search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert of Add button to add new FSP services to Files app. (patchset #8 id:140001...
[chromium-blink-merge.git] / chrome / browser / extensions / extension_management_unittest.cc
blob1db99a0f03cce66509943eb40a193d53dec78095
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <algorithm>
6 #include <string>
7 #include <vector>
8
9 #include "base/json/json_parser.h"
10 #include "base/memory/scoped_ptr.h"
11 #include "base/prefs/pref_registry_simple.h"
12 #include "base/prefs/testing_pref_service.h"
13 #include "base/values.h"
14 #include "chrome/browser/extensions/extension_management.h"
15 #include "chrome/browser/extensions/extension_management_internal.h"
16 #include "chrome/browser/extensions/extension_management_test_util.h"
17 #include "chrome/browser/extensions/external_policy_loader.h"
18 #include "chrome/browser/extensions/standard_management_policy_provider.h"
19 #include "extensions/browser/pref_names.h"
20 #include "extensions/common/manifest.h"
21 #include "extensions/common/manifest_constants.h"
22 #include "extensions/common/permissions/api_permission.h"
23 #include "extensions/common/permissions/permissions_info.h"
24 #include "extensions/common/url_pattern.h"
25 #include "testing/gtest/include/gtest/gtest.h"
26 #include "url/gurl.h"
27
28 namespace extensions {
29
30 namespace {
31
32 const char kTargetExtension[] = "abcdefghijklmnopabcdefghijklmnop";
33 const char kTargetExtension2[] = "bcdefghijklmnopabcdefghijklmnopa";
34 const char kTargetExtension3[] = "cdefghijklmnopabcdefghijklmnopab";
35 const char kTargetExtension4[] = "defghijklmnopabcdefghijklmnopabc";
36 const char kExampleUpdateUrl[] = "http://example.com/update_url";
37
38 const char kNonExistingExtension[] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
39 const char kNonExistingUpdateUrl[] = "http://example.net/update.xml";
40
41 const char kExampleDictPreference[] =
42 "{"
43 " \"abcdefghijklmnopabcdefghijklmnop\": {" // kTargetExtension
44 " \"installation_mode\": \"allowed\","
45 " \"blocked_permissions\": [\"fileSystem\", \"bookmarks\"],"
46 " \"minimum_version_required\": \"1.1.0\","
47 " },"
48 " \"bcdefghijklmnopabcdefghijklmnopa\": {" // kTargetExtension2
49 " \"installation_mode\": \"force_installed\","
50 " \"update_url\": \"http://example.com/update_url\","
51 " \"allowed_permissions\": [\"fileSystem\", \"bookmarks\"],"
52 " },"
53 " \"cdefghijklmnopabcdefghijklmnopab\": {" // kTargetExtension3
54 " \"installation_mode\": \"normal_installed\","
55 " \"update_url\": \"http://example.com/update_url\","
56 " \"allowed_permissions\": [\"fileSystem\", \"downloads\"],"
57 " \"blocked_permissions\": [\"fileSystem\", \"history\"],"
58 " },"
59 " \"defghijklmnopabcdefghijklmnopabc\": {" // kTargetExtension4
60 " \"installation_mode\": \"blocked\","
61 " },"
62 " \"update_url:http://example.com/update_url\": {" // kExampleUpdateUrl
63 " \"installation_mode\": \"allowed\","
64 " \"allowed_permissions\": [\"downloads\"],"
65 " \"blocked_permissions\": [\"bookmarks\"],"
66 " },"
67 " \"*\": {"
68 " \"installation_mode\": \"blocked\","
69 " \"install_sources\": [\"*://foo.com/*\"],"
70 " \"allowed_types\": [\"theme\", \"user_script\"],"
71 " \"blocked_permissions\": [\"fileSystem\", \"downloads\"],"
72 " },"
73 "}";
74
75 } // namespace
76
77 class ExtensionManagementServiceTest : public testing::Test {
78 public:
79 typedef ExtensionManagementPrefUpdater<TestingPrefServiceSimple> PrefUpdater;
80
81 ExtensionManagementServiceTest() {}
82 ~ExtensionManagementServiceTest() override {}
83
84 // testing::Test:
85 void SetUp() override { InitPrefService(); }
86
87 void InitPrefService() {
88 extension_management_.reset();
89 pref_service_.reset(new TestingPrefServiceSimple());
90 pref_service_->registry()->RegisterListPref(
91 pref_names::kAllowedInstallSites);
92 pref_service_->registry()->RegisterListPref(pref_names::kAllowedTypes);
93 pref_service_->registry()->RegisterListPref(pref_names::kInstallDenyList);
94 pref_service_->registry()->RegisterListPref(pref_names::kInstallAllowList);
95 pref_service_->registry()->RegisterDictionaryPref(
96 pref_names::kInstallForceList);
97 pref_service_->registry()->RegisterDictionaryPref(
98 pref_names::kExtensionManagement);
99 extension_management_.reset(new ExtensionManagement(pref_service_.get()));
100 }
101
102 void SetPref(bool managed, const char* path, base::Value* value) {
103 if (managed)
104 pref_service_->SetManagedPref(path, value);
105 else
106 pref_service_->SetUserPref(path, value);
107 }
108
109 void RemovePref(bool managed, const char* path) {
110 if (managed)
111 pref_service_->RemoveManagedPref(path);
112 else
113 pref_service_->RemoveUserPref(path);
114 }
115
116 const internal::GlobalSettings* ReadGlobalSettings() {
117 return extension_management_->global_settings_.get();
118 }
119
120 ExtensionManagement::InstallationMode GetInstallationModeById(
121 const std::string& id) {
122 return GetInstallationMode(id, kNonExistingUpdateUrl);
123 }
124
125 ExtensionManagement::InstallationMode GetInstallationModeByUpdateUrl(
