chrome/browser/extensions/permissions_updater_unittest.cc - Issue 2820333003: Revert of Communicate ExtensionSettings policy to renderers

Side by Side Diff: chrome/browser/extensions/permissions_updater_unittest.cc

Issue 2820333003: Revert of Communicate ExtensionSettings policy to renderers (Closed)

Patch Set: Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/extensions/permissions_updater.h"	5 #include "chrome/browser/extensions/permissions_updater.h"

6	6

7 #include <utility>	7 #include <utility>

8	8

9 #include "base/files/file_path.h"	9 #include "base/files/file_path.h"

10 #include "base/json/json_file_value_serializer.h"	10 #include "base/json/json_file_value_serializer.h"

(...skipping 253 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
264 };	264 };

265	265

266 auto url_permission_set = [](const GURL& url) {	266 auto url_permission_set = [](const GURL& url) {

267 URLPatternSet set;	267 URLPatternSet set;

268 URLPattern pattern(URLPattern::SCHEME_ALL, url.spec());	268 URLPattern pattern(URLPattern::SCHEME_ALL, url.spec());

269 set.AddPattern(pattern);	269 set.AddPattern(pattern);

270 return base::MakeUnique<PermissionSet>(	270 return base::MakeUnique<PermissionSet>(

271 APIPermissionSet(), ManifestPermissionSet(), set, URLPatternSet());	271 APIPermissionSet(), ManifestPermissionSet(), set, URLPatternSet());

272 };	272 };

273	273

274 auto can_access_page =

275 [](scoped_refptr<const extensions::Extension> extension,

276 const GURL& document_url) -> bool {

277 PermissionsData::AccessType access =

278 extension.get()->permissions_data()->GetPageAccess(

279 extension.get(), document_url, -1, nullptr);

280 return access == PermissionsData::ACCESS_ALLOWED;

281 };

282

283 {	274 {

284 // Test revoking optional permissions.	275 // Test revoking optional permissions.

285 ListBuilder optional_permissions;	276 ListBuilder optional_permissions;

286 optional_permissions.Append("tabs").Append("cookies").Append("management");	277 optional_permissions.Append("tabs").Append("cookies").Append("management");

287 ListBuilder required_permissions;	278 ListBuilder required_permissions;

288 required_permissions.Append("topSites");	279 required_permissions.Append("topSites");

289 scoped_refptr<const Extension> extension =	280 scoped_refptr<const Extension> extension =

290 CreateExtensionWithOptionalPermissions(optional_permissions.Build(),	281 CreateExtensionWithOptionalPermissions(optional_permissions.Build(),

291 required_permissions.Build(),	282 required_permissions.Build(),

292 "My Extension");	283 "My Extension");

(...skipping 55 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
348 scoped_refptr<const Extension> extension =	339 scoped_refptr<const Extension> extension =

349 CreateExtensionWithOptionalPermissions(optional_permissions.Build(),	340 CreateExtensionWithOptionalPermissions(optional_permissions.Build(),

350 required_permissions.Build(),	341 required_permissions.Build(),

351 "My Extension");	342 "My Extension");

352 PermissionsUpdater updater(profile());	343 PermissionsUpdater updater(profile());

353 updater.InitializePermissions(extension.get());	344 updater.InitializePermissions(extension.get());

354	345

355 // By default, all-hosts was withheld, so the extension shouldn't have	346 // By default, all-hosts was withheld, so the extension shouldn't have

356 // access to any site (like foo.com).	347 // access to any site (like foo.com).

