Move RuntimeData and related permissions out of Extension class

chrome/common/extensions/permissions/permissions_data_unittest.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <vector>
+
 #include "base/command_line.h"
-#include "base/file_util.h"
-#include "base/format_macros.h"
-#include "base/path_service.h"
-#include "base/stringprintf.h"
-#include "base/strings/string_number_conversions.h"
-#include "base/utf_string_conversions.h"
-#include "chrome/common/chrome_paths.h"
+#include "base/memory/ref_counted.h"
+#include "base/string16.h"
+#include "base/strings/utf_string_conversions.h"
 #include "chrome/common/chrome_switches.h"
-#include "chrome/common/extensions/command.h"
+#include "chrome/common/chrome_version_info.h"
 #include "chrome/common/extensions/extension.h"
-#include "chrome/common/extensions/extension_file_util.h"
 #include "chrome/common/extensions/extension_manifest_constants.h"
 #include "chrome/common/extensions/extension_test_util.h"
 #include "chrome/common/extensions/features/feature.h"
-#include "chrome/common/extensions/manifest.h"
-#include "chrome/common/extensions/manifest_handlers/content_scripts_handler.h"
 #include "chrome/common/extensions/permissions/api_permission.h"
 #include "chrome/common/extensions/permissions/permission_set.h"
+#include "chrome/common/extensions/permissions/permissions_data.h"
 #include "chrome/common/extensions/permissions/socket_permission.h"
-#include "chrome/common/extensions/permissions/usb_device_permission.h"
-#include "chrome/common/url_constants.h"
+#include "content/public/common/socket_permission_request.h"
 #include "extensions/common/error_utils.h"
-#include "extensions/common/extension_resource.h"
 #include "extensions/common/id_util.h"
-#include "googleurl/src/gurl.h"
-#include "net/base/mime_sniffer.h"
-#include "net/dns/mock_host_resolver.h"
-#include "skia/ext/image_operations.h"
+#include "extensions/common/url_pattern_set.h"
 #include "testing/gtest/include/gtest/gtest.h"
-#include "third_party/skia/include/core/SkBitmap.h"
-#include "ui/gfx/codec/png_codec.h"
 
 using content::SocketPermissionRequest;
 using extension_test_util::LoadManifest;
 using extension_test_util::LoadManifestUnchecked;
 using extension_test_util::LoadManifestStrict;
 
-namespace keys = extension_manifest_keys;
-namespace values = extension_manifest_values;
-namespace errors = extension_manifest_errors;
-
 namespace extensions {
 
-// We persist location values in the preferences, so this is a sanity test that
-// someone doesn't accidentally change them.
-TEST(ExtensionTest, LocationValuesTest) {
-  ASSERT_EQ(0, Manifest::INVALID_LOCATION);
-  ASSERT_EQ(1, Manifest::INTERNAL);
-  ASSERT_EQ(2, Manifest::EXTERNAL_PREF);
-  ASSERT_EQ(3, Manifest::EXTERNAL_REGISTRY);
-  ASSERT_EQ(4, Manifest::UNPACKED);
-  ASSERT_EQ(5, Manifest::COMPONENT);
-  ASSERT_EQ(6, Manifest::EXTERNAL_PREF_DOWNLOAD);
-  ASSERT_EQ(7, Manifest::EXTERNAL_POLICY_DOWNLOAD);
-  ASSERT_EQ(8, Manifest::COMMAND_LINE);
+namespace {
+
+bool CheckSocketPermission(
+    scoped_refptr<Extension> extension,
+    SocketPermissionRequest::OperationType type,
+    const char* host,
+    int port) {
+  SocketPermission::CheckParam param(type, host, port);
+  return PermissionsData::CheckAPIPermissionWithParam(
+      extension, APIPermission::kSocket, &param);
 }
 
-TEST(ExtensionTest, LocationPriorityTest) {
-  for (int i = 0; i < Manifest::NUM_LOCATIONS; i++) {
-    Manifest::Location loc = static_cast<Manifest::Location>(i);
+}  // namespace
 
