| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/permissions_based_management_policy_provider
.h" | 5 #include "chrome/browser/extensions/permissions_based_management_policy_provider
.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "base/memory/ref_counted.h" | 12 #include "base/memory/ref_counted.h" |
| 13 #include "base/strings/string16.h" | 13 #include "base/strings/string16.h" |
| 14 #include "base/values.h" | 14 #include "base/values.h" |
| 15 #include "chrome/browser/extensions/extension_management.h" | 15 #include "chrome/browser/extensions/extension_management.h" |
| 16 #include "chrome/browser/extensions/extension_management_test_util.h" | 16 #include "chrome/browser/extensions/extension_management_test_util.h" |
| 17 #include "chrome/common/extensions/permissions/chrome_api_permissions.h" | 17 #include "chrome/common/extensions/permissions/chrome_api_permissions.h" |
| 18 #include "components/prefs/pref_registry_simple.h" | 18 #include "chrome/test/base/testing_profile.h" |
| 19 #include "components/prefs/testing_pref_service.h" | 19 #include "components/sync_preferences/testing_pref_service_syncable.h" |
| 20 #include "content/public/test/test_browser_thread_bundle.h" |
| 20 #include "extensions/common/extension.h" | 21 #include "extensions/common/extension.h" |
| 21 #include "extensions/common/manifest.h" | 22 #include "extensions/common/manifest.h" |
| 22 #include "extensions/common/manifest_constants.h" | 23 #include "extensions/common/manifest_constants.h" |
| 23 #include "extensions/common/permissions/api_permission.h" | 24 #include "extensions/common/permissions/api_permission.h" |
| 24 #include "testing/gtest/include/gtest/gtest.h" | 25 #include "testing/gtest/include/gtest/gtest.h" |
| 25 | 26 |
| 26 namespace extensions { | 27 namespace extensions { |
| 27 | 28 |
| 28 class PermissionsBasedManagementPolicyProviderTest : public testing::Test { | 29 class PermissionsBasedManagementPolicyProviderTest : public testing::Test { |
| 29 public: | 30 protected: |
| 30 typedef ExtensionManagementPrefUpdater<TestingPrefServiceSimple> PrefUpdater; | 31 using PrefUpdater = ExtensionManagementPrefUpdater< |
| 32 sync_preferences::TestingPrefServiceSyncable>; |
| 31 | 33 |
| 32 PermissionsBasedManagementPolicyProviderTest() | 34 PermissionsBasedManagementPolicyProviderTest() |
| 33 : pref_service_(new TestingPrefServiceSimple()), | 35 : profile_(base::MakeUnique<TestingProfile>()), |
| 34 settings_(new ExtensionManagement(pref_service_.get())), | 36 settings_(base::MakeUnique<ExtensionManagement>(profile_.get())), |
| 37 pref_service_(profile_->GetTestingPrefService()), |
| 35 provider_(settings_.get()) {} | 38 provider_(settings_.get()) {} |
| 36 | 39 |
| 37 void SetUp() override { | 40 void SetUp() override { |
| 38 ChromeAPIPermissions api_permissions; | 41 ChromeAPIPermissions api_permissions; |
| 39 perm_list_ = api_permissions.GetAllPermissions(); | 42 perm_list_ = api_permissions.GetAllPermissions(); |
| 40 pref_service_->registry()->RegisterDictionaryPref( | |
| 41 pref_names::kExtensionManagement); | |
| 42 } | 43 } |
| 43 | 44 |
| 44 void TearDown() override {} | |
| 45 | |
| 46 // Get API permissions name for |id|, we cannot use arbitrary strings since | 45 // Get API permissions name for |id|, we cannot use arbitrary strings since |
| 47 // they will be ignored by ExtensionManagementService. | 46 // they will be ignored by ExtensionManagementService. |
| 48 std::string GetAPIPermissionName(APIPermission::ID id) { | 47 std::string GetAPIPermissionName(APIPermission::ID id) { |
| 49 for (const auto& perm : perm_list_) { | 48 for (const auto& perm : perm_list_) { |
| 50 if (perm->id() == id) | 49 if (perm->id() == id) |
| 51 return perm->name(); | 50 return perm->name(); |
| 52 } | 51 } |
| 53 ADD_FAILURE() << "Permission not found: " << id; | 52 ADD_FAILURE() << "Permission not found: " << id; |
