Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1124)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/extensions/permissions_updater_unittest.cc

Issue 2833843004: Reland: Communicate ExtensionSettings policy to renderers (Closed)
Patch Set: Removed unused URLPatternSet parameters in ExtensionMsg_PermissionSetStruct which was causing MSAN … Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/extensions/permissions_updater.cc ('k') | chrome/common/extensions/permissions/permissions_data_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/extensions/permissions_updater_unittest.cc
diff --git a/chrome/browser/extensions/permissions_updater_unittest.cc b/chrome/browser/extensions/permissions_updater_unittest.cc
index 67e31dfbeeb6e1a477644933fc19d72c2a125f43..fd1460635f16d99bd6b6c77ef11359578db642b1 100644
--- a/chrome/browser/extensions/permissions_updater_unittest.cc
+++ b/chrome/browser/extensions/permissions_updater_unittest.cc
@@ -271,6 +271,15 @@ TEST_F(PermissionsUpdaterTest, RevokingPermissions) {
APIPermissionSet(), ManifestPermissionSet(), set, URLPatternSet());
};
+ auto can_access_page =
+ [](scoped_refptr<const extensions::Extension> extension,
+ const GURL& document_url) -> bool {
+ PermissionsData::AccessType access =
+ extension.get()->permissions_data()->GetPageAccess(
+ extension.get(), document_url, -1, nullptr);
+ return access == PermissionsData::ACCESS_ALLOWED;
+ };
+
{
// Test revoking optional permissions.
ListBuilder optional_permissions;
@@ -346,6 +355,7 @@ TEST_F(PermissionsUpdaterTest, RevokingPermissions) {
// By default, all-hosts was withheld, so the extension shouldn't have
// access to any site (like foo.com).
const GURL kOrigin("http://foo.com");
+
EXPECT_FALSE(extension->permissions_data()
->active_permissions()
.HasExplicitAccessToOrigin(kOrigin));
@@ -381,6 +391,103 @@ TEST_F(PermissionsUpdaterTest, RevokingPermissions) {
.HasExplicitAccessToOrigin(kOrigin));
EXPECT_TRUE(updater.GetRevokablePermissions(extension.get())->IsEmpty());
}
+
+ {
+ // Make sure policy restriction updates update permission data.
+ URLPatternSet default_policy_blocked_hosts;
+ URLPatternSet default_policy_allowed_hosts;
+ URLPatternSet policy_blocked_hosts;
+ URLPatternSet policy_allowed_hosts;
+ ListBuilder optional_permissions;
+ ListBuilder required_permissions;
+ required_permissions.Append("tabs").Append("http://*/*");
+ scoped_refptr<const Extension> extension =
+ CreateExtensionWithOptionalPermissions(optional_permissions.Build(),
+ required_permissions.Build(),
+ "ExtensionSettings");
+ AddPattern(&default_policy_blocked_hosts, "http://*.google.com/*");
+ PermissionsUpdater updater(profile());
+ updater.InitializePermissions(extension.get());
+ extension->permissions_data()->SetDefaultPolicyHostRestrictions(
+ default_policy_blocked_hosts, default_policy_allowed_hosts);
+
+ // By default, all subdomains of google.com should be blocked.
+ const GURL kOrigin("http://foo.com");
+ const GURL kGoogle("http://www.google.com");
+ const GURL kExampleGoogle("http://example.google.com");
+ EXPECT_TRUE(
+ extension->permissions_data()->UsesDefaultPolicyHostRestrictions());
+ EXPECT_TRUE(can_access_page(extension, kOrigin));
+ EXPECT_FALSE(can_access_page(extension, kGoogle));
+ EXPECT_FALSE(can_access_page(extension, kExampleGoogle));
+
+ AddPattern(&default_policy_allowed_hosts, "http://example.google.com/*");
+ // Give the extension access to example.google.com. Now the
+ // example.google.com should not be a runtime blocked host.
+ updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts,
+ default_policy_allowed_hosts);
+
+ EXPECT_TRUE(
+ extension->permissions_data()->UsesDefaultPolicyHostRestrictions());
+ EXPECT_TRUE(can_access_page(extension, kOrigin));
+ EXPECT_FALSE(can_access_page(extension, kGoogle));
+ EXPECT_TRUE(can_access_page(extension, kExampleGoogle));
+
+ // Revoke extension access to foo.com. Now, foo.com should be a runtime
+ // blocked host.
+ AddPattern(&default_policy_blocked_hosts, "*://*.foo.com/");
+ updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts,
+ default_policy_allowed_hosts);
+ EXPECT_TRUE(
+ extension->permissions_data()->UsesDefaultPolicyHostRestrictions());
+ EXPECT_FALSE(can_access_page(extension, kOrigin));
+ EXPECT_FALSE(can_access_page(extension, kGoogle));
+ EXPECT_TRUE(can_access_page(extension, kExampleGoogle));
+
+ // Remove foo.com from blocked hosts. The extension should no longer have
+ // be a runtime blocked host.
+ default_policy_blocked_hosts.ClearPatterns();
+ AddPattern(&default_policy_blocked_hosts, "*://*.foo.com/");
+ updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts,
+ default_policy_allowed_hosts);
+ EXPECT_TRUE(
+ extension->permissions_data()->UsesDefaultPolicyHostRestrictions());
+ EXPECT_FALSE(can_access_page(extension, kOrigin));
+ EXPECT_TRUE(can_access_page(extension, kGoogle));
+ EXPECT_TRUE(can_access_page(extension, kExampleGoogle));
+
+ // Set an empty individual policy, should not affect default policy.
+ updater.SetPolicyHostRestrictions(extension.get(), policy_blocked_hosts,
+ policy_allowed_hosts);
+ EXPECT_FALSE(
+ extension->permissions_data()->UsesDefaultPolicyHostRestrictions());
+ EXPECT_TRUE(can_access_page(extension, kOrigin));
+ EXPECT_TRUE(can_access_page(extension, kGoogle));
+ EXPECT_TRUE(can_access_page(extension, kExampleGoogle));
+
+ // Block google.com for the Individual scope.
+ // Whitelist example.google.com for the Indiviaul scope.
+ // Leave google.com and example.google.com off both the whitelist and
+ // blacklist for Default scope.
+ AddPattern(&policy_blocked_hosts, "*://*.google.com/*");
+ AddPattern(&policy_allowed_hosts, "*://example.google.com/*");
+ updater.SetPolicyHostRestrictions(extension.get(), policy_blocked_hosts,
+ policy_allowed_hosts);
+ EXPECT_FALSE(
+ extension->permissions_data()->UsesDefaultPolicyHostRestrictions());
+ EXPECT_TRUE(can_access_page(extension, kOrigin));
+ EXPECT_FALSE(can_access_page(extension, kGoogle));
+ EXPECT_TRUE(can_access_page(extension, kExampleGoogle));
+
+ // Switch back to default scope for extension.
+ updater.SetUsesDefaultHostRestrictions(extension.get());
+ EXPECT_TRUE(
+ extension->permissions_data()->UsesDefaultPolicyHostRestrictions());
+ default_policy_blocked_hosts.ClearPatterns();
+ default_policy_allowed_hosts.ClearPatterns();
+ updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts,
+ default_policy_allowed_hosts);
+ }
}
// Test that the permissions updater delegate works - in this test it removes
« no previous file with comments | « chrome/browser/extensions/permissions_updater.cc ('k') | chrome/common/extensions/permissions/permissions_data_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698