126 const std::string& update_url) {
127 return GetInstallationMode(kNonExistingExtension, update_url);
128 }
129
130 void CheckAutomaticallyInstalledUpdateUrl(const std::string& id,
131 const std::string& update_url) {
132 auto iter = extension_management_->settings_by_id_.find(id);
133 ASSERT_TRUE(iter != extension_management_->settings_by_id_.end());
134 ASSERT_TRUE((iter->second->installation_mode ==
135 ExtensionManagement::INSTALLATION_FORCED) ||
136 (iter->second->installation_mode ==
137 ExtensionManagement::INSTALLATION_RECOMMENDED));
138 EXPECT_EQ(iter->second->update_url, update_url);
139 }
140
141 APIPermissionSet GetBlockedAPIPermissionsById(const std::string& id) {
142 return GetBlockedAPIPermissions(id, kNonExistingUpdateUrl);
143 }
144
145 APIPermissionSet GetBlockedAPIPermissionsByUpdateUrl(
146 const std::string& update_url) {
147 return GetBlockedAPIPermissions(kNonExistingExtension, update_url);
148 }
149
150 void SetExampleDictPref() {
151 std::string error_msg;
152 scoped_ptr<base::Value> parsed(base::JSONReader::ReadAndReturnError(
153 kExampleDictPreference,
154 base::JSONParserOptions::JSON_ALLOW_TRAILING_COMMAS,
155 NULL,
156 &error_msg));
157 ASSERT_TRUE(parsed && parsed->IsType(base::Value::TYPE_DICTIONARY))
158 << error_msg;
159 SetPref(true, pref_names::kExtensionManagement, parsed.release());
160 }
161
162 // Wrapper of ExtensionManagement::GetInstallationMode, |id| and
163 // |update_url| are used to construct an Extension for testing.
164 ExtensionManagement::InstallationMode GetInstallationMode(
165 const std::string& id,
166 const std::string& update_url) {
167 scoped_refptr<const Extension> extension =
168 CreateExtension(Manifest::UNPACKED, "0.1", id, update_url);
169 return extension_management_->GetInstallationMode(extension.get());
170 }
171
172 // Wrapper of ExtensionManagement::GetBlockedAPIPermissions, |id| and
173 // |update_url| are used to construct an Extension for testing.
174 APIPermissionSet GetBlockedAPIPermissions(const std::string& id,
175 const std::string& update_url) {
176 scoped_refptr<const Extension> extension =
177 CreateExtension(Manifest::UNPACKED, "0.1", id, update_url);
178 return extension_management_->GetBlockedAPIPermissions(extension.get());
179 }
180
181 // Wrapper of ExtensionManagement::CheckMinimumVersion, |id| and
182 // |version| are used to construct an Extension for testing.
183 bool CheckMinimumVersion(const std::string& id, const std::string& version) {
184 scoped_refptr<const Extension> extension =
185 CreateExtension(Manifest::UNPACKED, version, id, kNonExistingUpdateUrl);
186 std::string minimum_version_required;
187 bool ret = extension_management_->CheckMinimumVersion(
188 extension.get(), &minimum_version_required);
189 EXPECT_EQ(ret, minimum_version_required.empty());
190 EXPECT_EQ(ret, extension_management_->CheckMinimumVersion(extension.get(),
191 nullptr));
192 return ret;
193 }
194
195 protected:
196 scoped_ptr<TestingPrefServiceSimple> pref_service_;
197 scoped_ptr<ExtensionManagement> extension_management_;
198
199 private:
200 // Create an extension with specified |location|, |version|, |id| and
201 // |update_url|.
202 scoped_refptr<const Extension> CreateExtension(
203 Manifest::Location location,
204 const std::string& version,
205 const std::string& id,
206 const std::string& update_url) {
207 base::DictionaryValue manifest_dict;
208 manifest_dict.SetString(manifest_keys::kName, "test");
209 manifest_dict.SetString(manifest_keys::kVersion, version);
210 manifest_dict.SetString(manifest_keys::kUpdateURL, update_url);
211 std::string error;
212 scoped_refptr<const Extension> extension =
213 Extension::Create(base::FilePath(), location, manifest_dict,
214 Extension::NO_FLAGS, id, &error);
215 CHECK(extension.get()) << error;
216 return extension;
217 }
218 };
219
220 class ExtensionAdminPolicyTest : public ExtensionManagementServiceTest {
221 public:
222 ExtensionAdminPolicyTest() {}
223 ~ExtensionAdminPolicyTest() override {}
224
225 void SetUpPolicyProvider() {
226 provider_.reset(
227 new StandardManagementPolicyProvider(extension_management_.get()));
228 }
229
230 void CreateExtension(Manifest::Location location) {
231 base::DictionaryValue values;
232 CreateExtensionFromValues(location, &values);
233 }
234
235 void CreateHostedApp(Manifest::Location location) {
236 base::DictionaryValue values;
237 values.Set(extensions::manifest_keys::kWebURLs, new base::ListValue());
238 values.SetString(extensions::manifest_keys::kLaunchWebURL,
239 "http://www.example.com");
240 CreateExtensionFromValues(location, &values);
241 }
242
243 void CreateExtensionFromValues(Manifest::Location location,
244 base::DictionaryValue* values) {
245 values->SetString(extensions::manifest_keys::kName, "test");
246 values->SetString(extensions::manifest_keys::kVersion, "0.1");
247 std::string error;
248 extension_ = Extension::Create(base::FilePath(), location, *values,
249 Extension::NO_FLAGS, &error);
250 ASSERT_TRUE(extension_.get());
251 }
252
253 // Wrappers for legacy admin policy functions, for testing purpose only.
