chrome/browser/extensions/api/permissions/permissions_apitest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/extensions/api/permissions/permissions_api.h"
   6 #include "chrome/browser/extensions/extension_apitest.h"
   7 #include "chrome/browser/extensions/extension_management_test_util.h"
   8 #include "chrome/browser/profiles/profile.h"
   9 #include "chrome/browser/ui/browser.h"
  10 #include "components/policy/core/browser/browser_policy_connector.h"
  11 #include "components/policy/core/common/mock_configuration_policy_provider.h"
  12 #include "extensions/browser/extension_prefs.h"
  13 #include "extensions/common/permissions/permission_set.h"
  14 #include "extensions/common/switches.h"
  15 #include "net/dns/mock_host_resolver.h"
  16
  17 namespace extensions {
  18
  19 namespace {
  20
  21 static void AddPattern(URLPatternSet* extent, const std::string& pattern) {
  22   int schemes = URLPattern::SCHEME_ALL;
  23   extent->AddPattern(URLPattern(schemes, pattern));
  24 }
  25
  26 }  // namespace
  27
  28 class ExperimentalApiTest : public ExtensionApiTest {
  29  public:
  30   void SetUpCommandLine(base::CommandLine* command_line) override {
  31     ExtensionApiTest::SetUpCommandLine(command_line);
  32     command_line->AppendSwitch(switches::kEnableExperimentalExtensionApis);
  33   }
  34 };
  35
  36 class ExtensionApiTestWithManagementPolicy : public ExtensionApiTest {
  37  public:
  38   void SetUpInProcessBrowserTestFixture() override {
  39     ExtensionApiTest::SetUpInProcessBrowserTestFixture();
  40     EXPECT_CALL(policy_provider_, IsInitializationComplete(testing::_))
  41         .WillRepeatedly(testing::Return(true));
  42     policy_provider_.SetAutoRefresh();
  43     policy::BrowserPolicyConnector::SetPolicyProviderForTesting(
  44         &policy_provider_);
  45   }
  46
  47  protected:
  48   policy::MockConfigurationPolicyProvider policy_provider_;
  49 };
  50
  51 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, PermissionsFail) {
  52   ASSERT_TRUE(RunExtensionTest("permissions/disabled")) << message_;
  53
  54   // Since the experimental APIs require a flag, this will fail even though
  55   // it's enabled.
  56   // TODO(erikkay) This test is currently broken because LoadExtension in
  57   // ExtensionBrowserTest doesn't actually fail, it just times out.  To fix this
  58   // I'll need to add an EXTENSION_LOAD_ERROR notification, which is probably
  59   // too much for the branch.  I'll enable this on trunk later.
  60   // ASSERT_FALSE(RunExtensionTest("permissions/enabled"))) << message_;
  61 }
  62
  63 IN_PROC_BROWSER_TEST_F(ExperimentalApiTest, PermissionsSucceed) {
  64   ASSERT_TRUE(RunExtensionTest("permissions/enabled")) << message_;
  65 }
  66
  67 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, ExperimentalPermissionsFail) {
  68   // At the time this test is being created, there is no experimental
  69   // function that will not be graduating soon, and does not require a
  70   // tab id as an argument.  So, we need the tab permission to get
  71   // a tab id.
  72   ASSERT_TRUE(RunExtensionTest("permissions/experimental_disabled"))
  73       << message_;
  74 }
  75
  76 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, FaviconPermission) {
  77   ASSERT_TRUE(RunExtensionTest("permissions/favicon")) << message_;
  78 }
  79
  80 // Test functions and APIs that are always allowed (even if you ask for no
  81 // permissions).
  82 // Disabled: http://crbug.com/125193
  83 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, DISABLED_AlwaysAllowed) {
  84   ASSERT_TRUE(RunExtensionTest("permissions/always_allowed")) << message_;
  85 }
  86
  87 // Tests that the optional permissions API works correctly.
  88 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsGranted) {
  89   // Mark all the tested APIs as granted to bypass the confirmation UI.
  90   APIPermissionSet apis;
  91   apis.insert(APIPermission::kBookmark);
  92   ManifestPermissionSet manifest_permissions;
  93   URLPatternSet explicit_hosts;
  94   AddPattern(&explicit_hosts, "http://*.c.com/*");
  95   scoped_refptr<const PermissionSet> granted_permissions = new PermissionSet(
  96       apis, manifest_permissions, explicit_hosts, URLPatternSet());
  97
  98   ExtensionPrefs* prefs = ExtensionPrefs::Get(browser()->profile());
  99   prefs->AddGrantedPermissions("kjmkgkdkpedkejedfhmfcenooemhbpbo",
 100                                granted_permissions.get());
 101
 102   PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
 103   host_resolver()->AddRule("*.com", "127.0.0.1");
 104   ASSERT_TRUE(StartEmbeddedTestServer());
 105   EXPECT_TRUE(RunExtensionTest("permissions/optional")) << message_;
 106 }
 107
 108 // Tests that the optional permissions API works correctly.
