Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / extensions / extension_management_unittest.cc
blob804e91c28b548496d995c963d0dd5e58f4cb2454
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include <algorithm>
6 #include <string>
7 #include <vector>
9 #include "base/json/json_parser.h"
10 #include "base/memory/scoped_ptr.h"
11 #include "base/prefs/pref_registry_simple.h"
12 #include "base/prefs/testing_pref_service.h"
13 #include "base/values.h"
14 #include "chrome/browser/extensions/extension_management.h"
15 #include "chrome/browser/extensions/extension_management_internal.h"
16 #include "chrome/browser/extensions/extension_management_test_util.h"
17 #include "chrome/browser/extensions/external_policy_loader.h"
18 #include "chrome/browser/extensions/standard_management_policy_provider.h"
19 #include "extensions/browser/pref_names.h"
20 #include "extensions/common/manifest.h"
21 #include "extensions/common/manifest_constants.h"
22 #include "extensions/common/permissions/api_permission.h"
23 #include "extensions/common/permissions/permissions_info.h"
24 #include "extensions/common/url_pattern.h"
25 #include "testing/gtest/include/gtest/gtest.h"
26 #include "url/gurl.h"
28 namespace extensions {
30 namespace {
32 const char kTargetExtension[] = "abcdefghijklmnopabcdefghijklmnop";
33 const char kTargetExtension2[] = "bcdefghijklmnopabcdefghijklmnopa";
34 const char kTargetExtension3[] = "cdefghijklmnopabcdefghijklmnopab";
35 const char kTargetExtension4[] = "defghijklmnopabcdefghijklmnopabc";
36 const char kExampleUpdateUrl[] = "http://example.com/update_url";
38 const char kNonExistingExtension[] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
39 const char kNonExistingUpdateUrl[] = "http://example.net/update.xml";
41 const char kExampleDictPreference[] =
42 "{"
43 " \"abcdefghijklmnopabcdefghijklmnop\": {" // kTargetExtension
44 " \"installation_mode\": \"allowed\","
45 " \"blocked_permissions\": [\"fileSystem\", \"bookmarks\"],"
46 " \"minimum_version_required\": \"1.1.0\","
47 " },"
48 " \"bcdefghijklmnopabcdefghijklmnopa\": {" // kTargetExtension2
49 " \"installation_mode\": \"force_installed\","
50 " \"update_url\": \"http://example.com/update_url\","
51 " \"allowed_permissions\": [\"fileSystem\", \"bookmarks\"],"
52 " },"
53 " \"cdefghijklmnopabcdefghijklmnopab\": {" // kTargetExtension3
54 " \"installation_mode\": \"normal_installed\","
55 " \"update_url\": \"http://example.com/update_url\","
56 " \"allowed_permissions\": [\"fileSystem\", \"downloads\"],"
57 " \"blocked_permissions\": [\"fileSystem\", \"history\"],"
58 " },"
59 " \"defghijklmnopabcdefghijklmnopabc\": {" // kTargetExtension4
60 " \"installation_mode\": \"blocked\","
61 " },"
62 " \"update_url:http://example.com/update_url\": {" // kExampleUpdateUrl
63 " \"installation_mode\": \"allowed\","
64 " \"allowed_permissions\": [\"downloads\"],"
65 " \"blocked_permissions\": [\"bookmarks\"],"
66 " },"
67 " \"*\": {"
68 " \"installation_mode\": \"blocked\","
69 " \"install_sources\": [\"*://foo.com/*\"],"
70 " \"allowed_types\": [\"theme\", \"user_script\"],"
71 " \"blocked_permissions\": [\"fileSystem\", \"downloads\"],"
72 " },"
73 "}";
75 } // namespace
77 class ExtensionManagementServiceTest : public testing::Test {
78 public:
79 typedef ExtensionManagementPrefUpdater<TestingPrefServiceSimple> PrefUpdater;
81 ExtensionManagementServiceTest() {}
82 ~ExtensionManagementServiceTest() override {}
84 // testing::Test:
85 void SetUp() override { InitPrefService(); }
87 void InitPrefService() {
88 extension_management_.reset();
89 pref_service_.reset(new TestingPrefServiceSimple());
90 pref_service_->registry()->RegisterListPref(
91 pref_names::kAllowedInstallSites);
92 pref_service_->registry()->RegisterListPref(pref_names::kAllowedTypes);
93 pref_service_->registry()->RegisterListPref(pref_names::kInstallDenyList);
94 pref_service_->registry()->RegisterListPref(pref_names::kInstallAllowList);
95 pref_service_->registry()->RegisterDictionaryPref(
96 pref_names::kInstallForceList);
97 pref_service_->registry()->RegisterDictionaryPref(
98 pref_names::kExtensionManagement);
99 extension_management_.reset(new ExtensionManagement(pref_service_.get()));
102 void SetPref(bool managed, const char* path, base::Value* value) {
103 if (managed)
104 pref_service_->SetManagedPref(path, value);
105 else
106 pref_service_->SetUserPref(path, value);
109 void RemovePref(bool managed, const char* path) {
110 if (managed)
111 pref_service_->RemoveManagedPref(path);
112 else
113 pref_service_->RemoveUserPref(path);
116 const internal::GlobalSettings* ReadGlobalSettings() {
117 return extension_management_->global_settings_.get();
120 ExtensionManagement::InstallationMode GetInstallationModeById(
121 const std::string& id) {
122 return GetInstallationMode(id, kNonExistingUpdateUrl);
125 ExtensionManagement::InstallationMode GetInstallationModeByUpdateUrl(
