| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/command_line.h" | 5 #include "base/command_line.h" |
| 6 #include "base/json/json_file_value_serializer.h" | 6 #include "base/json/json_file_value_serializer.h" |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/path_service.h" | 8 #include "base/path_service.h" |
| 9 #include "base/strings/utf_string_conversions.h" | 9 #include "base/strings/utf_string_conversions.h" |
| 10 #include "chrome/common/chrome_paths.h" | 10 #include "chrome/common/chrome_paths.h" |
| (...skipping 574 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 585 { "permissions5", true }, // bookmarks -> bookmarks,history | 585 { "permissions5", true }, // bookmarks -> bookmarks,history |
| 586 { "equivalent_warnings", false }, // tabs --> tabs, webNavigation | 586 { "equivalent_warnings", false }, // tabs --> tabs, webNavigation |
| 587 #if !defined(OS_CHROMEOS) // plugins aren't allowed in ChromeOS | 587 #if !defined(OS_CHROMEOS) // plugins aren't allowed in ChromeOS |
| 588 { "permissions4", false }, // plugin -> plugin,tabs | 588 { "permissions4", false }, // plugin -> plugin,tabs |
| 589 { "plugin1", false }, // plugin -> plugin | 589 { "plugin1", false }, // plugin -> plugin |
| 590 { "plugin2", false }, // plugin -> none | 590 { "plugin2", false }, // plugin -> none |
| 591 { "plugin3", true }, // none -> plugin | 591 { "plugin3", true }, // none -> plugin |
| 592 #endif | 592 #endif |
| 593 { "storage", false }, // none -> storage | 593 { "storage", false }, // none -> storage |
| 594 { "notifications", false }, // none -> notifications | 594 { "notifications", false }, // none -> notifications |
| 595 { "platformapp1", false }, // host permissions for platform apps |
| 596 { "platformapp2", true }, // API permissions for platform apps |
| 595 }; | 597 }; |
| 596 | 598 |
| 597 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) { | 599 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) { |
| 598 scoped_refptr<Extension> old_extension( | 600 scoped_refptr<Extension> old_extension( |
| 599 LoadManifest("allow_silent_upgrade", | 601 LoadManifest("allow_silent_upgrade", |
| 600 std::string(kTests[i].base_name) + "_old.json")); | 602 std::string(kTests[i].base_name) + "_old.json")); |
| 601 scoped_refptr<Extension> new_extension( | 603 scoped_refptr<Extension> new_extension( |
| 602 LoadManifest("allow_silent_upgrade", | 604 LoadManifest("allow_silent_upgrade", |
| 603 std::string(kTests[i].base_name) + "_new.json")); | 605 std::string(kTests[i].base_name) + "_new.json")); |
| 604 | 606 |
| 605 EXPECT_TRUE(new_extension.get()) << kTests[i].base_name << "_new.json"; | 607 EXPECT_TRUE(new_extension.get()) << kTests[i].base_name << "_new.json"; |
| 606 if (!new_extension.get()) | 608 if (!new_extension.get()) |
| 607 continue; | 609 continue; |
| 608 | 610 |
| 609 scoped_refptr<const PermissionSet> old_p( | 611 scoped_refptr<const PermissionSet> old_p( |
| 610 old_extension->GetActivePermissions()); | 612 old_extension->GetActivePermissions()); |
| 611 scoped_refptr<const PermissionSet> new_p( | 613 scoped_refptr<const PermissionSet> new_p( |
| 612 new_extension->GetActivePermissions()); | 614 new_extension->GetActivePermissions()); |
| 615 Manifest::Type extension_type = old_extension->GetType(); |
| 613 | 616 |
| 614 EXPECT_EQ(kTests[i].expect_increase, | 617 EXPECT_EQ(kTests[i].expect_increase, |
| 615 old_p->HasLessPrivilegesThan(new_p.get())) << kTests[i].base_name; | 618 old_p->HasLessPrivilegesThan(new_p.get(), extension_type)) |
| 619 << kTests[i].base_name; |
| 616 } | 620 } |
| 617 } | 621 } |
| 618 | 622 |
| 619 TEST(PermissionsTest, PermissionMessages) { | 623 TEST(PermissionsTest, PermissionMessages) { |
| 620 // Ensure that all permissions that needs to show install UI actually have | 624 // Ensure that all permissions that needs to show install UI actually have |
| 621 // strings associated with them. | 625 // strings associated with them. |
| 622 APIPermissionSet skip; | 626 APIPermissionSet skip; |
| 623 | 627 |
| 624 // These are considered "nuisance" or "trivial" permissions that don't need | 628 // These are considered "nuisance" or "trivial" permissions that don't need |
| 625 // a prompt. | 629 // a prompt. |
| (...skipping 591 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1217 // No http://www.foo.com/path | 1221 // No http://www.foo.com/path |
| 1218 | 1222 |
| 1219 std::set<std::string> expected; | 1223 std::set<std::string> expected; |
