Don't count host permission changes for v2 apps as a permission increase.

chrome/common/extensions/permissions/permission_set_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/command_line.h"
 #include "base/json/json_file_value_serializer.h"
 #include "base/logging.h"
 #include "base/path_service.h"
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/common/chrome_paths.h"
@@ skipping 574 matching lines @@
     { "permissions5", true },  // bookmarks -> bookmarks,history
     { "equivalent_warnings", false },  // tabs --> tabs, webNavigation
 #if !defined(OS_CHROMEOS)  // plugins aren't allowed in ChromeOS
     { "permissions4", false },  // plugin -> plugin,tabs
     { "plugin1", false },  // plugin -> plugin
     { "plugin2", false },  // plugin -> none
     { "plugin3", true },  // none -> plugin
 #endif
     { "storage", false },  // none -> storage
     { "notifications", false },  // none -> notifications
+    { "platformapp1", false },  // host permissions for platform apps
+    { "platformapp2", true },  // API permissions for platform apps
   };
 
   for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) {
     scoped_refptr<Extension> old_extension(
         LoadManifest("allow_silent_upgrade",
                      std::string(kTests[i].base_name) + "_old.json"));
     scoped_refptr<Extension> new_extension(
         LoadManifest("allow_silent_upgrade",
                      std::string(kTests[i].base_name) + "_new.json"));
 
     EXPECT_TRUE(new_extension.get()) << kTests[i].base_name << "_new.json";
     if (!new_extension.get())
       continue;
 
     scoped_refptr<const PermissionSet> old_p(
         old_extension->GetActivePermissions());
     scoped_refptr<const PermissionSet> new_p(
         new_extension->GetActivePermissions());
+    Manifest::Type extension_type = old_extension->GetType();
 
     EXPECT_EQ(kTests[i].expect_increase,
-              old_p->HasLessPrivilegesThan(new_p.get())) << kTests[i].base_name;
+              old_p->HasLessPrivilegesThan(new_p.get(), extension_type))
+        << kTests[i].base_name;
   }
 }
 
 TEST(PermissionsTest, PermissionMessages) {
   // Ensure that all permissions that needs to show install UI actually have
   // strings associated with them.
   APIPermissionSet skip;
 
   // These are considered "nuisance" or "trivial" permissions that don't need
   // a prompt.
@@ skipping 591 matching lines @@
   // No http://www.foo.com/path
 
   std::set<std::string> expected;
   expected.insert("www.foo.ca");
   perm_set = new PermissionSet(
       empty_perms, explicit_hosts, scriptable_hosts);
   EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
 }
 
 TEST(PermissionsTest, HasLessHostPrivilegesThan) {
+  Manifest::Type extension_type = Manifest::TYPE_EXTENSION;
   URLPatternSet elist1;
   URLPatternSet elist2;
   URLPatternSet slist1;
   URLPatternSet slist2;
   scoped_refptr<PermissionSet> set1;
   scoped_refptr<PermissionSet> set2;
   APIPermissionSet empty_perms;
   elist1.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path"));
   elist1.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
 
   // Test that the host order does not matter.
   elist2.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
   elist2.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path"));
 
   set1 = new PermissionSet(empty_perms, elist1, slist1);
   set2 = new PermissionSet(empty_perms, elist2, slist2);
 
-  EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get()));
-  EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
+  EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get(), extension_type));
+  EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get(), extension_type));
 
   // Test that paths are ignored.
   elist2.ClearPatterns();
   elist2.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/*"));
   set2 = new PermissionSet(empty_perms, elist2, slist2);
-  EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get()));
-  EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
+  EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get(), extension_type));
+  EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get(), extension_type));
 
   // Test that RCDs are ignored.
   elist2.ClearPatterns();
   elist2.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/*"));
   set2 = new PermissionSet(empty_perms, elist2, slist2);
-  EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get()));
-  EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
+  EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get(), extension_type));
+  EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get(), extension_type));
 
   // Test that subdomain wildcards are handled properly.
   elist2.ClearPatterns();
   elist2.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com.hk/*"));
   set2 = new PermissionSet(empty_perms, elist2, slist2);
-  EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get()));
+  EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get(), extension_type));
   // TODO(jstritar): Does not match subdomains properly. http://crbug.com/65337
   // EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
 
   // Test that different domains count as different hosts.
   elist2.ClearPatterns();
   elist2.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
   elist2.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://www.example.org/path"));
   set2 = new PermissionSet(empty_perms, elist2, slist2);
-  EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get()));
-  EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
+  EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get(), extension_type));
+  EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get(), extension_type));
 
   // Test that different subdomains count as different hosts.
   elist2.ClearPatterns();
   elist2.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*"));
   set2 = new PermissionSet(empty_perms, elist2, slist2);
-  EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get()));
-  EXPECT_TRUE(set2->HasLessHostPrivilegesThan(set1.get()));
+  EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get(), extension_type));
+  EXPECT_TRUE(set2->HasLessHostPrivilegesThan(set1.get(), extension_type));
+
+  // Test that platform apps do not have host permissions increases.
+  extension_type = Manifest::TYPE_PLATFORM_APP;
+  EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get(), extension_type));
+  EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get(), extension_type));
 }
 
 TEST(PermissionsTest, GetAPIsAsStrings) {
   APIPermissionSet apis;
   URLPatternSet empty_set;
 
   apis.insert(APIPermission::kProxy);
   apis.insert(APIPermission::kBackground);
   apis.insert(APIPermission::kNotification);
   apis.insert(APIPermission::kTab);
@@ skipping 75 matching lines @@
   allowed_hosts.AddPattern(
       URLPattern(URLPattern::SCHEME_ALL, "chrome://favicon/"));
   allowed_hosts.AddPattern(
       URLPattern(URLPattern::SCHEME_ALL, "chrome://thumb/"));
   scoped_refptr<PermissionSet> permissions(
       new PermissionSet(APIPermissionSet(), allowed_hosts, URLPatternSet()));
   permissions->GetPermissionMessages(Manifest::TYPE_EXTENSION);
 }
 
 }  // namespace extensions