[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
dcheng | 1fc00f1 | 2015-12-26 22:18:03 | [diff] [blame] | 5 | #include "chrome/browser/extensions/permissions_updater.h" |
| 6 | |
| 7 | #include <utility> |
| 8 | |
[email protected] | 5799981 | 2013-02-24 05:40:52 | [diff] [blame] | 9 | #include "base/files/file_path.h" |
[email protected] | ffbec69 | 2012-02-26 20:26:42 | [diff] [blame] | 10 | #include "base/json/json_file_value_serializer.h" |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 11 | #include "base/memory/ref_counted.h" |
[email protected] | 78089f0 | 2012-07-19 06:11:28 | [diff] [blame] | 12 | #include "base/run_loop.h" |
Devlin Cronin | cac45cb | 2018-04-25 04:43:03 | [diff] [blame] | 13 | #include "base/test/scoped_feature_list.h" |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 14 | #include "base/values.h" |
[email protected] | 49a01e64 | 2013-07-12 00:29:45 | [diff] [blame] | 15 | #include "chrome/browser/chrome_notification_types.h" |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 16 | #include "chrome/browser/extensions/extension_service.h" |
[email protected] | f484f8d5 | 2014-06-12 08:38:18 | [diff] [blame] | 17 | #include "chrome/browser/extensions/extension_service_test_base.h" |
rdevlin.cronin | b8dffe5 | 2015-02-07 00:58:01 | [diff] [blame] | 18 | #include "chrome/browser/extensions/extension_util.h" |
Devlin Cronin | f355f1de | 2018-05-14 15:27:24 | [diff] [blame] | 19 | #include "chrome/browser/extensions/scripting_permissions_modifier.h" |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 20 | #include "chrome/common/chrome_paths.h" |
[email protected] | 04e4bbe | 2013-04-27 07:44:24 | [diff] [blame] | 21 | #include "chrome/common/extensions/extension_test_util.h" |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 22 | #include "chrome/test/base/testing_profile.h" |
rdevlin.cronin | b8dffe5 | 2015-02-07 00:58:01 | [diff] [blame] | 23 | #include "components/crx_file/id_util.h" |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 24 | #include "content/public/browser/notification_observer.h" |
| 25 | #include "content/public/browser/notification_registrar.h" |
| 26 | #include "content/public/browser/notification_service.h" |
[email protected] | dccba4f8 | 2014-05-29 00:52:56 | [diff] [blame] | 27 | #include "extensions/browser/extension_prefs.h" |
[email protected] | e4452d3 | 2013-11-15 23:07:41 | [diff] [blame] | 28 | #include "extensions/common/extension.h" |
[email protected] | 23a8536 | 2014-07-07 23:26:19 | [diff] [blame] | 29 | #include "extensions/common/extension_builder.h" |
Devlin Cronin | cac45cb | 2018-04-25 04:43:03 | [diff] [blame] | 30 | #include "extensions/common/extension_features.h" |
[email protected] | 5a55f3f | 2013-10-29 01:08:29 | [diff] [blame] | 31 | #include "extensions/common/permissions/permission_set.h" |
[email protected] | 076ebeda | 2014-06-06 21:47:26 | [diff] [blame] | 32 | #include "extensions/common/permissions/permissions_data.h" |
[email protected] | 23a8536 | 2014-07-07 23:26:19 | [diff] [blame] | 33 | #include "extensions/common/value_builder.h" |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 34 | #include "testing/gtest/include/gtest/gtest.h" |
| 35 | |
[email protected] | 04e4bbe | 2013-04-27 07:44:24 | [diff] [blame] | 36 | using extension_test_util::LoadManifest; |
| 37 | |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 38 | namespace extensions { |
| 39 | |
| 40 | namespace { |
| 41 | |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 42 | scoped_refptr<const Extension> CreateExtensionWithOptionalPermissions( |
dcheng | c963c714 | 2016-04-08 03:55:22 | [diff] [blame] | 43 | std::unique_ptr<base::Value> optional_permissions, |
| 44 | std::unique_ptr<base::Value> permissions, |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 45 | const std::string& name) { |
| 46 | return ExtensionBuilder() |
| 47 | .SetLocation(Manifest::INTERNAL) |
dcheng | 794d2bd | 2016-02-27 03:51:32 | [diff] [blame] | 48 | .SetManifest( |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 49 | DictionaryBuilder() |
| 50 | .Set("name", name) |
| 51 | .Set("description", "foo") |
| 52 | .Set("manifest_version", 2) |
| 53 | .Set("version", "0.1.2.3") |
dcheng | 1fc00f1 | 2015-12-26 22:18:03 | [diff] [blame] | 54 | .Set("permissions", std::move(permissions)) |
dcheng | 794d2bd | 2016-02-27 03:51:32 | [diff] [blame] | 55 | .Set("optional_permissions", std::move(optional_permissions)) |
| 56 | .Build()) |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 57 | .SetID(crx_file::id_util::GenerateId(name)) |
| 58 | .Build(); |
| 59 | } |
| 60 | |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 61 | // A helper class that listens for NOTIFICATION_EXTENSION_PERMISSIONS_UPDATED. |
| 62 | class PermissionsUpdaterListener : public content::NotificationObserver { |
| 63 | public: |
| 64 | PermissionsUpdaterListener() |
| 65 | : received_notification_(false), waiting_(false) { |
| 66 | registrar_.Add(this, |
[email protected] | adf5a10 | 2014-07-31 12:44:06 | [diff] [blame] | 67 | extensions::NOTIFICATION_EXTENSION_PERMISSIONS_UPDATED, |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 68 | content::NotificationService::AllSources()); |
| 69 | } |
| 70 | |
| 71 | void Reset() { |
| 72 | received_notification_ = false; |
| 73 | waiting_ = false; |
| 74 | extension_ = NULL; |
| 75 | permissions_ = NULL; |
| 76 | } |
| 77 | |
| 78 | void Wait() { |
| 79 | if (received_notification_) |
| 80 | return; |
| 81 | |
| 82 | waiting_ = true; |
[email protected] | 78089f0 | 2012-07-19 06:11:28 | [diff] [blame] | 83 | base::RunLoop run_loop; |
| 84 | run_loop.Run(); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 85 | } |
| 86 | |
| 87 | bool received_notification() const { return received_notification_; } |
[email protected] | dc24976f | 2013-06-02 21:15:09 | [diff] [blame] | 88 | const Extension* extension() const { return extension_.get(); } |
| 89 | const PermissionSet* permissions() const { return permissions_.get(); } |
| 90 | UpdatedExtensionPermissionsInfo::Reason reason() const { return reason_; } |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 91 | |
| 92 | private: |
