chrome/browser/extensions/extension_management_unittest.cc - Issue 595363002: Add policy controlled permission block list for extensions

Side by Side Diff: chrome/browser/extensions/extension_management_unittest.cc

Issue 595363002: Add policy controlled permission block list for extensions (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@ext-fix

Patch Set: more minor format fix Created 6 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« chrome/browser/extensions/extension_management_test_util.cc ('K') | « chrome/browser/extensions/extension_management_test_util.cc ('k') | chrome/browser/extensions/extension_service.cc » ('j') | chrome/browser/extensions/extension_service.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <algorithm>	5 #include <algorithm>

6 #include <vector>	6 #include <vector>

7	7

8 #include "base/json/json_parser.h"	8 #include "base/json/json_parser.h"

9 #include "base/memory/scoped_ptr.h"	9 #include "base/memory/scoped_ptr.h"

10 #include "base/prefs/pref_registry_simple.h"	10 #include "base/prefs/pref_registry_simple.h"

11 #include "base/prefs/testing_pref_service.h"	11 #include "base/prefs/testing_pref_service.h"

12 #include "base/values.h"	12 #include "base/values.h"

13 #include "chrome/browser/extensions/extension_management.h"	13 #include "chrome/browser/extensions/extension_management.h"

14 #include "chrome/browser/extensions/extension_management_internal.h"	14 #include "chrome/browser/extensions/extension_management_internal.h"

15 #include "chrome/browser/extensions/extension_management_test_util.h"	15 #include "chrome/browser/extensions/extension_management_test_util.h"

16 #include "chrome/browser/extensions/external_policy_loader.h"	16 #include "chrome/browser/extensions/external_policy_loader.h"

	17 #include "chrome/browser/extensions/standard_management_policy_provider.h"

17 #include "extensions/browser/pref_names.h"	18 #include "extensions/browser/pref_names.h"

18 #include "extensions/common/manifest.h"	19 #include "extensions/common/manifest.h"

19 #include "extensions/common/manifest_constants.h"	20 #include "extensions/common/manifest_constants.h"

	21 #include "extensions/common/permissions/api_permission.h"

	22 #include "extensions/common/permissions/permissions_info.h"

20 #include "extensions/common/url_pattern.h"	23 #include "extensions/common/url_pattern.h"

21 #include "testing/gtest/include/gtest/gtest.h"	24 #include "testing/gtest/include/gtest/gtest.h"

22 #include "url/gurl.h"	25 #include "url/gurl.h"

23	26

24 namespace extensions {	27 namespace extensions {

25	28

26 namespace {	29 namespace {

27	30

28 const char kTargetExtension[] = "abcdefghijklmnopabcdefghijklmnop";	31 const char kTargetExtension[] = "abcdefghijklmnopabcdefghijklmnop";

29 const char kTargetExtension2[] = "bcdefghijklmnopabcdefghijklmnopa";	32 const char kTargetExtension2[] = "bcdefghijklmnopabcdefghijklmnopa";

30 const char kTargetExtension3[] = "cdefghijklmnopabcdefghijklmnopab";	33 const char kTargetExtension3[] = "cdefghijklmnopabcdefghijklmnopab";

31 const char kOtherExtension[] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";	34 const char kOtherExtension[] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";

32 const char kExampleUpdateUrl[] = "http://example.com/update_url";	35 const char kExampleUpdateUrl[] = "http://example.com/update_url";

33	36

34 const char kExampleDictPreference[] =	37 const char kExampleDictPreference[] =

35 "{"	38 "{"

36 " \"abcdefghijklmnopabcdefghijklmnop\": {" // kTargetExtension	39 " \"abcdefghijklmnopabcdefghijklmnop\": {" // kTargetExtension

37 " \"installation_mode\": \"allowed\","	40 " \"installation_mode\": \"allowed\","

	41 " \"blocked_permissions\": [\"fileSystem\", \"bookmarks\"],"

38 " },"	42 " },"

39 " \"bcdefghijklmnopabcdefghijklmnopa\": {" // kTargetExtension2	43 " \"bcdefghijklmnopabcdefghijklmnopa\": {" // kTargetExtension2

