Add checks for Feature Policy to the mojo Permission Service

content/browser/permissions/permission_service_impl_unittest.cc

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/permissions/permission_service_impl.h"
+
+#include "base/run_loop.h"
+#include "base/test/scoped_feature_list.h"
+#include "content/browser/permissions/permission_service_context.h"
+#include "content/common/feature_policy/feature_policy.h"
+#include "content/public/browser/web_contents.h"
+#include "content/public/common/content_features.h"
+#include "content/public/test/test_browser_context.h"
+#include "content/public/test/test_renderer_host.h"
+#include "content/test/mock_permission_manager.h"
+#include "content/test/test_render_frame_host.h"
+#include "mojo/public/cpp/bindings/interface_request.h"
+#include "third_party/WebKit/public/platform/WebFeaturePolicy.h"
+#include "third_party/WebKit/public/platform/modules/permissions/permission.mojom.h"
+#include "url/origin.h"
+
+using blink::mojom::PermissionStatus;
+using blink::mojom::PermissionName;
+
+namespace content {
+
+namespace {
+
+blink::mojom::PermissionDescriptorPtr CreatePermissionDescriptor(
+    PermissionName name) {
+  auto descriptor = blink::mojom::PermissionDescriptor::New();
+  descriptor->name = name;
+  return descriptor;
+}
+
+class TestPermissionManager : public MockPermissionManager {
+ public:
+  ~TestPermissionManager() override {}

[mlamouri (slow - plz ping), 2017/05/30 09:38:22]

nit: `= default`

[raymes, 2017/05/31 05:32:01]

Done.

