Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(526)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/extensions/permissions_updater_unittest.cc

Issue 2499493004: Communicate ExtensionSettings policy to renderers (Closed)
Patch Set: -Added unit tests for PermissionsUpdater and PermissionsData, Removed unnecessary lock assertion, p… Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/extensions/permissions_updater.cc ('K') | « chrome/browser/extensions/permissions_updater.cc ('k') | chrome/common/extensions/permissions/permissions_data_unittest.cc » ('j') | chrome/common/extensions/permissions/permissions_data_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/extensions/permissions_updater.h" 5 #include "chrome/browser/extensions/permissions_updater.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/files/file_path.h" 9 #include "base/files/file_path.h"
10 #include "base/json/json_file_value_serializer.h" 10 #include "base/json/json_file_value_serializer.h"
(...skipping 345 matching lines...) Expand 10 before | Expand all | Expand 10 after
356 EXPECT_FALSE(extension->permissions_data() 356 EXPECT_FALSE(extension->permissions_data()
357 ->active_permissions() 357 ->active_permissions()
358 .HasExplicitAccessToOrigin(kOrigin)); 358 .HasExplicitAccessToOrigin(kOrigin));
359 EXPECT_TRUE(extension->permissions_data() 359 EXPECT_TRUE(extension->permissions_data()
360 ->withheld_permissions() 360 ->withheld_permissions()
361 .HasExplicitAccessToOrigin(kOrigin)); 361 .HasExplicitAccessToOrigin(kOrigin));
362 EXPECT_TRUE(updater.GetRevokablePermissions(extension.get())->IsEmpty()); 362 EXPECT_TRUE(updater.GetRevokablePermissions(extension.get())->IsEmpty());
363 } 363 }
364 } 364 }
365 365
366 TEST_F(PermissionsUpdaterTest, PolicyHostRestrictions) {
367 InitializeEmptyExtensionService();
368
369 {
Devlin 2017/04/07 00:40:26 A scope that contains the whole test isn't very us
nrpeter 2017/04/12 23:35:44 Done.
370 // Make sure policy restriction updates update permission data.
371 URLPatternSet default_policy_blocked_hosts;
372 URLPatternSet default_policy_allowed_hosts;
373 URLPatternSet policy_blocked_hosts;
374 URLPatternSet policy_allowed_hosts;
375 ListBuilder optional_permissions;
376 ListBuilder required_permissions;
Devlin 2017/04/07 00:40:26 It'd probably be more interesting to construct an
nrpeter 2017/04/12 23:35:44 Done.
377 scoped_refptr<const Extension> extension =
378 CreateExtensionWithOptionalPermissions(optional_permissions.Build(),
Devlin 2017/04/07 00:40:26 these could be inlined, e.g. Create...(ListBuilder
nrpeter 2017/04/12 23:35:44 Since I added required permissions inlining may no
379 required_permissions.Build(),
380 "My Extension");
381 AddPattern(&default_policy_blocked_hosts, "http://*.google.com/*");
382 extension->permissions_data()->SetDefaultPolicyHostRestrictions(
383 default_policy_blocked_hosts, default_policy_allowed_hosts);
384 PermissionsUpdater updater(profile());
385 updater.InitializePermissions(extension.get());
386
387 // By default, all subdomains of google.com should be blocked.
388 const GURL kOrigin("http://foo.com");
389 const GURL kGoogle("http://www.google.com");
390 const GURL kExampleGoogle("http://example.google.com");
391 EXPECT_TRUE(
392 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());
393 EXPECT_FALSE(extension->permissions_data()
Devlin 2017/04/07 00:40:26 These checks are testing permissions data, not per
nrpeter 2017/04/12 23:35:44 Done.
394 ->default_policy_blocked_hosts()
395 .MatchesURL(kOrigin));
396 EXPECT_FALSE(extension->permissions_data()
397 ->default_policy_allowed_hosts()
398 .MatchesURL(kOrigin));
399 EXPECT_TRUE(extension->permissions_data()
400 ->default_policy_blocked_hosts()
401 .MatchesURL(kGoogle));
402 EXPECT_FALSE(extension->permissions_data()
403 ->default_policy_allowed_hosts()
404 .MatchesURL(kGoogle));
405 EXPECT_TRUE(extension->permissions_data()
406 ->default_policy_blocked_hosts()
407 .MatchesURL(kExampleGoogle));
408 EXPECT_FALSE(extension->permissions_data()
409 ->default_policy_allowed_hosts()
410 .MatchesURL(kExampleGoogle));
411
412 AddPattern(&default_policy_allowed_hosts, "http://example.google.com/*");
413 // Give the extension access to example.google.com. Now the
414 // example.google.com should not be a runtime blocked host.
