Google Git
Sign in
chromium / chromium / src.git / c4f8e240ff989382ac3a1ad994fd6098fbb0b0a1 / . / chrome / browser / extensions / permissions_updater_unittest.cc
blob: 2f4470f9d0d999430e896083a2d1c1e58fc94a13 [file] [log] [blame]
[email protected]c333e792012-01-06 16:57:39[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
[email protected]57999812013-02-24 05:40:52[diff] [blame]5#include "base/files/file_path.h"
[email protected]ffbec692012-02-26 20:26:42[diff] [blame]6#include "base/json/json_file_value_serializer.h"
[email protected]c333e792012-01-06 16:57:39[diff] [blame]7#include "base/memory/ref_counted.h"
[email protected]78089f02012-07-19 06:11:28[diff] [blame]8#include "base/run_loop.h"
[email protected]23a85362014-07-07 23:26:19[diff] [blame]9#include "base/strings/stringprintf.h"
[email protected]c333e792012-01-06 16:57:39[diff] [blame]10#include "base/values.h"
[email protected]49a01e642013-07-12 00:29:45[diff] [blame]11#include "chrome/browser/chrome_notification_types.h"
[email protected]c333e792012-01-06 16:57:39[diff] [blame]12#include "chrome/browser/extensions/extension_service.h"
[email protected]f484f8d52014-06-12 08:38:18[diff] [blame]13#include "chrome/browser/extensions/extension_service_test_base.h"
rdevlin.croninb8dffe52015-02-07 00:58:01[diff] [blame]14#include "chrome/browser/extensions/extension_util.h"
[email protected]c333e792012-01-06 16:57:39[diff] [blame]15#include "chrome/browser/extensions/permissions_updater.h"
[email protected]c333e792012-01-06 16:57:39[diff] [blame]16#include "chrome/common/chrome_paths.h"
[email protected]04e4bbe2013-04-27 07:44:24[diff] [blame]17#include "chrome/common/extensions/extension_test_util.h"
[email protected]c333e792012-01-06 16:57:39[diff] [blame]18#include "chrome/test/base/testing_profile.h"
rdevlin.croninb8dffe52015-02-07 00:58:01[diff] [blame]19#include "components/crx_file/id_util.h"
[email protected]c333e792012-01-06 16:57:39[diff] [blame]20#include "content/public/browser/notification_observer.h"
21#include "content/public/browser/notification_registrar.h"
22#include "content/public/browser/notification_service.h"
[email protected]dccba4f82014-05-29 00:52:56[diff] [blame]23#include "extensions/browser/extension_prefs.h"
[email protected]e4452d32013-11-15 23:07:41[diff] [blame]24#include "extensions/common/extension.h"
[email protected]23a85362014-07-07 23:26:19[diff] [blame]25#include "extensions/common/extension_builder.h"
26#include "extensions/common/feature_switch.h"
[email protected]5a55f3f2013-10-29 01:08:29[diff] [blame]27#include "extensions/common/permissions/permission_set.h"
[email protected]076ebeda2014-06-06 21:47:26[diff] [blame]28#include "extensions/common/permissions/permissions_data.h"
[email protected]23a85362014-07-07 23:26:19[diff] [blame]29#include "extensions/common/value_builder.h"
[email protected]c333e792012-01-06 16:57:39[diff] [blame]30#include "testing/gtest/include/gtest/gtest.h"
31
[email protected]04e4bbe2013-04-27 07:44:24[diff] [blame]32using extension_test_util::LoadManifest;
33
[email protected]c333e792012-01-06 16:57:39[diff] [blame]34namespace extensions {
35
36namespace {
37
rdevlin.cronin77cb0ef2015-09-16 17:03:48[diff] [blame]38scoped_refptr<const Extension> CreateExtensionWithOptionalPermissions(
39 scoped_ptr<base::Value> optional_permissions,
40 scoped_ptr<base::Value> permissions,
41 const std::string& name) {
42 return ExtensionBuilder()
43 .SetLocation(Manifest::INTERNAL)
44 .SetManifest(
45 DictionaryBuilder()
46 .Set("name", name)
47 .Set("description", "foo")
48 .Set("manifest_version", 2)
49 .Set("version", "0.1.2.3")
50 .Set("permissions", permissions.Pass())
51 .Set("optional_permissions", optional_permissions.Pass()))
52 .SetID(crx_file::id_util::GenerateId(name))
53 .Build();
54}
55
[email protected]23a85362014-07-07 23:26:19[diff] [blame]56scoped_refptr<const Extension> CreateExtensionWithPermissions(
57 const std::set<URLPattern>& scriptable_hosts,
58 const std::set<URLPattern>& explicit_hosts,
rdevlin.croninb8dffe52015-02-07 00:58:01[diff] [blame]59 Manifest::Location location,
60 const std::string& name) {
[email protected]23a85362014-07-07 23:26:19[diff] [blame]61 ListBuilder scriptable_host_list;
62 for (std::set<URLPattern>::const_iterator pattern = scriptable_hosts.begin();
63 pattern != scriptable_hosts.end();
64 ++pattern) {
65 scriptable_host_list.Append(pattern->GetAsString());
66 }
67