| 1220 expected.insert("www.foo.ca"); | 1224 expected.insert("www.foo.ca"); |
| 1221 perm_set = new PermissionSet( | 1225 perm_set = new PermissionSet( |
| 1222 empty_perms, explicit_hosts, scriptable_hosts); | 1226 empty_perms, explicit_hosts, scriptable_hosts); |
| 1223 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); | 1227 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); |
| 1224 } | 1228 } |
| 1225 | 1229 |
| 1226 TEST(PermissionsTest, HasLessHostPrivilegesThan) { | 1230 TEST(PermissionsTest, HasLessHostPrivilegesThan) { |
| 1231 Manifest::Type extension_type = Manifest::TYPE_EXTENSION; |
| 1227 URLPatternSet elist1; | 1232 URLPatternSet elist1; |
| 1228 URLPatternSet elist2; | 1233 URLPatternSet elist2; |
| 1229 URLPatternSet slist1; | 1234 URLPatternSet slist1; |
| 1230 URLPatternSet slist2; | 1235 URLPatternSet slist2; |
| 1231 scoped_refptr<PermissionSet> set1; | 1236 scoped_refptr<PermissionSet> set1; |
| 1232 scoped_refptr<PermissionSet> set2; | 1237 scoped_refptr<PermissionSet> set2; |
| 1233 APIPermissionSet empty_perms; | 1238 APIPermissionSet empty_perms; |
| 1234 elist1.AddPattern( | 1239 elist1.AddPattern( |
| 1235 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path")); | 1240 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path")); |
| 1236 elist1.AddPattern( | 1241 elist1.AddPattern( |
| 1237 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path")); | 1242 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path")); |
| 1238 | 1243 |
| 1239 // Test that the host order does not matter. | 1244 // Test that the host order does not matter. |
| 1240 elist2.AddPattern( | 1245 elist2.AddPattern( |
| 1241 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path")); | 1246 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path")); |
| 1242 elist2.AddPattern( | 1247 elist2.AddPattern( |
| 1243 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path")); | 1248 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path")); |
| 1244 | 1249 |
| 1245 set1 = new PermissionSet(empty_perms, elist1, slist1); | 1250 set1 = new PermissionSet(empty_perms, elist1, slist1); |
| 1246 set2 = new PermissionSet(empty_perms, elist2, slist2); | 1251 set2 = new PermissionSet(empty_perms, elist2, slist2); |
| 1247 | 1252 |
| 1248 EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get())); | 1253 EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get(), extension_type)); |
| 1249 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get())); | 1254 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get(), extension_type)); |
| 1250 | 1255 |
| 1251 // Test that paths are ignored. | 1256 // Test that paths are ignored. |
| 1252 elist2.ClearPatterns(); | 1257 elist2.ClearPatterns(); |
| 1253 elist2.AddPattern( | 1258 elist2.AddPattern( |
| 1254 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/*")); | 1259 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/*")); |
| 1255 set2 = new PermissionSet(empty_perms, elist2, slist2); | 1260 set2 = new PermissionSet(empty_perms, elist2, slist2); |
| 1256 EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get())); | 1261 EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get(), extension_type)); |
| 1257 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get())); | 1262 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get(), extension_type)); |
| 1258 | 1263 |
| 1259 // Test that RCDs are ignored. | 1264 // Test that RCDs are ignored. |
| 1260 elist2.ClearPatterns(); | 1265 elist2.ClearPatterns(); |
| 1261 elist2.AddPattern( | 1266 elist2.AddPattern( |
| 1262 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/*")); | 1267 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/*")); |
| 1263 set2 = new PermissionSet(empty_perms, elist2, slist2); | 1268 set2 = new PermissionSet(empty_perms, elist2, slist2); |
| 1264 EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get())); | 1269 EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get(), extension_type)); |
| 1265 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get())); | 1270 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get(), extension_type)); |
| 1266 | 1271 |
| 1267 // Test that subdomain wildcards are handled properly. | 1272 // Test that subdomain wildcards are handled properly. |
| 1268 elist2.ClearPatterns(); | 1273 elist2.ClearPatterns(); |
| 1269 elist2.AddPattern( | 1274 elist2.AddPattern( |
