1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/extensions/api/permissions/permissions_api.h"
6 #include "chrome/browser/extensions/extension_apitest.h"
7 #include "chrome/browser/extensions/extension_management_test_util.h"
8 #include "chrome/browser/profiles/profile.h"
9 #include "chrome/browser/ui/browser.h"
10 #include "components/policy/core/browser/browser_policy_connector.h"
11 #include "components/policy/core/common/mock_configuration_policy_provider.h"
12 #include "extensions/browser/extension_prefs.h"
13 #include "extensions/common/permissions/permission_set.h"
14 #include "extensions/common/switches.h"
15 #include "net/dns/mock_host_resolver.h"
17 namespace extensions
{
21 static void AddPattern(URLPatternSet
* extent
, const std::string
& pattern
) {
22 int schemes
= URLPattern::SCHEME_ALL
;
23 extent
->AddPattern(URLPattern(schemes
, pattern
));
28 class ExperimentalApiTest
: public ExtensionApiTest
{
30 void SetUpCommandLine(base::CommandLine
* command_line
) override
{
31 ExtensionApiTest::SetUpCommandLine(command_line
);
32 command_line
->AppendSwitch(switches::kEnableExperimentalExtensionApis
);
36 class ExtensionApiTestWithManagementPolicy
: public ExtensionApiTest
{
38 void SetUpInProcessBrowserTestFixture() override
{
39 ExtensionApiTest::SetUpInProcessBrowserTestFixture();
40 EXPECT_CALL(policy_provider_
, IsInitializationComplete(testing::_
))
41 .WillRepeatedly(testing::Return(true));
42 policy_provider_
.SetAutoRefresh();
43 policy::BrowserPolicyConnector::SetPolicyProviderForTesting(
48 policy::MockConfigurationPolicyProvider policy_provider_
;
51 IN_PROC_BROWSER_TEST_F(ExtensionApiTest
, PermissionsFail
) {
52 ASSERT_TRUE(RunExtensionTest("permissions/disabled")) << message_
;
54 // Since the experimental APIs require a flag, this will fail even though
56 // TODO(erikkay) This test is currently broken because LoadExtension in
57 // ExtensionBrowserTest doesn't actually fail, it just times out. To fix this
58 // I'll need to add an EXTENSION_LOAD_ERROR notification, which is probably
59 // too much for the branch. I'll enable this on trunk later.
60 //ASSERT_FALSE(RunExtensionTest("permissions/enabled"))) << message_;
63 IN_PROC_BROWSER_TEST_F(ExperimentalApiTest
, PermissionsSucceed
) {
64 ASSERT_TRUE(RunExtensionTest("permissions/enabled")) << message_
;
67 IN_PROC_BROWSER_TEST_F(ExtensionApiTest
, ExperimentalPermissionsFail
) {
68 // At the time this test is being created, there is no experimental
69 // function that will not be graduating soon, and does not require a
70 // tab id as an argument. So, we need the tab permission to get
72 ASSERT_TRUE(RunExtensionTest("permissions/experimental_disabled"))
76 IN_PROC_BROWSER_TEST_F(ExtensionApiTest
, FaviconPermission
) {
77 ASSERT_TRUE(RunExtensionTest("permissions/favicon")) << message_
;
80 // Test functions and APIs that are always allowed (even if you ask for no
82 // Disabled: http://crbug.com/125193
83 IN_PROC_BROWSER_TEST_F(ExtensionApiTest
, DISABLED_AlwaysAllowed
) {
84 ASSERT_TRUE(RunExtensionTest("permissions/always_allowed")) << message_
;
87 // Tests that the optional permissions API works correctly.
88 IN_PROC_BROWSER_TEST_F(ExtensionApiTest
, OptionalPermissionsGranted
) {
89 // Mark all the tested APIs as granted to bypass the confirmation UI.
90 APIPermissionSet apis
;
91 apis
.insert(APIPermission::kBookmark
);
92 ManifestPermissionSet manifest_permissions
;
93 URLPatternSet explicit_hosts
;
94 AddPattern(&explicit_hosts
, "http://*.c.com/*");
95 scoped_refptr
<PermissionSet
> granted_permissions
=
96 new PermissionSet(apis
, manifest_permissions
,
97 explicit_hosts
, URLPatternSet());
99 ExtensionPrefs
* prefs
= ExtensionPrefs::Get(browser()->profile());
100 prefs
->AddGrantedPermissions("kjmkgkdkpedkejedfhmfcenooemhbpbo",
101 granted_permissions
.get());
103 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
104 host_resolver()->AddRule("*.com", "127.0.0.1");
105 ASSERT_TRUE(StartEmbeddedTestServer());
106 EXPECT_TRUE(RunExtensionTest("permissions/optional")) << message_
;
109 // Tests that the optional permissions API works correctly.
110 IN_PROC_BROWSER_TEST_F(ExtensionApiTest
, OptionalPermissionsAutoConfirm
) {
111 // Rather than setting the granted permissions, set the UI autoconfirm flag
112 // and run the same tests.