dcheng | ae36a4a | 2014-10-21 12:36:36 | [diff] [blame] | 93 | void Observe(int type, |
| 94 | const content::NotificationSource& source, |
| 95 | const content::NotificationDetails& details) override { |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 96 | received_notification_ = true; |
| 97 | UpdatedExtensionPermissionsInfo* info = |
| 98 | content::Details<UpdatedExtensionPermissionsInfo>(details).ptr(); |
| 99 | |
| 100 | extension_ = info->extension; |
rdevlin.cronin | e2d0fd0 | 2015-09-24 22:35:49 | [diff] [blame] | 101 | permissions_ = info->permissions.Clone(); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 102 | reason_ = info->reason; |
| 103 | |
| 104 | if (waiting_) { |
| 105 | waiting_ = false; |
Gabriel Charette | 53a9ef81 | 2017-07-26 12:36:23 | [diff] [blame] | 106 | base::RunLoop::QuitCurrentWhenIdleDeprecated(); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 107 | } |
| 108 | } |
| 109 | |
| 110 | bool received_notification_; |
| 111 | bool waiting_; |
| 112 | content::NotificationRegistrar registrar_; |
| 113 | scoped_refptr<const Extension> extension_; |
dcheng | c963c714 | 2016-04-08 03:55:22 | [diff] [blame] | 114 | std::unique_ptr<const PermissionSet> permissions_; |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 115 | UpdatedExtensionPermissionsInfo::Reason reason_; |
| 116 | }; |
| 117 | |
| 118 | class PermissionsUpdaterTest : public ExtensionServiceTestBase { |
| 119 | }; |
| 120 | |
[email protected] | 04e4bbe | 2013-04-27 07:44:24 | [diff] [blame] | 121 | scoped_refptr<Extension> LoadOurManifest() { |
[email protected] | 650b2d5 | 2013-02-10 03:41:45 | [diff] [blame] | 122 | base::FilePath path; |
[email protected] | 04e4bbe | 2013-04-27 07:44:24 | [diff] [blame] | 123 | path = path.AppendASCII("api_test") |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 124 | .AppendASCII("permissions") |
[email protected] | 04e4bbe | 2013-04-27 07:44:24 | [diff] [blame] | 125 | .AppendASCII("optional"); |
| 126 | return LoadManifest(path.AsUTF8Unsafe(), |
| 127 | "manifest.json", |
| 128 | Manifest::INTERNAL, |
| 129 | Extension::NO_FLAGS); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 130 | } |
| 131 | |
| 132 | void AddPattern(URLPatternSet* extent, const std::string& pattern) { |
| 133 | int schemes = URLPattern::SCHEME_ALL; |
| 134 | extent->AddPattern(URLPattern(schemes, pattern)); |
| 135 | } |
| 136 | |
isandrk | 80e3eb9 | 2017-04-12 15:22:14 | [diff] [blame] | 137 | class PermissionsUpdaterTestDelegate : public PermissionsUpdater::Delegate { |
| 138 | public: |
| 139 | PermissionsUpdaterTestDelegate() {} |
| 140 | ~PermissionsUpdaterTestDelegate() override {} |
| 141 | |
| 142 | // PermissionsUpdater::Delegate |
| 143 | void InitializePermissions( |
| 144 | const Extension* extension, |
| 145 | std::unique_ptr<const PermissionSet>* granted_permissions) override { |
| 146 | // Remove the cookie permission. |
| 147 | APIPermissionSet api_permission_set((*granted_permissions)->apis()); |
| 148 | api_permission_set.erase(APIPermission::kCookie); |
| 149 | granted_permissions->reset( |
| 150 | new PermissionSet(api_permission_set, ManifestPermissionSet(), |
| 151 | URLPatternSet(), URLPatternSet())); |
| 152 | } |
| 153 | |
| 154 | private: |
| 155 | DISALLOW_COPY_AND_ASSIGN(PermissionsUpdaterTestDelegate); |
| 156 | }; |
| 157 | |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 158 | } // namespace |
| 159 | |
| 160 | // Test that the PermissionUpdater can correctly add and remove active |
| 161 | // permissions. This tests all of PermissionsUpdater's public methods because |
[email protected] | 23a8536 | 2014-07-07 23:26:19 | [diff] [blame] | 162 | // GrantActivePermissions and SetPermissions are used by AddPermissions. |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 163 | TEST_F(PermissionsUpdaterTest, GrantAndRevokeOptionalPermissions) { |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 164 | InitializeEmptyExtensionService(); |
| 165 | |
| 166 | // Load the test extension. |
[email protected] | 04e4bbe | 2013-04-27 07:44:24 | [diff] [blame] | 167 | scoped_refptr<Extension> extension = LoadOurManifest(); |
| 168 | ASSERT_TRUE(extension.get()); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 169 | |
[email protected] | c2e66e1 | 2012-06-27 06:27:06 | [diff] [blame] | 170 | APIPermissionSet default_apis; |
| 171 | default_apis.insert(APIPermission::kManagement); |
[email protected] | e737c44 | 2013-11-15 15:55:24 | [diff] [blame] | 172 | ManifestPermissionSet empty_manifest_permissions; |
| 173 | |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 174 | URLPatternSet default_hosts; |
| 175 | AddPattern(&default_hosts, "http://a.com/*"); |
rdevlin.cronin | e2d0fd0 | 2015-09-24 22:35:49 | [diff] [blame] | 176 | PermissionSet default_permissions(default_apis, empty_manifest_permissions, |
| 177 | default_hosts, URLPatternSet()); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 178 | |
| 179 | // Make sure it loaded properly. |
rdevlin.cronin | e2d0fd0 | 2015-09-24 22:35:49 | [diff] [blame] | 180 | ASSERT_EQ(default_permissions, |
rdevlin.cronin | d630c30 | 2015-09-30 20:19:33 | [diff] [blame] | 181 | extension->permissions_data()->active_permissions()); |
rdevlin.cronin | e2d0fd0 | 2015-09-24 22:35:49 | [diff] [blame] | 182 | |
| 183 | ExtensionPrefs* prefs = ExtensionPrefs::Get(profile_.get()); |
dcheng | c963c714 | 2016-04-08 03:55:22 | [diff] [blame] | 184 | std::unique_ptr<const PermissionSet> active_permissions; |
| 185 | std::unique_ptr<const PermissionSet> granted_permissions; |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 186 | |
| 187 | // Add a few permissions. |
[email protected] | c2e66e1 | 2012-06-27 06:27:06 | [diff] [blame] | 188 | APIPermissionSet apis; |
[email protected] | 81327f1 | 2014-07-29 04:24:11 | [diff] [blame] | 189 | apis.insert(APIPermission::kNotifications); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 190 | URLPatternSet hosts; |
| 191 | AddPattern(&hosts, "http://*.c.com/*"); |
Karan Bhatia | 599a50b | 2018-02-03 04:56:30 | [diff] [blame] | 192 | URLPatternSet scriptable_hosts; |
| 193 | AddPattern(&scriptable_hosts, "http://*.example.com/*"); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 194 | |
