Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(5130)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/chromeos/extensions/signin_screen_policy_provider_unittest.cc

Issue 2159103006: Add policy provider that would filter extensions/apps allowed on the (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: . Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/chromeos/extensions/signin_screen_policy_provider.cc ('K') | « chrome/browser/chromeos/extensions/signin_screen_policy_provider.cc ('k') | chrome/browser/extensions/extension_system_impl.h » ('j') | chrome/browser/extensions/extension_system_impl.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chromeos/extensions/signin_screen_policy_provider_unittest.cc
diff --git a/chrome/browser/chromeos/extensions/signin_screen_policy_provider_unittest.cc b/chrome/browser/chromeos/extensions/signin_screen_policy_provider_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..9d0e4cfb2aaf7c1761bff5f8e4ad262a177c60f4
--- /dev/null
+++ b/chrome/browser/chromeos/extensions/signin_screen_policy_provider_unittest.cc
@@ -0,0 +1,214 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/extensions/signin_screen_policy_provider.h"
+
+#include <string>
+
+#include "base/files/file_path.h"
+#include "base/memory/ref_counted.h"
+#include "base/strings/string16.h"
+#include "base/values.h"
+#include "extensions/common/extension.h"
+#include "extensions/common/manifest.h"
+#include "extensions/common/manifest_constants.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace chromeos {
+
+namespace {
+
+const char kWhitelistedId[] = "kmendfapggjehodndflmmgagdbamhnfd";
+
+scoped_refptr<const extensions::Extension> CreateExtensionFromValues(
+ const std::string& id,
+ extensions::Manifest::Location location,
+ base::DictionaryValue* values,
+ int flags) {
+ values->SetString(extensions::manifest_keys::kName, "test");
+ values->SetString(extensions::manifest_keys::kVersion, "0.1");
+ std::string error;
+ auto result = extensions::Extension::Create(base::FilePath(), location,
+ *values, flags, id, &error);
+
+ LOG(ERROR) << error;
+ return result;
+}
+
+scoped_refptr<const extensions::Extension> CreateRegularExtension(
+ const std::string& id) {
+ base::DictionaryValue values;
+ return CreateExtensionFromValues(id, extensions::Manifest::INTERNAL, &values,
+ extensions::Extension::NO_FLAGS);
+}
+
+scoped_refptr<const extensions::Extension> CreatePlatformAppWithExtraValues(
+ const base::DictionaryValue* extra_values,
+ extensions::Manifest::Location location,
+ int flags) {
+ base::DictionaryValue values;
+ values.SetString("app.background.page", "background.html");
+ values.MergeDictionary(extra_values);
+ return CreateExtensionFromValues(std::string(), location, &values, flags);
+}
+
+scoped_refptr<const extensions::Extension> CreatePlatformApp(
+ extensions::Manifest::Location location) {
+ base::DictionaryValue values;
+ return CreatePlatformAppWithExtraValues(&values, location,
+ extensions::Extension::NO_FLAGS);
+}
+} // namespace
+
+TEST(SigninScreenPolicyProviderTest, SigninScreen) {
+ SigninScreenPolicyProvider provider;
+ scoped_refptr<const extensions::Extension> extension;
+ base::string16 error;
+
+ // Verify that if an extension's ID has been explicitly whitelisted for use on
+ // signin screen, the extension can be installed.
+ extension = CreateRegularExtension(kWhitelistedId);
+ ASSERT_TRUE(extension.get());
+ EXPECT_TRUE(provider.UserMayLoad(extension.get(), &error));
+ EXPECT_EQ(base::string16(), error);
+ error.clear();
+
+ // Verify that if an extensions location has been whitelisted for use on
+ // sign-in screen, the extension can be installed.
+ extension = CreatePlatformApp(extensions::Manifest::EXTERNAL_POLICY);
+ ASSERT_TRUE(extension.get());
+ EXPECT_TRUE(provider.UserMayLoad(extension.get(), &error));
+ EXPECT_EQ(base::string16(), error);
+ error.clear();
+
+ // Verify that if an extensions location has been whitelisted for use on
+ // sign-in screen, the extension can be installed.
+ extension = CreatePlatformApp(extensions::Manifest::EXTERNAL_POLICY_DOWNLOAD);
+ ASSERT_TRUE(extension.get());
+ EXPECT_TRUE(provider.UserMayLoad(extension.get(), &error));
+ EXPECT_EQ(base::string16(), error);
+ error.clear();
+
+ // Verify that if an extension's location has not been whitelisted for use on
+ // signin screen, the extension can no be installed.
+ extension = CreatePlatformApp(extensions::Manifest::INTERNAL);
+ LOG(ERROR) << extension->location();
+ ASSERT_TRUE(extension.get());
+ EXPECT_FALSE(provider.UserMayLoad(extension.get(), &error));
+ EXPECT_NE(base::string16(), error);
+ error.clear();
+
+ // Verify that a minimal platform app cannot be installed from location
+ // UNPACKED.