126 const std::string& update_url) {
127 return GetInstallationMode(kNonExistingExtension, update_url);
130 void CheckAutomaticallyInstalledUpdateUrl(const std::string& id,
131 const std::string& update_url) {
132 auto iter = extension_management_->settings_by_id_.find(id);
133 ASSERT_TRUE(iter != extension_management_->settings_by_id_.end());
134 ASSERT_TRUE((iter->second->installation_mode ==
135 ExtensionManagement::INSTALLATION_FORCED) ||
136 (iter->second->installation_mode ==
137 ExtensionManagement::INSTALLATION_RECOMMENDED));
138 EXPECT_EQ(iter->second->update_url, update_url);
141 APIPermissionSet GetBlockedAPIPermissionsById(const std::string& id) {
142 return GetBlockedAPIPermissions(id, kNonExistingUpdateUrl);
145 APIPermissionSet GetBlockedAPIPermissionsByUpdateUrl(
146 const std::string& update_url) {
147 return GetBlockedAPIPermissions(kNonExistingExtension, update_url);
150 void SetExampleDictPref() {
151 std::string error_msg;
152 scoped_ptr<base::Value> parsed = base::JSONReader::ReadAndReturnError(
153 kExampleDictPreference,
154 base::JSONParserOptions::JSON_ALLOW_TRAILING_COMMAS, NULL, &error_msg);
155 ASSERT_TRUE(parsed && parsed->IsType(base::Value::TYPE_DICTIONARY))
156 << error_msg;
157 SetPref(true, pref_names::kExtensionManagement, parsed.release());
160 // Wrapper of ExtensionManagement::GetInstallationMode, |id| and
161 // |update_url| are used to construct an Extension for testing.
162 ExtensionManagement::InstallationMode GetInstallationMode(
163 const std::string& id,
164 const std::string& update_url) {
165 scoped_refptr<const Extension> extension =
166 CreateExtension(Manifest::UNPACKED, "0.1", id, update_url);
167 return extension_management_->GetInstallationMode(extension.get());
170 // Wrapper of ExtensionManagement::GetBlockedAPIPermissions, |id| and
171 // |update_url| are used to construct an Extension for testing.
172 APIPermissionSet GetBlockedAPIPermissions(const std::string& id,
173 const std::string& update_url) {
174 scoped_refptr<const Extension> extension =
175 CreateExtension(Manifest::UNPACKED, "0.1", id, update_url);
176 return extension_management_->GetBlockedAPIPermissions(extension.get());
179 // Wrapper of ExtensionManagement::CheckMinimumVersion, |id| and
180 // |version| are used to construct an Extension for testing.
181 bool CheckMinimumVersion(const std::string& id, const std::string& version) {
182 scoped_refptr<const Extension> extension =
183 CreateExtension(Manifest::UNPACKED, version, id, kNonExistingUpdateUrl);
184 std::string minimum_version_required;
185 bool ret = extension_management_->CheckMinimumVersion(
186 extension.get(), &minimum_version_required);
187 EXPECT_EQ(ret, minimum_version_required.empty());
188 EXPECT_EQ(ret, extension_management_->CheckMinimumVersion(extension.get(),
189 nullptr));
190 return ret;
193 protected:
194 scoped_ptr<TestingPrefServiceSimple> pref_service_;
195 scoped_ptr<ExtensionManagement> extension_management_;
197 private:
198 // Create an extension with specified |location|, |version|, |id| and
199 // |update_url|.
200 scoped_refptr<const Extension> CreateExtension(
201 Manifest::Location location,
202 const std::string& version,
203 const std::string& id,
204 const std::string& update_url) {
205 base::DictionaryValue manifest_dict;
206 manifest_dict.SetString(manifest_keys::kName, "test");
207 manifest_dict.SetString(manifest_keys::kVersion, version);
208 manifest_dict.SetString(manifest_keys::kUpdateURL, update_url);
209 std::string error;
210 scoped_refptr<const Extension> extension =
211 Extension::Create(base::FilePath(), location, manifest_dict,
212 Extension::NO_FLAGS, id, &error);
213 CHECK(extension.get()) << error;
214 return extension;
218 class ExtensionAdminPolicyTest : public ExtensionManagementServiceTest {
219 public:
220 ExtensionAdminPolicyTest() {}
221 ~ExtensionAdminPolicyTest() override {}
223 void SetUpPolicyProvider() {
224 provider_.reset(
225 new StandardManagementPolicyProvider(extension_management_.get()));
228 void CreateExtension(Manifest::Location location) {
229 base::DictionaryValue values;
230 CreateExtensionFromValues(location, &values);
233 void CreateHostedApp(Manifest::Location location) {
234 base::DictionaryValue values;
235 values.Set(extensions::manifest_keys::kWebURLs, new base::ListValue());
236 values.SetString(extensions::manifest_keys::kLaunchWebURL,
237 "http://www.example.com");
238 CreateExtensionFromValues(location, &values);
241 void CreateExtensionFromValues(Manifest::Location location,
242 base::DictionaryValue* values) {
243 values->SetString(extensions::manifest_keys::kName, "test");
244 values->SetString(extensions::manifest_keys::kVersion, "0.1");
245 std::string error;
246 extension_ = Extension::Create(base::FilePath(), location, *values,
247 Extension::NO_FLAGS, &error);
248 ASSERT_TRUE(extension_.get());
251 // Wrappers for legacy admin policy functions, for testing purpose only.
