECT_FALSE(permissions->HasEffectiveAccessToURL( |
| 205 GURL("https://www.google.com"))); | 206 GURL("https://www.google.com"))); |
| 206 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); | 207 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); |
| 207 | 208 |
| 208 extension = LoadManifest("effective_host_permissions", | 209 extension = LoadManifest("effective_host_permissions", |
| 209 "one_host_wildcard.json"); | 210 "one_host_wildcard.json"); |
| 210 permissions = extension->permission_set(); | 211 permissions = extension->GetActivePermissions(); |
| 211 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com"))); | 212 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com"))); |
| 212 EXPECT_TRUE(permissions->HasEffectiveAccessToURL( | 213 EXPECT_TRUE(permissions->HasEffectiveAccessToURL( |
| 213 GURL("http://foo.google.com"))); | 214 GURL("http://foo.google.com"))); |
| 214 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); | 215 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); |
| 215 | 216 |
| 216 extension = LoadManifest("effective_host_permissions", "two_hosts.json"); | 217 extension = LoadManifest("effective_host_permissions", "two_hosts.json"); |
| 217 permissions = extension->permission_set(); | 218 permissions = extension->GetActivePermissions(); |
| 218 EXPECT_TRUE(permissions->HasEffectiveAccessToURL( | 219 EXPECT_TRUE(permissions->HasEffectiveAccessToURL( |
| 219 GURL("http://www.google.com"))); | 220 GURL("http://www.google.com"))); |
| 220 EXPECT_TRUE(permissions->HasEffectiveAccessToURL( | 221 EXPECT_TRUE(permissions->HasEffectiveAccessToURL( |
| 221 GURL("http://www.reddit.com"))); | 222 GURL("http://www.reddit.com"))); |
| 222 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); | 223 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); |
| 223 | 224 |
| 224 extension = LoadManifest("effective_host_permissions", | 225 extension = LoadManifest("effective_host_permissions", |
| 225 "https_not_considered.json"); | 226 "https_not_considered.json"); |
| 226 permissions = extension->permission_set(); | 227 permissions = extension->GetActivePermissions(); |
| 227 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com"))); | 228 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com"))); |
| 228 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://google.com"))); | 229 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://google.com"))); |
| 229 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); | 230 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); |
| 230 | 231 |
| 231 extension = LoadManifest("effective_host_permissions", | 232 extension = LoadManifest("effective_host_permissions", |
| 232 "two_content_scripts.json"); | 233 "two_content_scripts.json"); |
| 233 permissions = extension->permission_set(); | 234 permissions = extension->GetActivePermissions(); |
| 234 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com"))); | 235 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com"))); |
| 235 EXPECT_TRUE(permissions->HasEffectiveAccessToURL( | 236 EXPECT_TRUE(permissions->HasEffectiveAccessToURL( |
| 236 GURL("http://www.reddit.com"))); | 237 GURL("http://www.reddit.com"))); |
| 237 EXPECT_TRUE(permissions->HasEffectiveAccessToURL( | 238 EXPECT_TRUE(permissions->HasEffectiveAccessToURL( |
| 238 GURL("http://news.ycombinator.com"))); | 239 GURL("http://news.ycombinator.com"))); |
| 239 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); | 240 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); |
| 240 | 241 |