113 PermissionsRequestFunction::SetAutoConfirmForTests(true);
114 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
115 host_resolver()->AddRule("*.com", "127.0.0.1");
116 ASSERT_TRUE(StartEmbeddedTestServer());
117 EXPECT_TRUE(RunExtensionTest("permissions/optional")) << message_
;
120 // Test that denying the optional permissions confirmation dialog works.
121 IN_PROC_BROWSER_TEST_F(ExtensionApiTest
, OptionalPermissionsDeny
) {
122 PermissionsRequestFunction::SetAutoConfirmForTests(false);
123 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
124 host_resolver()->AddRule("*.com", "127.0.0.1");
125 ASSERT_TRUE(StartEmbeddedTestServer());
126 EXPECT_TRUE(RunExtensionTest("permissions/optional_deny")) << message_
;
129 // Tests that the permissions.request function must be called from within a
131 IN_PROC_BROWSER_TEST_F(ExtensionApiTest
, OptionalPermissionsGesture
) {
132 PermissionsRequestFunction::SetIgnoreUserGestureForTests(false);
133 host_resolver()->AddRule("*.com", "127.0.0.1");
134 ASSERT_TRUE(StartEmbeddedTestServer());
135 EXPECT_TRUE(RunExtensionTest("permissions/optional_gesture")) << message_
;
138 // Tests that the user gesture is retained in the permissions.request function
140 IN_PROC_BROWSER_TEST_F(ExtensionApiTest
, OptionalPermissionsRetainGesture
) {
141 PermissionsRequestFunction::SetAutoConfirmForTests(true);
142 PermissionsRequestFunction::SetIgnoreUserGestureForTests(false);
143 host_resolver()->AddRule("*.com", "127.0.0.1");
144 ASSERT_TRUE(StartEmbeddedTestServer());
145 EXPECT_TRUE(RunExtensionTest("permissions/optional_retain_gesture"))
149 // Test that optional permissions blocked by enterprise policy will be denied
151 IN_PROC_BROWSER_TEST_F(ExtensionApiTestWithManagementPolicy
,
152 OptionalPermissionsPolicyBlocked
) {
153 // Set enterprise policy to block some API permissions.
155 ExtensionManagementPolicyUpdater
pref(&policy_provider_
);
156 pref
.AddBlockedPermission("*", "management");
158 // Set auto confirm UI flag.
159 PermissionsRequestFunction::SetAutoConfirmForTests(true);
160 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
161 EXPECT_TRUE(RunExtensionTest("permissions/optional_policy_blocked"))
165 // Tests that an extension can't gain access to file: URLs without the checkbox
166 // entry in prefs. There shouldn't be a warning either.
167 IN_PROC_BROWSER_TEST_F(ExtensionApiTest
, OptionalPermissionsFileAccess
) {
168 // There shouldn't be a warning, so we shouldn't need to autoconfirm.
169 PermissionsRequestFunction::SetAutoConfirmForTests(false);
170 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
172 ExtensionPrefs
* prefs
= ExtensionPrefs::Get(browser()->profile());
175 RunExtensionTestNoFileAccess("permissions/file_access_no")) << message_
;
176 EXPECT_FALSE(prefs
->AllowFileAccess("dgloelfbnddbdacakahpogklfdcccbib"));
178 EXPECT_TRUE(RunExtensionTest("permissions/file_access_yes")) << message_
;
179 // TODO(kalman): ugh, it would be nice to test this condition, but it seems
180 // like there's somehow a race here where the prefs aren't updated in time
181 // with the "allow file access" bit, so we'll just have to trust that
182 // RunExtensionTest (unlike RunExtensionTestNoFileAccess) does indeed
183 // not set the allow file access bit. Otherwise this test doesn't mean
184 // a whole lot (i.e. file access works - but it'd better not be the case
185 // that the extension actually has file access, since that'd be the bug
186 // that this is supposed to be testing).
187 //EXPECT_TRUE(prefs->AllowFileAccess("hlonmbgfjccgolnaboonlakjckinmhmd"));
190 // Test requesting, querying, and removing host permissions for host
191 // permissions that are a subset of the optional permissions.
192 IN_PROC_BROWSER_TEST_F(ExtensionApiTest
, HostSubsets
) {
193 PermissionsRequestFunction::SetAutoConfirmForTests(true);
194 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
195 EXPECT_TRUE(RunExtensionTest("permissions/host_subsets")) << message_
;
198 // Tests that requesting an optional permission from a background page, with
199 // another window open, grants the permission and updates the bindings
200 // (chrome.whatever, in this case chrome.alarms). Regression test for
201 // crbug.com/435141, see details there for trickiness.
202 IN_PROC_BROWSER_TEST_F(ExtensionApiTest
, OptionalPermissionsUpdatesBindings
) {
203 ASSERT_TRUE(RunExtensionTest("permissions/optional_updates_bindings"))
207 } // namespace extensions