| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/command_line.h" | |
| 6 #include "base/file_util.h" | 5 #include "base/file_util.h" |
| 7 #include "base/format_macros.h" | 6 #include "base/format_macros.h" |
| 8 #include "base/path_service.h" | 7 #include "base/path_service.h" |
| 9 #include "base/stringprintf.h" | 8 #include "base/stringprintf.h" |
| 10 #include "base/strings/string_number_conversions.h" | 9 #include "base/strings/string_number_conversions.h" |
| 11 #include "base/utf_string_conversions.h" | |
| 12 #include "chrome/common/chrome_paths.h" | 10 #include "chrome/common/chrome_paths.h" |
| 13 #include "chrome/common/chrome_switches.h" | |
| 14 #include "chrome/common/extensions/command.h" | 11 #include "chrome/common/extensions/command.h" |
| 15 #include "chrome/common/extensions/extension.h" | 12 #include "chrome/common/extensions/extension.h" |
| 16 #include "chrome/common/extensions/extension_file_util.h" | 13 #include "chrome/common/extensions/extension_file_util.h" |
| 17 #include "chrome/common/extensions/extension_manifest_constants.h" | |
| 18 #include "chrome/common/extensions/extension_test_util.h" | 14 #include "chrome/common/extensions/extension_test_util.h" |
| 19 #include "chrome/common/extensions/features/feature.h" | |
| 20 #include "chrome/common/extensions/manifest.h" | 15 #include "chrome/common/extensions/manifest.h" |
| 21 #include "chrome/common/extensions/manifest_handlers/content_scripts_handler.h" | 16 #include "chrome/common/extensions/manifest_handlers/content_scripts_handler.h" |
| 22 #include "chrome/common/extensions/permissions/api_permission.h" | 17 #include "chrome/common/extensions/permissions/permissions_data.h" |
| 23 #include "chrome/common/extensions/permissions/permission_set.h" | |
| 24 #include "chrome/common/extensions/permissions/socket_permission.h" | |
| 25 #include "chrome/common/extensions/permissions/usb_device_permission.h" | |
| 26 #include "chrome/common/url_constants.h" | 18 #include "chrome/common/url_constants.h" |
| 27 #include "extensions/common/error_utils.h" | |
| 28 #include "extensions/common/extension_resource.h" | 19 #include "extensions/common/extension_resource.h" |
| 29 #include "extensions/common/id_util.h" | |
| 30 #include "googleurl/src/gurl.h" | 20 #include "googleurl/src/gurl.h" |
| 31 #include "net/base/mime_sniffer.h" | 21 #include "net/base/mime_sniffer.h" |
| 32 #include "net/dns/mock_host_resolver.h" | 22 #include "net/dns/mock_host_resolver.h" |
| 33 #include "skia/ext/image_operations.h" | 23 #include "skia/ext/image_operations.h" |
| 34 #include "testing/gtest/include/gtest/gtest.h" | 24 #include "testing/gtest/include/gtest/gtest.h" |
| 35 #include "third_party/skia/include/core/SkBitmap.h" | 25 #include "third_party/skia/include/core/SkBitmap.h" |
| 36 #include "ui/gfx/codec/png_codec.h" | 26 #include "ui/gfx/codec/png_codec.h" |
| 37 | 27 |
| 38 using content::SocketPermissionRequest; | |
| 39 using extension_test_util::LoadManifest; | 28 using extension_test_util::LoadManifest; |
| 40 using extension_test_util::LoadManifestUnchecked; | |
| 41 using extension_test_util::LoadManifestStrict; | 29 using extension_test_util::LoadManifestStrict; |
| 42 | 30 |
| 43 namespace keys = extension_manifest_keys; | |
| 44 namespace values = extension_manifest_values; | |
| 45 namespace errors = extension_manifest_errors; | |
| 46 | |
| 47 namespace extensions { | 31 namespace extensions { |
| 48 | 32 |
| 49 // We persist location values in the preferences, so this is a sanity test that | 33 // We persist location values in the preferences, so this is a sanity test that |
| 50 // someone doesn't accidentally change them. | 34 // someone doesn't accidentally change them. |
| 51 TEST(ExtensionTest, LocationValuesTest) { | 35 TEST(ExtensionTest, LocationValuesTest) { |
| 52 ASSERT_EQ(0, Manifest::INVALID_LOCATION); | 36 ASSERT_EQ(0, Manifest::INVALID_LOCATION); |
| 53 ASSERT_EQ(1, Manifest::INTERNAL); | 37 ASSERT_EQ(1, Manifest::INTERNAL); |
| 54 ASSERT_EQ(2, Manifest::EXTERNAL_PREF); | 38 ASSERT_EQ(2, Manifest::EXTERNAL_PREF); |
| 55 ASSERT_EQ(3, Manifest::EXTERNAL_REGISTRY); | 39 ASSERT_EQ(3, Manifest::EXTERNAL_REGISTRY); |
| 56 ASSERT_EQ(4, Manifest::UNPACKED); | 40 ASSERT_EQ(4, Manifest::UNPACKED); |
| (...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 168 path = path.DirName().AppendASCII("bad_magic.crx"); | 152 path = path.DirName().AppendASCII("bad_magic.crx"); |
| 169 ASSERT_TRUE(file_util::ReadFileToString(path, &data)); | 153 ASSERT_TRUE(file_util::ReadFileToString(path, &data)); |
| 170 EXPECT_TRUE(net::SniffMimeType(data.c_str(), | 154 EXPECT_TRUE(net::SniffMimeType(data.c_str(), |
| 171 data.size(), | 155 data.size(), |
| 172 GURL("http://www.example.com/foo.crx"), | 156 GURL("http://www.example.com/foo.crx"), |
| 173 std::string(), | 157 std::string(), |
| 174 &result)); | 158 &result)); |
| 175 EXPECT_EQ("application/octet-stream", result); | 159 EXPECT_EQ("application/octet-stream", result); |
| 176 } | 160 } |
| 177 | 161 |
| 178 TEST(ExtensionTest, EffectiveHostPermissions) { | |
| 179 scoped_refptr<Extension> extension; | |
| 180 URLPatternSet hosts; | |
| 181 | |
| 182 extension = LoadManifest("effective_host_permissions", "empty.json"); | |
| 183 EXPECT_EQ(0u, extension->GetEffectiveHostPermissions().patterns().size()); | |
| 184 EXPECT_FALSE(hosts.MatchesURL(GURL("http://www.google.com"))); | |
