Create withheld permissions

extensions/common/permissions/permissions_data_unittest.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <vector>
 
 #include "base/command_line.h"
 #include "base/memory/ref_counted.h"
 #include "base/strings/string16.h"
+#include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/common/chrome_version_info.h"
 #include "chrome/common/extensions/extension_test_util.h"
 #include "chrome/common/extensions/features/feature_channel.h"
 #include "content/public/common/socket_permission_request.h"
 #include "extensions/common/error_utils.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/extension_builder.h"
+#include "extensions/common/feature_switch.h"
 #include "extensions/common/id_util.h"
 #include "extensions/common/manifest.h"
 #include "extensions/common/manifest_constants.h"
 #include "extensions/common/permissions/api_permission.h"
 #include "extensions/common/permissions/permission_set.h"
 #include "extensions/common/permissions/permissions_data.h"
 #include "extensions/common/permissions/socket_permission.h"
 #include "extensions/common/switches.h"
 #include "extensions/common/url_pattern_set.h"
 #include "extensions/common/value_builder.h"
@@ skipping 39 matching lines @@
               .Set("description", "an extension")
               .Set("manifest_version", 2)
               .Set("version", "1.0.0")
               .Set("permissions", permissions.Pass())
               .Build())
       .SetLocation(location)
       .SetID(id)
       .Build();
 }
 
-bool RequiresActionForScriptExecution(const std::string& extension_id,
-                                      const std::string& host_permissions,
-                                      Manifest::Location location) {
-  scoped_refptr<const Extension> extension =
-      GetExtensionWithHostPermission(extension_id,
-                                     host_permissions,
-                                     location);
-  return extension->permissions_data()->RequiresActionForScriptExecution(
-      extension,
-      -1,  // Ignore tab id for these.
-      GURL::EmptyGURL());
-}
-
 // Checks that urls are properly restricted for the given extension.
 void CheckRestrictedUrls(const Extension* extension,
                          bool block_chrome_urls) {
   // We log the name so we know _which_ extension failed here.
   const std::string& name = extension->name();
   const GURL chrome_settings_url("chrome://settings/");
   const GURL chrome_extension_url("chrome-extension://foo/bar.html");
   const GURL google_url("https://www.google.com/");
   const GURL self_url("chrome-extension://" + extension->id() + "/foo.html");
   const GURL invalid_url("chrome-debugger://foo/bar.html");
@@ skipping 159 matching lines @@
         extension, SocketPermissionRequest::UDP_BIND, "", 8888));
 
   EXPECT_FALSE(CheckSocketPermission(
         extension, SocketPermissionRequest::UDP_SEND_TO, "example.com", 1900));
   EXPECT_TRUE(CheckSocketPermission(
         extension,
         SocketPermissionRequest::UDP_SEND_TO,
         "239.255.255.250", 1900));
 }
 
-TEST(ExtensionPermissionsTest, RequiresActionForScriptExecution) {
-  // Extensions with all_hosts should require action.
-  EXPECT_TRUE(RequiresActionForScriptExecution(
-      "all_hosts_permissions", kAllHostsPermission, Manifest::INTERNAL));
-  // Extensions with nearly all hosts are treated the same way.
-  EXPECT_TRUE(RequiresActionForScriptExecution(
-      "pseudo_all_hosts_permissions", "*://*.com/*", Manifest::INTERNAL));
-  // Extensions with explicit permissions shouldn't require action.
-  EXPECT_FALSE(RequiresActionForScriptExecution(
-      "explicit_permissions", "https://www.google.com/*", Manifest::INTERNAL));
-  // Policy extensions are exempt...
-  EXPECT_FALSE(RequiresActionForScriptExecution(
-      "policy", kAllHostsPermission, Manifest::EXTERNAL_POLICY));
-  // ... as are component extensions.
-  EXPECT_FALSE(RequiresActionForScriptExecution(
-      "component", kAllHostsPermission, Manifest::COMPONENT));
-  // Throw in an external pref extension to make sure that it's not just working
-  // for everything non-internal.
-  EXPECT_TRUE(RequiresActionForScriptExecution(
-      "external_pref", kAllHostsPermission, Manifest::EXTERNAL_PREF));
-
-  // If we grant an extension tab permissions, then it should no longer require
-  // action.
-  scoped_refptr<const Extension> extension =
-      GetExtensionWithHostPermission("all_hosts_permissions",
-                                     kAllHostsPermission,
-                                     Manifest::INTERNAL);
-  URLPatternSet allowed_hosts;
-  allowed_hosts.AddPattern(
-      URLPattern(URLPattern::SCHEME_HTTPS, "https://www.google.com/*"));
-  scoped_refptr<PermissionSet> tab_permissions(
-      new PermissionSet(APIPermissionSet(),
-                        ManifestPermissionSet(),
-                        allowed_hosts,
-                        URLPatternSet()));
-  extension->permissions_data()->UpdateTabSpecificPermissions(0,
-                                                              tab_permissions);
-  EXPECT_FALSE(extension->permissions_data()->RequiresActionForScriptExecution(
-      extension, 0, GURL("https://www.google.com/")));
-}
-
 TEST(ExtensionPermissionsTest, IsRestrictedUrl) {
   scoped_refptr<const Extension> extension =
       GetExtensionWithHostPermission("normal_extension",
                                      kAllHostsPermission,
                                      Manifest::INTERNAL);
   // Chrome urls should be blocked for normal extensions.
   CheckRestrictedUrls(extension, true);
 