40 " \"installation_mode\": \"force_installed\","	44 " \"installation_mode\": \"force_installed\","

41 " \"update_url\": \"http://example.com/update_url\","	45 " \"update_url\": \"http://example.com/update_url\","

	46 " \"allowed_permissions\": [\"fileSystem\", \"bookmarks\"],"

42 " },"	47 " },"

43 " \"cdefghijklmnopabcdefghijklmnopab\": {" // kTargetExtension3	48 " \"cdefghijklmnopabcdefghijklmnopab\": {" // kTargetExtension3

44 " \"installation_mode\": \"normal_installed\","	49 " \"installation_mode\": \"normal_installed\","

45 " \"update_url\": \"http://example.com/update_url\","	50 " \"update_url\": \"http://example.com/update_url\","

	51 " \"allowed_permissions\": [\"fileSystem\", \"downloads\"],"

	52 " \"blocked_permissions\": [\"fileSystem\", \"history\"],"

46 " },"	53 " },"

47 " \"*\": {"	54 " \"*\": {"

48 " \"installation_mode\": \"blocked\","	55 " \"installation_mode\": \"blocked\","

49 " \"install_sources\": [\"://foo.com/\"],"	56 " \"install_sources\": [\"://foo.com/\"],"

50 " \"allowed_types\": [\"theme\", \"user_script\"],"	57 " \"allowed_types\": [\"theme\", \"user_script\"],"

	58 " \"blocked_permissions\": [\"fileSystem\", \"downloads\"],"

51 " },"	59 " },"

52 "}";	60 "}";

53	61

54 } // namespace	62 } // namespace

55	63

56 class ExtensionManagementServiceTest : public testing::Test {	64 class ExtensionManagementServiceTest : public testing::Test {

57 public:	65 public:

58 typedef ExtensionManagementPrefUpdater<TestingPrefServiceSimple> PrefUpdater;	66 typedef ExtensionManagementPrefUpdater<TestingPrefServiceSimple> PrefUpdater;

59	67

60 ExtensionManagementServiceTest() {}	68 ExtensionManagementServiceTest() {}

(...skipping 56 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
117 protected:	125 protected:

118 scoped_ptr<TestingPrefServiceSimple> pref_service_;	126 scoped_ptr<TestingPrefServiceSimple> pref_service_;

119 scoped_ptr<ExtensionManagement> extension_management_;	127 scoped_ptr<ExtensionManagement> extension_management_;

120 };	128 };

121	129

122 class ExtensionAdminPolicyTest : public ExtensionManagementServiceTest {	130 class ExtensionAdminPolicyTest : public ExtensionManagementServiceTest {

123 public:	131 public:

124 ExtensionAdminPolicyTest() {}	132 ExtensionAdminPolicyTest() {}

125 virtual ~ExtensionAdminPolicyTest() {}	133 virtual ~ExtensionAdminPolicyTest() {}

126	134

	135 void SetUpPolicyProvider() {

	136 provider_.reset(

	137 new StandardManagementPolicyProvider(extension_management_.get()));

	138 }

	139

127 void CreateExtension(Manifest::Location location) {	140 void CreateExtension(Manifest::Location location) {

128 base::DictionaryValue values;	141 base::DictionaryValue values;

129 CreateExtensionFromValues(location, &values);	142 CreateExtensionFromValues(location, &values);

130 }	143 }

131	144

132 void CreateHostedApp(Manifest::Location location) {	145 void CreateHostedApp(Manifest::Location location) {

133 base::DictionaryValue values;	146 base::DictionaryValue values;

134 values.Set(extensions::manifest_keys::kWebURLs, new base::ListValue());	147 values.Set(extensions::manifest_keys::kWebURLs, new base::ListValue());

135 values.SetString(extensions::manifest_keys::kLaunchWebURL,	148 values.SetString(extensions::manifest_keys::kLaunchWebURL,

136 "http://www.example.com");	149 "http://www.example.com");

(...skipping 15 matching lines...) Expand all Loading...
152 bool UserMayLoad(const base::ListValue* blacklist,	165 bool UserMayLoad(const base::ListValue* blacklist,