| 185 EXPECT_FALSE(extension->HasEffectiveAccessToAllHosts()); | |
| 186 | |
| 187 extension = LoadManifest("effective_host_permissions", "one_host.json"); | |
| 188 hosts = extension->GetEffectiveHostPermissions(); | |
| 189 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); | |
| 190 EXPECT_FALSE(hosts.MatchesURL(GURL("https://www.google.com"))); | |
| 191 EXPECT_FALSE(extension->HasEffectiveAccessToAllHosts()); | |
| 192 | |
| 193 extension = LoadManifest("effective_host_permissions", | |
| 194 "one_host_wildcard.json"); | |
| 195 hosts = extension->GetEffectiveHostPermissions(); | |
| 196 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com"))); | |
| 197 EXPECT_TRUE(hosts.MatchesURL(GURL("http://foo.google.com"))); | |
| 198 EXPECT_FALSE(extension->HasEffectiveAccessToAllHosts()); | |
| 199 | |
| 200 extension = LoadManifest("effective_host_permissions", "two_hosts.json"); | |
| 201 hosts = extension->GetEffectiveHostPermissions(); | |
| 202 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); | |
| 203 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com"))); | |
| 204 EXPECT_FALSE(extension->HasEffectiveAccessToAllHosts()); | |
| 205 | |
| 206 extension = LoadManifest("effective_host_permissions", | |
| 207 "https_not_considered.json"); | |
| 208 hosts = extension->GetEffectiveHostPermissions(); | |
| 209 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com"))); | |
| 210 EXPECT_TRUE(hosts.MatchesURL(GURL("https://google.com"))); | |
| 211 EXPECT_FALSE(extension->HasEffectiveAccessToAllHosts()); | |
| 212 | |
| 213 extension = LoadManifest("effective_host_permissions", | |
| 214 "two_content_scripts.json"); | |
| 215 hosts = extension->GetEffectiveHostPermissions(); | |
| 216 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com"))); | |
| 217 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com"))); | |
| 218 EXPECT_TRUE(extension->GetActivePermissions()->HasEffectiveAccessToURL( | |
| 219 GURL("http://www.reddit.com"))); | |
| 220 EXPECT_TRUE(hosts.MatchesURL(GURL("http://news.ycombinator.com"))); | |
| 221 EXPECT_TRUE(extension->GetActivePermissions()->HasEffectiveAccessToURL( | |
| 222 GURL("http://news.ycombinator.com"))); | |
| 223 EXPECT_FALSE(extension->HasEffectiveAccessToAllHosts()); | |
| 224 | |
| 225 extension = LoadManifest("effective_host_permissions", "all_hosts.json"); | |
| 226 hosts = extension->GetEffectiveHostPermissions(); | |
| 227 EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/"))); | |
| 228 EXPECT_FALSE(hosts.MatchesURL(GURL("https://test/"))); | |
| 229 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); | |
| 230 EXPECT_TRUE(extension->HasEffectiveAccessToAllHosts()); | |
| 231 | |
| 232 extension = LoadManifest("effective_host_permissions", "all_hosts2.json"); | |
| 233 hosts = extension->GetEffectiveHostPermissions(); | |
| 234 EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/"))); | |
| 235 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); | |
| 236 EXPECT_TRUE(extension->HasEffectiveAccessToAllHosts()); | |
| 237 | |
| 238 extension = LoadManifest("effective_host_permissions", "all_hosts3.json"); | |
| 239 hosts = extension->GetEffectiveHostPermissions(); | |
| 240 EXPECT_FALSE(hosts.MatchesURL(GURL("http://test/"))); | |
| 241 EXPECT_TRUE(hosts.MatchesURL(GURL("https://test/"))); | |
| 242 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); | |
| 243 EXPECT_TRUE(extension->HasEffectiveAccessToAllHosts()); | |
| 244 } | |
| 245 | |
| 246 static bool CheckSocketPermission(scoped_refptr<Extension> extension, | |
| 247 SocketPermissionRequest::OperationType type, | |
| 248 const char* host, | |
| 249 int port) { | |
| 250 SocketPermission::CheckParam param(type, host, port); | |
| 251 return extension->CheckAPIPermissionWithParam( | |
| 252 APIPermission::kSocket, ¶m); | |
| 253 } | |
| 254 | |
| 255 TEST(ExtensionTest, SocketPermissions) { | |
| 256 // Set feature current channel to appropriate value. | |
| 257 Feature::ScopedCurrentChannel scoped_channel( | |
| 258 chrome::VersionInfo::CHANNEL_DEV); | |
| 259 scoped_refptr<Extension> extension; | |
| 260 std::string error; | |
| 261 | |
| 262 extension = LoadManifest("socket_permissions", "empty.json"); | |
| 263 EXPECT_FALSE(CheckSocketPermission(extension, | |
| 264 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); | |
| 265 | |
| 266 extension = LoadManifestUnchecked("socket_permissions", | |
| 267 "socket1.json", | |
| 268 Manifest::INTERNAL, Extension::NO_FLAGS, | |
| 269 &error); | |
| 270 EXPECT_TRUE(extension == NULL); | |
| 271 ASSERT_EQ(ErrorUtils::FormatErrorMessage( | |
| 272 errors::kInvalidPermission, "socket"), error); | |
| 273 | |
| 274 extension = LoadManifest("socket_permissions", "socket2.json"); | |
| 275 EXPECT_TRUE(CheckSocketPermission(extension, | |
| 276 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); | |
| 277 EXPECT_FALSE(CheckSocketPermission( | |
| 278 extension, SocketPermissionRequest::UDP_BIND, "", 80)); | |
| 279 EXPECT_TRUE(CheckSocketPermission( | |
| 280 extension, SocketPermissionRequest::UDP_BIND, "", 8888)); | |
| 281 | |
| 282 EXPECT_FALSE(CheckSocketPermission( | |
| 283 extension, SocketPermissionRequest::UDP_SEND_TO, "example.com", 1900)); | |
| 284 EXPECT_TRUE(CheckSocketPermission( | |
| 285 extension, | |
| 286 SocketPermissionRequest::UDP_SEND_TO, | |
| 287 "239.255.255.250", 1900)); | |
| 288 } | |
| 289 | |