252 bool BlacklistedByDefault(const base::ListValue* blacklist);
253 bool UserMayLoad(const base::ListValue* blacklist,
254 const base::ListValue* whitelist,
255 const base::DictionaryValue* forcelist,
256 const base::ListValue* allowed_types,
257 const Extension* extension,
258 base::string16* error);
259 bool UserMayModifySettings(const Extension* extension, base::string16* error);
260 bool MustRemainEnabled(const Extension* extension, base::string16* error);
262 protected:
263 scoped_ptr<StandardManagementPolicyProvider> provider_;
264 scoped_refptr<Extension> extension_;
267 bool ExtensionAdminPolicyTest::BlacklistedByDefault(
268 const base::ListValue* blacklist) {
269 SetUpPolicyProvider();
270 if (blacklist)
271 SetPref(true, pref_names::kInstallDenyList, blacklist->DeepCopy());
272 return extension_management_->BlacklistedByDefault();
275 bool ExtensionAdminPolicyTest::UserMayLoad(
276 const base::ListValue* blacklist,
277 const base::ListValue* whitelist,
278 const base::DictionaryValue* forcelist,
279 const base::ListValue* allowed_types,
280 const Extension* extension,
281 base::string16* error) {
282 SetUpPolicyProvider();
283 if (blacklist)
284 SetPref(true, pref_names::kInstallDenyList, blacklist->DeepCopy());
285 if (whitelist)
286 SetPref(true, pref_names::kInstallAllowList, whitelist->DeepCopy());
287 if (forcelist)
288 SetPref(true, pref_names::kInstallForceList, forcelist->DeepCopy());
289 if (allowed_types)
290 SetPref(true, pref_names::kAllowedTypes, allowed_types->DeepCopy());
291 return provider_->UserMayLoad(extension, error);
294 bool ExtensionAdminPolicyTest::UserMayModifySettings(const Extension* extension,
295 base::string16* error) {
296 SetUpPolicyProvider();
297 return provider_->UserMayModifySettings(extension, error);
300 bool ExtensionAdminPolicyTest::MustRemainEnabled(const Extension* extension,
301 base::string16* error) {
302 SetUpPolicyProvider();
303 return provider_->MustRemainEnabled(extension, error);
306 // Verify that preference controlled by legacy ExtensionInstallSources policy is
307 // handled well.
308 TEST_F(ExtensionManagementServiceTest, LegacyInstallSources) {
309 base::ListValue allowed_sites_pref;
310 allowed_sites_pref.AppendString("https://www.example.com/foo");
311 allowed_sites_pref.AppendString("https://corp.mycompany.com/*");
312 SetPref(
313 true, pref_names::kAllowedInstallSites, allowed_sites_pref.DeepCopy());
314 const URLPatternSet& allowed_sites = ReadGlobalSettings()->install_sources;
315 ASSERT_TRUE(ReadGlobalSettings()->has_restricted_install_sources);
316 EXPECT_FALSE(allowed_sites.is_empty());
317 EXPECT_TRUE(allowed_sites.MatchesURL(GURL("https://www.example.com/foo")));
318 EXPECT_FALSE(allowed_sites.MatchesURL(GURL("https://www.example.com/bar")));
319 EXPECT_TRUE(
320 allowed_sites.MatchesURL(GURL("https://corp.mycompany.com/entry")));
321 EXPECT_FALSE(
322 allowed_sites.MatchesURL(GURL("https://www.mycompany.com/entry")));
325 // Verify that preference controlled by legacy ExtensionAllowedTypes policy is
326 // handled well.
327 TEST_F(ExtensionManagementServiceTest, LegacyAllowedTypes) {
328 base::ListValue allowed_types_pref;
329 allowed_types_pref.AppendInteger(Manifest::TYPE_THEME);
330 allowed_types_pref.AppendInteger(Manifest::TYPE_USER_SCRIPT);
332 SetPref(true, pref_names::kAllowedTypes, allowed_types_pref.DeepCopy());
333 const std::vector<Manifest::Type>& allowed_types =
334 ReadGlobalSettings()->allowed_types;
335 ASSERT_TRUE(ReadGlobalSettings()->has_restricted_allowed_types);
336 EXPECT_EQ(allowed_types.size(), 2u);
337 EXPECT_FALSE(std::find(allowed_types.begin(),
338 allowed_types.end(),
339 Manifest::TYPE_EXTENSION) != allowed_types.end());
340 EXPECT_TRUE(std::find(allowed_types.begin(),
341 allowed_types.end(),
342 Manifest::TYPE_THEME) != allowed_types.end());
343 EXPECT_TRUE(std::find(allowed_types.begin(),
344 allowed_types.end(),
345 Manifest::TYPE_USER_SCRIPT) != allowed_types.end());
348 // Verify that preference controlled by legacy ExtensionInstallBlacklist policy
349 // is handled well.
