| Index: chrome/common/extensions/extension_permission_set_unittest.cc
|
| diff --git a/chrome/common/extensions/extension_permission_set_unittest.cc b/chrome/common/extensions/extension_permission_set_unittest.cc
|
| index ebfb419a2efb676e3e88aa8941eea2394f9810d9..3b3ea248be6655a609717e719de10ed592a5c25f 100644
|
| --- a/chrome/common/extensions/extension_permission_set_unittest.cc
|
| +++ b/chrome/common/extensions/extension_permission_set_unittest.cc
|
| @@ -152,6 +152,7 @@ TEST(ExtensionAPIPermissionTest, HostedAppPermissions) {
|
| hosted_perms.insert(ExtensionAPIPermission::kNotification);
|
| hosted_perms.insert(ExtensionAPIPermission::kUnlimitedStorage);
|
| hosted_perms.insert(ExtensionAPIPermission::kWebstorePrivate);
|
| + hosted_perms.insert(ExtensionAPIPermission::kPermissions);
|
|
|
| ExtensionAPIPermissionSet perms = info->GetAll();
|
| size_t count = 0;
|
| @@ -161,8 +162,8 @@ TEST(ExtensionAPIPermissionTest, HostedAppPermissions) {
|
| EXPECT_EQ(hosted_perms.count(*i) > 0, info->GetByID(*i)->is_hosted_app());
|
| }
|
|
|
| - EXPECT_EQ(10u, count);
|
| - EXPECT_EQ(10u, info->get_hosted_app_permission_count());
|
| + EXPECT_EQ(hosted_perms.size(), count);
|
| + EXPECT_EQ(hosted_perms.size(), info->get_hosted_app_permission_count());
|
| }
|
|
|
| TEST(ExtensionAPIPermissionTest, ComponentOnlyPermissions) {
|
| @@ -188,17 +189,17 @@ TEST(ExtensionAPIPermissionTest, ComponentOnlyPermissions) {
|
|
|
| TEST(ExtensionPermissionSetTest, EffectiveHostPermissions) {
|
| scoped_refptr<Extension> extension;
|
| - const ExtensionPermissionSet* permissions = NULL;
|
| + scoped_refptr<const ExtensionPermissionSet> permissions;
|
|
|
| extension = LoadManifest("effective_host_permissions", "empty.json");
|
| - permissions = extension->permission_set();
|
| + permissions = extension->GetActivePermissions();
|
| EXPECT_EQ(0u, extension->GetEffectiveHostPermissions().patterns().size());
|
| EXPECT_FALSE(permissions->HasEffectiveAccessToURL(
|
| GURL("http://www.google.com")));
|
| EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
|
|
|
| extension = LoadManifest("effective_host_permissions", "one_host.json");
|
| - permissions = extension->permission_set();
|
| + permissions = extension->GetActivePermissions();
|
| EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
|
| GURL("http://www.google.com")));
|
| EXPECT_FALSE(permissions->HasEffectiveAccessToURL(
|
| @@ -207,14 +208,14 @@ TEST(ExtensionPermissionSetTest, EffectiveHostPermissions) {
|
|
|
| extension = LoadManifest("effective_host_permissions",
|
| "one_host_wildcard.json");
|
| - permissions = extension->permission_set();
|
| + permissions = extension->GetActivePermissions();
|
| EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com")));
|
| EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
|
| GURL("http://foo.google.com")));
|
| EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
|
|
|
| extension = LoadManifest("effective_host_permissions", "two_hosts.json");
|
| - permissions = extension->permission_set();
|
| + permissions = extension->GetActivePermissions();
|
| EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
|
| GURL("http://www.google.com")));
|
| EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
|
| @@ -223,14 +224,14 @@ TEST(ExtensionPermissionSetTest, EffectiveHostPermissions) {
|
|
|
| extension = LoadManifest("effective_host_permissions",
|
| "https_not_considered.json");
|
| - permissions = extension->permission_set();
|
| + permissions = extension->GetActivePermissions();
|
| EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com")));
|
| EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://google.com")));
|
| EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
|
|
|
| extension = LoadManifest("effective_host_permissions",
|
