search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Cast: Stop logging kVideoFrameSentToEncoder and rename a couple events.
[chromium-blink-merge.git] / chrome / common / extensions / permissions / permission_set_unittest.cc
blob967de7b22d24894de85df1110d49930b2cbf6657
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/command_line.h"
6 #include "base/json/json_file_value_serializer.h"
7 #include "base/logging.h"
8 #include "base/path_service.h"
9 #include "base/strings/utf_string_conversions.h"
10 #include "chrome/common/chrome_paths.h"
11 #include "chrome/common/chrome_switches.h"
12 #include "chrome/common/extensions/extension_test_util.h"
13 #include "chrome/common/extensions/features/feature_channel.h"
14 #include "chrome/common/extensions/permissions/chrome_permission_message_provider.h"
15 #include "extensions/common/error_utils.h"
16 #include "extensions/common/extension.h"
17 #include "extensions/common/extension_builder.h"
18 #include "extensions/common/permissions/permission_message_provider.h"
19 #include "extensions/common/permissions/permission_message_util.h"
20 #include "extensions/common/permissions/permission_set.h"
21 #include "extensions/common/permissions/permissions_data.h"
22 #include "extensions/common/permissions/permissions_info.h"
23 #include "extensions/common/permissions/socket_permission.h"
24 #include "extensions/common/value_builder.h"
25 #include "grit/generated_resources.h"
26 #include "testing/gtest/include/gtest/gtest.h"
27 #include "ui/base/l10n/l10n_util.h"
28
29 using extension_test_util::LoadManifest;
30
31 namespace extensions {
32
33 namespace {
34
35 static void AddPattern(URLPatternSet* extent, const std::string& pattern) {
36 int schemes = URLPattern::SCHEME_ALL;
37 extent->AddPattern(URLPattern(schemes, pattern));
38 }
39
40 size_t IndexOf(const std::vector<base::string16>& warnings,
41 const std::string& warning) {
42 for (size_t i = 0; i < warnings.size(); ++i) {
43 if (warnings[i] == base::ASCIIToUTF16(warning))
44 return i;
45 }
46
47 return warnings.size();
48 }
49
50 bool Contains(const std::vector<base::string16>& warnings,
51 const std::string& warning) {
52 return IndexOf(warnings, warning) != warnings.size();
53 }
54
55 } // namespace
56
57 // Tests GetByID.
58 TEST(PermissionsTest, GetByID) {
59 PermissionsInfo* info = PermissionsInfo::GetInstance();
60 APIPermissionSet apis = info->GetAll();
61 for (APIPermissionSet::const_iterator i = apis.begin();
62 i != apis.end(); ++i) {
63 EXPECT_EQ(i->id(), i->info()->id());
64 }
65 }
66
67 // Tests that GetByName works with normal permission names and aliases.
68 TEST(PermissionsTest, GetByName) {
69 PermissionsInfo* info = PermissionsInfo::GetInstance();
70 EXPECT_EQ(APIPermission::kTab, info->GetByName("tabs")->id());
71 EXPECT_EQ(APIPermission::kManagement,
72 info->GetByName("management")->id());
73 EXPECT_FALSE(info->GetByName("alsdkfjasldkfj"));
74 }
75
76 TEST(PermissionsTest, GetAll) {
77 size_t count = 0;
78 PermissionsInfo* info = PermissionsInfo::GetInstance();
79 APIPermissionSet apis = info->GetAll();
80 for (APIPermissionSet::const_iterator api = apis.begin();
81 api != apis.end(); ++api) {
82 // Make sure only the valid permission IDs get returned.
83 EXPECT_NE(APIPermission::kInvalid, api->id());
84 EXPECT_NE(APIPermission::kUnknown, api->id());
85 count++;
86 }
87 EXPECT_EQ(count, info->get_permission_count());
88 }
89
90 TEST(PermissionsTest, GetAllByName) {
91 std::set<std::string> names;
92 names.insert("background");
93 names.insert("management");
94
95 // This is an alias of kTab
96 names.insert("windows");
97
98 // This unknown name should get dropped.
99 names.insert("sdlkfjasdlkfj");
100
101 APIPermissionSet expected;
102 expected.insert(APIPermission::kBackground);
103 expected.insert(APIPermission::kManagement);
104 expected.insert(APIPermission::kTab);
105
106 EXPECT_EQ(expected,
107 PermissionsInfo::GetInstance()->GetAllByName(names));
108 }
109
110 // Tests that the aliases are properly mapped.
111 TEST(PermissionsTest, Aliases) {
112 PermissionsInfo* info = PermissionsInfo::GetInstance();
113 // tabs: tabs, windows
114 std::string tabs_name = "tabs";
115 EXPECT_EQ(tabs_name, info->GetByID(APIPermission::kTab)->name());
116 EXPECT_EQ(APIPermission::kTab, info->GetByName("tabs")->id());
117 EXPECT_EQ(APIPermission::kTab, info->GetByName("windows")->id());
118
119 // unlimitedStorage: unlimitedStorage, unlimited_storage
120 std::string storage_name = "unlimitedStorage";
121 EXPECT_EQ(storage_name, info->GetByID(
122 APIPermission::kUnlimitedStorage)->name());
123 EXPECT_EQ(APIPermission::kUnlimitedStorage,
124 info->GetByName("unlimitedStorage")->id());
125 EXPECT_EQ(APIPermission::kUnlimitedStorage,
126 info->GetByName("unlimited_storage")->id());
127 }
128
129 TEST(PermissionsTest, EffectiveHostPermissions) {
130 scoped_refptr<Extension> extension;
131 scoped_refptr<const PermissionSet> permissions;
132
133 extension = LoadManifest("effective_host_permissions", "empty.json");
134 permissions = extension->GetActivePermissions();
135 EXPECT_EQ(0u,
136 PermissionsData::GetEffectiveHostPermissions(extension.get())
137 .patterns().size());
138 EXPECT_FALSE(
139 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com")));
140 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
141
142 extension = LoadManifest("effective_host_permissions", "one_host.json");
143 permissions = extension->GetActivePermissions();
144 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
145 GURL("http://www.google.com")));
146 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(
147 GURL("https://www.google.com")));
148 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
149
150 extension = LoadManifest("effective_host_permissions",
151 "one_host_wildcard.json");
152 permissions = extension->GetActivePermissions();
153 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com")));
154 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
155 GURL("http://foo.google.com")));
156 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
157
158 extension = LoadManifest("effective_host_permissions", "two_hosts.json");
159 permissions = extension->GetActivePermissions();
160 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
161 GURL("http://www.google.com")));
162 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
163 GURL("http://www.reddit.com")));
164 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
165
166 extension = LoadManifest("effective_host_permissions",
167 "https_not_considered.json");
168 permissions = extension->GetActivePermissions();
169 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com")));
170 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://google.com")));
171 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
172
173 extension = LoadManifest("effective_host_permissions",
174 "two_content_scripts.json");
175 permissions = extension->GetActivePermissions();
176 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com")));
177 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
178 GURL("http://www.reddit.com")));
179 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
180 GURL("http://news.ycombinator.com")));
181 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
182
183 extension = LoadManifest("effective_host_permissions", "all_hosts.json");
184 permissions = extension->GetActivePermissions();
185 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
186 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("https://test/")));
187 EXPECT_TRUE(
188 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com")));
189 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts());
190
191 extension = LoadManifest("effective_host_permissions", "all_hosts2.json");
192 permissions = extension->GetActivePermissions();
193 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
194 EXPECT_TRUE(
195 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com")));
196 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts());
197
198 extension = LoadManifest("effective_host_permissions", "all_hosts3.json");
199 permissions = extension->GetActivePermissions();
200 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
201 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://test/")));
202 EXPECT_TRUE(
203 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com")));
204 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts());
205 }
206
207 TEST(PermissionsTest, ExplicitAccessToOrigin) {
208 APIPermissionSet apis;
209 ManifestPermissionSet manifest_permissions;
210 URLPatternSet explicit_hosts;
211 URLPatternSet scriptable_hosts;
212
213 AddPattern(&explicit_hosts, "http://*.google.com/*");
214 // The explicit host paths should get set to /*.