350 TEST_F(ExtensionManagementServiceTest, LegacyInstallBlacklist) {
351 base::ListValue denied_list_pref;
352 denied_list_pref.AppendString(kTargetExtension);
354 SetPref(true, pref_names::kInstallDenyList, denied_list_pref.DeepCopy());
355 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
356 ExtensionManagement::INSTALLATION_BLOCKED);
357 EXPECT_EQ(GetInstallationModeById(kNonExistingExtension),
358 ExtensionManagement::INSTALLATION_ALLOWED);
361 // Verify that preference controlled by legacy ExtensionInstallWhitelist policy
362 // is handled well.
363 TEST_F(ExtensionManagementServiceTest, LegacyInstallWhitelist) {
364 base::ListValue denied_list_pref;
365 denied_list_pref.AppendString("*");
366 base::ListValue allowed_list_pref;
367 allowed_list_pref.AppendString(kTargetExtension);
369 SetPref(true, pref_names::kInstallDenyList, denied_list_pref.DeepCopy());
370 SetPref(true, pref_names::kInstallAllowList, allowed_list_pref.DeepCopy());
371 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
372 ExtensionManagement::INSTALLATION_ALLOWED);
373 EXPECT_EQ(GetInstallationModeById(kNonExistingExtension),
374 ExtensionManagement::INSTALLATION_BLOCKED);
376 // Verify that install whitelist preference set by user is ignored.
377 RemovePref(true, pref_names::kInstallAllowList);
378 SetPref(false, pref_names::kInstallAllowList, allowed_list_pref.DeepCopy());
379 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
380 ExtensionManagement::INSTALLATION_BLOCKED);
383 // Verify that preference controlled by legacy ExtensionInstallForcelist policy
384 // is handled well.
385 TEST_F(ExtensionManagementServiceTest, LegacyInstallForcelist) {
386 base::DictionaryValue forced_list_pref;
387 ExternalPolicyLoader::AddExtension(
388 &forced_list_pref, kTargetExtension, kExampleUpdateUrl);
390 SetPref(true, pref_names::kInstallForceList, forced_list_pref.DeepCopy());
391 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
392 ExtensionManagement::INSTALLATION_FORCED);
393 CheckAutomaticallyInstalledUpdateUrl(kTargetExtension, kExampleUpdateUrl);
394 EXPECT_EQ(GetInstallationModeById(kNonExistingExtension),
395 ExtensionManagement::INSTALLATION_ALLOWED);
397 // Verify that install forcelist preference set by user is ignored.
398 RemovePref(true, pref_names::kInstallForceList);
399 SetPref(false, pref_names::kInstallForceList, forced_list_pref.DeepCopy());
400 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
401 ExtensionManagement::INSTALLATION_ALLOWED);
404 // Tests parsing of new dictionary preference.
405 TEST_F(ExtensionManagementServiceTest, PreferenceParsing) {
406 SetExampleDictPref();
408 // Verifies the installation mode settings.
409 EXPECT_TRUE(extension_management_->BlacklistedByDefault());
410 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
411 ExtensionManagement::INSTALLATION_ALLOWED);
412 EXPECT_EQ(GetInstallationModeById(kTargetExtension2),
413 ExtensionManagement::INSTALLATION_FORCED);
414 CheckAutomaticallyInstalledUpdateUrl(kTargetExtension2, kExampleUpdateUrl);
415 EXPECT_EQ(GetInstallationModeById(kTargetExtension3),
416 ExtensionManagement::INSTALLATION_RECOMMENDED);
417 CheckAutomaticallyInstalledUpdateUrl(kTargetExtension3, kExampleUpdateUrl);
418 EXPECT_EQ(GetInstallationModeById(kNonExistingExtension),
419 ExtensionManagement::INSTALLATION_BLOCKED);
420 EXPECT_EQ(GetInstallationModeByUpdateUrl(kExampleUpdateUrl),
421 ExtensionManagement::INSTALLATION_ALLOWED);
423 // Verifies global settings.
424 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_install_sources);
425 const URLPatternSet& allowed_sites = ReadGlobalSettings()->install_sources;
426 EXPECT_EQ(allowed_sites.size(), 1u);
427 EXPECT_TRUE(allowed_sites.MatchesURL(GURL("http://foo.com/entry")));
428 EXPECT_FALSE(allowed_sites.MatchesURL(GURL("http://bar.com/entry")));
430 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_allowed_types);
431 const std::vector<Manifest::Type>& allowed_types =
432 ReadGlobalSettings()->allowed_types;
433 EXPECT_EQ(allowed_types.size(), 2u);
434 EXPECT_TRUE(std::find(allowed_types.begin(),
435 allowed_types.end(),
436 Manifest::TYPE_THEME) != allowed_types.end());
437 EXPECT_TRUE(std::find(allowed_types.begin(),
438 allowed_types.end(),
439 Manifest::TYPE_USER_SCRIPT) != allowed_types.end());
441 // Verifies blocked permission list settings.