| 241 extension = LoadManifest("effective_host_permissions", "all_hosts.json"); | 242 extension = LoadManifest("effective_host_permissions", "all_hosts.json"); |
| 242 permissions = extension->permission_set(); | 243 permissions = extension->GetActivePermissions(); |
| 243 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://test/"))); | 244 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://test/"))); |
| 244 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("https://test/"))); | 245 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("https://test/"))); |
| 245 EXPECT_TRUE( | 246 EXPECT_TRUE( |
| 246 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com"))); | 247 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com"))); |
| 247 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts()); | 248 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts()); |
| 248 | 249 |
| 249 extension = LoadManifest("effective_host_permissions", "all_hosts2.json"); | 250 extension = LoadManifest("effective_host_permissions", "all_hosts2.json"); |
| 250 permissions = extension->permission_set(); | 251 permissions = extension->GetActivePermissions(); |
| 251 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://test/"))); | 252 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://test/"))); |
| 252 EXPECT_TRUE( | 253 EXPECT_TRUE( |
| 253 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com"))); | 254 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com"))); |
| 254 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts()); | 255 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts()); |
| 255 | 256 |
| 256 extension = LoadManifest("effective_host_permissions", "all_hosts3.json"); | 257 extension = LoadManifest("effective_host_permissions", "all_hosts3.json"); |
| 257 permissions = extension->permission_set(); | 258 permissions = extension->GetActivePermissions(); |
| 258 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("http://test/"))); | 259 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("http://test/"))); |
| 259 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://test/"))); | 260 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://test/"))); |
| 260 EXPECT_TRUE( | 261 EXPECT_TRUE( |
| 261 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com"))); | 262 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com"))); |
| 262 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts()); | 263 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts()); |
| 263 } | 264 } |
| 264 | 265 |
| 265 TEST(ExtensionPermissionSetTest, ExplicitAccessToOrigin) { | 266 TEST(ExtensionPermissionSetTest, ExplicitAccessToOrigin) { |
| 266 ExtensionAPIPermissionSet apis; | 267 ExtensionAPIPermissionSet apis; |
| 267 URLPatternSet explicit_hosts; | 268 URLPatternSet explicit_hosts; |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 311 | 312 |
| 312 AddPattern(&explicit_hosts1, "http://*.google.com/*"); | 313 AddPattern(&explicit_hosts1, "http://*.google.com/*"); |
| 313 AddPattern(&expected_explicit_hosts, "http://*.google.com/*"); | 314 AddPattern(&expected_explicit_hosts, "http://*.google.com/*"); |
| 314 AddPattern(&effective_hosts, "http://*.google.com/*"); | 315 AddPattern(&effective_hosts, "http://*.google.com/*"); |
| 315 | 316 |
| 316 set1.reset(new ExtensionPermissionSet( | 317 set1.reset(new ExtensionPermissionSet( |
| 317 apis1, explicit_hosts1, scriptable_hosts1)); | 318 apis1, explicit_hosts1, scriptable_hosts1)); |
| 318 set2.reset(new ExtensionPermissionSet( | 319 set2.reset(new ExtensionPermissionSet( |