215 AddPattern(&explicit_hosts, "http://www.example.com/a/particular/path/*");
216
217 scoped_refptr<PermissionSet> perm_set = new PermissionSet(
218 apis, manifest_permissions, explicit_hosts, scriptable_hosts);
219 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin(
220 GURL("http://www.google.com/")));
221 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin(
222 GURL("http://test.google.com/")));
223 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin(
224 GURL("http://www.example.com")));
225 ASSERT_TRUE(perm_set->HasEffectiveAccessToURL(
226 GURL("http://www.example.com")));
227 ASSERT_FALSE(perm_set->HasExplicitAccessToOrigin(
228 GURL("http://test.example.com")));
229 }
230
231 TEST(PermissionsTest, CreateUnion) {
232 APIPermission* permission = NULL;
233
234 ManifestPermissionSet manifest_permissions;
235 APIPermissionSet apis1;
236 APIPermissionSet apis2;
237 APIPermissionSet expected_apis;
238
239 URLPatternSet explicit_hosts1;
240 URLPatternSet explicit_hosts2;
241 URLPatternSet expected_explicit_hosts;
242
243 URLPatternSet scriptable_hosts1;
244 URLPatternSet scriptable_hosts2;
245 URLPatternSet expected_scriptable_hosts;
246
247 URLPatternSet effective_hosts;
248
249 scoped_refptr<PermissionSet> set1;
250 scoped_refptr<PermissionSet> set2;
251 scoped_refptr<PermissionSet> union_set;
252
253 const APIPermissionInfo* permission_info =
254 PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket);
255 permission = permission_info->CreateAPIPermission();
256 {
257 scoped_ptr<base::ListValue> value(new base::ListValue());
258 value->Append(
259 base::Value::CreateStringValue("tcp-connect:*.example.com:80"));
260 value->Append(base::Value::CreateStringValue("udp-bind::8080"));
261 value->Append(base::Value::CreateStringValue("udp-send-to::8888"));
262 ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL));
263 }
264
265 // Union with an empty set.
266 apis1.insert(APIPermission::kTab);
267 apis1.insert(APIPermission::kBackground);
268 apis1.insert(permission->Clone());
269 expected_apis.insert(APIPermission::kTab);
270 expected_apis.insert(APIPermission::kBackground);
271 expected_apis.insert(permission);
272
273 AddPattern(&explicit_hosts1, "http://*.google.com/*");
274 AddPattern(&expected_explicit_hosts, "http://*.google.com/*");
275 AddPattern(&effective_hosts, "http://*.google.com/*");
276
277 set1 = new PermissionSet(apis1, manifest_permissions,
278 explicit_hosts1, scriptable_hosts1);
279 set2 = new PermissionSet(apis2, manifest_permissions,
280 explicit_hosts2, scriptable_hosts2);
281 union_set = PermissionSet::CreateUnion(set1.get(), set2.get());
282 EXPECT_TRUE(set1->Contains(*set2.get()));
283 EXPECT_TRUE(set1->Contains(*union_set.get()));
284 EXPECT_FALSE(set2->Contains(*set1.get()));
285 EXPECT_FALSE(set2->Contains(*union_set.get()));
286 EXPECT_TRUE(union_set->Contains(*set1.get()));
287 EXPECT_TRUE(union_set->Contains(*set2.get()));
288
289 EXPECT_FALSE(union_set->HasEffectiveFullAccess());
290 EXPECT_EQ(expected_apis, union_set->apis());
291 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts());
292 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts());
293 EXPECT_EQ(expected_explicit_hosts, union_set->effective_hosts());
294
295 // Now use a real second set.
296 apis2.insert(APIPermission::kTab);
297 apis2.insert(APIPermission::kProxy);
298 apis2.insert(APIPermission::kClipboardWrite);
299 apis2.insert(APIPermission::kPlugin);
300
301 permission = permission_info->CreateAPIPermission();
302 {
303 scoped_ptr<base::ListValue> value(new base::ListValue());
304 value->Append(
305 base::Value::CreateStringValue("tcp-connect:*.example.com:80"));
306 value->Append(base::Value::CreateStringValue("udp-send-to::8899"));
307 ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL));
308 }
309 apis2.insert(permission);
310
311 expected_apis.insert(APIPermission::kTab);
312 expected_apis.insert(APIPermission::kProxy);
313 expected_apis.insert(APIPermission::kClipboardWrite);
314 expected_apis.insert(APIPermission::kPlugin);
315
316 permission = permission_info->CreateAPIPermission();
317 {
318 scoped_ptr<base::ListValue> value(new base::ListValue());
319 value->Append(
320 base::Value::CreateStringValue("tcp-connect:*.example.com:80"));
321 value->Append(base::Value::CreateStringValue("udp-bind::8080"));
322 value->Append(base::Value::CreateStringValue("udp-send-to::8888"));
323 value->Append(base::Value::CreateStringValue("udp-send-to::8899"));
324 ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL));
325 }
326 // Insert a new permission socket permisssion which will replace the old one.
327 expected_apis.insert(permission);
328
329 AddPattern(&explicit_hosts2, "http://*.example.com/*");
330 AddPattern(&scriptable_hosts2, "http://*.google.com/*");
331 AddPattern(&expected_explicit_hosts, "http://*.example.com/*");
332 AddPattern(&expected_scriptable_hosts, "http://*.google.com/*");
333
334 URLPatternSet::CreateUnion(
335 explicit_hosts2, scriptable_hosts2, &effective_hosts);
336
337 set2 = new PermissionSet(apis2, manifest_permissions,
338 explicit_hosts2, scriptable_hosts2);
339 union_set = PermissionSet::CreateUnion(set1.get(), set2.get());
340
341 EXPECT_FALSE(set1->Contains(*set2.get()));
342 EXPECT_FALSE(set1->Contains(*union_set.get()));
343 EXPECT_FALSE(set2->Contains(*set1.get()));
344 EXPECT_FALSE(set2->Contains(*union_set.get()));
345 EXPECT_TRUE(union_set->Contains(*set1.get()));
346 EXPECT_TRUE(union_set->Contains(*set2.get()));
347
348 EXPECT_TRUE(union_set->HasEffectiveFullAccess());
349 EXPECT_TRUE(union_set->HasEffectiveAccessToAllHosts());
350 EXPECT_EQ(expected_apis, union_set->apis());
351 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts());
352 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts());
353 EXPECT_EQ(effective_hosts, union_set->effective_hosts());
354 }
355
356 TEST(PermissionsTest, CreateIntersection) {
357 APIPermission* permission = NULL;
358
359 ManifestPermissionSet manifest_permissions;
360 APIPermissionSet apis1;
361 APIPermissionSet apis2;
362 APIPermissionSet expected_apis;
363
364 URLPatternSet explicit_hosts1;
365 URLPatternSet explicit_hosts2;
366 URLPatternSet expected_explicit_hosts;
367
368 URLPatternSet scriptable_hosts1;
369 URLPatternSet scriptable_hosts2;
370 URLPatternSet expected_scriptable_hosts;
371
372 URLPatternSet effective_hosts;
373
374 scoped_refptr<PermissionSet> set1;
375 scoped_refptr<PermissionSet> set2;
376 scoped_refptr<PermissionSet> new_set;
377
378 const APIPermissionInfo* permission_info =
379 PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket);
380
381 // Intersection with an empty set.
382 apis1.insert(APIPermission::kTab);
383 apis1.insert(APIPermission::kBackground);
384 permission = permission_info->CreateAPIPermission();
385 {
386 scoped_ptr<base::ListValue> value(new base::ListValue());
387 value->Append(
388 base::Value::CreateStringValue("tcp-connect:*.example.com:80"));
389 value->Append(base::Value::CreateStringValue("udp-bind::8080"));
390 value->Append(base::Value::CreateStringValue("udp-send-to::8888"));
391 ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL));
392 }
393 apis1.insert(permission);
394
395 AddPattern(&explicit_hosts1, "http://*.google.com/*");
396 AddPattern(&scriptable_hosts1, "http://www.reddit.com/*");
397
398 set1 = new PermissionSet(apis1, manifest_permissions,
399 explicit_hosts1, scriptable_hosts1);
400 set2 = new PermissionSet(apis2, manifest_permissions,
401 explicit_hosts2, scriptable_hosts2);
402 new_set = PermissionSet::CreateIntersection(set1.get(), set2.get());
403 EXPECT_TRUE(set1->Contains(*new_set.get()));
404 EXPECT_TRUE(set2->Contains(*new_set.get()));
405 EXPECT_TRUE(set1->Contains(*set2.get()));
406 EXPECT_FALSE(set2->Contains(*set1.get()));
407 EXPECT_FALSE(new_set->Contains(*set1.get()));
408 EXPECT_TRUE(new_set->Contains(*set2.get()));
409
410 EXPECT_TRUE(new_set->IsEmpty());
411 EXPECT_FALSE(new_set->HasEffectiveFullAccess());
412 EXPECT_EQ(expected_apis, new_set->apis());
413 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
414 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
415 EXPECT_EQ(expected_explicit_hosts, new_set->effective_hosts());
416
417 // Now use a real second set.