442 APIPermissionSet api_permission_set;
443 api_permission_set.clear();
444 api_permission_set.insert(APIPermission::kFileSystem);
445 api_permission_set.insert(APIPermission::kDownloads);
446 EXPECT_EQ(api_permission_set,
447 GetBlockedAPIPermissionsById(kNonExistingExtension));
449 api_permission_set.clear();
450 api_permission_set.insert(APIPermission::kFileSystem);
451 api_permission_set.insert(APIPermission::kDownloads);
452 api_permission_set.insert(APIPermission::kBookmark);
453 EXPECT_EQ(api_permission_set, GetBlockedAPIPermissionsById(kTargetExtension));
455 api_permission_set.clear();
456 api_permission_set.insert(APIPermission::kDownloads);
457 EXPECT_EQ(api_permission_set,
458 GetBlockedAPIPermissionsById(kTargetExtension2));
460 api_permission_set.clear();
461 api_permission_set.insert(APIPermission::kFileSystem);
462 api_permission_set.insert(APIPermission::kHistory);
463 EXPECT_EQ(api_permission_set,
464 GetBlockedAPIPermissionsById(kTargetExtension3));
466 api_permission_set.clear();
467 api_permission_set.insert(APIPermission::kFileSystem);
468 api_permission_set.insert(APIPermission::kBookmark);
469 EXPECT_EQ(api_permission_set,
470 GetBlockedAPIPermissionsByUpdateUrl(kExampleUpdateUrl));
472 // Verifies minimum version settings.
473 EXPECT_FALSE(CheckMinimumVersion(kTargetExtension, "1.0.99"));
474 EXPECT_TRUE(CheckMinimumVersion(kTargetExtension, "1.1"));
475 EXPECT_TRUE(CheckMinimumVersion(kTargetExtension, "1.1.0.1"));
478 // Tests the handling of installation mode in case it's specified in both
479 // per-extension and per-update-url settings.
480 TEST_F(ExtensionManagementServiceTest, InstallationModeConflictHandling) {
481 SetExampleDictPref();
483 // Per-extension installation mode settings should always override
484 // per-update-url settings.
485 EXPECT_EQ(GetInstallationMode(kTargetExtension, kExampleUpdateUrl),
486 ExtensionManagement::INSTALLATION_ALLOWED);
487 EXPECT_EQ(GetInstallationMode(kTargetExtension2, kExampleUpdateUrl),
488 ExtensionManagement::INSTALLATION_FORCED);
489 EXPECT_EQ(GetInstallationMode(kTargetExtension3, kExampleUpdateUrl),
490 ExtensionManagement::INSTALLATION_RECOMMENDED);
493 // Tests the handling of blocked permissions in case it's specified in both
494 // per-extension and per-update-url settings.
495 TEST_F(ExtensionManagementServiceTest, BlockedPermissionsConflictHandling) {
496 SetExampleDictPref();
498 // Both settings should be enforced.
499 APIPermissionSet blocked_permissions_for_update_url;
500 blocked_permissions_for_update_url.insert(APIPermission::kFileSystem);
501 blocked_permissions_for_update_url.insert(APIPermission::kBookmark);
503 APIPermissionSet api_permission_set;
505 api_permission_set = blocked_permissions_for_update_url;
506 api_permission_set.insert(APIPermission::kFileSystem);
507 api_permission_set.insert(APIPermission::kDownloads);
508 api_permission_set.insert(APIPermission::kBookmark);
509 EXPECT_EQ(api_permission_set,
510 GetBlockedAPIPermissions(kTargetExtension, kExampleUpdateUrl));
512 api_permission_set = blocked_permissions_for_update_url;
513 api_permission_set.insert(APIPermission::kDownloads);
514 EXPECT_EQ(api_permission_set,
515 GetBlockedAPIPermissions(kTargetExtension2, kExampleUpdateUrl));
517 api_permission_set = blocked_permissions_for_update_url;
518 api_permission_set.insert(APIPermission::kFileSystem);
519 api_permission_set.insert(APIPermission::kHistory);
520 EXPECT_EQ(api_permission_set,
521 GetBlockedAPIPermissions(kTargetExtension3, kExampleUpdateUrl));
524 // Tests the 'minimum_version_required' settings of extension management.
525 TEST_F(ExtensionManagementServiceTest, kMinimumVersionRequired) {
526 EXPECT_TRUE(CheckMinimumVersion(kTargetExtension, "0.0"));
527 EXPECT_TRUE(CheckMinimumVersion(kTargetExtension, "3.0.0"));
528 EXPECT_TRUE(CheckMinimumVersion(kTargetExtension, "9999.0"));
531 PrefUpdater pref(pref_service_.get());
532 pref.SetMinimumVersionRequired(kTargetExtension, "3.0");
535 EXPECT_FALSE(CheckMinimumVersion(kTargetExtension, "0.0"));
536 EXPECT_FALSE(CheckMinimumVersion(kTargetExtension, "2.99"));
537 EXPECT_TRUE(CheckMinimumVersion(kTargetExtension, "3.0.0"));
538 EXPECT_TRUE(CheckMinimumVersion(kTargetExtension, "3.0.1"));
539 EXPECT_TRUE(CheckMinimumVersion(kTargetExtension, "4.0"));
542 // Tests functionality of new preference as to deprecate legacy
543 // ExtensionInstallSources policy.
544 TEST_F(ExtensionManagementServiceTest, NewInstallSources) {
545 // Set the legacy preference, and verifies that it works.
