chrome/browser/extensions/permissions_based_management_policy_provider_unittest.cc - Issue 595363002: Add policy controlled permission block list for extensions

Side by Side Diff: chrome/browser/extensions/permissions_based_management_policy_provider_unittest.cc

Issue 595363002: Add policy controlled permission block list for extensions (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@ext-fix

Patch Set: more minor format fix Created 6 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« chrome/browser/extensions/permissions_based_management_policy_provider.cc ('K') | « chrome/browser/extensions/permissions_based_management_policy_provider.cc ('k') | chrome/browser/extensions/test_extension_system.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright 2014 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include <string>

	6 #include <vector>

	7

	8 #include "base/logging.h"

	9 #include "base/memory/ref_counted.h"

	10 #include "base/memory/scoped_ptr.h"

	11 #include "base/prefs/pref_registry_simple.h"

	12 #include "base/prefs/testing_pref_service.h"

	13 #include "base/strings/string16.h"

	14 #include "base/values.h"

	15 #include "chrome/browser/extensions/extension_management.h"

	16 #include "chrome/browser/extensions/extension_management_test_util.h"

	17 #include "chrome/browser/extensions/permissions_based_management_policy_provider .h"

	18 #include "chrome/common/extensions/permissions/chrome_api_permissions.h"

	19 #include "extensions/common/extension.h"

	20 #include "extensions/common/manifest.h"

	21 #include "extensions/common/manifest_constants.h"

	22 #include "extensions/common/permissions/api_permission.h"

	23 #include "testing/gtest/include/gtest/gtest.h"

	24

	25 namespace extensions {

	26

	27 class PermissionsBasedManagementPolicyProviderTest : public testing::Test {

	28 public:

	29 typedef ExtensionManagementPrefUpdater<TestingPrefServiceSimple> PrefUpdater;

	30

	31 PermissionsBasedManagementPolicyProviderTest()

	32 : pref_service_(new TestingPrefServiceSimple()),

	33 settings_(new ExtensionManagement(pref_service_.get())),

	34 provider_(settings_.get()) {}

	35

	36 virtual void SetUp() override {

	37 ChromeAPIPermissions api_permissions;

	38 perm_list_ = api_permissions.GetAllPermissions();

	39 pref_service_->registry()->RegisterDictionaryPref(

	40 pref_names::kExtensionManagement);

	41 }

	42

	43 // Get API permissions name for \|id\|, we cannot use arbitrary strings since

	44 // they will be ignored by ExtensionManagementService.

	45 std::string GetAPIPermissionName(APIPermission::ID id) {

	46 for (auto perm : perm_list_) {
	Joao da Silva 2014/10/15 14:39:26 const auto& const auto& binjin 2014/10/16 18:13:58 Done. Show quoted text On 2014/10/15 14:39:26, Joao da Silva wrote: > const auto& Done.
	47 if (perm->id() == id)

	48 return perm->name();

	49 }

	50 NOTREACHED();
	Joao da Silva 2014/10/15 14:39:26 ADD_FAILURE() << "Permission not found: " << id; ADD_FAILURE() << "Permission not found: " << id; binjin 2014/10/16 18:13:58 Done. Show quoted text On 2014/10/15 14:39:26, Joao da Silva wrote: > ADD_FAILURE() << "Permission not found: " << id; Done.
	51 return std::string();

	52 }

	53

	54 // Create an extension with specified \|location\|, \|required_permissions\| and

	55 // \|optional_permissions\|.

	56 scoped_refptr<const Extension> CreateExtensionWithPermission(

	57 Manifest::Location location,

	58 const base::ListValue* required_permissions,

	59 const base::ListValue* optional_permissions) {

	60 base::DictionaryValue manifest_dict;

	61 manifest_dict.SetString(manifest_keys::kName, "test");

	62 manifest_dict.SetString(manifest_keys::kVersion, "0.1");

	63 if (required_permissions) {

	64 manifest_dict.Set(manifest_keys::kPermissions,

	65 required_permissions->DeepCopy());