| 290 // This tests the API permissions with an empty manifest (one that just | |
| 291 // specifies a name and a version and nothing else). | |
| 292 TEST(ExtensionTest, ApiPermissions) { | |
| 293 const struct { | |
| 294 const char* permission_name; | |
| 295 bool expect_success; | |
| 296 } kTests[] = { | |
| 297 // Negative test. | |
| 298 { "non_existing_permission", false }, | |
| 299 // Test default module/package permission. | |
| 300 { "browserAction", true }, | |
| 301 { "devtools", true }, | |
| 302 { "extension", true }, | |
| 303 { "i18n", true }, | |
| 304 { "pageAction", true }, | |
| 305 { "pageActions", true }, | |
| 306 { "test", true }, | |
| 307 // Some negative tests. | |
| 308 { "bookmarks", false }, | |
| 309 { "cookies", false }, | |
| 310 { "history", false }, | |
| 311 // Make sure we find the module name after stripping '.' and '/'. | |
| 312 { "browserAction/abcd/onClick", true }, | |
| 313 { "browserAction.abcd.onClick", true }, | |
| 314 // Test Tabs functions. | |
| 315 { "tabs.create", true}, | |
| 316 { "tabs.duplicate", true}, | |
| 317 { "tabs.onRemoved", true}, | |
| 318 { "tabs.remove", true}, | |
| 319 { "tabs.update", true}, | |
| 320 { "tabs.getSelected", true}, | |
| 321 { "tabs.onUpdated", true }, | |
| 322 // Test getPermissionWarnings functions. Only one requires permissions. | |
| 323 { "management.getPermissionWarningsById", false }, | |
| 324 { "management.getPermissionWarningsByManifest", true }, | |
| 325 }; | |
| 326 | |
| 327 scoped_refptr<Extension> extension; | |
| 328 extension = LoadManifest("empty_manifest", "empty.json"); | |
| 329 | |
| 330 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) { | |
| 331 EXPECT_EQ(kTests[i].expect_success, | |
| 332 extension->HasAPIPermission(kTests[i].permission_name)) | |
| 333 << "Permission being tested: " << kTests[i].permission_name; | |
| 334 } | |
| 335 } | |
| 336 | |
| 337 TEST(ExtensionTest, GetPermissionMessages_ManyApiPermissions) { | |
| 338 scoped_refptr<Extension> extension; | |
| 339 extension = LoadManifest("permissions", "many-apis.json"); | |
| 340 std::vector<string16> warnings = extension->GetPermissionMessageStrings(); | |
| 341 ASSERT_EQ(6u, warnings.size()); | |
| 342 EXPECT_EQ("Access your data on api.flickr.com", | |
| 343 UTF16ToUTF8(warnings[0])); | |
| 344 EXPECT_EQ("Read and modify your bookmarks", UTF16ToUTF8(warnings[1])); | |
| 345 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[2])); | |
| 346 EXPECT_EQ("Read and modify your browsing history", UTF16ToUTF8(warnings[3])); | |
| 347 EXPECT_EQ("Access your tabs and browsing activity", UTF16ToUTF8(warnings[4])); | |
| 348 EXPECT_EQ("Manage your apps, extensions, and themes", | |
| 349 UTF16ToUTF8(warnings[5])); | |
| 350 } | |
| 351 | |
| 352 TEST(ExtensionTest, GetPermissionMessages_LocationApiPermission) { | |
| 353 scoped_refptr<Extension> extension; | |
| 354 extension = LoadManifest("permissions", | |
| 355 "location-api.json", | |
| 356 Manifest::COMPONENT, | |
| 357 Extension::NO_FLAGS); | |
| 358 std::vector<string16> warnings = extension->GetPermissionMessageStrings(); | |
| 359 ASSERT_EQ(1u, warnings.size()); | |
| 360 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[0])); | |
| 361 } | |
| 362 | |
| 363 TEST(ExtensionTest, GetPermissionMessages_ManyHosts) { | |
| 364 scoped_refptr<Extension> extension; | |
| 365 extension = LoadManifest("permissions", "many-hosts.json"); | |
| 366 std::vector<string16> warnings = extension->GetPermissionMessageStrings(); | |
| 367 ASSERT_EQ(1u, warnings.size()); | |
| 368 EXPECT_EQ("Access your data on encrypted.google.com and www.google.com", | |
| 369 UTF16ToUTF8(warnings[0])); | |
| 370 } | |
| 371 | |
| 372 TEST(ExtensionTest, GetPermissionMessages_Plugins) { | |
| 373 scoped_refptr<Extension> extension; | |
| 374 extension = LoadManifest("permissions", "plugins.json"); | |
| 375 std::vector<string16> warnings = extension->GetPermissionMessageStrings(); | |
| 376 // We don't parse the plugins key on Chrome OS, so it should not ask for any | |
| 377 // permissions. | |
| 378 #if defined(OS_CHROMEOS) | |
| 379 ASSERT_EQ(0u, warnings.size()); | |
| 380 #else | |
| 381 ASSERT_EQ(1u, warnings.size()); | |
| 382 EXPECT_EQ("Access all data on your computer and the websites you visit", | |
| 383 UTF16ToUTF8(warnings[0])); | |
| 384 #endif | |
| 385 } | |
| 386 | |
| 387 TEST(ExtensionTest, WantsFileAccess) { | 162 TEST(ExtensionTest, WantsFileAccess) { |
| 388 scoped_refptr<Extension> extension; | 163 scoped_refptr<Extension> extension; |
| 389 GURL file_url("file:///etc/passwd"); | 164 GURL file_url("file:///etc/passwd"); |
| 390 | 165 |
| 391 // <all_urls> permission | 166 // <all_urls> permission |
| 392 extension = LoadManifest("permissions", "permissions_all_urls.json"); | 167 extension = LoadManifest("permissions", "permissions_all_urls.json"); |
| 393 EXPECT_TRUE(extension->wants_file_access()); | 168 EXPECT_TRUE(extension->wants_file_access()); |
| 394 EXPECT_FALSE(extension->CanExecuteScriptOnPage( | 169 EXPECT_FALSE(PermissionsData::CanExecuteScriptOnPage( |
| 395 file_url, file_url, -1, NULL, NULL)); | 170 extension, file_url, file_url, -1, NULL, NULL)); |
| 396 extension = LoadManifest( | 171 extension = LoadManifest( |
| 397 "permissions", "permissions_all_urls.json", Extension::ALLOW_FILE_ACCESS); | 172 "permissions", "permissions_all_urls.json", Extension::ALLOW_FILE_ACCESS); |
