[Test] Added a test for activeTab URL filtering

chrome/browser/extensions/active_tab_apitest.cc

Index: chrome/browser/extensions/active_tab_apitest.cc
diff --git a/chrome/browser/extensions/active_tab_apitest.cc b/chrome/browser/extensions/active_tab_apitest.cc
index 24e860c4d904f91bb7db7382c5f07cdea489b798..7b6ba12ec117db1b7ad6be4359e7bfe00447c560 100644
--- a/chrome/browser/extensions/active_tab_apitest.cc
+++ b/chrome/browser/extensions/active_tab_apitest.cc
@@ -5,13 +5,20 @@
 #include "base/logging.h"
 #include "chrome/browser/extensions/extension_action_runner.h"
 #include "chrome/browser/extensions/extension_apitest.h"
+#include "chrome/browser/extensions/extension_tab_util.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
 #include "chrome/test/base/ui_test_utils.h"
 #include "extensions/common/extension.h"
+#include "extensions/test/extension_test_message_listener.h"
 #include "extensions/test/result_catcher.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 
+#if defined(OS_CHROMEOS)
+#include "chrome/browser/chromeos/extensions/extension_tab_util_delegate_chromeos.h"
+#include "chromeos/login/login_state.h"
+#endif
+
 namespace extensions {
 namespace {
 
@@ -38,6 +45,16 @@ IN_PROC_BROWSER_TEST_F(ExtensionApiTest, MAYBE_ActiveTab) {
     EXPECT_TRUE(catcher.GetNextResult()) << message_;
   }
 
+  // Do one pass of BrowserAction without granting activeTab permission,
+  // extension shouldn't have access to tab.url.
+  {
+    ResultCatcher catcher;
+    ExtensionActionRunner::GetForWebContents(
+        browser()->tab_strip_model()->GetActiveWebContents())
+        ->RunAction(extension, false);
+    EXPECT_TRUE(catcher.GetNextResult()) << message_;
+  }
+
   // Granting to the extension should give it access to page.html.
   {
     ResultCatcher catcher;
@@ -47,6 +64,33 @@ IN_PROC_BROWSER_TEST_F(ExtensionApiTest, MAYBE_ActiveTab) {
     EXPECT_TRUE(catcher.GetNextResult()) << message_;
   }
 
+#if defined(OS_CHROMEOS)
+  // For the third pass grant the activeTab permission and do it in a public
+  // session. URL should be scrubbed down to origin.
+  {
+    // Setup state.
+    chromeos::LoginState::Get()->SetLoggedInState(
+      chromeos::LoginState::LOGGED_IN_ACTIVE,
+      chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT);
+    auto delegate = base::MakeUnique<ExtensionTabUtilDelegateChromeOS>();
+    ExtensionTabUtil::SetPlatformDelegate(delegate.get());
+
+    ExtensionTestMessageListener listener(false);
+    ResultCatcher catcher;
+    ExtensionActionRunner::GetForWebContents(
+        browser()->tab_strip_model()->GetActiveWebContents())
+        ->RunAction(extension, true);
+    EXPECT_TRUE(catcher.GetNextResult()) << message_;
+    EXPECT_EQ(GURL(listener.message()).GetOrigin().spec(), listener.message());
+
+    // Clean up.
+    chromeos::LoginState::Get()->SetLoggedInState(
+      chromeos::LoginState::LOGGED_IN_NONE,
+      chromeos::LoginState::LOGGED_IN_USER_NONE);
+    ExtensionTabUtil::SetPlatformDelegate(nullptr);
+  }
+#endif
+
   // Changing page should go back to it not having access.
   {
     ResultCatcher catcher;