-    // INVALID is not a valid location.
-    if (loc == Manifest::INVALID_LOCATION)
-      continue;
-
-    // Comparing a location that has no rank will hit a CHECK. Do a
-    // compare with every valid location, to be sure each one is covered.
-
-    // Check that no install source can override a componenet extension.
-    ASSERT_EQ(Manifest::COMPONENT,
-              Manifest::GetHigherPriorityLocation(Manifest::COMPONENT, loc));
-    ASSERT_EQ(Manifest::COMPONENT,
-              Manifest::GetHigherPriorityLocation(loc, Manifest::COMPONENT));
-
-    // Check that any source can override a user install. This might change
-    // in the future, in which case this test should be updated.
-    ASSERT_EQ(loc,
-              Manifest::GetHigherPriorityLocation(Manifest::INTERNAL, loc));
-    ASSERT_EQ(loc,
-              Manifest::GetHigherPriorityLocation(loc, Manifest::INTERNAL));
-  }
-
-  // Check a few interesting cases that we know can happen:
-  ASSERT_EQ(Manifest::EXTERNAL_POLICY_DOWNLOAD,
-            Manifest::GetHigherPriorityLocation(
-                Manifest::EXTERNAL_POLICY_DOWNLOAD,
-                Manifest::EXTERNAL_PREF));
-
-  ASSERT_EQ(Manifest::EXTERNAL_PREF,
-            Manifest::GetHigherPriorityLocation(
-                Manifest::INTERNAL,
-                Manifest::EXTERNAL_PREF));
-}
-
-TEST(ExtensionTest, GetResourceURLAndPath) {
-  scoped_refptr<Extension> extension = LoadManifestStrict("empty_manifest",
-      "empty.json");
-  EXPECT_TRUE(extension.get());
-
-  EXPECT_EQ(extension->url().spec() + "bar/baz.js",
-            Extension::GetResourceURL(extension->url(), "bar/baz.js").spec());
-  EXPECT_EQ(extension->url().spec() + "baz.js",
-            Extension::GetResourceURL(extension->url(),
-                                      "bar/../baz.js").spec());
-  EXPECT_EQ(extension->url().spec() + "baz.js",
-            Extension::GetResourceURL(extension->url(), "../baz.js").spec());
-
-  // Test that absolute-looking paths ("/"-prefixed) are pasted correctly.
-  EXPECT_EQ(extension->url().spec() + "test.html",
-            extension->GetResourceURL("/test.html").spec());
-}
-
-TEST(ExtensionTest, GetAbsolutePathNoError) {
-  scoped_refptr<Extension> extension = LoadManifestStrict("absolute_path",
-      "absolute.json");
-  EXPECT_TRUE(extension.get());
-  std::string err;
-  std::vector<InstallWarning> warnings;
-  EXPECT_TRUE(extension_file_util::ValidateExtension(extension.get(),
-                                                     &err, &warnings));
-  EXPECT_EQ(0U, warnings.size());
-
-  EXPECT_EQ(extension->path().AppendASCII("test.html").value(),
-            extension->GetResource("test.html").GetFilePath().value());
-  EXPECT_EQ(extension->path().AppendASCII("test.js").value(),
-            extension->GetResource("test.js").GetFilePath().value());
-}
-
-
-TEST(ExtensionTest, IdIsValid) {
-  EXPECT_TRUE(Extension::IdIsValid("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"));
-  EXPECT_TRUE(Extension::IdIsValid("pppppppppppppppppppppppppppppppp"));
-  EXPECT_TRUE(Extension::IdIsValid("abcdefghijklmnopabcdefghijklmnop"));
-  EXPECT_TRUE(Extension::IdIsValid("ABCDEFGHIJKLMNOPABCDEFGHIJKLMNOP"));
-  EXPECT_FALSE(Extension::IdIsValid("abcdefghijklmnopabcdefghijklmno"));
-  EXPECT_FALSE(Extension::IdIsValid("abcdefghijklmnopabcdefghijklmnopa"));
-  EXPECT_FALSE(Extension::IdIsValid("0123456789abcdef0123456789abcdef"));
-  EXPECT_FALSE(Extension::IdIsValid("abcdefghijklmnopabcdefghijklmnoq"));
-  EXPECT_FALSE(Extension::IdIsValid("abcdefghijklmnopabcdefghijklmno0"));
-}
-
-
-// This test ensures that the mimetype sniffing code stays in sync with the
-// actual crx files that we test other parts of the system with.
-TEST(ExtensionTest, MimeTypeSniffing) {
-  base::FilePath path;
-  ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &path));
-  path = path.AppendASCII("extensions").AppendASCII("good.crx");
-
-  std::string data;
-  ASSERT_TRUE(file_util::ReadFileToString(path, &data));
-
-  std::string result;
-  EXPECT_TRUE(net::SniffMimeType(data.c_str(),
-                                 data.size(),
-                                 GURL("http://www.example.com/foo.crx"),
-                                 std::string(),
-                                 &result));
-  EXPECT_EQ(std::string(Extension::kMimeType), result);
-
-  data.clear();
-  result.clear();
-  path = path.DirName().AppendASCII("bad_magic.crx");
-  ASSERT_TRUE(file_util::ReadFileToString(path, &data));
-  EXPECT_TRUE(net::SniffMimeType(data.c_str(),
-                                 data.size(),
-                                 GURL("http://www.example.com/foo.crx"),
-                                 std::string(),
-                                 &result));
-  EXPECT_EQ("application/octet-stream", result);
-}
-
-TEST(ExtensionTest, EffectiveHostPermissions) {
+TEST(ExtensionPermissionsTest, EffectiveHostPermissions) {
   scoped_refptr<Extension> extension;
   URLPatternSet hosts;
 
   extension = LoadManifest("effective_host_permissions", "empty.json");
-  EXPECT_EQ(0u, extension->GetEffectiveHostPermissions().patterns().size());
+  EXPECT_EQ(
+      0u,
+      PermissionsData::GetEffectiveHostPermissions(
+          extension).patterns().size());
   EXPECT_FALSE(hosts.MatchesURL(GURL("http://www.google.com")));
-  EXPECT_FALSE(extension->HasEffectiveAccessToAllHosts());
+  EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension));
 
   extension = LoadManifest("effective_host_permissions", "one_host.json");
-  hosts = extension->GetEffectiveHostPermissions();
+  hosts = PermissionsData::GetEffectiveHostPermissions(extension);
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
   EXPECT_FALSE(hosts.MatchesURL(GURL("https://www.google.com")));
-  EXPECT_FALSE(extension->HasEffectiveAccessToAllHosts());
+  EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension));
 
   extension = LoadManifest("effective_host_permissions",
                            "one_host_wildcard.json");
-  hosts = extension->GetEffectiveHostPermissions();
+  hosts = PermissionsData::GetEffectiveHostPermissions(extension);
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://foo.google.com")));
-  EXPECT_FALSE(extension->HasEffectiveAccessToAllHosts());
+  EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension));
 