| 398 EXPECT_TRUE(extension->wants_file_access()); | 173 EXPECT_TRUE(extension->wants_file_access()); |
| 399 EXPECT_TRUE(extension->CanExecuteScriptOnPage( | 174 EXPECT_TRUE(PermissionsData::CanExecuteScriptOnPage( |
| 400 file_url, file_url, -1, NULL, NULL)); | 175 extension, file_url, file_url, -1, NULL, NULL)); |
| 401 | 176 |
| 402 // file:///* permission | 177 // file:///* permission |
| 403 extension = LoadManifest("permissions", "permissions_file_scheme.json"); | 178 extension = LoadManifest("permissions", "permissions_file_scheme.json"); |
| 404 EXPECT_TRUE(extension->wants_file_access()); | 179 EXPECT_TRUE(extension->wants_file_access()); |
| 405 EXPECT_FALSE(extension->CanExecuteScriptOnPage( | 180 EXPECT_FALSE(PermissionsData::CanExecuteScriptOnPage( |
| 406 file_url, file_url, -1, NULL, NULL)); | 181 extension, file_url, file_url, -1, NULL, NULL)); |
| 407 extension = LoadManifest("permissions", "permissions_file_scheme.json", | 182 extension = LoadManifest("permissions", "permissions_file_scheme.json", |
| 408 Extension::ALLOW_FILE_ACCESS); | 183 Extension::ALLOW_FILE_ACCESS); |
| 409 EXPECT_TRUE(extension->wants_file_access()); | 184 EXPECT_TRUE(extension->wants_file_access()); |
| 410 EXPECT_TRUE(extension->CanExecuteScriptOnPage( | 185 EXPECT_TRUE(PermissionsData::CanExecuteScriptOnPage( |
| 411 file_url, file_url, -1, NULL, NULL)); | 186 extension, file_url, file_url, -1, NULL, NULL)); |
| 412 | 187 |
| 413 // http://* permission | 188 // http://* permission |
| 414 extension = LoadManifest("permissions", "permissions_http_scheme.json"); | 189 extension = LoadManifest("permissions", "permissions_http_scheme.json"); |
| 415 EXPECT_FALSE(extension->wants_file_access()); | 190 EXPECT_FALSE(extension->wants_file_access()); |
| 416 EXPECT_FALSE(extension->CanExecuteScriptOnPage( | 191 EXPECT_FALSE(PermissionsData::CanExecuteScriptOnPage( |
| 417 file_url, file_url, -1, NULL, NULL)); | 192 extension, file_url, file_url, -1, NULL, NULL)); |
| 418 extension = LoadManifest("permissions", "permissions_http_scheme.json", | 193 extension = LoadManifest("permissions", "permissions_http_scheme.json", |
| 419 Extension::ALLOW_FILE_ACCESS); | 194 Extension::ALLOW_FILE_ACCESS); |
| 420 EXPECT_FALSE(extension->wants_file_access()); | 195 EXPECT_FALSE(extension->wants_file_access()); |
| 421 EXPECT_FALSE(extension->CanExecuteScriptOnPage( | 196 EXPECT_FALSE(PermissionsData::CanExecuteScriptOnPage( |
| 422 file_url, file_url, -1, NULL, NULL)); | 197 extension, file_url, file_url, -1, NULL, NULL)); |
| 423 | 198 |
| 424 // <all_urls> content script match | 199 // <all_urls> content script match |
| 425 extension = LoadManifest("permissions", "content_script_all_urls.json"); | 200 extension = LoadManifest("permissions", "content_script_all_urls.json"); |
| 426 EXPECT_TRUE(extension->wants_file_access()); | 201 EXPECT_TRUE(extension->wants_file_access()); |
| 427 EXPECT_FALSE(extension->CanExecuteScriptOnPage( | 202 EXPECT_FALSE(PermissionsData::CanExecuteScriptOnPage( |
| 203 extension, |
| 428 file_url, | 204 file_url, |
| 429 file_url, | 205 file_url, |
| 430 -1, | 206 -1, |
| 431 &ContentScriptsInfo::GetContentScripts(extension)[0], | 207 &ContentScriptsInfo::GetContentScripts(extension)[0], |
| 432 NULL)); | 208 NULL)); |
| 433 extension = LoadManifest("permissions", "content_script_all_urls.json", | 209 extension = LoadManifest("permissions", "content_script_all_urls.json", |
| 434 Extension::ALLOW_FILE_ACCESS); | 210 Extension::ALLOW_FILE_ACCESS); |
| 435 EXPECT_TRUE(extension->wants_file_access()); | 211 EXPECT_TRUE(extension->wants_file_access()); |
| 436 EXPECT_TRUE(extension->CanExecuteScriptOnPage( | 212 EXPECT_TRUE(PermissionsData::CanExecuteScriptOnPage( |
| 213 extension, |
| 437 file_url, | 214 file_url, |
| 438 file_url, | 215 file_url, |
| 439 -1, | 216 -1, |
| 440 &ContentScriptsInfo::GetContentScripts(extension)[0], | 217 &ContentScriptsInfo::GetContentScripts(extension)[0], |
| 441 NULL)); | 218 NULL)); |
| 442 | 219 |
| 443 // file:///* content script match | 220 // file:///* content script match |
| 444 extension = LoadManifest("permissions", "content_script_file_scheme.json"); | 221 extension = LoadManifest("permissions", "content_script_file_scheme.json"); |
| 445 EXPECT_TRUE(extension->wants_file_access()); | 222 EXPECT_TRUE(extension->wants_file_access()); |
| 446 EXPECT_FALSE(extension->CanExecuteScriptOnPage( | 223 EXPECT_FALSE(PermissionsData::CanExecuteScriptOnPage( |
| 224 extension, |
| 447 file_url, | 225 file_url, |
| 448 file_url, | 226 file_url, |
| 449 -1, | 227 -1, |
| 450 &ContentScriptsInfo::GetContentScripts(extension)[0], | 228 &ContentScriptsInfo::GetContentScripts(extension)[0], |
| 451 NULL)); | 229 NULL)); |
| 452 extension = LoadManifest("permissions", "content_script_file_scheme.json", | 230 extension = LoadManifest("permissions", "content_script_file_scheme.json", |
| 453 Extension::ALLOW_FILE_ACCESS); | 231 Extension::ALLOW_FILE_ACCESS); |
| 454 EXPECT_TRUE(extension->wants_file_access()); | 232 EXPECT_TRUE(extension->wants_file_access()); |
| 455 EXPECT_TRUE(extension->CanExecuteScriptOnPage( | 233 EXPECT_TRUE(PermissionsData::CanExecuteScriptOnPage( |
| 234 extension, |
| 456 file_url, | 235 file_url, |
| 457 file_url, | 236 file_url, |
| 458 -1, | 237 -1, |
| 459 &ContentScriptsInfo::GetContentScripts(extension)[0], | 238 &ContentScriptsInfo::GetContentScripts(extension)[0], |
