chrome/browser/extensions/permissions_updater_unittest.cc - Issue 2833843004: Reland: Communicate ExtensionSettings policy to renderers

Side by Side Diff: chrome/browser/extensions/permissions_updater_unittest.cc

Issue 2833843004: Reland: Communicate ExtensionSettings policy to renderers (Closed)

Patch Set: Removed unused URLPatternSet parameters in ExtensionMsg_PermissionSetStruct which was causing MSAN … Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/extensions/permissions_updater.h"	5 #include "chrome/browser/extensions/permissions_updater.h"

6	6

7 #include <utility>	7 #include <utility>

8	8

9 #include "base/files/file_path.h"	9 #include "base/files/file_path.h"

10 #include "base/json/json_file_value_serializer.h"	10 #include "base/json/json_file_value_serializer.h"

(...skipping 253 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
264 };	264 };

265	265

266 auto url_permission_set = [](const GURL& url) {	266 auto url_permission_set = [](const GURL& url) {

267 URLPatternSet set;	267 URLPatternSet set;

268 URLPattern pattern(URLPattern::SCHEME_ALL, url.spec());	268 URLPattern pattern(URLPattern::SCHEME_ALL, url.spec());

269 set.AddPattern(pattern);	269 set.AddPattern(pattern);

270 return base::MakeUnique<PermissionSet>(	270 return base::MakeUnique<PermissionSet>(

271 APIPermissionSet(), ManifestPermissionSet(), set, URLPatternSet());	271 APIPermissionSet(), ManifestPermissionSet(), set, URLPatternSet());

272 };	272 };

273	273

	274 auto can_access_page =

	275 [](scoped_refptr<const extensions::Extension> extension,

	276 const GURL& document_url) -> bool {

	277 PermissionsData::AccessType access =

	278 extension.get()->permissions_data()->GetPageAccess(

	279 extension.get(), document_url, -1, nullptr);

	280 return access == PermissionsData::ACCESS_ALLOWED;

	281 };

	282

274 {	283 {

275 // Test revoking optional permissions.	284 // Test revoking optional permissions.

276 ListBuilder optional_permissions;	285 ListBuilder optional_permissions;

277 optional_permissions.Append("tabs").Append("cookies").Append("management");	286 optional_permissions.Append("tabs").Append("cookies").Append("management");

278 ListBuilder required_permissions;	287 ListBuilder required_permissions;

279 required_permissions.Append("topSites");	288 required_permissions.Append("topSites");

280 scoped_refptr<const Extension> extension =	289 scoped_refptr<const Extension> extension =

281 CreateExtensionWithOptionalPermissions(optional_permissions.Build(),	290 CreateExtensionWithOptionalPermissions(optional_permissions.Build(),

282 required_permissions.Build(),	291 required_permissions.Build(),

283 "My Extension");	292 "My Extension");

(...skipping 55 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
339 scoped_refptr<const Extension> extension =	348 scoped_refptr<const Extension> extension =

340 CreateExtensionWithOptionalPermissions(optional_permissions.Build(),	349 CreateExtensionWithOptionalPermissions(optional_permissions.Build(),

341 required_permissions.Build(),	350 required_permissions.Build(),

342 "My Extension");	351 "My Extension");

343 PermissionsUpdater updater(profile());	352 PermissionsUpdater updater(profile());

344 updater.InitializePermissions(extension.get());	353 updater.InitializePermissions(extension.get());

345	354

346 // By default, all-hosts was withheld, so the extension shouldn't have	355 // By default, all-hosts was withheld, so the extension shouldn't have

347 // access to any site (like foo.com).	356 // access to any site (like foo.com).

