Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(486)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/extensions/permissions_based_management_policy_provider_unittest.cc

Issue 595363002: Add policy controlled permission block list for extensions (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@ext-fix
Patch Set: fix memory leaks Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/extensions/permissions_based_management_policy_provider.cc ('k') | chrome/browser/extensions/test_extension_system.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <string>
6 #include <vector>
7
8 #include "base/logging.h"
9 #include "base/memory/ref_counted.h"
10 #include "base/memory/scoped_ptr.h"
11 #include "base/prefs/pref_registry_simple.h"
12 #include "base/prefs/testing_pref_service.h"
13 #include "base/stl_util.h"
14 #include "base/strings/string16.h"
15 #include "base/values.h"
16 #include "chrome/browser/extensions/extension_management.h"
17 #include "chrome/browser/extensions/extension_management_test_util.h"
18 #include "chrome/browser/extensions/permissions_based_management_policy_provider .h"
19 #include "chrome/common/extensions/permissions/chrome_api_permissions.h"
20 #include "extensions/common/extension.h"
21 #include "extensions/common/manifest.h"
22 #include "extensions/common/manifest_constants.h"
23 #include "extensions/common/permissions/api_permission.h"
24 #include "testing/gtest/include/gtest/gtest.h"
25
26 namespace extensions {
27
28 class PermissionsBasedManagementPolicyProviderTest : public testing::Test {
29 public:
30 typedef ExtensionManagementPrefUpdater<TestingPrefServiceSimple> PrefUpdater;
31
32 PermissionsBasedManagementPolicyProviderTest()
33 : pref_service_(new TestingPrefServiceSimple()),
34 settings_(new ExtensionManagement(pref_service_.get())),
35 provider_(settings_.get()) {}
36
37 void SetUp() override {
38 ChromeAPIPermissions api_permissions;
39 perm_list_ = api_permissions.GetAllPermissions();
40 pref_service_->registry()->RegisterDictionaryPref(
41 pref_names::kExtensionManagement);
42 }
43
44 void TearDown() override {
45 STLDeleteElements(&perm_list_);
46 }
47
48 // Get API permissions name for |id|, we cannot use arbitrary strings since
49 // they will be ignored by ExtensionManagementService.
50 std::string GetAPIPermissionName(APIPermission::ID id) {
51 for (const auto& perm : perm_list_) {
52 if (perm->id() == id)
53 return perm->name();
54 }
55 ADD_FAILURE() << "Permission not found: " << id;
56 return std::string();
57 }
58
59 // Create an extension with specified |location|, |required_permissions| and
60 // |optional_permissions|.
61 scoped_refptr<const Extension> CreateExtensionWithPermission(
62 Manifest::Location location,
63 const base::ListValue* required_permissions,
64 const base::ListValue* optional_permissions) {
65 base::DictionaryValue manifest_dict;
66 manifest_dict.SetString(manifest_keys::kName, "test");
67 manifest_dict.SetString(manifest_keys::kVersion, "0.1");
68 if (required_permissions) {
69 manifest_dict.Set(manifest_keys::kPermissions,
70 required_permissions->DeepCopy());
71 }
72 if (optional_permissions) {
73 manifest_dict.Set(manifest_keys::kOptionalPermissions,
74 optional_permissions->DeepCopy());
75 }
76 std::string error;
77 scoped_refptr<const Extension> extension = Extension::Create(
78 base::FilePath(), location, manifest_dict, Extension::NO_FLAGS, &error);
79 CHECK(extension.get()) << error;
80 return extension;
81 }
82
83 protected:
84 std::vector<APIPermissionInfo*> perm_list_;
85
86 scoped_ptr<TestingPrefServiceSimple> pref_service_;
87 scoped_ptr<ExtensionManagement> settings_;
88
89 PermissionsBasedManagementPolicyProvider provider_;
90 };
91
92 // Verifies that extensions with conflicting permissions cannot be loaded.
93 TEST_F(PermissionsBasedManagementPolicyProviderTest, APIPermissions) {
94 // Prepares the extension manifest.
95 base::ListValue required_permissions;
96 required_permissions.AppendString(
97 GetAPIPermissionName(APIPermission::kDownloads));
98 required_permissions.AppendString(
99 GetAPIPermissionName(APIPermission::kCookie));
100 base::ListValue optional_permissions;
101 optional_permissions.AppendString(
102 GetAPIPermissionName(APIPermission::kProxy));
103
104 scoped_refptr<const Extension> extension =
105 CreateExtensionWithPermission(Manifest::EXTERNAL_POLICY_DOWNLOAD,
106 &required_permissions,
107 &optional_permissions);
108
109 base::string16 error16;
110 // The extension should be allowed to be loaded by default.
111 error16.clear();
112 EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error16));
113 EXPECT_TRUE(error16.empty());
114
115 // Blocks kProxy by default. The test extension should still be allowed.
116 {
117 PrefUpdater pref(pref_service_.get());
118 pref.AddBlockedPermission("*",
119 GetAPIPermissionName(APIPermission::kProxy));
120 }
121 error16.clear();
122 EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error16));
123 EXPECT_TRUE(error16.empty());
124
125 // Blocks kCookie this time. The test extension should not be allowed now.
126 {
127 PrefUpdater pref(pref_service_.get());
128 pref.AddBlockedPermission("*",
129 GetAPIPermissionName(APIPermission::kCookie));
130 }
131 error16.clear();
132 EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error16));
133 EXPECT_FALSE(error16.empty());
134
135 // Explictly allows kCookie for test extension. It should be allowed again.
136 {
137 PrefUpdater pref(pref_service_.get());
138 pref.AddAllowedPermission(extension->id(),
139 GetAPIPermissionName(APIPermission::kCookie));
140 }
141 error16.clear();
142 EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error16));
143 EXPECT_TRUE(error16.empty());
144
145 // Explictly blocks kCookie for test extension. It should be blocked again.
146 {
147 PrefUpdater pref(pref_service_.get());
148 pref.AddBlockedPermission(extension->id(),
149 GetAPIPermissionName(APIPermission::kCookie));
150 }
151 error16.clear();
152 EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error16));
153 EXPECT_FALSE(error16.empty());
154
155 // Blocks kDownloads by default. It should be blocked.
156 {
157 PrefUpdater pref(pref_service_.get());
158 pref.UnsetBlockedPermissions(extension->id());
159 pref.UnsetAllowedPermissions(extension->id());
160 pref.ClearBlockedPermissions("*");
161 pref.AddBlockedPermission("*",
162 GetAPIPermissionName(APIPermission::kDownloads));
163 }
164 error16.clear();
165 EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error16));
166 EXPECT_FALSE(error16.empty());
167 }
168
169 } // namespace extensions
OLDNEW
« no previous file with comments | « chrome/browser/extensions/permissions_based_management_policy_provider.cc ('k') | chrome/browser/extensions/test_extension_system.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698