254 bool BlacklistedByDefault(const base::ListValue* blacklist);
255 bool UserMayLoad(const base::ListValue* blacklist,
256 const base::ListValue* whitelist,
257 const base::DictionaryValue* forcelist,
258 const base::ListValue* allowed_types,
259 const Extension* extension,
260 base::string16* error);
261 bool UserMayModifySettings(const Extension* extension, base::string16* error);
262 bool MustRemainEnabled(const Extension* extension, base::string16* error);
263
264 protected:
265 scoped_ptr<StandardManagementPolicyProvider> provider_;
266 scoped_refptr<Extension> extension_;
267 };
268
269 bool ExtensionAdminPolicyTest::BlacklistedByDefault(
270 const base::ListValue* blacklist) {
271 SetUpPolicyProvider();
272 if (blacklist)
273 SetPref(true, pref_names::kInstallDenyList, blacklist->DeepCopy());
274 return extension_management_->BlacklistedByDefault();
275 }
276
277 bool ExtensionAdminPolicyTest::UserMayLoad(
278 const base::ListValue* blacklist,
279 const base::ListValue* whitelist,
280 const base::DictionaryValue* forcelist,
281 const base::ListValue* allowed_types,
282 const Extension* extension,
283 base::string16* error) {
284 SetUpPolicyProvider();
285 if (blacklist)
286 SetPref(true, pref_names::kInstallDenyList, blacklist->DeepCopy());
287 if (whitelist)
288 SetPref(true, pref_names::kInstallAllowList, whitelist->DeepCopy());
289 if (forcelist)
290 SetPref(true, pref_names::kInstallForceList, forcelist->DeepCopy());
291 if (allowed_types)
292 SetPref(true, pref_names::kAllowedTypes, allowed_types->DeepCopy());
293 return provider_->UserMayLoad(extension, error);
294 }
295
296 bool ExtensionAdminPolicyTest::UserMayModifySettings(const Extension* extension,
297 base::string16* error) {
298 SetUpPolicyProvider();
299 return provider_->UserMayModifySettings(extension, error);
300 }
301
302 bool ExtensionAdminPolicyTest::MustRemainEnabled(const Extension* extension,
303 base::string16* error) {
304 SetUpPolicyProvider();
305 return provider_->MustRemainEnabled(extension, error);
306 }
307
308 // Verify that preference controlled by legacy ExtensionInstallSources policy is
309 // handled well.
310 TEST_F(ExtensionManagementServiceTest, LegacyInstallSources) {
311 base::ListValue allowed_sites_pref;
312 allowed_sites_pref.AppendString("https://www.example.com/foo");
313 allowed_sites_pref.AppendString("https://corp.mycompany.com/*");
314 SetPref(
315 true, pref_names::kAllowedInstallSites, allowed_sites_pref.DeepCopy());
316 const URLPatternSet& allowed_sites = ReadGlobalSettings()->install_sources;
317 ASSERT_TRUE(ReadGlobalSettings()->has_restricted_install_sources);
318 EXPECT_FALSE(allowed_sites.is_empty());
319 EXPECT_TRUE(allowed_sites.MatchesURL(GURL("https://www.example.com/foo")));
320 EXPECT_FALSE(allowed_sites.MatchesURL(GURL("https://www.example.com/bar")));
321 EXPECT_TRUE(
322 allowed_sites.MatchesURL(GURL("https://corp.mycompany.com/entry")));
323 EXPECT_FALSE(
324 allowed_sites.MatchesURL(GURL("https://www.mycompany.com/entry")));
325 }
326
327 // Verify that preference controlled by legacy ExtensionAllowedTypes policy is
328 // handled well.
329 TEST_F(ExtensionManagementServiceTest, LegacyAllowedTypes) {
330 base::ListValue allowed_types_pref;
331 allowed_types_pref.AppendInteger(Manifest::TYPE_THEME);
332 allowed_types_pref.AppendInteger(Manifest::TYPE_USER_SCRIPT);
333
334 SetPref(true, pref_names::kAllowedTypes, allowed_types_pref.DeepCopy());
335 const std::vector<Manifest::Type>& allowed_types =
336 ReadGlobalSettings()->allowed_types;
337 ASSERT_TRUE(ReadGlobalSettings()->has_restricted_allowed_types);
338 EXPECT_EQ(allowed_types.size(), 2u);
339 EXPECT_FALSE(std::find(allowed_types.begin(),
340 allowed_types.end(),
341 Manifest::TYPE_EXTENSION) != allowed_types.end());
342 EXPECT_TRUE(std::find(allowed_types.begin(),
343 allowed_types.end(),
344 Manifest::TYPE_THEME) != allowed_types.end());
345 EXPECT_TRUE(std::find(allowed_types.begin(),
346 allowed_types.end(),
347 Manifest::TYPE_USER_SCRIPT) != allowed_types.end());
348 }
349
350 // Verify that preference controlled by legacy ExtensionInstallBlacklist policy
351 // is handled well.