348 const GURL kOrigin("http://foo.com");	357 const GURL kOrigin("http://foo.com");

	358

349 EXPECT_FALSE(extension->permissions_data()	359 EXPECT_FALSE(extension->permissions_data()

350 ->active_permissions()	360 ->active_permissions()

351 .HasExplicitAccessToOrigin(kOrigin));	361 .HasExplicitAccessToOrigin(kOrigin));

352 EXPECT_TRUE(extension->permissions_data()	362 EXPECT_TRUE(extension->permissions_data()

353 ->withheld_permissions()	363 ->withheld_permissions()

354 .HasExplicitAccessToOrigin(kOrigin));	364 .HasExplicitAccessToOrigin(kOrigin));

355	365

356 const GURL kRequiredOrigin("http://www.google.com/");	366 const GURL kRequiredOrigin("http://www.google.com/");

357 EXPECT_TRUE(extension->permissions_data()	367 EXPECT_TRUE(extension->permissions_data()

358 ->active_permissions()	368 ->active_permissions()

(...skipping 15 matching lines...) Expand all Loading...
374 updater.RemovePermissions(extension.get(), *url_permission_set(kOrigin),	384 updater.RemovePermissions(extension.get(), *url_permission_set(kOrigin),

375 PermissionsUpdater::REMOVE_HARD);	385 PermissionsUpdater::REMOVE_HARD);

376 EXPECT_FALSE(extension->permissions_data()	386 EXPECT_FALSE(extension->permissions_data()

377 ->active_permissions()	387 ->active_permissions()

378 .HasExplicitAccessToOrigin(kOrigin));	388 .HasExplicitAccessToOrigin(kOrigin));

379 EXPECT_TRUE(extension->permissions_data()	389 EXPECT_TRUE(extension->permissions_data()

380 ->withheld_permissions()	390 ->withheld_permissions()

381 .HasExplicitAccessToOrigin(kOrigin));	391 .HasExplicitAccessToOrigin(kOrigin));

382 EXPECT_TRUE(updater.GetRevokablePermissions(extension.get())->IsEmpty());	392 EXPECT_TRUE(updater.GetRevokablePermissions(extension.get())->IsEmpty());

383 }	393 }

	394

	395 {

	396 // Make sure policy restriction updates update permission data.

	397 URLPatternSet default_policy_blocked_hosts;

	398 URLPatternSet default_policy_allowed_hosts;

	399 URLPatternSet policy_blocked_hosts;

	400 URLPatternSet policy_allowed_hosts;

	401 ListBuilder optional_permissions;

	402 ListBuilder required_permissions;

	403 required_permissions.Append("tabs").Append("http:///");

	404 scoped_refptr<const Extension> extension =

	405 CreateExtensionWithOptionalPermissions(optional_permissions.Build(),

	406 required_permissions.Build(),

	407 "ExtensionSettings");

	408 AddPattern(&default_policy_blocked_hosts, "http://.google.com/");

	409 PermissionsUpdater updater(profile());

	410 updater.InitializePermissions(extension.get());

	411 extension->permissions_data()->SetDefaultPolicyHostRestrictions(

	412 default_policy_blocked_hosts, default_policy_allowed_hosts);

	413

	414 // By default, all subdomains of google.com should be blocked.

	415 const GURL kOrigin("http://foo.com");

	416 const GURL kGoogle("http://www.google.com");

	417 const GURL kExampleGoogle("http://example.google.com");

	418 EXPECT_TRUE(

	419 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());

	420 EXPECT_TRUE(can_access_page(extension, kOrigin));

	421 EXPECT_FALSE(can_access_page(extension, kGoogle));

	422 EXPECT_FALSE(can_access_page(extension, kExampleGoogle));

	423

	424 AddPattern(&default_policy_allowed_hosts, "http://example.google.com/*");

	425 // Give the extension access to example.google.com. Now the

	426 // example.google.com should not be a runtime blocked host.

	427 updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts,

	428 default_policy_allowed_hosts);

	429

	430 EXPECT_TRUE(

	431 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());

	432 EXPECT_TRUE(can_access_page(extension, kOrigin));

	433 EXPECT_FALSE(can_access_page(extension, kGoogle));

	434 EXPECT_TRUE(can_access_page(extension, kExampleGoogle));

	435

	436 // Revoke extension access to foo.com. Now, foo.com should be a runtime

	437 // blocked host.