| 54 return std::string(); | 53 return std::string(); |
| 55 } | 54 } |
| (...skipping 16 matching lines...) Expand all Loading... |
| 72 optional_permissions->DeepCopy()); | 71 optional_permissions->DeepCopy()); |
| 73 } | 72 } |
| 74 std::string error; | 73 std::string error; |
| 75 scoped_refptr<const Extension> extension = Extension::Create( | 74 scoped_refptr<const Extension> extension = Extension::Create( |
| 76 base::FilePath(), location, manifest_dict, Extension::NO_FLAGS, &error); | 75 base::FilePath(), location, manifest_dict, Extension::NO_FLAGS, &error); |
| 77 CHECK(extension.get()) << error; | 76 CHECK(extension.get()) << error; |
| 78 return extension; | 77 return extension; |
| 79 } | 78 } |
| 80 | 79 |
| 81 protected: | 80 protected: |
| 81 content::TestBrowserThreadBundle thread_bundle_; |
| 82 std::vector<std::unique_ptr<APIPermissionInfo>> perm_list_; | 82 std::vector<std::unique_ptr<APIPermissionInfo>> perm_list_; |
| 83 | 83 |
| 84 std::unique_ptr<TestingPrefServiceSimple> pref_service_; | 84 std::unique_ptr<TestingProfile> profile_; |
| 85 std::unique_ptr<ExtensionManagement> settings_; | 85 std::unique_ptr<ExtensionManagement> settings_; |
| 86 sync_preferences::TestingPrefServiceSyncable* pref_service_ = nullptr; |
| 86 | 87 |
| 87 PermissionsBasedManagementPolicyProvider provider_; | 88 PermissionsBasedManagementPolicyProvider provider_; |
| 88 }; | 89 }; |
| 89 | 90 |
| 90 // Verifies that extensions with conflicting permissions cannot be loaded. | 91 // Verifies that extensions with conflicting permissions cannot be loaded. |
| 91 TEST_F(PermissionsBasedManagementPolicyProviderTest, APIPermissions) { | 92 TEST_F(PermissionsBasedManagementPolicyProviderTest, APIPermissions) { |
| 92 // Prepares the extension manifest. | 93 // Prepares the extension manifest. |
| 93 base::ListValue required_permissions; | 94 base::ListValue required_permissions; |
| 94 required_permissions.AppendString( | 95 required_permissions.AppendString( |
| 95 GetAPIPermissionName(APIPermission::kDownloads)); | 96 GetAPIPermissionName(APIPermission::kDownloads)); |
| 96 required_permissions.AppendString( | 97 required_permissions.AppendString( |
| 97 GetAPIPermissionName(APIPermission::kCookie)); | 98 GetAPIPermissionName(APIPermission::kCookie)); |
| 98 base::ListValue optional_permissions; | 99 base::ListValue optional_permissions; |
| 99 optional_permissions.AppendString( | 100 optional_permissions.AppendString( |
| 100 GetAPIPermissionName(APIPermission::kProxy)); | 101 GetAPIPermissionName(APIPermission::kProxy)); |
| 101 | 102 |
| 102 scoped_refptr<const Extension> extension = | 103 scoped_refptr<const Extension> extension = |
| 103 CreateExtensionWithPermission(Manifest::EXTERNAL_POLICY_DOWNLOAD, | 104 CreateExtensionWithPermission(Manifest::EXTERNAL_POLICY_DOWNLOAD, |
| 104 &required_permissions, | 105 &required_permissions, |
| 105 &optional_permissions); | 106 &optional_permissions); |
| 106 | 107 |
| 107 base::string16 error16; | 108 base::string16 error16; |
| 108 // The extension should be allowed to be loaded by default. | 109 // The extension should be allowed to be loaded by default. |
| 109 error16.clear(); | 110 error16.clear(); |
| 110 EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error16)); | 111 EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error16)); |
| 111 EXPECT_TRUE(error16.empty()); | 112 EXPECT_TRUE(error16.empty()); |
| 112 | 113 |
| 113 // Blocks kProxy by default. The test extension should still be allowed. | 114 // Blocks kProxy by default. The test extension should still be allowed. |
| 114 { | 115 { |
| 115 PrefUpdater pref(pref_service_.get()); | 116 PrefUpdater pref(pref_service_); |
| 116 pref.AddBlockedPermission("*", | 117 pref.AddBlockedPermission("*", |
| 117 GetAPIPermissionName(APIPermission::kProxy)); | 118 GetAPIPermissionName(APIPermission::kProxy)); |