68 ListBuilder explicit_host_list;
69 for (std::set<URLPattern>::const_iterator pattern = explicit_hosts.begin();
70 pattern != explicit_hosts.end();
71 ++pattern) {
72 explicit_host_list.Append(pattern->GetAsString());
73 }
74
75 DictionaryBuilder script;
76 script.Set("matches", scriptable_host_list.Pass())
77 .Set("js", ListBuilder().Append("foo.js"));
78
79 return ExtensionBuilder()
80 .SetLocation(location)
81 .SetManifest(
82 DictionaryBuilder()
rdevlin.croninb8dffe52015-02-07 00:58:01[diff] [blame]83 .Set("name", name)
[email protected]23a85362014-07-07 23:26:19[diff] [blame]84 .Set("description", "foo")
85 .Set("manifest_version", 2)
86 .Set("version", "0.1.2.3")
87 .Set("content_scripts", ListBuilder().Append(script.Pass()))
88 .Set("permissions", explicit_host_list.Pass()))
rdevlin.croninb8dffe52015-02-07 00:58:01[diff] [blame]89 .SetID(crx_file::id_util::GenerateId(name))
[email protected]23a85362014-07-07 23:26:19[diff] [blame]90 .Build();
91}
92
93testing::AssertionResult SetsAreEqual(const std::set<URLPattern>& set1,
94 const std::set<URLPattern>& set2) {
95 // Take the (set1 - set2) U (set2 - set1). This is then the set of all
96 // elements which are in either set1 or set2, but not both.
97 // If the sets are equal, this is none.
98 std::set<URLPattern> difference = base::STLSetUnion<std::set<URLPattern> >(
99 base::STLSetDifference<std::set<URLPattern> >(set1, set2),
100 base::STLSetDifference<std::set<URLPattern> >(set2, set1));
101
102 std::string error;
103 for (std::set<URLPattern>::const_iterator iter = difference.begin();
104 iter != difference.end();
105 ++iter) {
106 if (iter->GetAsString() == "chrome://favicon/*")
107 continue; // Grr... This is auto-added for extensions with <all_urls>
108 error = base::StringPrintf("%s\n%s contains %s and the other does not.",
109 error.c_str(),
110 (set1.count(*iter) ? "Set1" : "Set2"),
111 iter->GetAsString().c_str());
112 }
113
114 if (!error.empty())
115 return testing::AssertionFailure() << error;
116 return testing::AssertionSuccess();
117}
118
[email protected]c333e792012-01-06 16:57:39[diff] [blame]119// A helper class that listens for NOTIFICATION_EXTENSION_PERMISSIONS_UPDATED.
120class PermissionsUpdaterListener : public content::NotificationObserver {
121 public:
122 PermissionsUpdaterListener()
123 : received_notification_(false), waiting_(false) {
124 registrar_.Add(this,
[email protected]adf5a102014-07-31 12:44:06[diff] [blame]125 extensions::NOTIFICATION_EXTENSION_PERMISSIONS_UPDATED,
[email protected]c333e792012-01-06 16:57:39[diff] [blame]126 content::NotificationService::AllSources());
127 }
128
129 void Reset() {
130 received_notification_ = false;
131 waiting_ = false;
132 extension_ = NULL;
133 permissions_ = NULL;
134 }
135
136 void Wait() {
137 if (received_notification_)
138 return;
139
140 waiting_ = true;
[email protected]78089f02012-07-19 06:11:28[diff] [blame]141 base::RunLoop run_loop;
142 run_loop.Run();
[email protected]c333e792012-01-06 16:57:39[diff] [blame]143 }
144
145 bool received_notification() const { return received_notification_; }
[email protected]dc24976f2013-06-02 21:15:09[diff] [blame]146 const Extension* extension() const { return extension_.get(); }
147 const PermissionSet* permissions() const { return permissions_.get(); }
148 UpdatedExtensionPermissionsInfo::Reason reason() const { return reason_; }
[email protected]c333e792012-01-06 16:57:39[diff] [blame]149
150 private:
dchengae36a4a2014-10-21 12:36:36[diff] [blame]151 void Observe(int type,
152 const content::NotificationSource& source,
153 const content::NotificationDetails& details) override {
[email protected]c333e792012-01-06 16:57:39[diff] [blame]154 received_notification_ = true;
155 UpdatedExtensionPermissionsInfo* info =
156 content::Details<UpdatedExtensionPermissionsInfo>(details).ptr();
157
158 extension_ = info->extension;
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]159 permissions_ = info->permissions.Clone();
[email protected]c333e792012-01-06 16:57:39[diff] [blame]160 reason_ = info->reason;
161
162 if (waiting_) {
163 waiting_ = false;
ki.stfuc4f8e242015-10-09 20:40:20[diff] [blame^]164 base::MessageLoopForUI::current()->QuitWhenIdle();
[email protected]c333e792012-01-06 16:57:39[diff] [blame]165 }
166 }
167
168 bool received_notification_;
169 bool waiting_;
170 content::NotificationRegistrar registrar_;
171 scoped_refptr<const Extension> extension_;
