search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Cache --whitelisted-extension-id in SimpleFeature.
[chromium-blink-merge.git] / chrome / browser / extensions / permission_message_combinations_unittest.cc
blobd4024e5ad11edd83badb5a5acc0c0757180eb426
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/command_line.h"
6 #include "base/memory/scoped_ptr.h"
7 #include "base/test/values_test_util.h"
8 #include "chrome/browser/extensions/test_extension_environment.h"
9 #include "chrome/common/extensions/permissions/chrome_permission_message_provider.h"
10 #include "extensions/common/extension.h"
11 #include "extensions/common/features/simple_feature.h"
12 #include "extensions/common/permissions/permission_message_test_util.h"
13 #include "extensions/common/permissions/permissions_data.h"
14 #include "extensions/common/switches.h"
15 #include "testing/gmock/include/gmock/gmock-matchers.h"
16 #include "testing/gtest/include/gtest/gtest.h"
17
18 namespace extensions {
19
20 const char kWhitelistedExtensionID[] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
21
22 // Tests that ChromePermissionMessageProvider produces the expected messages for
23 // various combinations of app/extension permissions.
24 class PermissionMessageCombinationsUnittest : public testing::Test {
25 public:
26 PermissionMessageCombinationsUnittest()
27 : message_provider_(new ChromePermissionMessageProvider()),
28 whitelisted_extension_id_(kWhitelistedExtensionID) {}
29 ~PermissionMessageCombinationsUnittest() override {}
30
31 // Overridden from testing::Test:
32 void SetUp() override {
33 testing::Test::SetUp();
34 // Force creation of ExtensionPrefs before adding extensions.
35 env_.GetExtensionPrefs();
36 }
37
38 protected:
39 // Create and install an app or extension with the given manifest JSON string.
40 // Single-quotes in the string will be replaced with double quotes.
41 void CreateAndInstall(const std::string& json_manifest) {
42 std::string json_manifest_with_double_quotes = json_manifest;
43 std::replace(json_manifest_with_double_quotes.begin(),
44 json_manifest_with_double_quotes.end(), '\'', '"');
45 app_ = env_.MakeExtension(
46 *base::test::ParseJson(json_manifest_with_double_quotes),
47 kWhitelistedExtensionID);
48 }
49
50 // Checks whether the currently installed app or extension produces the given
51 // permission messages. Call this after installing an app with the expected
52 // permission messages. The messages are tested for existence in any order.
53 testing::AssertionResult CheckManifestProducesPermissions() {
54 return VerifyNoPermissionMessages(app_->permissions_data());
55 }
56 testing::AssertionResult CheckManifestProducesPermissions(
57 const std::string& expected_message_1) {
58 return VerifyOnePermissionMessage(app_->permissions_data(),
59 expected_message_1);
60 }
61 testing::AssertionResult CheckManifestProducesPermissions(
62 const std::string& expected_message_1,
63 const std::string& expected_message_2) {
64 return VerifyTwoPermissionMessages(app_->permissions_data(),
65 expected_message_1, expected_message_2,
66 false);
67 }
68 testing::AssertionResult CheckManifestProducesPermissions(
69 const std::string& expected_message_1,
70 const std::string& expected_message_2,
71 const std::string& expected_message_3) {
72 std::vector<std::string> expected_messages;
73 expected_messages.push_back(expected_message_1);
74 expected_messages.push_back(expected_message_2);
75 expected_messages.push_back(expected_message_3);
76 return VerifyPermissionMessages(app_->permissions_data(), expected_messages,
77 false);
78 }
79 testing::AssertionResult CheckManifestProducesPermissions(
80 const std::string& expected_message_1,
81 const std::string& expected_message_2,
82 const std::string& expected_message_3,
83 const std::string& expected_message_4) {
84 std::vector<std::string> expected_messages;
85 expected_messages.push_back(expected_message_1);
86 expected_messages.push_back(expected_message_2);
87 expected_messages.push_back(expected_message_3);
88 expected_messages.push_back(expected_message_4);
89 return VerifyPermissionMessages(app_->permissions_data(), expected_messages,
90 false);
91 }
92 testing::AssertionResult CheckManifestProducesPermissions(
93 const std::string& expected_message_1,
94 const std::string& expected_message_2,
95 const std::string& expected_message_3,
96 const std::string& expected_message_4,
97 const std::string& expected_message_5) {
98 std::vector<std::string> expected_messages;
99 expected_messages.push_back(expected_message_1);
100 expected_messages.push_back(expected_message_2);
101 expected_messages.push_back(expected_message_3);
102 expected_messages.push_back(expected_message_4);
103 expected_messages.push_back(expected_message_5);
104 return VerifyPermissionMessages(app_->permissions_data(), expected_messages,
105 false);
106 }
107 testing::AssertionResult CheckManifestProducesPermissions(
108 const std::string& expected_message_1,
109 const std::vector<std::string>& expected_submessages_1) {
110 return VerifyOnePermissionMessageWithSubmessages(
111 app_->permissions_data(), expected_message_1, expected_submessages_1);
112 }
113 testing::AssertionResult CheckManifestProducesPermissions(
114 const std::string& expected_message_1,
115 const std::vector<std::string>& expected_submessages_1,
116 const std::string& expected_message_2,
117 const std::vector<std::string>& expected_submessages_2) {
118 std::vector<std::string> expected_messages;