| 118 } | 119 } |
| 119 error16.clear(); | 120 error16.clear(); |
| 120 EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error16)); | 121 EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error16)); |
| 121 EXPECT_TRUE(error16.empty()); | 122 EXPECT_TRUE(error16.empty()); |
| 122 | 123 |
| 123 // Blocks kCookie this time. The test extension should not be allowed now. | 124 // Blocks kCookie this time. The test extension should not be allowed now. |
| 124 { | 125 { |
| 125 PrefUpdater pref(pref_service_.get()); | 126 PrefUpdater pref(pref_service_); |
| 126 pref.AddBlockedPermission("*", | 127 pref.AddBlockedPermission("*", |
| 127 GetAPIPermissionName(APIPermission::kCookie)); | 128 GetAPIPermissionName(APIPermission::kCookie)); |
| 128 } | 129 } |
| 129 error16.clear(); | 130 error16.clear(); |
| 130 EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error16)); | 131 EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error16)); |
| 131 EXPECT_FALSE(error16.empty()); | 132 EXPECT_FALSE(error16.empty()); |
| 132 | 133 |
| 133 // Explictly allows kCookie for test extension. It should be allowed again. | 134 // Explictly allows kCookie for test extension. It should be allowed again. |
| 134 { | 135 { |
| 135 PrefUpdater pref(pref_service_.get()); | 136 PrefUpdater pref(pref_service_); |
| 136 pref.AddAllowedPermission(extension->id(), | 137 pref.AddAllowedPermission(extension->id(), |
| 137 GetAPIPermissionName(APIPermission::kCookie)); | 138 GetAPIPermissionName(APIPermission::kCookie)); |
| 138 } | 139 } |
| 139 error16.clear(); | 140 error16.clear(); |
| 140 EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error16)); | 141 EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error16)); |
| 141 EXPECT_TRUE(error16.empty()); | 142 EXPECT_TRUE(error16.empty()); |
| 142 | 143 |
| 143 // Explictly blocks kCookie for test extension. It should be blocked again. | 144 // Explictly blocks kCookie for test extension. It should be blocked again. |
| 144 { | 145 { |
| 145 PrefUpdater pref(pref_service_.get()); | 146 PrefUpdater pref(pref_service_); |
| 146 pref.AddBlockedPermission(extension->id(), | 147 pref.AddBlockedPermission(extension->id(), |
| 147 GetAPIPermissionName(APIPermission::kCookie)); | 148 GetAPIPermissionName(APIPermission::kCookie)); |
| 148 } | 149 } |
| 149 error16.clear(); | 150 error16.clear(); |
| 150 EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error16)); | 151 EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error16)); |
| 151 EXPECT_FALSE(error16.empty()); | 152 EXPECT_FALSE(error16.empty()); |
| 152 | 153 |
| 153 // Blocks kDownloads by default. It should be blocked. | 154 // Blocks kDownloads by default. It should be blocked. |
| 154 { | 155 { |
| 155 PrefUpdater pref(pref_service_.get()); | 156 PrefUpdater pref(pref_service_); |
| 156 pref.UnsetBlockedPermissions(extension->id()); | 157 pref.UnsetBlockedPermissions(extension->id()); |
| 157 pref.UnsetAllowedPermissions(extension->id()); | 158 pref.UnsetAllowedPermissions(extension->id()); |
| 158 pref.ClearBlockedPermissions("*"); | 159 pref.ClearBlockedPermissions("*"); |
| 159 pref.AddBlockedPermission("*", | 160 pref.AddBlockedPermission("*", |
| 160 GetAPIPermissionName(APIPermission::kDownloads)); | 161 GetAPIPermissionName(APIPermission::kDownloads)); |
| 161 } | 162 } |
| 162 error16.clear(); | 163 error16.clear(); |
| 163 EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error16)); | 164 EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error16)); |
| 164 EXPECT_FALSE(error16.empty()); | 165 EXPECT_FALSE(error16.empty()); |
| 165 } | 166 } |
| 166 | 167 |
| 167 } // namespace extensions | 168 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2144313002:
Plumbing for login apps device policy to extensions. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master