153 const base::ListValue* whitelist,	166 const base::ListValue* whitelist,

154 const base::DictionaryValue* forcelist,	167 const base::DictionaryValue* forcelist,

155 const base::ListValue* allowed_types,	168 const base::ListValue* allowed_types,

156 const Extension* extension,	169 const Extension* extension,

157 base::string16* error);	170 base::string16* error);

158 bool UserMayModifySettings(const Extension* extension, base::string16* error);	171 bool UserMayModifySettings(const Extension* extension, base::string16* error);

159 bool MustRemainEnabled(const Extension* extension, base::string16* error);	172 bool MustRemainEnabled(const Extension* extension, base::string16* error);

160	173

161 protected:	174 protected:

	175 scoped_ptr<StandardManagementPolicyProvider> provider_;

162 scoped_refptr<Extension> extension_;	176 scoped_refptr<Extension> extension_;

163 };	177 };

164	178

165 bool ExtensionAdminPolicyTest::BlacklistedByDefault(	179 bool ExtensionAdminPolicyTest::BlacklistedByDefault(

166 const base::ListValue* blacklist) {	180 const base::ListValue* blacklist) {

167 InitPrefService();	181 SetUpPolicyProvider();

168 if (blacklist)	182 if (blacklist)

169 SetPref(true, pref_names::kInstallDenyList, blacklist->DeepCopy());	183 SetPref(true, pref_names::kInstallDenyList, blacklist->DeepCopy());

170 return extension_management_->BlacklistedByDefault();	184 return extension_management_->BlacklistedByDefault();

171 }	185 }

172	186

173 bool ExtensionAdminPolicyTest::UserMayLoad(	187 bool ExtensionAdminPolicyTest::UserMayLoad(

174 const base::ListValue* blacklist,	188 const base::ListValue* blacklist,

175 const base::ListValue* whitelist,	189 const base::ListValue* whitelist,

176 const base::DictionaryValue* forcelist,	190 const base::DictionaryValue* forcelist,

177 const base::ListValue* allowed_types,	191 const base::ListValue* allowed_types,

178 const Extension* extension,	192 const Extension* extension,

179 base::string16* error) {	193 base::string16* error) {

180 InitPrefService();	194 SetUpPolicyProvider();

181 if (blacklist)	195 if (blacklist)

182 SetPref(true, pref_names::kInstallDenyList, blacklist->DeepCopy());	196 SetPref(true, pref_names::kInstallDenyList, blacklist->DeepCopy());

183 if (whitelist)	197 if (whitelist)

184 SetPref(true, pref_names::kInstallAllowList, whitelist->DeepCopy());	198 SetPref(true, pref_names::kInstallAllowList, whitelist->DeepCopy());

185 if (forcelist)	199 if (forcelist)

186 SetPref(true, pref_names::kInstallForceList, forcelist->DeepCopy());	200 SetPref(true, pref_names::kInstallForceList, forcelist->DeepCopy());

187 if (allowed_types)	201 if (allowed_types)

188 SetPref(true, pref_names::kAllowedTypes, allowed_types->DeepCopy());	202 SetPref(true, pref_names::kAllowedTypes, allowed_types->DeepCopy());

189 return extension_management_->GetProvider()->UserMayLoad(extension, error);	203 return provider_->UserMayLoad(extension, error);

190 }	204 }

191	205

192 bool ExtensionAdminPolicyTest::UserMayModifySettings(const Extension* extension,	206 bool ExtensionAdminPolicyTest::UserMayModifySettings(const Extension* extension,

193 base::string16* error) {	207 base::string16* error) {

194 InitPrefService();	208 SetUpPolicyProvider();

195 return extension_management_->GetProvider()->UserMayModifySettings(extension,	209 return provider_->UserMayModifySettings(extension, error);

196 error);

197 }	210 }

198	211

199 bool ExtensionAdminPolicyTest::MustRemainEnabled(const Extension* extension,	212 bool ExtensionAdminPolicyTest::MustRemainEnabled(const Extension* extension,

200 base::string16* error) {	213 base::string16* error) {

201 InitPrefService();	214 SetUpPolicyProvider();

202 return extension_management_->GetProvider()->MustRemainEnabled(extension,	215 return provider_->MustRemainEnabled(extension, error);

203 error);

204 }	216 }

205	217

206 // Verify that preference controlled by legacy ExtensionInstallSources policy is	218 // Verify that preference controlled by legacy ExtensionInstallSources policy is

207 // handled well.	219 // handled well.

