Chromium Code Reviews Chromium Code Reviews
Issue 2499493004:
Communicate ExtensionSettings policy to renderers (Closed)
| Index: chrome/browser/extensions/permissions_updater_unittest.cc |
| diff --git a/chrome/browser/extensions/permissions_updater_unittest.cc b/chrome/browser/extensions/permissions_updater_unittest.cc |
| index 8779237ea83415282dae5a1b07f69759d495e96d..07d3477194aaeb0f00949cdf585d3ce35a5564e2 100644 |
| --- a/chrome/browser/extensions/permissions_updater_unittest.cc |
| +++ b/chrome/browser/extensions/permissions_updater_unittest.cc |
| @@ -363,4 +363,229 @@ TEST_F(PermissionsUpdaterTest, RevokingPermissions) { |
| } |
| } |
| +TEST_F(PermissionsUpdaterTest, PolicyHostRestrictions) { |
| + InitializeEmptyExtensionService(); |
| + |
| + { |
|
Devlin
2017/04/07 00:40:26
A scope that contains the whole test isn't very us
nrpeter
2017/04/12 23:35:44
Done.
|
| + // Make sure policy restriction updates update permission data. |
| + URLPatternSet default_policy_blocked_hosts; |
| + URLPatternSet default_policy_allowed_hosts; |
| + URLPatternSet policy_blocked_hosts; |
| + URLPatternSet policy_allowed_hosts; |
| + ListBuilder optional_permissions; |
| + ListBuilder required_permissions; |
|
Devlin
2017/04/07 00:40:26
It'd probably be more interesting to construct an
nrpeter
2017/04/12 23:35:44
Done.
|
| + scoped_refptr<const Extension> extension = |
| + CreateExtensionWithOptionalPermissions(optional_permissions.Build(), |
|
Devlin
2017/04/07 00:40:26
these could be inlined, e.g. Create...(ListBuilder
nrpeter
2017/04/12 23:35:44
Since I added required permissions inlining may no
|
| + required_permissions.Build(), |
| + "My Extension"); |
| + AddPattern(&default_policy_blocked_hosts, "http://*.google.com/*"); |
| + extension->permissions_data()->SetDefaultPolicyHostRestrictions( |
| + default_policy_blocked_hosts, default_policy_allowed_hosts); |
| + PermissionsUpdater updater(profile()); |
| + updater.InitializePermissions(extension.get()); |
| + |
| + // By default, all subdomains of google.com should be blocked. |
| + const GURL kOrigin("http://foo.com"); |
| + const GURL kGoogle("http://www.google.com"); |
| + const GURL kExampleGoogle("http://example.google.com"); |
| + EXPECT_TRUE( |
| + extension->permissions_data()->UsesDefaultPolicyHostRestrictions()); |
| + EXPECT_FALSE(extension->permissions_data() |
|
Devlin
2017/04/07 00:40:26
These checks are testing permissions data, not per
nrpeter
2017/04/12 23:35:44
Done.
|
| + ->default_policy_blocked_hosts() |
| + .MatchesURL(kOrigin)); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_allowed_hosts() |
| + .MatchesURL(kOrigin)); |
| + EXPECT_TRUE(extension->permissions_data() |
| + ->default_policy_blocked_hosts() |
| + .MatchesURL(kGoogle)); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_allowed_hosts() |
| + .MatchesURL(kGoogle)); |
| + EXPECT_TRUE(extension->permissions_data() |
| + ->default_policy_blocked_hosts() |
| + .MatchesURL(kExampleGoogle)); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_allowed_hosts() |
| + .MatchesURL(kExampleGoogle)); |
| + |
| + AddPattern(&default_policy_allowed_hosts, "http://example.google.com/*"); |
| + // Give the extension access to example.google.com. Now the |
| + // example.google.com should not be a runtime blocked host. |
| + updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts, |
| + default_policy_allowed_hosts); |
| + |
| + EXPECT_TRUE( |
| + extension->permissions_data()->UsesDefaultPolicyHostRestrictions()); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_blocked_hosts() |
| + .MatchesURL(kOrigin)); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_allowed_hosts() |
| + .MatchesURL(kOrigin)); |
| + EXPECT_TRUE(extension->permissions_data() |
| + ->default_policy_blocked_hosts() |
| + .MatchesURL(kGoogle)); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_allowed_hosts() |
| + .MatchesURL(kGoogle)); |
| + EXPECT_TRUE(extension->permissions_data() |
| + ->default_policy_blocked_hosts() |
| + .MatchesURL(kExampleGoogle)); |
| + EXPECT_TRUE(extension->permissions_data() |
| + ->default_policy_allowed_hosts() |
| + .MatchesURL(kExampleGoogle)); |
| + |
| + // Revoke extension access to foo.com. Now, foo.com should be a runtime |
| + // blocked host. |
| + AddPattern(&default_policy_blocked_hosts, "*://*.foo.com/"); |
| + updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts, |
| + default_policy_allowed_hosts); |
| + EXPECT_TRUE( |
| + extension->permissions_data()->UsesDefaultPolicyHostRestrictions()); |
| + EXPECT_TRUE(extension->permissions_data() |
| + ->default_policy_blocked_hosts() |
| + .MatchesURL(kOrigin)); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_allowed_hosts() |
| + .MatchesURL(kOrigin)); |
| + EXPECT_TRUE(extension->permissions_data() |
| + ->default_policy_blocked_hosts() |
| + .MatchesURL(kGoogle)); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_allowed_hosts() |
| + .MatchesURL(kGoogle)); |
| + EXPECT_TRUE(extension->permissions_data() |
| + ->default_policy_blocked_hosts() |
| + .MatchesURL(kExampleGoogle)); |
| + EXPECT_TRUE(extension->permissions_data() |
| + ->default_policy_allowed_hosts() |
| + .MatchesURL(kExampleGoogle)); |
| + |
| + // Remove foo.com from blocked hosts. The extension should no longer have |
| + // be a runtime blocked host. |
| + default_policy_blocked_hosts.ClearPatterns(); |
| + AddPattern(&default_policy_blocked_hosts, "*://*.foo.com/"); |
| + updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts, |
| + default_policy_allowed_hosts); |
| + EXPECT_TRUE( |
| + extension->permissions_data()->UsesDefaultPolicyHostRestrictions()); |
| + EXPECT_TRUE(extension->permissions_data() |
| + ->default_policy_blocked_hosts() |
| + .MatchesURL(kOrigin)); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_allowed_hosts() |
| + .MatchesURL(kOrigin)); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_blocked_hosts() |
| + .MatchesURL(kGoogle)); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_allowed_hosts() |
| + .MatchesURL(kGoogle)); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_blocked_hosts() |
| + .MatchesURL(kExampleGoogle)); |
| + EXPECT_TRUE(extension->permissions_data() |
| + ->default_policy_allowed_hosts() |
| + .MatchesURL(kExampleGoogle)); |
| + |
| + // Set an empty individual policy, should not affect defualt policy. |
|
Devlin
2017/04/07 00:40:26
typo: default
nrpeter
2017/04/12 23:35:44
Done.
