| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "base/memory/ref_counted.h" |
| 6 #include "base/strings/utf_string_conversions.h" |
| 7 #include "chrome/browser/chromeos/extensions/signin_screen_policy_provider.h" |
| 8 #include "components/version_info/version_info.h" |
| 9 #include "extensions/common/extension_builder.h" |
| 10 #include "extensions/common/features/feature_channel.h" |
| 11 #include "extensions/common/features/feature_session_type.h" |
| 12 #include "testing/gtest/include/gtest/gtest.h" |
| 13 |
| 14 using extensions::Extension; |
| 15 |
| 16 namespace { |
| 17 |
| 18 const char kRandomExtensionId[] = "abacabadabacabaeabacabadabacabaf"; |
| 19 // Gnubby |
| 20 const char kGnubbyExtensionId[] = "beknehfpfkghjoafdifaflglpjkojoco"; |
| 21 // smart card connector |
| 22 const char kSampleSigninExtensionId[] = "khpfeaanjngmcnplbdlpegiifgpfgdco"; |
| 23 |
| 24 scoped_refptr<extensions::Extension> CreateTestApp( |
| 25 const std::string& extension_id, |
| 26 extensions::Manifest::Location location) { |
| 27 return extensions::ExtensionBuilder() |
| 28 .SetManifest( |
| 29 extensions::DictionaryBuilder() |
| 30 .Set("name", "test app") |
| 31 .Set("version", "1") |
| 32 .Set("manifest_version", 2) |
| 33 .Set("app", |
| 34 extensions::DictionaryBuilder() |
| 35 .Set("background", |
| 36 extensions::DictionaryBuilder() |
| 37 .Set("persistent", "false") |
| 38 .Set("scripts", extensions::ListBuilder() |
| 39 .Append("background.js") |
| 40 .Build()) |
| 41 .Build()) |
| 42 .Build()) |
| 43 .Set("storage", |
| 44 extensions::DictionaryBuilder() |
| 45 .Set("managed_schema", "managed_storage_schema.json") |
| 46 .Build()) |
| 47 .Set("permissions", extensions::ListBuilder() |
| 48 .Append("usb") |
| 49 .Append("alwaysOnTopWindows") |
| 50 .Build()) |
| 51 .Build()) |
| 52 .SetID(extension_id) |
| 53 .SetLocation(location) |
| 54 .Build(); |
| 55 } |
| 56 |
| 57 } // namespace |
| 58 |
| 59 class SigninScreenPolicyProviderTest : public testing::Test { |
| 60 protected: |
| 61 chromeos::SigninScreenPolicyProvider provider_; |
| 62 }; |
| 63 |
| 64 TEST_F(SigninScreenPolicyProviderTest, AllowPolicyExtensionOnDev) { |
| 65 // On dev channel every extension installed via policy should work. |
| 66 extensions::ScopedCurrentChannel channel(version_info::Channel::DEV); |
| 67 scoped_refptr<extensions::Extension> extension = CreateTestApp( |
| 68 kRandomExtensionId, extensions::Manifest::Location::EXTERNAL_POLICY); |
| 69 base::string16 error; |
| 70 EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error)); |
| 71 EXPECT_TRUE(error.empty()); |
| 72 } |
| 73 |
| 74 TEST_F(SigninScreenPolicyProviderTest, DenyRandomPolicyExtensionOnStable) { |
| 75 // On stable channel arbitrary extension (though installed via policy) |
| 76 // should be blocked. |
| 77 extensions::ScopedCurrentChannel channel(version_info::Channel::STABLE); |
| 78 scoped_refptr<extensions::Extension> extension = CreateTestApp( |
| 79 kRandomExtensionId, extensions::Manifest::Location::EXTERNAL_POLICY); |
| 80 base::string16 error; |
| 81 EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error)); |
| 82 EXPECT_FALSE(error.empty()); |
| 83 } |
| 84 |
| 85 TEST_F(SigninScreenPolicyProviderTest, AllowEssentialExtensionOnStable) { |
| 86 // Essential component extensions for the login screen should always work. |
| 87 extensions::ScopedCurrentChannel channel(version_info::Channel::STABLE); |
| 88 scoped_refptr<extensions::Extension> extension = CreateTestApp( |
| 89 kGnubbyExtensionId, extensions::Manifest::Location::EXTERNAL_COMPONENT); |
| 90 base::string16 error; |
| 91 EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error)); |
| 92 EXPECT_TRUE(error.empty()); |
| 93 } |
| 94 |
| 95 TEST_F(SigninScreenPolicyProviderTest, |
| 96 AllowWhitelistedExtensionViaPolicyOnStable) { |
| 97 // Whitelisted Google-developed extensions should be available on |
| 98 // stable if installed via policy. |
| 99 // This test should be changed in future as we evolve feaature |
| 100 // requirements. |
| 101 extensions::ScopedCurrentChannel channel(version_info::Channel::STABLE); |
| 102 scoped_refptr<extensions::Extension> extension = |
| 103 CreateTestApp(kSampleSigninExtensionId, |
| 104 extensions::Manifest::Location::EXTERNAL_POLICY); |
| 105 base::string16 error; |
| 106 EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error)); |
| 107 EXPECT_TRUE(error.empty()); |
| 108 } |
| 109 |
| 110 TEST_F(SigninScreenPolicyProviderTest, |
| 111 DenyNonPolicyWhitelistedExtensionOnStable) { |
| 112 // Google-developed extensions, if not installed via policy, should |
| 113 // be disabled. |
| 114 extensions::ScopedCurrentChannel channel(version_info::Channel::STABLE); |
| 115 scoped_refptr<extensions::Extension> extension = |
| 116 CreateTestApp(kSampleSigninExtensionId, |
| 117 extensions::Manifest::Location::EXTERNAL_COMPONENT); |
| 118 base::string16 error; |
| 119 EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error)); |
| 120 EXPECT_FALSE(error.empty()); |
| 121 } |
| 122 |
| 123 TEST_F(SigninScreenPolicyProviderTest, DenyRandomNonPolicyExtensionOnDev) { |
| 124 extensions::ScopedCurrentChannel channel(version_info::Channel::DEV); |
| 125 scoped_refptr<extensions::Extension> extension = CreateTestApp( |
| 126 kRandomExtensionId, extensions::Manifest::Location::EXTERNAL_COMPONENT); |
| 127 base::string16 error; |
| 128 EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error)); |
| 129 EXPECT_FALSE(error.empty()); |
| 130 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2159103006:
Add policy provider that would filter extensions/apps allowed on the (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master