352 TEST_F(ExtensionManagementServiceTest, LegacyInstallBlacklist) {
353 base::ListValue denied_list_pref;
354 denied_list_pref.AppendString(kTargetExtension);
355
356 SetPref(true, pref_names::kInstallDenyList, denied_list_pref.DeepCopy());
357 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
358 ExtensionManagement::INSTALLATION_BLOCKED);
359 EXPECT_EQ(GetInstallationModeById(kNonExistingExtension),
360 ExtensionManagement::INSTALLATION_ALLOWED);
361 }
362
363 // Verify that preference controlled by legacy ExtensionInstallWhitelist policy
364 // is handled well.
365 TEST_F(ExtensionManagementServiceTest, LegacyInstallWhitelist) {
366 base::ListValue denied_list_pref;
367 denied_list_pref.AppendString("*");
368 base::ListValue allowed_list_pref;
369 allowed_list_pref.AppendString(kTargetExtension);
370
371 SetPref(true, pref_names::kInstallDenyList, denied_list_pref.DeepCopy());
372 SetPref(true, pref_names::kInstallAllowList, allowed_list_pref.DeepCopy());
373 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
374 ExtensionManagement::INSTALLATION_ALLOWED);
375 EXPECT_EQ(GetInstallationModeById(kNonExistingExtension),
376 ExtensionManagement::INSTALLATION_BLOCKED);
377
378 // Verify that install whitelist preference set by user is ignored.
379 RemovePref(true, pref_names::kInstallAllowList);
380 SetPref(false, pref_names::kInstallAllowList, allowed_list_pref.DeepCopy());
381 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
382 ExtensionManagement::INSTALLATION_BLOCKED);
383 }
384
385 // Verify that preference controlled by legacy ExtensionInstallForcelist policy
386 // is handled well.
387 TEST_F(ExtensionManagementServiceTest, LegacyInstallForcelist) {
388 base::DictionaryValue forced_list_pref;
389 ExternalPolicyLoader::AddExtension(
390 &forced_list_pref, kTargetExtension, kExampleUpdateUrl);
391
392 SetPref(true, pref_names::kInstallForceList, forced_list_pref.DeepCopy());
393 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
394 ExtensionManagement::INSTALLATION_FORCED);
395 CheckAutomaticallyInstalledUpdateUrl(kTargetExtension, kExampleUpdateUrl);
396 EXPECT_EQ(GetInstallationModeById(kNonExistingExtension),
397 ExtensionManagement::INSTALLATION_ALLOWED);
398
399 // Verify that install forcelist preference set by user is ignored.
400 RemovePref(true, pref_names::kInstallForceList);
401 SetPref(false, pref_names::kInstallForceList, forced_list_pref.DeepCopy());
402 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
403 ExtensionManagement::INSTALLATION_ALLOWED);
404 }
405
406 // Tests parsing of new dictionary preference.
407 TEST_F(ExtensionManagementServiceTest, PreferenceParsing) {
408 SetExampleDictPref();
409
410 // Verifies the installation mode settings.
411 EXPECT_TRUE(extension_management_->BlacklistedByDefault());
412 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
413 ExtensionManagement::INSTALLATION_ALLOWED);
414 EXPECT_EQ(GetInstallationModeById(kTargetExtension2),
415 ExtensionManagement::INSTALLATION_FORCED);
416 CheckAutomaticallyInstalledUpdateUrl(kTargetExtension2, kExampleUpdateUrl);
417 EXPECT_EQ(GetInstallationModeById(kTargetExtension3),
418 ExtensionManagement::INSTALLATION_RECOMMENDED);
419 CheckAutomaticallyInstalledUpdateUrl(kTargetExtension3, kExampleUpdateUrl);
420 EXPECT_EQ(GetInstallationModeById(kNonExistingExtension),
421 ExtensionManagement::INSTALLATION_BLOCKED);
422 EXPECT_EQ(GetInstallationModeByUpdateUrl(kExampleUpdateUrl),
423 ExtensionManagement::INSTALLATION_ALLOWED);
424
425 // Verifies global settings.
426 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_install_sources);
427 const URLPatternSet& allowed_sites = ReadGlobalSettings()->install_sources;
428 EXPECT_EQ(allowed_sites.size(), 1u);
429 EXPECT_TRUE(allowed_sites.MatchesURL(GURL("http://foo.com/entry")));
430 EXPECT_FALSE(allowed_sites.MatchesURL(GURL("http://bar.com/entry")));
431
432 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_allowed_types);
433 const std::vector<Manifest::Type>& allowed_types =
434 ReadGlobalSettings()->allowed_types;
435 EXPECT_EQ(allowed_types.size(), 2u);
436 EXPECT_TRUE(std::find(allowed_types.begin(),
437 allowed_types.end(),
438 Manifest::TYPE_THEME) != allowed_types.end());
439 EXPECT_TRUE(std::find(allowed_types.begin(),
440 allowed_types.end(),
441 Manifest::TYPE_USER_SCRIPT) != allowed_types.end());
442
443 // Verifies blocked permission list settings.