119 expected_messages.push_back(expected_message_1);
120 expected_messages.push_back(expected_message_2);
121 std::vector<std::vector<std::string>> expected_submessages;
122 expected_submessages.push_back(expected_submessages_1);
123 expected_submessages.push_back(expected_submessages_2);
124 return VerifyPermissionMessagesWithSubmessages(app_->permissions_data(),
125 expected_messages,
126 expected_submessages, false);
127 }
128 testing::AssertionResult CheckManifestProducesPermissions(
129 const std::string& expected_message_1,
130 const std::vector<std::string>& expected_submessages_1,
131 const std::string& expected_message_2,
132 const std::vector<std::string>& expected_submessages_2,
133 const std::string& expected_message_3,
134 const std::vector<std::string>& expected_submessages_3) {
135 std::vector<std::string> expected_messages;
136 expected_messages.push_back(expected_message_1);
137 expected_messages.push_back(expected_message_2);
138 expected_messages.push_back(expected_message_3);
139 std::vector<std::vector<std::string>> expected_submessages;
140 expected_submessages.push_back(expected_submessages_1);
141 expected_submessages.push_back(expected_submessages_2);
142 expected_submessages.push_back(expected_submessages_3);
143 return VerifyPermissionMessagesWithSubmessages(app_->permissions_data(),
144 expected_messages,
145 expected_submessages, false);
146 }
147 testing::AssertionResult CheckManifestProducesPermissions(
148 const std::string& expected_message_1,
149 const std::vector<std::string>& expected_submessages_1,
150 const std::string& expected_message_2,
151 const std::vector<std::string>& expected_submessages_2,
152 const std::string& expected_message_3,
153 const std::vector<std::string>& expected_submessages_3,
154 const std::string& expected_message_4,
155 const std::vector<std::string>& expected_submessages_4) {
156 std::vector<std::string> expected_messages;
157 expected_messages.push_back(expected_message_1);
158 expected_messages.push_back(expected_message_2);
159 expected_messages.push_back(expected_message_3);
160 expected_messages.push_back(expected_message_4);
161 std::vector<std::vector<std::string>> expected_submessages;
162 expected_submessages.push_back(expected_submessages_1);
163 expected_submessages.push_back(expected_submessages_2);
164 expected_submessages.push_back(expected_submessages_3);
165 expected_submessages.push_back(expected_submessages_4);
166 return VerifyPermissionMessagesWithSubmessages(app_->permissions_data(),
167 expected_messages,
168 expected_submessages, false);
169 }
170 testing::AssertionResult CheckManifestProducesPermissions(
171 const std::string& expected_message_1,
172 const std::vector<std::string>& expected_submessages_1,
173 const std::string& expected_message_2,
174 const std::vector<std::string>& expected_submessages_2,
175 const std::string& expected_message_3,
176 const std::vector<std::string>& expected_submessages_3,
177 const std::string& expected_message_4,
178 const std::vector<std::string>& expected_submessages_4,
179 const std::string& expected_message_5,
180 const std::vector<std::string>& expected_submessages_5) {
181 std::vector<std::string> expected_messages;
182 expected_messages.push_back(expected_message_1);
183 expected_messages.push_back(expected_message_2);
184 expected_messages.push_back(expected_message_3);
185 expected_messages.push_back(expected_message_4);
186 expected_messages.push_back(expected_message_5);
187 std::vector<std::vector<std::string>> expected_submessages;
188 expected_submessages.push_back(expected_submessages_1);
189 expected_submessages.push_back(expected_submessages_2);
190 expected_submessages.push_back(expected_submessages_3);
191 expected_submessages.push_back(expected_submessages_4);
192 expected_submessages.push_back(expected_submessages_5);
193 return VerifyPermissionMessagesWithSubmessages(app_->permissions_data(),
194 expected_messages,
195 expected_submessages, false);
196 }
197
198 private:
199 extensions::TestExtensionEnvironment env_;
200 scoped_ptr<ChromePermissionMessageProvider> message_provider_;
201 scoped_refptr<const Extension> app_;
202 // Whitelist a known extension id so we can test all permissions. This ID
203 // will be used for each test app.
204 extensions::SimpleFeature::ScopedWhitelistForTest whitelisted_extension_id_;
205
206 DISALLOW_COPY_AND_ASSIGN(PermissionMessageCombinationsUnittest);
207 };
208
209 // Test that the USB, Bluetooth and Serial permissions do not coalesce on their
210 // own, but do coalesce when more than 1 is present.
211 TEST_F(PermissionMessageCombinationsUnittest, USBSerialBluetoothCoalescing) {
212 // Test that the USB permission does not coalesce on its own.
213 CreateAndInstall(
214 "{"
215 " 'app': {"
216 " 'background': {"
217 " 'scripts': ['background.js']"
218 " }"
219 " },"
220 " 'permissions': ["
221 " { 'usbDevices': [{ 'vendorId': 123, 'productId': 456 }] }"
222 " ]"
223 "}");
224 ASSERT_TRUE(CheckManifestProducesPermissions(
225 "Access USB devices from an unknown vendor"));
226
227 CreateAndInstall(
228 "{"
229 " 'app': {"
230 " 'background': {"
231 " 'scripts': ['background.js']"
232 " }"
233 " },"
234 " 'permissions': ["
235 " { 'usbDevices': [{ 'vendorId': 123, 'productId': 456 }] }"
236 " ]"
237 "}");
238 ASSERT_TRUE(CheckManifestProducesPermissions(
239 "Access USB devices from an unknown vendor"));
240
241 // Test that the serial permission does not coalesce on its own.
