| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <algorithm> | 5 #include <algorithm> |
| 6 #include <vector> | 6 #include <vector> |
| 7 | 7 |
| 8 #include "base/json/json_parser.h" | 8 #include "base/json/json_parser.h" |
| 9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "base/prefs/pref_registry_simple.h" | 10 #include "base/prefs/pref_registry_simple.h" |
| 11 #include "base/prefs/testing_pref_service.h" | 11 #include "base/prefs/testing_pref_service.h" |
| 12 #include "base/values.h" | 12 #include "base/values.h" |
| 13 #include "chrome/browser/extensions/extension_management.h" | 13 #include "chrome/browser/extensions/extension_management.h" |
| 14 #include "chrome/browser/extensions/extension_management_internal.h" | 14 #include "chrome/browser/extensions/extension_management_internal.h" |
| 15 #include "chrome/browser/extensions/extension_management_test_util.h" | 15 #include "chrome/browser/extensions/extension_management_test_util.h" |
| 16 #include "chrome/browser/extensions/external_policy_loader.h" | 16 #include "chrome/browser/extensions/external_policy_loader.h" |
| 17 #include "chrome/browser/extensions/standard_management_policy_provider.h" |
| 17 #include "extensions/browser/pref_names.h" | 18 #include "extensions/browser/pref_names.h" |
| 18 #include "extensions/common/manifest.h" | 19 #include "extensions/common/manifest.h" |
| 19 #include "extensions/common/manifest_constants.h" | 20 #include "extensions/common/manifest_constants.h" |
| 21 #include "extensions/common/permissions/api_permission.h" |
| 22 #include "extensions/common/permissions/permissions_info.h" |
| 20 #include "extensions/common/url_pattern.h" | 23 #include "extensions/common/url_pattern.h" |
| 21 #include "testing/gtest/include/gtest/gtest.h" | 24 #include "testing/gtest/include/gtest/gtest.h" |
| 22 #include "url/gurl.h" | 25 #include "url/gurl.h" |
| 23 | 26 |
| 24 namespace extensions { | 27 namespace extensions { |
| 25 | 28 |
| 26 namespace { | 29 namespace { |
| 27 | 30 |
| 28 const char kTargetExtension[] = "abcdefghijklmnopabcdefghijklmnop"; | 31 const char kTargetExtension[] = "abcdefghijklmnopabcdefghijklmnop"; |
| 29 const char kTargetExtension2[] = "bcdefghijklmnopabcdefghijklmnopa"; | 32 const char kTargetExtension2[] = "bcdefghijklmnopabcdefghijklmnopa"; |
| 30 const char kTargetExtension3[] = "cdefghijklmnopabcdefghijklmnopab"; | 33 const char kTargetExtension3[] = "cdefghijklmnopabcdefghijklmnopab"; |
| 31 const char kTargetExtension4[] = "defghijklmnopabcdefghijklmnopabc"; | 34 const char kTargetExtension4[] = "defghijklmnopabcdefghijklmnopabc"; |
| 32 const char kOtherExtension[] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; | 35 const char kOtherExtension[] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; |
| 33 const char kExampleUpdateUrl[] = "http://example.com/update_url"; | 36 const char kExampleUpdateUrl[] = "http://example.com/update_url"; |
| 34 | 37 |
| 35 const char kExampleDictPreference[] = | 38 const char kExampleDictPreference[] = |
| 36 "{" | 39 "{" |
| 37 " \"abcdefghijklmnopabcdefghijklmnop\": {" // kTargetExtension | 40 " \"abcdefghijklmnopabcdefghijklmnop\": {" // kTargetExtension |
| 38 " \"installation_mode\": \"allowed\"," | 41 " \"installation_mode\": \"allowed\"," |
| 42 " \"blocked_permissions\": [\"fileSystem\", \"bookmarks\"]," |