 109 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsAutoConfirm) {
 110   // Rather than setting the granted permissions, set the UI autoconfirm flag
 111   // and run the same tests.
 112   PermissionsRequestFunction::SetAutoConfirmForTests(true);
 113   PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
 114   host_resolver()->AddRule("*.com", "127.0.0.1");
 115   ASSERT_TRUE(StartEmbeddedTestServer());
 116   EXPECT_TRUE(RunExtensionTest("permissions/optional")) << message_;
 117 }
 118
 119 // Test that denying the optional permissions confirmation dialog works.
 120 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsDeny) {
 121   PermissionsRequestFunction::SetAutoConfirmForTests(false);
 122   PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
 123   host_resolver()->AddRule("*.com", "127.0.0.1");
 124   ASSERT_TRUE(StartEmbeddedTestServer());
 125   EXPECT_TRUE(RunExtensionTest("permissions/optional_deny")) << message_;
 126 }
 127
 128 // Tests that the permissions.request function must be called from within a
 129 // user gesture.
 130 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsGesture) {
 131   PermissionsRequestFunction::SetIgnoreUserGestureForTests(false);
 132   host_resolver()->AddRule("*.com", "127.0.0.1");
 133   ASSERT_TRUE(StartEmbeddedTestServer());
 134   EXPECT_TRUE(RunExtensionTest("permissions/optional_gesture")) << message_;
 135 }
 136
 137 // Tests that the user gesture is retained in the permissions.request function
 138 // callback.
 139 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsRetainGesture) {
 140   PermissionsRequestFunction::SetAutoConfirmForTests(true);
 141   PermissionsRequestFunction::SetIgnoreUserGestureForTests(false);
 142   host_resolver()->AddRule("*.com", "127.0.0.1");
 143   ASSERT_TRUE(StartEmbeddedTestServer());
 144   EXPECT_TRUE(RunExtensionTest("permissions/optional_retain_gesture"))
 145       << message_;
 146 }
 147
 148 // Test that optional permissions blocked by enterprise policy will be denied
 149 // automatically.
 150 IN_PROC_BROWSER_TEST_F(ExtensionApiTestWithManagementPolicy,
 151                        OptionalPermissionsPolicyBlocked) {
 152   // Set enterprise policy to block some API permissions.
 153   {
 154     ExtensionManagementPolicyUpdater pref(&policy_provider_);
 155     pref.AddBlockedPermission("*", "management");
 156   }
 157   // Set auto confirm UI flag.
 158   PermissionsRequestFunction::SetAutoConfirmForTests(true);
 159   PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
 160   EXPECT_TRUE(RunExtensionTest("permissions/optional_policy_blocked"))
 161       << message_;
 162 }
 163
 164 // Tests that an extension can't gain access to file: URLs without the checkbox
 165 // entry in prefs. There shouldn't be a warning either.
 166 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsFileAccess) {
 167   // There shouldn't be a warning, so we shouldn't need to autoconfirm.
 168   PermissionsRequestFunction::SetAutoConfirmForTests(false);
 169   PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
 170
 171   ExtensionPrefs* prefs = ExtensionPrefs::Get(browser()->profile());
 172
 173   EXPECT_TRUE(
 174       RunExtensionTestNoFileAccess("permissions/file_access_no")) << message_;
 175   EXPECT_FALSE(prefs->AllowFileAccess("dgloelfbnddbdacakahpogklfdcccbib"));
 176
 177   EXPECT_TRUE(RunExtensionTest("permissions/file_access_yes")) << message_;
 178   // TODO(kalman): ugh, it would be nice to test this condition, but it seems
 179   // like there's somehow a race here where the prefs aren't updated in time
 180   // with the "allow file access" bit, so we'll just have to trust that
 181   // RunExtensionTest (unlike RunExtensionTestNoFileAccess) does indeed
 182   // not set the allow file access bit. Otherwise this test doesn't mean
 183   // a whole lot (i.e. file access works - but it'd better not be the case
 184   // that the extension actually has file access, since that'd be the bug
 185   // that this is supposed to be testing).
 186   // EXPECT_TRUE(prefs->AllowFileAccess("hlonmbgfjccgolnaboonlakjckinmhmd"));
 187 }
 188
 189 // Test requesting, querying, and removing host permissions for host
 190 // permissions that are a subset of the optional permissions.
 191 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, HostSubsets) {
 192   PermissionsRequestFunction::SetAutoConfirmForTests(true);
 193   PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
 194   EXPECT_TRUE(RunExtensionTest("permissions/host_subsets")) << message_;
 195 }
 196
 197 // Tests that requesting an optional permission from a background page, with
 198 // another window open, grants the permission and updates the bindings
 199 // (chrome.whatever, in this case chrome.alarms). Regression test for
 200 // crbug.com/435141, see details there for trickiness.
 201 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsUpdatesBindings) {
 202   ASSERT_TRUE(RunExtensionTest("permissions/optional_updates_bindings"))
 203       << message_;
 204 }
 205
 206 }  // namespace extensions