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]172 scoped_ptr<const PermissionSet> permissions_;
[email protected]c333e792012-01-06 16:57:39[diff] [blame]173 UpdatedExtensionPermissionsInfo::Reason reason_;
174};
175
176class PermissionsUpdaterTest : public ExtensionServiceTestBase {
177};
178
[email protected]04e4bbe2013-04-27 07:44:24[diff] [blame]179scoped_refptr<Extension> LoadOurManifest() {
[email protected]650b2d52013-02-10 03:41:45[diff] [blame]180 base::FilePath path;
[email protected]04e4bbe2013-04-27 07:44:24[diff] [blame]181 path = path.AppendASCII("api_test")
[email protected]c333e792012-01-06 16:57:39[diff] [blame]182 .AppendASCII("permissions")
[email protected]04e4bbe2013-04-27 07:44:24[diff] [blame]183 .AppendASCII("optional");
184 return LoadManifest(path.AsUTF8Unsafe(),
185 "manifest.json",
186 Manifest::INTERNAL,
187 Extension::NO_FLAGS);
[email protected]c333e792012-01-06 16:57:39[diff] [blame]188}
189
190void AddPattern(URLPatternSet* extent, const std::string& pattern) {
191 int schemes = URLPattern::SCHEME_ALL;
192 extent->AddPattern(URLPattern(schemes, pattern));
193}
194
195} // namespace
196
197// Test that the PermissionUpdater can correctly add and remove active
198// permissions. This tests all of PermissionsUpdater's public methods because
[email protected]23a85362014-07-07 23:26:19[diff] [blame]199// GrantActivePermissions and SetPermissions are used by AddPermissions.
[email protected]c333e792012-01-06 16:57:39[diff] [blame]200TEST_F(PermissionsUpdaterTest, AddAndRemovePermissions) {
201 InitializeEmptyExtensionService();
202
203 // Load the test extension.
[email protected]04e4bbe2013-04-27 07:44:24[diff] [blame]204 scoped_refptr<Extension> extension = LoadOurManifest();
205 ASSERT_TRUE(extension.get());
[email protected]c333e792012-01-06 16:57:39[diff] [blame]206
[email protected]c2e66e12012-06-27 06:27:06[diff] [blame]207 APIPermissionSet default_apis;
208 default_apis.insert(APIPermission::kManagement);
[email protected]e737c442013-11-15 15:55:24[diff] [blame]209 ManifestPermissionSet empty_manifest_permissions;
210
[email protected]c333e792012-01-06 16:57:39[diff] [blame]211 URLPatternSet default_hosts;
212 AddPattern(&default_hosts, "http://a.com/*");
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]213 PermissionSet default_permissions(default_apis, empty_manifest_permissions,
214 default_hosts, URLPatternSet());
[email protected]c333e792012-01-06 16:57:39[diff] [blame]215
216 // Make sure it loaded properly.
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]217 ASSERT_EQ(default_permissions,
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]218 extension->permissions_data()->active_permissions());
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]219
220 ExtensionPrefs* prefs = ExtensionPrefs::Get(profile_.get());
221 scoped_ptr<const PermissionSet> active_permissions;
222 scoped_ptr<const PermissionSet> granted_permissions;
[email protected]c333e792012-01-06 16:57:39[diff] [blame]223
224 // Add a few permissions.
[email protected]c2e66e12012-06-27 06:27:06[diff] [blame]225 APIPermissionSet apis;
[email protected]81327f12014-07-29 04:24:11[diff] [blame]226 apis.insert(APIPermission::kNotifications);
[email protected]c333e792012-01-06 16:57:39[diff] [blame]227 URLPatternSet hosts;
228 AddPattern(&hosts, "http://*.c.com/*");
229
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]230 {
231 PermissionSet delta(apis, empty_manifest_permissions, hosts,
232 URLPatternSet());
[email protected]c333e792012-01-06 16:57:39[diff] [blame]233
234 PermissionsUpdaterListener listener;
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]235 PermissionsUpdater(profile_.get()).AddPermissions(extension.get(), delta);
[email protected]c333e792012-01-06 16:57:39[diff] [blame]236
237 listener.Wait();
238
239 // Verify that the permission notification was sent correctly.
240 ASSERT_TRUE(listener.received_notification());
dchengc7047942014-08-26 05:05:31[diff] [blame]241 ASSERT_EQ(extension.get(), listener.extension());
[email protected]c333e792012-01-06 16:57:39[diff] [blame]242 ASSERT_EQ(UpdatedExtensionPermissionsInfo::ADDED, listener.reason());
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]243 ASSERT_EQ(delta, *listener.permissions());
[email protected]c333e792012-01-06 16:57:39[diff] [blame]244
245 // Make sure the extension's active permissions reflect the change.