| "two_content_scripts.json");
|
| - permissions = extension->permission_set();
|
| + permissions = extension->GetActivePermissions();
|
| EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com")));
|
| EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
|
| GURL("http://www.reddit.com")));
|
| @@ -239,7 +240,7 @@ TEST(ExtensionPermissionSetTest, EffectiveHostPermissions) {
|
| EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
|
|
|
| extension = LoadManifest("effective_host_permissions", "all_hosts.json");
|
| - permissions = extension->permission_set();
|
| + permissions = extension->GetActivePermissions();
|
| EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
|
| EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("https://test/")));
|
| EXPECT_TRUE(
|
| @@ -247,14 +248,14 @@ TEST(ExtensionPermissionSetTest, EffectiveHostPermissions) {
|
| EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts());
|
|
|
| extension = LoadManifest("effective_host_permissions", "all_hosts2.json");
|
| - permissions = extension->permission_set();
|
| + permissions = extension->GetActivePermissions();
|
| EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
|
| EXPECT_TRUE(
|
| permissions->HasEffectiveAccessToURL(GURL("http://www.google.com")));
|
| EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts());
|
|
|
| extension = LoadManifest("effective_host_permissions", "all_hosts3.json");
|
| - permissions = extension->permission_set();
|
| + permissions = extension->GetActivePermissions();
|
| EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
|
| EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://test/")));
|
| EXPECT_TRUE(
|
| @@ -318,6 +319,12 @@ TEST(ExtensionPermissionSetTest, CreateUnion) {
|
| set2.reset(new ExtensionPermissionSet(
|
| apis2, explicit_hosts2, scriptable_hosts2));
|
| union_set.reset(ExtensionPermissionSet::CreateUnion(set1.get(), set2.get()));
|
| + EXPECT_TRUE(set1->Contains(*set2));
|
| + EXPECT_TRUE(set1->Contains(*union_set));
|
| + EXPECT_FALSE(set2->Contains(*set1));
|
| + EXPECT_FALSE(set2->Contains(*union_set));
|
| + EXPECT_TRUE(union_set->Contains(*set1));
|
| + EXPECT_TRUE(union_set->Contains(*set2));
|
|
|
| EXPECT_FALSE(union_set->HasEffectiveFullAccess());
|
| EXPECT_EQ(expected_apis, union_set->apis());
|
| @@ -346,6 +353,14 @@ TEST(ExtensionPermissionSetTest, CreateUnion) {
|
| set2.reset(new ExtensionPermissionSet(
|
| apis2, explicit_hosts2, scriptable_hosts2));
|
| union_set.reset(ExtensionPermissionSet::CreateUnion(set1.get(), set2.get()));
|
| +
|
| + EXPECT_FALSE(set1->Contains(*set2));
|
| + EXPECT_FALSE(set1->Contains(*union_set));
|
| + EXPECT_FALSE(set2->Contains(*set1));
|
| + EXPECT_FALSE(set2->Contains(*union_set));
|
| + EXPECT_TRUE(union_set->Contains(*set1));
|
| + EXPECT_TRUE(union_set->Contains(*set2));
|
| +
|
| EXPECT_TRUE(union_set->HasEffectiveFullAccess());
|
| EXPECT_TRUE(union_set->HasEffectiveAccessToAllHosts());
|
| EXPECT_EQ(expected_apis, union_set->apis());
|
| @@ -354,6 +369,157 @@ TEST(ExtensionPermissionSetTest, CreateUnion) {
|
| EXPECT_EQ(effective_hosts, union_set->effective_hosts());
|
| }
|
|
|
| +TEST(ExtensionPermissionSetTest, CreateIntersection) {
|
| + ExtensionAPIPermissionSet apis1;
|
| + ExtensionAPIPermissionSet apis2;
|
| + ExtensionAPIPermissionSet expected_apis;
|
| +
|
| + URLPatternSet explicit_hosts1;
|
| + URLPatternSet explicit_hosts2;
|
| + URLPatternSet expected_explicit_hosts;
|
| +
|
| + URLPatternSet scriptable_hosts1;
|
| + URLPatternSet scriptable_hosts2;
|
| + URLPatternSet expected_scriptable_hosts;
|
| +
|
| + URLPatternSet effective_hosts;
|
| +
|
| + scoped_ptr<ExtensionPermissionSet> set1;
|
| + scoped_ptr<ExtensionPermissionSet> set2;
|
| + scoped_ptr<ExtensionPermissionSet> new_set;
|
| +
|
| + // Intersection with an empty set.