242 CreateAndInstall(
243 "{"
244 " 'app': {"
245 " 'background': {"
246 " 'scripts': ['background.js']"
247 " }"
248 " },"
249 " 'permissions': ["
250 " 'serial'"
251 " ]"
252 "}");
253 ASSERT_TRUE(CheckManifestProducesPermissions("Access your serial devices"));
254
255 // Test that the bluetooth permission does not coalesce on its own.
256 CreateAndInstall(
257 "{"
258 " 'app': {"
259 " 'background': {"
260 " 'scripts': ['background.js']"
261 " }"
262 " },"
263 " 'bluetooth': {}"
264 "}");
265 ASSERT_TRUE(CheckManifestProducesPermissions(
266 "Access information about Bluetooth devices paired with your system and "
267 "discover nearby Bluetooth devices."));
268
269 // Test that the bluetooth permission does not coalesce on its own, even
270 // when it specifies additional permissions.
271 CreateAndInstall(
272 "{"
273 " 'app': {"
274 " 'background': {"
275 " 'scripts': ['background.js']"
276 " }"
277 " },"
278 " 'bluetooth': {"
279 " 'uuids': ['1105', '1106']"
280 " }"
281 "}");
282 ASSERT_TRUE(CheckManifestProducesPermissions(
283 "Access information about Bluetooth devices paired with your system and "
284 "discover nearby Bluetooth devices."));
285
286 // Test that the USB and Serial permissions coalesce.
287 CreateAndInstall(
288 "{"
289 " 'app': {"
290 " 'background': {"
291 " 'scripts': ['background.js']"
292 " }"
293 " },"
294 " 'permissions': ["
295 " { 'usbDevices': [{ 'vendorId': 123, 'productId': 456 }] },"
296 " 'serial'"
297 " ]"
298 "}");
299 ASSERT_TRUE(CheckManifestProducesPermissions(
300 "Access USB devices from an unknown vendor",
301 "Access your serial devices"));
302
303 // Test that the USB, Serial and Bluetooth permissions coalesce.
304 CreateAndInstall(
305 "{"
306 " 'app': {"
307 " 'background': {"
308 " 'scripts': ['background.js']"
309 " }"
310 " },"
311 " 'permissions': ["
312 " { 'usbDevices': [{ 'vendorId': 123, 'productId': 456 }] },"
313 " 'serial'"
314 " ],"
315 " 'bluetooth': {}"
316 "}");
317 ASSERT_TRUE(CheckManifestProducesPermissions(
318 "Access USB devices from an unknown vendor",
319 "Access your Bluetooth and Serial devices"));
320
321 // Test that the USB, Serial and Bluetooth permissions coalesce even when
322 // Bluetooth specifies multiple additional permissions.
323 CreateAndInstall(
324 "{"
325 " 'app': {"
326 " 'background': {"
327 " 'scripts': ['background.js']"
328 " }"
329 " },"
330 " 'permissions': ["
331 " { 'usbDevices': [{ 'vendorId': 123, 'productId': 456 }] },"
332 " 'serial'"
333 " ],"
334 " 'bluetooth': {"
335 " 'uuids': ['1105', '1106'],"
336 " 'socket': true,"
337 " 'low_energy': true"
338 " }"
339 "}");
340 ASSERT_TRUE(CheckManifestProducesPermissions(
341 "Access USB devices from an unknown vendor",
342 "Access your Bluetooth and Serial devices"));
343 }
344
345 // Test that the History permission takes precedence over the Tabs permission,
346 // and that the Sessions permission modifies this final message.
347 TEST_F(PermissionMessageCombinationsUnittest, TabsHistorySessionsCoalescing) {
348 CreateAndInstall(
349 "{"
350 " 'permissions': ["
351 " 'tabs'"
352 " ]"
353 "}");
354 ASSERT_TRUE(CheckManifestProducesPermissions("Read your browsing history"));
355
356 CreateAndInstall(
357 "{"
358 " 'permissions': ["
359 " 'tabs', 'sessions'"
360 " ]"
361 "}");
362 ASSERT_TRUE(CheckManifestProducesPermissions(
363 "Read your browsing history on all your signed-in devices"));
364
365 CreateAndInstall(
366 "{"
367 " 'permissions': ["
368 " 'tabs', 'history'"
369 " ]"
370 "}");
371 ASSERT_TRUE(CheckManifestProducesPermissions(
372 "Read and change your browsing history"));
373
374 CreateAndInstall(
375 "{"
376 " 'permissions': ["
377 " 'tabs', 'history', 'sessions'"
378 " ]"
379 "}");
380 ASSERT_TRUE(CheckManifestProducesPermissions(
381 "Read and change your browsing history on all your signed-in devices"));
382 }
383
384 // Test that the fileSystem permission produces no messages by itself, unless it
385 // has both the 'write' and 'directory' additional permissions, in which case it
386 // displays a message.
