Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / extensions / permission_message_combinations_unittest.cc
blob5e46a538e05b1b839e41c163460de255c9a4776e
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/command_line.h"
6 #include "base/memory/scoped_ptr.h"
7 #include "base/test/values_test_util.h"
8 #include "chrome/browser/extensions/test_extension_environment.h"
9 #include "chrome/common/extensions/permissions/chrome_permission_message_provider.h"
10 #include "extensions/common/extension.h"
11 #include "extensions/common/features/simple_feature.h"
12 #include "extensions/common/permissions/permission_message_test_util.h"
13 #include "extensions/common/permissions/permissions_data.h"
14 #include "extensions/common/switches.h"
15 #include "testing/gmock/include/gmock/gmock-matchers.h"
16 #include "testing/gtest/include/gtest/gtest.h"
18 namespace extensions {
20 const char kWhitelistedExtensionID[] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
22 // Tests that ChromePermissionMessageProvider produces the expected messages for
23 // various combinations of app/extension permissions.
24 class PermissionMessageCombinationsUnittest : public testing::Test {
25 public:
26 PermissionMessageCombinationsUnittest()
27 : message_provider_(new ChromePermissionMessageProvider()),
28 whitelisted_extension_id_(kWhitelistedExtensionID) {}
29 ~PermissionMessageCombinationsUnittest() override {}
31 // Overridden from testing::Test:
32 void SetUp() override {
33 testing::Test::SetUp();
36 protected:
37 // Create and install an app or extension with the given manifest JSON string.
38 // Single-quotes in the string will be replaced with double quotes.
39 void CreateAndInstall(const std::string& json_manifest) {
40 std::string json_manifest_with_double_quotes = json_manifest;
41 std::replace(json_manifest_with_double_quotes.begin(),
42 json_manifest_with_double_quotes.end(), '\'', '"');
43 app_ = env_.MakeExtension(
44 *base::test::ParseJson(json_manifest_with_double_quotes),
45 kWhitelistedExtensionID);
48 // Checks whether the currently installed app or extension produces the given
49 // permission messages. Call this after installing an app with the expected
50 // permission messages. The messages are tested for existence in any order.
51 testing::AssertionResult CheckManifestProducesPermissions() {
52 return VerifyNoPermissionMessages(app_->permissions_data());
54 testing::AssertionResult CheckManifestProducesPermissions(
55 const std::string& expected_message_1) {
56 return VerifyOnePermissionMessage(app_->permissions_data(),
57 expected_message_1);
59 testing::AssertionResult CheckManifestProducesPermissions(
60 const std::string& expected_message_1,
61 const std::string& expected_message_2) {
62 return VerifyTwoPermissionMessages(app_->permissions_data(),
63 expected_message_1, expected_message_2,
64 false);
66 testing::AssertionResult CheckManifestProducesPermissions(
67 const std::string& expected_message_1,
68 const std::string& expected_message_2,
69 const std::string& expected_message_3) {
70 std::vector<std::string> expected_messages;
71 expected_messages.push_back(expected_message_1);
72 expected_messages.push_back(expected_message_2);
73 expected_messages.push_back(expected_message_3);
74 return VerifyPermissionMessages(app_->permissions_data(), expected_messages,
75 false);
77 testing::AssertionResult CheckManifestProducesPermissions(
78 const std::string& expected_message_1,
79 const std::string& expected_message_2,
80 const std::string& expected_message_3,
81 const std::string& expected_message_4) {
82 std::vector<std::string> expected_messages;
83 expected_messages.push_back(expected_message_1);
84 expected_messages.push_back(expected_message_2);
85 expected_messages.push_back(expected_message_3);
86 expected_messages.push_back(expected_message_4);
87 return VerifyPermissionMessages(app_->permissions_data(), expected_messages,
88 false);
90 testing::AssertionResult CheckManifestProducesPermissions(
91 const std::string& expected_message_1,
92 const std::string& expected_message_2,
93 const std::string& expected_message_3,
94 const std::string& expected_message_4,
95 const std::string& expected_message_5) {
96 std::vector<std::string> expected_messages;
97 expected_messages.push_back(expected_message_1);
98 expected_messages.push_back(expected_message_2);
