| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/extensions/extension.h" | 5 #include "chrome/common/extensions/extension.h" |
| 6 | 6 |
| 7 #if defined(TOOLKIT_GTK) | 7 #if defined(TOOLKIT_GTK) |
| 8 #include <gtk/gtk.h> | 8 #include <gtk/gtk.h> |
| 9 #endif | 9 #endif |
| 10 | 10 |
| (...skipping 612 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 623 } | 623 } |
| 624 | 624 |
| 625 TEST_F(ExtensionManifestTest, HostedAppPermissions) { | 625 TEST_F(ExtensionManifestTest, HostedAppPermissions) { |
| 626 std::string error; | 626 std::string error; |
| 627 scoped_ptr<DictionaryValue> manifest( | 627 scoped_ptr<DictionaryValue> manifest( |
| 628 LoadManifestFile("hosted_app_absolute_options.json", &error)); | 628 LoadManifestFile("hosted_app_absolute_options.json", &error)); |
| 629 ASSERT_TRUE(manifest.get()); | 629 ASSERT_TRUE(manifest.get()); |
| 630 ListValue* permissions = NULL; | 630 ListValue* permissions = NULL; |
| 631 ASSERT_TRUE(manifest->GetList("permissions", &permissions)); | 631 ASSERT_TRUE(manifest->GetList("permissions", &permissions)); |
| 632 | 632 |
| 633 int platform_app = ExtensionAPIPermission::kTypePlatformApp; |
| 633 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 634 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 634 ExtensionAPIPermissionSet api_perms = info->GetAll(); | 635 ExtensionAPIPermissionSet api_perms = info->GetAll(); |
| 635 for (ExtensionAPIPermissionSet::iterator i = api_perms.begin(); | 636 for (ExtensionAPIPermissionSet::iterator i = api_perms.begin(); |
| 636 i != api_perms.end(); ++i) { | 637 i != api_perms.end(); ++i) { |
| 637 if (*i == ExtensionAPIPermission::kExperimental) | 638 if (*i == ExtensionAPIPermission::kExperimental) |
| 638 continue; | 639 continue; |
| 639 | 640 |
| 640 ExtensionAPIPermission* permission = info->GetByID(*i); | 641 ExtensionAPIPermission* permission = info->GetByID(*i); |
| 641 const char* name = permission->name(); | 642 const char* name = permission->name(); |
| 642 StringValue* p = new StringValue(name); | 643 StringValue* p = new StringValue(name); |
| 643 permissions->Clear(); | 644 permissions->Clear(); |
| 644 permissions->Append(p); | 645 permissions->Append(p); |
| 645 | 646 |
| 646 // Some permissions are only available to component hosted apps. | 647 // Some permissions are only available to component hosted apps. |
| 647 if (permission->is_component_only()) { | 648 if (permission->is_component_only()) { |
| 648 LoadAndExpectError(Manifest(manifest.get(), name), | 649 LoadAndExpectError(Manifest(manifest.get(), name), |
| 649 errors::kPermissionNotAllowed, | 650 errors::kPermissionNotAllowed, |
| 650 Extension::INTERNAL); | 651 Extension::INTERNAL); |
| 651 scoped_refptr<Extension> extension( | 652 scoped_refptr<Extension> extension( |
| 652 LoadAndExpectSuccess(Manifest(manifest.get(), name), | 653 LoadAndExpectSuccess(Manifest(manifest.get(), name), |
| 653 Extension::COMPONENT)); | 654 Extension::COMPONENT)); |
| 654 EXPECT_TRUE(extension->GetActivePermissions()->HasAPIPermission( | 655 EXPECT_TRUE(extension->GetActivePermissions()->HasAPIPermission( |
| 655 permission->id())); | 656 permission->id())); |
| 656 | 657 |
| 657 } else if (permission->is_platform_app_only()) { | 658 } else if (permission->type_restrictions() == platform_app) { |
| 658 LoadAndExpectError(Manifest(manifest.get(), name), | 659 LoadAndExpectError(Manifest(manifest.get(), name), |
| 659 errors::kPermissionNotAllowed, | 660 errors::kPermissionNotAllowed, |
| 660 Extension::INTERNAL, | 661 Extension::INTERNAL, |
| 661 Extension::STRICT_ERROR_CHECKS); | 662 Extension::STRICT_ERROR_CHECKS); |
| 662 } else if (!permission->is_hosted_app()) { | 663 } else if (!permission->supports_hosted_apps()) { |
| 663 // Most normal extension permissions also aren't available to hosted apps. | 664 // Most normal extension permissions also aren't available to hosted apps. |