| 319 apis2, explicit_hosts2, scriptable_hosts2)); | 320 apis2, explicit_hosts2, scriptable_hosts2)); |
| 320 union_set.reset(ExtensionPermissionSet::CreateUnion(set1.get(), set2.get())); | 321 union_set.reset(ExtensionPermissionSet::CreateUnion(set1.get(), set2.get())); |
| 322 EXPECT_TRUE(set1->Contains(*set2)); |
| 323 EXPECT_TRUE(set1->Contains(*union_set)); |
| 324 EXPECT_FALSE(set2->Contains(*set1)); |
| 325 EXPECT_FALSE(set2->Contains(*union_set)); |
| 326 EXPECT_TRUE(union_set->Contains(*set1)); |
| 327 EXPECT_TRUE(union_set->Contains(*set2)); |
| 321 | 328 |
| 322 EXPECT_FALSE(union_set->HasEffectiveFullAccess()); | 329 EXPECT_FALSE(union_set->HasEffectiveFullAccess()); |
| 323 EXPECT_EQ(expected_apis, union_set->apis()); | 330 EXPECT_EQ(expected_apis, union_set->apis()); |
| 324 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts()); | 331 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts()); |
| 325 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts()); | 332 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts()); |
| 326 EXPECT_EQ(expected_explicit_hosts, union_set->effective_hosts()); | 333 EXPECT_EQ(expected_explicit_hosts, union_set->effective_hosts()); |
| 327 | 334 |
| 328 // Now use a real second set. | 335 // Now use a real second set. |
| 329 apis2.insert(ExtensionAPIPermission::kTab); | 336 apis2.insert(ExtensionAPIPermission::kTab); |
| 330 apis2.insert(ExtensionAPIPermission::kProxy); | 337 apis2.insert(ExtensionAPIPermission::kProxy); |
| 331 apis2.insert(ExtensionAPIPermission::kClipboardWrite); | 338 apis2.insert(ExtensionAPIPermission::kClipboardWrite); |
| 332 apis2.insert(ExtensionAPIPermission::kPlugin); | 339 apis2.insert(ExtensionAPIPermission::kPlugin); |
| 333 expected_apis.insert(ExtensionAPIPermission::kTab); | 340 expected_apis.insert(ExtensionAPIPermission::kTab); |
| 334 expected_apis.insert(ExtensionAPIPermission::kProxy); | 341 expected_apis.insert(ExtensionAPIPermission::kProxy); |
| 335 expected_apis.insert(ExtensionAPIPermission::kClipboardWrite); | 342 expected_apis.insert(ExtensionAPIPermission::kClipboardWrite); |
| 336 expected_apis.insert(ExtensionAPIPermission::kPlugin); | 343 expected_apis.insert(ExtensionAPIPermission::kPlugin); |
| 337 | 344 |
| 338 AddPattern(&explicit_hosts2, "http://*.example.com/*"); | 345 AddPattern(&explicit_hosts2, "http://*.example.com/*"); |
| 339 AddPattern(&scriptable_hosts2, "http://*.google.com/*"); | 346 AddPattern(&scriptable_hosts2, "http://*.google.com/*"); |
| 340 AddPattern(&expected_explicit_hosts, "http://*.example.com/*"); | 347 AddPattern(&expected_explicit_hosts, "http://*.example.com/*"); |
| 341 AddPattern(&expected_scriptable_hosts, "http://*.google.com/*"); | 348 AddPattern(&expected_scriptable_hosts, "http://*.google.com/*"); |
| 342 | 349 |
| 343 effective_hosts.ClearPatterns(); | 350 effective_hosts.ClearPatterns(); |
| 344 AddPattern(&effective_hosts, "<all_urls>"); | 351 AddPattern(&effective_hosts, "<all_urls>"); |
| 345 | 352 |
| 346 set2.reset(new ExtensionPermissionSet( | 353 set2.reset(new ExtensionPermissionSet( |
| 347 apis2, explicit_hosts2, scriptable_hosts2)); | 354 apis2, explicit_hosts2, scriptable_hosts2)); |
| 348 union_set.reset(ExtensionPermissionSet::CreateUnion(set1.get(), set2.get())); | 355 union_set.reset(ExtensionPermissionSet::CreateUnion(set1.get(), set2.get())); |
| 356 |
| 357 EXPECT_FALSE(set1->Contains(*set2)); |
| 358 EXPECT_FALSE(set1->Contains(*union_set)); |
| 359 EXPECT_FALSE(set2->Contains(*set1)); |