|
| + updater.SetPolicyHostRestrictions(extension.get(), policy_blocked_hosts, |
| + policy_allowed_hosts); |
| + EXPECT_FALSE( |
| + extension->permissions_data()->UsesDefaultPolicyHostRestrictions()); |
| + // Default |
| + EXPECT_TRUE(extension->permissions_data() |
| + ->default_policy_blocked_hosts() |
| + .MatchesURL(kOrigin)); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_allowed_hosts() |
| + .MatchesURL(kOrigin)); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_blocked_hosts() |
| + .MatchesURL(kGoogle)); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_allowed_hosts() |
| + .MatchesURL(kGoogle)); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_blocked_hosts() |
| + .MatchesURL(kExampleGoogle)); |
| + EXPECT_TRUE(extension->permissions_data() |
| + ->default_policy_allowed_hosts() |
| + .MatchesURL(kExampleGoogle)); |
| + // Individual |
| + EXPECT_FALSE( |
| + extension->permissions_data()->policy_blocked_hosts().MatchesURL( |
| + kOrigin)); |
| + EXPECT_FALSE( |
| + extension->permissions_data()->policy_allowed_hosts().MatchesURL( |
| + kOrigin)); |
| + EXPECT_FALSE( |
| + extension->permissions_data()->policy_blocked_hosts().MatchesURL( |
| + kGoogle)); |
| + EXPECT_FALSE( |
| + extension->permissions_data()->policy_allowed_hosts().MatchesURL( |
| + kGoogle)); |
| + EXPECT_FALSE( |
| + extension->permissions_data()->policy_blocked_hosts().MatchesURL( |
| + kExampleGoogle)); |
| + EXPECT_FALSE( |
| + extension->permissions_data()->policy_allowed_hosts().MatchesURL( |
| + kExampleGoogle)); |
| + |
| + // Block google.com for the Individual scope. |
| + // Whitelist example.google.com for the Indiviaul scope. |
| + // Leave google.com and example.google.com off both the whitelist and |
| + // blacklist for Default scope. |
| + AddPattern(&policy_blocked_hosts, "*://*.google.com/*"); |
| + AddPattern(&policy_allowed_hosts, "*://example.google.com/*"); |
| + updater.SetPolicyHostRestrictions(extension.get(), policy_blocked_hosts, |
| + policy_allowed_hosts); |
| + EXPECT_FALSE( |
| + extension->permissions_data()->UsesDefaultPolicyHostRestrictions()); |
| + // Default |
| + EXPECT_TRUE(extension->permissions_data() |
| + ->default_policy_blocked_hosts() |
| + .MatchesURL(kOrigin)); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_allowed_hosts() |
| + .MatchesURL(kOrigin)); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_blocked_hosts() |
| + .MatchesURL(kGoogle)); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_allowed_hosts() |
| + .MatchesURL(kGoogle)); |
| + EXPECT_FALSE(extension->permissions_data() |
| + ->default_policy_blocked_hosts() |
| + .MatchesURL(kExampleGoogle)); |
| + EXPECT_TRUE(extension->permissions_data() |
| + ->default_policy_allowed_hosts() |
| + .MatchesURL(kExampleGoogle)); |
| + // Individual |
| + EXPECT_FALSE( |
| + extension->permissions_data()->policy_blocked_hosts().MatchesURL( |
| + kOrigin)); |
| + EXPECT_FALSE( |
| + extension->permissions_data()->policy_allowed_hosts().MatchesURL( |
| + kOrigin)); |
| + EXPECT_TRUE( |
| + extension->permissions_data()->policy_blocked_hosts().MatchesURL( |
| + kGoogle)); |
| + EXPECT_FALSE( |
| + extension->permissions_data()->policy_allowed_hosts().MatchesURL( |
| + kGoogle)); |
| + EXPECT_TRUE( |
| + extension->permissions_data()->policy_blocked_hosts().MatchesURL( |
| + kExampleGoogle)); |
| + EXPECT_TRUE( |
| + extension->permissions_data()->policy_allowed_hosts().MatchesURL( |
| + kExampleGoogle)); |
| + |
| + // Switch back to default scope for extension. |
| + updater.SetUsesDefaultHostRestrictions(extension.get()); |
| + EXPECT_TRUE( |
| + extension->permissions_data()->UsesDefaultPolicyHostRestrictions()); |
| + } |
| +} |
| } // namespace extensions |