418 apis2.insert(APIPermission::kTab);
419 apis2.insert(APIPermission::kProxy);
420 apis2.insert(APIPermission::kClipboardWrite);
421 apis2.insert(APIPermission::kPlugin);
422 permission = permission_info->CreateAPIPermission();
423 {
424 scoped_ptr<base::ListValue> value(new base::ListValue());
425 value->Append(base::Value::CreateStringValue("udp-bind::8080"));
426 value->Append(base::Value::CreateStringValue("udp-send-to::8888"));
427 value->Append(base::Value::CreateStringValue("udp-send-to::8899"));
428 ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL));
429 }
430 apis2.insert(permission);
431
432 expected_apis.insert(APIPermission::kTab);
433 permission = permission_info->CreateAPIPermission();
434 {
435 scoped_ptr<base::ListValue> value(new base::ListValue());
436 value->Append(base::Value::CreateStringValue("udp-bind::8080"));
437 value->Append(base::Value::CreateStringValue("udp-send-to::8888"));
438 ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL));
439 }
440 expected_apis.insert(permission);
441
442 AddPattern(&explicit_hosts2, "http://*.example.com/*");
443 AddPattern(&explicit_hosts2, "http://*.google.com/*");
444 AddPattern(&scriptable_hosts2, "http://*.google.com/*");
445 AddPattern(&expected_explicit_hosts, "http://*.google.com/*");
446
447 effective_hosts.ClearPatterns();
448 AddPattern(&effective_hosts, "http://*.google.com/*");
449
450 set2 = new PermissionSet(apis2, manifest_permissions,
451 explicit_hosts2, scriptable_hosts2);
452 new_set = PermissionSet::CreateIntersection(set1.get(), set2.get());
453
454 EXPECT_TRUE(set1->Contains(*new_set.get()));
455 EXPECT_TRUE(set2->Contains(*new_set.get()));
456 EXPECT_FALSE(set1->Contains(*set2.get()));
457 EXPECT_FALSE(set2->Contains(*set1.get()));
458 EXPECT_FALSE(new_set->Contains(*set1.get()));
459 EXPECT_FALSE(new_set->Contains(*set2.get()));
460
461 EXPECT_FALSE(new_set->HasEffectiveFullAccess());
462 EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts());
463 EXPECT_EQ(expected_apis, new_set->apis());
464 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
465 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
466 EXPECT_EQ(effective_hosts, new_set->effective_hosts());
467 }
468
469 TEST(PermissionsTest, CreateDifference) {
470 APIPermission* permission = NULL;
471
472 ManifestPermissionSet manifest_permissions;
473 APIPermissionSet apis1;
474 APIPermissionSet apis2;
475 APIPermissionSet expected_apis;
476
477 URLPatternSet explicit_hosts1;
478 URLPatternSet explicit_hosts2;
479 URLPatternSet expected_explicit_hosts;
480
481 URLPatternSet scriptable_hosts1;
482 URLPatternSet scriptable_hosts2;
483 URLPatternSet expected_scriptable_hosts;
484
485 URLPatternSet effective_hosts;
486
487 scoped_refptr<PermissionSet> set1;
488 scoped_refptr<PermissionSet> set2;
489 scoped_refptr<PermissionSet> new_set;
490
491 const APIPermissionInfo* permission_info =
492 PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket);
493
494 // Difference with an empty set.
495 apis1.insert(APIPermission::kTab);
496 apis1.insert(APIPermission::kBackground);
497 permission = permission_info->CreateAPIPermission();
498 {
499 scoped_ptr<base::ListValue> value(new base::ListValue());
500 value->Append(
501 base::Value::CreateStringValue("tcp-connect:*.example.com:80"));
502 value->Append(base::Value::CreateStringValue("udp-bind::8080"));
503 value->Append(base::Value::CreateStringValue("udp-send-to::8888"));
504 ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL));
505 }
506 apis1.insert(permission);
507
508 AddPattern(&explicit_hosts1, "http://*.google.com/*");
509 AddPattern(&scriptable_hosts1, "http://www.reddit.com/*");
510
511 set1 = new PermissionSet(apis1, manifest_permissions,
512 explicit_hosts1, scriptable_hosts1);
513 set2 = new PermissionSet(apis2, manifest_permissions,
514 explicit_hosts2, scriptable_hosts2);
515 new_set = PermissionSet::CreateDifference(set1.get(), set2.get());
516 EXPECT_EQ(*set1.get(), *new_set.get());
517
518 // Now use a real second set.
519 apis2.insert(APIPermission::kTab);
520 apis2.insert(APIPermission::kProxy);
521 apis2.insert(APIPermission::kClipboardWrite);
522 apis2.insert(APIPermission::kPlugin);
523 permission = permission_info->CreateAPIPermission();
524 {
525 scoped_ptr<base::ListValue> value(new base::ListValue());
526 value->Append(
527 base::Value::CreateStringValue("tcp-connect:*.example.com:80"));
528 value->Append(base::Value::CreateStringValue("udp-send-to::8899"));
529 ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL));
530 }
531 apis2.insert(permission);
532
533 expected_apis.insert(APIPermission::kBackground);
534 permission = permission_info->CreateAPIPermission();
535 {
536 scoped_ptr<base::ListValue> value(new base::ListValue());
537 value->Append(base::Value::CreateStringValue("udp-bind::8080"));
538 value->Append(base::Value::CreateStringValue("udp-send-to::8888"));
539 ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL));
540 }
541 expected_apis.insert(permission);
542
543 AddPattern(&explicit_hosts2, "http://*.example.com/*");
544 AddPattern(&explicit_hosts2, "http://*.google.com/*");
545 AddPattern(&scriptable_hosts2, "http://*.google.com/*");
546 AddPattern(&expected_scriptable_hosts, "http://www.reddit.com/*");
547
548 effective_hosts.ClearPatterns();
549 AddPattern(&effective_hosts, "http://www.reddit.com/*");
550
551 set2 = new PermissionSet(apis2, manifest_permissions,
552 explicit_hosts2, scriptable_hosts2);
553 new_set = PermissionSet::CreateDifference(set1.get(), set2.get());
554
555 EXPECT_TRUE(set1->Contains(*new_set.get()));
556 EXPECT_FALSE(set2->Contains(*new_set.get()));
557
558 EXPECT_FALSE(new_set->HasEffectiveFullAccess());
559 EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts());
560 EXPECT_EQ(expected_apis, new_set->apis());
561 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
562 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
563 EXPECT_EQ(effective_hosts, new_set->effective_hosts());
564
565 // |set3| = |set1| - |set2| --> |set3| intersect |set2| == empty_set
566 set1 = PermissionSet::CreateIntersection(new_set.get(), set2.get());
567 EXPECT_TRUE(set1->IsEmpty());
568 }
569
570 TEST(PermissionsTest, IsPrivilegeIncrease) {
571 const struct {
572 const char* base_name;
573 bool expect_increase;
574 } kTests[] = {
575 { "allhosts1", false }, // all -> all
576 { "allhosts2", false }, // all -> one
577 { "allhosts3", true }, // one -> all
578 { "hosts1", false }, // http://a,http://b -> http://a,http://b
579 { "hosts2", true }, // http://a,http://b -> https://a,http://*.b
580 { "hosts3", false }, // http://a,http://b -> http://a
581 { "hosts4", true }, // http://a -> http://a,http://b
582 { "hosts5", false }, // http://a,b,c -> http://a,b,c + https://a,b,c
583 { "hosts6", false }, // http://a.com -> http://a.com + http://a.co.uk
584 { "permissions1", false }, // tabs -> tabs
585 { "permissions2", true }, // tabs -> tabs,bookmarks
586 { "permissions3", true }, // http://a -> http://a,tabs
587 { "permissions5", true }, // bookmarks -> bookmarks,history
588 { "equivalent_warnings", false }, // tabs --> tabs, webNavigation
589 #if !defined(OS_CHROMEOS) // plugins aren't allowed in ChromeOS
590 { "permissions4", false }, // plugin -> plugin,tabs
591 { "plugin1", false }, // plugin -> plugin
592 { "plugin2", false }, // plugin -> none
593 { "plugin3", true }, // none -> plugin
594 #endif
595 { "storage", false }, // none -> storage
596 { "notifications", false }, // none -> notifications
597 { "platformapp1", false }, // host permissions for platform apps
598 { "platformapp2", true }, // API permissions for platform apps
599 { "media_galleries1", true }, // all -> read|all
600 { "media_galleries2", true }, // read|all -> read|delete|copyTo|all
601 { "media_galleries3", true }, // all -> read|delete|all
602 { "media_galleries4", false }, // read|all -> all
603 { "media_galleries5", false }, // read|copyTo|delete|all -> read|all
604 { "media_galleries6", false }, // read|all -> read|all
605 { "media_galleries7", true }, // read|delete|all -> read|copyTo|delete|all
606 { "sockets1", true }, // none -> tcp:*:*
607 { "sockets2", false }, // tcp:*:* -> tcp:*:*
608 { "sockets3", true }, // tcp:a.com:80 -> tcp:*:*
609 };
610
611 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) {
612 scoped_refptr<Extension> old_extension(
613 LoadManifest("allow_silent_upgrade",
614 std::string(kTests[i].base_name) + "_old.json"));
615 scoped_refptr<Extension> new_extension(
616 LoadManifest("allow_silent_upgrade",
617 std::string(kTests[i].base_name) + "_new.json"));
618
619 EXPECT_TRUE(new_extension.get()) << kTests[i].base_name << "_new.json";
620 if (!new_extension.get())
621 continue;
622
623 scoped_refptr<const PermissionSet> old_p(
624 old_extension->GetActivePermissions());
625 scoped_refptr<const PermissionSet> new_p(
626 new_extension->GetActivePermissions());
627 Manifest::Type extension_type = old_extension->GetType();
628
629 bool increased = PermissionMessageProvider::Get()->IsPrivilegeIncrease(
630 old_p.get(), new_p.get(), extension_type);
631 EXPECT_EQ(kTests[i].expect_increase, increased) << kTests[i].base_name;
632 }
633 }
634
635 TEST(PermissionsTest, PermissionMessages) {
636 // Ensure that all permissions that needs to show install UI actually have
637 // strings associated with them.