rdevlin.cronin | e2d0fd0 | 2015-09-24 22:35:49 | [diff] [blame] | 195 | { |
| 196 | PermissionSet delta(apis, empty_manifest_permissions, hosts, |
Karan Bhatia | 599a50b | 2018-02-03 04:56:30 | [diff] [blame] | 197 | scriptable_hosts); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 198 | |
Karan Bhatia | 599a50b | 2018-02-03 04:56:30 | [diff] [blame] | 199 | PermissionsUpdaterListener listener; |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 200 | PermissionsUpdater(profile_.get()) |
| 201 | .GrantOptionalPermissions(*extension, delta); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 202 | |
Karan Bhatia | 599a50b | 2018-02-03 04:56:30 | [diff] [blame] | 203 | listener.Wait(); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 204 | |
Karan Bhatia | 599a50b | 2018-02-03 04:56:30 | [diff] [blame] | 205 | // Verify that the permission notification was sent correctly. |
| 206 | ASSERT_TRUE(listener.received_notification()); |
| 207 | ASSERT_EQ(extension.get(), listener.extension()); |
| 208 | ASSERT_EQ(UpdatedExtensionPermissionsInfo::ADDED, listener.reason()); |
| 209 | ASSERT_EQ(delta, *listener.permissions()); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 210 | |
Karan Bhatia | 599a50b | 2018-02-03 04:56:30 | [diff] [blame] | 211 | // Make sure the extension's active permissions reflect the change. |
| 212 | active_permissions = PermissionSet::CreateUnion(default_permissions, delta); |
| 213 | ASSERT_EQ(*active_permissions, |
| 214 | extension->permissions_data()->active_permissions()); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 215 | |
Karan Bhatia | 599a50b | 2018-02-03 04:56:30 | [diff] [blame] | 216 | // Verify that the new granted and active permissions were also stored |
| 217 | // in the extension preferences. In this case, the granted permissions |
| 218 | // should be equal to the active permissions. |
| 219 | ASSERT_EQ(*active_permissions, |
| 220 | *prefs->GetActivePermissions(extension->id())); |
| 221 | granted_permissions = active_permissions->Clone(); |
| 222 | ASSERT_EQ(*granted_permissions, |
| 223 | *prefs->GetGrantedPermissions(extension->id())); |
rdevlin.cronin | e2d0fd0 | 2015-09-24 22:35:49 | [diff] [blame] | 224 | } |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 225 | |
rdevlin.cronin | e2d0fd0 | 2015-09-24 22:35:49 | [diff] [blame] | 226 | { |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 227 | // In the second part of the test, we'll remove the permissions that we |
| 228 | // just added except for 'notifications'. |
| 229 | apis.erase(APIPermission::kNotifications); |
| 230 | PermissionSet delta(apis, empty_manifest_permissions, hosts, |
| 231 | scriptable_hosts); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 232 | |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 233 | PermissionsUpdaterListener listener; |
| 234 | PermissionsUpdater(profile_.get()) |
| 235 | .RevokeOptionalPermissions(*extension, delta, |
| 236 | PermissionsUpdater::REMOVE_SOFT); |
| 237 | listener.Wait(); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 238 | |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 239 | // Verify that the notification was correct. |
| 240 | ASSERT_TRUE(listener.received_notification()); |
| 241 | ASSERT_EQ(extension.get(), listener.extension()); |
| 242 | ASSERT_EQ(UpdatedExtensionPermissionsInfo::REMOVED, listener.reason()); |
| 243 | ASSERT_EQ(delta, *listener.permissions()); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 244 | |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 245 | // Make sure the extension's active permissions reflect the change. |
| 246 | active_permissions = |
| 247 | PermissionSet::CreateDifference(*active_permissions, delta); |
| 248 | ASSERT_EQ(*active_permissions, |
| 249 | extension->permissions_data()->active_permissions()); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 250 | |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 251 | // Verify that the extension prefs hold the new active permissions and the |
| 252 | // same granted permissions. |
| 253 | ASSERT_EQ(*active_permissions, |
| 254 | *prefs->GetActivePermissions(extension->id())); |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 255 | |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 256 | ASSERT_EQ(*granted_permissions, |
| 257 | *prefs->GetGrantedPermissions(extension->id())); |
rdevlin.cronin | e2d0fd0 | 2015-09-24 22:35:49 | [diff] [blame] | 258 | } |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 259 | } |
| 260 | |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 261 | TEST_F(PermissionsUpdaterTest, RevokingPermissions) { |
| 262 | InitializeEmptyExtensionService(); |
| 263 | |
| 264 | ExtensionPrefs* prefs = ExtensionPrefs::Get(profile()); |
| 265 | |
| 266 | auto api_permission_set = [](APIPermission::ID id) { |
| 267 | APIPermissionSet apis; |
| 268 | apis.insert(id); |
Jinho Bang | b5216cec | 2018-01-17 19:43:11 | [diff] [blame] | 269 | return std::make_unique<PermissionSet>(apis, ManifestPermissionSet(), |
ricea | 91d6fc12 | 2016-08-30 08:47:14 | [diff] [blame] | 270 | URLPatternSet(), URLPatternSet()); |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 271 | }; |
| 272 | |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 273 | auto can_access_page = |
| 274 | [](scoped_refptr<const extensions::Extension> extension, |
| 275 | const GURL& document_url) -> bool { |
Devlin Cronin | 3e532b8 | 2018-05-03 21:27:19 | [diff] [blame] | 276 | PermissionsData::PageAccess access = |
Devlin Cronin | 5cb43783 | 2018-05-17 20:14:41 | [diff] [blame] | 277 | extension->permissions_data()->GetPageAccess(document_url, -1, nullptr); |
Devlin Cronin | 3e532b8 | 2018-05-03 21:27:19 | [diff] [blame] | 278 | return access == PermissionsData::PageAccess::kAllowed; |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 279 | }; |
| 280 | |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 281 | { |
| 282 | // Test revoking optional permissions. |
| 283 | ListBuilder optional_permissions; |
| 284 | optional_permissions.Append("tabs").Append("cookies").Append("management"); |
| 285 | ListBuilder required_permissions; |
| 286 | required_permissions.Append("topSites"); |