| 360 EXPECT_FALSE(set2->Contains(*union_set)); |
| 361 EXPECT_TRUE(union_set->Contains(*set1)); |
| 362 EXPECT_TRUE(union_set->Contains(*set2)); |
| 363 |
| 349 EXPECT_TRUE(union_set->HasEffectiveFullAccess()); | 364 EXPECT_TRUE(union_set->HasEffectiveFullAccess()); |
| 350 EXPECT_TRUE(union_set->HasEffectiveAccessToAllHosts()); | 365 EXPECT_TRUE(union_set->HasEffectiveAccessToAllHosts()); |
| 351 EXPECT_EQ(expected_apis, union_set->apis()); | 366 EXPECT_EQ(expected_apis, union_set->apis()); |
| 352 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts()); | 367 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts()); |
| 353 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts()); | 368 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts()); |
| 354 EXPECT_EQ(effective_hosts, union_set->effective_hosts()); | 369 EXPECT_EQ(effective_hosts, union_set->effective_hosts()); |
| 355 } | 370 } |
| 356 | 371 |
| 372 TEST(ExtensionPermissionSetTest, CreateIntersection) { |
| 373 ExtensionAPIPermissionSet apis1; |
| 374 ExtensionAPIPermissionSet apis2; |
| 375 ExtensionAPIPermissionSet expected_apis; |
| 376 |
| 377 URLPatternSet explicit_hosts1; |
| 378 URLPatternSet explicit_hosts2; |
| 379 URLPatternSet expected_explicit_hosts; |
| 380 |
| 381 URLPatternSet scriptable_hosts1; |
| 382 URLPatternSet scriptable_hosts2; |
| 383 URLPatternSet expected_scriptable_hosts; |
| 384 |
| 385 URLPatternSet effective_hosts; |
| 386 |
| 387 scoped_ptr<ExtensionPermissionSet> set1; |
| 388 scoped_ptr<ExtensionPermissionSet> set2; |
| 389 scoped_ptr<ExtensionPermissionSet> new_set; |
| 390 |
| 391 // Intersection with an empty set. |
| 392 apis1.insert(ExtensionAPIPermission::kTab); |
| 393 apis1.insert(ExtensionAPIPermission::kBackground); |
| 394 |
| 395 AddPattern(&explicit_hosts1, "http://*.google.com/*"); |
| 396 AddPattern(&scriptable_hosts1, "http://www.reddit.com/*"); |
| 397 |
| 398 set1.reset(new ExtensionPermissionSet( |
| 399 apis1, explicit_hosts1, scriptable_hosts1)); |
| 400 set2.reset(new ExtensionPermissionSet( |
| 401 apis2, explicit_hosts2, scriptable_hosts2)); |
| 402 new_set.reset( |
| 403 ExtensionPermissionSet::CreateIntersection(set1.get(), set2.get())); |
| 404 EXPECT_TRUE(set1->Contains(*new_set)); |
| 405 EXPECT_TRUE(set2->Contains(*new_set)); |
| 406 EXPECT_TRUE(set1->Contains(*set2)); |
| 407 EXPECT_FALSE(set2->Contains(*set1)); |
| 408 EXPECT_FALSE(new_set->Contains(*set1)); |
| 409 EXPECT_TRUE(new_set->Contains(*set2)); |
| 410 |
| 411 EXPECT_TRUE(new_set->IsEmpty()); |
| 412 EXPECT_FALSE(new_set->HasEffectiveFullAccess()); |
| 413 EXPECT_EQ(expected_apis, new_set->apis()); |
| 414 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts()); |
| 415 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts()); |
| 416 EXPECT_EQ(expected_explicit_hosts, new_set->effective_hosts()); |
| 417 |
| 418 // Now use a real second set. |
| 419 apis2.insert(ExtensionAPIPermission::kTab); |
| 420 apis2.insert(ExtensionAPIPermission::kProxy); |
| 421 apis2.insert(ExtensionAPIPermission::kClipboardWrite); |
| 422 apis2.insert(ExtensionAPIPermission::kPlugin); |
| 423 expected_apis.insert(ExtensionAPIPermission::kTab); |
| 424 |
| 425 AddPattern(&explicit_hosts2, "http://*.example.com/*"); |
| 426 AddPattern(&explicit_hosts2, "http://*.google.com/*"); |
| 427 AddPattern(&scriptable_hosts2, "http://*.google.com/*"); |
| 428 AddPattern(&expected_explicit_hosts, "http://*.google.com/*"); |
| 429 |
| 430 effective_hosts.ClearPatterns(); |
| 431 AddPattern(&effective_hosts, "http://*.google.com/*"); |
| 432 |