| 39 " }," | 43 " }," |
| 40 " \"bcdefghijklmnopabcdefghijklmnopa\": {" // kTargetExtension2 | 44 " \"bcdefghijklmnopabcdefghijklmnopa\": {" // kTargetExtension2 |
| 41 " \"installation_mode\": \"force_installed\"," | 45 " \"installation_mode\": \"force_installed\"," |
| 42 " \"update_url\": \"http://example.com/update_url\"," | 46 " \"update_url\": \"http://example.com/update_url\"," |
| 47 " \"allowed_permissions\": [\"fileSystem\", \"bookmarks\"]," |
| 43 " }," | 48 " }," |
| 44 " \"cdefghijklmnopabcdefghijklmnopab\": {" // kTargetExtension3 | 49 " \"cdefghijklmnopabcdefghijklmnopab\": {" // kTargetExtension3 |
| 45 " \"installation_mode\": \"normal_installed\"," | 50 " \"installation_mode\": \"normal_installed\"," |
| 46 " \"update_url\": \"http://example.com/update_url\"," | 51 " \"update_url\": \"http://example.com/update_url\"," |
| 52 " \"allowed_permissions\": [\"fileSystem\", \"downloads\"]," |
| 53 " \"blocked_permissions\": [\"fileSystem\", \"history\"]," |
| 47 " }," | 54 " }," |
| 48 " \"defghijklmnopabcdefghijklmnopabc\": {" // kTargetExtension4 | 55 " \"defghijklmnopabcdefghijklmnopabc\": {" // kTargetExtension4 |
| 49 " \"installation_mode\": \"blocked\"," | 56 " \"installation_mode\": \"blocked\"," |
| 50 " }," | 57 " }," |
| 51 " \"*\": {" | 58 " \"*\": {" |
| 52 " \"installation_mode\": \"blocked\"," | 59 " \"installation_mode\": \"blocked\"," |
| 53 " \"install_sources\": [\"*://foo.com/*\"]," | 60 " \"install_sources\": [\"*://foo.com/*\"]," |
| 54 " \"allowed_types\": [\"theme\", \"user_script\"]," | 61 " \"allowed_types\": [\"theme\", \"user_script\"]," |
| 62 " \"blocked_permissions\": [\"fileSystem\", \"downloads\"]," |
| 55 " }," | 63 " }," |
| 56 "}"; | 64 "}"; |
| 57 | 65 |
| 58 } // namespace | 66 } // namespace |
| 59 | 67 |
| 60 class ExtensionManagementServiceTest : public testing::Test { | 68 class ExtensionManagementServiceTest : public testing::Test { |
| 61 public: | 69 public: |
| 62 typedef ExtensionManagementPrefUpdater<TestingPrefServiceSimple> PrefUpdater; | 70 typedef ExtensionManagementPrefUpdater<TestingPrefServiceSimple> PrefUpdater; |
| 63 | 71 |
| 64 ExtensionManagementServiceTest() {} | 72 ExtensionManagementServiceTest() {} |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 119 protected: | 127 protected: |
| 120 scoped_ptr<TestingPrefServiceSimple> pref_service_; | 128 scoped_ptr<TestingPrefServiceSimple> pref_service_; |
| 121 scoped_ptr<ExtensionManagement> extension_management_; | 129 scoped_ptr<ExtensionManagement> extension_management_; |
| 122 }; | 130 }; |
| 123 | 131 |
| 124 class ExtensionAdminPolicyTest : public ExtensionManagementServiceTest { | 132 class ExtensionAdminPolicyTest : public ExtensionManagementServiceTest { |
| 125 public: | 133 public: |
| 126 ExtensionAdminPolicyTest() {} | 134 ExtensionAdminPolicyTest() {} |
| 127 ~ExtensionAdminPolicyTest() override {} | 135 ~ExtensionAdminPolicyTest() override {} |
| 128 | 136 |
| 137 void SetUpPolicyProvider() { |
| 138 provider_.reset( |
| 139 new StandardManagementPolicyProvider(extension_management_.get())); |
| 140 } |
| 141 |
| 129 void CreateExtension(Manifest::Location location) { | 142 void CreateExtension(Manifest::Location location) { |
| 130 base::DictionaryValue values; | 143 base::DictionaryValue values; |
