Chromium Code Reviews Chromium Code Reviews
Issue 2874053003:
Add checks for Feature Policy to the mojo Permission Service (Closed)
| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "content/browser/permissions/permission_service_impl.h" | |
| 6 | |
| 7 #include "base/run_loop.h" | |
| 8 #include "base/test/scoped_feature_list.h" | |
| 9 #include "content/browser/permissions/permission_service_context.h" | |
| 10 #include "content/common/feature_policy/feature_policy.h" | |
| 11 #include "content/public/browser/web_contents.h" | |
| 12 #include "content/public/common/content_features.h" | |
| 13 #include "content/public/test/test_browser_context.h" | |
| 14 #include "content/public/test/test_renderer_host.h" | |
| 15 #include "content/test/mock_permission_manager.h" | |
| 16 #include "content/test/test_render_frame_host.h" | |
| 17 #include "mojo/public/cpp/bindings/interface_request.h" | |
| 18 #include "third_party/WebKit/public/platform/WebFeaturePolicy.h" | |
| 19 #include "third_party/WebKit/public/platform/modules/permissions/permission.mojo m.h" | |
| 20 #include "url/origin.h" | |
| 21 | |
| 22 using blink::mojom::PermissionStatus; | |
| 23 using blink::mojom::PermissionName; | |
| 24 | |
| 25 namespace content { | |
| 26 | |
| 27 namespace { | |
| 28 | |
| 29 blink::mojom::PermissionDescriptorPtr CreatePermissionDescriptor( | |
| 30 PermissionName name) { | |
| 31 auto descriptor = blink::mojom::PermissionDescriptor::New(); | |
| 32 descriptor->name = name; | |
| 33 return descriptor; | |
| 34 } | |
| 35 | |
| 36 class TestPermissionManager : public MockPermissionManager { | |
| 37 public: | |
| 38 ~TestPermissionManager() override {} | |
| 39 | |
| 40 PermissionStatus GetPermissionStatus(PermissionType permission, | |
| 41 const GURL& requesting_origin, | |
| 42 const GURL& embedding_origin) override { | |
| 43 // Always return granted. | |
| 44 return PermissionStatus::GRANTED; | |
| 45 } | |
| 46 | |
| 47 int RequestPermissions( | |
| 48 const std::vector<PermissionType>& permissions, | |
| 49 RenderFrameHost* render_frame_host, | |
| 50 const GURL& requesting_origin, | |
| 51 bool user_gesture, | |
| 52 const base::Callback<void(const std::vector<PermissionStatus>&)>& | |
| 53 callback) override { | |
| 54 callback.Run(std::vector<PermissionStatus>(permissions.size(), | |
| 55 PermissionStatus::GRANTED)); | |
| 56 return 0; | |
| 57 } | |
| 58 }; | |
| 59 | |
| 60 } // namespace | |
| 61 | |
| 62 class PermissionServiceImplTest : public RenderViewHostTestHarness { | |
| 63 public: | |
| 64 PermissionServiceImplTest() : origin_(GURL("https://www.google.com")) {} | |
| 65 | |
| 66 void SetUp() override { | |
| 67 RenderViewHostTestHarness::SetUp(); | |
| 68 static_cast<TestBrowserContext*>(browser_context()) | |
| 69 ->SetPermissionManager(base::MakeUnique<TestPermissionManager>()); | |
| 70 NavigateAndCommit(origin_.GetURL()); | |
| 71 service_context_.reset(new PermissionServiceContext(main_rfh())); | |
| 72 blink::mojom::PermissionServicePtr ptr; | |
| 73 service_impl_.reset(new PermissionServiceImpl(service_context_.get(), | |
| 74 mojo::MakeRequest(&ptr))); | |
| 75 // Initialize the feature policy. | |
| 76 ParsedFeaturePolicyHeader header; | |
| 77 static_cast<TestRenderFrameHost*>(main_rfh()) | |
| 78 ->OnDidSetFeaturePolicyHeader(header); | |
| 79 } | |
| 80 | |
| 81 void TearDown() override { | |
| 82 service_impl_.reset(); | |
| 83 service_context_.reset(); | |
| 84 RenderViewHostTestHarness::TearDown(); | |
| 85 } | |
| 86 | |
| 87 protected: | |
| 88 void SetFeaturePolicy(blink::WebFeaturePolicyFeature feature, bool enabled) { | |
| 89 ParsedFeaturePolicyHeader header; | |
| 90 std::vector<url::Origin> whitelist; | |
| 91 if (enabled) | |
| 92 whitelist.push_back(origin_); | |
| 93 header.push_back({feature, /*match_all_origins=*/false, whitelist}); | |
| 94 static_cast<TestRenderFrameHost*>(main_rfh()) | |