546 base::ListValue allowed_sites_pref;
547 allowed_sites_pref.AppendString("https://www.example.com/foo");
548 SetPref(
549 true, pref_names::kAllowedInstallSites, allowed_sites_pref.DeepCopy());
550 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_install_sources);
551 EXPECT_TRUE(ReadGlobalSettings()->install_sources.MatchesURL(
552 GURL("https://www.example.com/foo")));
554 // Set the new dictionary preference.
556 PrefUpdater updater(pref_service_.get());
557 updater.ClearInstallSources();
559 // Verifies that the new one overrides the legacy ones.
560 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_install_sources);
561 EXPECT_FALSE(ReadGlobalSettings()->install_sources.MatchesURL(
562 GURL("https://www.example.com/foo")));
564 // Updates the new dictionary preference.
566 PrefUpdater updater(pref_service_.get());
567 updater.AddInstallSource("https://corp.mycompany.com/*");
569 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_install_sources);
570 EXPECT_TRUE(ReadGlobalSettings()->install_sources.MatchesURL(
571 GURL("https://corp.mycompany.com/entry")));
574 // Tests functionality of new preference as to deprecate legacy
575 // ExtensionAllowedTypes policy.
576 TEST_F(ExtensionManagementServiceTest, NewAllowedTypes) {
577 // Set the legacy preference, and verifies that it works.
578 base::ListValue allowed_types_pref;
579 allowed_types_pref.AppendInteger(Manifest::TYPE_USER_SCRIPT);
580 SetPref(true, pref_names::kAllowedTypes, allowed_types_pref.DeepCopy());
581 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_allowed_types);
582 EXPECT_EQ(ReadGlobalSettings()->allowed_types.size(), 1u);
583 EXPECT_EQ(ReadGlobalSettings()->allowed_types[0], Manifest::TYPE_USER_SCRIPT);
585 // Set the new dictionary preference.
587 PrefUpdater updater(pref_service_.get());
588 updater.ClearAllowedTypes();
590 // Verifies that the new one overrides the legacy ones.
591 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_allowed_types);
592 EXPECT_EQ(ReadGlobalSettings()->allowed_types.size(), 0u);
594 // Updates the new dictionary preference.
596 PrefUpdater updater(pref_service_.get());
597 updater.AddAllowedType("theme");
599 EXPECT_TRUE(ReadGlobalSettings()->has_restricted_allowed_types);
600 EXPECT_EQ(ReadGlobalSettings()->allowed_types.size(), 1u);
601 EXPECT_EQ(ReadGlobalSettings()->allowed_types[0], Manifest::TYPE_THEME);
604 // Tests functionality of new preference as to deprecate legacy
605 // ExtensionInstallBlacklist policy.
606 TEST_F(ExtensionManagementServiceTest, NewInstallBlacklist) {
607 // Set the new dictionary preference.
609 PrefUpdater updater(pref_service_.get());
610 updater.SetBlacklistedByDefault(false); // Allowed by default.
611 updater.SetIndividualExtensionInstallationAllowed(kTargetExtension, false);
612 updater.ClearPerExtensionSettings(kTargetExtension2);
614 EXPECT_FALSE(extension_management_->BlacklistedByDefault());
615 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
616 ExtensionManagement::INSTALLATION_BLOCKED);
617 EXPECT_EQ(GetInstallationModeById(kNonExistingExtension),
618 ExtensionManagement::INSTALLATION_ALLOWED);
620 // Set legacy preference.
621 base::ListValue denied_list_pref;
622 denied_list_pref.AppendString("*");
623 denied_list_pref.AppendString(kTargetExtension2);
624 SetPref(true, pref_names::kInstallDenyList, denied_list_pref.DeepCopy());
626 base::ListValue allowed_list_pref;
627 allowed_list_pref.AppendString(kTargetExtension);
628 SetPref(true, pref_names::kInstallAllowList, allowed_list_pref.DeepCopy());
630 // Verifies that the new one have higher priority over the legacy ones.
631 EXPECT_FALSE(extension_management_->BlacklistedByDefault());
632 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
633 ExtensionManagement::INSTALLATION_BLOCKED);
634 EXPECT_EQ(GetInstallationModeById(kTargetExtension2),
635 ExtensionManagement::INSTALLATION_BLOCKED);
636 EXPECT_EQ(GetInstallationModeById(kNonExistingExtension),
637 ExtensionManagement::INSTALLATION_ALLOWED);
640 // Tests functionality of new preference as to deprecate legacy
641 // ExtensionInstallWhitelist policy.
642 TEST_F(ExtensionManagementServiceTest, NewInstallWhitelist) {
643 // Set the new dictionary preference.
645 PrefUpdater updater(pref_service_.get());
646 updater.SetBlacklistedByDefault(true); // Disallowed by default.
647 updater.SetIndividualExtensionInstallationAllowed(kTargetExtension, true);
648 updater.ClearPerExtensionSettings(kTargetExtension2);
650 EXPECT_TRUE(extension_management_->BlacklistedByDefault());
651 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
652 ExtensionManagement::INSTALLATION_ALLOWED);
653 EXPECT_EQ(GetInstallationModeById(kNonExistingExtension),
654 ExtensionManagement::INSTALLATION_BLOCKED);
656 // Set legacy preference.