| 460 NULL)); | 239 NULL)); |
| 461 | 240 |
| 462 // http://* content script match | 241 // http://* content script match |
| 463 extension = LoadManifest("permissions", "content_script_http_scheme.json"); | 242 extension = LoadManifest("permissions", "content_script_http_scheme.json"); |
| 464 EXPECT_FALSE(extension->wants_file_access()); | 243 EXPECT_FALSE(extension->wants_file_access()); |
| 465 EXPECT_FALSE(extension->CanExecuteScriptOnPage( | 244 EXPECT_FALSE(PermissionsData::CanExecuteScriptOnPage( |
| 245 extension, |
| 466 file_url, | 246 file_url, |
| 467 file_url, | 247 file_url, |
| 468 -1, | 248 -1, |
| 469 &ContentScriptsInfo::GetContentScripts(extension)[0], | 249 &ContentScriptsInfo::GetContentScripts(extension)[0], |
| 470 NULL)); | 250 NULL)); |
| 471 extension = LoadManifest("permissions", "content_script_http_scheme.json", | 251 extension = LoadManifest("permissions", "content_script_http_scheme.json", |
| 472 Extension::ALLOW_FILE_ACCESS); | 252 Extension::ALLOW_FILE_ACCESS); |
| 473 EXPECT_FALSE(extension->wants_file_access()); | 253 EXPECT_FALSE(extension->wants_file_access()); |
| 474 EXPECT_FALSE(extension->CanExecuteScriptOnPage( | 254 EXPECT_FALSE(PermissionsData::CanExecuteScriptOnPage( |
| 255 extension, |
| 475 file_url, | 256 file_url, |
| 476 file_url, | 257 file_url, |
| 477 -1, | 258 -1, |
| 478 &ContentScriptsInfo::GetContentScripts(extension)[0], | 259 &ContentScriptsInfo::GetContentScripts(extension)[0], |
| 479 NULL)); | 260 NULL)); |
| 480 } | 261 } |
| 481 | 262 |
| 482 TEST(ExtensionTest, ExtraFlags) { | 263 TEST(ExtensionTest, ExtraFlags) { |
| 483 scoped_refptr<Extension> extension; | 264 scoped_refptr<Extension> extension; |
| 484 extension = LoadManifest("app", "manifest.json", Extension::FROM_WEBSTORE); | 265 extension = LoadManifest("app", "manifest.json", Extension::FROM_WEBSTORE); |
| 485 EXPECT_TRUE(extension->from_webstore()); | 266 EXPECT_TRUE(extension->from_webstore()); |
| 486 | 267 |
| 487 extension = LoadManifest("app", "manifest.json", Extension::FROM_BOOKMARK); | 268 extension = LoadManifest("app", "manifest.json", Extension::FROM_BOOKMARK); |
| 488 EXPECT_TRUE(extension->from_bookmark()); | 269 EXPECT_TRUE(extension->from_bookmark()); |
| 489 | 270 |
| 490 extension = LoadManifest("app", "manifest.json", Extension::NO_FLAGS); | 271 extension = LoadManifest("app", "manifest.json", Extension::NO_FLAGS); |
| 491 EXPECT_FALSE(extension->from_bookmark()); | 272 EXPECT_FALSE(extension->from_bookmark()); |
| 492 EXPECT_FALSE(extension->from_webstore()); | 273 EXPECT_FALSE(extension->from_webstore()); |
| 493 } | 274 } |
| 494 | 275 |
| 495 // Base class for testing the CanExecuteScriptOnPage and CanCaptureVisiblePage | |
| 496 // methods of Extension for extensions with various permissions. | |
| 497 class ExtensionScriptAndCaptureVisibleTest : public testing::Test { | |
| 498 protected: | |
| 499 ExtensionScriptAndCaptureVisibleTest() | |
| 500 : http_url("http://www.google.com"), | |
| 501 http_url_with_path("http://www.google.com/index.html"), | |
| 502 https_url("https://www.google.com"), | |
| 503 file_url("file:///foo/bar"), | |
| 504 favicon_url("chrome://favicon/http://www.google.com"), | |
| 505 extension_url("chrome-extension://" + | |
| 506 id_util::GenerateIdForPath( | |
| 507 base::FilePath(FILE_PATH_LITERAL("foo")))), | |
| 508 settings_url("chrome://settings"), | |
| 509 about_url("about:flags") { | |
| 510 urls_.insert(http_url); | |
| 511 urls_.insert(http_url_with_path); | |
| 512 urls_.insert(https_url); | |
| 513 urls_.insert(file_url); | |
| 514 urls_.insert(favicon_url); | |
| 515 urls_.insert(extension_url); | |
| 516 urls_.insert(settings_url); | |
| 517 urls_.insert(about_url); | |
| 518 } | |
| 519 | |
| 520 bool AllowedScript(const Extension* extension, const GURL& url, | |
| 521 const GURL& top_url) { | |
| 522 return extension->CanExecuteScriptOnPage(url, top_url, -1, NULL, NULL); | |
| 523 } | |
| 524 | |
| 525 bool BlockedScript(const Extension* extension, const GURL& url, | |
| 526 const GURL& top_url) { | |
| 527 return !extension->CanExecuteScriptOnPage(url, top_url, -1, NULL, NULL); | |
| 528 } | |
| 529 | |
| 530 bool Allowed(const Extension* extension, const GURL& url) { | |
| 531 return Allowed(extension, url, -1); | |
| 532 } | |
| 533 | |
| 534 bool Allowed(const Extension* extension, const GURL& url, int tab_id) { | |
| 535 return (extension->CanExecuteScriptOnPage(url, url, tab_id, NULL, NULL) && | |
| 536 extension->CanCaptureVisiblePage(url, tab_id, NULL)); | |
| 537 } | |
| 538 | |
| 539 bool CaptureOnly(const Extension* extension, const GURL& url) { | |
| 540 return CaptureOnly(extension, url, -1); | |
| 541 } | |
| 542 | |
| 543 bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) { | |
| 544 return !extension->CanExecuteScriptOnPage(url, url, tab_id, NULL, NULL) && | |
| 545 extension->CanCaptureVisiblePage(url, tab_id, NULL); | |
| 546 } | |
| 547 | |
| 548 bool Blocked(const Extension* extension, const GURL& url) { | |
| 549 return Blocked(extension, url, -1); | |
| 550 } | |
| 551 | |
| 552 bool Blocked(const Extension* extension, const GURL& url, int tab_id) { | |
| 553 return !(extension->CanExecuteScriptOnPage(url, url, tab_id, NULL, NULL) || | |
| 554 extension->CanCaptureVisiblePage(url, tab_id, NULL)); | |
| 555 } | |
| 556 | |
| 557 bool AllowedExclusivelyOnTab( | |
| 558 const Extension* extension, | |