| 131 CreateExtensionFromValues(location, &values); | 144 CreateExtensionFromValues(location, &values); |
| 132 } | 145 } |
| 133 | 146 |
| 134 void CreateHostedApp(Manifest::Location location) { | 147 void CreateHostedApp(Manifest::Location location) { |
| 135 base::DictionaryValue values; | 148 base::DictionaryValue values; |
| 136 values.Set(extensions::manifest_keys::kWebURLs, new base::ListValue()); | 149 values.Set(extensions::manifest_keys::kWebURLs, new base::ListValue()); |
| 137 values.SetString(extensions::manifest_keys::kLaunchWebURL, | 150 values.SetString(extensions::manifest_keys::kLaunchWebURL, |
| 138 "http://www.example.com"); | 151 "http://www.example.com"); |
| (...skipping 15 matching lines...) Expand all Loading... |
| 154 bool UserMayLoad(const base::ListValue* blacklist, | 167 bool UserMayLoad(const base::ListValue* blacklist, |
| 155 const base::ListValue* whitelist, | 168 const base::ListValue* whitelist, |
| 156 const base::DictionaryValue* forcelist, | 169 const base::DictionaryValue* forcelist, |
| 157 const base::ListValue* allowed_types, | 170 const base::ListValue* allowed_types, |
| 158 const Extension* extension, | 171 const Extension* extension, |
| 159 base::string16* error); | 172 base::string16* error); |
| 160 bool UserMayModifySettings(const Extension* extension, base::string16* error); | 173 bool UserMayModifySettings(const Extension* extension, base::string16* error); |
| 161 bool MustRemainEnabled(const Extension* extension, base::string16* error); | 174 bool MustRemainEnabled(const Extension* extension, base::string16* error); |
| 162 | 175 |
| 163 protected: | 176 protected: |
| 177 scoped_ptr<StandardManagementPolicyProvider> provider_; |
| 164 scoped_refptr<Extension> extension_; | 178 scoped_refptr<Extension> extension_; |
| 165 }; | 179 }; |
| 166 | 180 |
| 167 bool ExtensionAdminPolicyTest::BlacklistedByDefault( | 181 bool ExtensionAdminPolicyTest::BlacklistedByDefault( |
| 168 const base::ListValue* blacklist) { | 182 const base::ListValue* blacklist) { |
| 169 InitPrefService(); | 183 SetUpPolicyProvider(); |
| 170 if (blacklist) | 184 if (blacklist) |
| 171 SetPref(true, pref_names::kInstallDenyList, blacklist->DeepCopy()); | 185 SetPref(true, pref_names::kInstallDenyList, blacklist->DeepCopy()); |
| 172 return extension_management_->BlacklistedByDefault(); | 186 return extension_management_->BlacklistedByDefault(); |
| 173 } | 187 } |
| 174 | 188 |
| 175 bool ExtensionAdminPolicyTest::UserMayLoad( | 189 bool ExtensionAdminPolicyTest::UserMayLoad( |
| 176 const base::ListValue* blacklist, | 190 const base::ListValue* blacklist, |
| 177 const base::ListValue* whitelist, | 191 const base::ListValue* whitelist, |
| 178 const base::DictionaryValue* forcelist, | 192 const base::DictionaryValue* forcelist, |
| 179 const base::ListValue* allowed_types, | 193 const base::ListValue* allowed_types, |
| 180 const Extension* extension, | 194 const Extension* extension, |
| 181 base::string16* error) { | 195 base::string16* error) { |
| 182 InitPrefService(); | 196 SetUpPolicyProvider(); |
| 183 if (blacklist) | 197 if (blacklist) |
| 184 SetPref(true, pref_names::kInstallDenyList, blacklist->DeepCopy()); | 198 SetPref(true, pref_names::kInstallDenyList, blacklist->DeepCopy()); |
| 185 if (whitelist) | 199 if (whitelist) |
