OLD | NEW |
---|---|
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/extensions/permissions_updater_delegate_chrome os.h" | 5 #include "chrome/browser/chromeos/extensions/permissions_updater_delegate_chrome os.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
10 #include "base/memory/ptr_util.h" | 10 #include "base/memory/ptr_util.h" |
11 #include "base/values.h" | 11 #include "base/values.h" |
12 #include "chromeos/login/login_state.h" | 12 #include "chromeos/login/login_state.h" |
13 #include "extensions/common/extension.h" | 13 #include "extensions/common/extension.h" |
14 #include "extensions/common/manifest.h" | 14 #include "extensions/common/manifest.h" |
15 #include "extensions/common/manifest_constants.h" | 15 #include "extensions/common/manifest_constants.h" |
16 #include "extensions/common/permissions/api_permission.h" | |
17 #include "extensions/common/permissions/api_permission_set.h" | |
18 #include "extensions/common/permissions/manifest_permission.h" | |
19 #include "extensions/common/permissions/manifest_permission_set.h" | |
16 #include "extensions/common/permissions/permission_set.h" | 20 #include "extensions/common/permissions/permission_set.h" |
21 #include "extensions/common/url_pattern.h" | |
22 #include "extensions/common/url_pattern_set.h" | |
17 #include "testing/gtest/include/gtest/gtest.h" | 23 #include "testing/gtest/include/gtest/gtest.h" |
18 | 24 |
19 namespace extensions { | 25 namespace extensions { |
20 | 26 |
21 namespace { | 27 namespace { |
22 | 28 |
23 const char kWhitelistedId[] = "cbkkbcmdlboombapidmoeolnmdacpkch"; | 29 const char kWhitelistedId[] = "cbkkbcmdlboombapidmoeolnmdacpkch"; |
24 const char kBogusId[] = "bogus"; | 30 const char kBogusId[] = "bogus"; |
25 | 31 |
32 class MockManifestPermission : public ManifestPermission { | |
Ivan Šandrk
2017/04/26 13:25:02
I've c/p-ed this from manifest_permission_set_unit
Devlin
2017/04/26 14:58:26
That would work. Another option would be to just
Ivan Šandrk
2017/04/26 17:04:43
TODO it is.
| |
33 public: | |
34 MockManifestPermission(const std::string& name) | |
35 : name_(name) { | |
36 } | |
37 | |
38 std::string name() const override { return name_; } | |
39 | |
40 std::string id() const override { return name(); } | |
41 | |
42 PermissionIDSet GetPermissions() const override { return PermissionIDSet(); } | |
43 | |
44 bool FromValue(const base::Value* value) override { return true; } | |
45 | |
46 std::unique_ptr<base::Value> ToValue() const override { | |
47 return base::MakeUnique<base::Value>(); | |
48 } | |
49 | |
50 ManifestPermission* Diff(const ManifestPermission* rhs) const override { | |
51 const MockManifestPermission* other = | |
52 static_cast<const MockManifestPermission*>(rhs); | |
53 EXPECT_EQ(name_, other->name_); | |
54 return NULL; | |
55 } | |
56 | |
57 ManifestPermission* Union(const ManifestPermission* rhs) const override { | |
58 const MockManifestPermission* other = | |
59 static_cast<const MockManifestPermission*>(rhs); | |
60 EXPECT_EQ(name_, other->name_); | |
61 return new MockManifestPermission(name_); | |
62 } | |
63 | |
64 ManifestPermission* Intersect(const ManifestPermission* rhs) const override { | |
65 const MockManifestPermission* other = | |
66 static_cast<const MockManifestPermission*>(rhs); | |
67 EXPECT_EQ(name_, other->name_); | |
68 return new MockManifestPermission(name_); | |
69 } | |
70 | |
71 private: | |
72 std::string name_; | |
73 }; | |
74 | |
26 scoped_refptr<Extension> CreateExtension(const std::string& id) { | 75 scoped_refptr<Extension> CreateExtension(const std::string& id) { |
27 std::string error; | 76 std::string error; |
28 base::DictionaryValue manifest; | 77 base::DictionaryValue manifest; |
29 manifest.SetString(manifest_keys::kName, "test"); | 78 manifest.SetString(manifest_keys::kName, "test"); |
30 manifest.SetString(manifest_keys::kVersion, "0.1"); | 79 manifest.SetString(manifest_keys::kVersion, "0.1"); |
31 scoped_refptr<Extension> extension = Extension::Create( | 80 scoped_refptr<Extension> extension = Extension::Create( |
32 base::FilePath(), | 81 base::FilePath(), |
33 Manifest::INTERNAL, | 82 Manifest::INTERNAL, |
34 manifest, | 83 manifest, |
35 Extension::NO_FLAGS, | 84 Extension::NO_FLAGS, |
36 id, | 85 id, |
37 &error); | 86 &error); |
38 return extension; | 87 return extension; |
39 } | 88 } |
40 | 89 |