657 base::ListValue denied_list_pref;
658 denied_list_pref.AppendString(kTargetExtension);
659 SetPref(true, pref_names::kInstallDenyList, denied_list_pref.DeepCopy());
661 base::ListValue allowed_list_pref;
662 allowed_list_pref.AppendString(kTargetExtension2);
663 SetPref(true, pref_names::kInstallAllowList, allowed_list_pref.DeepCopy());
665 // Verifies that the new one have higher priority over the legacy ones.
666 EXPECT_TRUE(extension_management_->BlacklistedByDefault());
667 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
668 ExtensionManagement::INSTALLATION_ALLOWED);
669 EXPECT_EQ(GetInstallationModeById(kTargetExtension2),
670 ExtensionManagement::INSTALLATION_ALLOWED);
671 EXPECT_EQ(GetInstallationModeById(kNonExistingExtension),
672 ExtensionManagement::INSTALLATION_BLOCKED);
675 // Tests functionality of new preference as to deprecate legacy
676 // ExtensionInstallForcelist policy.
677 TEST_F(ExtensionManagementServiceTest, NewInstallForcelist) {
678 // Set some legacy preferences, to verify that the new one overrides the
679 // legacy ones.
680 base::ListValue denied_list_pref;
681 denied_list_pref.AppendString(kTargetExtension);
682 SetPref(true, pref_names::kInstallDenyList, denied_list_pref.DeepCopy());
684 // Set the new dictionary preference.
686 PrefUpdater updater(pref_service_.get());
687 updater.SetIndividualExtensionAutoInstalled(
688 kTargetExtension, kExampleUpdateUrl, true);
690 EXPECT_EQ(GetInstallationModeById(kTargetExtension),
691 ExtensionManagement::INSTALLATION_FORCED);
692 CheckAutomaticallyInstalledUpdateUrl(kTargetExtension, kExampleUpdateUrl);
693 EXPECT_EQ(GetInstallationModeById(kNonExistingExtension),
694 ExtensionManagement::INSTALLATION_ALLOWED);
697 // Tests the behavior of IsInstallationExplicitlyAllowed().
698 TEST_F(ExtensionManagementServiceTest, IsInstallationExplicitlyAllowed) {
699 SetExampleDictPref();
701 // Constant name indicates the installation_mode of extensions in example
702 // preference.
703 const char* allowed = kTargetExtension;
704 const char* forced = kTargetExtension2;
705 const char* recommended = kTargetExtension3;
706 const char* blocked = kTargetExtension4;
707 const char* not_specified = kNonExistingExtension;
709 // BlacklistedByDefault() is true in example preference.
710 EXPECT_TRUE(extension_management_->IsInstallationExplicitlyAllowed(allowed));
711 EXPECT_TRUE(extension_management_->IsInstallationExplicitlyAllowed(forced));
712 EXPECT_TRUE(
713 extension_management_->IsInstallationExplicitlyAllowed(recommended));
714 EXPECT_FALSE(extension_management_->IsInstallationExplicitlyAllowed(blocked));
715 EXPECT_FALSE(
716 extension_management_->IsInstallationExplicitlyAllowed(not_specified));
719 // Set BlacklistedByDefault() to false.
720 PrefUpdater pref(pref_service_.get());
721 pref.SetBlacklistedByDefault(false);
724 // The result should remain the same.
725 EXPECT_TRUE(extension_management_->IsInstallationExplicitlyAllowed(allowed));
726 EXPECT_TRUE(extension_management_->IsInstallationExplicitlyAllowed(forced));
727 EXPECT_TRUE(
728 extension_management_->IsInstallationExplicitlyAllowed(recommended));
729 EXPECT_FALSE(extension_management_->IsInstallationExplicitlyAllowed(blocked));
730 EXPECT_FALSE(
731 extension_management_->IsInstallationExplicitlyAllowed(not_specified));
734 // Tests the flag value indicating that extensions are blacklisted by default.
735 TEST_F(ExtensionAdminPolicyTest, BlacklistedByDefault) {
736 EXPECT_FALSE(BlacklistedByDefault(NULL));
738 base::ListValue blacklist;
739 blacklist.Append(new base::StringValue(kNonExistingExtension));
740 EXPECT_FALSE(BlacklistedByDefault(&blacklist));
741 blacklist.Append(new base::StringValue("*"));
742 EXPECT_TRUE(BlacklistedByDefault(&blacklist));
744 blacklist.Clear();
745 blacklist.Append(new base::StringValue("*"));
746 EXPECT_TRUE(BlacklistedByDefault(&blacklist));
749 // Tests UserMayLoad for required extensions.
750 TEST_F(ExtensionAdminPolicyTest, UserMayLoadRequired) {
751 CreateExtension(Manifest::COMPONENT);
752 EXPECT_TRUE(UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(), NULL));
753 base::string16 error;
754 EXPECT_TRUE(UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(), &error));
755 EXPECT_TRUE(error.empty());
757 // Required extensions may load even if they're on the blacklist.
758 base::ListValue blacklist;
759 blacklist.Append(new base::StringValue(extension_->id()));
760 EXPECT_TRUE(
761 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL));
763 blacklist.Append(new base::StringValue("*"));
764 EXPECT_TRUE(
765 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL));
768 // Tests UserMayLoad when no blacklist exists, or it's empty.