| 433 set2.reset(new ExtensionPermissionSet( |
| 434 apis2, explicit_hosts2, scriptable_hosts2)); |
| 435 new_set.reset( |
| 436 ExtensionPermissionSet::CreateIntersection(set1.get(), set2.get())); |
| 437 |
| 438 EXPECT_TRUE(set1->Contains(*new_set)); |
| 439 EXPECT_TRUE(set2->Contains(*new_set)); |
| 440 EXPECT_FALSE(set1->Contains(*set2)); |
| 441 EXPECT_FALSE(set2->Contains(*set1)); |
| 442 EXPECT_FALSE(new_set->Contains(*set1)); |
| 443 EXPECT_FALSE(new_set->Contains(*set2)); |
| 444 |
| 445 EXPECT_FALSE(new_set->HasEffectiveFullAccess()); |
| 446 EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts()); |
| 447 EXPECT_EQ(expected_apis, new_set->apis()); |
| 448 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts()); |
| 449 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts()); |
| 450 EXPECT_EQ(effective_hosts, new_set->effective_hosts()); |
| 451 } |
| 452 |
| 453 TEST(ExtensionPermissionSetTest, CreateDifference) { |
| 454 ExtensionAPIPermissionSet apis1; |
| 455 ExtensionAPIPermissionSet apis2; |
| 456 ExtensionAPIPermissionSet expected_apis; |
| 457 |
| 458 URLPatternSet explicit_hosts1; |
| 459 URLPatternSet explicit_hosts2; |
| 460 URLPatternSet expected_explicit_hosts; |
| 461 |
| 462 URLPatternSet scriptable_hosts1; |
| 463 URLPatternSet scriptable_hosts2; |
| 464 URLPatternSet expected_scriptable_hosts; |
| 465 |
| 466 URLPatternSet effective_hosts; |
| 467 |
| 468 scoped_ptr<ExtensionPermissionSet> set1; |
| 469 scoped_ptr<ExtensionPermissionSet> set2; |
| 470 scoped_ptr<ExtensionPermissionSet> new_set; |
| 471 |
| 472 // Difference with an empty set. |
| 473 apis1.insert(ExtensionAPIPermission::kTab); |
| 474 apis1.insert(ExtensionAPIPermission::kBackground); |
| 475 |
| 476 AddPattern(&explicit_hosts1, "http://*.google.com/*"); |
| 477 AddPattern(&scriptable_hosts1, "http://www.reddit.com/*"); |
| 478 |
| 479 set1.reset(new ExtensionPermissionSet( |
| 480 apis1, explicit_hosts1, scriptable_hosts1)); |
| 481 set2.reset(new ExtensionPermissionSet( |
| 482 apis2, explicit_hosts2, scriptable_hosts2)); |
| 483 new_set.reset( |
| 484 ExtensionPermissionSet::CreateDifference(set1.get(), set2.get())); |
| 485 EXPECT_EQ(*set1, *new_set); |
| 486 |
| 487 // Now use a real second set. |
| 488 apis2.insert(ExtensionAPIPermission::kTab); |
| 489 apis2.insert(ExtensionAPIPermission::kProxy); |
| 490 apis2.insert(ExtensionAPIPermission::kClipboardWrite); |
| 491 apis2.insert(ExtensionAPIPermission::kPlugin); |
| 492 expected_apis.insert(ExtensionAPIPermission::kBackground); |
| 493 |
| 494 AddPattern(&explicit_hosts2, "http://*.example.com/*"); |
| 495 AddPattern(&explicit_hosts2, "http://*.google.com/*"); |
| 496 AddPattern(&scriptable_hosts2, "http://*.google.com/*"); |
| 497 AddPattern(&expected_scriptable_hosts, "http://www.reddit.com/*"); |
| 498 |
| 499 effective_hosts.ClearPatterns(); |
| 500 AddPattern(&effective_hosts, "http://www.reddit.com/*"); |
| 501 |
| 502 set2.reset(new ExtensionPermissionSet( |
| 503 apis2, explicit_hosts2, scriptable_hosts2)); |
| 504 new_set.reset( |
| 505 ExtensionPermissionSet::CreateDifference(set1.get(), set2.get())); |
| 506 |
| 507 EXPECT_TRUE(set1->Contains(*new_set)); |
| 508 EXPECT_FALSE(set2->Contains(*new_set)); |
| 509 |
| 510 EXPECT_FALSE(new_set->HasEffectiveFullAccess()); |
| 511 EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts()); |
| 512 EXPECT_EQ(expected_apis, new_set->apis()); |
| 513 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts()); |
| 514 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts()); |