415 updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts,
416 default_policy_allowed_hosts);
417
418 EXPECT_TRUE(
419 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());
420 EXPECT_FALSE(extension->permissions_data()
421 ->default_policy_blocked_hosts()
422 .MatchesURL(kOrigin));
423 EXPECT_FALSE(extension->permissions_data()
424 ->default_policy_allowed_hosts()
425 .MatchesURL(kOrigin));
426 EXPECT_TRUE(extension->permissions_data()
427 ->default_policy_blocked_hosts()
428 .MatchesURL(kGoogle));
429 EXPECT_FALSE(extension->permissions_data()
430 ->default_policy_allowed_hosts()
431 .MatchesURL(kGoogle));
432 EXPECT_TRUE(extension->permissions_data()
433 ->default_policy_blocked_hosts()
434 .MatchesURL(kExampleGoogle));
435 EXPECT_TRUE(extension->permissions_data()
436 ->default_policy_allowed_hosts()
437 .MatchesURL(kExampleGoogle));
438
439 // Revoke extension access to foo.com. Now, foo.com should be a runtime
440 // blocked host.
441 AddPattern(&default_policy_blocked_hosts, "*://*.foo.com/");
442 updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts,
443 default_policy_allowed_hosts);
444 EXPECT_TRUE(
445 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());
446 EXPECT_TRUE(extension->permissions_data()
447 ->default_policy_blocked_hosts()
448 .MatchesURL(kOrigin));
449 EXPECT_FALSE(extension->permissions_data()
450 ->default_policy_allowed_hosts()
451 .MatchesURL(kOrigin));
452 EXPECT_TRUE(extension->permissions_data()
453 ->default_policy_blocked_hosts()
454 .MatchesURL(kGoogle));
455 EXPECT_FALSE(extension->permissions_data()
456 ->default_policy_allowed_hosts()
457 .MatchesURL(kGoogle));
458 EXPECT_TRUE(extension->permissions_data()
459 ->default_policy_blocked_hosts()
460 .MatchesURL(kExampleGoogle));
461 EXPECT_TRUE(extension->permissions_data()
462 ->default_policy_allowed_hosts()
463 .MatchesURL(kExampleGoogle));
464
465 // Remove foo.com from blocked hosts. The extension should no longer have
466 // be a runtime blocked host.
467 default_policy_blocked_hosts.ClearPatterns();
468 AddPattern(&default_policy_blocked_hosts, "*://*.foo.com/");
469 updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts,
470 default_policy_allowed_hosts);
471 EXPECT_TRUE(
472 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());
473 EXPECT_TRUE(extension->permissions_data()
474 ->default_policy_blocked_hosts()
475 .MatchesURL(kOrigin));
476 EXPECT_FALSE(extension->permissions_data()
477 ->default_policy_allowed_hosts()
478 .MatchesURL(kOrigin));
479 EXPECT_FALSE(extension->permissions_data()
480 ->default_policy_blocked_hosts()
481 .MatchesURL(kGoogle));
482 EXPECT_FALSE(extension->permissions_data()
483 ->default_policy_allowed_hosts()
484 .MatchesURL(kGoogle));
485 EXPECT_FALSE(extension->permissions_data()
486 ->default_policy_blocked_hosts()
487 .MatchesURL(kExampleGoogle));
488 EXPECT_TRUE(extension->permissions_data()
489 ->default_policy_allowed_hosts()
490 .MatchesURL(kExampleGoogle));
491
492 // Set an empty individual policy, should not affect defualt policy.
Devlin 2017/04/07 00:40:26 typo: default
nrpeter 2017/04/12 23:35:44 Done.