| 287 | scoped_refptr<const Extension> extension = |
| 288 | CreateExtensionWithOptionalPermissions(optional_permissions.Build(), |
| 289 | required_permissions.Build(), |
| 290 | "My Extension"); |
| 291 | |
| 292 | PermissionsUpdater updater(profile()); |
| 293 | EXPECT_TRUE(updater.GetRevokablePermissions(extension.get())->IsEmpty()); |
| 294 | |
| 295 | // Add the optional "cookies" permission. |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 296 | updater.GrantOptionalPermissions( |
| 297 | *extension, *api_permission_set(APIPermission::kCookie)); |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 298 | const PermissionsData* permissions = extension->permissions_data(); |
| 299 | // The extension should have the permission in its active permissions and |
| 300 | // its granted permissions (stored in prefs). And, the permission should |
| 301 | // be revokable. |
| 302 | EXPECT_TRUE(permissions->HasAPIPermission(APIPermission::kCookie)); |
dcheng | c963c714 | 2016-04-08 03:55:22 | [diff] [blame] | 303 | std::unique_ptr<const PermissionSet> granted_permissions = |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 304 | prefs->GetGrantedPermissions(extension->id()); |
| 305 | EXPECT_TRUE(granted_permissions->HasAPIPermission(APIPermission::kCookie)); |
| 306 | EXPECT_TRUE(updater.GetRevokablePermissions(extension.get()) |
| 307 | ->HasAPIPermission(APIPermission::kCookie)); |
| 308 | |
| 309 | // Repeat with "tabs". |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 310 | updater.GrantOptionalPermissions(*extension, |
| 311 | *api_permission_set(APIPermission::kTab)); |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 312 | EXPECT_TRUE(permissions->HasAPIPermission(APIPermission::kTab)); |
| 313 | granted_permissions = prefs->GetGrantedPermissions(extension->id()); |
| 314 | EXPECT_TRUE(granted_permissions->HasAPIPermission(APIPermission::kTab)); |
| 315 | EXPECT_TRUE(updater.GetRevokablePermissions(extension.get()) |
| 316 | ->HasAPIPermission(APIPermission::kTab)); |
| 317 | |
| 318 | // Remove the "tabs" permission. The extension should no longer have it |
| 319 | // in its active or granted permissions, and it shouldn't be revokable. |
| 320 | // The extension should still have the "cookies" permission. |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 321 | updater.RevokeOptionalPermissions(*extension, |
| 322 | *api_permission_set(APIPermission::kTab), |
| 323 | PermissionsUpdater::REMOVE_HARD); |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 324 | EXPECT_FALSE(permissions->HasAPIPermission(APIPermission::kTab)); |
| 325 | granted_permissions = prefs->GetGrantedPermissions(extension->id()); |
| 326 | EXPECT_FALSE(granted_permissions->HasAPIPermission(APIPermission::kTab)); |
| 327 | EXPECT_FALSE(updater.GetRevokablePermissions(extension.get()) |
| 328 | ->HasAPIPermission(APIPermission::kTab)); |
| 329 | EXPECT_TRUE(permissions->HasAPIPermission(APIPermission::kCookie)); |
| 330 | granted_permissions = prefs->GetGrantedPermissions(extension->id()); |
| 331 | EXPECT_TRUE(granted_permissions->HasAPIPermission(APIPermission::kCookie)); |
| 332 | EXPECT_TRUE(updater.GetRevokablePermissions(extension.get()) |
| 333 | ->HasAPIPermission(APIPermission::kCookie)); |
| 334 | } |
| 335 | |
| 336 | { |
nrpeter | e33d2a5b | 2017-04-25 00:12:31 | [diff] [blame] | 337 | // Make sure policy restriction updates update permission data. |
| 338 | URLPatternSet default_policy_blocked_hosts; |
| 339 | URLPatternSet default_policy_allowed_hosts; |
| 340 | URLPatternSet policy_blocked_hosts; |
| 341 | URLPatternSet policy_allowed_hosts; |
| 342 | ListBuilder optional_permissions; |
| 343 | ListBuilder required_permissions; |
| 344 | required_permissions.Append("tabs").Append("http://*/*"); |
| 345 | scoped_refptr<const Extension> extension = |
| 346 | CreateExtensionWithOptionalPermissions(optional_permissions.Build(), |
| 347 | required_permissions.Build(), |
| 348 | "ExtensionSettings"); |
| 349 | AddPattern(&default_policy_blocked_hosts, "http://*.google.com/*"); |
| 350 | PermissionsUpdater updater(profile()); |
| 351 | updater.InitializePermissions(extension.get()); |
| 352 | extension->permissions_data()->SetDefaultPolicyHostRestrictions( |
| 353 | default_policy_blocked_hosts, default_policy_allowed_hosts); |
| 354 | |
| 355 | // By default, all subdomains of google.com should be blocked. |
| 356 | const GURL kOrigin("http://foo.com"); |
| 357 | const GURL kGoogle("http://www.google.com"); |
| 358 | const GURL kExampleGoogle("http://example.google.com"); |
| 359 | EXPECT_TRUE( |
| 360 | extension->permissions_data()->UsesDefaultPolicyHostRestrictions()); |
| 361 | EXPECT_TRUE(can_access_page(extension, kOrigin)); |
| 362 | EXPECT_FALSE(can_access_page(extension, kGoogle)); |
| 363 | EXPECT_FALSE(can_access_page(extension, kExampleGoogle)); |
| 364 | |
| 365 | AddPattern(&default_policy_allowed_hosts, "http://example.google.com/*"); |
| 366 | // Give the extension access to example.google.com. Now the |
| 367 | // example.google.com should not be a runtime blocked host. |
| 368 | updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts, |
| 369 | default_policy_allowed_hosts); |
| 370 | |
| 371 | EXPECT_TRUE( |
| 372 | extension->permissions_data()->UsesDefaultPolicyHostRestrictions()); |
| 373 | EXPECT_TRUE(can_access_page(extension, kOrigin)); |
| 374 | EXPECT_FALSE(can_access_page(extension, kGoogle)); |
| 375 | EXPECT_TRUE(can_access_page(extension, kExampleGoogle)); |
| 376 | |
| 377 | // Revoke extension access to foo.com. Now, foo.com should be a runtime |
| 378 | // blocked host. |
| 379 | AddPattern(&default_policy_blocked_hosts, "*://*.foo.com/"); |
| 380 | updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts, |
| 381 | default_policy_allowed_hosts); |
| 382 | EXPECT_TRUE( |
| 383 | extension->permissions_data()->UsesDefaultPolicyHostRestrictions()); |
| 384 | EXPECT_FALSE(can_access_page(extension, kOrigin)); |
| 385 | EXPECT_FALSE(can_access_page(extension, kGoogle)); |
| 386 | EXPECT_TRUE(can_access_page(extension, kExampleGoogle)); |
| 387 | |
| 388 | // Remove foo.com from blocked hosts. The extension should no longer have |
| 389 | // be a runtime blocked host. |
