PS - Adjusting webRequest API for use in Public Sessions

chrome/browser/extensions/api/web_request/web_request_permissions_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <stddef.h>
 
 #include <memory>
 
 #include "base/macros.h"
 #include "base/message_loop/message_loop.h"
 #include "chrome/common/extensions/extension_test_util.h"
+#include "chromeos/login/login_state.h"
 #include "content/public/browser/resource_request_info.h"
 #include "content/public/test/test_browser_thread_bundle.h"
 #include "extensions/browser/api/web_request/web_request_permissions.h"
 #include "extensions/browser/info_map.h"
 #include "extensions/common/constants.h"
 #include "extensions/common/permissions/permissions_data.h"
 #include "ipc/ipc_message.h"
 #include "net/base/request_priority.h"
 #include "net/url_request/url_request.h"
 #include "net/url_request/url_request_test_util.h"
@@ skipping 17 matching lines @@
  private:
   content::TestBrowserThreadBundle thread_bundle_;
 
  protected:
   net::TestURLRequestContext context;
 
   // This extension has Web Request permissions, but no host permission.
   scoped_refptr<Extension> permissionless_extension_;
   // This extension has Web Request permissions, and *.com a host permission.
   scoped_refptr<Extension> com_extension_;
+  // This extension is the same as com_extension, except it's installed from
+  // Manifest::EXTERNAL_POLICY_DOWNLOAD.
+  scoped_refptr<Extension> com_policy_extension_;
   scoped_refptr<extensions::InfoMap> extension_info_map_;
 };
 
 void ExtensionWebRequestHelpersTestWithThreadsTest::SetUp() {
   testing::Test::SetUp();
 
   std::string error;
   permissionless_extension_ = LoadManifestUnchecked("permissions",
                                                     "web_request_no_host.json",
                                                     Manifest::INVALID_LOCATION,
                                                     Extension::NO_FLAGS,
                                                     "ext_id_1",
                                                     &error);
   ASSERT_TRUE(permissionless_extension_.get()) << error;
   com_extension_ =
       LoadManifestUnchecked("permissions",
                             "web_request_com_host_permissions.json",
                             Manifest::INVALID_LOCATION,
                             Extension::NO_FLAGS,
                             "ext_id_2",
                             &error);
   ASSERT_TRUE(com_extension_.get()) << error;
+  com_policy_extension_ =
+      LoadManifestUnchecked("permissions",
+                            "web_request_com_host_permissions.json",
+                            Manifest::EXTERNAL_POLICY_DOWNLOAD,
+                            Extension::NO_FLAGS,
+                            "ext_id_3",
+                            &error);
+  ASSERT_TRUE(com_policy_extension_.get()) << error;
   extension_info_map_ = new extensions::InfoMap;
   extension_info_map_->AddExtension(permissionless_extension_.get(),
                                     base::Time::Now(),
-                                    false /*incognito_enabled*/,
-                                    false /*notifications_disabled*/);
+                                    false, // incognito_enabled
+                                    false); // notifications_disabled
   extension_info_map_->AddExtension(
       com_extension_.get(),
       base::Time::Now(),
-      false /*incognito_enabled*/,
-      false /*notifications_disabled*/);
+      false, // incognito_enabled
+      false); // notifications_disabled
+  extension_info_map_->AddExtension(
+      com_policy_extension_.get(),
+      base::Time::Now(),
+      false, // incognito_enabled
+      false); // notifications_disabled
 }
 
 TEST_F(ExtensionWebRequestHelpersTestWithThreadsTest, TestHideRequestForURL) {
   net::TestURLRequestContext context;
   const char* const sensitive_urls[] = {
       "http://clients2.google.com",
       "http://clients22.google.com",
       "https://clients2.google.com",
       "http://clients2.google.com/service/update2/crx",
       "https://clients.google.com",
@@ skipping 65 matching lines @@
 TEST_F(ExtensionWebRequestHelpersTestWithThreadsTest,
        TestCanExtensionAccessURL_HostPermissions) {
   std::unique_ptr<net::URLRequest> request(context.CreateRequest(
       GURL("http://example.com"), net::DEFAULT_PRIORITY, NULL));
 