638 APIPermissionSet skip;
639
640 // These are considered "nuisance" or "trivial" permissions that don't need
641 // a prompt.
642 skip.insert(APIPermission::kActiveTab);
643 skip.insert(APIPermission::kAdView);
644 skip.insert(APIPermission::kAlarms);
645 skip.insert(APIPermission::kAlwaysOnTopWindows);
646 skip.insert(APIPermission::kAudio);
647 skip.insert(APIPermission::kBrowsingData);
648 skip.insert(APIPermission::kCastStreaming);
649 skip.insert(APIPermission::kContextMenus);
650 skip.insert(APIPermission::kDiagnostics);
651 skip.insert(APIPermission::kDns);
652 skip.insert(APIPermission::kDownloadsShelf);
653 skip.insert(APIPermission::kFontSettings);
654 skip.insert(APIPermission::kFullscreen);
655 skip.insert(APIPermission::kGcm);
656 skip.insert(APIPermission::kIdle);
657 skip.insert(APIPermission::kIdltest);
658 skip.insert(APIPermission::kLogPrivate);
659 skip.insert(APIPermission::kNotification);
660 skip.insert(APIPermission::kOverrideEscFullscreen);
661 skip.insert(APIPermission::kPointerLock);
662 skip.insert(APIPermission::kPower);
663 skip.insert(APIPermission::kPushMessaging);
664 skip.insert(APIPermission::kSessions);
665 skip.insert(APIPermission::kStorage);
666 skip.insert(APIPermission::kSystemCpu);
667 skip.insert(APIPermission::kSystemDisplay);
668 skip.insert(APIPermission::kSystemMemory);
669 skip.insert(APIPermission::kSystemNetwork);
670 skip.insert(APIPermission::kSystemStorage);
671 skip.insert(APIPermission::kTts);
672 skip.insert(APIPermission::kUnlimitedStorage);
673 skip.insert(APIPermission::kWebcamPrivate);
674 skip.insert(APIPermission::kWebView);
675 skip.insert(APIPermission::kWindowShape);
676
677 // TODO(erikkay) add a string for this permission.
678 skip.insert(APIPermission::kBackground);
679
680 skip.insert(APIPermission::kClipboardWrite);
681
682 // The cookie permission does nothing unless you have associated host
683 // permissions.
684 skip.insert(APIPermission::kCookie);
685
686 // These are warned as part of host permission checks.
687 skip.insert(APIPermission::kDeclarativeContent);
688 skip.insert(APIPermission::kPageCapture);
689 skip.insert(APIPermission::kProxy);
690 skip.insert(APIPermission::kTabCapture);
691 skip.insert(APIPermission::kWebRequest);
692 skip.insert(APIPermission::kWebRequestBlocking);
693
694 // This permission requires explicit user action (context menu handler)
695 // so we won't prompt for it for now.
696 skip.insert(APIPermission::kFileBrowserHandler);
697
698 // These permissions require explicit user action (configuration dialog)
699 // so we don't prompt for them at install time.
700 skip.insert(APIPermission::kMediaGalleries);
701
702 // If you've turned on the experimental command-line flag, we don't need
703 // to warn you further.
704 skip.insert(APIPermission::kExperimental);
705
706 // The Identity API has its own server-driven permission prompts.
707 skip.insert(APIPermission::kIdentity);
708
709 // These are private.
710 skip.insert(APIPermission::kAutoTestPrivate);
711 skip.insert(APIPermission::kBookmarkManagerPrivate);
712 skip.insert(APIPermission::kBrailleDisplayPrivate);
713 skip.insert(APIPermission::kCast);
714 skip.insert(APIPermission::kCastStreaming);
715 skip.insert(APIPermission::kChromeosInfoPrivate);
716 skip.insert(APIPermission::kCloudPrintPrivate);
717 skip.insert(APIPermission::kCommandLinePrivate);
718 skip.insert(APIPermission::kDeveloperPrivate);
719 skip.insert(APIPermission::kDial);
720 skip.insert(APIPermission::kDownloadsInternal);
721 skip.insert(APIPermission::kEchoPrivate);
722 skip.insert(APIPermission::kEnterprisePlatformKeysPrivate);
723 skip.insert(APIPermission::kFeedbackPrivate);
724 skip.insert(APIPermission::kFileBrowserHandlerInternal);
725 skip.insert(APIPermission::kFileBrowserPrivate);
726 skip.insert(APIPermission::kFirstRunPrivate);
727 skip.insert(APIPermission::kHotwordPrivate);
728 skip.insert(APIPermission::kIdentityPrivate);
729 skip.insert(APIPermission::kInfobars);
730 skip.insert(APIPermission::kInputMethodPrivate);
731 skip.insert(APIPermission::kMediaGalleriesPrivate);
732 skip.insert(APIPermission::kMediaPlayerPrivate);
733 skip.insert(APIPermission::kMetricsPrivate);
734 skip.insert(APIPermission::kMDns);
735 skip.insert(APIPermission::kPreferencesPrivate);
736 skip.insert(APIPermission::kPrincipalsPrivate);
737 skip.insert(APIPermission::kImageWriterPrivate);
738 skip.insert(APIPermission::kReadingListPrivate);
739 skip.insert(APIPermission::kRtcPrivate);
740 skip.insert(APIPermission::kStreamsPrivate);
741 skip.insert(APIPermission::kSystemPrivate);
742 skip.insert(APIPermission::kTabCaptureForTab);
743 skip.insert(APIPermission::kTerminalPrivate);
744 skip.insert(APIPermission::kVirtualKeyboardPrivate);
745 skip.insert(APIPermission::kWallpaperPrivate);
746 skip.insert(APIPermission::kWebrtcAudioPrivate);
747 skip.insert(APIPermission::kWebrtcLoggingPrivate);
748 skip.insert(APIPermission::kWebstorePrivate);
749
750 // Warned as part of host permissions.
751 skip.insert(APIPermission::kDevtools);
752
753 // Platform apps.