| 390 | default_policy_blocked_hosts.ClearPatterns(); |
| 391 | AddPattern(&default_policy_blocked_hosts, "*://*.foo.com/"); |
| 392 | updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts, |
| 393 | default_policy_allowed_hosts); |
| 394 | EXPECT_TRUE( |
| 395 | extension->permissions_data()->UsesDefaultPolicyHostRestrictions()); |
| 396 | EXPECT_FALSE(can_access_page(extension, kOrigin)); |
| 397 | EXPECT_TRUE(can_access_page(extension, kGoogle)); |
| 398 | EXPECT_TRUE(can_access_page(extension, kExampleGoogle)); |
| 399 | |
| 400 | // Set an empty individual policy, should not affect default policy. |
| 401 | updater.SetPolicyHostRestrictions(extension.get(), policy_blocked_hosts, |
| 402 | policy_allowed_hosts); |
| 403 | EXPECT_FALSE( |
| 404 | extension->permissions_data()->UsesDefaultPolicyHostRestrictions()); |
| 405 | EXPECT_TRUE(can_access_page(extension, kOrigin)); |
| 406 | EXPECT_TRUE(can_access_page(extension, kGoogle)); |
| 407 | EXPECT_TRUE(can_access_page(extension, kExampleGoogle)); |
| 408 | |
| 409 | // Block google.com for the Individual scope. |
| 410 | // Whitelist example.google.com for the Indiviaul scope. |
| 411 | // Leave google.com and example.google.com off both the whitelist and |
| 412 | // blacklist for Default scope. |
| 413 | AddPattern(&policy_blocked_hosts, "*://*.google.com/*"); |
| 414 | AddPattern(&policy_allowed_hosts, "*://example.google.com/*"); |
| 415 | updater.SetPolicyHostRestrictions(extension.get(), policy_blocked_hosts, |
| 416 | policy_allowed_hosts); |
| 417 | EXPECT_FALSE( |
| 418 | extension->permissions_data()->UsesDefaultPolicyHostRestrictions()); |
| 419 | EXPECT_TRUE(can_access_page(extension, kOrigin)); |
| 420 | EXPECT_FALSE(can_access_page(extension, kGoogle)); |
| 421 | EXPECT_TRUE(can_access_page(extension, kExampleGoogle)); |
| 422 | |
| 423 | // Switch back to default scope for extension. |
| 424 | updater.SetUsesDefaultHostRestrictions(extension.get()); |
| 425 | EXPECT_TRUE( |
| 426 | extension->permissions_data()->UsesDefaultPolicyHostRestrictions()); |
| 427 | default_policy_blocked_hosts.ClearPatterns(); |
| 428 | default_policy_allowed_hosts.ClearPatterns(); |
| 429 | updater.SetDefaultPolicyHostRestrictions(default_policy_blocked_hosts, |
| 430 | default_policy_allowed_hosts); |
| 431 | } |
rdevlin.cronin | 77cb0ef | 2015-09-16 17:03:48 | [diff] [blame] | 432 | } |
| 433 | |
isandrk | 80e3eb9 | 2017-04-12 15:22:14 | [diff] [blame] | 434 | // Test that the permissions updater delegate works - in this test it removes |
| 435 | // the cookies permission. |
| 436 | TEST_F(PermissionsUpdaterTest, Delegate) { |
| 437 | InitializeEmptyExtensionService(); |
| 438 | |
| 439 | ListBuilder required_permissions; |
| 440 | required_permissions.Append("tabs").Append("management").Append("cookies"); |
| 441 | scoped_refptr<const Extension> extension = |
| 442 | CreateExtensionWithOptionalPermissions( |
Jinho Bang | b5216cec | 2018-01-17 19:43:11 | [diff] [blame] | 443 | std::make_unique<base::ListValue>(), required_permissions.Build(), |
isandrk | 80e3eb9 | 2017-04-12 15:22:14 | [diff] [blame] | 444 | "My Extension"); |
| 445 | |
Ivan Sandrk | e2b20c6 | 2018-09-10 16:23:53 | [diff] [blame] | 446 | PermissionsUpdater::SetPlatformDelegate( |
| 447 | std::make_unique<PermissionsUpdaterTestDelegate>()); |
isandrk | 80e3eb9 | 2017-04-12 15:22:14 | [diff] [blame] | 448 | PermissionsUpdater updater(profile()); |
| 449 | updater.InitializePermissions(extension.get()); |
| 450 | |
| 451 | EXPECT_TRUE(extension->permissions_data()->HasAPIPermission( |
| 452 | APIPermission::kTab)); |
| 453 | EXPECT_TRUE(extension->permissions_data()->HasAPIPermission( |
| 454 | APIPermission::kManagement)); |
| 455 | EXPECT_FALSE(extension->permissions_data()->HasAPIPermission( |
| 456 | APIPermission::kCookie)); |
| 457 | |
| 458 | // Unset the delegate. |
| 459 | PermissionsUpdater::SetPlatformDelegate(nullptr); |
| 460 | } |
| 461 | |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 462 | TEST_F(PermissionsUpdaterTest, |
| 463 | UpdatingRuntimeGrantedPermissionsWithOptionalPermissions) { |
Devlin Cronin | e90eacf | 2018-06-07 17:23:45 | [diff] [blame] | 464 | InitializeEmptyExtensionService(); |
| 465 | |
| 466 | scoped_refptr<const Extension> extension = |
| 467 | ExtensionBuilder("extension") |
| 468 | .SetManifestKey("optional_permissions", |
| 469 | extensions::ListBuilder().Append("tabs").Build()) |
| 470 | .Build(); |
| 471 | |
| 472 | PermissionsUpdater updater(profile()); |
| 473 | updater.InitializePermissions(extension.get()); |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 474 | // Grant the active permissions, as if the extension had just been installed. |
| 475 | updater.GrantActivePermissions(extension.get()); |
Devlin Cronin | e90eacf | 2018-06-07 17:23:45 | [diff] [blame] | 476 | |
| 477 | ExtensionPrefs* prefs = ExtensionPrefs::Get(profile()); |
| 478 | |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 479 | // Initially, there should be no runtime-granted permissions or granted |
| 480 | // permissions. |
Devlin Cronin | e90eacf | 2018-06-07 17:23:45 | [diff] [blame] | 481 | EXPECT_TRUE(prefs->GetRuntimeGrantedPermissions(extension->id())->IsEmpty()); |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 482 | EXPECT_TRUE(prefs->GetGrantedPermissions(extension->id())->IsEmpty()); |
Devlin Cronin | e90eacf | 2018-06-07 17:23:45 | [diff] [blame] | 483 | |
| 484 | APIPermissionSet apis; |
| 485 | apis.insert(APIPermission::kTab); |
| 486 | PermissionSet optional_permissions(apis, ManifestPermissionSet(), |
| 487 | URLPatternSet(), URLPatternSet()); |
| 488 | |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 489 | // Granting permissions should update both runtime-granted permissions and |
| 490 | // granted permissions. |
| 491 | updater.GrantOptionalPermissions(*extension, optional_permissions); |
Devlin Cronin | e90eacf | 2018-06-07 17:23:45 | [diff] [blame] | 492 | EXPECT_EQ(optional_permissions, |
| 493 | *prefs->GetRuntimeGrantedPermissions(extension->id())); |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 494 | EXPECT_EQ(optional_permissions, |
| 495 | *prefs->GetGrantedPermissions(extension->id())); |