| 186 SetPref(true, pref_names::kInstallAllowList, whitelist->DeepCopy()); | 200 SetPref(true, pref_names::kInstallAllowList, whitelist->DeepCopy()); |
| 187 if (forcelist) | 201 if (forcelist) |
| 188 SetPref(true, pref_names::kInstallForceList, forcelist->DeepCopy()); | 202 SetPref(true, pref_names::kInstallForceList, forcelist->DeepCopy()); |
| 189 if (allowed_types) | 203 if (allowed_types) |
| 190 SetPref(true, pref_names::kAllowedTypes, allowed_types->DeepCopy()); | 204 SetPref(true, pref_names::kAllowedTypes, allowed_types->DeepCopy()); |
| 191 return extension_management_->GetProvider()->UserMayLoad(extension, error); | 205 return provider_->UserMayLoad(extension, error); |
| 192 } | 206 } |
| 193 | 207 |
| 194 bool ExtensionAdminPolicyTest::UserMayModifySettings(const Extension* extension, | 208 bool ExtensionAdminPolicyTest::UserMayModifySettings(const Extension* extension, |
| 195 base::string16* error) { | 209 base::string16* error) { |
| 196 InitPrefService(); | 210 SetUpPolicyProvider(); |
| 197 return extension_management_->GetProvider()->UserMayModifySettings(extension, | 211 return provider_->UserMayModifySettings(extension, error); |
| 198 error); | |
| 199 } | 212 } |
| 200 | 213 |
| 201 bool ExtensionAdminPolicyTest::MustRemainEnabled(const Extension* extension, | 214 bool ExtensionAdminPolicyTest::MustRemainEnabled(const Extension* extension, |
| 202 base::string16* error) { | 215 base::string16* error) { |
| 203 InitPrefService(); | 216 SetUpPolicyProvider(); |
| 204 return extension_management_->GetProvider()->MustRemainEnabled(extension, | 217 return provider_->MustRemainEnabled(extension, error); |
| 205 error); | |
| 206 } | 218 } |
| 207 | 219 |
| 208 // Verify that preference controlled by legacy ExtensionInstallSources policy is | 220 // Verify that preference controlled by legacy ExtensionInstallSources policy is |
| 209 // handled well. | 221 // handled well. |
| 210 TEST_F(ExtensionManagementServiceTest, LegacyInstallSources) { | 222 TEST_F(ExtensionManagementServiceTest, LegacyInstallSources) { |
| 211 base::ListValue allowed_sites_pref; | 223 base::ListValue allowed_sites_pref; |
| 212 allowed_sites_pref.AppendString("https://www.example.com/foo"); | 224 allowed_sites_pref.AppendString("https://www.example.com/foo"); |
| 213 allowed_sites_pref.AppendString("https://corp.mycompany.com/*"); | 225 allowed_sites_pref.AppendString("https://corp.mycompany.com/*"); |
| 214 SetPref( | 226 SetPref( |
| 215 true, pref_names::kAllowedInstallSites, allowed_sites_pref.DeepCopy()); | 227 true, pref_names::kAllowedInstallSites, allowed_sites_pref.DeepCopy()); |
| (...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 330 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_allowed_types); | 342 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_allowed_types); |
| 331 const std::vector<Manifest::Type>& allowed_types = | 343 const std::vector<Manifest::Type>& allowed_types = |
| 332 ReadGlobalSettings()->allowed_types; | 344 ReadGlobalSettings()->allowed_types; |
| 333 EXPECT_EQ(allowed_types.size(), 2u); | 345 EXPECT_EQ(allowed_types.size(), 2u); |
| 334 EXPECT_TRUE(std::find(allowed_types.begin(), | 346 EXPECT_TRUE(std::find(allowed_types.begin(), |
| 335 allowed_types.end(), | 347 allowed_types.end(), |
| 336 Manifest::TYPE_THEME) != allowed_types.end()); | 348 Manifest::TYPE_THEME) != allowed_types.end()); |
