| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <algorithm> | 5 #include <algorithm> |
| 6 #include <string> |
| 6 #include <vector> | 7 #include <vector> |
| 7 | 8 |
| 8 #include "base/json/json_parser.h" | 9 #include "base/json/json_parser.h" |
| 9 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
| 10 #include "base/prefs/pref_registry_simple.h" | 11 #include "base/prefs/pref_registry_simple.h" |
| 11 #include "base/prefs/testing_pref_service.h" | 12 #include "base/prefs/testing_pref_service.h" |
| 12 #include "base/values.h" | 13 #include "base/values.h" |
| 13 #include "chrome/browser/extensions/extension_management.h" | 14 #include "chrome/browser/extensions/extension_management.h" |
| 14 #include "chrome/browser/extensions/extension_management_internal.h" | 15 #include "chrome/browser/extensions/extension_management_internal.h" |
| 15 #include "chrome/browser/extensions/extension_management_test_util.h" | 16 #include "chrome/browser/extensions/extension_management_test_util.h" |
| 16 #include "chrome/browser/extensions/external_policy_loader.h" | 17 #include "chrome/browser/extensions/external_policy_loader.h" |
| 18 #include "chrome/browser/extensions/standard_management_policy_provider.h" |
| 17 #include "extensions/browser/pref_names.h" | 19 #include "extensions/browser/pref_names.h" |
| 18 #include "extensions/common/manifest.h" | 20 #include "extensions/common/manifest.h" |
| 19 #include "extensions/common/manifest_constants.h" | 21 #include "extensions/common/manifest_constants.h" |
| 22 #include "extensions/common/permissions/api_permission.h" |
| 23 #include "extensions/common/permissions/permissions_info.h" |
| 20 #include "extensions/common/url_pattern.h" | 24 #include "extensions/common/url_pattern.h" |
| 21 #include "testing/gtest/include/gtest/gtest.h" | 25 #include "testing/gtest/include/gtest/gtest.h" |
| 22 #include "url/gurl.h" | 26 #include "url/gurl.h" |
| 23 | 27 |
| 24 namespace extensions { | 28 namespace extensions { |
| 25 | 29 |
| 26 namespace { | 30 namespace { |
| 27 | 31 |
| 28 const char kTargetExtension[] = "abcdefghijklmnopabcdefghijklmnop"; | 32 const char kTargetExtension[] = "abcdefghijklmnopabcdefghijklmnop"; |
| 29 const char kTargetExtension2[] = "bcdefghijklmnopabcdefghijklmnopa"; | 33 const char kTargetExtension2[] = "bcdefghijklmnopabcdefghijklmnopa"; |
| 30 const char kTargetExtension3[] = "cdefghijklmnopabcdefghijklmnopab"; | 34 const char kTargetExtension3[] = "cdefghijklmnopabcdefghijklmnopab"; |
| 31 const char kTargetExtension4[] = "defghijklmnopabcdefghijklmnopabc"; | 35 const char kTargetExtension4[] = "defghijklmnopabcdefghijklmnopabc"; |
| 32 const char kOtherExtension[] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; | 36 const char kOtherExtension[] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; |
| 33 const char kExampleUpdateUrl[] = "http://example.com/update_url"; | 37 const char kExampleUpdateUrl[] = "http://example.com/update_url"; |
| 34 | 38 |
| 35 const char kExampleDictPreference[] = | 39 const char kExampleDictPreference[] = |
| 36 "{" | 40 "{" |
| 37 " \"abcdefghijklmnopabcdefghijklmnop\": {" // kTargetExtension | 41 " \"abcdefghijklmnopabcdefghijklmnop\": {" // kTargetExtension |
| 38 " \"installation_mode\": \"allowed\"," | 42 " \"installation_mode\": \"allowed\"," |
| 43 " \"blocked_permissions\": [\"fileSystem\", \"bookmarks\"]," |
| 39 " }," | 44 " }," |
| 40 " \"bcdefghijklmnopabcdefghijklmnopa\": {" // kTargetExtension2 | 45 " \"bcdefghijklmnopabcdefghijklmnopa\": {" // kTargetExtension2 |
| 41 " \"installation_mode\": \"force_installed\"," | 46 " \"installation_mode\": \"force_installed\"," |
| 42 " \"update_url\": \"http://example.com/update_url\"," | 47 " \"update_url\": \"http://example.com/update_url\"," |