Devlin Cronin | e90eacf | 2018-06-07 17:23:45 | [diff] [blame] | 496 | |
| 497 | // Removing permissions with REMOVE_SOFT should not remove the permission |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 498 | // from runtime-granted permissions or granted permissions; this happens when |
| 499 | // the extension opts into lower privilege. |
| 500 | updater.RevokeOptionalPermissions(*extension, optional_permissions, |
| 501 | PermissionsUpdater::REMOVE_SOFT); |
Devlin Cronin | e90eacf | 2018-06-07 17:23:45 | [diff] [blame] | 502 | EXPECT_EQ(optional_permissions, |
| 503 | *prefs->GetRuntimeGrantedPermissions(extension->id())); |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 504 | EXPECT_EQ(optional_permissions, |
| 505 | *prefs->GetGrantedPermissions(extension->id())); |
Devlin Cronin | e90eacf | 2018-06-07 17:23:45 | [diff] [blame] | 506 | |
| 507 | // Removing permissions with REMOVE_HARD should remove the permission from |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 508 | // runtime-granted and granted permissions; this happens when the user chooses |
| 509 | // to revoke the permission. |
Devlin Cronin | e90eacf | 2018-06-07 17:23:45 | [diff] [blame] | 510 | // Note: we need to add back the permission first, so it shows up as a |
| 511 | // revokable permission. |
| 512 | // TODO(devlin): Inactive, but granted, permissions should be revokable. |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 513 | updater.GrantOptionalPermissions(*extension, optional_permissions); |
| 514 | updater.RevokeOptionalPermissions(*extension, optional_permissions, |
| 515 | PermissionsUpdater::REMOVE_HARD); |
Devlin Cronin | e90eacf | 2018-06-07 17:23:45 | [diff] [blame] | 516 | EXPECT_TRUE(prefs->GetRuntimeGrantedPermissions(extension->id())->IsEmpty()); |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 517 | EXPECT_TRUE(prefs->GetGrantedPermissions(extension->id())->IsEmpty()); |
| 518 | } |
| 519 | |
| 520 | TEST_F(PermissionsUpdaterTest, |
| 521 | UpdatingRuntimeGrantedPermissionsWithRuntimePermissions) { |
| 522 | base::test::ScopedFeatureList scoped_feature_list; |
Mostyn Bramley-Moore | b6a37c6 | 2018-09-04 21:43:35 | [diff] [blame] | 523 | scoped_feature_list.InitAndEnableFeature( |
| 524 | extensions_features::kRuntimeHostPermissions); |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 525 | |
| 526 | InitializeEmptyExtensionService(); |
| 527 | |
| 528 | scoped_refptr<const Extension> extension = |
| 529 | ExtensionBuilder("extension").AddPermission("*://*/*").Build(); |
| 530 | |
| 531 | PermissionsUpdater updater(profile()); |
| 532 | updater.InitializePermissions(extension.get()); |
| 533 | // Grant the active permissions, as if the extension had just been installed. |
| 534 | updater.GrantActivePermissions(extension.get()); |
| 535 | ScriptingPermissionsModifier(profile(), extension) |
| 536 | .SetWithholdHostPermissions(true); |
| 537 | |
| 538 | ExtensionPrefs* prefs = ExtensionPrefs::Get(profile()); |
| 539 | |
| 540 | // Initially, there should be no runtime-granted permissions. |
| 541 | EXPECT_TRUE(prefs->GetRuntimeGrantedPermissions(extension->id())->IsEmpty()); |
| 542 | std::unique_ptr<const PermissionSet> initial_granted_permissions = |
| 543 | prefs->GetGrantedPermissions(extension->id()); |
| 544 | // Granted permissions should contain the required permissions from the |
| 545 | // extension. |
| 546 | EXPECT_TRUE(initial_granted_permissions->explicit_hosts().ContainsPattern( |
| 547 | URLPattern(Extension::kValidHostPermissionSchemes, "*://*/*"))); |
| 548 | |
| 549 | URLPatternSet explicit_hosts({URLPattern( |
| 550 | Extension::kValidHostPermissionSchemes, "https://example.com/*")}); |
| 551 | PermissionSet runtime_granted_permissions(APIPermissionSet(), |
| 552 | ManifestPermissionSet(), |
| 553 | explicit_hosts, URLPatternSet()); |
| 554 | |
| 555 | // Granting runtime-granted permissions should update the runtime granted |
| 556 | // permissions store in preferences, but *not* granted permissions in |
| 557 | // preferences. |
| 558 | updater.GrantRuntimePermissions(*extension, runtime_granted_permissions); |
| 559 | EXPECT_EQ(runtime_granted_permissions, |
| 560 | *prefs->GetRuntimeGrantedPermissions(extension->id())); |
| 561 | EXPECT_EQ(*initial_granted_permissions, |
| 562 | *prefs->GetGrantedPermissions(extension->id())); |
| 563 | |
| 564 | // Removing runtime-granted permissions should not remove the permission |
| 565 | // from runtime-granted permissions; granted permissions should remain |
| 566 | // unchanged. |
| 567 | updater.RevokeRuntimePermissions(*extension, runtime_granted_permissions); |
| 568 | |
| 569 | EXPECT_TRUE(prefs->GetRuntimeGrantedPermissions(extension->id())->IsEmpty()); |
| 570 | EXPECT_EQ(*initial_granted_permissions, |
| 571 | *prefs->GetGrantedPermissions(extension->id())); |
Devlin Cronin | e90eacf | 2018-06-07 17:23:45 | [diff] [blame] | 572 | } |
| 573 | |
Devlin Cronin | c583070 | 2018-07-03 00:26:16 | [diff] [blame] | 574 | TEST_F(PermissionsUpdaterTest, RevokingPermissionsWithRuntimeHostPermissions) { |
| 575 | base::test::ScopedFeatureList scoped_feature_list; |
Mostyn Bramley-Moore | b6a37c6 | 2018-09-04 21:43:35 | [diff] [blame] | 576 | scoped_feature_list.InitAndEnableFeature( |
| 577 | extensions_features::kRuntimeHostPermissions); |
Devlin Cronin | c583070 | 2018-07-03 00:26:16 | [diff] [blame] | 578 | |
| 579 | InitializeEmptyExtensionService(); |
| 580 | |
| 581 | constexpr struct { |
| 582 | const char* permission; |
| 583 | const char* test_url; |
| 584 | } test_cases[] = { |
| 585 | {"http://*/*", "http://foo.com"}, |
| 586 | {"http://google.com/*", "http://google.com"}, |
| 587 | }; |
| 588 | |
| 589 | for (const auto& test_case : test_cases) { |
| 590 | std::string test_name = |
| 591 | base::StringPrintf("%s, %s", test_case.permission, test_case.test_url); |
| 592 | SCOPED_TRACE(test_name); |
| 593 | scoped_refptr<const Extension> extension = |
| 594 | CreateExtensionWithOptionalPermissions( |
| 595 | std::make_unique<base::ListValue>(), |
| 596 | ListBuilder().Append(test_case.permission).Build(), test_name); |
| 597 | PermissionsUpdater updater(profile()); |
| 598 | updater.InitializePermissions(extension.get()); |