444 APIPermissionSet api_permission_set;
445 api_permission_set.clear();
446 api_permission_set.insert(APIPermission::kFileSystem);
447 api_permission_set.insert(APIPermission::kDownloads);
448 EXPECT_EQ(api_permission_set,
449 GetBlockedAPIPermissionsById(kNonExistingExtension));
450
451 api_permission_set.clear();
452 api_permission_set.insert(APIPermission::kFileSystem);
453 api_permission_set.insert(APIPermission::kDownloads);
454 api_permission_set.insert(APIPermission::kBookmark);
455 EXPECT_EQ(api_permission_set, GetBlockedAPIPermissionsById(kTargetExtension));
456
457 api_permission_set.clear();
458 api_permission_set.insert(APIPermission::kDownloads);
459 EXPECT_EQ(api_permission_set,
460 GetBlockedAPIPermissionsById(kTargetExtension2));
461
462 api_permission_set.clear();
463 api_permission_set.insert(APIPermission::kFileSystem);
464 api_permission_set.insert(APIPermission::kHistory);
465 EXPECT_EQ(api_permission_set,
466 GetBlockedAPIPermissionsById(kTargetExtension3));
467
468 api_permission_set.clear();
469 api_permission_set.insert(APIPermission::kFileSystem);
470 api_permission_set.insert(APIPermission::kBookmark);
471 EXPECT_EQ(api_permission_set,
472 GetBlockedAPIPermissionsByUpdateUrl(kExampleUpdateUrl));
473
474 // Verifies minimum version settings.
475 EXPECT_FALSE(CheckMinimumVersion(kTargetExtension, "1.0.99"));
476 EXPECT_TRUE(CheckMinimumVersion(kTargetExtension, "1.1"));
477 EXPECT_TRUE(CheckMinimumVersion(kTargetExtension, "1.1.0.1"));
478 }
479
480 // Tests the handling of installation mode in case it's specified in both
481 // per-extension and per-update-url settings.
482 TEST_F(ExtensionManagementServiceTest, InstallationModeConflictHandling) {
483 SetExampleDictPref();
484
485 // Per-extension installation mode settings should always override
486 // per-update-url settings.
487 EXPECT_EQ(GetInstallationMode(kTargetExtension, kExampleUpdateUrl),
488 ExtensionManagement::INSTALLATION_ALLOWED);
489 EXPECT_EQ(GetInstallationMode(kTargetExtension2, kExampleUpdateUrl),
490 ExtensionManagement::INSTALLATION_FORCED);
491 EXPECT_EQ(GetInstallationMode(kTargetExtension3, kExampleUpdateUrl),
492 ExtensionManagement::INSTALLATION_RECOMMENDED);
493 }
494
495 // Tests the handling of blocked permissions in case it's specified in both
496 // per-extension and per-update-url settings.
497 TEST_F(ExtensionManagementServiceTest, BlockedPermissionsConflictHandling) {
498 SetExampleDictPref();
499
500 // Both settings should be enforced.
501 APIPermissionSet blocked_permissions_for_update_url;
502 blocked_permissions_for_update_url.insert(APIPermission::kFileSystem);
503 blocked_permissions_for_update_url.insert(APIPermission::kBookmark);
504
505 APIPermissionSet api_permission_set;
506
507 api_permission_set = blocked_permissions_for_update_url;
508 api_permission_set.insert(APIPermission::kFileSystem);
509 api_permission_set.insert(APIPermission::kDownloads);
510 api_permission_set.insert(APIPermission::kBookmark);
511 EXPECT_EQ(api_permission_set,
512 GetBlockedAPIPermissions(kTargetExtension, kExampleUpdateUrl));
513
514 api_permission_set = blocked_permissions_for_update_url;
515 api_permission_set.insert(APIPermission::kDownloads);
516 EXPECT_EQ(api_permission_set,
517 GetBlockedAPIPermissions(kTargetExtension2, kExampleUpdateUrl));
518
519 api_permission_set = blocked_permissions_for_update_url;
520 api_permission_set.insert(APIPermission::kFileSystem);
521 api_permission_set.insert(APIPermission::kHistory);
522 EXPECT_EQ(api_permission_set,
523 GetBlockedAPIPermissions(kTargetExtension3, kExampleUpdateUrl));
524 }
525
526 // Tests the 'minimum_version_required' settings of extension management.
527 TEST_F(ExtensionManagementServiceTest, kMinimumVersionRequired) {
528 EXPECT_TRUE(CheckMinimumVersion(kTargetExtension, "0.0"));
529 EXPECT_TRUE(CheckMinimumVersion(kTargetExtension, "3.0.0"));
530 EXPECT_TRUE(CheckMinimumVersion(kTargetExtension, "9999.0"));
531
532 {
533 PrefUpdater pref(pref_service_.get());
534 pref.SetMinimumVersionRequired(kTargetExtension, "3.0");
535 }
536
537 EXPECT_FALSE(CheckMinimumVersion(kTargetExtension, "0.0"));
538 EXPECT_FALSE(CheckMinimumVersion(kTargetExtension, "2.99"));
539 EXPECT_TRUE(CheckMinimumVersion(kTargetExtension, "3.0.0"));
540 EXPECT_TRUE(CheckMinimumVersion(kTargetExtension, "3.0.1"));
541 EXPECT_TRUE(CheckMinimumVersion(kTargetExtension, "4.0"));
542 }
543
544 // Tests functionality of new preference as to deprecate legacy
545 // ExtensionInstallSources policy.
546 TEST_F(ExtensionManagementServiceTest, NewInstallSources) {
547 // Set the legacy preference, and verifies that it works.