   scoped_refptr<const Extension> component =
       GetExtensionWithHostPermission("component",
@@ skipping 479 matching lines @@
   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
 
   permissions_data->ClearTabSpecificPermissions(1);
   EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(1));
 
   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
 }
 
+namespace {
+
+scoped_refptr<const Extension> CreateExtensionWithPermissions(
+    const std::set<URLPattern>& scriptable_hosts,
+    const std::set<URLPattern>& explicit_hosts,
+    Manifest::Location location) {
+  ListBuilder scriptable_host_list;
+  for (std::set<URLPattern>::const_iterator pattern = scriptable_hosts.begin();
+       pattern != scriptable_hosts.end();
+       ++pattern) {
+    scriptable_host_list.Append(pattern->GetAsString());
+  }
+
+  ListBuilder explicit_host_list;
+  for (std::set<URLPattern>::const_iterator pattern = explicit_hosts.begin();
+       pattern != explicit_hosts.end();
+       ++pattern) {
+    explicit_host_list.Append(pattern->GetAsString());
+  }
+
+  DictionaryBuilder script;
+  script.Set("matches", scriptable_host_list.Pass())
+      .Set("js", ListBuilder().Append("foo.js"));
+
+  return ExtensionBuilder()
+      .SetLocation(location)
+      .SetManifest(
+           DictionaryBuilder()
+               .Set("name", "extension")
+               .Set("description", "foo")
+               .Set("manifest_version", 2)
+               .Set("version", "0.1.2.3")
+               .Set("content_scripts", ListBuilder().Append(script.Pass()))
+               .Set("permissions", explicit_host_list.Pass()))
+      .Build();
+}
+
+testing::AssertionResult SetsAreEqual(const std::set<URLPattern>& set1,
+                                      const std::set<URLPattern>& set2) {
+  // Take the (set1 - set2) U (set2 - set1). This is then the set of all
+  // elements which are in either set1 or set2, but not both.
+  // If the sets are equal, this is none.
+  std::set<URLPattern> difference = base::STLSetUnion<std::set<URLPattern> >(
+      base::STLSetDifference<std::set<URLPattern> >(set1, set2),
+      base::STLSetDifference<std::set<URLPattern> >(set2, set1));
+
+  std::string error;
+  for (std::set<URLPattern>::const_iterator iter = difference.begin();
+       iter != difference.end();
+       ++iter) {
+    if (iter->GetAsString() == "chrome://favicon/*")
+      continue;  // Grr... This is auto-added for extensions with <all_urls>
+    error = base::StringPrintf("%s\n%s contains %s and the other does not.",
+                               error.c_str(),
+                               (set1.count(*iter) ? "Set1" : "Set2"),
+                               iter->GetAsString().c_str());
+  }
+
+  if (!error.empty())
+    return testing::AssertionFailure() << error;
+  return testing::AssertionSuccess();
+}
+
+}  // namespace
+
+TEST(PermissionsDataWithheldPermissionsTest, WithholdAllHosts) {
+  // Permissions are only withheld with the appropriate switch turned on.
+  scoped_ptr<FeatureSwitch::ScopedOverride> switch_override(
+      new FeatureSwitch::ScopedOverride(
+          FeatureSwitch::scripts_require_action(),
+          FeatureSwitch::OVERRIDE_ENABLED));
+
+  URLPattern google(URLPattern::SCHEME_ALL, "http://www.google.com/*");
+  URLPattern sub_google(URLPattern::SCHEME_ALL, "http://*.google.com/*");
+  URLPattern all_http(URLPattern::SCHEME_ALL, "http://*/*");
+  URLPattern all_hosts(URLPattern::SCHEME_ALL, "<all_urls>");
+  URLPattern all_com(URLPattern::SCHEME_ALL, "http://*.com/*");
+
+  std::set<URLPattern> all_host_patterns;
+  std::set<URLPattern> safe_patterns;
+
+  all_host_patterns.insert(all_http);
+  all_host_patterns.insert(all_hosts);
+  all_host_patterns.insert(all_com);
+
+  safe_patterns.insert(google);
+  safe_patterns.insert(sub_google);
+
+  std::set<URLPattern> all_patterns = base::STLSetUnion<std::set<URLPattern> >(
+      all_host_patterns, safe_patterns);
+
+  scoped_refptr<const Extension> extension = CreateExtensionWithPermissions(