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]246 active_permissions = PermissionSet::CreateUnion(default_permissions, delta);
[email protected]cadac622013-06-11 16:46:36[diff] [blame]247 ASSERT_EQ(*active_permissions.get(),
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]248 extension->permissions_data()->active_permissions());
[email protected]c333e792012-01-06 16:57:39[diff] [blame]249
250 // Verify that the new granted and active permissions were also stored
251 // in the extension preferences. In this case, the granted permissions should
252 // be equal to the active permissions.
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]253 ASSERT_EQ(*active_permissions.get(),
254 *prefs->GetActivePermissions(extension->id()));
255 granted_permissions = active_permissions->Clone();
256 ASSERT_EQ(*granted_permissions,
257 *prefs->GetGrantedPermissions(extension->id()));
258 }
[email protected]c333e792012-01-06 16:57:39[diff] [blame]259
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]260 {
[email protected]c333e792012-01-06 16:57:39[diff] [blame]261 // In the second part of the test, we'll remove the permissions that we
[email protected]81327f12014-07-29 04:24:11[diff] [blame]262 // just added except for 'notifications'.
263 apis.erase(APIPermission::kNotifications);
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]264 PermissionSet delta(apis, empty_manifest_permissions, hosts, URLPatternSet());
[email protected]c333e792012-01-06 16:57:39[diff] [blame]265
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]266 PermissionsUpdaterListener listener;
267 PermissionsUpdater(profile_.get())
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]268 .RemovePermissions(extension.get(), delta,
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]269 PermissionsUpdater::REMOVE_SOFT);
[email protected]c333e792012-01-06 16:57:39[diff] [blame]270 listener.Wait();
271
272 // Verify that the notification was correct.
273 ASSERT_TRUE(listener.received_notification());
dchengc7047942014-08-26 05:05:31[diff] [blame]274 ASSERT_EQ(extension.get(), listener.extension());
[email protected]c333e792012-01-06 16:57:39[diff] [blame]275 ASSERT_EQ(UpdatedExtensionPermissionsInfo::REMOVED, listener.reason());
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]276 ASSERT_EQ(delta, *listener.permissions());
[email protected]c333e792012-01-06 16:57:39[diff] [blame]277
278 // Make sure the extension's active permissions reflect the change.
279 active_permissions =
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]280 PermissionSet::CreateDifference(*active_permissions, delta);
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]281 ASSERT_EQ(*active_permissions,
282 extension->permissions_data()->active_permissions());
[email protected]c333e792012-01-06 16:57:39[diff] [blame]283
284 // Verify that the extension prefs hold the new active permissions and the
285 // same granted permissions.
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]286 ASSERT_EQ(*active_permissions, *prefs->GetActivePermissions(extension->id()));
[email protected]c333e792012-01-06 16:57:39[diff] [blame]287
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]288 ASSERT_EQ(*granted_permissions,
289 *prefs->GetGrantedPermissions(extension->id()));
290 }
[email protected]c333e792012-01-06 16:57:39[diff] [blame]291}
292
[email protected]23a85362014-07-07 23:26:19[diff] [blame]293TEST_F(PermissionsUpdaterTest, WithholdAllHosts) {
294 InitializeEmptyExtensionService();
295
296 // Permissions are only withheld with the appropriate switch turned on.
297 scoped_ptr<FeatureSwitch::ScopedOverride> switch_override(
298 new FeatureSwitch::ScopedOverride(FeatureSwitch::scripts_require_action(),
299 FeatureSwitch::OVERRIDE_ENABLED));
300
301 URLPattern google(URLPattern::SCHEME_ALL, "http://www.google.com/*");
302 URLPattern sub_google(URLPattern::SCHEME_ALL, "http://*.google.com/*");
303 URLPattern all_http(URLPattern::SCHEME_ALL, "http://*/*");
304 URLPattern all_hosts(URLPattern::SCHEME_ALL, "<all_urls>");
305 URLPattern all_com(URLPattern::SCHEME_ALL, "http://*.com/*");
306
307 std::set<URLPattern> all_host_patterns;
308 std::set<URLPattern> safe_patterns;
309
310 all_host_patterns.insert(all_http);
311 all_host_patterns.insert(all_hosts);
312 all_host_patterns.insert(all_com);
313
314 safe_patterns.insert(google);
315 safe_patterns.insert(sub_google);
316
317 std::set<URLPattern> all_patterns = base::STLSetUnion<std::set<URLPattern> >(
318 all_host_patterns, safe_patterns);
319
320 scoped_refptr<const Extension> extension = CreateExtensionWithPermissions(
rdevlin.croninb8dffe52015-02-07 00:58:01[diff] [blame]321 all_patterns, all_patterns, Manifest::INTERNAL, "a");
[email protected]23a85362014-07-07 23:26:19[diff] [blame]322 const PermissionsData* permissions_data = extension->permissions_data();
323 PermissionsUpdater updater(profile_.get());
dchengc7047942014-08-26 05:05:31[diff] [blame]324 updater.InitializePermissions(extension.get());
[email protected]23a85362014-07-07 23:26:19[diff] [blame]325
326 // At first, the active permissions should have only the safe patterns and
327 // the withheld permissions should have only the all host patterns.