| 48 " \"allowed_permissions\": [\"fileSystem\", \"bookmarks\"]," |
| 43 " }," | 49 " }," |
| 44 " \"cdefghijklmnopabcdefghijklmnopab\": {" // kTargetExtension3 | 50 " \"cdefghijklmnopabcdefghijklmnopab\": {" // kTargetExtension3 |
| 45 " \"installation_mode\": \"normal_installed\"," | 51 " \"installation_mode\": \"normal_installed\"," |
| 46 " \"update_url\": \"http://example.com/update_url\"," | 52 " \"update_url\": \"http://example.com/update_url\"," |
| 53 " \"allowed_permissions\": [\"fileSystem\", \"downloads\"]," |
| 54 " \"blocked_permissions\": [\"fileSystem\", \"history\"]," |
| 47 " }," | 55 " }," |
| 48 " \"defghijklmnopabcdefghijklmnopabc\": {" // kTargetExtension4 | 56 " \"defghijklmnopabcdefghijklmnopabc\": {" // kTargetExtension4 |
| 49 " \"installation_mode\": \"blocked\"," | 57 " \"installation_mode\": \"blocked\"," |
| 50 " }," | 58 " }," |
| 51 " \"*\": {" | 59 " \"*\": {" |
| 52 " \"installation_mode\": \"blocked\"," | 60 " \"installation_mode\": \"blocked\"," |
| 53 " \"install_sources\": [\"*://foo.com/*\"]," | 61 " \"install_sources\": [\"*://foo.com/*\"]," |
| 54 " \"allowed_types\": [\"theme\", \"user_script\"]," | 62 " \"allowed_types\": [\"theme\", \"user_script\"]," |
| 63 " \"blocked_permissions\": [\"fileSystem\", \"downloads\"]," |
| 55 " }," | 64 " }," |
| 56 "}"; | 65 "}"; |
| 57 | 66 |
| 58 } // namespace | 67 } // namespace |
| 59 | 68 |
| 60 class ExtensionManagementServiceTest : public testing::Test { | 69 class ExtensionManagementServiceTest : public testing::Test { |
| 61 public: | 70 public: |
| 62 typedef ExtensionManagementPrefUpdater<TestingPrefServiceSimple> PrefUpdater; | 71 typedef ExtensionManagementPrefUpdater<TestingPrefServiceSimple> PrefUpdater; |
| 63 | 72 |
| 64 ExtensionManagementServiceTest() {} | 73 ExtensionManagementServiceTest() {} |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 119 protected: | 128 protected: |
| 120 scoped_ptr<TestingPrefServiceSimple> pref_service_; | 129 scoped_ptr<TestingPrefServiceSimple> pref_service_; |
| 121 scoped_ptr<ExtensionManagement> extension_management_; | 130 scoped_ptr<ExtensionManagement> extension_management_; |
| 122 }; | 131 }; |
| 123 | 132 |
| 124 class ExtensionAdminPolicyTest : public ExtensionManagementServiceTest { | 133 class ExtensionAdminPolicyTest : public ExtensionManagementServiceTest { |
| 125 public: | 134 public: |
| 126 ExtensionAdminPolicyTest() {} | 135 ExtensionAdminPolicyTest() {} |
| 127 ~ExtensionAdminPolicyTest() override {} | 136 ~ExtensionAdminPolicyTest() override {} |
| 128 | 137 |
| 138 void SetUpPolicyProvider() { |
| 139 provider_.reset( |
| 140 new StandardManagementPolicyProvider(extension_management_.get())); |
| 141 } |
| 142 |
| 129 void CreateExtension(Manifest::Location location) { | 143 void CreateExtension(Manifest::Location location) { |
| 130 base::DictionaryValue values; | 144 base::DictionaryValue values; |
| 131 CreateExtensionFromValues(location, &values); | 145 CreateExtensionFromValues(location, &values); |
| 132 } | 146 } |
| 133 | 147 |
| 134 void CreateHostedApp(Manifest::Location location) { | 148 void CreateHostedApp(Manifest::Location location) { |
| 135 base::DictionaryValue values; | 149 base::DictionaryValue values; |
| 136 values.Set(extensions::manifest_keys::kWebURLs, new base::ListValue()); | 150 values.Set(extensions::manifest_keys::kWebURLs, new base::ListValue()); |
| 137 values.SetString(extensions::manifest_keys::kLaunchWebURL, | 151 values.SetString(extensions::manifest_keys::kLaunchWebURL, |
| 138 "http://www.example.com"); | 152 "http://www.example.com"); |
| (...skipping 15 matching lines...) Expand all Loading... |
| 154 bool UserMayLoad(const base::ListValue* blacklist, | 168 bool UserMayLoad(const base::ListValue* blacklist, |