387 TEST_F(PermissionMessageCombinationsUnittest, FileSystemReadWriteCoalescing) {
388 CreateAndInstall(
389 "{"
390 " 'app': {"
391 " 'background': {"
392 " 'scripts': ['background.js']"
393 " }"
394 " },"
395 " 'permissions': ["
396 " 'fileSystem'"
397 " ]"
398 "}");
399 ASSERT_TRUE(CheckManifestProducesPermissions());
400
401 CreateAndInstall(
402 "{"
403 " 'app': {"
404 " 'background': {"
405 " 'scripts': ['background.js']"
406 " }"
407 " },"
408 " 'permissions': ["
409 " 'fileSystem', {'fileSystem': ['retainEntries', 'write']}"
410 " ]"
411 "}");
412 ASSERT_TRUE(CheckManifestProducesPermissions());
413
414 CreateAndInstall(
415 "{"
416 " 'app': {"
417 " 'background': {"
418 " 'scripts': ['background.js']"
419 " }"
420 " },"
421 " 'permissions': ["
422 " 'fileSystem', {'fileSystem': ["
423 " 'retainEntries', 'write', 'directory'"
424 " ]}"
425 " ]"
426 "}");
427 ASSERT_TRUE(CheckManifestProducesPermissions(
428 "Write to files and folders that you open in the application"));
429 }
430
431 // Check that host permission messages are generated correctly when URLs are
432 // entered as permissions.
433 TEST_F(PermissionMessageCombinationsUnittest, HostsPermissionMessages) {
434 CreateAndInstall(
435 "{"
436 " 'permissions': ["
437 " 'http://www.blogger.com/',"
438 " ]"
439 "}");
440 ASSERT_TRUE(CheckManifestProducesPermissions(
441 "Read and change your data on www.blogger.com"));
442
443 CreateAndInstall(
444 "{"
445 " 'permissions': ["
446 " 'http://*.google.com/',"
447 " ]"
448 "}");
449 ASSERT_TRUE(CheckManifestProducesPermissions(
450 "Read and change your data on all google.com sites"));
451
452 CreateAndInstall(
453 "{"
454 " 'permissions': ["
455 " 'http://www.blogger.com/',"
456 " 'http://*.google.com/',"
457 " ]"
458 "}");
459 ASSERT_TRUE(CheckManifestProducesPermissions(
460 "Read and change your data on all google.com sites and "
461 "www.blogger.com"));
462
463 CreateAndInstall(
464 "{"
465 " 'permissions': ["
466 " 'http://www.blogger.com/',"
467 " 'http://*.google.com/',"
468 " 'http://*.news.com/',"
469 " ]"
470 "}");
471 ASSERT_TRUE(CheckManifestProducesPermissions(
472 "Read and change your data on all google.com sites, all news.com sites, "
473 "and www.blogger.com"));
474
475 CreateAndInstall(
476 "{"
477 " 'permissions': ["
478 " 'http://www.blogger.com/',"
479 " 'http://*.google.com/',"
480 " 'http://*.news.com/',"
481 " 'http://www.foobar.com/',"
482 " ]"
483 "}");
484 std::vector<std::string> submessages;
485 submessages.push_back("All google.com sites");
486 submessages.push_back("All news.com sites");
487 submessages.push_back("www.blogger.com");
488 submessages.push_back("www.foobar.com");
489 ASSERT_TRUE(CheckManifestProducesPermissions(
490 "Read and change your data on a number of websites", submessages));
491
492 CreateAndInstall(
493 "{"
494 " 'permissions': ["
495 " 'http://www.blogger.com/',"
496 " 'http://*.google.com/',"
497 " 'http://*.news.com/',"
498 " 'http://www.foobar.com/',"
499 " 'http://*.go.com/',"
500 " ]"
501 "}");
502 submessages.clear();
503 submessages.push_back("All go.com sites");
504 submessages.push_back("All google.com sites");
505 submessages.push_back("All news.com sites");
506 submessages.push_back("www.blogger.com");
507 submessages.push_back("www.foobar.com");
508 ASSERT_TRUE(CheckManifestProducesPermissions(
509 "Read and change your data on a number of websites", submessages));
510
511 CreateAndInstall(
512 "{"
513 " 'permissions': ["
514 " 'http://*.go.com/',"
515 " 'chrome://favicon/',"
516 " ]"
517 "}");
518 ASSERT_TRUE(CheckManifestProducesPermissions(
519 "Read and change your data on all go.com sites",
520 "Read the icons of the websites you visit"));
521
522 // Having the 'all sites' permission doesn't change the permission message,
523 // since its pseudo-granted at runtime.
524 CreateAndInstall(
525 "{"
526 " 'permissions': ["
527 " 'http://*.go.com/',"
528 " 'chrome://favicon/',"
529 " 'http://*.*',"
530 " ]"
531 "}");
532 ASSERT_TRUE(CheckManifestProducesPermissions(
533 "Read and change your data on all go.com sites",
534 "Read the icons of the websites you visit"));
535 }
536
537 // Check that permission messages are generated correctly for
538 // SocketsManifestPermission, which has host-like permission messages.