| 515 EXPECT_EQ(effective_hosts, new_set->effective_hosts()); |
| 516 |
| 517 // |set3| = |set1| - |set2| --> |set3| intersect |set2| == empty_set |
| 518 set1.reset( |
| 519 ExtensionPermissionSet::CreateIntersection(new_set.get(), set2.get())); |
| 520 EXPECT_TRUE(set1->IsEmpty()); |
| 521 } |
| 522 |
| 357 TEST(ExtensionPermissionSetTest, HasLessPrivilegesThan) { | 523 TEST(ExtensionPermissionSetTest, HasLessPrivilegesThan) { |
| 358 const struct { | 524 const struct { |
| 359 const char* base_name; | 525 const char* base_name; |
| 360 // Increase these sizes if you have more than 10. | 526 // Increase these sizes if you have more than 10. |
| 361 const char* granted_apis[10]; | 527 const char* granted_apis[10]; |
| 362 const char* granted_hosts[10]; | 528 const char* granted_hosts[10]; |
| 363 bool full_access; | 529 bool full_access; |
| 364 bool expect_increase; | 530 bool expect_increase; |
| 365 } kTests[] = { | 531 } kTests[] = { |
| 366 { "allhosts1", {NULL}, {"http://*/", NULL}, false, | 532 { "allhosts1", {NULL}, {"http://*/", NULL}, false, |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 428 } | 594 } |
| 429 | 595 |
| 430 URLPatternSet granted_hosts; | 596 URLPatternSet granted_hosts; |
| 431 for (size_t j = 0; kTests[i].granted_hosts[j] != NULL; ++j) | 597 for (size_t j = 0; kTests[i].granted_hosts[j] != NULL; ++j) |
| 432 AddPattern(&granted_hosts, kTests[i].granted_hosts[j]); | 598 AddPattern(&granted_hosts, kTests[i].granted_hosts[j]); |
| 433 | 599 |
| 434 EXPECT_TRUE(new_extension.get()) << kTests[i].base_name << "_new.json"; | 600 EXPECT_TRUE(new_extension.get()) << kTests[i].base_name << "_new.json"; |
| 435 if (!new_extension.get()) | 601 if (!new_extension.get()) |
| 436 continue; | 602 continue; |
| 437 | 603 |
| 438 const ExtensionPermissionSet* old_p = old_extension->permission_set(); | 604 const ExtensionPermissionSet* old_p = |
| 439 const ExtensionPermissionSet* new_p = new_extension->permission_set(); | 605 old_extension->GetActivePermissions(); |
| 606 const ExtensionPermissionSet* new_p = |
| 607 new_extension->GetActivePermissions(); |
| 440 | 608 |
| 441 EXPECT_EQ(kTests[i].expect_increase, old_p->HasLessPrivilegesThan(new_p)) | 609 EXPECT_EQ(kTests[i].expect_increase, old_p->HasLessPrivilegesThan(new_p)) |
| 442 << kTests[i].base_name; | 610 << kTests[i].base_name; |
| 443 } | 611 } |
| 444 } | 612 } |
| 445 | 613 |
| 446 TEST(ExtensionPermissionSetTest, PermissionMessages) { | 614 TEST(ExtensionPermissionSetTest, PermissionMessages) { |
| 447 // Ensure that all permissions that needs to show install UI actually have | 615 // Ensure that all permissions that needs to show install UI actually have |
| 448 // strings associated with them. | 616 // strings associated with them. |
| 449 ExtensionAPIPermissionSet skip; | 617 ExtensionAPIPermissionSet skip; |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 483 skip.insert(ExtensionAPIPermission::kFileBrowserPrivate); | 651 skip.insert(ExtensionAPIPermission::kFileBrowserPrivate); |
| 484 skip.insert(ExtensionAPIPermission::kMediaPlayerPrivate); | 652 skip.insert(ExtensionAPIPermission::kMediaPlayerPrivate); |
| 485 skip.insert(ExtensionAPIPermission::kChromeAuthPrivate); | 653 skip.insert(ExtensionAPIPermission::kChromeAuthPrivate); |
| 486 skip.insert(ExtensionAPIPermission::kChromePrivate); | 654 skip.insert(ExtensionAPIPermission::kChromePrivate); |
| 487 skip.insert(ExtensionAPIPermission::kChromeosInfoPrivate); | 655 skip.insert(ExtensionAPIPermission::kChromeosInfoPrivate); |