| 559 const std::set<GURL>& allowed_urls, | |
| 560 int tab_id) { | |
| 561 bool result = true; | |
| 562 for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) { | |
| 563 const GURL& url = *it; | |
| 564 if (allowed_urls.count(url)) | |
| 565 result &= Allowed(extension, url, tab_id); | |
| 566 else | |
| 567 result &= Blocked(extension, url, tab_id); | |
| 568 } | |
| 569 return result; | |
| 570 } | |
| 571 | |
| 572 // URLs that are "safe" to provide scripting and capture visible tab access | |
| 573 // to if the permissions allow it. | |
| 574 const GURL http_url; | |
| 575 const GURL http_url_with_path; | |
| 576 const GURL https_url; | |
| 577 const GURL file_url; | |
| 578 | |
| 579 // We should allow host permission but not scripting permission for favicon | |
| 580 // urls. | |
| 581 const GURL favicon_url; | |
| 582 | |
| 583 // URLs that regular extensions should never get access to. | |
| 584 const GURL extension_url; | |
| 585 const GURL settings_url; | |
| 586 const GURL about_url; | |
| 587 | |
| 588 private: | |
| 589 // The set of all URLs above. | |
| 590 std::set<GURL> urls_; | |
| 591 }; | |
| 592 | |
| 593 TEST_F(ExtensionScriptAndCaptureVisibleTest, Permissions) { | |
| 594 // Test <all_urls> for regular extensions. | |
| 595 scoped_refptr<Extension> extension = LoadManifestStrict("script_and_capture", | |
| 596 "extension_regular_all.json"); | |
| 597 | |
| 598 EXPECT_TRUE(Allowed(extension, http_url)); | |
| 599 EXPECT_TRUE(Allowed(extension, https_url)); | |
| 600 EXPECT_TRUE(Blocked(extension, file_url)); | |
| 601 EXPECT_TRUE(Blocked(extension, settings_url)); | |
| 602 EXPECT_TRUE(CaptureOnly(extension, favicon_url)); | |
| 603 EXPECT_TRUE(Blocked(extension, about_url)); | |
| 604 EXPECT_TRUE(Blocked(extension, extension_url)); | |
| 605 | |
| 606 // Test access to iframed content. | |
| 607 GURL within_extension_url = extension->GetResourceURL("page.html"); | |
| 608 EXPECT_TRUE(AllowedScript(extension, http_url, http_url_with_path)); | |
| 609 EXPECT_TRUE(AllowedScript(extension, https_url, http_url_with_path)); | |
| 610 EXPECT_TRUE(AllowedScript(extension, http_url, within_extension_url)); | |
| 611 EXPECT_TRUE(AllowedScript(extension, https_url, within_extension_url)); | |
| 612 EXPECT_TRUE(BlockedScript(extension, http_url, extension_url)); | |
| 613 EXPECT_TRUE(BlockedScript(extension, https_url, extension_url)); | |
| 614 | |
| 615 EXPECT_FALSE(extension->HasHostPermission(settings_url)); | |
| 616 EXPECT_FALSE(extension->HasHostPermission(about_url)); | |
| 617 EXPECT_TRUE(extension->HasHostPermission(favicon_url)); | |
| 618 | |
| 619 // Test * for scheme, which implies just the http/https schemes. | |
| 620 extension = LoadManifestStrict("script_and_capture", | |
| 621 "extension_wildcard.json"); | |
| 622 EXPECT_TRUE(Allowed(extension, http_url)); | |
| 623 EXPECT_TRUE(Allowed(extension, https_url)); | |
| 624 EXPECT_TRUE(Blocked(extension, settings_url)); | |
| 625 EXPECT_TRUE(Blocked(extension, about_url)); | |
| 626 EXPECT_TRUE(Blocked(extension, file_url)); | |
| 627 EXPECT_TRUE(Blocked(extension, favicon_url)); | |
| 628 extension = LoadManifest("script_and_capture", | |
| 629 "extension_wildcard_settings.json"); | |
| 630 EXPECT_TRUE(Blocked(extension, settings_url)); | |
| 631 | |
| 632 // Having chrome://*/ should not work for regular extensions. Note that | |
| 633 // for favicon access, we require the explicit pattern chrome://favicon/*. | |
| 634 std::string error; | |
| 635 extension = LoadManifestUnchecked("script_and_capture", | |
| 636 "extension_wildcard_chrome.json", | |
| 637 Manifest::INTERNAL, Extension::NO_FLAGS, | |
| 638 &error); | |
| 639 EXPECT_TRUE(extension == NULL); | |
| 640 EXPECT_EQ(ErrorUtils::FormatErrorMessage( | |
| 641 errors::kInvalidPermissionScheme, "chrome://*/"), error); | |
| 642 | |
| 643 // Having chrome://favicon/* should not give you chrome://* | |
| 644 extension = LoadManifestStrict("script_and_capture", | |
| 645 "extension_chrome_favicon_wildcard.json"); | |
| 646 EXPECT_TRUE(Blocked(extension, settings_url)); | |
| 647 EXPECT_TRUE(CaptureOnly(extension, favicon_url)); | |
| 648 EXPECT_TRUE(Blocked(extension, about_url)); | |
| 649 EXPECT_TRUE(extension->HasHostPermission(favicon_url)); | |
| 650 | |
| 651 // Having http://favicon should not give you chrome://favicon | |
| 652 extension = LoadManifestStrict("script_and_capture", | |
| 653 "extension_http_favicon.json"); | |
| 654 EXPECT_TRUE(Blocked(extension, settings_url)); | |
| 655 EXPECT_TRUE(Blocked(extension, favicon_url)); | |
| 656 | |
| 657 // Component extensions with <all_urls> should get everything. | |
| 658 extension = LoadManifest("script_and_capture", "extension_component_all.json", | |
| 659 Manifest::COMPONENT, Extension::NO_FLAGS); | |
| 660 EXPECT_TRUE(Allowed(extension, http_url)); | |
| 661 EXPECT_TRUE(Allowed(extension, https_url)); | |
| 662 EXPECT_TRUE(Allowed(extension, settings_url)); | |
| 663 EXPECT_TRUE(Allowed(extension, about_url)); | |
| 664 EXPECT_TRUE(Allowed(extension, favicon_url)); | |
| 665 EXPECT_TRUE(extension->HasHostPermission(favicon_url)); | |
| 666 | |
| 667 // Component extensions should only get access to what they ask for. | |
| 668 extension = LoadManifest("script_and_capture", | |
| 669 "extension_component_google.json", Manifest::COMPONENT, | |
| 670 Extension::NO_FLAGS); | |
| 671 EXPECT_TRUE(Allowed(extension, http_url)); | |