| 599 | |
| 600 | ScriptingPermissionsModifier(profile(), extension) |
| 601 | .SetWithholdHostPermissions(true); |
| 602 | |
| 603 | // Host access was withheld, so the extension shouldn't have access to the |
| 604 | // test site. |
| 605 | const GURL kOrigin(test_case.test_url); |
| 606 | |
| 607 | EXPECT_FALSE(extension->permissions_data() |
| 608 | ->active_permissions() |
| 609 | .HasExplicitAccessToOrigin(kOrigin)); |
| 610 | EXPECT_TRUE(updater.GetRevokablePermissions(extension.get())->IsEmpty()); |
| 611 | EXPECT_TRUE(extension->permissions_data() |
| 612 | ->withheld_permissions() |
| 613 | .HasExplicitAccessToOrigin(kOrigin)); |
| 614 | |
| 615 | URLPatternSet url_pattern_set; |
| 616 | url_pattern_set.AddOrigin(URLPattern::SCHEME_ALL, kOrigin); |
| 617 | const PermissionSet permission_set(APIPermissionSet(), |
| 618 | ManifestPermissionSet(), url_pattern_set, |
| 619 | URLPatternSet()); |
| 620 | // Give the extension access to the test site. Now, the test site permission |
| 621 | // should be revokable. |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 622 | updater.GrantRuntimePermissions(*extension, permission_set); |
Devlin Cronin | c583070 | 2018-07-03 00:26:16 | [diff] [blame] | 623 | EXPECT_TRUE(extension->permissions_data() |
| 624 | ->active_permissions() |
| 625 | .HasExplicitAccessToOrigin(kOrigin)); |
| 626 | EXPECT_TRUE(updater.GetRevokablePermissions(extension.get()) |
| 627 | ->HasExplicitAccessToOrigin(kOrigin)); |
| 628 | |
| 629 | // Revoke the test site permission. The extension should no longer have |
| 630 | // access to test site, and the revokable permissions should be empty. |
Devlin Cronin | 5218d26 | 2018-07-09 20:18:05 | [diff] [blame] | 631 | updater.RevokeOptionalPermissions(*extension, permission_set, |
| 632 | PermissionsUpdater::REMOVE_HARD); |
Devlin Cronin | c583070 | 2018-07-03 00:26:16 | [diff] [blame] | 633 | EXPECT_FALSE(extension->permissions_data() |
| 634 | ->active_permissions() |
| 635 | .HasExplicitAccessToOrigin(kOrigin)); |
| 636 | EXPECT_TRUE(extension->permissions_data() |
| 637 | ->withheld_permissions() |
| 638 | .HasExplicitAccessToOrigin(kOrigin)); |
| 639 | EXPECT_TRUE(updater.GetRevokablePermissions(extension.get())->IsEmpty()); |
| 640 | } |
| 641 | } |
| 642 | |
| 643 | TEST_F(PermissionsUpdaterTest, ChromeFaviconIsNotARevokableHost) { |
| 644 | base::test::ScopedFeatureList scoped_feature_list; |
Mostyn Bramley-Moore | b6a37c6 | 2018-09-04 21:43:35 | [diff] [blame] | 645 | scoped_feature_list.InitAndEnableFeature( |
| 646 | extensions_features::kRuntimeHostPermissions); |
Devlin Cronin | c583070 | 2018-07-03 00:26:16 | [diff] [blame] | 647 | |
| 648 | InitializeEmptyExtensionService(); |
| 649 | |
| 650 | URLPattern chrome_favicon_pattern(Extension::kValidHostPermissionSchemes, |
| 651 | "chrome://favicon/"); |
| 652 | |
| 653 | { |
| 654 | scoped_refptr<const Extension> extension = |
| 655 | ExtensionBuilder("favicon extension") |
| 656 | .AddPermissions({"https://example.com/*", "chrome://favicon/*"}) |
| 657 | .Build(); |
| 658 | URLPattern example_com_pattern(Extension::kValidHostPermissionSchemes, |
| 659 | "https://example.com/*"); |
| 660 | PermissionsUpdater updater(profile()); |
| 661 | updater.InitializePermissions(extension.get()); |
| 662 | |
| 663 | // To start, the extension should have both example.com and chrome://favicon |
| 664 | // permissions. |
| 665 | EXPECT_TRUE(extension->permissions_data() |
| 666 | ->active_permissions() |
| 667 | .explicit_hosts() |
| 668 | .ContainsPattern(chrome_favicon_pattern)); |
| 669 | EXPECT_TRUE(extension->permissions_data() |
| 670 | ->active_permissions() |
| 671 | .explicit_hosts() |
| 672 | .ContainsPattern(example_com_pattern)); |
| 673 | |
| 674 | // Only example.com should be revokable - chrome://favicon is not a real |
| 675 | // host permission. |
| 676 | std::unique_ptr<const PermissionSet> revokable_permissions = |
| 677 | updater.GetRevokablePermissions(extension.get()); |
| 678 | EXPECT_FALSE(revokable_permissions->explicit_hosts().ContainsPattern( |
| 679 | chrome_favicon_pattern)); |
| 680 | EXPECT_TRUE(revokable_permissions->explicit_hosts().ContainsPattern( |
| 681 | example_com_pattern)); |
| 682 | |
| 683 | // Withholding host permissions shouldn't withhold example.com. |
| 684 | ScriptingPermissionsModifier(profile(), extension) |
| 685 | .SetWithholdHostPermissions(true); |
| 686 | EXPECT_TRUE(extension->permissions_data() |
| 687 | ->active_permissions() |
| 688 | .explicit_hosts() |
| 689 | .ContainsPattern(chrome_favicon_pattern)); |
| 690 | EXPECT_FALSE(extension->permissions_data() |
| 691 | ->active_permissions() |
| 692 | .explicit_hosts() |
| 693 | .ContainsPattern(example_com_pattern)); |
| 694 | } |
| 695 | { |
| 696 | scoped_refptr<const Extension> extension = |
| 697 | ExtensionBuilder("all urls extension") |
| 698 | .AddPermission("<all_urls>") |
| 699 | .Build(); |
| 700 | URLPattern all_urls_pattern(Extension::kValidHostPermissionSchemes, |
| 701 | "<all_urls>"); |
| 702 | PermissionsUpdater updater(profile()); |
| 703 | updater.InitializePermissions(extension.get()); |
| 704 | |
| 705 | // <all_urls> (strangely) includes the chrome://favicon/ permission. |
| 706 | EXPECT_TRUE(extension->permissions_data() |
| 707 | ->active_permissions() |
| 708 | .explicit_hosts() |
| 709 | .ContainsPattern(chrome_favicon_pattern)); |
| 710 | EXPECT_TRUE(extension->permissions_data() |
| 711 | ->active_permissions() |
| 712 | .explicit_hosts() |
| 713 | .ContainsPattern(all_urls_pattern)); |
| 714 | |
| 715 | std::unique_ptr<const PermissionSet> revokable_permissions = |
| 716 | updater.GetRevokablePermissions(extension.get()); |
| 717 | // TODO(https://crbug.com/859600): <all_urls> will report containing |
| 718 | // chrome://favicon/, even though it shouldn't since the scheme doesn't |
| 719 | // match. |
| 720 | // EXPECT_FALSE(revokable_permissions->explicit_hosts().ContainsPattern( |
| 721 | // chrome_favicon_pattern)); |
| 722 | EXPECT_TRUE(revokable_permissions->explicit_hosts().ContainsPattern( |
| 723 | all_urls_pattern)); |
| 724 | |
| 725 | ScriptingPermissionsModifier(profile(), extension) |
| 726 | .SetWithholdHostPermissions(true); |
