Add checks for Feature Policy to the mojo Permission Service

content/browser/permissions/permission_service_impl_unittest.cc

Index: content/browser/permissions/permission_service_impl_unittest.cc
diff --git a/content/browser/permissions/permission_service_impl_unittest.cc b/content/browser/permissions/permission_service_impl_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..abd14b5af4364dd97b19274c3dc6d16f485457fd
--- /dev/null
+++ b/content/browser/permissions/permission_service_impl_unittest.cc
@@ -0,0 +1,178 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/permissions/permission_service_impl.h"
+
+#include "base/run_loop.h"
+#include "base/test/scoped_feature_list.h"
+#include "content/browser/permissions/permission_service_context.h"
+#include "content/common/feature_policy/feature_policy.h"
+#include "content/public/browser/web_contents.h"
+#include "content/public/common/content_features.h"
+#include "content/public/test/test_browser_context.h"
+#include "content/public/test/test_renderer_host.h"
+#include "content/test/mock_permission_manager.h"
+#include "content/test/test_render_frame_host.h"
+#include "mojo/public/cpp/bindings/interface_request.h"
+#include "third_party/WebKit/public/platform/WebFeaturePolicy.h"
+#include "third_party/WebKit/public/platform/modules/permissions/permission.mojom.h"
+#include "url/origin.h"
+
+using blink::mojom::PermissionStatus;
+using blink::mojom::PermissionName;
+
+namespace content {
+
+namespace {
+
+blink::mojom::PermissionDescriptorPtr CreatePermissionDescriptor(
+    PermissionName name) {
+  auto descriptor = blink::mojom::PermissionDescriptor::New();
+  descriptor->name = name;
+  return descriptor;
+}
+
+class TestPermissionManager : public MockPermissionManager {
+ public:
+  ~TestPermissionManager() override {}
+
+  PermissionStatus GetPermissionStatus(PermissionType permission,
+                                       const GURL& requesting_origin,
+                                       const GURL& embedding_origin) override {
+    // Always return granted.
+    return PermissionStatus::GRANTED;
+  }
+
+  int RequestPermissions(
+      const std::vector<PermissionType>& permissions,
+      RenderFrameHost* render_frame_host,
+      const GURL& requesting_origin,
+      bool user_gesture,
+      const base::Callback<void(const std::vector<PermissionStatus>&)>&
+          callback) override {
+    callback.Run(std::vector<PermissionStatus>(permissions.size(),
+                                               PermissionStatus::GRANTED));
+    return 0;
+  }
+};
+
+}  // namespace
+
+class PermissionServiceImplTest : public RenderViewHostTestHarness {
+ public:
+  PermissionServiceImplTest() : origin_(GURL("https://www.google.com")) {}
+
+  void SetUp() override {
+    RenderViewHostTestHarness::SetUp();
+    static_cast<TestBrowserContext*>(browser_context())
+        ->SetPermissionManager(base::MakeUnique<TestPermissionManager>());
+    NavigateAndCommit(origin_.GetURL());
+    service_context_.reset(new PermissionServiceContext(main_rfh()));
+    blink::mojom::PermissionServicePtr ptr;
+    service_impl_.reset(new PermissionServiceImpl(service_context_.get(),
+                                                  mojo::MakeRequest(&ptr)));
+    // Initialize the feature policy.
+    ParsedFeaturePolicyHeader header;
+    static_cast<TestRenderFrameHost*>(main_rfh())
+        ->OnDidSetFeaturePolicyHeader(header);
+  }
+
+  void TearDown() override {
+    service_impl_.reset();
+    service_context_.reset();
+    RenderViewHostTestHarness::TearDown();
+  }
+
+ protected:
+  void SetFeaturePolicy(blink::WebFeaturePolicyFeature feature, bool enabled) {
+    ParsedFeaturePolicyHeader header;