548 base::ListValue allowed_sites_pref;
549 allowed_sites_pref.AppendString("https://www.example.com/foo");
550 SetPref(
551 true, pref_names::kAllowedInstallSites, allowed_sites_pref.DeepCopy());
552 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_install_sources);
553 EXPECT_TRUE(ReadGlobalSettings()->install_sources.MatchesURL(
554 GURL("https://www.example.com/foo")));
555
556 // Set the new dictionary preference.
557 {
558 PrefUpdater updater(pref_service_.get());
559 updater.ClearInstallSources();
560 }
561 // Verifies that the new one overrides the legacy ones.
562 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_install_sources);
563 EXPECT_FALSE(ReadGlobalSettings()->install_sources.MatchesURL(
564 GURL("https://www.example.com/foo")));
565
566 // Updates the new dictionary preference.
567 {
568 PrefUpdater updater(pref_service_.get());
569 updater.AddInstallSource("https://corp.mycompany.com/*");
570 }
571 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_install_sources);
572 EXPECT_TRUE(ReadGlobalSettings()->install_sources.MatchesURL(
573 GURL("https://corp.mycompany.com/entry")));
574 }
575
576 // Tests functionality of new preference as to deprecate legacy
577 // ExtensionAllowedTypes policy.
578 TEST_F(ExtensionManagementServiceTest, NewAllowedTypes) {
579 // Set the legacy preference, and verifies that it works.
580 base::ListValue allowed_types_pref;
581 allowed_types_pref.AppendInteger(Manifest::TYPE_USER_SCRIPT);
582 SetPref(true, pref_names::kAllowedTypes, allowed_types_pref.DeepCopy());
583 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_allowed_types);
584 EXPECT_EQ(ReadGlobalSettings()->allowed_types.size(), 1u);
585 EXPECT_EQ(ReadGlobalSettings()->allowed_types[0], Manifest::TYPE_USER_SCRIPT);
586
587 // Set the new dictionary preference.
588 {
589 PrefUpdater updater(pref_service_.get());
590 updater.ClearAllowedTypes();
591 }
592 // Verifies that the new one overrides the legacy ones.
593 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_allowed_types);
594 EXPECT_EQ(ReadGlobalSettings()->allowed_types.size(), 0u);
595
596 // Updates the new dictionary preference.
597 {
598 PrefUpdater updater(pref_service_.get());
599 updater.AddAllowedType("theme");
600 }
601 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_allowed_types);
602 EXPECT_EQ(ReadGlobalSettings()->allowed_types.size(), 1u);
603 EXPECT_EQ(ReadGlobalSettings()->allowed_types[0], Manifest::TYPE_THEME);
604 }
605
606 // Tests functionality of new preference as to deprecate legacy
607 // ExtensionInstallBlacklist policy.
608 TEST_F(ExtensionManagementServiceTest, NewInstallBlacklist) {
609 // Set the new dictionary preference.
610 {
611 PrefUpdater updater(pref_service_.get());
612 updater.SetBlacklistedByDefault(false); // Allowed by default.
613 updater.SetIndividualExtensionInstallationAllowed(kTargetExtension, false);
614 updater.ClearPerExtensionSettings(kTargetExtension2);
615 }
616 EXPECT_FALSE(extension_management_->BlacklistedByDefault());
617 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
618 ExtensionManagement::INSTALLATION_BLOCKED);
619 EXPECT_EQ(GetInstallationModeById(kNonExistingExtension),
620 ExtensionManagement::INSTALLATION_ALLOWED);
621
622 // Set legacy preference.
623 base::ListValue denied_list_pref;
624 denied_list_pref.AppendString("*");
625 denied_list_pref.AppendString(kTargetExtension2);
626 SetPref(true, pref_names::kInstallDenyList, denied_list_pref.DeepCopy());
627
628 base::ListValue allowed_list_pref;
629 allowed_list_pref.AppendString(kTargetExtension);
630 SetPref(true, pref_names::kInstallAllowList, allowed_list_pref.DeepCopy());
631
632 // Verifies that the new one have higher priority over the legacy ones.
633 EXPECT_FALSE(extension_management_->BlacklistedByDefault());
634 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
635 ExtensionManagement::INSTALLATION_BLOCKED);
636 EXPECT_EQ(GetInstallationModeById(kTargetExtension2),
637 ExtensionManagement::INSTALLATION_BLOCKED);
638 EXPECT_EQ(GetInstallationModeById(kNonExistingExtension),
639 ExtensionManagement::INSTALLATION_ALLOWED);
640 }
641
642 // Tests functionality of new preference as to deprecate legacy
643 // ExtensionInstallWhitelist policy.
644 TEST_F(ExtensionManagementServiceTest, NewInstallWhitelist) {
645 // Set the new dictionary preference.
646 {
647 PrefUpdater updater(pref_service_.get());
648 updater.SetBlacklistedByDefault(true); // Disallowed by default.
649 updater.SetIndividualExtensionInstallationAllowed(kTargetExtension, true);
650 updater.ClearPerExtensionSettings(kTargetExtension2);
651 }
652 EXPECT_TRUE(extension_management_->BlacklistedByDefault());
653 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
654 ExtensionManagement::INSTALLATION_ALLOWED);
655 EXPECT_EQ(GetInstallationModeById(kNonExistingExtension),
656 ExtensionManagement::INSTALLATION_BLOCKED);
657
658 // Set legacy preference.
