1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
8 #include "base/logging.h"
9 #include "base/memory/ref_counted.h"
10 #include "base/memory/scoped_ptr.h"
11 #include "base/prefs/pref_registry_simple.h"
12 #include "base/prefs/testing_pref_service.h"
13 #include "base/stl_util.h"
14 #include "base/strings/string16.h"
15 #include "base/values.h"
16 #include "chrome/browser/extensions/extension_management.h"
17 #include "chrome/browser/extensions/extension_management_test_util.h"
18 #include "chrome/browser/extensions/permissions_based_management_policy_provider.h"
19 #include "chrome/common/extensions/permissions/chrome_api_permissions.h"
20 #include "extensions/common/extension.h"
21 #include "extensions/common/manifest.h"
22 #include "extensions/common/manifest_constants.h"
23 #include "extensions/common/permissions/api_permission.h"
24 #include "testing/gtest/include/gtest/gtest.h"
26 namespace extensions
{
28 class PermissionsBasedManagementPolicyProviderTest
: public testing::Test
{
30 typedef ExtensionManagementPrefUpdater
<TestingPrefServiceSimple
> PrefUpdater
;
32 PermissionsBasedManagementPolicyProviderTest()
33 : pref_service_(new TestingPrefServiceSimple()),
34 settings_(new ExtensionManagement(pref_service_
.get())),
35 provider_(settings_
.get()) {}
37 void SetUp() override
{
38 ChromeAPIPermissions api_permissions
;
39 perm_list_
= api_permissions
.GetAllPermissions();
40 pref_service_
->registry()->RegisterDictionaryPref(
41 pref_names::kExtensionManagement
);
44 void TearDown() override
{
45 STLDeleteElements(&perm_list_
);
48 // Get API permissions name for |id|, we cannot use arbitrary strings since
49 // they will be ignored by ExtensionManagementService.
50 std::string
GetAPIPermissionName(APIPermission::ID id
) {
51 for (const auto& perm
: perm_list_
) {
55 ADD_FAILURE() << "Permission not found: " << id
;
59 // Create an extension with specified |location|, |required_permissions| and
60 // |optional_permissions|.
61 scoped_refptr
<const Extension
> CreateExtensionWithPermission(
62 Manifest::Location location
,
63 const base::ListValue
* required_permissions
,
64 const base::ListValue
* optional_permissions
) {
65 base::DictionaryValue manifest_dict
;
66 manifest_dict
.SetString(manifest_keys::kName
, "test");
67 manifest_dict
.SetString(manifest_keys::kVersion
, "0.1");
68 if (required_permissions
) {
69 manifest_dict
.Set(manifest_keys::kPermissions
,
70 required_permissions
->DeepCopy());
72 if (optional_permissions
) {
73 manifest_dict
.Set(manifest_keys::kOptionalPermissions
,
74 optional_permissions
->DeepCopy());
77 scoped_refptr
<const Extension
> extension
= Extension::Create(
78 base::FilePath(), location
, manifest_dict
, Extension::NO_FLAGS
, &error
);
79 CHECK(extension
.get()) << error
;
84 std::vector
<APIPermissionInfo
*> perm_list_
;
86 scoped_ptr
<TestingPrefServiceSimple
> pref_service_
;
87 scoped_ptr
<ExtensionManagement
> settings_
;
89 PermissionsBasedManagementPolicyProvider provider_
;
92 // Verifies that extensions with conflicting permissions cannot be loaded.
93 TEST_F(PermissionsBasedManagementPolicyProviderTest
, APIPermissions
) {
94 // Prepares the extension manifest.
95 base::ListValue required_permissions
;
96 required_permissions
.AppendString(
97 GetAPIPermissionName(APIPermission::kDownloads
));
98 required_permissions
.AppendString(
99 GetAPIPermissionName(APIPermission::kCookie
));
100 base::ListValue optional_permissions
;
101 optional_permissions
.AppendString(
102 GetAPIPermissionName(APIPermission::kProxy
));
104 scoped_refptr
<const Extension
> extension
=
105 CreateExtensionWithPermission(Manifest::EXTERNAL_POLICY_DOWNLOAD
,
106 &required_permissions
,
107 &optional_permissions
);
109 base::string16 error16
;
110 // The extension should be allowed to be loaded by default.
112 EXPECT_TRUE(provider_
.UserMayLoad(extension
.get(), &error16
));
113 EXPECT_TRUE(error16
.empty());
115 // Blocks kProxy by default. The test extension should still be allowed.
117 PrefUpdater
pref(pref_service_
.get());
118 pref
.AddBlockedPermission("*",
119 GetAPIPermissionName(APIPermission::kProxy
));
122 EXPECT_TRUE(provider_
.UserMayLoad(extension
.get(), &error16
));
123 EXPECT_TRUE(error16
.empty());
125 // Blocks kCookie this time. The test extension should not be allowed now.
127 PrefUpdater
pref(pref_service_
.get());
128 pref
.AddBlockedPermission("*",
129 GetAPIPermissionName(APIPermission::kCookie
));
132 EXPECT_FALSE(provider_
.UserMayLoad(extension
.get(), &error16
));
133 EXPECT_FALSE(error16
.empty());
135 // Explictly allows kCookie for test extension. It should be allowed again.
137 PrefUpdater
pref(pref_service_
.get());
138 pref
.AddAllowedPermission(extension
->id(),
139 GetAPIPermissionName(APIPermission::kCookie
));
142 EXPECT_TRUE(provider_
.UserMayLoad(extension
.get(), &error16
));
143 EXPECT_TRUE(error16
.empty());
145 // Explictly blocks kCookie for test extension. It should be blocked again.
147 PrefUpdater
pref(pref_service_
.get());
148 pref
.AddBlockedPermission(extension
->id(),
149 GetAPIPermissionName(APIPermission::kCookie
));
152 EXPECT_FALSE(provider_
.UserMayLoad(extension
.get(), &error16
));
153 EXPECT_FALSE(error16
.empty());
155 // Blocks kDownloads by default. It should be blocked.
157 PrefUpdater
pref(pref_service_
.get());
158 pref
.UnsetBlockedPermissions(extension
->id());
159 pref
.UnsetAllowedPermissions(extension
->id());
160 pref
.ClearBlockedPermissions("*");
161 pref
.AddBlockedPermission("*",
162 GetAPIPermissionName(APIPermission::kDownloads
));
165 EXPECT_FALSE(provider_
.UserMayLoad(extension
.get(), &error16
));
166 EXPECT_FALSE(error16
.empty());
169 } // namespace extensions