| 155 const base::ListValue* whitelist, | 169 const base::ListValue* whitelist, |
| 156 const base::DictionaryValue* forcelist, | 170 const base::DictionaryValue* forcelist, |
| 157 const base::ListValue* allowed_types, | 171 const base::ListValue* allowed_types, |
| 158 const Extension* extension, | 172 const Extension* extension, |
| 159 base::string16* error); | 173 base::string16* error); |
| 160 bool UserMayModifySettings(const Extension* extension, base::string16* error); | 174 bool UserMayModifySettings(const Extension* extension, base::string16* error); |
| 161 bool MustRemainEnabled(const Extension* extension, base::string16* error); | 175 bool MustRemainEnabled(const Extension* extension, base::string16* error); |
| 162 | 176 |
| 163 protected: | 177 protected: |
| 178 scoped_ptr<StandardManagementPolicyProvider> provider_; |
| 164 scoped_refptr<Extension> extension_; | 179 scoped_refptr<Extension> extension_; |
| 165 }; | 180 }; |
| 166 | 181 |
| 167 bool ExtensionAdminPolicyTest::BlacklistedByDefault( | 182 bool ExtensionAdminPolicyTest::BlacklistedByDefault( |
| 168 const base::ListValue* blacklist) { | 183 const base::ListValue* blacklist) { |
| 169 InitPrefService(); | 184 SetUpPolicyProvider(); |
| 170 if (blacklist) | 185 if (blacklist) |
| 171 SetPref(true, pref_names::kInstallDenyList, blacklist->DeepCopy()); | 186 SetPref(true, pref_names::kInstallDenyList, blacklist->DeepCopy()); |
| 172 return extension_management_->BlacklistedByDefault(); | 187 return extension_management_->BlacklistedByDefault(); |
| 173 } | 188 } |
| 174 | 189 |
| 175 bool ExtensionAdminPolicyTest::UserMayLoad( | 190 bool ExtensionAdminPolicyTest::UserMayLoad( |
| 176 const base::ListValue* blacklist, | 191 const base::ListValue* blacklist, |
| 177 const base::ListValue* whitelist, | 192 const base::ListValue* whitelist, |
| 178 const base::DictionaryValue* forcelist, | 193 const base::DictionaryValue* forcelist, |
| 179 const base::ListValue* allowed_types, | 194 const base::ListValue* allowed_types, |
| 180 const Extension* extension, | 195 const Extension* extension, |
| 181 base::string16* error) { | 196 base::string16* error) { |
| 182 InitPrefService(); | 197 SetUpPolicyProvider(); |
| 183 if (blacklist) | 198 if (blacklist) |
| 184 SetPref(true, pref_names::kInstallDenyList, blacklist->DeepCopy()); | 199 SetPref(true, pref_names::kInstallDenyList, blacklist->DeepCopy()); |
| 185 if (whitelist) | 200 if (whitelist) |
| 186 SetPref(true, pref_names::kInstallAllowList, whitelist->DeepCopy()); | 201 SetPref(true, pref_names::kInstallAllowList, whitelist->DeepCopy()); |
| 187 if (forcelist) | 202 if (forcelist) |
| 188 SetPref(true, pref_names::kInstallForceList, forcelist->DeepCopy()); | 203 SetPref(true, pref_names::kInstallForceList, forcelist->DeepCopy()); |
| 189 if (allowed_types) | 204 if (allowed_types) |
| 190 SetPref(true, pref_names::kAllowedTypes, allowed_types->DeepCopy()); | 205 SetPref(true, pref_names::kAllowedTypes, allowed_types->DeepCopy()); |
| 191 return extension_management_->GetProvider()->UserMayLoad(extension, error); | 206 return provider_->UserMayLoad(extension, error); |
| 192 } | 207 } |
| 193 | 208 |
| 194 bool ExtensionAdminPolicyTest::UserMayModifySettings(const Extension* extension, | 209 bool ExtensionAdminPolicyTest::UserMayModifySettings(const Extension* extension, |
| 195 base::string16* error) { | 210 base::string16* error) { |
| 196 InitPrefService(); | 211 SetUpPolicyProvider(); |
| 197 return extension_management_->GetProvider()->UserMayModifySettings(extension, | 212 return provider_->UserMayModifySettings(extension, error); |
| 198 error); | |
| 199 } | 213 } |
| 200 | 214 |