659 base::ListValue denied_list_pref;
660 denied_list_pref.AppendString(kTargetExtension);
661 SetPref(true, pref_names::kInstallDenyList, denied_list_pref.DeepCopy());
662
663 base::ListValue allowed_list_pref;
664 allowed_list_pref.AppendString(kTargetExtension2);
665 SetPref(true, pref_names::kInstallAllowList, allowed_list_pref.DeepCopy());
666
667 // Verifies that the new one have higher priority over the legacy ones.
668 EXPECT_TRUE(extension_management_->BlacklistedByDefault());
669 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
670 ExtensionManagement::INSTALLATION_ALLOWED);
671 EXPECT_EQ(GetInstallationModeById(kTargetExtension2),
672 ExtensionManagement::INSTALLATION_ALLOWED);
673 EXPECT_EQ(GetInstallationModeById(kNonExistingExtension),
674 ExtensionManagement::INSTALLATION_BLOCKED);
675 }
676
677 // Tests functionality of new preference as to deprecate legacy
678 // ExtensionInstallForcelist policy.
679 TEST_F(ExtensionManagementServiceTest, NewInstallForcelist) {
680 // Set some legacy preferences, to verify that the new one overrides the
681 // legacy ones.
682 base::ListValue denied_list_pref;
683 denied_list_pref.AppendString(kTargetExtension);
684 SetPref(true, pref_names::kInstallDenyList, denied_list_pref.DeepCopy());
685
686 // Set the new dictionary preference.
687 {
688 PrefUpdater updater(pref_service_.get());
689 updater.SetIndividualExtensionAutoInstalled(
690 kTargetExtension, kExampleUpdateUrl, true);
691 }
692 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
693 ExtensionManagement::INSTALLATION_FORCED);
694 CheckAutomaticallyInstalledUpdateUrl(kTargetExtension, kExampleUpdateUrl);
695 EXPECT_EQ(GetInstallationModeById(kNonExistingExtension),
696 ExtensionManagement::INSTALLATION_ALLOWED);
697 }
698
699 // Tests the behavior of IsInstallationExplicitlyAllowed().
700 TEST_F(ExtensionManagementServiceTest, IsInstallationExplicitlyAllowed) {
701 SetExampleDictPref();
702
703 // Constant name indicates the installation_mode of extensions in example
704 // preference.
705 const char* allowed = kTargetExtension;
706 const char* forced = kTargetExtension2;
707 const char* recommended = kTargetExtension3;
708 const char* blocked = kTargetExtension4;
709 const char* not_specified = kNonExistingExtension;
710
711 // BlacklistedByDefault() is true in example preference.
712 EXPECT_TRUE(extension_management_->IsInstallationExplicitlyAllowed(allowed));
713 EXPECT_TRUE(extension_management_->IsInstallationExplicitlyAllowed(forced));
714 EXPECT_TRUE(
715 extension_management_->IsInstallationExplicitlyAllowed(recommended));
716 EXPECT_FALSE(extension_management_->IsInstallationExplicitlyAllowed(blocked));
717 EXPECT_FALSE(
718 extension_management_->IsInstallationExplicitlyAllowed(not_specified));
719
720 {
721 // Set BlacklistedByDefault() to false.
722 PrefUpdater pref(pref_service_.get());
723 pref.SetBlacklistedByDefault(false);
724 }
725
726 // The result should remain the same.
727 EXPECT_TRUE(extension_management_->IsInstallationExplicitlyAllowed(allowed));
728 EXPECT_TRUE(extension_management_->IsInstallationExplicitlyAllowed(forced));
729 EXPECT_TRUE(
730 extension_management_->IsInstallationExplicitlyAllowed(recommended));
731 EXPECT_FALSE(extension_management_->IsInstallationExplicitlyAllowed(blocked));
732 EXPECT_FALSE(
733 extension_management_->IsInstallationExplicitlyAllowed(not_specified));
734 }
735
736 // Tests the flag value indicating that extensions are blacklisted by default.
737 TEST_F(ExtensionAdminPolicyTest, BlacklistedByDefault) {
738 EXPECT_FALSE(BlacklistedByDefault(NULL));
739
740 base::ListValue blacklist;
741 blacklist.Append(new base::StringValue(kNonExistingExtension));
742 EXPECT_FALSE(BlacklistedByDefault(&blacklist));
743 blacklist.Append(new base::StringValue("*"));
744 EXPECT_TRUE(BlacklistedByDefault(&blacklist));
745
746 blacklist.Clear();
747 blacklist.Append(new base::StringValue("*"));
748 EXPECT_TRUE(BlacklistedByDefault(&blacklist));
749 }
750
751 // Tests UserMayLoad for required extensions.
752 TEST_F(ExtensionAdminPolicyTest, UserMayLoadRequired) {
753 CreateExtension(Manifest::COMPONENT);
754 EXPECT_TRUE(UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(), NULL));
755 base::string16 error;
756 EXPECT_TRUE(UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(), &error));
757 EXPECT_TRUE(error.empty());
758
759 // Required extensions may load even if they're on the blacklist.
760 base::ListValue blacklist;
761 blacklist.Append(new base::StringValue(extension_->id()));
762 EXPECT_TRUE(
763 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL));
764
765 blacklist.Append(new base::StringValue("*"));
766 EXPECT_TRUE(
767 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL));
768 }
769
770 // Tests UserMayLoad when no blacklist exists, or it's empty.