769 TEST_F(ExtensionAdminPolicyTest, UserMayLoadNoBlacklist) {
770 CreateExtension(Manifest::INTERNAL);
771 EXPECT_TRUE(UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(), NULL));
772 base::ListValue blacklist;
773 EXPECT_TRUE(
774 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL));
775 base::string16 error;
776 EXPECT_TRUE(
777 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), &error));
778 EXPECT_TRUE(error.empty());
781 // Tests UserMayLoad for an extension on the whitelist.
782 TEST_F(ExtensionAdminPolicyTest, UserMayLoadWhitelisted) {
783 CreateExtension(Manifest::INTERNAL);
785 base::ListValue whitelist;
786 whitelist.Append(new base::StringValue(extension_->id()));
787 EXPECT_TRUE(
788 UserMayLoad(NULL, &whitelist, NULL, NULL, extension_.get(), NULL));
790 base::ListValue blacklist;
791 blacklist.Append(new base::StringValue(extension_->id()));
792 EXPECT_TRUE(
793 UserMayLoad(NULL, &whitelist, NULL, NULL, extension_.get(), NULL));
794 base::string16 error;
795 EXPECT_TRUE(
796 UserMayLoad(NULL, &whitelist, NULL, NULL, extension_.get(), &error));
797 EXPECT_TRUE(error.empty());
800 // Tests UserMayLoad for an extension on the blacklist.
801 TEST_F(ExtensionAdminPolicyTest, UserMayLoadBlacklisted) {
802 CreateExtension(Manifest::INTERNAL);
804 // Blacklisted by default.
805 base::ListValue blacklist;
806 blacklist.Append(new base::StringValue("*"));
807 EXPECT_FALSE(
808 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL));
809 base::string16 error;
810 EXPECT_FALSE(
811 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), &error));
812 EXPECT_FALSE(error.empty());
814 // Extension on the blacklist, with and without wildcard.
815 blacklist.Append(new base::StringValue(extension_->id()));
816 EXPECT_FALSE(
817 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL));
818 blacklist.Clear();
819 blacklist.Append(new base::StringValue(extension_->id()));
820 EXPECT_FALSE(
821 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL));
823 // With a whitelist. There's no such thing as a whitelist wildcard.
824 base::ListValue whitelist;
825 whitelist.Append(new base::StringValue("behllobkkfkfnphdnhnkndlbkcpglgmj"));
826 EXPECT_FALSE(
827 UserMayLoad(&blacklist, &whitelist, NULL, NULL, extension_.get(), NULL));
828 whitelist.Append(new base::StringValue("*"));
829 EXPECT_FALSE(
830 UserMayLoad(&blacklist, &whitelist, NULL, NULL, extension_.get(), NULL));
833 TEST_F(ExtensionAdminPolicyTest, UserMayLoadAllowedTypes) {
834 CreateExtension(Manifest::INTERNAL);
835 EXPECT_TRUE(UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(), NULL));
837 base::ListValue allowed_types;
838 EXPECT_FALSE(
839 UserMayLoad(NULL, NULL, NULL, &allowed_types, extension_.get(), NULL));
841 allowed_types.AppendInteger(Manifest::TYPE_EXTENSION);
842 EXPECT_TRUE(
843 UserMayLoad(NULL, NULL, NULL, &allowed_types, extension_.get(), NULL));
845 CreateHostedApp(Manifest::INTERNAL);
846 EXPECT_FALSE(
847 UserMayLoad(NULL, NULL, NULL, &allowed_types, extension_.get(), NULL));
849 CreateHostedApp(Manifest::EXTERNAL_POLICY_DOWNLOAD);
850 EXPECT_FALSE(
851 UserMayLoad(NULL, NULL, NULL, &allowed_types, extension_.get(), NULL));
854 TEST_F(ExtensionAdminPolicyTest, UserMayModifySettings) {
855 CreateExtension(Manifest::INTERNAL);
856 EXPECT_TRUE(UserMayModifySettings(extension_.get(), NULL));
857 base::string16 error;
858 EXPECT_TRUE(UserMayModifySettings(extension_.get(), &error));
859 EXPECT_TRUE(error.empty());
861 CreateExtension(Manifest::EXTERNAL_POLICY_DOWNLOAD);
862 error.clear();
863 EXPECT_FALSE(UserMayModifySettings(extension_.get(), NULL));
864 EXPECT_FALSE(UserMayModifySettings(extension_.get(), &error));
865 EXPECT_FALSE(error.empty());
868 TEST_F(ExtensionAdminPolicyTest, MustRemainEnabled) {
869 CreateExtension(Manifest::EXTERNAL_POLICY_DOWNLOAD);
870 EXPECT_TRUE(MustRemainEnabled(extension_.get(), NULL));
871 base::string16 error;
872 EXPECT_TRUE(MustRemainEnabled(extension_.get(), &error));
873 EXPECT_FALSE(error.empty());
875 CreateExtension(Manifest::INTERNAL);
876 error.clear();
877 EXPECT_FALSE(MustRemainEnabled(extension_.get(), NULL));
878 EXPECT_FALSE(MustRemainEnabled(extension_.get(), &error));
879 EXPECT_TRUE(error.empty());
882 } // namespace extensions