	66 }

	67 if (optional_permissions) {

	68 manifest_dict.Set(manifest_keys::kOptionalPermissions,

	69 optional_permissions->DeepCopy());

	70 }

	71 std::string error;

	72 scoped_refptr<const Extension> extension = Extension::Create(

	73 base::FilePath(), location, manifest_dict, Extension::NO_FLAGS, &error);

	74 CHECK(extension.get()) << error;

	75 return extension;

	76 }

	77

	78 protected:

	79 std::vector<APIPermissionInfo*> perm_list_;

	80

	81 scoped_ptr<TestingPrefServiceSimple> pref_service_;

	82 scoped_ptr<ExtensionManagement> settings_;

	83

	84 PermissionsBasedManagementPolicyProvider provider_;

	85 };

	86

	87 // Verifies that extensions with conflicting permissiosn cannot be loaded.
	Joao da Silva 2014/10/15 14:39:26 permissions permissions binjin 2014/10/16 18:13:58 Done. Show quoted text On 2014/10/15 14:39:26, Joao da Silva wrote: > permissions Done.
	88 TEST_F(PermissionsBasedManagementPolicyProviderTest, APIPermissions) {

	89 // Prepares the extension manifest.

	90 base::ListValue required_permissions;

	91 required_permissions.AppendString(

	92 GetAPIPermissionName(APIPermission::kDownloads));

	93 required_permissions.AppendString(

	94 GetAPIPermissionName(APIPermission::kCookie));

	95 base::ListValue optional_permissions;

	96 optional_permissions.AppendString(

	97 GetAPIPermissionName(APIPermission::kProxy));

	98

	99 scoped_refptr<const Extension> extension =

	100 CreateExtensionWithPermission(Manifest::EXTERNAL_POLICY_DOWNLOAD,

	101 &required_permissions,

	102 &optional_permissions);

	103

	104 base::string16 error16;

	105 // The extension should be allowed to be loaded by default.

	106 error16.clear();

	107 EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error16));

	108 EXPECT_TRUE(error16.empty());

	109

	110 // Blocks kProxy by default. The test extension should still be allowed.

	111 {

	112 PrefUpdater pref(pref_service_.get());

	113 pref.AddBlockedPermission("*",

	114 GetAPIPermissionName(APIPermission::kProxy));

	115 }

	116 error16.clear();

	117 EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error16));

	118 EXPECT_TRUE(error16.empty());

	119

	120 // Blocks kCookie this time. The test extension should not be allowed now.

	121 {

	122 PrefUpdater pref(pref_service_.get());

	123 pref.AddBlockedPermission("*",

	124 GetAPIPermissionName(APIPermission::kCookie));

	125 }

	126 error16.clear();

	127 EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error16));

	128 EXPECT_FALSE(error16.empty());

	129

	130 // Explictly allows kCookie for test extension. It should be allowed again.

	131 {

	132 PrefUpdater pref(pref_service_.get());

	133 pref.AddAllowedPermission(extension->id(),

	134 GetAPIPermissionName(APIPermission::kCookie));

	135 }

	136 error16.clear();

	137 EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error16));

	138 EXPECT_TRUE(error16.empty());

	139

	140 // Explictly blocks kCookie for test extension. It should be blocked again.

	141 {

	142 PrefUpdater pref(pref_service_.get());

	143 pref.AddBlockedPermission(extension->id(),

	144 GetAPIPermissionName(APIPermission::kCookie));

	145 }

	146 error16.clear();

	147 EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error16));

	148 EXPECT_FALSE(error16.empty());

	149

	150 // Blocks kDownloads by default. It should be blocked.

	151 {

	152 PrefUpdater pref(pref_service_.get());

	153 pref.UnsetBlockedPermissions(extension->id());

	154 pref.UnsetAllowedPermissions(extension->id());

	155 pref.ClearBlockedPermissions("*");

	156 pref.AddBlockedPermission("*",

	157 GetAPIPermissionName(APIPermission::kDownloads));

	158 }

	159 error16.clear();

	160 EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error16));

	161 EXPECT_FALSE(error16.empty());

	162 }

	163

	164 } // namespace extensions

OLD	NEW