| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/api/permissions/permissions_api.h" | 5 #include "chrome/browser/extensions/api/permissions/permissions_api.h" |
| 6 #include "chrome/browser/extensions/extension_apitest.h" | 6 #include "chrome/browser/extensions/extension_apitest.h" |
| 7 #include "chrome/browser/extensions/extension_management_test_util.h" |
| 7 #include "chrome/browser/profiles/profile.h" | 8 #include "chrome/browser/profiles/profile.h" |
| 8 #include "chrome/browser/ui/browser.h" | 9 #include "chrome/browser/ui/browser.h" |
| 10 #include "components/policy/core/browser/browser_policy_connector.h" |
| 11 #include "components/policy/core/common/mock_configuration_policy_provider.h" |
| 9 #include "extensions/browser/extension_prefs.h" | 12 #include "extensions/browser/extension_prefs.h" |
| 10 #include "extensions/common/permissions/permission_set.h" | 13 #include "extensions/common/permissions/permission_set.h" |
| 11 #include "extensions/common/switches.h" | 14 #include "extensions/common/switches.h" |
| 12 #include "net/dns/mock_host_resolver.h" | 15 #include "net/dns/mock_host_resolver.h" |
| 13 | 16 |
| 14 namespace extensions { | 17 namespace extensions { |
| 15 | 18 |
| 16 namespace { | 19 namespace { |
| 17 | 20 |
| 18 static void AddPattern(URLPatternSet* extent, const std::string& pattern) { | 21 static void AddPattern(URLPatternSet* extent, const std::string& pattern) { |
| 19 int schemes = URLPattern::SCHEME_ALL; | 22 int schemes = URLPattern::SCHEME_ALL; |
| 20 extent->AddPattern(URLPattern(schemes, pattern)); | 23 extent->AddPattern(URLPattern(schemes, pattern)); |
| 21 } | 24 } |
| 22 | 25 |
| 23 } // namespace | 26 } // namespace |
| 24 | 27 |
| 25 class ExperimentalApiTest : public ExtensionApiTest { | 28 class ExperimentalApiTest : public ExtensionApiTest { |
| 26 public: | 29 public: |
| 27 void SetUpCommandLine(CommandLine* command_line) override { | 30 void SetUpCommandLine(CommandLine* command_line) override { |
| 28 ExtensionApiTest::SetUpCommandLine(command_line); | 31 ExtensionApiTest::SetUpCommandLine(command_line); |
| 29 command_line->AppendSwitch(switches::kEnableExperimentalExtensionApis); | 32 command_line->AppendSwitch(switches::kEnableExperimentalExtensionApis); |
| 30 } | 33 } |
| 31 }; | 34 }; |
| 32 | 35 |
| 36 class ExtensionApiTestWithManagementPolicy : public ExtensionApiTest { |
| 37 public: |
| 38 void SetUpInProcessBrowserTestFixture() override { |
| 39 ExtensionApiTest::SetUpInProcessBrowserTestFixture(); |
| 40 EXPECT_CALL(policy_provider_, IsInitializationComplete(testing::_)) |
| 41 .WillRepeatedly(testing::Return(true)); |
| 42 policy_provider_.SetAutoRefresh(); |
| 43 policy::BrowserPolicyConnector::SetPolicyProviderForTesting( |
| 44 &policy_provider_); |
| 45 } |
| 46 |
| 47 protected: |
| 48 policy::MockConfigurationPolicyProvider policy_provider_; |
| 49 }; |
| 50 |
| 33 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, PermissionsFail) { | 51 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, PermissionsFail) { |
| 34 ASSERT_TRUE(RunExtensionTest("permissions/disabled")) << message_; | 52 ASSERT_TRUE(RunExtensionTest("permissions/disabled")) << message_; |
| 35 | 53 |
| 36 // Since the experimental APIs require a flag, this will fail even though | 54 // Since the experimental APIs require a flag, this will fail even though |
| 37 // it's enabled. | 55 // it's enabled. |
| 38 // TODO(erikkay) This test is currently broken because LoadExtension in | 56 // TODO(erikkay) This test is currently broken because LoadExtension in |
| 39 // ExtensionBrowserTest doesn't actually fail, it just times out. To fix this | 57 // ExtensionBrowserTest doesn't actually fail, it just times out. To fix this |
| 40 // I'll need to add an EXTENSION_LOAD_ERROR notification, which is probably | 58 // I'll need to add an EXTENSION_LOAD_ERROR notification, which is probably |
| 41 // too much for the branch. I'll enable this on trunk later. | 59 // too much for the branch. I'll enable this on trunk later. |