+ {
+ base::DictionaryValue values;
+ extension = CreatePlatformAppWithExtraValues(
+ &values, extensions::Manifest::UNPACKED,
+ extensions::Extension::NO_FLAGS);
+ ASSERT_TRUE(extension);
+
+ EXPECT_FALSE(provider.UserMayLoad(extension.get(), &error));
+ EXPECT_NE(base::string16(), error);
+ error.clear();
+ }
+
+ // Verify that a platform app with all safe manifest entries can be installed.
+ {
+ base::DictionaryValue values;
+ values.SetString(extensions::manifest_keys::kDescription, "something");
+ values.SetString(extensions::manifest_keys::kShortName, "something else");
+ base::ListValue* permissions = new base::ListValue();
+ permissions->AppendString("usb");
+ values.Set(extensions::manifest_keys::kPermissions, permissions);
+ base::ListValue* optional_permissions = new base::ListValue();
+ optional_permissions->AppendString("usb");
+ values.Set(extensions::manifest_keys::kOptionalPermissions,
+ optional_permissions);
+ extension = CreatePlatformAppWithExtraValues(
+ &values, extensions::Manifest::EXTERNAL_POLICY,
+ extensions::Extension::NO_FLAGS);
+ ASSERT_TRUE(extension);
+
+ EXPECT_TRUE(provider.UserMayLoad(extension.get(), &error));
+ EXPECT_EQ(base::string16(), error);
+ error.clear();
+ }
+
+ // Verify that a platform app with an unknown manifest entry under "app"
+ // cannot be installed.
+ {
+ base::DictionaryValue values;
+ values.SetString("app.not_whitelisted2", "something2");
+ extension = CreatePlatformAppWithExtraValues(
+ &values, extensions::Manifest::EXTERNAL_POLICY,
+ extensions::Extension::NO_FLAGS);
+ ASSERT_TRUE(extension);
+
+ EXPECT_FALSE(provider.UserMayLoad(extension.get(), &error));
+ EXPECT_NE(base::string16(), error);
+ error.clear();
+ }
+
+ // Verify that a platform app with an unknown permission entry cannot be
+ // installed.
+ {
+ base::ListValue* const permissions = new base::ListValue();
+ permissions->AppendString("not_whitelisted_permission");
+ base::DictionaryValue values;
+ values.Set(extensions::manifest_keys::kPermissions, permissions);
+
+ extension = CreatePlatformAppWithExtraValues(
+ &values, extensions::Manifest::EXTERNAL_POLICY,
+ extensions::Extension::NO_FLAGS);
+ ASSERT_TRUE(extension);
+
+ EXPECT_FALSE(provider.UserMayLoad(extension.get(), &error));
+ EXPECT_NE(base::string16(), error);
+ error.clear();
+ }
+
+ // Verify that a platform app with remote URL permissions can not be
+ // installed.
+ {
+ base::ListValue* const permissions = new base::ListValue();
+ permissions->AppendString("https://example.com/");
+ permissions->AppendString("http://example.com/");
+ permissions->AppendString("ftp://example.com/");
+ base::DictionaryValue values;
+ values.Set(extensions::manifest_keys::kPermissions, permissions);
+
+ extension = CreatePlatformAppWithExtraValues(
+ &values, extensions::Manifest::EXTERNAL_POLICY,
+ extensions::Extension::NO_FLAGS);
+ ASSERT_TRUE(extension);
+
+ EXPECT_FALSE(provider.UserMayLoad(extension.get(), &error));
+ EXPECT_NE(base::string16(), error);
+ error.clear();
+ }
+
+ // Verify that a platform app with unknown dictionary permission cannot be
+ // installed.
+ {
+ base::DictionaryValue* const socket = new base::DictionaryValue();
+ base::ListValue* const tcp_list = new base::ListValue();
+ tcp_list->AppendString("unknown_value");
+ socket->Set("unknown_key", tcp_list);
+ base::ListValue* const permissions = new base::ListValue();
+ permissions->Append(socket);
+ base::DictionaryValue values;
+ values.Set(extensions::manifest_keys::kPermissions, permissions);
+
+ extension = CreatePlatformAppWithExtraValues(
+ &values, extensions::Manifest::EXTERNAL_POLICY,
+ extensions::Extension::NO_FLAGS);
+ ASSERT_TRUE(extension);
+
+ EXPECT_FALSE(provider.UserMayLoad(extension.get(), &error));
+ EXPECT_NE(base::string16(), error);
+ error.clear();
+ }
+}
+
+} // namespace chromeos
« chrome/browser/chromeos/extensions/signin_screen_policy_provider.cc ('K') | « chrome/browser/chromeos/extensions/signin_screen_policy_provider.cc ('k') | chrome/browser/extensions/extension_system_impl.h » ('j') | chrome/browser/extensions/extension_system_impl.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698