   extension = LoadManifest("effective_host_permissions", "two_hosts.json");
-  hosts = extension->GetEffectiveHostPermissions();
+  hosts = PermissionsData::GetEffectiveHostPermissions(extension);
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com")));
-  EXPECT_FALSE(extension->HasEffectiveAccessToAllHosts());
+  EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension));
 
   extension = LoadManifest("effective_host_permissions",
                            "https_not_considered.json");
-  hosts = extension->GetEffectiveHostPermissions();
+  hosts = PermissionsData::GetEffectiveHostPermissions(extension);
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
   EXPECT_TRUE(hosts.MatchesURL(GURL("https://google.com")));
-  EXPECT_FALSE(extension->HasEffectiveAccessToAllHosts());
+  EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension));
 
   extension = LoadManifest("effective_host_permissions",
                            "two_content_scripts.json");
-  hosts = extension->GetEffectiveHostPermissions();
+  hosts = PermissionsData::GetEffectiveHostPermissions(extension);
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com")));
   EXPECT_TRUE(extension->GetActivePermissions()->HasEffectiveAccessToURL(
       GURL("http://www.reddit.com")));
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://news.ycombinator.com")));
   EXPECT_TRUE(extension->GetActivePermissions()->HasEffectiveAccessToURL(
       GURL("http://news.ycombinator.com")));
-  EXPECT_FALSE(extension->HasEffectiveAccessToAllHosts());
+  EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension));
 
   extension = LoadManifest("effective_host_permissions", "all_hosts.json");
-  hosts = extension->GetEffectiveHostPermissions();
+  hosts = PermissionsData::GetEffectiveHostPermissions(extension);
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/")));
   EXPECT_FALSE(hosts.MatchesURL(GURL("https://test/")));
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
-  EXPECT_TRUE(extension->HasEffectiveAccessToAllHosts());
+  EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension));
 
   extension = LoadManifest("effective_host_permissions", "all_hosts2.json");
-  hosts = extension->GetEffectiveHostPermissions();
+  hosts = PermissionsData::GetEffectiveHostPermissions(extension);
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/")));
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
-  EXPECT_TRUE(extension->HasEffectiveAccessToAllHosts());
+  EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension));
 
   extension = LoadManifest("effective_host_permissions", "all_hosts3.json");
-  hosts = extension->GetEffectiveHostPermissions();
+  hosts = PermissionsData::GetEffectiveHostPermissions(extension);
   EXPECT_FALSE(hosts.MatchesURL(GURL("http://test/")));
   EXPECT_TRUE(hosts.MatchesURL(GURL("https://test/")));
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
-  EXPECT_TRUE(extension->HasEffectiveAccessToAllHosts());
+  EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension));
 }
 
-static bool CheckSocketPermission(scoped_refptr<Extension> extension,
-    SocketPermissionRequest::OperationType type,
-    const char* host,
-    int port) {
-  SocketPermission::CheckParam param(type, host, port);
-  return extension->CheckAPIPermissionWithParam(
-      APIPermission::kSocket, &param);
-}
-
-TEST(ExtensionTest, SocketPermissions) {
+TEST(ExtensionPermissionsTest, SocketPermissions) {
   // Set feature current channel to appropriate value.
   Feature::ScopedCurrentChannel scoped_channel(
       chrome::VersionInfo::CHANNEL_DEV);
   scoped_refptr<Extension> extension;
   std::string error;
 
   extension = LoadManifest("socket_permissions", "empty.json");
   EXPECT_FALSE(CheckSocketPermission(extension,
       SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
 
   extension = LoadManifestUnchecked("socket_permissions",
                                     "socket1.json",
                                     Manifest::INTERNAL, Extension::NO_FLAGS,
                                     &error);
   EXPECT_TRUE(extension == NULL);
   ASSERT_EQ(ErrorUtils::FormatErrorMessage(
-        errors::kInvalidPermission, "socket"), error);
+        extension_manifest_errors::kInvalidPermission, "socket"), error);
 
   extension = LoadManifest("socket_permissions", "socket2.json");
   EXPECT_TRUE(CheckSocketPermission(extension,
       SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
   EXPECT_FALSE(CheckSocketPermission(
         extension, SocketPermissionRequest::UDP_BIND, "", 80));
   EXPECT_TRUE(CheckSocketPermission(
         extension, SocketPermissionRequest::UDP_BIND, "", 8888));
 
   EXPECT_FALSE(CheckSocketPermission(
         extension, SocketPermissionRequest::UDP_SEND_TO, "example.com", 1900));
   EXPECT_TRUE(CheckSocketPermission(
         extension,
         SocketPermissionRequest::UDP_SEND_TO,
         "239.255.255.250", 1900));
 }
 
 // This tests the API permissions with an empty manifest (one that just
 // specifies a name and a version and nothing else).
-TEST(ExtensionTest, ApiPermissions) {
+TEST(ExtensionPermissionsTest, ApiPermissions) {
   const struct {
     const char* permission_name;
     bool expect_success;
   } kTests[] = {
     // Negative test.
     { "non_existing_permission", false },
     // Test default module/package permission.
     { "browserAction",  true },
     { "devtools",       true },
     { "extension",      true },
@@ skipping 24 matching lines @@
   scoped_refptr<Extension> extension;
   extension = LoadManifest("empty_manifest", "empty.json");
 
   for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) {
     EXPECT_EQ(kTests[i].expect_success,
               extension->HasAPIPermission(kTests[i].permission_name))
                   << "Permission being tested: " << kTests[i].permission_name;
   }
 }
 