	438 AddPattern(&default_policy_blocked_hosts, "://.foo.com/");

	439 updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts,

	440 default_policy_allowed_hosts);

	441 EXPECT_TRUE(

	442 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());

	443 EXPECT_FALSE(can_access_page(extension, kOrigin));

	444 EXPECT_FALSE(can_access_page(extension, kGoogle));

	445 EXPECT_TRUE(can_access_page(extension, kExampleGoogle));

	446

	447 // Remove foo.com from blocked hosts. The extension should no longer have

	448 // be a runtime blocked host.

	449 default_policy_blocked_hosts.ClearPatterns();

	450 AddPattern(&default_policy_blocked_hosts, "://.foo.com/");

	451 updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts,

	452 default_policy_allowed_hosts);

	453 EXPECT_TRUE(

	454 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());

	455 EXPECT_FALSE(can_access_page(extension, kOrigin));

	456 EXPECT_TRUE(can_access_page(extension, kGoogle));

	457 EXPECT_TRUE(can_access_page(extension, kExampleGoogle));

	458

	459 // Set an empty individual policy, should not affect default policy.

	460 updater.SetPolicyHostRestrictions(extension.get(), policy_blocked_hosts,

	461 policy_allowed_hosts);

	462 EXPECT_FALSE(

	463 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());

	464 EXPECT_TRUE(can_access_page(extension, kOrigin));

	465 EXPECT_TRUE(can_access_page(extension, kGoogle));

	466 EXPECT_TRUE(can_access_page(extension, kExampleGoogle));

	467

	468 // Block google.com for the Individual scope.

	469 // Whitelist example.google.com for the Indiviaul scope.

	470 // Leave google.com and example.google.com off both the whitelist and

	471 // blacklist for Default scope.

	472 AddPattern(&policy_blocked_hosts, "://.google.com/*");

	473 AddPattern(&policy_allowed_hosts, "://example.google.com/");

	474 updater.SetPolicyHostRestrictions(extension.get(), policy_blocked_hosts,

	475 policy_allowed_hosts);

	476 EXPECT_FALSE(

	477 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());

	478 EXPECT_TRUE(can_access_page(extension, kOrigin));

	479 EXPECT_FALSE(can_access_page(extension, kGoogle));

	480 EXPECT_TRUE(can_access_page(extension, kExampleGoogle));

	481

	482 // Switch back to default scope for extension.

	483 updater.SetUsesDefaultHostRestrictions(extension.get());

	484 EXPECT_TRUE(

	485 extension->permissions_data()->UsesDefaultPolicyHostRestrictions());

	486 default_policy_blocked_hosts.ClearPatterns();

	487 default_policy_allowed_hosts.ClearPatterns();

	488 updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts,

	489 default_policy_allowed_hosts);

	490 }

384 }	491 }

385	492

386 // Test that the permissions updater delegate works - in this test it removes	493 // Test that the permissions updater delegate works - in this test it removes

387 // the cookies permission.	494 // the cookies permission.

388 TEST_F(PermissionsUpdaterTest, Delegate) {	495 TEST_F(PermissionsUpdaterTest, Delegate) {

389 InitializeEmptyExtensionService();	496 InitializeEmptyExtensionService();

390	497

391 ListBuilder required_permissions;	498 ListBuilder required_permissions;

392 required_permissions.Append("tabs").Append("management").Append("cookies");	499 required_permissions.Append("tabs").Append("management").Append("cookies");

393 scoped_refptr<const Extension> extension =	500 scoped_refptr<const Extension> extension =

(...skipping 12 matching lines...) Expand all Loading...
406 EXPECT_TRUE(extension->permissions_data()->HasAPIPermission(	513 EXPECT_TRUE(extension->permissions_data()->HasAPIPermission(

407 APIPermission::kManagement));	514 APIPermission::kManagement));

408 EXPECT_FALSE(extension->permissions_data()->HasAPIPermission(	515 EXPECT_FALSE(extension->permissions_data()->HasAPIPermission(

409 APIPermission::kCookie));	516 APIPermission::kCookie));

410	517

411 // Unset the delegate.	518 // Unset the delegate.

412 PermissionsUpdater::SetPlatformDelegate(nullptr);	519 PermissionsUpdater::SetPlatformDelegate(nullptr);

413 }	520 }

414	521

415 } // namespace extensions	522 } // namespace extensions

OLD	NEW