357 const GURL kOrigin("http://foo.com");	348 const GURL kOrigin("http://foo.com");

358

359 EXPECT_FALSE(extension->permissions_data()	349 EXPECT_FALSE(extension->permissions_data()

360 ->active_permissions()	350 ->active_permissions()

361 .HasExplicitAccessToOrigin(kOrigin));	351 .HasExplicitAccessToOrigin(kOrigin));

362 EXPECT_TRUE(extension->permissions_data()	352 EXPECT_TRUE(extension->permissions_data()

363 ->withheld_permissions()	353 ->withheld_permissions()

364 .HasExplicitAccessToOrigin(kOrigin));	354 .HasExplicitAccessToOrigin(kOrigin));

365	355

366 const GURL kRequiredOrigin("http://www.google.com/");	356 const GURL kRequiredOrigin("http://www.google.com/");

367 EXPECT_TRUE(extension->permissions_data()	357 EXPECT_TRUE(extension->permissions_data()

368 ->active_permissions()	358 ->active_permissions()

(...skipping 15 matching lines...) Expand all Loading...
384 updater.RemovePermissions(extension.get(), *url_permission_set(kOrigin),	374 updater.RemovePermissions(extension.get(), *url_permission_set(kOrigin),

385 PermissionsUpdater::REMOVE_HARD);	375 PermissionsUpdater::REMOVE_HARD);

386 EXPECT_FALSE(extension->permissions_data()	376 EXPECT_FALSE(extension->permissions_data()

387 ->active_permissions()	377 ->active_permissions()

388 .HasExplicitAccessToOrigin(kOrigin));	378 .HasExplicitAccessToOrigin(kOrigin));

389 EXPECT_TRUE(extension->permissions_data()	379 EXPECT_TRUE(extension->permissions_data()

390 ->withheld_permissions()	380 ->withheld_permissions()

391 .HasExplicitAccessToOrigin(kOrigin));	381 .HasExplicitAccessToOrigin(kOrigin));

392 EXPECT_TRUE(updater.GetRevokablePermissions(extension.get())->IsEmpty());	382 EXPECT_TRUE(updater.GetRevokablePermissions(extension.get())->IsEmpty());

393 }	383 }

394

395 {

396 // Make sure policy restriction updates update permission data.

397 URLPatternSet default_policy_blocked_hosts;

398 URLPatternSet default_policy_allowed_hosts;

399 URLPatternSet policy_blocked_hosts;

400 URLPatternSet policy_allowed_hosts;

401 ListBuilder optional_permissions;

402 ListBuilder required_permissions;

403 required_permissions.Append("tabs").Append("http:///");

404 scoped_refptr<const Extension> extension =

405 CreateExtensionWithOptionalPermissions(optional_permissions.Build(),

406 required_permissions.Build(),

407 "ExtensionSettings");

408 AddPattern(&default_policy_blocked_hosts, "http://.google.com/");

409 PermissionsUpdater updater(profile());

410 updater.InitializePermissions(extension.get());

411 extension->permissions_data()->SetDefaultPolicyHostRestrictions(

412 default_policy_blocked_hosts, default_policy_allowed_hosts);

413

414 // By default, all subdomains of google.com should be blocked.

415 const GURL kOrigin("http://foo.com");

416 const GURL kGoogle("http://www.google.com");

417 const GURL kExampleGoogle("http://example.google.com");

418 EXPECT_TRUE(

419 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());

420 EXPECT_TRUE(can_access_page(extension, kOrigin));

421 EXPECT_FALSE(can_access_page(extension, kGoogle));

422 EXPECT_FALSE(can_access_page(extension, kExampleGoogle));

423

424 AddPattern(&default_policy_allowed_hosts, "http://example.google.com/*");

425 // Give the extension access to example.google.com. Now the

426 // example.google.com should not be a runtime blocked host.

427 updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts,

428 default_policy_allowed_hosts);

429

430 EXPECT_TRUE(

431 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());

432 EXPECT_TRUE(can_access_page(extension, kOrigin));

433 EXPECT_FALSE(can_access_page(extension, kGoogle));

434 EXPECT_TRUE(can_access_page(extension, kExampleGoogle));

435

436 // Revoke extension access to foo.com. Now, foo.com should be a runtime

437 // blocked host.