-TEST(ExtensionTest, GetPermissionMessages_ManyApiPermissions) {
+TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyAPIPermissions) {
   scoped_refptr<Extension> extension;
   extension = LoadManifest("permissions", "many-apis.json");
-  std::vector<string16> warnings = extension->GetPermissionMessageStrings();
+  std::vector<string16> warnings =
+      PermissionsData::GetPermissionMessageStrings(extension);
   ASSERT_EQ(6u, warnings.size());
   EXPECT_EQ("Access your data on api.flickr.com",
             UTF16ToUTF8(warnings[0]));
   EXPECT_EQ("Read and modify your bookmarks", UTF16ToUTF8(warnings[1]));
   EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[2]));
   EXPECT_EQ("Read and modify your browsing history", UTF16ToUTF8(warnings[3]));
   EXPECT_EQ("Access your tabs and browsing activity", UTF16ToUTF8(warnings[4]));
   EXPECT_EQ("Manage your apps, extensions, and themes",
             UTF16ToUTF8(warnings[5]));
 }
 
-TEST(ExtensionTest, GetPermissionMessages_LocationApiPermission) {
+TEST(ExtensionPermissionsTest, GetPermissionMessages_LocationApiPermission) {
   scoped_refptr<Extension> extension;
   extension = LoadManifest("permissions",
                            "location-api.json",
                            Manifest::COMPONENT,
                            Extension::NO_FLAGS);
-  std::vector<string16> warnings = extension->GetPermissionMessageStrings();
+  std::vector<string16> warnings =
+      PermissionsData::GetPermissionMessageStrings(extension);
   ASSERT_EQ(1u, warnings.size());
   EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[0]));
 }
 
-TEST(ExtensionTest, GetPermissionMessages_ManyHosts) {
+TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyHosts) {
   scoped_refptr<Extension> extension;
   extension = LoadManifest("permissions", "many-hosts.json");
-  std::vector<string16> warnings = extension->GetPermissionMessageStrings();
+  std::vector<string16> warnings =
+      PermissionsData::GetPermissionMessageStrings(extension);
   ASSERT_EQ(1u, warnings.size());
   EXPECT_EQ("Access your data on encrypted.google.com and www.google.com",
             UTF16ToUTF8(warnings[0]));
 }
 
-TEST(ExtensionTest, GetPermissionMessages_Plugins) {
+TEST(ExtensionPermissionsTest, GetPermissionMessages_Plugins) {
   scoped_refptr<Extension> extension;
   extension = LoadManifest("permissions", "plugins.json");
-  std::vector<string16> warnings = extension->GetPermissionMessageStrings();
+  std::vector<string16> warnings =
+      PermissionsData::GetPermissionMessageStrings(extension);
   // We don't parse the plugins key on Chrome OS, so it should not ask for any
   // permissions.
 #if defined(OS_CHROMEOS)
   ASSERT_EQ(0u, warnings.size());
 #else
   ASSERT_EQ(1u, warnings.size());
   EXPECT_EQ("Access all data on your computer and the websites you visit",
             UTF16ToUTF8(warnings[0]));
 #endif
 }
 
-TEST(ExtensionTest, WantsFileAccess) {
+TEST(ExtensionPermissionsTest, OptionalOnlyPermission) {
+  // Set feature current channel to dev because the only permission that must
+  // be optional (usbDevices) is only available on dev channel.
+  Feature::ScopedCurrentChannel scoped_channel(
+      chrome::VersionInfo::CHANNEL_DEV);
+
   scoped_refptr<Extension> extension;
-  GURL file_url("file:///etc/passwd");
+  std::string error;
+  extension = LoadManifestUnchecked("optional_only_permission",
+                                    "manifest1.json",
+                                    Manifest::INTERNAL, Extension::NO_FLAGS,
+                                    &error);
+  EXPECT_TRUE(extension == NULL);
+  ASSERT_EQ(
+      ErrorUtils::FormatErrorMessage(
+          extension_manifest_errors::kPermissionMustBeOptional,
+          "usbDevices"),
+      error);
 