+
+  PermissionStatus GetPermissionStatus(PermissionType permission,
+                                       const GURL& requesting_origin,
+                                       const GURL& embedding_origin) override {
+    // Always return granted.
+    return PermissionStatus::GRANTED;
+  }
+
+  int RequestPermissions(
+      const std::vector<PermissionType>& permissions,
+      RenderFrameHost* render_frame_host,
+      const GURL& requesting_origin,
+      bool user_gesture,
+      const base::Callback<void(const std::vector<PermissionStatus>&)>&
+          callback) override {
+    callback.Run(std::vector<PermissionStatus>(permissions.size(),
+                                               PermissionStatus::GRANTED));
+    return 0;
+  }
+};
+
+}  // namespace
+
+class PermissionServiceImplTest : public RenderViewHostTestHarness {
+ public:
+  PermissionServiceImplTest() : origin_(GURL("https://www.google.com")) {}
+
+  void SetUp() override {
+    RenderViewHostTestHarness::SetUp();
+    static_cast<TestBrowserContext*>(browser_context())
+        ->SetPermissionManager(base::MakeUnique<TestPermissionManager>());
+    NavigateAndCommit(origin_.GetURL());
+    service_context_.reset(new PermissionServiceContext(main_rfh()));
+    service_impl_.reset(new PermissionServiceImpl(service_context_.get()));
+  }
+
+  void TearDown() override {
+    service_impl_.reset();
+    service_context_.reset();
+    RenderViewHostTestHarness::TearDown();
+  }
+
+ protected:
+  // The header policy should only be set once on page load, so we refresh the
+  // page to simulate that.
+  void RefreshPageAndSetHeaderPolicy(blink::WebFeaturePolicyFeature feature,
+                                     bool enabled) {
+    NavigateAndCommit(origin_.GetURL());
+    ParsedFeaturePolicyHeader header;
+    std::vector<url::Origin> whitelist;
+    if (enabled)
+      whitelist.push_back(origin_);
+    header.push_back({feature, /*match_all_origins=*/false, whitelist});
+    static_cast<TestRenderFrameHost*>(main_rfh())
+        ->OnDidSetFeaturePolicyHeader(header);
+  }
+
+  PermissionStatus HasPermission(PermissionName permission) {
+    base::Callback<void(PermissionStatus)> callback =
+        base::Bind(&PermissionServiceImplTest::PermissionStatusCallback,
+                   base::Unretained(this));
+    service_impl_->HasPermission(CreatePermissionDescriptor(permission),
+                                 origin_, callback);
+    EXPECT_EQ(1u, last_permission_statuses_.size());
+    return last_permission_statuses_[0];
+  }
+
+  std::vector<PermissionStatus> RequestPermissions(
+      const std::vector<PermissionName>& permissions) {
+    std::vector<blink::mojom::PermissionDescriptorPtr> descriptors;
+    for (PermissionName name : permissions)
+      descriptors.push_back(CreatePermissionDescriptor(name));
+    base::Callback<void(const std::vector<PermissionStatus>&)> callback =
+        base::Bind(&PermissionServiceImplTest::RequestPermissionsCallback,
+                   base::Unretained(this));
+    service_impl_->RequestPermissions(std::move(descriptors), origin_,
+                                      /*user_gesture=*/false, callback);
+    EXPECT_EQ(permissions.size(), last_permission_statuses_.size());
+    return last_permission_statuses_;
+  }
+
+ private:
+  void PermissionStatusCallback(blink::mojom::PermissionStatus status) {
+    last_permission_statuses_ = std::vector<PermissionStatus>{status};
+  }
+
+  void RequestPermissionsCallback(
+      const std::vector<PermissionStatus>& statuses) {
+    last_permission_statuses_ = statuses;
+  }
+
+  url::Origin origin_;
+
+  base::Closure quit_closure_;
+
+  std::vector<PermissionStatus> last_permission_statuses_;
+
+  std::unique_ptr<PermissionServiceImpl> service_impl_;
+  std::unique_ptr<PermissionServiceContext> service_context_;
+};
+
+// Basic tests for feature policy checks through the PermissionService.  These
+// tests are not meant to cover every edge case as the FeaturePolicy class
+// itself is tested thoroughly in feature_policy_unittest.cc and in
+// render_frame_host_feature_policy_unittest.cc.
+TEST_F(PermissionServiceImplTest, HasPermissionWithFeaturePolicy) {
+  base::test::ScopedFeatureList feature_list;
+  feature_list.InitAndEnableFeature(features::kUseFeaturePolicyForPermissions);
+  // Geolocation should be enabled by default for a frame (if permission is
+  // granted).
+  EXPECT_EQ(PermissionStatus::GRANTED,
+            HasPermission(PermissionName::GEOLOCATION));
+
+  RefreshPageAndSetHeaderPolicy(blink::WebFeaturePolicyFeature::kGeolocation,
+                                /*enabled=*/false);
+  EXPECT_EQ(PermissionStatus::DENIED,
+            HasPermission(PermissionName::GEOLOCATION));
+
+  // Midi should be allowed even though geolocation was disabled.
+  EXPECT_EQ(PermissionStatus::GRANTED, HasPermission(PermissionName::MIDI));
+
+  // Now block midi.
+  RefreshPageAndSetHeaderPolicy(blink::WebFeaturePolicyFeature::kMidiFeature,
+                                /*enabled=*/false);
+  EXPECT_EQ(PermissionStatus::DENIED, HasPermission(PermissionName::MIDI));
+
+  // Ensure that the policy is ignored if kUseFeaturePolicyForPermissions is
+  // disabled.
+  base::test::ScopedFeatureList empty_feature_list;
+  empty_feature_list.Init();
+  EXPECT_EQ(PermissionStatus::GRANTED, HasPermission(PermissionName::MIDI));
+}
+
+TEST_F(PermissionServiceImplTest, RequestPermissionsWithFeaturePolicy) {
+  base::test::ScopedFeatureList feature_list;
+  feature_list.InitAndEnableFeature(features::kUseFeaturePolicyForPermissions);
+
+  // Disable midi.
+  RefreshPageAndSetHeaderPolicy(blink::WebFeaturePolicyFeature::kMidiFeature,
+                                /*enabled=*/false);
+
+  std::vector<PermissionStatus> result =
+      RequestPermissions(std::vector<PermissionName>{PermissionName::MIDI});
+  EXPECT_EQ(1u, result.size());
+  EXPECT_EQ(PermissionStatus::DENIED, result[0]);
+
+  // Request midi along with geolocation. Geolocation should be granted.
+  result = RequestPermissions(std::vector<PermissionName>{
+      PermissionName::MIDI, PermissionName::GEOLOCATION});
+  EXPECT_EQ(2u, result.size());
+  EXPECT_EQ(PermissionStatus::DENIED, result[0]);
+  EXPECT_EQ(PermissionStatus::GRANTED, result[1]);
+}
+
+}  // namespace