539 TEST_F(PermissionMessageCombinationsUnittest,
540 SocketsManifestPermissionMessages) {
541 CreateAndInstall(
542 "{"
543 " 'app': {"
544 " 'background': {"
545 " 'scripts': ['background.js']"
546 " }"
547 " },"
548 " 'sockets': {"
549 " 'udp': {'send': '*'},"
550 " }"
551 "}");
552 ASSERT_TRUE(CheckManifestProducesPermissions(
553 "Exchange data with any device on the local network or internet"));
554
555 CreateAndInstall(
556 "{"
557 " 'app': {"
558 " 'background': {"
559 " 'scripts': ['background.js']"
560 " }"
561 " },"
562 " 'sockets': {"
563 " 'udp': {'send': ':99'},"
564 " }"
565 "}");
566 ASSERT_TRUE(CheckManifestProducesPermissions(
567 "Exchange data with any device on the local network or internet"));
568
569 CreateAndInstall(
570 "{"
571 " 'app': {"
572 " 'background': {"
573 " 'scripts': ['background.js']"
574 " }"
575 " },"
576 " 'sockets': {"
577 " 'tcp': {'connect': '127.0.0.1:80'},"
578 " }"
579 "}");
580 ASSERT_TRUE(CheckManifestProducesPermissions(
581 "Exchange data with the device named 127.0.0.1"));
582
583 CreateAndInstall(
584 "{"
585 " 'app': {"
586 " 'background': {"
587 " 'scripts': ['background.js']"
588 " }"
589 " },"
590 " 'sockets': {"
591 " 'tcp': {'connect': 'www.example.com:23'},"
592 " }"
593 "}");
594 ASSERT_TRUE(CheckManifestProducesPermissions(
595 "Exchange data with the device named www.example.com"));
596
597 CreateAndInstall(
598 "{"
599 " 'app': {"
600 " 'background': {"
601 " 'scripts': ['background.js']"
602 " }"
603 " },"
604 " 'sockets': {"
605 " 'tcpServer': {'listen': '127.0.0.1:80'}"
606 " }"
607 "}");
608 ASSERT_TRUE(CheckManifestProducesPermissions(
609 "Exchange data with the device named 127.0.0.1"));
610
611 CreateAndInstall(
612 "{"
613 " 'app': {"
614 " 'background': {"
615 " 'scripts': ['background.js']"
616 " }"
617 " },"
618 " 'sockets': {"
619 " 'tcpServer': {'listen': ':8080'}"
620 " }"
621 "}");
622 ASSERT_TRUE(CheckManifestProducesPermissions(
623 "Exchange data with any device on the local network or internet"));
624
625 CreateAndInstall(
626 "{"
627 " 'app': {"
628 " 'background': {"
629 " 'scripts': ['background.js']"
630 " }"
631 " },"
632 " 'sockets': {"
633 " 'tcpServer': {"
634 " 'listen': ["
635 " '127.0.0.1:80',"
636 " 'www.google.com',"
637 " 'www.example.com:*',"
638 " 'www.foo.com:200',"
639 " 'www.bar.com:200'"
640 " ]"
641 " }"
642 " }"
643 "}");
644 ASSERT_TRUE(CheckManifestProducesPermissions(
645 "Exchange data with the devices named: 127.0.0.1 www.bar.com "
646 "www.example.com www.foo.com www.google.com"));
647
648 CreateAndInstall(
649 "{"
650 " 'app': {"
651 " 'background': {"
652 " 'scripts': ['background.js']"
653 " }"
654 " },"
655 " 'sockets': {"
656 " 'tcp': {"
657 " 'connect': ["
658 " 'www.abc.com:*',"
659 " 'www.mywebsite.com:320',"
660 " 'www.freestuff.com',"
661 " 'www.foo.com:34',"
662 " 'www.test.com'"
663 " ]"
664 " },"
665 " 'tcpServer': {"
666 " 'listen': ["
667 " '127.0.0.1:80',"
668 " 'www.google.com',"
669 " 'www.example.com:*',"
670 " 'www.foo.com:200',"
671 " ]"
672 " }"
673 " }"
674 "}");
675 ASSERT_TRUE(CheckManifestProducesPermissions(
676 "Exchange data with the devices named: 127.0.0.1 www.abc.com "
677 "www.example.com www.foo.com www.freestuff.com www.google.com "
678 "www.mywebsite.com www.test.com"));
679
680 CreateAndInstall(
681 "{"
682 " 'app': {"
683 " 'background': {"
684 " 'scripts': ['background.js']"
685 " }"
686 " },"
687 " 'sockets': {"
688 " 'tcp': {'send': '*:*'},"
689 " 'tcpServer': {'listen': '*:*'},"
690 " }"
691 "}");
692 ASSERT_TRUE(CheckManifestProducesPermissions(
693 "Exchange data with any device on the local network or internet"));
694 }
695
696 // Check that permission messages are generated correctly for
697 // MediaGalleriesPermission (an API permission with custom messages).
698 TEST_F(PermissionMessageCombinationsUnittest,
699 MediaGalleriesPermissionMessages) {
700 CreateAndInstall(
701 "{"
702 " 'app': {"
703 " 'background': {"
704 " 'scripts': ['background.js']"
705 " }"
706 " },"
707 " 'permissions': ["
708 " { 'mediaGalleries': ['read'] }"
709 " ]"
710 "}");
711 ASSERT_TRUE(CheckManifestProducesPermissions());
712
713 CreateAndInstall(
714 "{"
715 " 'app': {"
716 " 'background': {"
717 " 'scripts': ['background.js']"
718 " }"
719 " },"
720 " 'permissions': ["
721 " { 'mediaGalleries': ['read', 'allAutoDetected'] }"
722 " ]"
723 "}");
724 ASSERT_TRUE(CheckManifestProducesPermissions(
725 "Access photos, music, and other media from your computer"));
726
727 // TODO(sashab): Add a test for the
728 // IDS_EXTENSION_PROMPT_WARNING_MEDIA_GALLERIES_READ_WRITE message (generated
729 // with the 'read' and 'copyTo' permissions, but not the 'delete' permission),
730 // if it's possible to get this message. Otherwise, remove it from the code.