493 updater.SetPolicyHostRestrictions(extension.get(), policy_blocked_hosts,
494 policy_allowed_hosts);
495 EXPECT_FALSE(
496 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());
497 // Default
498 EXPECT_TRUE(extension->permissions_data()
499 ->default_policy_blocked_hosts()
500 .MatchesURL(kOrigin));
501 EXPECT_FALSE(extension->permissions_data()
502 ->default_policy_allowed_hosts()
503 .MatchesURL(kOrigin));
504 EXPECT_FALSE(extension->permissions_data()
505 ->default_policy_blocked_hosts()
506 .MatchesURL(kGoogle));
507 EXPECT_FALSE(extension->permissions_data()
508 ->default_policy_allowed_hosts()
509 .MatchesURL(kGoogle));
510 EXPECT_FALSE(extension->permissions_data()
511 ->default_policy_blocked_hosts()
512 .MatchesURL(kExampleGoogle));
513 EXPECT_TRUE(extension->permissions_data()
514 ->default_policy_allowed_hosts()
515 .MatchesURL(kExampleGoogle));
516 // Individual
517 EXPECT_FALSE(
518 extension->permissions_data()->policy_blocked_hosts().MatchesURL(
519 kOrigin));
520 EXPECT_FALSE(
521 extension->permissions_data()->policy_allowed_hosts().MatchesURL(
522 kOrigin));
523 EXPECT_FALSE(
524 extension->permissions_data()->policy_blocked_hosts().MatchesURL(
525 kGoogle));
526 EXPECT_FALSE(
527 extension->permissions_data()->policy_allowed_hosts().MatchesURL(
528 kGoogle));
529 EXPECT_FALSE(
530 extension->permissions_data()->policy_blocked_hosts().MatchesURL(
531 kExampleGoogle));
532 EXPECT_FALSE(
533 extension->permissions_data()->policy_allowed_hosts().MatchesURL(
534 kExampleGoogle));
535
536 // Block google.com for the Individual scope.
537 // Whitelist example.google.com for the Indiviaul scope.
538 // Leave google.com and example.google.com off both the whitelist and
539 // blacklist for Default scope.
540 AddPattern(&policy_blocked_hosts, "*://*.google.com/*");
541 AddPattern(&policy_allowed_hosts, "*://example.google.com/*");
542 updater.SetPolicyHostRestrictions(extension.get(), policy_blocked_hosts,
543 policy_allowed_hosts);
544 EXPECT_FALSE(
545 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());
546 // Default
547 EXPECT_TRUE(extension->permissions_data()
548 ->default_policy_blocked_hosts()
549 .MatchesURL(kOrigin));
550 EXPECT_FALSE(extension->permissions_data()
551 ->default_policy_allowed_hosts()
552 .MatchesURL(kOrigin));
553 EXPECT_FALSE(extension->permissions_data()
554 ->default_policy_blocked_hosts()
555 .MatchesURL(kGoogle));
556 EXPECT_FALSE(extension->permissions_data()
557 ->default_policy_allowed_hosts()
558 .MatchesURL(kGoogle));
559 EXPECT_FALSE(extension->permissions_data()
560 ->default_policy_blocked_hosts()
561 .MatchesURL(kExampleGoogle));
562 EXPECT_TRUE(extension->permissions_data()
563 ->default_policy_allowed_hosts()
564 .MatchesURL(kExampleGoogle));
565 // Individual
566 EXPECT_FALSE(
567 extension->permissions_data()->policy_blocked_hosts().MatchesURL(
568 kOrigin));
569 EXPECT_FALSE(
570 extension->permissions_data()->policy_allowed_hosts().MatchesURL(
571 kOrigin));
572 EXPECT_TRUE(
573 extension->permissions_data()->policy_blocked_hosts().MatchesURL(
574 kGoogle));
575 EXPECT_FALSE(
576 extension->permissions_data()->policy_allowed_hosts().MatchesURL(
577 kGoogle));
578 EXPECT_TRUE(
579 extension->permissions_data()->policy_blocked_hosts().MatchesURL(
580 kExampleGoogle));
581 EXPECT_TRUE(
582 extension->permissions_data()->policy_allowed_hosts().MatchesURL(
583 kExampleGoogle));
584
585 // Switch back to default scope for extension.
586 updater.SetUsesDefaultHostRestrictions(extension.get());
587 EXPECT_TRUE(
588 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());
589 }
590 }
366 } // namespace extensions 591 } // namespace extensions
OLDNEW
« chrome/browser/extensions/permissions_updater.cc ('K') | « chrome/browser/extensions/permissions_updater.cc ('k') | chrome/common/extensions/permissions/permissions_data_unittest.cc » ('j') | chrome/common/extensions/permissions/permissions_data_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698