754 skip.insert(APIPermission::kBrowser);
755 skip.insert(APIPermission::kFileSystem);
756 skip.insert(APIPermission::kFileSystemProvider);
757 skip.insert(APIPermission::kFileSystemRetainEntries);
758 skip.insert(APIPermission::kFileSystemWrite);
759 skip.insert(APIPermission::kSocket);
760 skip.insert(APIPermission::kUsbDevice);
761
762 PermissionsInfo* info = PermissionsInfo::GetInstance();
763 APIPermissionSet permissions = info->GetAll();
764 for (APIPermissionSet::const_iterator i = permissions.begin();
765 i != permissions.end(); ++i) {
766 const APIPermissionInfo* permission_info = i->info();
767 EXPECT_TRUE(permission_info != NULL);
768
769 if (skip.count(i->id())) {
770 EXPECT_EQ(PermissionMessage::kNone, permission_info->message_id())
771 << "unexpected message_id for " << permission_info->name();
772 } else {
773 EXPECT_NE(PermissionMessage::kNone, permission_info->message_id())
774 << "missing message_id for " << permission_info->name();
775 }
776 }
777 }
778
779 TEST(PermissionsTest, FileSystemPermissionMessages) {
780 APIPermissionSet api_permissions;
781 api_permissions.insert(APIPermission::kFileSystemWrite);
782 api_permissions.insert(APIPermission::kFileSystemDirectory);
783 scoped_refptr<PermissionSet> permissions(
784 new PermissionSet(api_permissions, ManifestPermissionSet(),
785 URLPatternSet(), URLPatternSet()));
786 PermissionMessages messages =
787 PermissionMessageProvider::Get()->GetPermissionMessages(
788 permissions, Manifest::TYPE_PLATFORM_APP);
789 ASSERT_EQ(1u, messages.size());
790 std::sort(messages.begin(), messages.end());
791 std::set<PermissionMessage::ID> ids;
792 for (PermissionMessages::const_iterator it = messages.begin();
793 it != messages.end(); ++it) {
794 ids.insert(it->id());
795 }
796 EXPECT_TRUE(ContainsKey(ids, PermissionMessage::kFileSystemDirectory));
797 }
798
799 TEST(PermissionsTest, HiddenFileSystemPermissionMessages) {
800 APIPermissionSet api_permissions;
801 api_permissions.insert(APIPermission::kFileSystemWrite);
802 api_permissions.insert(APIPermission::kFileSystemDirectory);
803 api_permissions.insert(APIPermission::kFileSystemWriteDirectory);
804 scoped_refptr<PermissionSet> permissions(
805 new PermissionSet(api_permissions, ManifestPermissionSet(),
806 URLPatternSet(), URLPatternSet()));
807 PermissionMessages messages =
808 PermissionMessageProvider::Get()->GetPermissionMessages(
809 permissions, Manifest::TYPE_PLATFORM_APP);
810 ASSERT_EQ(1u, messages.size());
811 EXPECT_EQ(PermissionMessage::kFileSystemWriteDirectory, messages[0].id());
812 }
813
814 TEST(PermissionsTest, SuppressedPermissionMessages) {
815 {
816 APIPermissionSet api_permissions;
817 api_permissions.insert(APIPermission::kTab);
818 api_permissions.insert(APIPermission::kHistory);
819 scoped_refptr<PermissionSet> permissions(
820 new PermissionSet(api_permissions, ManifestPermissionSet(),
821 URLPatternSet(), URLPatternSet()));
822 PermissionMessages messages =
823 PermissionMessageProvider::Get()->GetPermissionMessages(
824 permissions, Manifest::TYPE_EXTENSION);
825 EXPECT_EQ(1u, messages.size());
826 EXPECT_EQ(PermissionMessage::kBrowsingHistory, messages[0].id());
827 }
828 {
829 APIPermissionSet api_permissions;
830 api_permissions.insert(APIPermission::kTab);
831 URLPatternSet hosts;
832 hosts.AddPattern(URLPattern(URLPattern::SCHEME_CHROMEUI,
833 "chrome://favicon/"));
834 scoped_refptr<PermissionSet> permissions(
835 new PermissionSet(api_permissions, ManifestPermissionSet(),
836 hosts, URLPatternSet()));
837 PermissionMessages messages =
838 PermissionMessageProvider::Get()->GetPermissionMessages(
839 permissions, Manifest::TYPE_EXTENSION);
840 EXPECT_EQ(1u, messages.size());
841 EXPECT_EQ(PermissionMessage::kTabs, messages[0].id());
842 }
843 {
844 APIPermissionSet api_permissions;
845 api_permissions.insert(APIPermission::kHistory);
846 URLPatternSet hosts;
847 hosts.AddPattern(URLPattern(URLPattern::SCHEME_CHROMEUI,
848 "chrome://favicon/"));
849 scoped_refptr<PermissionSet> permissions(
850 new PermissionSet(api_permissions, ManifestPermissionSet(),
851 hosts, URLPatternSet()));
852 PermissionMessages messages =
853 PermissionMessageProvider::Get()->GetPermissionMessages(
854 permissions, Manifest::TYPE_EXTENSION);
855 EXPECT_EQ(1u, messages.size());
856 EXPECT_EQ(PermissionMessage::kBrowsingHistory, messages[0].id());
857 }
858 }
859
860 TEST(PermissionsTest, MergedFileSystemPermissionComparison) {
861 APIPermissionSet write_api_permissions;
862 write_api_permissions.insert(APIPermission::kFileSystemWrite);
863 scoped_refptr<PermissionSet> write_permissions(
864 new PermissionSet(write_api_permissions, ManifestPermissionSet(),
865 URLPatternSet(), URLPatternSet()));
866
867 APIPermissionSet directory_api_permissions;
868 directory_api_permissions.insert(APIPermission::kFileSystemDirectory);
869 scoped_refptr<PermissionSet> directory_permissions(
870 new PermissionSet(directory_api_permissions, ManifestPermissionSet(),
871 URLPatternSet(), URLPatternSet()));
872
873 APIPermissionSet write_directory_api_permissions;
874 write_directory_api_permissions.insert(
875 APIPermission::kFileSystemWriteDirectory);
876 scoped_refptr<PermissionSet> write_directory_permissions(
877 new PermissionSet(write_directory_api_permissions,
878 ManifestPermissionSet(),
879 URLPatternSet(),
880 URLPatternSet()));
881
882 const PermissionMessageProvider* provider = PermissionMessageProvider::Get();
883 EXPECT_FALSE(provider->IsPrivilegeIncrease(write_directory_permissions,
884 write_permissions,
885 Manifest::TYPE_PLATFORM_APP));
886 EXPECT_FALSE(provider->IsPrivilegeIncrease(write_directory_permissions,
887 directory_permissions,
888 Manifest::TYPE_PLATFORM_APP));
889 EXPECT_TRUE(provider->IsPrivilegeIncrease(write_permissions,
890 directory_permissions,
891 Manifest::TYPE_PLATFORM_APP));
892 EXPECT_TRUE(provider->IsPrivilegeIncrease(write_permissions,
893 write_directory_permissions,
894 Manifest::TYPE_PLATFORM_APP));
895 EXPECT_FALSE(provider->IsPrivilegeIncrease(directory_permissions,
896 write_permissions,
897 Manifest::TYPE_PLATFORM_APP));
898 EXPECT_TRUE(provider->IsPrivilegeIncrease(directory_permissions,
899 write_directory_permissions,
900 Manifest::TYPE_PLATFORM_APP));
901 }
902
903 TEST(PermissionsTest, GetWarningMessages_ManyHosts) {
904 scoped_refptr<Extension> extension;
905
906 extension = LoadManifest("permissions", "many-hosts.json");
907 std::vector<base::string16> warnings =
908 PermissionsData::GetPermissionMessageStrings(extension.get());
909 ASSERT_EQ(1u, warnings.size());
910 EXPECT_EQ("Access your data on encrypted.google.com and www.google.com",
911 base::UTF16ToUTF8(warnings[0]));
912 }
913
914 TEST(PermissionsTest, GetWarningMessages_Plugins) {
915 scoped_refptr<Extension> extension;
916 scoped_refptr<PermissionSet> permissions;
917
918 extension = LoadManifest("permissions", "plugins.json");
919 std::vector<base::string16> warnings =
920 PermissionsData::GetPermissionMessageStrings(extension.get());
921 // We don't parse the plugins key on Chrome OS, so it should not ask for any
922 // permissions.
923 #if defined(OS_CHROMEOS)
924 ASSERT_EQ(0u, warnings.size());
925 #else
926 ASSERT_EQ(1u, warnings.size());
927 EXPECT_EQ("Access all data on your computer and the websites you visit",
928 base::UTF16ToUTF8(warnings[0]));
929 #endif
930 }
931
932 TEST(PermissionsTest, GetWarningMessages_AudioVideo) {
933 // Both audio and video present.
934 scoped_refptr<Extension> extension =
935 LoadManifest("permissions", "audio-video.json");
936 const PermissionMessageProvider* provider = PermissionMessageProvider::Get();
937 PermissionSet* set =
938 const_cast<PermissionSet*>(
939 extension->GetActivePermissions().get());
940 std::vector<base::string16> warnings =
941 provider->GetWarningMessages(set, extension->GetType());
942 EXPECT_FALSE(Contains(warnings, "Use your microphone"));
943 EXPECT_FALSE(Contains(warnings, "Use your camera"));
944 EXPECT_TRUE(Contains(warnings, "Use your microphone and camera"));
945 size_t combined_index = IndexOf(warnings, "Use your microphone and camera");
946 size_t combined_size = warnings.size();
947
948 // Just audio present.
949 set->apis_.erase(APIPermission::kVideoCapture);
950 warnings = provider->GetWarningMessages(set, extension->GetType());
951 EXPECT_EQ(combined_size, warnings.size());
952 EXPECT_EQ(combined_index, IndexOf(warnings, "Use your microphone"));
953 EXPECT_FALSE(Contains(warnings, "Use your camera"));
954 EXPECT_FALSE(Contains(warnings, "Use your microphone and camera"));
955
956 // Just video present.
957 set->apis_.erase(APIPermission::kAudioCapture);
958 set->apis_.insert(APIPermission::kVideoCapture);
959 warnings = provider->GetWarningMessages(set, extension->GetType());
960 EXPECT_EQ(combined_size, warnings.size());
961 EXPECT_FALSE(Contains(warnings, "Use your microphone"));
962 EXPECT_FALSE(Contains(warnings, "Use your microphone and camera"));
963 EXPECT_TRUE(Contains(warnings, "Use your camera"));
964 }
965
966 TEST(PermissionsTest, GetWarningMessages_DeclarativeWebRequest) {
967 // Test that if the declarativeWebRequest permission is present
968 // in combination with all hosts permission, then only the warning
969 // for host permissions is shown, because that covers the use of
970 // declarativeWebRequest.