731
732 CreateAndInstall(
733 "{"
734 " 'app': {"
735 " 'background': {"
736 " 'scripts': ['background.js']"
737 " }"
738 " },"
739 " 'permissions': ["
740 " { 'mediaGalleries': ['read', 'delete', 'allAutoDetected'] }"
741 " ]"
742 "}");
743 ASSERT_TRUE(CheckManifestProducesPermissions(
744 "Read and delete photos, music, and other media from your computer"));
745
746 CreateAndInstall(
747 "{"
748 " 'app': {"
749 " 'background': {"
750 " 'scripts': ['background.js']"
751 " }"
752 " },"
753 " 'permissions': ["
754 " { 'mediaGalleries':"
755 " [ 'read', 'delete', 'copyTo', 'allAutoDetected' ] }"
756 " ]"
757 "}");
758 ASSERT_TRUE(CheckManifestProducesPermissions(
759 "Read, change and delete photos, music, and other media from your "
760 "computer"));
761
762 // Without the allAutoDetected permission, there should be no install-time
763 // permission messages.
764 CreateAndInstall(
765 "{"
766 " 'app': {"
767 " 'background': {"
768 " 'scripts': ['background.js']"
769 " }"
770 " },"
771 " 'permissions': ["
772 " { 'mediaGalleries': ['read', 'delete', 'copyTo'] }"
773 " ]"
774 "}");
775 ASSERT_TRUE(CheckManifestProducesPermissions());
776 }
777
778 // TODO(sashab): Add tests for SettingsOverrideAPIPermission (an API permission
779 // with custom messages).
780
781 // Check that permission messages are generated correctly for SocketPermission
782 // (an API permission with custom messages).
783 TEST_F(PermissionMessageCombinationsUnittest, SocketPermissionMessages) {
784 CreateAndInstall(
785 "{"
786 " 'app': {"
787 " 'background': {"
788 " 'scripts': ['background.js']"
789 " }"
790 " },"
791 " 'permissions': ["
792 " { 'socket': ['tcp-connect:*:*'] }"
793 " ]"
794 "}");
795 ASSERT_TRUE(CheckManifestProducesPermissions(
796 "Exchange data with any device on the local network or internet"));
797
798 CreateAndInstall(
799 "{"
800 " 'app': {"
801 " 'background': {"
802 " 'scripts': ['background.js']"
803 " }"
804 " },"
805 " 'permissions': ["
806 " { 'socket': ["
807 " 'tcp-connect:*:443',"
808 " 'tcp-connect:*:50032',"
809 " 'tcp-connect:*:23',"
810 " ] }"
811 " ]"
812 "}");
813 ASSERT_TRUE(CheckManifestProducesPermissions(
814 "Exchange data with any device on the local network or internet"));
815
816 CreateAndInstall(
817 "{"
818 " 'app': {"
819 " 'background': {"
820 " 'scripts': ['background.js']"
821 " }"
822 " },"
823 " 'permissions': ["
824 " { 'socket': ['tcp-connect:foo.example.com:443'] }"
825 " ]"
826 "}");
827 ASSERT_TRUE(CheckManifestProducesPermissions(
828 "Exchange data with the device named foo.example.com"));
829
830 CreateAndInstall(
831 "{"
832 " 'app': {"
833 " 'background': {"
834 " 'scripts': ['background.js']"
835 " }"
836 " },"
837 " 'permissions': ["
838 " { 'socket': ['tcp-connect:foo.example.com:443', 'udp-send-to'] }"
839 " ]"
840 "}");
841 ASSERT_TRUE(CheckManifestProducesPermissions(
842 "Exchange data with any device on the local network or internet"));
843
844 CreateAndInstall(
845 "{"
846 " 'app': {"
847 " 'background': {"
848 " 'scripts': ['background.js']"
849 " }"
850 " },"
851 " 'permissions': ["
852 " { 'socket': ["
853 " 'tcp-connect:foo.example.com:443',"
854 " 'udp-send-to:test.ping.com:50032',"
855 " ] }"
856 " ]"
857 "}");
858 ASSERT_TRUE(CheckManifestProducesPermissions(
859 "Exchange data with the devices named: foo.example.com test.ping.com"));
860
861 CreateAndInstall(
862 "{"
863 " 'app': {"
864 " 'background': {"
865 " 'scripts': ['background.js']"
866 " }"
867 " },"
868 " 'permissions': ["
869 " { 'socket': ["
870 " 'tcp-connect:foo.example.com:443',"
871 " 'udp-send-to:test.ping.com:50032',"
872 " 'udp-send-to:www.ping.com:50032',"
873 " 'udp-send-to:test2.ping.com:50032',"
874 " 'udp-bind:test.ping.com:50032',"
875 " ] }"
876 " ]"
877 "}");
878 ASSERT_TRUE(CheckManifestProducesPermissions(
879 "Exchange data with the devices named: foo.example.com test.ping.com "
880 "test2.ping.com www.ping.com"));
881
882 CreateAndInstall(
883 "{"
884 " 'app': {"
885 " 'background': {"
886 " 'scripts': ['background.js']"
887 " }"
888 " },"
889 " 'permissions': ["
890 " { 'socket': ["
891 " 'tcp-connect:foo.example.com:443',"
892 " 'udp-send-to:test.ping.com:50032',"
893 " 'tcp-connect:*:23',"
894 " ] }"
895 " ]"
896 "}");
897 ASSERT_TRUE(CheckManifestProducesPermissions(
898 "Exchange data with any device on the local network or internet"));
899 }
900
901 // Check that permission messages are generated correctly for
902 // USBDevicePermission (an API permission with custom messages).