41 std::unique_ptr<const PermissionSet> CreatePermissions() { | 90 std::unique_ptr<const PermissionSet> CreatePermissions() { |
42 APIPermissionSet apis; | 91 APIPermissionSet apis; |
43 apis.insert(APIPermission::kAudio); | 92 apis.insert(APIPermission::kAudio); |
44 apis.insert(APIPermission::kClipboardRead); | 93 apis.insert(APIPermission::kClipboardRead); |
45 apis.insert(APIPermission::kFullscreen); | 94 apis.insert(APIPermission::kFullscreen); |
95 ManifestPermissionSet manifest; | |
96 manifest.insert(new MockManifestPermission("author")); | |
97 manifest.insert(new MockManifestPermission("background")); | |
98 URLPatternSet explicit_hosts({ | |
99 URLPattern(URLPattern::SCHEME_ALL, "http://www.google.com/*"), | |
100 URLPattern(URLPattern::SCHEME_ALL, "<all_urls>")}); | |
101 URLPatternSet scriptable_hosts({ | |
102 URLPattern(URLPattern::SCHEME_ALL, "http://www.wikipedia.com/*")}); | |
46 auto permissions = base::MakeUnique<const PermissionSet>( | 103 auto permissions = base::MakeUnique<const PermissionSet>( |
47 apis, ManifestPermissionSet(), | 104 apis, manifest, explicit_hosts, scriptable_hosts); |
48 URLPatternSet(), URLPatternSet()); | |
49 return permissions; | 105 return permissions; |
50 } | 106 } |
51 | 107 |
52 } // namespace | 108 } // namespace |
53 | 109 |
54 TEST(PermissionsUpdaterDelegateChromeOSTest, NoFilteringOutsidePublicSession) { | 110 TEST(PermissionsUpdaterDelegateChromeOSTest, NoFilteringOutsidePublicSession) { |
55 PermissionsUpdaterDelegateChromeOS delegate; | 111 PermissionsUpdaterDelegateChromeOS delegate; |
56 ASSERT_FALSE(chromeos::LoginState::IsInitialized()); | 112 ASSERT_FALSE(chromeos::LoginState::IsInitialized()); |
57 | 113 |
58 // Whitelisted extension outside PS, nothing filtered. | 114 // Whitelisted extension outside PS, nothing filtered. |
(...skipping 17 matching lines...) Expand all Loading... | |
76 chromeos::LoginState::Get()->SetLoggedInState( | 132 chromeos::LoginState::Get()->SetLoggedInState( |
77 chromeos::LoginState::LOGGED_IN_ACTIVE, | 133 chromeos::LoginState::LOGGED_IN_ACTIVE, |
78 chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT); | 134 chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT); |
79 | 135 |
80 // Whitelisted extension, nothing gets filtered. | 136 // Whitelisted extension, nothing gets filtered. |
81 auto extension = CreateExtension(kWhitelistedId); | 137 auto extension = CreateExtension(kWhitelistedId); |
82 auto granted_permissions = CreatePermissions(); | 138 auto granted_permissions = CreatePermissions(); |
83 delegate.InitializePermissions(extension.get(), &granted_permissions); | 139 delegate.InitializePermissions(extension.get(), &granted_permissions); |
84 EXPECT_EQ(*CreatePermissions(), *granted_permissions); | 140 EXPECT_EQ(*CreatePermissions(), *granted_permissions); |
85 | 141 |
86 // Bogus extension ID (never whitelisted), ClipboardRead filtered out. | 142 // Bogus extension ID (never whitelisted), ClipboardRead filtered out, |
143 // everything else stays. | |
87 extension = CreateExtension(kBogusId); | 144 extension = CreateExtension(kBogusId); |
88 granted_permissions = CreatePermissions(); | 145 granted_permissions = CreatePermissions(); |
89 delegate.InitializePermissions(extension.get(), &granted_permissions); | 146 delegate.InitializePermissions(extension.get(), &granted_permissions); |
90 EXPECT_FALSE(granted_permissions->HasAPIPermission( | 147 APIPermissionSet apis; |
91 APIPermission::kClipboardRead)); | 148 apis.insert(APIPermission::kClipboardRead); |
92 EXPECT_EQ(2u, granted_permissions->apis().size()); | 149 auto expected_permissions = PermissionSet::CreateDifference( |
Devlin
2017/04/26 14:58:26
nitty nit: This mirrors the code a bit too much. :
Ivan Šandrk
2017/04/26 17:04:44
Good point about the mirroring, I actually had a w
Devlin
2017/04/26 18:34:52
We *used* to have strong rules about not allowing
| |
150 *CreatePermissions(), | |
151 PermissionSet(apis, ManifestPermissionSet(), | |
152 URLPatternSet(), URLPatternSet())); | |
153 EXPECT_EQ(*expected_permissions, *granted_permissions); | |
93 | 154 |
94 // Reset state at the end of test. | 155 // Reset state at the end of test. |
95 chromeos::LoginState::Shutdown(); | 156 chromeos::LoginState::Shutdown(); |
96 } | 157 } |
97 | 158 |
98 } // namespace extensions | 159 } // namespace extensions |
OLD | NEW |