328 EXPECT_TRUE(SetsAreEqual(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]329 permissions_data->active_permissions().scriptable_hosts().patterns(),
[email protected]23a85362014-07-07 23:26:19[diff] [blame]330 safe_patterns));
331 EXPECT_TRUE(SetsAreEqual(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]332 permissions_data->active_permissions().explicit_hosts().patterns(),
[email protected]23a85362014-07-07 23:26:19[diff] [blame]333 safe_patterns));
334 EXPECT_TRUE(SetsAreEqual(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]335 permissions_data->withheld_permissions().scriptable_hosts().patterns(),
[email protected]23a85362014-07-07 23:26:19[diff] [blame]336 all_host_patterns));
337 EXPECT_TRUE(SetsAreEqual(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]338 permissions_data->withheld_permissions().explicit_hosts().patterns(),
[email protected]23a85362014-07-07 23:26:19[diff] [blame]339 all_host_patterns));
340
341 // Then, we grant the withheld all-hosts permissions.
dchengc7047942014-08-26 05:05:31[diff] [blame]342 updater.GrantWithheldImpliedAllHosts(extension.get());
[email protected]23a85362014-07-07 23:26:19[diff] [blame]343 // Now, active permissions should have all patterns, and withheld permissions
344 // should have none.
345 EXPECT_TRUE(SetsAreEqual(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]346 permissions_data->active_permissions().scriptable_hosts().patterns(),
[email protected]23a85362014-07-07 23:26:19[diff] [blame]347 all_patterns));
348 EXPECT_TRUE(permissions_data->withheld_permissions()
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]349 .scriptable_hosts()
[email protected]23a85362014-07-07 23:26:19[diff] [blame]350 .patterns()
351 .empty());
352 EXPECT_TRUE(SetsAreEqual(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]353 permissions_data->active_permissions().explicit_hosts().patterns(),
[email protected]23a85362014-07-07 23:26:19[diff] [blame]354 all_patterns));
355 EXPECT_TRUE(permissions_data->withheld_permissions()
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]356 .explicit_hosts()
[email protected]23a85362014-07-07 23:26:19[diff] [blame]357 .patterns()
358 .empty());
359
360 // Finally, we revoke the all hosts permissions.
dchengc7047942014-08-26 05:05:31[diff] [blame]361 updater.WithholdImpliedAllHosts(extension.get());
[email protected]23a85362014-07-07 23:26:19[diff] [blame]362
363 // We should be back to our initial state - all_hosts should be withheld, and
364 // the safe patterns should be granted.
365 EXPECT_TRUE(SetsAreEqual(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]366 permissions_data->active_permissions().scriptable_hosts().patterns(),
[email protected]23a85362014-07-07 23:26:19[diff] [blame]367 safe_patterns));
368 EXPECT_TRUE(SetsAreEqual(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]369 permissions_data->active_permissions().explicit_hosts().patterns(),
[email protected]23a85362014-07-07 23:26:19[diff] [blame]370 safe_patterns));
371 EXPECT_TRUE(SetsAreEqual(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]372 permissions_data->withheld_permissions().scriptable_hosts().patterns(),
[email protected]23a85362014-07-07 23:26:19[diff] [blame]373 all_host_patterns));
374 EXPECT_TRUE(SetsAreEqual(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]375 permissions_data->withheld_permissions().explicit_hosts().patterns(),
[email protected]23a85362014-07-07 23:26:19[diff] [blame]376 all_host_patterns));
377
378 // Creating a component extension should result in no withheld permissions.
379 extension = CreateExtensionWithPermissions(
rdevlin.croninb8dffe52015-02-07 00:58:01[diff] [blame]380 all_patterns, all_patterns, Manifest::COMPONENT, "b");
[email protected]23a85362014-07-07 23:26:19[diff] [blame]381 permissions_data = extension->permissions_data();
dchengc7047942014-08-26 05:05:31[diff] [blame]382 updater.InitializePermissions(extension.get());
[email protected]23a85362014-07-07 23:26:19[diff] [blame]383 EXPECT_TRUE(SetsAreEqual(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]384 permissions_data->active_permissions().scriptable_hosts().patterns(),
[email protected]23a85362014-07-07 23:26:19[diff] [blame]385 all_patterns));
386 EXPECT_TRUE(permissions_data->withheld_permissions()
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]387 .scriptable_hosts()
[email protected]23a85362014-07-07 23:26:19[diff] [blame]388 .patterns()
389 .empty());
390 EXPECT_TRUE(SetsAreEqual(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]391 permissions_data->active_permissions().explicit_hosts().patterns(),
[email protected]23a85362014-07-07 23:26:19[diff] [blame]392 all_patterns));
393 EXPECT_TRUE(permissions_data->withheld_permissions()
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]394 .explicit_hosts()
[email protected]23a85362014-07-07 23:26:19[diff] [blame]395 .patterns()
396 .empty());
397
398 // Without the switch, we shouldn't withhold anything.