-  // <all_urls> permission
-  extension = LoadManifest("permissions", "permissions_all_urls.json");
-  EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_FALSE(extension->CanExecuteScriptOnPage(
-      file_url, file_url, -1, NULL, NULL));
-  extension = LoadManifest(
-      "permissions", "permissions_all_urls.json", Extension::ALLOW_FILE_ACCESS);
-  EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_TRUE(extension->CanExecuteScriptOnPage(
-      file_url, file_url, -1, NULL, NULL));
-
-  // file:///* permission
-  extension = LoadManifest("permissions", "permissions_file_scheme.json");
-  EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_FALSE(extension->CanExecuteScriptOnPage(
-      file_url, file_url, -1, NULL, NULL));
-  extension = LoadManifest("permissions", "permissions_file_scheme.json",
-      Extension::ALLOW_FILE_ACCESS);
-  EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_TRUE(extension->CanExecuteScriptOnPage(
-      file_url, file_url, -1, NULL, NULL));
-
-  // http://* permission
-  extension = LoadManifest("permissions", "permissions_http_scheme.json");
-  EXPECT_FALSE(extension->wants_file_access());
-  EXPECT_FALSE(extension->CanExecuteScriptOnPage(
-      file_url, file_url, -1, NULL, NULL));
-  extension = LoadManifest("permissions", "permissions_http_scheme.json",
-      Extension::ALLOW_FILE_ACCESS);
-  EXPECT_FALSE(extension->wants_file_access());
-  EXPECT_FALSE(extension->CanExecuteScriptOnPage(
-      file_url, file_url, -1, NULL, NULL));
-
-  // <all_urls> content script match
-  extension = LoadManifest("permissions", "content_script_all_urls.json");
-  EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_FALSE(extension->CanExecuteScriptOnPage(
-      file_url,
-      file_url,
-      -1,
-      &ContentScriptsInfo::GetContentScripts(extension)[0],
-      NULL));
-  extension = LoadManifest("permissions", "content_script_all_urls.json",
-      Extension::ALLOW_FILE_ACCESS);
-  EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_TRUE(extension->CanExecuteScriptOnPage(
-      file_url,
-      file_url,
-      -1,
-      &ContentScriptsInfo::GetContentScripts(extension)[0],
-      NULL));
-
-  // file:///* content script match
-  extension = LoadManifest("permissions", "content_script_file_scheme.json");
-  EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_FALSE(extension->CanExecuteScriptOnPage(
-      file_url,
-      file_url,
-      -1,
-      &ContentScriptsInfo::GetContentScripts(extension)[0],
-      NULL));
-  extension = LoadManifest("permissions", "content_script_file_scheme.json",
-      Extension::ALLOW_FILE_ACCESS);
-  EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_TRUE(extension->CanExecuteScriptOnPage(
-      file_url,
-      file_url,
-      -1,
-      &ContentScriptsInfo::GetContentScripts(extension)[0],
-      NULL));
-
-  // http://* content script match
-  extension = LoadManifest("permissions", "content_script_http_scheme.json");
-  EXPECT_FALSE(extension->wants_file_access());
-  EXPECT_FALSE(extension->CanExecuteScriptOnPage(
-      file_url,
-      file_url,
-      -1,
-      &ContentScriptsInfo::GetContentScripts(extension)[0],
-      NULL));
-  extension = LoadManifest("permissions", "content_script_http_scheme.json",
-      Extension::ALLOW_FILE_ACCESS);
-  EXPECT_FALSE(extension->wants_file_access());
-  EXPECT_FALSE(extension->CanExecuteScriptOnPage(
-      file_url,
-      file_url,
-      -1,
-      &ContentScriptsInfo::GetContentScripts(extension)[0],
-      NULL));
-}
-
-TEST(ExtensionTest, ExtraFlags) {
-  scoped_refptr<Extension> extension;
-  extension = LoadManifest("app", "manifest.json", Extension::FROM_WEBSTORE);
-  EXPECT_TRUE(extension->from_webstore());
-
-  extension = LoadManifest("app", "manifest.json", Extension::FROM_BOOKMARK);
-  EXPECT_TRUE(extension->from_bookmark());
-
-  extension = LoadManifest("app", "manifest.json", Extension::NO_FLAGS);
-  EXPECT_FALSE(extension->from_bookmark());
-  EXPECT_FALSE(extension->from_webstore());
+  error.clear();
+  extension = LoadManifestUnchecked("optional_only_permission",
+                                    "manifest2.json",
+                                    Manifest::INTERNAL, Extension::NO_FLAGS,
+                                    &error);
+  EXPECT_TRUE(extension != NULL);
+  EXPECT_TRUE(error.empty());
 }
 
 // Base class for testing the CanExecuteScriptOnPage and CanCaptureVisiblePage
 // methods of Extension for extensions with various permissions.
 class ExtensionScriptAndCaptureVisibleTest : public testing::Test {
  protected:
   ExtensionScriptAndCaptureVisibleTest()
       : http_url("http://www.google.com"),
         http_url_with_path("http://www.google.com/index.html"),
         https_url("https://www.google.com"),
         file_url("file:///foo/bar"),
         favicon_url("chrome://favicon/http://www.google.com"),
         extension_url("chrome-extension://" +
             id_util::GenerateIdForPath(
                 base::FilePath(FILE_PATH_LITERAL("foo")))),
         settings_url("chrome://settings"),
         about_url("about:flags") {
     urls_.insert(http_url);
     urls_.insert(http_url_with_path);
     urls_.insert(https_url);
     urls_.insert(file_url);
     urls_.insert(favicon_url);
     urls_.insert(extension_url);
     urls_.insert(settings_url);
     urls_.insert(about_url);
   }
 
   bool AllowedScript(const Extension* extension, const GURL& url,
                      const GURL& top_url) {
-    return extension->CanExecuteScriptOnPage(url, top_url, -1, NULL, NULL);
+    return PermissionsData::CanExecuteScriptOnPage(
+        extension, url, top_url, -1, NULL, NULL);
   }
 
   bool BlockedScript(const Extension* extension, const GURL& url,
                      const GURL& top_url) {
-    return !extension->CanExecuteScriptOnPage(url, top_url, -1, NULL, NULL);
+    return !PermissionsData::CanExecuteScriptOnPage(
+        extension, url, top_url, -1, NULL, NULL);
   }
 
   bool Allowed(const Extension* extension, const GURL& url) {
     return Allowed(extension, url, -1);
   }
 
   bool Allowed(const Extension* extension, const GURL& url, int tab_id) {
-    return (extension->CanExecuteScriptOnPage(url, url, tab_id, NULL, NULL) &&
-            extension->CanCaptureVisiblePage(url, tab_id, NULL));
+    return (PermissionsData::CanExecuteScriptOnPage(
+                extension, url, url, tab_id, NULL, NULL) &&
+            PermissionsData::CanCaptureVisiblePage(
+                extension, url, tab_id, NULL));
   }
 
   bool CaptureOnly(const Extension* extension, const GURL& url) {
     return CaptureOnly(extension, url, -1);
   }
 
   bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) {
-    return !extension->CanExecuteScriptOnPage(url, url, tab_id, NULL, NULL) &&
-            extension->CanCaptureVisiblePage(url, tab_id, NULL);
+    return !PermissionsData::CanExecuteScriptOnPage(
+                extension, url, url, tab_id, NULL, NULL) &&
+           PermissionsData::CanCaptureVisiblePage(extension, url, tab_id, NULL);
   }
 
   bool Blocked(const Extension* extension, const GURL& url) {
     return Blocked(extension, url, -1);
   }
 
   bool Blocked(const Extension* extension, const GURL& url, int tab_id) {
-    return !(extension->CanExecuteScriptOnPage(url, url, tab_id, NULL, NULL) ||
-             extension->CanCaptureVisiblePage(url, tab_id, NULL));
+    return !(PermissionsData::CanExecuteScriptOnPage(
+                 extension, url, url, tab_id, NULL, NULL) ||
+             PermissionsData::CanCaptureVisiblePage(
+                 extension, url, tab_id, NULL));
   }
 
   bool AllowedExclusivelyOnTab(
       const Extension* extension,
       const std::set<GURL>& allowed_urls,
       int tab_id) {
     bool result = true;
     for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) {
       const GURL& url = *it;
       if (allowed_urls.count(url))
@@ skipping 40 matching lines @@
 
   // Test access to iframed content.
   GURL within_extension_url = extension->GetResourceURL("page.html");
   EXPECT_TRUE(AllowedScript(extension, http_url, http_url_with_path));
   EXPECT_TRUE(AllowedScript(extension, https_url, http_url_with_path));
   EXPECT_TRUE(AllowedScript(extension, http_url, within_extension_url));
   EXPECT_TRUE(AllowedScript(extension, https_url, within_extension_url));
   EXPECT_TRUE(BlockedScript(extension, http_url, extension_url));
   EXPECT_TRUE(BlockedScript(extension, https_url, extension_url));
 
-  EXPECT_FALSE(extension->HasHostPermission(settings_url));
-  EXPECT_FALSE(extension->HasHostPermission(about_url));
-  EXPECT_TRUE(extension->HasHostPermission(favicon_url));
+  EXPECT_FALSE(PermissionsData::HasHostPermission(extension, settings_url));
+  EXPECT_FALSE(PermissionsData::HasHostPermission(extension, about_url));
+  EXPECT_TRUE(PermissionsData::HasHostPermission(extension, favicon_url));
 
   // Test * for scheme, which implies just the http/https schemes.
   extension = LoadManifestStrict("script_and_capture",
       "extension_wildcard.json");
   EXPECT_TRUE(Allowed(extension, http_url));
   EXPECT_TRUE(Allowed(extension, https_url));
   EXPECT_TRUE(Blocked(extension, settings_url));
   EXPECT_TRUE(Blocked(extension, about_url));
   EXPECT_TRUE(Blocked(extension, file_url));
   EXPECT_TRUE(Blocked(extension, favicon_url));
   extension = LoadManifest("script_and_capture",
       "extension_wildcard_settings.json");
   EXPECT_TRUE(Blocked(extension, settings_url));
 
   // Having chrome://*/ should not work for regular extensions. Note that
   // for favicon access, we require the explicit pattern chrome://favicon/*.
   std::string error;
   extension = LoadManifestUnchecked("script_and_capture",
                                     "extension_wildcard_chrome.json",
                                     Manifest::INTERNAL, Extension::NO_FLAGS,
                                     &error);
   EXPECT_TRUE(extension == NULL);
-  EXPECT_EQ(ErrorUtils::FormatErrorMessage(
-      errors::kInvalidPermissionScheme, "chrome://*/"), error);
+  EXPECT_EQ(
+      ErrorUtils::FormatErrorMessage(
+          extension_manifest_errors::kInvalidPermissionScheme,
+          "chrome://*/"),
+      error);
 
   // Having chrome://favicon/* should not give you chrome://*
   extension = LoadManifestStrict("script_and_capture",
       "extension_chrome_favicon_wildcard.json");
   EXPECT_TRUE(Blocked(extension, settings_url));
   EXPECT_TRUE(CaptureOnly(extension, favicon_url));
   EXPECT_TRUE(Blocked(extension, about_url));
-  EXPECT_TRUE(extension->HasHostPermission(favicon_url));
+  EXPECT_TRUE(PermissionsData::HasHostPermission(extension, favicon_url));
 
   // Having http://favicon should not give you chrome://favicon
   extension = LoadManifestStrict("script_and_capture",
       "extension_http_favicon.json");
   EXPECT_TRUE(Blocked(extension, settings_url));
   EXPECT_TRUE(Blocked(extension, favicon_url));
 
   // Component extensions with <all_urls> should get everything.
   extension = LoadManifest("script_and_capture", "extension_component_all.json",
       Manifest::COMPONENT, Extension::NO_FLAGS);
   EXPECT_TRUE(Allowed(extension, http_url));
   EXPECT_TRUE(Allowed(extension, https_url));
   EXPECT_TRUE(Allowed(extension, settings_url));
   EXPECT_TRUE(Allowed(extension, about_url));
   EXPECT_TRUE(Allowed(extension, favicon_url));
-  EXPECT_TRUE(extension->HasHostPermission(favicon_url));
+  EXPECT_TRUE(PermissionsData::HasHostPermission(extension, favicon_url));
 