903 TEST_F(PermissionMessageCombinationsUnittest, USBDevicePermissionMessages) {
904 CreateAndInstall(
905 "{"
906 " 'app': {"
907 " 'background': {"
908 " 'scripts': ['background.js']"
909 " }"
910 " },"
911 " 'permissions': ["
912 " { 'usbDevices': ["
913 " { 'vendorId': 0, 'productId': 0 },"
914 " ] }"
915 " ]"
916 "}");
917 ASSERT_TRUE(CheckManifestProducesPermissions(
918 "Access USB devices from an unknown vendor"));
919
920 CreateAndInstall(
921 "{"
922 " 'app': {"
923 " 'background': {"
924 " 'scripts': ['background.js']"
925 " }"
926 " },"
927 " 'permissions': ["
928 " { 'usbDevices': ["
929 " { 'vendorId': 4179, 'productId': 529 },"
930 " ] }"
931 " ]"
932 "}");
933 ASSERT_TRUE(CheckManifestProducesPermissions(
934 "Access USB devices from Immanuel Electronics Co., Ltd"));
935
936 CreateAndInstall(
937 "{"
938 " 'app': {"
939 " 'background': {"
940 " 'scripts': ['background.js']"
941 " }"
942 " },"
943 " 'permissions': ["
944 " { 'usbDevices': ["
945 " { 'vendorId': 6353, 'productId': 8192 },"
946 " ] }"
947 " ]"
948 "}");
949 ASSERT_TRUE(
950 CheckManifestProducesPermissions("Access USB devices from Google Inc."));
951
952 CreateAndInstall(
953 "{"
954 " 'app': {"
955 " 'background': {"
956 " 'scripts': ['background.js']"
957 " }"
958 " },"
959 " 'permissions': ["
960 " { 'usbDevices': ["
961 " { 'vendorId': 4179, 'productId': 529 },"
962 " { 'vendorId': 6353, 'productId': 8192 },"
963 " ] }"
964 " ]"
965 "}");
966 std::vector<std::string> submessages;
967 submessages.push_back("unknown devices from Immanuel Electronics Co., Ltd");
968 submessages.push_back("unknown devices from Google Inc.");
969 ASSERT_TRUE(CheckManifestProducesPermissions(
970 "Access any of these USB devices", submessages));
971
972 // TODO(sashab): Add a test with a valid product/vendor USB device.
973 }
974
975 // Test that hosted apps are not given any messages for host permissions.
976 TEST_F(PermissionMessageCombinationsUnittest,
977 PackagedAppsHaveNoHostPermissions) {
978 CreateAndInstall(
979 "{"
980 " 'app': {"
981 " 'background': {"
982 " 'scripts': ['background.js']"
983 " }"
984 " },"
985 " 'permissions': ["
986 " 'http://www.blogger.com/',"
987 " 'http://*.google.com/',"
988 " ]"
989 "}");
990 ASSERT_TRUE(CheckManifestProducesPermissions());
991
992 CreateAndInstall(
993 "{"
994 " 'app': {"
995 " 'background': {"
996 " 'scripts': ['background.js']"
997 " }"
998 " },"
999 " 'permissions': ["
1000 " 'serial',"
1001 " 'http://www.blogger.com/',"
1002 " 'http://*.google.com/',"
1003 " ]"
1004 "}");
1005 ASSERT_TRUE(CheckManifestProducesPermissions("Access your serial devices"));
1006 }
1007
1008 // Test various apps with lots of permissions, including those with no
1009 // permission messages, or those that only apply to apps or extensions even when
1010 // the given manifest is for a different type.