399 switch_override.reset();
400 extension = CreateExtensionWithPermissions(
rdevlin.croninb8dffe52015-02-07 00:58:01[diff] [blame]401 all_patterns, all_patterns, Manifest::INTERNAL, "c");
[email protected]23a85362014-07-07 23:26:19[diff] [blame]402 permissions_data = extension->permissions_data();
dchengc7047942014-08-26 05:05:31[diff] [blame]403 updater.InitializePermissions(extension.get());
[email protected]23a85362014-07-07 23:26:19[diff] [blame]404 EXPECT_TRUE(SetsAreEqual(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]405 permissions_data->active_permissions().scriptable_hosts().patterns(),
[email protected]23a85362014-07-07 23:26:19[diff] [blame]406 all_patterns));
407 EXPECT_TRUE(permissions_data->withheld_permissions()
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]408 .scriptable_hosts()
[email protected]23a85362014-07-07 23:26:19[diff] [blame]409 .patterns()
410 .empty());
411 EXPECT_TRUE(SetsAreEqual(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]412 permissions_data->active_permissions().explicit_hosts().patterns(),
[email protected]23a85362014-07-07 23:26:19[diff] [blame]413 all_patterns));
414 EXPECT_TRUE(permissions_data->withheld_permissions()
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]415 .explicit_hosts()
[email protected]23a85362014-07-07 23:26:19[diff] [blame]416 .patterns()
417 .empty());
418}
419
rdevlin.croninb8dffe52015-02-07 00:58:01[diff] [blame]420// Tests that withholding all hosts behaves properly with extensions installed
421// when the switch is turned on and off.
422TEST_F(PermissionsUpdaterTest, WithholdAllHostsWithTransientSwitch) {
423 InitializeEmptyExtensionService();
424
425 URLPattern all_hosts(URLPattern::SCHEME_ALL, "<all_urls>");
426 std::set<URLPattern> all_host_patterns;
427 all_host_patterns.insert(all_hosts);
428
429 scoped_refptr<const Extension> extension_a = CreateExtensionWithPermissions(
430 all_host_patterns, all_host_patterns, Manifest::INTERNAL, "a");
431 PermissionsUpdater updater(profile());
432 updater.InitializePermissions(extension_a.get());
433 const PermissionsData* permissions_data = extension_a->permissions_data();
434
435 // Since the extension was created without the switch on, it should default
436 // to having all urls access.
437 EXPECT_TRUE(SetsAreEqual(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]438 permissions_data->active_permissions().scriptable_hosts().patterns(),
rdevlin.croninb8dffe52015-02-07 00:58:01[diff] [blame]439 all_host_patterns));
440 EXPECT_TRUE(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]441 permissions_data->withheld_permissions().scriptable_hosts().is_empty());
rdevlin.croninb8dffe52015-02-07 00:58:01[diff] [blame]442 EXPECT_TRUE(util::AllowedScriptingOnAllUrls(extension_a->id(), profile()));
443
444 // Enable the switch, and re-init permission for the extension.
445 scoped_ptr<FeatureSwitch::ScopedOverride> switch_override(
446 new FeatureSwitch::ScopedOverride(FeatureSwitch::scripts_require_action(),
447 FeatureSwitch::OVERRIDE_ENABLED));
448 updater.InitializePermissions(extension_a.get());
449
450 // Since the extension was installed when the switch was off, it should still
451 // have the all urls pref.
452 permissions_data = extension_a->permissions_data();
453 EXPECT_TRUE(SetsAreEqual(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]454 permissions_data->active_permissions().scriptable_hosts().patterns(),
rdevlin.croninb8dffe52015-02-07 00:58:01[diff] [blame]455 all_host_patterns));
456 EXPECT_TRUE(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]457 permissions_data->withheld_permissions().scriptable_hosts().is_empty());
rdevlin.croninb8dffe52015-02-07 00:58:01[diff] [blame]458 EXPECT_TRUE(util::AllowedScriptingOnAllUrls(extension_a->id(), profile()));
459
460 // Load a new extension, which also has all urls. Since the switch is now on,
461 // the permissions should be withheld.