|
| + apis1.insert(ExtensionAPIPermission::kTab);
|
| + apis1.insert(ExtensionAPIPermission::kBackground);
|
| +
|
| + AddPattern(&explicit_hosts1, "http://*.google.com/*");
|
| + AddPattern(&scriptable_hosts1, "http://www.reddit.com/*");
|
| +
|
| + set1.reset(new ExtensionPermissionSet(
|
| + apis1, explicit_hosts1, scriptable_hosts1));
|
| + set2.reset(new ExtensionPermissionSet(
|
| + apis2, explicit_hosts2, scriptable_hosts2));
|
| + new_set.reset(
|
| + ExtensionPermissionSet::CreateIntersection(set1.get(), set2.get()));
|
| + EXPECT_TRUE(set1->Contains(*new_set));
|
| + EXPECT_TRUE(set2->Contains(*new_set));
|
| + EXPECT_TRUE(set1->Contains(*set2));
|
| + EXPECT_FALSE(set2->Contains(*set1));
|
| + EXPECT_FALSE(new_set->Contains(*set1));
|
| + EXPECT_TRUE(new_set->Contains(*set2));
|
| +
|
| + EXPECT_TRUE(new_set->IsEmpty());
|
| + EXPECT_FALSE(new_set->HasEffectiveFullAccess());
|
| + EXPECT_EQ(expected_apis, new_set->apis());
|
| + EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
|
| + EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
|
| + EXPECT_EQ(expected_explicit_hosts, new_set->effective_hosts());
|
| +
|
| + // Now use a real second set.
|
| + apis2.insert(ExtensionAPIPermission::kTab);
|
| + apis2.insert(ExtensionAPIPermission::kProxy);
|
| + apis2.insert(ExtensionAPIPermission::kClipboardWrite);
|
| + apis2.insert(ExtensionAPIPermission::kPlugin);
|
| + expected_apis.insert(ExtensionAPIPermission::kTab);
|
| +
|
| + AddPattern(&explicit_hosts2, "http://*.example.com/*");
|
| + AddPattern(&explicit_hosts2, "http://*.google.com/*");
|
| + AddPattern(&scriptable_hosts2, "http://*.google.com/*");
|
| + AddPattern(&expected_explicit_hosts, "http://*.google.com/*");
|
| +
|
| + effective_hosts.ClearPatterns();
|
| + AddPattern(&effective_hosts, "http://*.google.com/*");
|
| +
|
| + set2.reset(new ExtensionPermissionSet(
|
| + apis2, explicit_hosts2, scriptable_hosts2));
|
| + new_set.reset(
|
| + ExtensionPermissionSet::CreateIntersection(set1.get(), set2.get()));
|
| +
|
| + EXPECT_TRUE(set1->Contains(*new_set));
|
| + EXPECT_TRUE(set2->Contains(*new_set));
|
| + EXPECT_FALSE(set1->Contains(*set2));
|
| + EXPECT_FALSE(set2->Contains(*set1));
|
| + EXPECT_FALSE(new_set->Contains(*set1));
|
| + EXPECT_FALSE(new_set->Contains(*set2));
|
| +
|
| + EXPECT_FALSE(new_set->HasEffectiveFullAccess());
|
| + EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts());
|
| + EXPECT_EQ(expected_apis, new_set->apis());
|
| + EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
|
| + EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
|
| + EXPECT_EQ(effective_hosts, new_set->effective_hosts());
|
| +}
|
| +
|
| +TEST(ExtensionPermissionSetTest, CreateDifference) {
|
| + ExtensionAPIPermissionSet apis1;
|
| + ExtensionAPIPermissionSet apis2;
|
| + ExtensionAPIPermissionSet expected_apis;
|
| +
|
| + URLPatternSet explicit_hosts1;
|
| + URLPatternSet explicit_hosts2;
|
| + URLPatternSet expected_explicit_hosts;
|
| +
|
| + URLPatternSet scriptable_hosts1;
|
| + URLPatternSet scriptable_hosts2;
|
| + URLPatternSet expected_scriptable_hosts;
|
| +
|
| + URLPatternSet effective_hosts;
|
| +
|
| + scoped_ptr<ExtensionPermissionSet> set1;
|
| + scoped_ptr<ExtensionPermissionSet> set2;
|
| + scoped_ptr<ExtensionPermissionSet> new_set;
|
| +
|
| + // Difference with an empty set.