771 TEST_F(ExtensionAdminPolicyTest, UserMayLoadNoBlacklist) {
772 CreateExtension(Manifest::INTERNAL);
773 EXPECT_TRUE(UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(), NULL));
774 base::ListValue blacklist;
775 EXPECT_TRUE(
776 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL));
777 base::string16 error;
778 EXPECT_TRUE(
779 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), &error));
780 EXPECT_TRUE(error.empty());
781 }
782
783 // Tests UserMayLoad for an extension on the whitelist.
784 TEST_F(ExtensionAdminPolicyTest, UserMayLoadWhitelisted) {
785 CreateExtension(Manifest::INTERNAL);
786
787 base::ListValue whitelist;
788 whitelist.Append(new base::StringValue(extension_->id()));
789 EXPECT_TRUE(
790 UserMayLoad(NULL, &whitelist, NULL, NULL, extension_.get(), NULL));
791
792 base::ListValue blacklist;
793 blacklist.Append(new base::StringValue(extension_->id()));
794 EXPECT_TRUE(
795 UserMayLoad(NULL, &whitelist, NULL, NULL, extension_.get(), NULL));
796 base::string16 error;
797 EXPECT_TRUE(
798 UserMayLoad(NULL, &whitelist, NULL, NULL, extension_.get(), &error));
799 EXPECT_TRUE(error.empty());
800 }
801
802 // Tests UserMayLoad for an extension on the blacklist.
803 TEST_F(ExtensionAdminPolicyTest, UserMayLoadBlacklisted) {
804 CreateExtension(Manifest::INTERNAL);
805
806 // Blacklisted by default.
807 base::ListValue blacklist;
808 blacklist.Append(new base::StringValue("*"));
809 EXPECT_FALSE(
810 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL));
811 base::string16 error;
812 EXPECT_FALSE(
813 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), &error));
814 EXPECT_FALSE(error.empty());
815
816 // Extension on the blacklist, with and without wildcard.
817 blacklist.Append(new base::StringValue(extension_->id()));
818 EXPECT_FALSE(
819 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL));
820 blacklist.Clear();
821 blacklist.Append(new base::StringValue(extension_->id()));
822 EXPECT_FALSE(
823 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL));
824
825 // With a whitelist. There's no such thing as a whitelist wildcard.
826 base::ListValue whitelist;
827 whitelist.Append(new base::StringValue("behllobkkfkfnphdnhnkndlbkcpglgmj"));
828 EXPECT_FALSE(
829 UserMayLoad(&blacklist, &whitelist, NULL, NULL, extension_.get(), NULL));
830 whitelist.Append(new base::StringValue("*"));
831 EXPECT_FALSE(
832 UserMayLoad(&blacklist, &whitelist, NULL, NULL, extension_.get(), NULL));
833 }
834
835 TEST_F(ExtensionAdminPolicyTest, UserMayLoadAllowedTypes) {
836 CreateExtension(Manifest::INTERNAL);
837 EXPECT_TRUE(UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(), NULL));
838
839 base::ListValue allowed_types;
840 EXPECT_FALSE(
841 UserMayLoad(NULL, NULL, NULL, &allowed_types, extension_.get(), NULL));
842
843 allowed_types.AppendInteger(Manifest::TYPE_EXTENSION);
844 EXPECT_TRUE(
845 UserMayLoad(NULL, NULL, NULL, &allowed_types, extension_.get(), NULL));
846
847 CreateHostedApp(Manifest::INTERNAL);
848 EXPECT_FALSE(
849 UserMayLoad(NULL, NULL, NULL, &allowed_types, extension_.get(), NULL));
850
851 CreateHostedApp(Manifest::EXTERNAL_POLICY_DOWNLOAD);
852 EXPECT_FALSE(
853 UserMayLoad(NULL, NULL, NULL, &allowed_types, extension_.get(), NULL));
854 }
855
856 TEST_F(ExtensionAdminPolicyTest, UserMayModifySettings) {
857 CreateExtension(Manifest::INTERNAL);
858 EXPECT_TRUE(UserMayModifySettings(extension_.get(), NULL));
859 base::string16 error;
860 EXPECT_TRUE(UserMayModifySettings(extension_.get(), &error));
861 EXPECT_TRUE(error.empty());
862
863 CreateExtension(Manifest::EXTERNAL_POLICY_DOWNLOAD);
864 error.clear();
865 EXPECT_FALSE(UserMayModifySettings(extension_.get(), NULL));
866 EXPECT_FALSE(UserMayModifySettings(extension_.get(), &error));
867 EXPECT_FALSE(error.empty());
868 }
869
870 TEST_F(ExtensionAdminPolicyTest, MustRemainEnabled) {
871 CreateExtension(Manifest::EXTERNAL_POLICY_DOWNLOAD);
872 EXPECT_TRUE(MustRemainEnabled(extension_.get(), NULL));
873 base::string16 error;
874 EXPECT_TRUE(MustRemainEnabled(extension_.get(), &error));
875 EXPECT_FALSE(error.empty());
876
877 CreateExtension(Manifest::INTERNAL);
878 error.clear();
879 EXPECT_FALSE(MustRemainEnabled(extension_.get(), NULL));
880 EXPECT_FALSE(MustRemainEnabled(extension_.get(), &error));
881 EXPECT_TRUE(error.empty());
882 }
883
884 } // namespace extensions