| 488 skip.insert(ExtensionAPIPermission::kWebSocketProxyPrivate); | 656 skip.insert(ExtensionAPIPermission::kWebSocketProxyPrivate); |
| 489 skip.insert(ExtensionAPIPermission::kInputMethodPrivate); | 657 skip.insert(ExtensionAPIPermission::kInputMethodPrivate); |
| 490 | 658 |
| 491 // Warned as part of host permissions. | 659 // Warned as part of host permissions. |
| 492 skip.insert(ExtensionAPIPermission::kDevtools); | 660 skip.insert(ExtensionAPIPermission::kDevtools); |
| 661 |
| 662 // This will warn users later, when they request new permissions. |
| 663 skip.insert(ExtensionAPIPermission::kPermissions); |
| 664 |
| 493 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 665 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 494 ExtensionAPIPermissionSet permissions = info->GetAll(); | 666 ExtensionAPIPermissionSet permissions = info->GetAll(); |
| 495 for (ExtensionAPIPermissionSet::const_iterator i = permissions.begin(); | 667 for (ExtensionAPIPermissionSet::const_iterator i = permissions.begin(); |
| 496 i != permissions.end(); ++i) { | 668 i != permissions.end(); ++i) { |
| 497 ExtensionAPIPermission* permission = info->GetByID(*i); | 669 ExtensionAPIPermission* permission = info->GetByID(*i); |
| 498 EXPECT_TRUE(permission); | 670 EXPECT_TRUE(permission); |
| 499 if (skip.count(*i)) { | 671 if (skip.count(*i)) { |
| 500 EXPECT_EQ(ExtensionPermissionMessage::kNone, permission->message_id()) | 672 EXPECT_EQ(ExtensionPermissionMessage::kNone, permission->message_id()) |
| 501 << "unexpected message_id for " << permission->name(); | 673 << "unexpected message_id for " << permission->name(); |
| 502 } else { | 674 } else { |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 542 EXPECT_EQ(kTests[i].expect_success, | 714 EXPECT_EQ(kTests[i].expect_success, |
| 543 permissions.HasAccessToFunction(kTests[i].permission_name)); | 715 permissions.HasAccessToFunction(kTests[i].permission_name)); |
| 544 } | 716 } |
| 545 } | 717 } |
| 546 | 718 |
| 547 TEST(ExtensionPermissionSetTest, GetWarningMessages_ManyHosts) { | 719 TEST(ExtensionPermissionSetTest, GetWarningMessages_ManyHosts) { |
| 548 scoped_refptr<Extension> extension; | 720 scoped_refptr<Extension> extension; |
| 549 | 721 |
| 550 extension = LoadManifest("permissions", "many-hosts.json"); | 722 extension = LoadManifest("permissions", "many-hosts.json"); |
| 551 std::vector<string16> warnings = | 723 std::vector<string16> warnings = |
| 552 extension->permission_set()->GetWarningMessages(); | 724 extension->GetActivePermissions()->GetWarningMessages(); |
| 553 ASSERT_EQ(1u, warnings.size()); | 725 ASSERT_EQ(1u, warnings.size()); |
| 554 EXPECT_EQ("Your data on encrypted.google.com and www.google.com", | 726 EXPECT_EQ("Your data on encrypted.google.com and www.google.com", |
| 555 UTF16ToUTF8(warnings[0])); | 727 UTF16ToUTF8(warnings[0])); |
| 556 } | 728 } |
| 557 | 729 |
| 558 TEST(ExtensionPermissionSetTest, GetWarningMessages_Plugins) { | 730 TEST(ExtensionPermissionSetTest, GetWarningMessages_Plugins) { |
| 559 scoped_refptr<Extension> extension; | 731 scoped_refptr<Extension> extension; |
| 560 scoped_ptr<ExtensionPermissionSet> permissions; | 732 scoped_ptr<ExtensionPermissionSet> permissions; |
| 561 | 733 |
| 562 extension = LoadManifest("permissions", "plugins.json"); | 734 extension = LoadManifest("permissions", "plugins.json"); |
| 563 std::vector<string16> warnings = | 735 std::vector<string16> warnings = |
| 564 extension->permission_set()->GetWarningMessages(); | 736 extension->GetActivePermissions()->GetWarningMessages(); |