| 95 ->OnDidSetFeaturePolicyHeader(header); | |
| 96 } | |
| 97 | |
| 98 PermissionStatus HasPermission(PermissionName permission) { | |
| 99 base::Callback<void(PermissionStatus)> callback = | |
| 100 base::Bind(&PermissionServiceImplTest::PermissionStatusCallback, | |
| 101 base::Unretained(this)); | |
| 102 service_impl_->HasPermission(CreatePermissionDescriptor(permission), | |
| 103 origin_, callback); | |
| 104 EXPECT_EQ(1u, last_permission_statuses_.size()); | |
| 105 return last_permission_statuses_[0]; | |
| 106 } | |
| 107 | |
| 108 std::vector<PermissionStatus> RequestPermissions( | |
| 109 const std::vector<PermissionName>& permissions) { | |
| 110 std::vector<blink::mojom::PermissionDescriptorPtr> descriptors; | |
| 111 for (PermissionName name : permissions) | |
| 112 descriptors.push_back(CreatePermissionDescriptor(name)); | |
| 113 base::Callback<void(const std::vector<PermissionStatus>&)> callback = | |
| 114 base::Bind(&PermissionServiceImplTest::RequestPermissionsCallback, | |
| 115 base::Unretained(this)); | |
| 116 service_impl_->RequestPermissions(std::move(descriptors), origin_, | |
| 117 /*user_gesture=*/false, callback); | |
| 118 EXPECT_EQ(permissions.size(), last_permission_statuses_.size()); | |
| 119 return last_permission_statuses_; | |
| 120 } | |
| 121 | |
| 122 private: | |
| 123 void PermissionStatusCallback(blink::mojom::PermissionStatus status) { | |
| 124 last_permission_statuses_ = std::vector<PermissionStatus>{status}; | |
| 125 } | |
| 126 | |
| 127 void RequestPermissionsCallback( | |
| 128 const std::vector<PermissionStatus>& statuses) { | |
| 129 last_permission_statuses_ = statuses; | |
| 130 } | |
| 131 | |
| 132 url::Origin origin_; | |
| 133 | |
| 134 base::Closure quit_closure_; | |
| 135 | |
| 136 std::vector<PermissionStatus> last_permission_statuses_; | |
| 137 | |
| 138 std::unique_ptr<PermissionServiceContext> service_context_; | |
| 139 std::unique_ptr<PermissionServiceImpl> service_impl_; | |
| 140 }; | |
| 141 | |
| 142 TEST_F(PermissionServiceImplTest, HasPermissionWithFeaturePolicy) { | |
| 143 base::test::ScopedFeatureList feature_list; | |
| 144 feature_list.InitAndEnableFeature(features::kUseFeaturePolicyForPermissions); | |
| 145 // Geolocation should be enabled by default for a frame (if permission is | |
| 146 // granted). | |
| 147 EXPECT_EQ(PermissionStatus::GRANTED, | |
| 148 HasPermission(PermissionName::GEOLOCATION)); | |
| 149 | |
| 150 SetFeaturePolicy(blink::WebFeaturePolicyFeature::kGeolocation, | |
| 151 /*enabled=*/false); | |
| 152 EXPECT_EQ(PermissionStatus::DENIED, | |
| 153 HasPermission(PermissionName::GEOLOCATION)); | |
| 154 | |
| 155 // Midi should be allowed even though geolocation was disabled. | |
| 156 EXPECT_EQ(PermissionStatus::GRANTED, HasPermission(PermissionName::MIDI)); | |
| 157 | |
| 158 // Now block midi. | |
| 159 SetFeaturePolicy(blink::WebFeaturePolicyFeature::kMidiFeature, | |
| 160 /*enabled=*/false); | |
| 161 EXPECT_EQ(PermissionStatus::DENIED, HasPermission(PermissionName::MIDI)); | |
| 162 } | |
| 163 | |
| 164 TEST_F(PermissionServiceImplTest, RequestPermissionsWithFeaturePolicy) { | |
| 165 base::test::ScopedFeatureList feature_list; | |
| 166 feature_list.InitAndEnableFeature(features::kUseFeaturePolicyForPermissions); | |
| 167 SetFeaturePolicy(blink::WebFeaturePolicyFeature::kMidiFeature, | |
| 168 /*enabled=*/false); | |
| 169 | |
| 170 std::vector<PermissionStatus> result = | |
| 171 RequestPermissions(std::vector<PermissionName>{ | |
| 172 PermissionName::MIDI, PermissionName::GEOLOCATION}); | |
| 173 EXPECT_EQ(2u, result.size()); | |
|
Timothy Loh
2017/05/23 04:14:06
Maybe also have a test of a single permission whic
| |
| 174 EXPECT_EQ(PermissionStatus::DENIED, result[0]); | |
| 175 EXPECT_EQ(PermissionStatus::GRANTED, result[1]); | |
| 176 } | |
| 177 | |
| 178 } // namespace | |
| OLD | NEW |