   EXPECT_EQ(PermissionsData::ACCESS_ALLOWED,
             WebRequestPermissions::CanExtensionAccessURL(
                 extension_info_map_.get(), permissionless_extension_->id(),
                 request->url(),
                 -1,  // No tab id.
-                false /*crosses_incognito*/,
+                false, // crosses_incognito
                 WebRequestPermissions::DO_NOT_CHECK_HOST));
   EXPECT_EQ(PermissionsData::ACCESS_DENIED,
             WebRequestPermissions::CanExtensionAccessURL(
                 extension_info_map_.get(), permissionless_extension_->id(),
                 request->url(),
                 -1,  // No tab id.
-                false /*crosses_incognito*/,
+                false, // crosses_incognito
                 WebRequestPermissions::REQUIRE_HOST_PERMISSION));
   EXPECT_EQ(PermissionsData::ACCESS_ALLOWED,
             WebRequestPermissions::CanExtensionAccessURL(
                 extension_info_map_.get(), com_extension_->id(), request->url(),
                 -1,  // No tab id.
-                false /*crosses_incognito*/,
+                false, // crosses_incognito
                 WebRequestPermissions::REQUIRE_HOST_PERMISSION));
   EXPECT_EQ(PermissionsData::ACCESS_DENIED,
             WebRequestPermissions::CanExtensionAccessURL(
                 extension_info_map_.get(), com_extension_->id(), request->url(),
                 -1,  // No tab id.
-                false /*crosses_incognito*/,
+                false, // crosses_incognito
                 WebRequestPermissions::REQUIRE_ALL_URLS));
+
+  // Public Sessions tests.
+#if defined(OS_CHROMEOS)
+  std::unique_ptr<net::URLRequest> org_request(context.CreateRequest(
+      GURL("http://example.org"), net::DEFAULT_PRIORITY, NULL));
+
+  // com_extension_ doesn't have host permission for .org URL's.
+  EXPECT_EQ(PermissionsData::ACCESS_DENIED,
+            WebRequestPermissions::CanExtensionAccessURL(
+                extension_info_map_.get(), com_policy_extension_->id(),
+                org_request->url(),
+                -1,  // No tab id.
+                false, // crosses_incognito
+                WebRequestPermissions::REQUIRE_HOST_PERMISSION));
+
+  // Set Public Session state.
+  chromeos::LoginState::Initialize();
+  chromeos::LoginState::Get()->SetLoggedInState(
+      chromeos::LoginState::LOGGED_IN_ACTIVE,
+      chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT);
+
+  // Host permission checks are disabled in Public Sessions, instead all URL's

[Devlin, 2016/11/10 16:04:58]

What's the motivation for granting access beyond what the extension requests? 
If it's necessary, can we say why (probably in the web_request_permissions.cc
file)?  It seems like most policy extensions would just request all urls if they
want to intercept something, so there's no reason to implicitly grant more.

Additionally, some extensions might be expecting to have sites that they don't
request automatically filtered out (even though they should probably be using
the filters in the API instead of permissions, no reason to break it).

[Ivan Šandrk, 2016/11/10 17:56:19]

The host permissions were deemed to be inherently unsafe in PS and therefore
were completely disabled for all APIs (extensions requesting such permisions are
not loaded). webRequest API needs them to work and this seemed like the simplest
way to enable them just for webRequest (I'm guessing any other solution would
require a lot of code duplication across many files).

The use case behind these changes is a website filter/blocker specifically made
for PS. It would have to have access to all URLs.

Anyway, this document explains all the changes to webRequest API
go/webrequest-whitelisting.

+  // are whitelisted.
+  EXPECT_EQ(PermissionsData::ACCESS_ALLOWED,
+            WebRequestPermissions::CanExtensionAccessURL(
+                extension_info_map_.get(), com_policy_extension_->id(),
+                org_request->url(),
+                -1,  // No tab id.
+                false, // crosses_incognito
+                WebRequestPermissions::REQUIRE_HOST_PERMISSION));
+
+  EXPECT_EQ(PermissionsData::ACCESS_ALLOWED,
+            WebRequestPermissions::CanExtensionAccessURL(
+                extension_info_map_.get(), com_policy_extension_->id(),
+                org_request->url(),
+                -1,  // No tab id.
+                false, // crosses_incognito
+                WebRequestPermissions::REQUIRE_ALL_URLS));
+#endif
 }