462 scoped_refptr<const Extension> extension_b = CreateExtensionWithPermissions(
463 all_host_patterns, all_host_patterns, Manifest::INTERNAL, "b");
464 updater.InitializePermissions(extension_b.get());
465 permissions_data = extension_b->permissions_data();
466
467 EXPECT_TRUE(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]468 permissions_data->active_permissions().scriptable_hosts().is_empty());
rdevlin.croninb8dffe52015-02-07 00:58:01[diff] [blame]469 EXPECT_TRUE(SetsAreEqual(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]470 permissions_data->withheld_permissions().scriptable_hosts().patterns(),
rdevlin.croninb8dffe52015-02-07 00:58:01[diff] [blame]471 all_host_patterns));
472 EXPECT_FALSE(util::AllowedScriptingOnAllUrls(extension_b->id(), profile()));
473
474 // Disable the switch, and reload the extension.
475 switch_override.reset();
476 updater.InitializePermissions(extension_b.get());
477
478 // Since the extension was installed with the switch on, it should still be
479 // restricted with the switch off.
480 permissions_data = extension_b->permissions_data();
481 EXPECT_TRUE(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]482 permissions_data->active_permissions().scriptable_hosts().is_empty());
rdevlin.croninb8dffe52015-02-07 00:58:01[diff] [blame]483 EXPECT_TRUE(SetsAreEqual(
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]484 permissions_data->withheld_permissions().scriptable_hosts().patterns(),
rdevlin.croninb8dffe52015-02-07 00:58:01[diff] [blame]485 all_host_patterns));
486 EXPECT_FALSE(util::AllowedScriptingOnAllUrls(extension_b->id(), profile()));
487}
488
rdevlin.cronin77cb0ef2015-09-16 17:03:48[diff] [blame]489TEST_F(PermissionsUpdaterTest, RevokingPermissions) {
490 InitializeEmptyExtensionService();
491
492 ExtensionPrefs* prefs = ExtensionPrefs::Get(profile());
493
494 auto api_permission_set = [](APIPermission::ID id) {
495 APIPermissionSet apis;
496 apis.insert(id);
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]497 return make_scoped_ptr(new PermissionSet(apis, ManifestPermissionSet(),
498 URLPatternSet(), URLPatternSet()));
rdevlin.cronin77cb0ef2015-09-16 17:03:48[diff] [blame]499 };
500
501 auto url_permission_set = [](const GURL& url) {
502 URLPatternSet set;
503 URLPattern pattern(URLPattern::SCHEME_ALL, url.spec());
504 set.AddPattern(pattern);
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]505 return make_scoped_ptr(new PermissionSet(
rdevlin.cronin77cb0ef2015-09-16 17:03:48[diff] [blame]506 APIPermissionSet(), ManifestPermissionSet(), set, URLPatternSet()));
507 };
508
509 {
510 // Test revoking optional permissions.
511 ListBuilder optional_permissions;
512 optional_permissions.Append("tabs").Append("cookies").Append("management");
513 ListBuilder required_permissions;
514 required_permissions.Append("topSites");
515 scoped_refptr<const Extension> extension =
516 CreateExtensionWithOptionalPermissions(optional_permissions.Build(),
517 required_permissions.Build(),
518 "My Extension");
519
520 PermissionsUpdater updater(profile());
521 EXPECT_TRUE(updater.GetRevokablePermissions(extension.get())->IsEmpty());
522
523 // Add the optional "cookies" permission.
524 updater.AddPermissions(extension.get(),
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]525 *api_permission_set(APIPermission::kCookie));
rdevlin.cronin77cb0ef2015-09-16 17:03:48[diff] [blame]526 const PermissionsData* permissions = extension->permissions_data();
527 // The extension should have the permission in its active permissions and
528 // its granted permissions (stored in prefs). And, the permission should
529 // be revokable.
530 EXPECT_TRUE(permissions->HasAPIPermission(APIPermission::kCookie));
rdevlin.cronine2d0fd02015-09-24 22:35:49[diff] [blame]531 scoped_ptr<const PermissionSet> granted_permissions =
rdevlin.cronin77cb0ef2015-09-16 17:03:48[diff] [blame]532 prefs->GetGrantedPermissions(extension->id());
533 EXPECT_TRUE(granted_permissions->HasAPIPermission(APIPermission::kCookie));
534 EXPECT_TRUE(updater.GetRevokablePermissions(extension.get())
535 ->HasAPIPermission(APIPermission::kCookie));
536
537 // Repeat with "tabs".
538 updater.AddPermissions(extension.get(),
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]539 *api_permission_set(APIPermission::kTab));
rdevlin.cronin77cb0ef2015-09-16 17:03:48[diff] [blame]540 EXPECT_TRUE(permissions->HasAPIPermission(APIPermission::kTab));
541 granted_permissions = prefs->GetGrantedPermissions(extension->id());
542 EXPECT_TRUE(granted_permissions->HasAPIPermission(APIPermission::kTab));
543 EXPECT_TRUE(updater.GetRevokablePermissions(extension.get())
544 ->HasAPIPermission(APIPermission::kTab));
545
546 // Remove the "tabs" permission. The extension should no longer have it
547 // in its active or granted permissions, and it shouldn't be revokable.