| 672 EXPECT_TRUE(Blocked(extension, https_url)); | |
| 673 EXPECT_TRUE(Blocked(extension, file_url)); | |
| 674 EXPECT_TRUE(Blocked(extension, settings_url)); | |
| 675 EXPECT_TRUE(Blocked(extension, favicon_url)); | |
| 676 EXPECT_TRUE(Blocked(extension, about_url)); | |
| 677 EXPECT_TRUE(Blocked(extension, extension_url)); | |
| 678 EXPECT_FALSE(extension->HasHostPermission(settings_url)); | |
| 679 } | |
| 680 | |
| 681 | |
| 682 TEST_F(ExtensionScriptAndCaptureVisibleTest, PermissionsWithChromeURLsEnabled) { | |
| 683 CommandLine::ForCurrentProcess()->AppendSwitch( | |
| 684 switches::kExtensionsOnChromeURLs); | |
| 685 | |
| 686 scoped_refptr<Extension> extension; | |
| 687 | |
| 688 // Test <all_urls> for regular extensions. | |
| 689 extension = LoadManifestStrict("script_and_capture", | |
| 690 "extension_regular_all.json"); | |
| 691 EXPECT_TRUE(Allowed(extension, http_url)); | |
| 692 EXPECT_TRUE(Allowed(extension, https_url)); | |
| 693 EXPECT_TRUE(Blocked(extension, file_url)); | |
| 694 EXPECT_TRUE(Blocked(extension, settings_url)); | |
| 695 EXPECT_TRUE(Allowed(extension, favicon_url)); // chrome:// requested | |
| 696 EXPECT_TRUE(Blocked(extension, about_url)); | |
| 697 EXPECT_TRUE(Blocked(extension, extension_url)); | |
| 698 | |
| 699 // Test access to iframed content. | |
| 700 GURL within_extension_url = extension->GetResourceURL("page.html"); | |
| 701 EXPECT_TRUE(AllowedScript(extension, http_url, http_url_with_path)); | |
| 702 EXPECT_TRUE(AllowedScript(extension, https_url, http_url_with_path)); | |
| 703 EXPECT_TRUE(AllowedScript(extension, http_url, within_extension_url)); | |
| 704 EXPECT_TRUE(AllowedScript(extension, https_url, within_extension_url)); | |
| 705 EXPECT_TRUE(BlockedScript(extension, http_url, extension_url)); | |
| 706 EXPECT_TRUE(BlockedScript(extension, https_url, extension_url)); | |
| 707 | |
| 708 EXPECT_FALSE(extension->HasHostPermission(settings_url)); | |
| 709 EXPECT_FALSE(extension->HasHostPermission(about_url)); | |
| 710 EXPECT_TRUE(extension->HasHostPermission(favicon_url)); | |
| 711 | |
| 712 // Test * for scheme, which implies just the http/https schemes. | |
| 713 extension = LoadManifestStrict("script_and_capture", | |
| 714 "extension_wildcard.json"); | |
| 715 EXPECT_TRUE(Allowed(extension, http_url)); | |
| 716 EXPECT_TRUE(Allowed(extension, https_url)); | |
| 717 EXPECT_TRUE(Blocked(extension, settings_url)); | |
| 718 EXPECT_TRUE(Blocked(extension, about_url)); | |
| 719 EXPECT_TRUE(Blocked(extension, file_url)); | |
| 720 EXPECT_TRUE(Blocked(extension, favicon_url)); | |
| 721 extension = LoadManifest("script_and_capture", | |
| 722 "extension_wildcard_settings.json"); | |
| 723 EXPECT_TRUE(Blocked(extension, settings_url)); | |
| 724 | |
| 725 // Having chrome://*/ should work for regular extensions with the flag | |
| 726 // enabled. | |
| 727 std::string error; | |
| 728 extension = LoadManifestUnchecked("script_and_capture", | |
| 729 "extension_wildcard_chrome.json", | |
| 730 Manifest::INTERNAL, Extension::NO_FLAGS, | |
| 731 &error); | |
| 732 EXPECT_FALSE(extension == NULL); | |
| 733 EXPECT_TRUE(Blocked(extension, http_url)); | |
| 734 EXPECT_TRUE(Blocked(extension, https_url)); | |
| 735 EXPECT_TRUE(Allowed(extension, settings_url)); | |
| 736 EXPECT_TRUE(Blocked(extension, about_url)); | |
| 737 EXPECT_TRUE(Blocked(extension, file_url)); | |
| 738 EXPECT_TRUE(Allowed(extension, favicon_url)); // chrome:// requested | |
| 739 | |
| 740 // Having chrome://favicon/* should not give you chrome://* | |
| 741 extension = LoadManifestStrict("script_and_capture", | |
| 742 "extension_chrome_favicon_wildcard.json"); | |
| 743 EXPECT_TRUE(Blocked(extension, settings_url)); | |
| 744 EXPECT_TRUE(Allowed(extension, favicon_url)); // chrome:// requested | |
| 745 EXPECT_TRUE(Blocked(extension, about_url)); | |
| 746 EXPECT_TRUE(extension->HasHostPermission(favicon_url)); | |
| 747 | |
| 748 // Having http://favicon should not give you chrome://favicon | |
| 749 extension = LoadManifestStrict("script_and_capture", | |
| 750 "extension_http_favicon.json"); | |
| 751 EXPECT_TRUE(Blocked(extension, settings_url)); | |
| 752 EXPECT_TRUE(Blocked(extension, favicon_url)); | |
| 753 | |
| 754 // Component extensions with <all_urls> should get everything. | |
| 755 extension = LoadManifest("script_and_capture", "extension_component_all.json", | |
| 756 Manifest::COMPONENT, Extension::NO_FLAGS); | |
| 757 EXPECT_TRUE(Allowed(extension, http_url)); | |
| 758 EXPECT_TRUE(Allowed(extension, https_url)); | |
| 759 EXPECT_TRUE(Allowed(extension, settings_url)); | |
| 760 EXPECT_TRUE(Allowed(extension, about_url)); | |
| 761 EXPECT_TRUE(Allowed(extension, favicon_url)); | |
| 762 EXPECT_TRUE(extension->HasHostPermission(favicon_url)); | |
| 763 | |
| 764 // Component extensions should only get access to what they ask for. | |
| 765 extension = LoadManifest("script_and_capture", | |
| 766 "extension_component_google.json", Manifest::COMPONENT, | |
| 767 Extension::NO_FLAGS); | |
| 768 EXPECT_TRUE(Allowed(extension, http_url)); | |
| 769 EXPECT_TRUE(Blocked(extension, https_url)); | |
| 770 EXPECT_TRUE(Blocked(extension, file_url)); | |
| 771 EXPECT_TRUE(Blocked(extension, settings_url)); | |
| 772 EXPECT_TRUE(Blocked(extension, favicon_url)); | |
| 773 EXPECT_TRUE(Blocked(extension, about_url)); | |
| 774 EXPECT_TRUE(Blocked(extension, extension_url)); | |