971
972 // Until Declarative Web Request is in stable, let's make sure it is enabled
973 // on the current channel.
974 ScopedCurrentChannel sc(chrome::VersionInfo::CHANNEL_CANARY);
975
976 // First verify that declarativeWebRequest produces a message when host
977 // permissions do not cover all hosts.
978 scoped_refptr<Extension> extension =
979 LoadManifest("permissions", "web_request_not_all_host_permissions.json");
980 const PermissionMessageProvider* provider = PermissionMessageProvider::Get();
981 const PermissionSet* set = extension->GetActivePermissions().get();
982 std::vector<base::string16> warnings =
983 provider->GetWarningMessages(set, extension->GetType());
984 EXPECT_TRUE(Contains(warnings, "Block parts of web pages"));
985 EXPECT_FALSE(Contains(warnings, "Access your data on all websites"));
986
987 // Now verify that declarativeWebRequest does not produce a message when host
988 // permissions do cover all hosts.
989 extension =
990 LoadManifest("permissions", "web_request_all_host_permissions.json");
991 set = extension->GetActivePermissions().get();
992 warnings = provider->GetWarningMessages(set, extension->GetType());
993 EXPECT_FALSE(Contains(warnings, "Block parts of web pages"));
994 EXPECT_TRUE(Contains(warnings, "Access your data on all websites"));
995 }
996
997 TEST(PermissionsTest, GetWarningMessages_Serial) {
998 scoped_refptr<Extension> extension =
999 LoadManifest("permissions", "serial.json");
1000
1001 EXPECT_TRUE(extension->is_platform_app());
1002 EXPECT_TRUE(extension->HasAPIPermission(APIPermission::kSerial));
1003 std::vector<base::string16> warnings =
1004 PermissionsData::GetPermissionMessageStrings(extension.get());
1005 EXPECT_TRUE(
1006 Contains(warnings, "Use serial devices attached to your computer"));
1007 ASSERT_EQ(1u, warnings.size());
1008 }
1009
1010 TEST(PermissionsTest, GetWarningMessages_Socket_AnyHost) {
1011 ScopedCurrentChannel channel(chrome::VersionInfo::CHANNEL_DEV);
1012
1013 scoped_refptr<Extension> extension =
1014 LoadManifest("permissions", "socket_any_host.json");
1015 EXPECT_TRUE(extension->is_platform_app());
1016 EXPECT_TRUE(extension->HasAPIPermission(APIPermission::kSocket));
1017 std::vector<base::string16> warnings =
1018 PermissionsData::GetPermissionMessageStrings(extension.get());
1019 EXPECT_EQ(1u, warnings.size());
1020 EXPECT_TRUE(Contains(warnings, "Exchange data with any computer "
1021 "on the local network or internet"));
1022 }
1023
1024 TEST(PermissionsTest, GetWarningMessages_Socket_OneDomainTwoHostnames) {
1025 ScopedCurrentChannel channel(chrome::VersionInfo::CHANNEL_DEV);
1026
1027 scoped_refptr<Extension> extension =
1028 LoadManifest("permissions", "socket_one_domain_two_hostnames.json");
1029 EXPECT_TRUE(extension->is_platform_app());
1030 EXPECT_TRUE(extension->HasAPIPermission(APIPermission::kSocket));
1031 std::vector<base::string16> warnings =
1032 PermissionsData::GetPermissionMessageStrings(extension.get());
1033
1034 // Verify the warnings, including support for unicode characters, the fact
1035 // that domain host warnings come before specific host warnings, and the fact
1036 // that domains and hostnames are in alphabetical order regardless of the
1037 // order in the manifest file.
1038 EXPECT_EQ(2u, warnings.size());
1039 if (warnings.size() > 0)
1040 EXPECT_EQ(warnings[0],
1041 base::UTF8ToUTF16("Exchange data with any computer in the domain "
1042 "example.org"));
1043 if (warnings.size() > 1)
1044 EXPECT_EQ(warnings[1],
1045 base::UTF8ToUTF16("Exchange data with the computers named: "
1046 "b\xC3\xA5r.example.com foo.example.com"));
1047 // "\xC3\xA5" = UTF-8 for lowercase A with ring above
1048 }
1049
1050 TEST(PermissionsTest, GetWarningMessages_Socket_TwoDomainsOneHostname) {
1051 ScopedCurrentChannel channel(chrome::VersionInfo::CHANNEL_DEV);
1052
1053 scoped_refptr<Extension> extension =
1054 LoadManifest("permissions", "socket_two_domains_one_hostname.json");
1055 EXPECT_TRUE(extension->is_platform_app());
1056 EXPECT_TRUE(extension->HasAPIPermission(APIPermission::kSocket));
1057 std::vector<base::string16> warnings =
1058 PermissionsData::GetPermissionMessageStrings(extension.get());
1059
1060 // Verify the warnings, including the fact that domain host warnings come
1061 // before specific host warnings and the fact that domains and hostnames are
1062 // in alphabetical order regardless of the order in the manifest file.
1063 EXPECT_EQ(2u, warnings.size());
1064 if (warnings.size() > 0)
1065 EXPECT_EQ(warnings[0],
1066 base::UTF8ToUTF16("Exchange data with any computer in the "
1067 "domains: example.com foo.example.org"));
1068 if (warnings.size() > 1)
1069 EXPECT_EQ(warnings[1],
1070 base::UTF8ToUTF16("Exchange data with the computer named "
1071 "bar.example.org"));
1072 }
1073
1074 TEST(PermissionsTest, GetWarningMessages_PlatformApppHosts) {
1075 scoped_refptr<Extension> extension;
1076
1077 extension = LoadManifest("permissions", "platform_app_hosts.json");
1078 EXPECT_TRUE(extension->is_platform_app());
1079 std::vector<base::string16> warnings =
1080 PermissionsData::GetPermissionMessageStrings(extension.get());
1081 ASSERT_EQ(0u, warnings.size());
1082
1083 extension = LoadManifest("permissions", "platform_app_all_urls.json");
1084 EXPECT_TRUE(extension->is_platform_app());
1085 warnings = PermissionsData::GetPermissionMessageStrings(extension.get());
1086 ASSERT_EQ(0u, warnings.size());
1087 }
1088
1089 bool ShowsAllHostsWarning(const std::string& pattern) {
1090 scoped_refptr<Extension> extension =
1091 ExtensionBuilder()
1092 .SetManifest(DictionaryBuilder()
1093 .Set("name", "TLDWildCardTest")
1094 .Set("version", "0.1.0")
1095 .Set("permissions", ListBuilder().Append(pattern))
1096 .Build())
1097 .Build();
1098
1099 std::vector<base::string16> warnings =
1100 PermissionsData::GetPermissionMessageStrings(extension);
1101
1102 if (warnings.empty())
1103 return false;
1104
1105 if (warnings[0] !=
1106 l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_ALL_HOSTS)) {
1107 return false;
1108 }
1109
1110 return true;
1111 }
1112
1113 TEST(PermissionsTest, GetWarningMessages_TLDWildcardTreatedAsAllHosts) {
1114 EXPECT_TRUE(ShowsAllHostsWarning("http://*.com/*")); // most popular.
1115 EXPECT_TRUE(ShowsAllHostsWarning("http://*.org/*")); // sanity check.
1116 EXPECT_TRUE(ShowsAllHostsWarning("http://*.co.uk/*")); // eTLD.
1117 EXPECT_TRUE(ShowsAllHostsWarning("http://*.de/*")); // foreign country tld.
1118
1119 // We should still show the normal permissions (i.e., "Can access your data on
1120 // *.rdcronin.com") for things that are not TLDs.
1121 EXPECT_FALSE(ShowsAllHostsWarning("http://*.rdcronin.com/*"));
1122
1123 // Pseudo-TLDs, like appspot.com, should not show all hosts.
1124 EXPECT_FALSE(ShowsAllHostsWarning("http://*.appspot.com/*"));
1125
1126 // Non-TLDs should be likewise exempt.
1127 EXPECT_FALSE(ShowsAllHostsWarning("http://*.notarealtld/*"));
1128
1129 // Our internal checks use "foo", so let's make sure we're not messing
1130 // something up with it.
1131 EXPECT_FALSE(ShowsAllHostsWarning("http://*.foo.com"));
1132 EXPECT_FALSE(ShowsAllHostsWarning("http://foo.com"));
1133 // This will fail if foo becomes a recognized TLD. Which could be soon.
1134 // Update as needed.