|
| + apis1.insert(ExtensionAPIPermission::kTab);
|
| + apis1.insert(ExtensionAPIPermission::kBackground);
|
| +
|
| + AddPattern(&explicit_hosts1, "http://*.google.com/*");
|
| + AddPattern(&scriptable_hosts1, "http://www.reddit.com/*");
|
| +
|
| + set1.reset(new ExtensionPermissionSet(
|
| + apis1, explicit_hosts1, scriptable_hosts1));
|
| + set2.reset(new ExtensionPermissionSet(
|
| + apis2, explicit_hosts2, scriptable_hosts2));
|
| + new_set.reset(
|
| + ExtensionPermissionSet::CreateDifference(set1.get(), set2.get()));
|
| + EXPECT_EQ(*set1, *new_set);
|
| +
|
| + // Now use a real second set.
|
| + apis2.insert(ExtensionAPIPermission::kTab);
|
| + apis2.insert(ExtensionAPIPermission::kProxy);
|
| + apis2.insert(ExtensionAPIPermission::kClipboardWrite);
|
| + apis2.insert(ExtensionAPIPermission::kPlugin);
|
| + expected_apis.insert(ExtensionAPIPermission::kBackground);
|
| +
|
| + AddPattern(&explicit_hosts2, "http://*.example.com/*");
|
| + AddPattern(&explicit_hosts2, "http://*.google.com/*");
|
| + AddPattern(&scriptable_hosts2, "http://*.google.com/*");
|
| + AddPattern(&expected_scriptable_hosts, "http://www.reddit.com/*");
|
| +
|
| + effective_hosts.ClearPatterns();
|
| + AddPattern(&effective_hosts, "http://www.reddit.com/*");
|
| +
|
| + set2.reset(new ExtensionPermissionSet(
|
| + apis2, explicit_hosts2, scriptable_hosts2));
|
| + new_set.reset(
|
| + ExtensionPermissionSet::CreateDifference(set1.get(), set2.get()));
|
| +
|
| + EXPECT_TRUE(set1->Contains(*new_set));
|
| + EXPECT_FALSE(set2->Contains(*new_set));
|
| +
|
| + EXPECT_FALSE(new_set->HasEffectiveFullAccess());
|
| + EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts());
|
| + EXPECT_EQ(expected_apis, new_set->apis());
|
| + EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
|
| + EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
|
| + EXPECT_EQ(effective_hosts, new_set->effective_hosts());
|
| +
|
| + // |set3| = |set1| - |set2| --> |set3| intersect |set2| == empty_set
|
| + set1.reset(
|
| + ExtensionPermissionSet::CreateIntersection(new_set.get(), set2.get()));
|
| + EXPECT_TRUE(set1->IsEmpty());
|
| +}
|
| +
|
| TEST(ExtensionPermissionSetTest, HasLessPrivilegesThan) {
|
| const struct {
|
| const char* base_name;
|
| @@ -435,8 +601,10 @@ TEST(ExtensionPermissionSetTest, HasLessPrivilegesThan) {
|
| if (!new_extension.get())
|
| continue;
|
|
|
| - const ExtensionPermissionSet* old_p = old_extension->permission_set();
|
| - const ExtensionPermissionSet* new_p = new_extension->permission_set();
|
| + const ExtensionPermissionSet* old_p =
|
| + old_extension->GetActivePermissions();
|
| + const ExtensionPermissionSet* new_p =
|
| + new_extension->GetActivePermissions();
|
|
|
| EXPECT_EQ(kTests[i].expect_increase, old_p->HasLessPrivilegesThan(new_p))
|
| << kTests[i].base_name;
|
| @@ -490,6 +658,10 @@ TEST(ExtensionPermissionSetTest, PermissionMessages) {
|
|
|
| // Warned as part of host permissions.