| 201 bool ExtensionAdminPolicyTest::MustRemainEnabled(const Extension* extension, | 215 bool ExtensionAdminPolicyTest::MustRemainEnabled(const Extension* extension, |
| 202 base::string16* error) { | 216 base::string16* error) { |
| 203 InitPrefService(); | 217 SetUpPolicyProvider(); |
| 204 return extension_management_->GetProvider()->MustRemainEnabled(extension, | 218 return provider_->MustRemainEnabled(extension, error); |
| 205 error); | |
| 206 } | 219 } |
| 207 | 220 |
| 208 // Verify that preference controlled by legacy ExtensionInstallSources policy is | 221 // Verify that preference controlled by legacy ExtensionInstallSources policy is |
| 209 // handled well. | 222 // handled well. |
| 210 TEST_F(ExtensionManagementServiceTest, LegacyInstallSources) { | 223 TEST_F(ExtensionManagementServiceTest, LegacyInstallSources) { |
| 211 base::ListValue allowed_sites_pref; | 224 base::ListValue allowed_sites_pref; |
| 212 allowed_sites_pref.AppendString("https://www.example.com/foo"); | 225 allowed_sites_pref.AppendString("https://www.example.com/foo"); |
| 213 allowed_sites_pref.AppendString("https://corp.mycompany.com/*"); | 226 allowed_sites_pref.AppendString("https://corp.mycompany.com/*"); |
| 214 SetPref( | 227 SetPref( |
| 215 true, pref_names::kAllowedInstallSites, allowed_sites_pref.DeepCopy()); | 228 true, pref_names::kAllowedInstallSites, allowed_sites_pref.DeepCopy()); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 228 // handled well. | 241 // handled well. |
| 229 TEST_F(ExtensionManagementServiceTest, LegacyAllowedTypes) { | 242 TEST_F(ExtensionManagementServiceTest, LegacyAllowedTypes) { |
| 230 base::ListValue allowed_types_pref; | 243 base::ListValue allowed_types_pref; |
| 231 allowed_types_pref.AppendInteger(Manifest::TYPE_THEME); | 244 allowed_types_pref.AppendInteger(Manifest::TYPE_THEME); |
| 232 allowed_types_pref.AppendInteger(Manifest::TYPE_USER_SCRIPT); | 245 allowed_types_pref.AppendInteger(Manifest::TYPE_USER_SCRIPT); |
| 233 | 246 |
| 234 SetPref(true, pref_names::kAllowedTypes, allowed_types_pref.DeepCopy()); | 247 SetPref(true, pref_names::kAllowedTypes, allowed_types_pref.DeepCopy()); |
| 235 const std::vector<Manifest::Type>& allowed_types = | 248 const std::vector<Manifest::Type>& allowed_types = |
| 236 ReadGlobalSettings()->allowed_types; | 249 ReadGlobalSettings()->allowed_types; |
| 237 ASSERT_TRUE(ReadGlobalSettings()->has_restricted_allowed_types); | 250 ASSERT_TRUE(ReadGlobalSettings()->has_restricted_allowed_types); |
| 238 EXPECT_TRUE(allowed_types.size() == 2); | 251 EXPECT_EQ(allowed_types.size(), 2u); |
| 239 EXPECT_FALSE(std::find(allowed_types.begin(), | 252 EXPECT_FALSE(std::find(allowed_types.begin(), |
| 240 allowed_types.end(), | 253 allowed_types.end(), |
| 241 Manifest::TYPE_EXTENSION) != allowed_types.end()); | 254 Manifest::TYPE_EXTENSION) != allowed_types.end()); |
| 242 EXPECT_TRUE(std::find(allowed_types.begin(), | 255 EXPECT_TRUE(std::find(allowed_types.begin(), |
| 243 allowed_types.end(), | 256 allowed_types.end(), |
| 244 Manifest::TYPE_THEME) != allowed_types.end()); | 257 Manifest::TYPE_THEME) != allowed_types.end()); |
| 245 EXPECT_TRUE(std::find(allowed_types.begin(), | 258 EXPECT_TRUE(std::find(allowed_types.begin(), |
| 246 allowed_types.end(), | 259 allowed_types.end(), |
| 247 Manifest::TYPE_USER_SCRIPT) != allowed_types.end()); | 260 Manifest::TYPE_USER_SCRIPT) != allowed_types.end()); |
| 248 } | 261 } |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 330 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_allowed_types); | 343 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_allowed_types); |
| 331 const std::vector<Manifest::Type>& allowed_types = | 344 const std::vector<Manifest::Type>& allowed_types = |