1135 EXPECT_FALSE(ShowsAllHostsWarning("http://*.foo"));
1136 }
1137
1138 TEST(PermissionsTest, GetDistinctHosts) {
1139 URLPatternSet explicit_hosts;
1140 std::set<std::string> expected;
1141 expected.insert("www.foo.com");
1142 expected.insert("www.bar.com");
1143 expected.insert("www.baz.com");
1144
1145 {
1146 SCOPED_TRACE("no dupes");
1147
1148 // Simple list with no dupes.
1149 explicit_hosts.AddPattern(
1150 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
1151 explicit_hosts.AddPattern(
1152 URLPattern(URLPattern::SCHEME_HTTP, "http://www.bar.com/path"));
1153 explicit_hosts.AddPattern(
1154 URLPattern(URLPattern::SCHEME_HTTP, "http://www.baz.com/path"));
1155 EXPECT_EQ(expected,
1156 permission_message_util::GetDistinctHosts(
1157 explicit_hosts, true, true));
1158 }
1159
1160 {
1161 SCOPED_TRACE("two dupes");
1162
1163 // Add some dupes.
1164 explicit_hosts.AddPattern(
1165 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
1166 explicit_hosts.AddPattern(
1167 URLPattern(URLPattern::SCHEME_HTTP, "http://www.baz.com/path"));
1168 EXPECT_EQ(expected,
1169 permission_message_util::GetDistinctHosts(
1170 explicit_hosts, true, true));
1171 }
1172
1173 {
1174 SCOPED_TRACE("schemes differ");
1175
1176 // Add a pattern that differs only by scheme. This should be filtered out.
1177 explicit_hosts.AddPattern(
1178 URLPattern(URLPattern::SCHEME_HTTPS, "https://www.bar.com/path"));
1179 EXPECT_EQ(expected,
1180 permission_message_util::GetDistinctHosts(
1181 explicit_hosts, true, true));
1182 }
1183
1184 {
1185 SCOPED_TRACE("paths differ");
1186
1187 // Add some dupes by path.
1188 explicit_hosts.AddPattern(
1189 URLPattern(URLPattern::SCHEME_HTTP, "http://www.bar.com/pathypath"));
1190 EXPECT_EQ(expected,
1191 permission_message_util::GetDistinctHosts(
1192 explicit_hosts, true, true));
1193 }
1194
1195 {
1196 SCOPED_TRACE("subdomains differ");
1197
1198 // We don't do anything special for subdomains.
1199 explicit_hosts.AddPattern(
1200 URLPattern(URLPattern::SCHEME_HTTP, "http://monkey.www.bar.com/path"));
1201 explicit_hosts.AddPattern(
1202 URLPattern(URLPattern::SCHEME_HTTP, "http://bar.com/path"));
1203
1204 expected.insert("monkey.www.bar.com");
1205 expected.insert("bar.com");
1206
1207 EXPECT_EQ(expected,
1208 permission_message_util::GetDistinctHosts(
1209 explicit_hosts, true, true));
1210 }
1211
1212 {
1213 SCOPED_TRACE("RCDs differ");
1214
1215 // Now test for RCD uniquing.
1216 explicit_hosts.AddPattern(
1217 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
1218 explicit_hosts.AddPattern(
1219 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
1220 explicit_hosts.AddPattern(
1221 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.de/path"));
1222 explicit_hosts.AddPattern(
1223 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca.us/path"));
1224 explicit_hosts.AddPattern(
1225 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
1226 explicit_hosts.AddPattern(
1227 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com.my/path"));
1228
1229 // This is an unknown RCD, which shouldn't be uniqued out.
1230 explicit_hosts.AddPattern(
1231 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.xyzzy/path"));
1232 // But it should only occur once.
1233 explicit_hosts.AddPattern(
1234 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.xyzzy/path"));
1235
1236 expected.insert("www.foo.xyzzy");
1237
1238 EXPECT_EQ(expected,
1239 permission_message_util::GetDistinctHosts(
1240 explicit_hosts, true, true));
1241 }
1242
1243 {
1244 SCOPED_TRACE("wildcards");
1245
1246 explicit_hosts.AddPattern(
1247 URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com/*"));
1248
1249 expected.insert("*.google.com");
1250
1251 EXPECT_EQ(expected,
1252 permission_message_util::GetDistinctHosts(
1253 explicit_hosts, true, true));
1254 }
1255
1256 {
1257 SCOPED_TRACE("scriptable hosts");
1258
1259 APIPermissionSet empty_perms;
1260 explicit_hosts.ClearPatterns();
1261 URLPatternSet scriptable_hosts;
1262 expected.clear();
1263
1264 explicit_hosts.AddPattern(
1265 URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com/*"));
1266 scriptable_hosts.AddPattern(
1267 URLPattern(URLPattern::SCHEME_HTTP, "http://*.example.com/*"));
1268
1269 expected.insert("*.google.com");
1270 expected.insert("*.example.com");
1271
1272 scoped_refptr<PermissionSet> perm_set(new PermissionSet(
1273 empty_perms, ManifestPermissionSet(),
1274 explicit_hosts, scriptable_hosts));
1275 EXPECT_EQ(expected,
1276 permission_message_util::GetDistinctHosts(
1277 perm_set->effective_hosts(), true, true));
1278 }
1279
1280 {
1281 // We don't display warnings for file URLs because they are off by default.
1282 SCOPED_TRACE("file urls");
1283
1284 explicit_hosts.ClearPatterns();
1285 expected.clear();
1286
1287 explicit_hosts.AddPattern(
1288 URLPattern(URLPattern::SCHEME_FILE, "file:///*"));
1289
1290 EXPECT_EQ(expected,
1291 permission_message_util::GetDistinctHosts(
1292 explicit_hosts, true, true));
1293 }
1294 }
1295
1296 TEST(PermissionsTest, GetDistinctHosts_ComIsBestRcd) {
1297 URLPatternSet explicit_hosts;
1298 explicit_hosts.AddPattern(
1299 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
1300 explicit_hosts.AddPattern(
1301 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
1302 explicit_hosts.AddPattern(
1303 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
1304 explicit_hosts.AddPattern(
1305 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
1306 explicit_hosts.AddPattern(
1307 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
1308 explicit_hosts.AddPattern(
1309 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
1310
1311 std::set<std::string> expected;
1312 expected.insert("www.foo.com");
1313 EXPECT_EQ(expected,
1314 permission_message_util::GetDistinctHosts(
1315 explicit_hosts, true, true));
1316 }
1317
1318 TEST(PermissionsTest, GetDistinctHosts_NetIs2ndBestRcd) {
1319 URLPatternSet explicit_hosts;
1320 explicit_hosts.AddPattern(
1321 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
1322 explicit_hosts.AddPattern(
1323 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
1324 explicit_hosts.AddPattern(
1325 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
1326 explicit_hosts.AddPattern(
1327 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
1328 explicit_hosts.AddPattern(
1329 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
1330 // No http://www.foo.com/path
1331
1332 std::set<std::string> expected;
1333 expected.insert("www.foo.net");
1334 EXPECT_EQ(expected,
1335 permission_message_util::GetDistinctHosts(
1336 explicit_hosts, true, true));
1337 }
1338
1339 TEST(PermissionsTest, GetDistinctHosts_OrgIs3rdBestRcd) {
1340 URLPatternSet explicit_hosts;
1341 explicit_hosts.AddPattern(
1342 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
1343 explicit_hosts.AddPattern(
1344 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
1345 explicit_hosts.AddPattern(
1346 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
1347 // No http://www.foo.net/path
1348 explicit_hosts.AddPattern(
1349 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
1350 // No http://www.foo.com/path
1351
1352 std::set<std::string> expected;
1353 expected.insert("www.foo.org");
1354 EXPECT_EQ(expected,
1355 permission_message_util::GetDistinctHosts(
1356 explicit_hosts, true, true));
1357 }
1358
1359 TEST(PermissionsTest, GetDistinctHosts_FirstInListIs4thBestRcd) {
1360 URLPatternSet explicit_hosts;
1361 explicit_hosts.AddPattern(
1362 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
1363 // No http://www.foo.org/path
1364 explicit_hosts.AddPattern(
1365 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
1366 // No http://www.foo.net/path
1367 explicit_hosts.AddPattern(
1368 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
1369 // No http://www.foo.com/path
1370
1371 std::set<std::string> expected;
1372 expected.insert("www.foo.ca");
1373 EXPECT_EQ(expected,
1374 permission_message_util::GetDistinctHosts(
1375 explicit_hosts, true, true));
1376 }
1377
1378 TEST(PermissionsTest, IsHostPrivilegeIncrease) {
1379 Manifest::Type type = Manifest::TYPE_EXTENSION;
1380 const PermissionMessageProvider* provider = PermissionMessageProvider::Get();
1381 ManifestPermissionSet empty_manifest_permissions;
1382 URLPatternSet elist1;
1383 URLPatternSet elist2;
1384 URLPatternSet slist1;
1385 URLPatternSet slist2;
1386 scoped_refptr<PermissionSet> set1;
1387 scoped_refptr<PermissionSet> set2;
1388 APIPermissionSet empty_perms;
1389 elist1.AddPattern(
1390 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path"));
1391 elist1.AddPattern(
1392 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
1393
1394 // Test that the host order does not matter.