   // Component extensions should only get access to what they ask for.
   extension = LoadManifest("script_and_capture",
       "extension_component_google.json", Manifest::COMPONENT,
       Extension::NO_FLAGS);
   EXPECT_TRUE(Allowed(extension, http_url));
   EXPECT_TRUE(Blocked(extension, https_url));
   EXPECT_TRUE(Blocked(extension, file_url));
   EXPECT_TRUE(Blocked(extension, settings_url));
   EXPECT_TRUE(Blocked(extension, favicon_url));
   EXPECT_TRUE(Blocked(extension, about_url));
   EXPECT_TRUE(Blocked(extension, extension_url));
-  EXPECT_FALSE(extension->HasHostPermission(settings_url));
+  EXPECT_FALSE(PermissionsData::HasHostPermission(extension, settings_url));
 }
 
 
 TEST_F(ExtensionScriptAndCaptureVisibleTest, PermissionsWithChromeURLsEnabled) {
   CommandLine::ForCurrentProcess()->AppendSwitch(
       switches::kExtensionsOnChromeURLs);
 
   scoped_refptr<Extension> extension;
 
   // Test <all_urls> for regular extensions.
   extension = LoadManifestStrict("script_and_capture",
       "extension_regular_all.json");
   EXPECT_TRUE(Allowed(extension, http_url));
   EXPECT_TRUE(Allowed(extension, https_url));
   EXPECT_TRUE(Blocked(extension, file_url));
   EXPECT_TRUE(Blocked(extension, settings_url));
   EXPECT_TRUE(Allowed(extension, favicon_url));  // chrome:// requested
   EXPECT_TRUE(Blocked(extension, about_url));
   EXPECT_TRUE(Blocked(extension, extension_url));
 
   // Test access to iframed content.
   GURL within_extension_url = extension->GetResourceURL("page.html");
   EXPECT_TRUE(AllowedScript(extension, http_url, http_url_with_path));
   EXPECT_TRUE(AllowedScript(extension, https_url, http_url_with_path));
   EXPECT_TRUE(AllowedScript(extension, http_url, within_extension_url));
   EXPECT_TRUE(AllowedScript(extension, https_url, within_extension_url));
   EXPECT_TRUE(BlockedScript(extension, http_url, extension_url));
   EXPECT_TRUE(BlockedScript(extension, https_url, extension_url));
 
-  EXPECT_FALSE(extension->HasHostPermission(settings_url));
-  EXPECT_FALSE(extension->HasHostPermission(about_url));
-  EXPECT_TRUE(extension->HasHostPermission(favicon_url));
+  EXPECT_FALSE(PermissionsData::HasHostPermission(extension, settings_url));
+  EXPECT_FALSE(PermissionsData::HasHostPermission(extension, about_url));
+  EXPECT_TRUE(PermissionsData::HasHostPermission(extension, favicon_url));
 
   // Test * for scheme, which implies just the http/https schemes.
   extension = LoadManifestStrict("script_and_capture",
       "extension_wildcard.json");
   EXPECT_TRUE(Allowed(extension, http_url));
   EXPECT_TRUE(Allowed(extension, https_url));
   EXPECT_TRUE(Blocked(extension, settings_url));
   EXPECT_TRUE(Blocked(extension, about_url));
   EXPECT_TRUE(Blocked(extension, file_url));
   EXPECT_TRUE(Blocked(extension, favicon_url));
@@ skipping 15 matching lines @@
   EXPECT_TRUE(Blocked(extension, about_url));
   EXPECT_TRUE(Blocked(extension, file_url));
   EXPECT_TRUE(Allowed(extension, favicon_url));  // chrome:// requested
 
   // Having chrome://favicon/* should not give you chrome://*
   extension = LoadManifestStrict("script_and_capture",
       "extension_chrome_favicon_wildcard.json");
   EXPECT_TRUE(Blocked(extension, settings_url));
   EXPECT_TRUE(Allowed(extension, favicon_url));  // chrome:// requested
   EXPECT_TRUE(Blocked(extension, about_url));
-  EXPECT_TRUE(extension->HasHostPermission(favicon_url));
+  EXPECT_TRUE(PermissionsData::HasHostPermission(extension, favicon_url));
 
   // Having http://favicon should not give you chrome://favicon
   extension = LoadManifestStrict("script_and_capture",
       "extension_http_favicon.json");
   EXPECT_TRUE(Blocked(extension, settings_url));
   EXPECT_TRUE(Blocked(extension, favicon_url));
 
   // Component extensions with <all_urls> should get everything.
   extension = LoadManifest("script_and_capture", "extension_component_all.json",
       Manifest::COMPONENT, Extension::NO_FLAGS);
   EXPECT_TRUE(Allowed(extension, http_url));
   EXPECT_TRUE(Allowed(extension, https_url));
   EXPECT_TRUE(Allowed(extension, settings_url));
   EXPECT_TRUE(Allowed(extension, about_url));
   EXPECT_TRUE(Allowed(extension, favicon_url));
-  EXPECT_TRUE(extension->HasHostPermission(favicon_url));
+  EXPECT_TRUE(PermissionsData::HasHostPermission(extension, favicon_url));
 
   // Component extensions should only get access to what they ask for.
   extension = LoadManifest("script_and_capture",
       "extension_component_google.json", Manifest::COMPONENT,
       Extension::NO_FLAGS);
   EXPECT_TRUE(Allowed(extension, http_url));
   EXPECT_TRUE(Blocked(extension, https_url));
   EXPECT_TRUE(Blocked(extension, file_url));
   EXPECT_TRUE(Blocked(extension, settings_url));
   EXPECT_TRUE(Blocked(extension, favicon_url));
   EXPECT_TRUE(Blocked(extension, about_url));
   EXPECT_TRUE(Blocked(extension, extension_url));
-  EXPECT_FALSE(extension->HasHostPermission(settings_url));
+  EXPECT_FALSE(PermissionsData::HasHostPermission(extension, settings_url));
 }
 
 TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) {
   scoped_refptr<Extension> extension =
       LoadManifestStrict("script_and_capture", "tab_specific.json");
 
-  EXPECT_FALSE(extension->GetTabSpecificPermissions(0).get());
-  EXPECT_FALSE(extension->GetTabSpecificPermissions(1).get());
-  EXPECT_FALSE(extension->GetTabSpecificPermissions(2).get());
+  EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension, 0).get());
+  EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension, 1).get());
+  EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension, 2).get());
 
   std::set<GURL> no_urls;
 
   EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 0));
   EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 1));
   EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 2));
 
   URLPatternSet allowed_hosts;
   allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL,
                                       http_url.spec()));
   std::set<GURL> allowed_urls;
   allowed_urls.insert(http_url);
   // http_url_with_path() will also be allowed, because Extension should be
   // considering the security origin of the URL not the URL itself, and
   // http_url is in allowed_hosts.
   allowed_urls.insert(http_url_with_path);
 
   {
     scoped_refptr<PermissionSet> permissions(
         new PermissionSet(APIPermissionSet(), allowed_hosts, URLPatternSet()));
-    extension->UpdateTabSpecificPermissions(0, permissions);
+    PermissionsData::UpdateTabSpecificPermissions(extension, 0, permissions);
     EXPECT_EQ(permissions->explicit_hosts(),
-              extension->GetTabSpecificPermissions(0)->explicit_hosts());
+              PermissionsData::GetTabSpecificPermissions(
+                  extension, 0)->explicit_hosts());
   }
 
   EXPECT_TRUE(AllowedExclusivelyOnTab(extension, allowed_urls, 0));
   EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 1));
   EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 2));
 
-  extension->ClearTabSpecificPermissions(0);
-  EXPECT_FALSE(extension->GetTabSpecificPermissions(0).get());
+  PermissionsData::ClearTabSpecificPermissions(extension, 0);
+  EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension, 0).get());
 
   EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 0));
   EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 1));
   EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 2));
 
   std::set<GURL> more_allowed_urls = allowed_urls;
   more_allowed_urls.insert(https_url);
   URLPatternSet more_allowed_hosts = allowed_hosts;
   more_allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL,
                                            https_url.spec()));
 
   {
     scoped_refptr<PermissionSet> permissions(
         new PermissionSet(APIPermissionSet(), allowed_hosts, URLPatternSet()));
-    extension->UpdateTabSpecificPermissions(0, permissions);
+    PermissionsData::UpdateTabSpecificPermissions(extension, 0, permissions);
     EXPECT_EQ(permissions->explicit_hosts(),
-              extension->GetTabSpecificPermissions(0)->explicit_hosts());
+              PermissionsData::GetTabSpecificPermissions(
+                  extension, 0)->explicit_hosts());
 
     permissions = new PermissionSet(APIPermissionSet(),
                                     more_allowed_hosts,
                                     URLPatternSet());
-    extension->UpdateTabSpecificPermissions(1, permissions);
+    PermissionsData::UpdateTabSpecificPermissions(extension, 1, permissions);
     EXPECT_EQ(permissions->explicit_hosts(),
-              extension->GetTabSpecificPermissions(1)->explicit_hosts());
+              PermissionsData::GetTabSpecificPermissions(
+                  extension, 1)->explicit_hosts());
   }
 
   EXPECT_TRUE(AllowedExclusivelyOnTab(extension, allowed_urls, 0));
   EXPECT_TRUE(AllowedExclusivelyOnTab(extension, more_allowed_urls, 1));
   EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 2));
 
-  extension->ClearTabSpecificPermissions(0);
-  EXPECT_FALSE(extension->GetTabSpecificPermissions(0).get());
+  PermissionsData::ClearTabSpecificPermissions(extension, 0);
+  EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension, 0).get());
 
   EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 0));
   EXPECT_TRUE(AllowedExclusivelyOnTab(extension, more_allowed_urls, 1));
   EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 2));
 
-  extension->ClearTabSpecificPermissions(1);
-  EXPECT_FALSE(extension->GetTabSpecificPermissions(1).get());
+  PermissionsData::ClearTabSpecificPermissions(extension, 1);
+  EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension, 1).get());
 
   EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 0));
   EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 1));
   EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 2));
 }
 
-TEST(ExtensionTest, OptionalOnlyPermission) {
-  // Set feature current channel to dev because the only permission that must
-  // be optional (usbDevices) is only available on dev channel.
-  Feature::ScopedCurrentChannel scoped_channel(
-      chrome::VersionInfo::CHANNEL_DEV);
-
-  scoped_refptr<Extension> extension;
-  std::string error;
-  extension = LoadManifestUnchecked("optional_only_permission",
-                                    "manifest1.json",
-                                    Manifest::INTERNAL, Extension::NO_FLAGS,
-                                    &error);
-  EXPECT_TRUE(extension == NULL);
-  ASSERT_EQ(ErrorUtils::FormatErrorMessage(
-        errors::kPermissionMustBeOptional, "usbDevices"), error);
-
-  error.clear();
-  extension = LoadManifestUnchecked("optional_only_permission",
-                                    "manifest2.json",
-                                    Manifest::INTERNAL, Extension::NO_FLAGS,
-                                    &error);
-  EXPECT_TRUE(extension != NULL);
-  EXPECT_TRUE(error.empty());
-}
-
 }  // namespace extensions