+    std::vector<url::Origin> whitelist;
+    if (enabled)
+      whitelist.push_back(origin_);
+    header.push_back({feature, /*match_all_origins=*/false, whitelist});
+    static_cast<TestRenderFrameHost*>(main_rfh())
+        ->OnDidSetFeaturePolicyHeader(header);
+  }
+
+  PermissionStatus HasPermission(PermissionName permission) {
+    base::Callback<void(PermissionStatus)> callback =
+        base::Bind(&PermissionServiceImplTest::PermissionStatusCallback,
+                   base::Unretained(this));
+    service_impl_->HasPermission(CreatePermissionDescriptor(permission),
+                                 origin_, callback);
+    EXPECT_EQ(1u, last_permission_statuses_.size());
+    return last_permission_statuses_[0];
+  }
+
+  std::vector<PermissionStatus> RequestPermissions(
+      const std::vector<PermissionName>& permissions) {
+    std::vector<blink::mojom::PermissionDescriptorPtr> descriptors;
+    for (PermissionName name : permissions)
+      descriptors.push_back(CreatePermissionDescriptor(name));
+    base::Callback<void(const std::vector<PermissionStatus>&)> callback =
+        base::Bind(&PermissionServiceImplTest::RequestPermissionsCallback,
+                   base::Unretained(this));
+    service_impl_->RequestPermissions(std::move(descriptors), origin_,
+                                      /*user_gesture=*/false, callback);
+    EXPECT_EQ(permissions.size(), last_permission_statuses_.size());
+    return last_permission_statuses_;
+  }
+
+ private:
+  void PermissionStatusCallback(blink::mojom::PermissionStatus status) {
+    last_permission_statuses_ = std::vector<PermissionStatus>{status};
+  }
+
+  void RequestPermissionsCallback(
+      const std::vector<PermissionStatus>& statuses) {
+    last_permission_statuses_ = statuses;
+  }
+
+  url::Origin origin_;
+
+  base::Closure quit_closure_;
+
+  std::vector<PermissionStatus> last_permission_statuses_;
+
+  std::unique_ptr<PermissionServiceContext> service_context_;
+  std::unique_ptr<PermissionServiceImpl> service_impl_;
+};
+
+TEST_F(PermissionServiceImplTest, HasPermissionWithFeaturePolicy) {
+  base::test::ScopedFeatureList feature_list;
+  feature_list.InitAndEnableFeature(features::kUseFeaturePolicyForPermissions);
+  // Geolocation should be enabled by default for a frame (if permission is
+  // granted).
+  EXPECT_EQ(PermissionStatus::GRANTED,
+            HasPermission(PermissionName::GEOLOCATION));
+
+  SetFeaturePolicy(blink::WebFeaturePolicyFeature::kGeolocation,
+                   /*enabled=*/false);
+  EXPECT_EQ(PermissionStatus::DENIED,
+            HasPermission(PermissionName::GEOLOCATION));
+
+  // Midi should be allowed even though geolocation was disabled.
+  EXPECT_EQ(PermissionStatus::GRANTED, HasPermission(PermissionName::MIDI));
+
+  // Now block midi.
+  SetFeaturePolicy(blink::WebFeaturePolicyFeature::kMidiFeature,
+                   /*enabled=*/false);
+  EXPECT_EQ(PermissionStatus::DENIED, HasPermission(PermissionName::MIDI));
+}
+
+TEST_F(PermissionServiceImplTest, RequestPermissionsWithFeaturePolicy) {
+  base::test::ScopedFeatureList feature_list;
+  feature_list.InitAndEnableFeature(features::kUseFeaturePolicyForPermissions);
+  SetFeaturePolicy(blink::WebFeaturePolicyFeature::kMidiFeature,
+                   /*enabled=*/false);
+
+  std::vector<PermissionStatus> result =
+      RequestPermissions(std::vector<PermissionName>{
+          PermissionName::MIDI, PermissionName::GEOLOCATION});
+  EXPECT_EQ(2u, result.size());

[Timothy Loh, 2017/05/23 04:14:06]

Maybe also have a test of a single permission which is denied by feature policy.

+  EXPECT_EQ(PermissionStatus::DENIED, result[0]);
+  EXPECT_EQ(PermissionStatus::GRANTED, result[1]);
+}
+
+}  // namespace