| 565 // We don't parse the plugins key on Chrome OS, so it should not ask for any | 737 // We don't parse the plugins key on Chrome OS, so it should not ask for any |
| 566 // permissions. | 738 // permissions. |
| 567 #if defined(OS_CHROMEOS) | 739 #if defined(OS_CHROMEOS) |
| 568 ASSERT_EQ(0u, warnings.size()); | 740 ASSERT_EQ(0u, warnings.size()); |
| 569 #else | 741 #else |
| 570 ASSERT_EQ(1u, warnings.size()); | 742 ASSERT_EQ(1u, warnings.size()); |
| 571 EXPECT_EQ("All data on your computer and the websites you visit", | 743 EXPECT_EQ("All data on your computer and the websites you visit", |
| 572 UTF16ToUTF8(warnings[0])); | 744 UTF16ToUTF8(warnings[0])); |
| 573 #endif | 745 #endif |
| 574 } | 746 } |
| (...skipping 320 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 895 // and we can convert it back to the id set. | 1067 // and we can convert it back to the id set. |
| 896 EXPECT_EQ(4u, api_names.size()); | 1068 EXPECT_EQ(4u, api_names.size()); |
| 897 EXPECT_EQ(apis, | 1069 EXPECT_EQ(apis, |
| 898 ExtensionPermissionsInfo::GetInstance()->GetAllByName(api_names)); | 1070 ExtensionPermissionsInfo::GetInstance()->GetAllByName(api_names)); |
| 899 } | 1071 } |
| 900 | 1072 |
| 901 TEST(ExtensionPermissionSetTest, IsEmpty) { | 1073 TEST(ExtensionPermissionSetTest, IsEmpty) { |
| 902 ExtensionAPIPermissionSet empty_apis; | 1074 ExtensionAPIPermissionSet empty_apis; |
| 903 URLPatternSet empty_extent; | 1075 URLPatternSet empty_extent; |
| 904 | 1076 |
| 905 ExtensionPermissionSet perm_set; | 1077 ExtensionPermissionSet empty_set; |
| 906 EXPECT_TRUE(perm_set.IsEmpty()); | 1078 EXPECT_TRUE(empty_set.IsEmpty()); |
| 1079 scoped_ptr<ExtensionPermissionSet> perm_set; |
| 907 | 1080 |
| 908 perm_set = ExtensionPermissionSet(empty_apis, empty_extent, empty_extent); | 1081 perm_set.reset(new ExtensionPermissionSet( |
| 909 EXPECT_TRUE(perm_set.IsEmpty()); | 1082 empty_apis, empty_extent, empty_extent)); |
| 1083 EXPECT_TRUE(perm_set->IsEmpty()); |
| 910 | 1084 |
| 911 ExtensionAPIPermissionSet non_empty_apis; | 1085 ExtensionAPIPermissionSet non_empty_apis; |
| 912 non_empty_apis.insert(ExtensionAPIPermission::kBackground); | 1086 non_empty_apis.insert(ExtensionAPIPermission::kBackground); |
| 913 perm_set = ExtensionPermissionSet( | 1087 perm_set.reset(new ExtensionPermissionSet( |
| 914 non_empty_apis, empty_extent, empty_extent); | 1088 non_empty_apis, empty_extent, empty_extent)); |
| 915 EXPECT_FALSE(perm_set.IsEmpty()); | 1089 EXPECT_FALSE(perm_set->IsEmpty()); |
| 916 | 1090 |
| 917 // Try non standard host | 1091 // Try non standard host |
| 918 URLPatternSet non_empty_extent; | 1092 URLPatternSet non_empty_extent; |
| 919 AddPattern(&non_empty_extent, "http://www.google.com/*"); | 1093 AddPattern(&non_empty_extent, "http://www.google.com/*"); |
| 920 | 1094 |
| 921 perm_set = ExtensionPermissionSet( | 1095 perm_set.reset(new ExtensionPermissionSet( |
| 922 empty_apis, non_empty_extent, empty_extent); | 1096 empty_apis, non_empty_extent, empty_extent)); |
| 923 EXPECT_FALSE(perm_set.IsEmpty()); | 1097 EXPECT_FALSE(perm_set->IsEmpty()); |
| 924 | 1098 |
| 925 perm_set = ExtensionPermissionSet( | 1099 perm_set.reset(new ExtensionPermissionSet( |
| 926 empty_apis, empty_extent, non_empty_extent); | 1100 empty_apis, empty_extent, non_empty_extent)); |
| 927 EXPECT_FALSE(perm_set.IsEmpty()); | 1101 EXPECT_FALSE(perm_set->IsEmpty()); |
| 928 } | 1102 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7432006:
Add an experimental permissions API for extensions. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src