| 42 //ASSERT_FALSE(RunExtensionTest("permissions/enabled"))) << message_; | 60 //ASSERT_FALSE(RunExtensionTest("permissions/enabled"))) << message_; |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 121 // callback. | 139 // callback. |
| 122 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsRetainGesture) { | 140 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsRetainGesture) { |
| 123 PermissionsRequestFunction::SetAutoConfirmForTests(true); | 141 PermissionsRequestFunction::SetAutoConfirmForTests(true); |
| 124 PermissionsRequestFunction::SetIgnoreUserGestureForTests(false); | 142 PermissionsRequestFunction::SetIgnoreUserGestureForTests(false); |
| 125 host_resolver()->AddRule("*.com", "127.0.0.1"); | 143 host_resolver()->AddRule("*.com", "127.0.0.1"); |
| 126 ASSERT_TRUE(StartEmbeddedTestServer()); | 144 ASSERT_TRUE(StartEmbeddedTestServer()); |
| 127 EXPECT_TRUE(RunExtensionTest("permissions/optional_retain_gesture")) | 145 EXPECT_TRUE(RunExtensionTest("permissions/optional_retain_gesture")) |
| 128 << message_; | 146 << message_; |
| 129 } | 147 } |
| 130 | 148 |
| 149 // Test that optional permissions blocked by enterprise policy will be denied |
| 150 // automatically. |
| 151 IN_PROC_BROWSER_TEST_F(ExtensionApiTestWithManagementPolicy, |
| 152 OptionalPermissionsPolicyBlocked) { |
| 153 // Set enterprise policy to block some API permissions. |
| 154 { |
| 155 ExtensionManagementPolicyUpdater pref(&policy_provider_); |
| 156 pref.AddBlockedPermission("*", "management"); |
| 157 } |
| 158 // Set auto confirm UI flag. |
| 159 PermissionsRequestFunction::SetAutoConfirmForTests(true); |
| 160 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true); |
| 161 EXPECT_TRUE(RunExtensionTest("permissions/optional_policy_blocked")) |
| 162 << message_; |
| 163 } |
| 164 |
| 131 // Tests that an extension can't gain access to file: URLs without the checkbox | 165 // Tests that an extension can't gain access to file: URLs without the checkbox |
| 132 // entry in prefs. There shouldn't be a warning either. | 166 // entry in prefs. There shouldn't be a warning either. |
| 133 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsFileAccess) { | 167 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsFileAccess) { |
| 134 // There shouldn't be a warning, so we shouldn't need to autoconfirm. | 168 // There shouldn't be a warning, so we shouldn't need to autoconfirm. |
| 135 PermissionsRequestFunction::SetAutoConfirmForTests(false); | 169 PermissionsRequestFunction::SetAutoConfirmForTests(false); |
| 136 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true); | 170 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true); |
| 137 | 171 |
| 138 ExtensionPrefs* prefs = ExtensionPrefs::Get(browser()->profile()); | 172 ExtensionPrefs* prefs = ExtensionPrefs::Get(browser()->profile()); |
| 139 | 173 |
| 140 EXPECT_TRUE( | 174 EXPECT_TRUE( |
| (...skipping 14 matching lines...) Expand all Loading... |
| 155 | 189 |
| 156 // Test requesting, querying, and removing host permissions for host | 190 // Test requesting, querying, and removing host permissions for host |
| 157 // permissions that are a subset of the optional permissions. | 191 // permissions that are a subset of the optional permissions. |
| 158 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, HostSubsets) { | 192 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, HostSubsets) { |
| 159 PermissionsRequestFunction::SetAutoConfirmForTests(true); | 193 PermissionsRequestFunction::SetAutoConfirmForTests(true); |
| 160 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true); | 194 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true); |
| 161 EXPECT_TRUE(RunExtensionTest("permissions/host_subsets")) << message_; | 195 EXPECT_TRUE(RunExtensionTest("permissions/host_subsets")) << message_; |
| 162 } | 196 } |
| 163 | 197 |
| 164 } // namespace extensions | 198 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 595363002:
Add policy controlled permission block list for extensions (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@ext-fix