+      all_patterns, all_patterns, Manifest::INTERNAL);
+  const PermissionsData* permissions_data = extension->permissions_data();
+
+  // At first, the active permissions should have only the safe patterns and
+  // the withheld permissions should have only the all host patterns.
+  EXPECT_TRUE(SetsAreEqual(
+      permissions_data->active_permissions()->scriptable_hosts().patterns(),
+      safe_patterns));
+  EXPECT_TRUE(SetsAreEqual(
+      permissions_data->active_permissions()->explicit_hosts().patterns(),
+      safe_patterns));
+  EXPECT_TRUE(SetsAreEqual(
+      permissions_data->withheld_permissions()->scriptable_hosts().patterns(),
+      all_host_patterns));
+  EXPECT_TRUE(SetsAreEqual(
+      permissions_data->withheld_permissions()->explicit_hosts().patterns(),
+      all_host_patterns));
+
+  // Then, we grant the withheld all-hosts permissions.
+  permissions_data->GrantWithheldAllHosts();
+  // Now, active permissions should have all patterns, and withheld permissions
+  // should have none.
+  EXPECT_TRUE(SetsAreEqual(
+      permissions_data->active_permissions()->scriptable_hosts().patterns(),
+      all_patterns));
+  EXPECT_TRUE(permissions_data->withheld_permissions()
+                  ->scriptable_hosts()
+                  .patterns()
+                  .empty());
+  EXPECT_TRUE(SetsAreEqual(
+      permissions_data->active_permissions()->explicit_hosts().patterns(),
+      all_patterns));
+  EXPECT_TRUE(permissions_data->withheld_permissions()
+                  ->explicit_hosts()
+                  .patterns()
+                  .empty());
+
+  // Finally, we revoke the all hosts permissions.
+  permissions_data->WithholdAllHosts();
+
+  // We should be back to our initial state - all_hosts should be withheld, and
+  // the safe patterns should be granted.
+  EXPECT_TRUE(SetsAreEqual(
+      permissions_data->active_permissions()->scriptable_hosts().patterns(),
+      safe_patterns));
+  EXPECT_TRUE(SetsAreEqual(
+      permissions_data->active_permissions()->explicit_hosts().patterns(),
+      safe_patterns));
+  EXPECT_TRUE(SetsAreEqual(
+      permissions_data->withheld_permissions()->scriptable_hosts().patterns(),
+      all_host_patterns));
+  EXPECT_TRUE(SetsAreEqual(
+      permissions_data->withheld_permissions()->explicit_hosts().patterns(),
+      all_host_patterns));
+
+  // Creating a component extension should result in no withheld permissions.
+  extension = CreateExtensionWithPermissions(
+      all_patterns, all_patterns, Manifest::COMPONENT);
+  permissions_data = extension->permissions_data();
+  EXPECT_TRUE(SetsAreEqual(
+      permissions_data->active_permissions()->scriptable_hosts().patterns(),
+      all_patterns));
+  EXPECT_TRUE(permissions_data->withheld_permissions()
+                  ->scriptable_hosts()
+                  .patterns()
+                  .empty());
+  EXPECT_TRUE(SetsAreEqual(
+      permissions_data->active_permissions()->explicit_hosts().patterns(),
+      all_patterns));
+  EXPECT_TRUE(permissions_data->withheld_permissions()
+                  ->explicit_hosts()
+                  .patterns()
+                  .empty());
+
+  // Without the switch, we shouldn't withhold anything.
+  switch_override.reset();
+  extension = CreateExtensionWithPermissions(
+      all_patterns, all_patterns, Manifest::INTERNAL);
+  permissions_data = extension->permissions_data();
+  EXPECT_TRUE(SetsAreEqual(
+      permissions_data->active_permissions()->scriptable_hosts().patterns(),
+      all_patterns));
+  EXPECT_TRUE(permissions_data->withheld_permissions()
+                  ->scriptable_hosts()
+                  .patterns()
+                  .empty());
+  EXPECT_TRUE(SetsAreEqual(
+      permissions_data->active_permissions()->explicit_hosts().patterns(),
+      all_patterns));
+  EXPECT_TRUE(permissions_data->withheld_permissions()
+                  ->explicit_hosts()
+                  .patterns()
+                  .empty());
+}
+
 }  // namespace extensions