Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(5943)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/extensions/permissions_based_management_policy_provider_unittest.cc

Issue 595363002: Add policy controlled permission block list for extensions (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@ext-fix
Patch Set: more minor format fix Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/extensions/permissions_based_management_policy_provider.cc ('K') | « chrome/browser/extensions/permissions_based_management_policy_provider.cc ('k') | chrome/browser/extensions/test_extension_system.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/extensions/permissions_based_management_policy_provider_unittest.cc
diff --git a/chrome/browser/extensions/permissions_based_management_policy_provider_unittest.cc b/chrome/browser/extensions/permissions_based_management_policy_provider_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..d40d9047464a01a449cf3af2c7a76212667972d9
--- /dev/null
+++ b/chrome/browser/extensions/permissions_based_management_policy_provider_unittest.cc
@@ -0,0 +1,164 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <string>
+#include <vector>
+
+#include "base/logging.h"
+#include "base/memory/ref_counted.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/prefs/pref_registry_simple.h"
+#include "base/prefs/testing_pref_service.h"
+#include "base/strings/string16.h"
+#include "base/values.h"
+#include "chrome/browser/extensions/extension_management.h"
+#include "chrome/browser/extensions/extension_management_test_util.h"
+#include "chrome/browser/extensions/permissions_based_management_policy_provider.h"
+#include "chrome/common/extensions/permissions/chrome_api_permissions.h"
+#include "extensions/common/extension.h"
+#include "extensions/common/manifest.h"
+#include "extensions/common/manifest_constants.h"
+#include "extensions/common/permissions/api_permission.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace extensions {
+
+class PermissionsBasedManagementPolicyProviderTest : public testing::Test {
+ public:
+ typedef ExtensionManagementPrefUpdater<TestingPrefServiceSimple> PrefUpdater;
+
+ PermissionsBasedManagementPolicyProviderTest()
+ : pref_service_(new TestingPrefServiceSimple()),
+ settings_(new ExtensionManagement(pref_service_.get())),
+ provider_(settings_.get()) {}
+
+ virtual void SetUp() override {
+ ChromeAPIPermissions api_permissions;
+ perm_list_ = api_permissions.GetAllPermissions();
+ pref_service_->registry()->RegisterDictionaryPref(
+ pref_names::kExtensionManagement);
+ }
+
+ // Get API permissions name for |id|, we cannot use arbitrary strings since
+ // they will be ignored by ExtensionManagementService.
+ std::string GetAPIPermissionName(APIPermission::ID id) {
+ for (auto perm : perm_list_) {
Joao da Silva 2014/10/15 14:39:26 const auto&
binjin 2014/10/16 18:13:58 Done.
+ if (perm->id() == id)
+ return perm->name();
+ }
+ NOTREACHED();
Joao da Silva 2014/10/15 14:39:26 ADD_FAILURE() << "Permission not found: " << id;
binjin 2014/10/16 18:13:58 Done.
+ return std::string();
+ }
+
+ // Create an extension with specified |location|, |required_permissions| and
+ // |optional_permissions|.
+ scoped_refptr<const Extension> CreateExtensionWithPermission(
+ Manifest::Location location,
+ const base::ListValue* required_permissions,
+ const base::ListValue* optional_permissions) {
+ base::DictionaryValue manifest_dict;
+ manifest_dict.SetString(manifest_keys::kName, "test");
+ manifest_dict.SetString(manifest_keys::kVersion, "0.1");
+ if (required_permissions) {
+ manifest_dict.Set(manifest_keys::kPermissions,
+ required_permissions->DeepCopy());
+ }
+ if (optional_permissions) {
+ manifest_dict.Set(manifest_keys::kOptionalPermissions,
+ optional_permissions->DeepCopy());
+ }
+ std::string error;
+ scoped_refptr<const Extension> extension = Extension::Create(
+ base::FilePath(), location, manifest_dict, Extension::NO_FLAGS, &error);
+ CHECK(extension.get()) << error;
+ return extension;
+ }
+
+ protected:
+ std::vector<APIPermissionInfo*> perm_list_;
+
+ scoped_ptr<TestingPrefServiceSimple> pref_service_;
+ scoped_ptr<ExtensionManagement> settings_;
+
+ PermissionsBasedManagementPolicyProvider provider_;
+};
+
+// Verifies that extensions with conflicting permissiosn cannot be loaded.
Joao da Silva 2014/10/15 14:39:26 permissions
binjin 2014/10/16 18:13:58 Done.
+TEST_F(PermissionsBasedManagementPolicyProviderTest, APIPermissions) {
+ // Prepares the extension manifest.
+ base::ListValue required_permissions;
+ required_permissions.AppendString(
+ GetAPIPermissionName(APIPermission::kDownloads));
+ required_permissions.AppendString(
+ GetAPIPermissionName(APIPermission::kCookie));
+ base::ListValue optional_permissions;
+ optional_permissions.AppendString(
+ GetAPIPermissionName(APIPermission::kProxy));
+
+ scoped_refptr<const Extension> extension =
+ CreateExtensionWithPermission(Manifest::EXTERNAL_POLICY_DOWNLOAD,
+ &required_permissions,
+ &optional_permissions);
+
+ base::string16 error16;
+ // The extension should be allowed to be loaded by default.
+ error16.clear();
+ EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error16));
+ EXPECT_TRUE(error16.empty());
+
+ // Blocks kProxy by default. The test extension should still be allowed.
+ {
+ PrefUpdater pref(pref_service_.get());
+ pref.AddBlockedPermission("*",
+ GetAPIPermissionName(APIPermission::kProxy));
+ }
+ error16.clear();
+ EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error16));
+ EXPECT_TRUE(error16.empty());
+
+ // Blocks kCookie this time. The test extension should not be allowed now.
+ {
+ PrefUpdater pref(pref_service_.get());
+ pref.AddBlockedPermission("*",
+ GetAPIPermissionName(APIPermission::kCookie));
+ }
+ error16.clear();
+ EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error16));
+ EXPECT_FALSE(error16.empty());
+
+ // Explictly allows kCookie for test extension. It should be allowed again.
+ {
+ PrefUpdater pref(pref_service_.get());
+ pref.AddAllowedPermission(extension->id(),
+ GetAPIPermissionName(APIPermission::kCookie));
+ }
+ error16.clear();
+ EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error16));
+ EXPECT_TRUE(error16.empty());
+
+ // Explictly blocks kCookie for test extension. It should be blocked again.
+ {
+ PrefUpdater pref(pref_service_.get());
+ pref.AddBlockedPermission(extension->id(),
+ GetAPIPermissionName(APIPermission::kCookie));
+ }
+ error16.clear();
+ EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error16));
+ EXPECT_FALSE(error16.empty());
+
+ // Blocks kDownloads by default. It should be blocked.
+ {
+ PrefUpdater pref(pref_service_.get());
+ pref.UnsetBlockedPermissions(extension->id());
+ pref.UnsetAllowedPermissions(extension->id());
+ pref.ClearBlockedPermissions("*");
+ pref.AddBlockedPermission("*",
+ GetAPIPermissionName(APIPermission::kDownloads));
+ }
+ error16.clear();
+ EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error16));
+ EXPECT_FALSE(error16.empty());
+}
+
+} // namespace extensions
« chrome/browser/extensions/permissions_based_management_policy_provider.cc ('K') | « chrome/browser/extensions/permissions_based_management_policy_provider.cc ('k') | chrome/browser/extensions/test_extension_system.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698