Communicate ExtensionSettings policy to renderers

chrome/browser/extensions/content_script_apitest.cc

Index: chrome/browser/extensions/content_script_apitest.cc
diff --git a/chrome/browser/extensions/content_script_apitest.cc b/chrome/browser/extensions/content_script_apitest.cc
index 37d131735f5f2eedeb285f4c895864f259e8fab8..9f976527795a8f770f5d43c0b7dc201aeb9d9b47 100644
--- a/chrome/browser/extensions/content_script_apitest.cc
+++ b/chrome/browser/extensions/content_script_apitest.cc
@@ -13,7 +13,10 @@
 #include "build/build_config.h"
 #include "chrome/browser/extensions/api/permissions/permissions_api.h"
 #include "chrome/browser/extensions/extension_apitest.h"
+#include "chrome/browser/extensions/extension_management_constants.h"
+#include "chrome/browser/extensions/extension_management_test_util.h"
 #include "chrome/browser/extensions/extension_service.h"
+#include "chrome/browser/extensions/extension_with_management_policy_apitest.h"
 #include "chrome/browser/extensions/test_extension_dir.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
@@ -21,6 +24,8 @@
 #include "chrome/test/base/ui_test_utils.h"
 #include "components/app_modal/javascript_dialog_extensions_client.h"
 #include "components/app_modal/javascript_dialog_manager.h"
+#include "components/policy/core/browser/browser_policy_connector.h"
+#include "components/policy/core/common/mock_configuration_policy_provider.h"
 #include "content/public/browser/javascript_dialog_manager.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/web_contents.h"
@@ -329,7 +334,7 @@ class ContentScriptCssInjectionTest : public ExtensionApiTest {
     // can't use the real Webstore's URL. If this changes, we could clean this
     // up.
     command_line->AppendSwitchASCII(
-        switches::kAppsGalleryURL,
+        ::switches::kAppsGalleryURL,
         base::StringPrintf("http://%s", kWebstoreDomain));
   }
 };
@@ -468,9 +473,15 @@ IN_PROC_BROWSER_TEST_F(ExtensionApiTest, ContentScriptExtensionAPIs) {
 #else
 #define MAYBE_ContentScriptPermissionsApi ContentScriptPermissionsApi
 #endif
-IN_PROC_BROWSER_TEST_F(ExtensionApiTest, MAYBE_ContentScriptPermissionsApi) {
-  extensions::PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
-  extensions::PermissionsRequestFunction::SetAutoConfirmForTests(true);
+IN_PROC_BROWSER_TEST_F(ExtensionApiTestWithManagementPolicy,
+                       MAYBE_ContentScriptPermissionsApi) {
+  // Set enterprise policy to block injection to policy specified host.
+  {
+    ExtensionManagementPolicyUpdater pref(&policy_provider_);
+    pref.AddRuntimeBlockedHost("*", "*://example.com/*");
+  }
+  PermissionsRequestFunction::SetAutoConfirmForTests(true);
+  PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
   host_resolver()->AddRule("*.com", "127.0.0.1");
   ASSERT_TRUE(StartEmbeddedTestServer());
   ASSERT_TRUE(RunExtensionTest("content_scripts/permissions")) << message_;
@@ -666,4 +677,43 @@ IN_PROC_BROWSER_TEST_F(ExtensionApiTest,
   EXPECT_FALSE(content_script_listener.was_satisfied());
 }
 
+// Test that optional permissions blocked by enterprise policy will be denied

[Devlin, 2017/02/14 23:17:09]

What optional permissions?

[nrpeter, 2017/03/22 23:47:38]

This test is not needed as MAYBE_ContentScriptPermissionApi covers the same
situations.

+// automatically.
+IN_PROC_BROWSER_TEST_F(ExtensionApiTestWithManagementPolicy,
+                       InjectAttemptBlockedByPolicy) {
+  // Set enterprise policy to block injection to policy specified host.
+  {
+    ExtensionManagementPolicyUpdater pref(&policy_provider_);
+    pref.AddRuntimeBlockedHost("*", "*://example.com/*");
+  }
+  // Set auto confirm UI flag.
+  PermissionsRequestFunction::SetAutoConfirmForTests(true);
+  PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
+
+  ASSERT_TRUE(StartEmbeddedTestServer());
+
+  LoadExtension(test_data_dir_.AppendASCII("content_scripts/policy_blocked"));
+
+  // Injection should happen as our local server isn't on example.com.
+  ResultCatcher catcher;
+  ui_test_utils::NavigateToURL(
+      browser(),
+      embedded_test_server()->GetURL(
+          "/extensions/api_test/content_scripts/policy_blocked/inject.html"));
+  EXPECT_FALSE(catcher.GetNextResult());
+
+  // Set enterprise policy to block injection to policy specified host.
+  {
+    ExtensionManagementPolicyUpdater pref(&policy_provider_);
+    pref.AddRuntimeBlockedHost("*", "*://*/*");
+  }
+
+  // Injection should NOT happen as policy blocks ALL scheme/host/port/path.
+  ui_test_utils::NavigateToURL(
+      browser(),
+      embedded_test_server()->GetURL(
+          "/extensions/api_test/content_scripts/policy_blocked/inject.html"));
+  EXPECT_TRUE(catcher.GetNextResult());
+}
+
 }  // namespace extensions