208 TEST_F(ExtensionManagementServiceTest, LegacyInstallSources) {	220 TEST_F(ExtensionManagementServiceTest, LegacyInstallSources) {

209 base::ListValue allowed_sites_pref;	221 base::ListValue allowed_sites_pref;

210 allowed_sites_pref.AppendString("https://www.example.com/foo");	222 allowed_sites_pref.AppendString("https://www.example.com/foo");

211 allowed_sites_pref.AppendString("https://corp.mycompany.com/*");	223 allowed_sites_pref.AppendString("https://corp.mycompany.com/*");

212 SetPref(	224 SetPref(

213 true, pref_names::kAllowedInstallSites, allowed_sites_pref.DeepCopy());	225 true, pref_names::kAllowedInstallSites, allowed_sites_pref.DeepCopy());

(...skipping 114 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
328 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_allowed_types);	340 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_allowed_types);

329 const std::vector<Manifest::Type>& allowed_types =	341 const std::vector<Manifest::Type>& allowed_types =

330 ReadGlobalSettings()->allowed_types;	342 ReadGlobalSettings()->allowed_types;

331 EXPECT_EQ(allowed_types.size(), 2u);	343 EXPECT_EQ(allowed_types.size(), 2u);

332 EXPECT_TRUE(std::find(allowed_types.begin(),	344 EXPECT_TRUE(std::find(allowed_types.begin(),

333 allowed_types.end(),	345 allowed_types.end(),

334 Manifest::TYPE_THEME) != allowed_types.end());	346 Manifest::TYPE_THEME) != allowed_types.end());

335 EXPECT_TRUE(std::find(allowed_types.begin(),	347 EXPECT_TRUE(std::find(allowed_types.begin(),

336 allowed_types.end(),	348 allowed_types.end(),

337 Manifest::TYPE_USER_SCRIPT) != allowed_types.end());	349 Manifest::TYPE_USER_SCRIPT) != allowed_types.end());

	350

	351 // Verifies blocked permission list settings.

	352 APIPermissionSet api_permission_set;

	353 api_permission_set.clear();

	354 api_permission_set.insert(APIPermission::kFileSystem);

	355 api_permission_set.insert(APIPermission::kDownloads);

	356 EXPECT_EQ(api_permission_set,

	357 extension_management_->GetBlockedAPIPermissions(kOtherExtension));

	358

	359 api_permission_set.clear();

	360 api_permission_set.insert(APIPermission::kFileSystem);

	361 api_permission_set.insert(APIPermission::kDownloads);

	362 api_permission_set.insert(APIPermission::kBookmark);

	363 EXPECT_EQ(api_permission_set,

	364 extension_management_->GetBlockedAPIPermissions(kTargetExtension));

	365

	366 api_permission_set.clear();

	367 api_permission_set.insert(APIPermission::kDownloads);

	368 EXPECT_EQ(api_permission_set,

	369 extension_management_->GetBlockedAPIPermissions(kTargetExtension2));

	370

	371 api_permission_set.clear();

	372 api_permission_set.insert(APIPermission::kFileSystem);

	373 api_permission_set.insert(APIPermission::kHistory);