1011 TEST_F(PermissionMessageCombinationsUnittest, PermissionMessageCombos) {
1012 CreateAndInstall(
1013 "{"
1014 " 'permissions': ["
1015 " 'tabs',"
1016 " 'bookmarks',"
1017 " 'http://www.blogger.com/',"
1018 " 'http://*.google.com/',"
1019 " 'unlimitedStorage',"
1020 " ]"
1021 "}");
1022 ASSERT_TRUE(CheckManifestProducesPermissions(
1023 "Read and change your data on all google.com sites and www.blogger.com",
1024 "Read your browsing history", "Read and change your bookmarks"));
1025
1026 CreateAndInstall(
1027 "{"
1028 " 'permissions': ["
1029 " 'tabs',"
1030 " 'sessions',"
1031 " 'bookmarks',"
1032 " 'unlimitedStorage',"
1033 " 'syncFileSystem',"
1034 " 'http://www.blogger.com/',"
1035 " 'http://*.google.com/',"
1036 " 'http://*.news.com/',"
1037 " 'http://www.foobar.com/',"
1038 " 'http://*.go.com/',"
1039 " ]"
1040 "}");
1041 std::vector<std::string> submessages;
1042 submessages.push_back("All go.com sites");
1043 submessages.push_back("All google.com sites");
1044 submessages.push_back("All news.com sites");
1045 submessages.push_back("www.blogger.com");
1046 submessages.push_back("www.foobar.com");
1047 ASSERT_TRUE(CheckManifestProducesPermissions(
1048 "Read your browsing history on all your signed-in devices",
1049 std::vector<std::string>(), "Read and change your bookmarks",
1050 std::vector<std::string>(),
1051 "Read and change your data on a number of websites", submessages));
1052
1053 CreateAndInstall(
1054 "{"
1055 " 'permissions': ["
1056 " 'tabs',"
1057 " 'sessions',"
1058 " 'bookmarks',"
1059 " 'accessibilityFeatures.read',"
1060 " 'accessibilityFeatures.modify',"
1061 " 'alarms',"
1062 " 'browsingData',"
1063 " 'cookies',"
1064 " 'desktopCapture',"
1065 " 'gcm',"
1066 " 'topSites',"
1067 " 'storage',"
1068 " 'unlimitedStorage',"
1069 " 'syncFileSystem',"
1070 " 'http://www.blogger.com/',"
1071 " 'http://*.google.com/',"
1072 " 'http://*.news.com/',"
1073 " 'http://www.foobar.com/',"
1074 " 'http://*.go.com/',"
1075 " ]"
1076 "}");
1077
1078 submessages.clear();
1079 submessages.push_back("All go.com sites");
1080 submessages.push_back("All google.com sites");
1081 submessages.push_back("All news.com sites");
1082 submessages.push_back("www.blogger.com");
1083 submessages.push_back("www.foobar.com");
1084 ASSERT_TRUE(CheckManifestProducesPermissions(
1085 "Read your browsing history on all your signed-in devices",
1086 std::vector<std::string>(), "Capture content of your screen",
1087 std::vector<std::string>(), "Read and change your bookmarks",
1088 std::vector<std::string>(),
1089 "Read and change your data on a number of websites", submessages,
1090 "Read and change your accessibility settings",
1091 std::vector<std::string>()));
1092
1093 // Create an App instead, ensuring that the host permission messages are not
1094 // added.
1095 CreateAndInstall(
1096 "{"
1097 " 'app': {"
1098 " 'background': {"
1099 " 'scripts': ['background.js']"
1100 " }"
1101 " },"
1102 " 'permissions': ["
1103 " 'contextMenus',"
1104 " 'permissions',"
1105 " 'accessibilityFeatures.read',"
1106 " 'accessibilityFeatures.modify',"
1107 " 'alarms',"
1108 " 'power',"
1109 " 'cookies',"
1110 " 'serial',"
1111 " 'usb',"
1112 " 'storage',"
1113 " 'gcm',"
1114 " 'topSites',"
1115 " 'storage',"
1116 " 'unlimitedStorage',"
1117 " 'syncFileSystem',"
1118 " 'http://www.blogger.com/',"
1119 " 'http://*.google.com/',"
1120 " 'http://*.news.com/',"
1121 " 'http://www.foobar.com/',"
1122 " 'http://*.go.com/',"
1123 " ]"
1124 "}");
1125
1126 ASSERT_TRUE(CheckManifestProducesPermissions(
1127 "Access your serial devices", "Store data in your Google Drive account",
1128 "Read and change your accessibility settings"));
1129
1130 }
1131
1132 // Tests that the 'plugin' manifest key produces the correct permission.
1133 TEST_F(PermissionMessageCombinationsUnittest, PluginPermission) {
1134 // Extensions can have plugins.
1135 CreateAndInstall(
1136 "{"
1137 " 'plugins': ["
1138 " { 'path': 'extension_plugin.dll' }"
1139 " ]"
1140 "}");
1141
1142 #ifdef OS_CHROMEOS
1143 ASSERT_TRUE(CheckManifestProducesPermissions());
1144 #else
1145 ASSERT_TRUE(CheckManifestProducesPermissions(
1146 "Read and change all your data on your computer and the websites you "
1147 "visit"));
1148 #endif
1149
1150 // Apps can't have plugins.
1151 CreateAndInstall(
1152 "{"
1153 " 'app': {"
1154 " 'background': {"
1155 " 'scripts': ['background.js']"
1156 " }"
1157 " },"
1158 " 'plugins': ["
1159 " { 'path': 'extension_plugin.dll' }"
1160 " ]"
1161 "}");
1162 ASSERT_TRUE(CheckManifestProducesPermissions());
1163 }
1164
1165 // TODO(sashab): Add a test that checks that messages are generated correctly
1166 // for withheld permissions, when an app is granted the 'all sites' permission.
1167
1168 // TODO(sashab): Add a test that ensures that all permissions that can generate
1169 // a coalesced message can also generate a message on their own (i.e. ensure
1170 // that no permissions only modify other permissions).
1171
1172 // TODO(sashab): Add a test for every permission message combination that can
1173 // generate a message.
1174
1175 // TODO(aboxhall): Add tests for the automation API permission messages.
1176
1177 } // namespace extensions