| 337 EXPECT_TRUE(std::find(allowed_types.begin(), | 349 EXPECT_TRUE(std::find(allowed_types.begin(), |
| 338 allowed_types.end(), | 350 allowed_types.end(), |
| 339 Manifest::TYPE_USER_SCRIPT) != allowed_types.end()); | 351 Manifest::TYPE_USER_SCRIPT) != allowed_types.end()); |
| 352 |
| 353 // Verifies blocked permission list settings. |
| 354 APIPermissionSet api_permission_set; |
| 355 api_permission_set.clear(); |
| 356 api_permission_set.insert(APIPermission::kFileSystem); |
| 357 api_permission_set.insert(APIPermission::kDownloads); |
| 358 EXPECT_EQ(api_permission_set, |
| 359 extension_management_->GetBlockedAPIPermissions(kOtherExtension)); |
| 360 |
| 361 api_permission_set.clear(); |
| 362 api_permission_set.insert(APIPermission::kFileSystem); |
| 363 api_permission_set.insert(APIPermission::kDownloads); |
| 364 api_permission_set.insert(APIPermission::kBookmark); |
| 365 EXPECT_EQ(api_permission_set, |
| 366 extension_management_->GetBlockedAPIPermissions(kTargetExtension)); |
| 367 |
| 368 api_permission_set.clear(); |
| 369 api_permission_set.insert(APIPermission::kDownloads); |
| 370 EXPECT_EQ(api_permission_set, |
| 371 extension_management_->GetBlockedAPIPermissions(kTargetExtension2)); |
| 372 |
| 373 api_permission_set.clear(); |
| 374 api_permission_set.insert(APIPermission::kFileSystem); |
| 375 api_permission_set.insert(APIPermission::kHistory); |
| 376 EXPECT_EQ(api_permission_set, |
| 377 extension_management_->GetBlockedAPIPermissions(kTargetExtension3)); |
| 340 } | 378 } |
| 341 | 379 |
| 342 // Tests functionality of new preference as to deprecate legacy | 380 // Tests functionality of new preference as to deprecate legacy |
| 343 // ExtensionInstallSources policy. | 381 // ExtensionInstallSources policy. |
| 344 TEST_F(ExtensionManagementServiceTest, NewInstallSources) { | 382 TEST_F(ExtensionManagementServiceTest, NewInstallSources) { |
| 345 // Set the legacy preference, and verifies that it works. | 383 // Set the legacy preference, and verifies that it works. |
| 346 base::ListValue allowed_sites_pref; | 384 base::ListValue allowed_sites_pref; |
| 347 allowed_sites_pref.AppendString("https://www.example.com/foo"); | 385 allowed_sites_pref.AppendString("https://www.example.com/foo"); |
| 348 SetPref( | 386 SetPref( |
| 349 true, pref_names::kAllowedInstallSites, allowed_sites_pref.DeepCopy()); | 387 true, pref_names::kAllowedInstallSites, allowed_sites_pref.DeepCopy()); |
| (...skipping 326 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 676 EXPECT_FALSE(error.empty()); | 714 EXPECT_FALSE(error.empty()); |
| 677 | 715 |
| 678 CreateExtension(Manifest::INTERNAL); | 716 CreateExtension(Manifest::INTERNAL); |
| 679 error.clear(); | 717 error.clear(); |
| 680 EXPECT_FALSE(MustRemainEnabled(extension_.get(), NULL)); | 718 EXPECT_FALSE(MustRemainEnabled(extension_.get(), NULL)); |
| 681 EXPECT_FALSE(MustRemainEnabled(extension_.get(), &error)); | 719 EXPECT_FALSE(MustRemainEnabled(extension_.get(), &error)); |
| 682 EXPECT_TRUE(error.empty()); | 720 EXPECT_TRUE(error.empty()); |
| 683 } | 721 } |
| 684 | 722 |
| 685 } // namespace extensions | 723 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 595363002:
Add policy controlled permission block list for extensions (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@ext-fix