| 664 // For these, the error is only reported in strict mode for legacy | 665 // For these, the error is only reported in strict mode for legacy |
| 665 // reasons: crbug.com/101993. | 666 // reasons: crbug.com/101993. |
| 666 LoadAndExpectError(Manifest(manifest.get(), name), | 667 LoadAndExpectError(Manifest(manifest.get(), name), |
| 667 errors::kPermissionNotAllowed, | 668 errors::kPermissionNotAllowed, |
| 668 Extension::INTERNAL, | 669 Extension::INTERNAL, |
| 669 Extension::STRICT_ERROR_CHECKS); | 670 Extension::STRICT_ERROR_CHECKS); |
| 670 scoped_refptr<Extension> extension( | 671 scoped_refptr<Extension> extension( |
| 671 LoadAndExpectSuccess(Manifest(manifest.get(), name), | 672 LoadAndExpectSuccess(Manifest(manifest.get(), name), |
| 672 Extension::INTERNAL)); | 673 Extension::INTERNAL)); |
| (...skipping 295 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 968 EXPECT_TRUE(extension_4->offline_enabled()); | 969 EXPECT_TRUE(extension_4->offline_enabled()); |
| 969 } | 970 } |
| 970 | 971 |
| 971 TEST_F(ExtensionManifestTest, PlatformAppOnlyPermissions) { | 972 TEST_F(ExtensionManifestTest, PlatformAppOnlyPermissions) { |
| 972 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 973 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 973 ExtensionAPIPermissionSet private_perms; | 974 ExtensionAPIPermissionSet private_perms; |
| 974 private_perms.insert(ExtensionAPIPermission::kSocket); | 975 private_perms.insert(ExtensionAPIPermission::kSocket); |
| 975 | 976 |
| 976 ExtensionAPIPermissionSet perms = info->GetAll(); | 977 ExtensionAPIPermissionSet perms = info->GetAll(); |
| 977 int count = 0; | 978 int count = 0; |
| 979 int platform_app = ExtensionAPIPermission::kTypePlatformApp; |
| 978 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); | 980 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); |
| 979 i != perms.end(); ++i) { | 981 i != perms.end(); ++i) { |
| 980 count += private_perms.count(*i); | 982 count += private_perms.count(*i); |
| 981 EXPECT_EQ(private_perms.count(*i) > 0, | 983 EXPECT_EQ(private_perms.count(*i) > 0, |
| 982 info->GetByID(*i)->is_platform_app_only()); | 984 info->GetByID(*i)->type_restrictions() == platform_app); |
| 983 } | 985 } |
| 984 EXPECT_EQ(1, count); | 986 EXPECT_EQ(1, count); |
| 985 | 987 |
| 986 // This guy should fail to load because he's requesting platform-app-only | 988 // This guy should fail to load because he's requesting platform-app-only |
| 987 // permissions. | 989 // permissions. |
| 988 LoadAndExpectError("evil_non_platform_app.json", | 990 LoadAndExpectError("evil_non_platform_app.json", |
| 989 errors::kPermissionNotAllowed, | 991 errors::kPermissionNotAllowed, |
| 990 Extension::INTERNAL, Extension::STRICT_ERROR_CHECKS); | 992 Extension::INTERNAL, Extension::STRICT_ERROR_CHECKS); |
| 991 | 993 |
| 992 // This guy is identical to the previous but doesn't ask for any | 994 // This guy is identical to the previous but doesn't ask for any |
| 993 // platform-app-only permissions. We should be able to load him and ask | 995 // platform-app-only permissions. We should be able to load him and ask |
| 994 // questions about his permissions. | 996 // questions about his permissions. |
| 995 scoped_refptr<Extension> extension( | 997 scoped_refptr<Extension> extension( |
| 996 LoadAndExpectSuccess("not_platform_app.json")); | 998 LoadAndExpectSuccess("not_platform_app.json")); |
| 997 scoped_refptr<const ExtensionPermissionSet> permissions; | 999 ExtensionAPIPermissionSet apis = extension->GetActivePermissions()->apis(); |
| 998 permissions = extension->GetActivePermissions(); | 1000 for (ExtensionAPIPermissionSet::const_iterator i = apis.begin(); |
| 999 EXPECT_FALSE(permissions->HasPlatformAppPermissions()); | 1001 i != apis.end(); ++i) |
| 1002 EXPECT_NE(platform_app, info->GetByID(*i)->type_restrictions()); |
| 1000 } | 1003 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8598022:
Restrict access to permissions based on extension types. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src