| 727 | EXPECT_TRUE(extension->permissions_data() |
| 728 | ->active_permissions() |
| 729 | .explicit_hosts() |
| 730 | .ContainsPattern(chrome_favicon_pattern)); |
| 731 | EXPECT_FALSE(extension->permissions_data() |
| 732 | ->active_permissions() |
| 733 | .explicit_hosts() |
| 734 | .ContainsPattern(all_urls_pattern)); |
| 735 | } |
| 736 | } |
| 737 | |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 738 | // Tests runtime-granting permissions beyond what are explicitly requested by |
| 739 | // the extension. |
| 740 | TEST_F(PermissionsUpdaterTest, GrantingBroadRuntimePermissions) { |
| 741 | base::test::ScopedFeatureList scoped_feature_list; |
Mostyn Bramley-Moore | b6a37c6 | 2018-09-04 21:43:35 | [diff] [blame] | 742 | scoped_feature_list.InitAndEnableFeature( |
| 743 | extensions_features::kRuntimeHostPermissions); |
Devlin Cronin | 6b492eb | 2018-08-01 02:37:09 | [diff] [blame] | 744 | InitializeEmptyExtensionService(); |
| 745 | |
| 746 | scoped_refptr<const Extension> extension = |
| 747 | ExtensionBuilder("extension") |
| 748 | .AddPermission("https://maps.google.com/*") |
| 749 | .Build(); |
| 750 | |
| 751 | const URLPattern kMapsPattern(Extension::kValidHostPermissionSchemes, |
| 752 | "https://maps.google.com/*"); |
| 753 | const URLPattern kAllGooglePattern(Extension::kValidHostPermissionSchemes, |
| 754 | "https://*.google.com/*"); |
| 755 | |
| 756 | // Withhold host permissions. Effective hosts should be empty. |
| 757 | PermissionsUpdater updater(profile()); |
| 758 | updater.InitializePermissions(extension.get()); |
| 759 | ScriptingPermissionsModifier(profile(), extension) |
| 760 | .SetWithholdHostPermissions(true); |
| 761 | EXPECT_TRUE(extension->permissions_data() |
| 762 | ->active_permissions() |
| 763 | .effective_hosts() |
| 764 | .is_empty()); |
| 765 | |
| 766 | ExtensionPrefs* prefs = ExtensionPrefs::Get(profile()); |
| 767 | |
| 768 | { |
| 769 | // Verify initial state. The extension "active" permissions in preferences |
| 770 | // represent the permissions that would be active on the extension without |
| 771 | // the runtime host permissions feature. Thus, this should include the |
| 772 | // requested host permissions, and nothing more. |
| 773 | std::unique_ptr<const PermissionSet> active_prefs = |
| 774 | prefs->GetActivePermissions(extension->id()); |
| 775 | EXPECT_TRUE(active_prefs->effective_hosts().ContainsPattern(kMapsPattern)); |
| 776 | EXPECT_FALSE( |
| 777 | active_prefs->effective_hosts().ContainsPattern(kAllGooglePattern)); |
| 778 | |
| 779 | // Runtime granted permissions should not contain any permissions (all |
| 780 | // hosts are withheld). |
| 781 | std::unique_ptr<const PermissionSet> runtime_granted_prefs = |
| 782 | prefs->GetRuntimeGrantedPermissions(extension->id()); |
| 783 | EXPECT_FALSE( |
| 784 | runtime_granted_prefs->effective_hosts().ContainsPattern(kMapsPattern)); |
| 785 | EXPECT_FALSE(runtime_granted_prefs->effective_hosts().ContainsPattern( |
| 786 | kAllGooglePattern)); |
| 787 | } |
| 788 | |
| 789 | // Grant permission to all google.com domains. |
| 790 | const PermissionSet runtime_permissions( |
| 791 | APIPermissionSet(), ManifestPermissionSet(), |
| 792 | URLPatternSet({kAllGooglePattern}), URLPatternSet()); |
| 793 | updater.GrantRuntimePermissions(*extension, runtime_permissions); |
| 794 | |
| 795 | // The extension object's permission should never include un-requested |
| 796 | // permissions, so it should only include maps.google.com. |
| 797 | EXPECT_TRUE(extension->permissions_data() |
| 798 | ->active_permissions() |
| 799 | .effective_hosts() |
| 800 | .ContainsPattern(kMapsPattern)); |
| 801 | EXPECT_FALSE(extension->permissions_data() |
| 802 | ->active_permissions() |
| 803 | .effective_hosts() |
| 804 | .ContainsPattern(kAllGooglePattern)); |
| 805 | |
| 806 | { |
| 807 | // The active permissions in preferences should reflect the extension's |
| 808 | // permission state without the runtime host permissions feature, so should |
| 809 | // still include exactly the requested permissions. |
| 810 | std::unique_ptr<const PermissionSet> active_prefs = |
| 811 | prefs->GetActivePermissions(extension->id()); |
| 812 | EXPECT_TRUE(active_prefs->effective_hosts().ContainsPattern(kMapsPattern)); |
| 813 | EXPECT_FALSE( |
| 814 | active_prefs->effective_hosts().ContainsPattern(kAllGooglePattern)); |
| 815 | // The runtime-granted permissions should include all permissions that have |
| 816 | // been granted, which in this case includes google.com subdomains. |
| 817 | std::unique_ptr<const PermissionSet> runtime_granted_prefs = |
| 818 | prefs->GetRuntimeGrantedPermissions(extension->id()); |
| 819 | EXPECT_TRUE( |
| 820 | runtime_granted_prefs->effective_hosts().ContainsPattern(kMapsPattern)); |
| 821 | EXPECT_TRUE(runtime_granted_prefs->effective_hosts().ContainsPattern( |
| 822 | kAllGooglePattern)); |
| 823 | } |
| 824 | |
| 825 | // Revoke the host permission. |
| 826 | updater.RevokeRuntimePermissions(*extension, runtime_permissions); |
| 827 | |
| 828 | EXPECT_FALSE(extension->permissions_data() |
| 829 | ->active_permissions() |
| 830 | .effective_hosts() |
| 831 | .ContainsPattern(kMapsPattern)); |
| 832 | |
| 833 | { |
| 834 | // Active permissions in the preferences should remain constant (unaffected |
| 835 | // by the runtime host permissions feature). |
| 836 | std::unique_ptr<const PermissionSet> active_prefs = |
| 837 | prefs->GetActivePermissions(extension->id()); |
| 838 | EXPECT_TRUE(active_prefs->effective_hosts().ContainsPattern(kMapsPattern)); |
| 839 | EXPECT_FALSE( |
| 840 | active_prefs->effective_hosts().ContainsPattern(kAllGooglePattern)); |
| 841 | // The runtime granted preferences should be empty again. |
| 842 | std::unique_ptr<const PermissionSet> runtime_granted_prefs = |
| 843 | prefs->GetRuntimeGrantedPermissions(extension->id()); |
| 844 | EXPECT_FALSE( |
| 845 | runtime_granted_prefs->effective_hosts().ContainsPattern(kMapsPattern)); |
| 846 | EXPECT_FALSE(runtime_granted_prefs->effective_hosts().ContainsPattern( |
| 847 | kAllGooglePattern)); |
| 848 | } |
| 849 | } |
| 850 | |
[email protected] | c333e79 | 2012-01-06 16:57:39 | [diff] [blame] | 851 | } // namespace extensions |