|
| skip.insert(ExtensionAPIPermission::kDevtools);
|
| +
|
| + // This will warn users later, when they request new permissions.
|
| + skip.insert(ExtensionAPIPermission::kPermissions);
|
| +
|
| ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
|
| ExtensionAPIPermissionSet permissions = info->GetAll();
|
| for (ExtensionAPIPermissionSet::const_iterator i = permissions.begin();
|
| @@ -549,7 +721,7 @@ TEST(ExtensionPermissionSetTest, GetWarningMessages_ManyHosts) {
|
|
|
| extension = LoadManifest("permissions", "many-hosts.json");
|
| std::vector<string16> warnings =
|
| - extension->permission_set()->GetWarningMessages();
|
| + extension->GetActivePermissions()->GetWarningMessages();
|
| ASSERT_EQ(1u, warnings.size());
|
| EXPECT_EQ("Your data on encrypted.google.com and www.google.com",
|
| UTF16ToUTF8(warnings[0]));
|
| @@ -561,7 +733,7 @@ TEST(ExtensionPermissionSetTest, GetWarningMessages_Plugins) {
|
|
|
| extension = LoadManifest("permissions", "plugins.json");
|
| std::vector<string16> warnings =
|
| - extension->permission_set()->GetWarningMessages();
|
| + extension->GetActivePermissions()->GetWarningMessages();
|
| // We don't parse the plugins key on Chrome OS, so it should not ask for any
|
| // permissions.
|
| #if defined(OS_CHROMEOS)
|
| @@ -902,27 +1074,29 @@ TEST(ExtensionPermissionSetTest, IsEmpty) {
|
| ExtensionAPIPermissionSet empty_apis;
|
| URLPatternSet empty_extent;
|
|
|
| - ExtensionPermissionSet perm_set;
|
| - EXPECT_TRUE(perm_set.IsEmpty());
|
| + ExtensionPermissionSet empty_set;
|
| + EXPECT_TRUE(empty_set.IsEmpty());
|
| + scoped_ptr<ExtensionPermissionSet> perm_set;
|
|
|
| - perm_set = ExtensionPermissionSet(empty_apis, empty_extent, empty_extent);
|
| - EXPECT_TRUE(perm_set.IsEmpty());
|
| + perm_set.reset(new ExtensionPermissionSet(
|
| + empty_apis, empty_extent, empty_extent));
|
| + EXPECT_TRUE(perm_set->IsEmpty());
|
|
|
| ExtensionAPIPermissionSet non_empty_apis;
|
| non_empty_apis.insert(ExtensionAPIPermission::kBackground);
|
| - perm_set = ExtensionPermissionSet(
|
| - non_empty_apis, empty_extent, empty_extent);
|
| - EXPECT_FALSE(perm_set.IsEmpty());
|
| + perm_set.reset(new ExtensionPermissionSet(
|
| + non_empty_apis, empty_extent, empty_extent));
|
| + EXPECT_FALSE(perm_set->IsEmpty());
|
|
|
| // Try non standard host
|
| URLPatternSet non_empty_extent;
|
| AddPattern(&non_empty_extent, "http://www.google.com/*");
|
|
|
| - perm_set = ExtensionPermissionSet(
|
| - empty_apis, non_empty_extent, empty_extent);
|
| - EXPECT_FALSE(perm_set.IsEmpty());
|
| + perm_set.reset(new ExtensionPermissionSet(
|
| + empty_apis, non_empty_extent, empty_extent));
|
| + EXPECT_FALSE(perm_set->IsEmpty());
|
|
|
| - perm_set = ExtensionPermissionSet(
|
| - empty_apis, empty_extent, non_empty_extent);
|
| - EXPECT_FALSE(perm_set.IsEmpty());
|
| + perm_set.reset(new ExtensionPermissionSet(
|
| + empty_apis, empty_extent, non_empty_extent));
|
| + EXPECT_FALSE(perm_set->IsEmpty());
|
| }
|
|
|
Chromium Code Reviews
Issue 7432006:
Add an experimental permissions API for extensions. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src