1395 elist2.AddPattern(
1396 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
1397 elist2.AddPattern(
1398 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path"));
1399
1400 set1 = new PermissionSet(empty_perms, empty_manifest_permissions,
1401 elist1, slist1);
1402 set2 = new PermissionSet(empty_perms, empty_manifest_permissions,
1403 elist2, slist2);
1404
1405 EXPECT_FALSE(provider->IsPrivilegeIncrease(set1, set2, type));
1406 EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type));
1407
1408 // Test that paths are ignored.
1409 elist2.ClearPatterns();
1410 elist2.AddPattern(
1411 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/*"));
1412 set2 = new PermissionSet(empty_perms, empty_manifest_permissions,
1413 elist2, slist2);
1414 EXPECT_FALSE(provider->IsPrivilegeIncrease(set1, set2, type));
1415 EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type));
1416
1417 // Test that RCDs are ignored.
1418 elist2.ClearPatterns();
1419 elist2.AddPattern(
1420 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/*"));
1421 set2 = new PermissionSet(empty_perms, empty_manifest_permissions,
1422 elist2, slist2);
1423 EXPECT_FALSE(provider->IsPrivilegeIncrease(set1, set2, type));
1424 EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type));
1425
1426 // Test that subdomain wildcards are handled properly.
1427 elist2.ClearPatterns();
1428 elist2.AddPattern(
1429 URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com.hk/*"));
1430 set2 = new PermissionSet(empty_perms, empty_manifest_permissions,
1431 elist2, slist2);
1432 EXPECT_TRUE(provider->IsPrivilegeIncrease(set1, set2, type));
1433 // TODO(jstritar): Does not match subdomains properly. http://crbug.com/65337
1434 // EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type));
1435
1436 // Test that different domains count as different hosts.
1437 elist2.ClearPatterns();
1438 elist2.AddPattern(
1439 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
1440 elist2.AddPattern(
1441 URLPattern(URLPattern::SCHEME_HTTP, "http://www.example.org/path"));
1442 set2 = new PermissionSet(empty_perms, empty_manifest_permissions,
1443 elist2, slist2);
1444 EXPECT_TRUE(provider->IsPrivilegeIncrease(set1, set2, type));
1445 EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type));
1446
1447 // Test that different subdomains count as different hosts.
1448 elist2.ClearPatterns();
1449 elist2.AddPattern(
1450 URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*"));
1451 set2 = new PermissionSet(empty_perms, empty_manifest_permissions,
1452 elist2, slist2);
1453 EXPECT_TRUE(provider->IsPrivilegeIncrease(set1, set2, type));
1454 EXPECT_TRUE(provider->IsPrivilegeIncrease(set2, set1, type));
1455
1456 // Test that platform apps do not have host permissions increases.
1457 type = Manifest::TYPE_PLATFORM_APP;
1458 EXPECT_FALSE(provider->IsPrivilegeIncrease(set1, set2, type));
1459 EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type));
1460 }
1461
1462 TEST(PermissionsTest, GetAPIsAsStrings) {
1463 APIPermissionSet apis;
1464 URLPatternSet empty_set;
1465
1466 apis.insert(APIPermission::kProxy);
1467 apis.insert(APIPermission::kBackground);
1468 apis.insert(APIPermission::kNotification);
1469 apis.insert(APIPermission::kTab);
1470
1471 scoped_refptr<PermissionSet> perm_set = new PermissionSet(
1472 apis, ManifestPermissionSet(), empty_set, empty_set);
1473 std::set<std::string> api_names = perm_set->GetAPIsAsStrings();
1474
1475 // The result is correct if it has the same number of elements
1476 // and we can convert it back to the id set.
1477 EXPECT_EQ(4u, api_names.size());
1478 EXPECT_EQ(apis,
1479 PermissionsInfo::GetInstance()->GetAllByName(api_names));
1480 }
1481
1482 TEST(PermissionsTest, IsEmpty) {
1483 APIPermissionSet empty_apis;
1484 URLPatternSet empty_extent;
1485
1486 scoped_refptr<PermissionSet> empty = new PermissionSet();
1487 EXPECT_TRUE(empty->IsEmpty());
1488 scoped_refptr<PermissionSet> perm_set;
1489
1490 perm_set = new PermissionSet(empty_apis, ManifestPermissionSet(),
1491 empty_extent, empty_extent);
1492 EXPECT_TRUE(perm_set->IsEmpty());
1493
1494 APIPermissionSet non_empty_apis;
1495 non_empty_apis.insert(APIPermission::kBackground);
1496 perm_set = new PermissionSet(non_empty_apis, ManifestPermissionSet(),
1497 empty_extent, empty_extent);
1498 EXPECT_FALSE(perm_set->IsEmpty());
1499
1500 // Try non standard host
1501 URLPatternSet non_empty_extent;
1502 AddPattern(&non_empty_extent, "http://www.google.com/*");
1503
1504 perm_set = new PermissionSet(empty_apis, ManifestPermissionSet(),
1505 non_empty_extent, empty_extent);
1506 EXPECT_FALSE(perm_set->IsEmpty());
1507
1508 perm_set = new PermissionSet(empty_apis, ManifestPermissionSet(),
1509 empty_extent, non_empty_extent);
1510 EXPECT_FALSE(perm_set->IsEmpty());
1511 }
1512
1513 TEST(PermissionsTest, ImpliedPermissions) {
1514 URLPatternSet empty_extent;
1515 APIPermissionSet apis;
1516 apis.insert(APIPermission::kFileBrowserHandler);
1517 EXPECT_EQ(1U, apis.size());
1518
1519 scoped_refptr<PermissionSet> perm_set;
1520 perm_set = new PermissionSet(apis, ManifestPermissionSet(),
1521 empty_extent, empty_extent);
1522 EXPECT_EQ(2U, perm_set->apis().size());
1523 }
1524
1525 TEST(PermissionsTest, SyncFileSystemPermission) {
1526 scoped_refptr<Extension> extension = LoadManifest(
1527 "permissions", "sync_file_system.json");
1528 APIPermissionSet apis;
1529 apis.insert(APIPermission::kSyncFileSystem);
1530 EXPECT_TRUE(extension->is_platform_app());
1531 EXPECT_TRUE(extension->HasAPIPermission(APIPermission::kSyncFileSystem));
1532 std::vector<base::string16> warnings =
1533 PermissionsData::GetPermissionMessageStrings(extension.get());
1534 EXPECT_TRUE(Contains(warnings, "Store data in your Google Drive account"));
1535 ASSERT_EQ(1u, warnings.size());
1536 }
1537
1538 // Make sure that we don't crash when we're trying to show the permissions
1539 // even though chrome://thumb (and everything that's not chrome://favicon with
1540 // a chrome:// scheme) is not a valid permission.
1541 // More details here: crbug/246314.
1542 TEST(PermissionsTest, ChromeURLs) {
1543 URLPatternSet allowed_hosts;
1544 allowed_hosts.AddPattern(
1545 URLPattern(URLPattern::SCHEME_ALL, "http://www.google.com/"));
1546 allowed_hosts.AddPattern(
1547 URLPattern(URLPattern::SCHEME_ALL, "chrome://favicon/"));
1548 allowed_hosts.AddPattern(
1549 URLPattern(URLPattern::SCHEME_ALL, "chrome://thumb/"));
1550 scoped_refptr<PermissionSet> permissions(
1551 new PermissionSet(APIPermissionSet(), ManifestPermissionSet(),
1552 allowed_hosts, URLPatternSet()));
1553 PermissionMessageProvider::Get()->
1554 GetPermissionMessages(permissions, Manifest::TYPE_EXTENSION);
1555 }
1556
1557 TEST(PermissionsTest, IsPrivilegeIncrease_DeclarativeWebRequest) {
1558 scoped_refptr<Extension> extension(
1559 LoadManifest("permissions", "permissions_all_urls.json"));
1560 scoped_refptr<const PermissionSet> permissions(
1561 extension->GetActivePermissions());
1562
1563 scoped_refptr<Extension> extension_dwr(
1564 LoadManifest("permissions", "web_request_all_host_permissions.json"));
1565 scoped_refptr<const PermissionSet> permissions_dwr(
1566 extension_dwr->GetActivePermissions());
1567
1568 EXPECT_FALSE(PermissionMessageProvider::Get()->
1569 IsPrivilegeIncrease(permissions.get(),
1570 permissions_dwr.get(),
1571 extension->GetType()));
1572 }
1573
1574 } // namespace extensions