438 AddPattern(&default_policy_blocked_hosts, "://.foo.com/");

439 updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts,

440 default_policy_allowed_hosts);

441 EXPECT_TRUE(

442 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());

443 EXPECT_FALSE(can_access_page(extension, kOrigin));

444 EXPECT_FALSE(can_access_page(extension, kGoogle));

445 EXPECT_TRUE(can_access_page(extension, kExampleGoogle));

446

447 // Remove foo.com from blocked hosts. The extension should no longer have

448 // be a runtime blocked host.

449 default_policy_blocked_hosts.ClearPatterns();

450 AddPattern(&default_policy_blocked_hosts, "://.foo.com/");

451 updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts,

452 default_policy_allowed_hosts);

453 EXPECT_TRUE(

454 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());

455 EXPECT_FALSE(can_access_page(extension, kOrigin));

456 EXPECT_TRUE(can_access_page(extension, kGoogle));

457 EXPECT_TRUE(can_access_page(extension, kExampleGoogle));

458

459 // Set an empty individual policy, should not affect default policy.

460 updater.SetPolicyHostRestrictions(extension.get(), policy_blocked_hosts,

461 policy_allowed_hosts);

462 EXPECT_FALSE(

463 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());

464 EXPECT_TRUE(can_access_page(extension, kOrigin));

465 EXPECT_TRUE(can_access_page(extension, kGoogle));

466 EXPECT_TRUE(can_access_page(extension, kExampleGoogle));

467

468 // Block google.com for the Individual scope.

469 // Whitelist example.google.com for the Indiviaul scope.

470 // Leave google.com and example.google.com off both the whitelist and

471 // blacklist for Default scope.

472 AddPattern(&policy_blocked_hosts, "://.google.com/*");

473 AddPattern(&policy_allowed_hosts, "://example.google.com/");

474 updater.SetPolicyHostRestrictions(extension.get(), policy_blocked_hosts,

475 policy_allowed_hosts);

476 EXPECT_FALSE(

477 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());

478 EXPECT_TRUE(can_access_page(extension, kOrigin));

479 EXPECT_FALSE(can_access_page(extension, kGoogle));

480 EXPECT_TRUE(can_access_page(extension, kExampleGoogle));

481

482 // Switch back to default scope for extension.

483 updater.SetUsesDefaultHostRestrictions(extension.get());

484 EXPECT_TRUE(

485 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());

486 default_policy_blocked_hosts.ClearPatterns();

487 default_policy_allowed_hosts.ClearPatterns();

488 updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts,

489 default_policy_allowed_hosts);

490 }

491 }	384 }

492	385

493 // Test that the permissions updater delegate works - in this test it removes	386 // Test that the permissions updater delegate works - in this test it removes

494 // the cookies permission.	387 // the cookies permission.

495 TEST_F(PermissionsUpdaterTest, Delegate) {	388 TEST_F(PermissionsUpdaterTest, Delegate) {

496 InitializeEmptyExtensionService();	389 InitializeEmptyExtensionService();

497	390

498 ListBuilder required_permissions;	391 ListBuilder required_permissions;

499 required_permissions.Append("tabs").Append("management").Append("cookies");	392 required_permissions.Append("tabs").Append("management").Append("cookies");

500 scoped_refptr<const Extension> extension =	393 scoped_refptr<const Extension> extension =

(...skipping 12 matching lines...) Expand all Loading...
513 EXPECT_TRUE(extension->permissions_data()->HasAPIPermission(	406 EXPECT_TRUE(extension->permissions_data()->HasAPIPermission(

514 APIPermission::kManagement));	407 APIPermission::kManagement));

515 EXPECT_FALSE(extension->permissions_data()->HasAPIPermission(	408 EXPECT_FALSE(extension->permissions_data()->HasAPIPermission(

516 APIPermission::kCookie));	409 APIPermission::kCookie));

517	410

518 // Unset the delegate.	411 // Unset the delegate.

519 PermissionsUpdater::SetPlatformDelegate(nullptr);	412 PermissionsUpdater::SetPlatformDelegate(nullptr);

520 }	413 }

521	414

522 } // namespace extensions	415 } // namespace extensions

OLD	NEW