	374 EXPECT_EQ(api_permission_set,

	375 extension_management_->GetBlockedAPIPermissions(kTargetExtension3));
	Joao da Silva 2014/10/15 14:39:26 Add tests with parsing errors in the permissions p Add tests with parsing errors in the permissions policy. binjin 2014/10/16 18:13:58 I think this tests along with unit tests for Permi Show quoted text On 2014/10/15 14:39:26, Joao da Silva wrote: > Add tests with parsing errors in the permissions policy. I think this tests along with unit tests for PermissionBasedManagementPolicyProvider covers the code well. The actual parsing re-used code that is well tested as well. Joao da Silva 2014/10/17 12:52:39 So what happens if the policy has an invalid permi Show quoted text On 2014/10/16 18:13:58, bjin wrote: > On 2014/10/15 14:39:26, Joao da Silva wrote: > > Add tests with parsing errors in the permissions policy. > > I think this tests along with unit tests for > PermissionBasedManagementPolicyProvider covers the code well. The actual parsing > re-used code that is well tested as well. So what happens if the policy has an invalid permission that fails parsing? Do we just ignore that permission? Or do we block all extensions by accident? I really think having coverage for this is a good idea. This is easier to add in extension_service_unittest.cc. binjin 2014/10/17 13:03:19 To clarify, the permission parser actually allows Show quoted text On 2014/10/17 12:52:39, Joao da Silva wrote: > On 2014/10/16 18:13:58, bjin wrote: > > On 2014/10/15 14:39:26, Joao da Silva wrote: > > > Add tests with parsing errors in the permissions policy. > > > > I think this tests along with unit tests for > > PermissionBasedManagementPolicyProvider covers the code well. The actual > parsing > > re-used code that is well tested as well. > > So what happens if the policy has an invalid permission that fails parsing? Do > we just ignore that permission? Or do we block all extensions by accident? I > really think having coverage for this is a good idea. This is easier to add in > extension_service_unittest.cc. To clarify, the permission parser actually allows unknown permission for backward compatibility purpose. Since these invalid permissions(might be introduced in a newer version of chrome) are currently unknown to the chrome version that user are using, it's safe to just ignore them. I will add few comments regarding this and include a few invalid permissions in example preference. binjin 2014/10/17 14:04:22 Done. Show quoted text On 2014/10/17 12:52:39, Joao da Silva wrote: > On 2014/10/16 18:13:58, bjin wrote: > > On 2014/10/15 14:39:26, Joao da Silva wrote: > > > Add tests with parsing errors in the permissions policy. > > > > I think this tests along with unit tests for > > PermissionBasedManagementPolicyProvider covers the code well. The actual > parsing > > re-used code that is well tested as well. > > So what happens if the policy has an invalid permission that fails parsing? Do > we just ignore that permission? Or do we block all extensions by accident? I > really think having coverage for this is a good idea. This is easier to add in > extension_service_unittest.cc. Done.
338 }	376 }

339	377

340 // Tests functionality of new preference as to deprecate legacy	378 // Tests functionality of new preference as to deprecate legacy

341 // ExtensionInstallSources policy.	379 // ExtensionInstallSources policy.

342 TEST_F(ExtensionManagementServiceTest, NewInstallSources) {	380 TEST_F(ExtensionManagementServiceTest, NewInstallSources) {

343 // Set the legacy preference, and verifies that it works.	381 // Set the legacy preference, and verifies that it works.

344 base::ListValue allowed_sites_pref;	382 base::ListValue allowed_sites_pref;

345 allowed_sites_pref.AppendString("https://www.example.com/foo");	383 allowed_sites_pref.AppendString("https://www.example.com/foo");

346 SetPref(	384 SetPref(

347 true, pref_names::kAllowedInstallSites, allowed_sites_pref.DeepCopy());	385 true, pref_names::kAllowedInstallSites, allowed_sites_pref.DeepCopy());

(...skipping 289 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
637 EXPECT_FALSE(error.empty());	675 EXPECT_FALSE(error.empty());

638	676

639 CreateExtension(Manifest::INTERNAL);	677 CreateExtension(Manifest::INTERNAL);

640 error.clear();	678 error.clear();

641 EXPECT_FALSE(MustRemainEnabled(extension_.get(), NULL));	679 EXPECT_FALSE(MustRemainEnabled(extension_.get(), NULL));

642 EXPECT_FALSE(MustRemainEnabled(extension_.get(), &error));	680 EXPECT_FALSE(MustRemainEnabled(extension_.get(), &error));

643 EXPECT_TRUE(error.empty());	681 EXPECT_TRUE(error.empty());

644 }	682 }

645	683

646 } // namespace extensions	684 } // namespace extensions

OLD	NEW