548 // The extension should still have the "cookies" permission.
549 updater.RemovePermissions(extension.get(),
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]550 *api_permission_set(APIPermission::kTab),
rdevlin.cronin77cb0ef2015-09-16 17:03:48[diff] [blame]551 PermissionsUpdater::REMOVE_HARD);
552 EXPECT_FALSE(permissions->HasAPIPermission(APIPermission::kTab));
553 granted_permissions = prefs->GetGrantedPermissions(extension->id());
554 EXPECT_FALSE(granted_permissions->HasAPIPermission(APIPermission::kTab));
555 EXPECT_FALSE(updater.GetRevokablePermissions(extension.get())
556 ->HasAPIPermission(APIPermission::kTab));
557 EXPECT_TRUE(permissions->HasAPIPermission(APIPermission::kCookie));
558 granted_permissions = prefs->GetGrantedPermissions(extension->id());
559 EXPECT_TRUE(granted_permissions->HasAPIPermission(APIPermission::kCookie));
560 EXPECT_TRUE(updater.GetRevokablePermissions(extension.get())
561 ->HasAPIPermission(APIPermission::kCookie));
562 }
563
564 {
565 // Test revoking non-optional host permissions with click-to-script.
566 FeatureSwitch::ScopedOverride scoped_override(
567 FeatureSwitch::scripts_require_action(), true);
568 ListBuilder optional_permissions;
569 optional_permissions.Append("tabs");
570 ListBuilder required_permissions;
571 required_permissions.Append("topSites")
572 .Append("http://*/*")
573 .Append("http://*.google.com/*");
574 scoped_refptr<const Extension> extension =
575 CreateExtensionWithOptionalPermissions(optional_permissions.Build(),
576 required_permissions.Build(),
577 "My Extension");
578 PermissionsUpdater updater(profile());
579 updater.InitializePermissions(extension.get());
580
581 // By default, all-hosts was withheld, so the extension shouldn't have
582 // access to any site (like foo.com).
583 const GURL kOrigin("http://foo.com");
584 EXPECT_FALSE(extension->permissions_data()
585 ->active_permissions()
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]586 .HasExplicitAccessToOrigin(kOrigin));
rdevlin.cronin77cb0ef2015-09-16 17:03:48[diff] [blame]587 EXPECT_TRUE(extension->permissions_data()
588 ->withheld_permissions()
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]589 .HasExplicitAccessToOrigin(kOrigin));
rdevlin.cronin77cb0ef2015-09-16 17:03:48[diff] [blame]590
591 const GURL kRequiredOrigin("http://www.google.com/");
592 EXPECT_TRUE(extension->permissions_data()
593 ->active_permissions()
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]594 .HasExplicitAccessToOrigin(kRequiredOrigin));
rdevlin.cronin77cb0ef2015-09-16 17:03:48[diff] [blame]595 EXPECT_FALSE(updater.GetRevokablePermissions(extension.get())
596 ->HasExplicitAccessToOrigin(kRequiredOrigin));
597
598 // Give the extension access to foo.com. Now, the foo.com permission should
599 // be revokable.
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]600 updater.AddPermissions(extension.get(), *url_permission_set(kOrigin));
rdevlin.cronin77cb0ef2015-09-16 17:03:48[diff] [blame]601 EXPECT_TRUE(extension->permissions_data()
602 ->active_permissions()
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]603 .HasExplicitAccessToOrigin(kOrigin));
rdevlin.cronin77cb0ef2015-09-16 17:03:48[diff] [blame]604 EXPECT_TRUE(updater.GetRevokablePermissions(extension.get())
605 ->HasExplicitAccessToOrigin(kOrigin));
606
607 // Revoke the foo.com permission. The extension should no longer have
608 // access to foo.com, and the revokable permissions should be empty.
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]609 updater.RemovePermissions(extension.get(), *url_permission_set(kOrigin),
rdevlin.cronin77cb0ef2015-09-16 17:03:48[diff] [blame]610 PermissionsUpdater::REMOVE_HARD);
611 EXPECT_FALSE(extension->permissions_data()
612 ->active_permissions()
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]613 .HasExplicitAccessToOrigin(kOrigin));
rdevlin.cronin77cb0ef2015-09-16 17:03:48[diff] [blame]614 EXPECT_TRUE(extension->permissions_data()
615 ->withheld_permissions()
rdevlin.cronind630c302015-09-30 20:19:33[diff] [blame]616 .HasExplicitAccessToOrigin(kOrigin));
rdevlin.cronin77cb0ef2015-09-16 17:03:48[diff] [blame]617 EXPECT_TRUE(updater.GetRevokablePermissions(extension.get())->IsEmpty());
618 }
619}
620
[email protected]c333e792012-01-06 16:57:39[diff] [blame]621} // namespace extensions