| 1270 URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com.hk/*")); | 1275 URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com.hk/*")); |
| 1271 set2 = new PermissionSet(empty_perms, elist2, slist2); | 1276 set2 = new PermissionSet(empty_perms, elist2, slist2); |
| 1272 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get())); | 1277 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get(), extension_type)); |
| 1273 // TODO(jstritar): Does not match subdomains properly. http://crbug.com/65337 | 1278 // TODO(jstritar): Does not match subdomains properly. http://crbug.com/65337 |
| 1274 // EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get())); | 1279 // EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get())); |
| 1275 | 1280 |
| 1276 // Test that different domains count as different hosts. | 1281 // Test that different domains count as different hosts. |
| 1277 elist2.ClearPatterns(); | 1282 elist2.ClearPatterns(); |
| 1278 elist2.AddPattern( | 1283 elist2.AddPattern( |
| 1279 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path")); | 1284 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path")); |
| 1280 elist2.AddPattern( | 1285 elist2.AddPattern( |
| 1281 URLPattern(URLPattern::SCHEME_HTTP, "http://www.example.org/path")); | 1286 URLPattern(URLPattern::SCHEME_HTTP, "http://www.example.org/path")); |
| 1282 set2 = new PermissionSet(empty_perms, elist2, slist2); | 1287 set2 = new PermissionSet(empty_perms, elist2, slist2); |
| 1283 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get())); | 1288 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get(), extension_type)); |
| 1284 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get())); | 1289 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get(), extension_type)); |
| 1285 | 1290 |
| 1286 // Test that different subdomains count as different hosts. | 1291 // Test that different subdomains count as different hosts. |
| 1287 elist2.ClearPatterns(); | 1292 elist2.ClearPatterns(); |
| 1288 elist2.AddPattern( | 1293 elist2.AddPattern( |
| 1289 URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*")); | 1294 URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*")); |
| 1290 set2 = new PermissionSet(empty_perms, elist2, slist2); | 1295 set2 = new PermissionSet(empty_perms, elist2, slist2); |
| 1291 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get())); | 1296 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get(), extension_type)); |
| 1292 EXPECT_TRUE(set2->HasLessHostPrivilegesThan(set1.get())); | 1297 EXPECT_TRUE(set2->HasLessHostPrivilegesThan(set1.get(), extension_type)); |
| 1298 |
| 1299 // Test that platform apps do not have host permissions increases. |
| 1300 extension_type = Manifest::TYPE_PLATFORM_APP; |
| 1301 EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get(), extension_type)); |
| 1302 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get(), extension_type)); |
| 1293 } | 1303 } |
| 1294 | 1304 |
| 1295 TEST(PermissionsTest, GetAPIsAsStrings) { | 1305 TEST(PermissionsTest, GetAPIsAsStrings) { |
| 1296 APIPermissionSet apis; | 1306 APIPermissionSet apis; |
| 1297 URLPatternSet empty_set; | 1307 URLPatternSet empty_set; |
| 1298 | 1308 |
| 1299 apis.insert(APIPermission::kProxy); | 1309 apis.insert(APIPermission::kProxy); |
| 1300 apis.insert(APIPermission::kBackground); | 1310 apis.insert(APIPermission::kBackground); |
| 1301 apis.insert(APIPermission::kNotification); | 1311 apis.insert(APIPermission::kNotification); |
| 1302 apis.insert(APIPermission::kTab); | 1312 apis.insert(APIPermission::kTab); |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1378 allowed_hosts.AddPattern( | 1388 allowed_hosts.AddPattern( |
| 1379 URLPattern(URLPattern::SCHEME_ALL, "chrome://favicon/")); | 1389 URLPattern(URLPattern::SCHEME_ALL, "chrome://favicon/")); |
| 1380 allowed_hosts.AddPattern( | 1390 allowed_hosts.AddPattern( |
| 1381 URLPattern(URLPattern::SCHEME_ALL, "chrome://thumb/")); | 1391 URLPattern(URLPattern::SCHEME_ALL, "chrome://thumb/")); |
| 1382 scoped_refptr<PermissionSet> permissions( | 1392 scoped_refptr<PermissionSet> permissions( |
| 1383 new PermissionSet(APIPermissionSet(), allowed_hosts, URLPatternSet())); | 1393 new PermissionSet(APIPermissionSet(), allowed_hosts, URLPatternSet())); |
| 1384 permissions->GetPermissionMessages(Manifest::TYPE_EXTENSION); | 1394 permissions->GetPermissionMessages(Manifest::TYPE_EXTENSION); |
| 1385 } | 1395 } |
| 1386 | 1396 |
| 1387 } // namespace extensions | 1397 } // namespace extensions |
| OLD | NEW |