| 775 EXPECT_FALSE(extension->HasHostPermission(settings_url)); | |
| 776 } | |
| 777 | |
| 778 TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) { | |
| 779 scoped_refptr<Extension> extension = | |
| 780 LoadManifestStrict("script_and_capture", "tab_specific.json"); | |
| 781 | |
| 782 EXPECT_FALSE(extension->GetTabSpecificPermissions(0).get()); | |
| 783 EXPECT_FALSE(extension->GetTabSpecificPermissions(1).get()); | |
| 784 EXPECT_FALSE(extension->GetTabSpecificPermissions(2).get()); | |
| 785 | |
| 786 std::set<GURL> no_urls; | |
| 787 | |
| 788 EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 0)); | |
| 789 EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 1)); | |
| 790 EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 2)); | |
| 791 | |
| 792 URLPatternSet allowed_hosts; | |
| 793 allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL, | |
| 794 http_url.spec())); | |
| 795 std::set<GURL> allowed_urls; | |
| 796 allowed_urls.insert(http_url); | |
| 797 // http_url_with_path() will also be allowed, because Extension should be | |
| 798 // considering the security origin of the URL not the URL itself, and | |
| 799 // http_url is in allowed_hosts. | |
| 800 allowed_urls.insert(http_url_with_path); | |
| 801 | |
| 802 { | |
| 803 scoped_refptr<PermissionSet> permissions( | |
| 804 new PermissionSet(APIPermissionSet(), allowed_hosts, URLPatternSet())); | |
| 805 extension->UpdateTabSpecificPermissions(0, permissions); | |
| 806 EXPECT_EQ(permissions->explicit_hosts(), | |
| 807 extension->GetTabSpecificPermissions(0)->explicit_hosts()); | |
| 808 } | |
| 809 | |
| 810 EXPECT_TRUE(AllowedExclusivelyOnTab(extension, allowed_urls, 0)); | |
| 811 EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 1)); | |
| 812 EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 2)); | |
| 813 | |
| 814 extension->ClearTabSpecificPermissions(0); | |
| 815 EXPECT_FALSE(extension->GetTabSpecificPermissions(0).get()); | |
| 816 | |
| 817 EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 0)); | |
| 818 EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 1)); | |
| 819 EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 2)); | |
| 820 | |
| 821 std::set<GURL> more_allowed_urls = allowed_urls; | |
| 822 more_allowed_urls.insert(https_url); | |
| 823 URLPatternSet more_allowed_hosts = allowed_hosts; | |
| 824 more_allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL, | |
| 825 https_url.spec())); | |
| 826 | |
| 827 { | |
| 828 scoped_refptr<PermissionSet> permissions( | |
| 829 new PermissionSet(APIPermissionSet(), allowed_hosts, URLPatternSet())); | |
| 830 extension->UpdateTabSpecificPermissions(0, permissions); | |
| 831 EXPECT_EQ(permissions->explicit_hosts(), | |
| 832 extension->GetTabSpecificPermissions(0)->explicit_hosts()); | |
| 833 | |
| 834 permissions = new PermissionSet(APIPermissionSet(), | |
| 835 more_allowed_hosts, | |
| 836 URLPatternSet()); | |
| 837 extension->UpdateTabSpecificPermissions(1, permissions); | |
| 838 EXPECT_EQ(permissions->explicit_hosts(), | |
| 839 extension->GetTabSpecificPermissions(1)->explicit_hosts()); | |
| 840 } | |
| 841 | |
| 842 EXPECT_TRUE(AllowedExclusivelyOnTab(extension, allowed_urls, 0)); | |
| 843 EXPECT_TRUE(AllowedExclusivelyOnTab(extension, more_allowed_urls, 1)); | |
| 844 EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 2)); | |
| 845 | |
| 846 extension->ClearTabSpecificPermissions(0); | |
| 847 EXPECT_FALSE(extension->GetTabSpecificPermissions(0).get()); | |
| 848 | |
| 849 EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 0)); | |
| 850 EXPECT_TRUE(AllowedExclusivelyOnTab(extension, more_allowed_urls, 1)); | |
| 851 EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 2)); | |
| 852 | |
| 853 extension->ClearTabSpecificPermissions(1); | |
| 854 EXPECT_FALSE(extension->GetTabSpecificPermissions(1).get()); | |
| 855 | |
| 856 EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 0)); | |
| 857 EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 1)); | |
| 858 EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 2)); | |
| 859 } | |
| 860 | |
| 861 TEST(ExtensionTest, OptionalOnlyPermission) { | |
| 862 // Set feature current channel to dev because the only permission that must | |
| 863 // be optional (usbDevices) is only available on dev channel. | |
| 864 Feature::ScopedCurrentChannel scoped_channel( | |
| 865 chrome::VersionInfo::CHANNEL_DEV); | |
| 866 | |
| 867 scoped_refptr<Extension> extension; | |
| 868 std::string error; | |
| 869 extension = LoadManifestUnchecked("optional_only_permission", | |
| 870 "manifest1.json", | |
| 871 Manifest::INTERNAL, Extension::NO_FLAGS, | |
| 872 &error); | |
| 873 EXPECT_TRUE(extension == NULL); | |
| 874 ASSERT_EQ(ErrorUtils::FormatErrorMessage( | |
| 875 errors::kPermissionMustBeOptional, "usbDevices"), error); | |
| 876 | |
| 877 error.clear(); | |
| 878 extension = LoadManifestUnchecked("optional_only_permission", | |
| 879 "manifest2.json", | |
| 880 Manifest::INTERNAL, Extension::NO_FLAGS, | |
| 881 &error); | |
| 882 EXPECT_TRUE(extension != NULL); | |
| 883 EXPECT_TRUE(error.empty()); | |
| 884 } | |
| 885 | |
| 886 } // namespace extensions | 276 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 14651017:
Move RuntimeData and related permissions out of Extension class (Closed)
Base URL: http://git.chromium.org/chromium/src.git@dc_unref_permissions