| 332 ReadGlobalSettings()->allowed_types; | 345 ReadGlobalSettings()->allowed_types; |
| 333 EXPECT_EQ(allowed_types.size(), 2u); | 346 EXPECT_EQ(allowed_types.size(), 2u); |
| 334 EXPECT_TRUE(std::find(allowed_types.begin(), | 347 EXPECT_TRUE(std::find(allowed_types.begin(), |
| 335 allowed_types.end(), | 348 allowed_types.end(), |
| 336 Manifest::TYPE_THEME) != allowed_types.end()); | 349 Manifest::TYPE_THEME) != allowed_types.end()); |
| 337 EXPECT_TRUE(std::find(allowed_types.begin(), | 350 EXPECT_TRUE(std::find(allowed_types.begin(), |
| 338 allowed_types.end(), | 351 allowed_types.end(), |
| 339 Manifest::TYPE_USER_SCRIPT) != allowed_types.end()); | 352 Manifest::TYPE_USER_SCRIPT) != allowed_types.end()); |
| 353 |
| 354 // Verifies blocked permission list settings. |
| 355 APIPermissionSet api_permission_set; |
| 356 api_permission_set.clear(); |
| 357 api_permission_set.insert(APIPermission::kFileSystem); |
| 358 api_permission_set.insert(APIPermission::kDownloads); |
| 359 EXPECT_EQ(api_permission_set, |
| 360 extension_management_->GetBlockedAPIPermissions(kOtherExtension)); |
| 361 |
| 362 api_permission_set.clear(); |
| 363 api_permission_set.insert(APIPermission::kFileSystem); |
| 364 api_permission_set.insert(APIPermission::kDownloads); |
| 365 api_permission_set.insert(APIPermission::kBookmark); |
| 366 EXPECT_EQ(api_permission_set, |
| 367 extension_management_->GetBlockedAPIPermissions(kTargetExtension)); |
| 368 |
| 369 api_permission_set.clear(); |
| 370 api_permission_set.insert(APIPermission::kDownloads); |
| 371 EXPECT_EQ(api_permission_set, |
| 372 extension_management_->GetBlockedAPIPermissions(kTargetExtension2)); |
| 373 |
| 374 api_permission_set.clear(); |
| 375 api_permission_set.insert(APIPermission::kFileSystem); |
| 376 api_permission_set.insert(APIPermission::kHistory); |
| 377 EXPECT_EQ(api_permission_set, |
| 378 extension_management_->GetBlockedAPIPermissions(kTargetExtension3)); |
| 340 } | 379 } |
| 341 | 380 |
| 342 // Tests functionality of new preference as to deprecate legacy | 381 // Tests functionality of new preference as to deprecate legacy |
| 343 // ExtensionInstallSources policy. | 382 // ExtensionInstallSources policy. |
| 344 TEST_F(ExtensionManagementServiceTest, NewInstallSources) { | 383 TEST_F(ExtensionManagementServiceTest, NewInstallSources) { |
| 345 // Set the legacy preference, and verifies that it works. | 384 // Set the legacy preference, and verifies that it works. |
| 346 base::ListValue allowed_sites_pref; | 385 base::ListValue allowed_sites_pref; |
| 347 allowed_sites_pref.AppendString("https://www.example.com/foo"); | 386 allowed_sites_pref.AppendString("https://www.example.com/foo"); |
| 348 SetPref( | 387 SetPref( |
| 349 true, pref_names::kAllowedInstallSites, allowed_sites_pref.DeepCopy()); | 388 true, pref_names::kAllowedInstallSites, allowed_sites_pref.DeepCopy()); |
| (...skipping 326 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 676 EXPECT_FALSE(error.empty()); | 715 EXPECT_FALSE(error.empty()); |
| 677 | 716 |
| 678 CreateExtension(Manifest::INTERNAL); | 717 CreateExtension(Manifest::INTERNAL); |
| 679 error.clear(); | 718 error.clear(); |
| 680 EXPECT_FALSE(MustRemainEnabled(extension_.get(), NULL)); | 719 EXPECT_FALSE(MustRemainEnabled(extension_.get(), NULL)); |
| 681 EXPECT_FALSE(MustRemainEnabled(extension_.get(), &error)); | 720 EXPECT_FALSE(MustRemainEnabled(extension_.get(), &error)); |
| 682 EXPECT_TRUE(error.empty()); | 721 EXPECT_TRUE(error.empty()); |
| 683 } | 722 } |
| 684 | 723 |
| 685 } // namespace extensions | 724 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 595363002:
Add policy controlled permission block list for extensions (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@ext-fix