99 expected_messages.push_back(expected_message_3);
100 expected_messages.push_back(expected_message_4);
101 expected_messages.push_back(expected_message_5);
102 return VerifyPermissionMessages(app_->permissions_data(), expected_messages,
103 false);
105 testing::AssertionResult CheckManifestProducesPermissions(
106 const std::string& expected_message_1,
107 const std::vector<std::string>& expected_submessages_1) {
108 return VerifyOnePermissionMessageWithSubmessages(
109 app_->permissions_data(), expected_message_1, expected_submessages_1);
111 testing::AssertionResult CheckManifestProducesPermissions(
112 const std::string& expected_message_1,
113 const std::vector<std::string>& expected_submessages_1,
114 const std::string& expected_message_2,
115 const std::vector<std::string>& expected_submessages_2) {
116 std::vector<std::string> expected_messages;
117 expected_messages.push_back(expected_message_1);
118 expected_messages.push_back(expected_message_2);
119 std::vector<std::vector<std::string>> expected_submessages;
120 expected_submessages.push_back(expected_submessages_1);
121 expected_submessages.push_back(expected_submessages_2);
122 return VerifyPermissionMessagesWithSubmessages(app_->permissions_data(),
123 expected_messages,
124 expected_submessages, false);
126 testing::AssertionResult CheckManifestProducesPermissions(
127 const std::string& expected_message_1,
128 const std::vector<std::string>& expected_submessages_1,
129 const std::string& expected_message_2,
130 const std::vector<std::string>& expected_submessages_2,
131 const std::string& expected_message_3,
132 const std::vector<std::string>& expected_submessages_3) {
133 std::vector<std::string> expected_messages;
134 expected_messages.push_back(expected_message_1);
135 expected_messages.push_back(expected_message_2);
136 expected_messages.push_back(expected_message_3);
137 std::vector<std::vector<std::string>> expected_submessages;
138 expected_submessages.push_back(expected_submessages_1);
139 expected_submessages.push_back(expected_submessages_2);
140 expected_submessages.push_back(expected_submessages_3);
141 return VerifyPermissionMessagesWithSubmessages(app_->permissions_data(),
142 expected_messages,
143 expected_submessages, false);
145 testing::AssertionResult CheckManifestProducesPermissions(
146 const std::string& expected_message_1,
147 const std::vector<std::string>& expected_submessages_1,
148 const std::string& expected_message_2,
149 const std::vector<std::string>& expected_submessages_2,
150 const std::string& expected_message_3,
151 const std::vector<std::string>& expected_submessages_3,
152 const std::string& expected_message_4,
153 const std::vector<std::string>& expected_submessages_4) {
154 std::vector<std::string> expected_messages;
155 expected_messages.push_back(expected_message_1);
156 expected_messages.push_back(expected_message_2);
157 expected_messages.push_back(expected_message_3);
158 expected_messages.push_back(expected_message_4);
159 std::vector<std::vector<std::string>> expected_submessages;
160 expected_submessages.push_back(expected_submessages_1);
161 expected_submessages.push_back(expected_submessages_2);
162 expected_submessages.push_back(expected_submessages_3);
163 expected_submessages.push_back(expected_submessages_4);
164 return VerifyPermissionMessagesWithSubmessages(app_->permissions_data(),
165 expected_messages,
166 expected_submessages, false);
168 testing::AssertionResult CheckManifestProducesPermissions(
169 const std::string& expected_message_1,
170 const std::vector<std::string>& expected_submessages_1,
171 const std::string& expected_message_2,
172 const std::vector<std::string>& expected_submessages_2,
173 const std::string& expected_message_3,
174 const std::vector<std::string>& expected_submessages_3,
175 const std::string& expected_message_4,
176 const std::vector<std::string>& expected_submessages_4,
177 const std::string& expected_message_5,
178 const std::vector<std::string>& expected_submessages_5) {
179 std::vector<std::string> expected_messages;
180 expected_messages.push_back(expected_message_1);
181 expected_messages.push_back(expected_message_2);
182 expected_messages.push_back(expected_message_3);
183 expected_messages.push_back(expected_message_4);
184 expected_messages.push_back(expected_message_5);
185 std::vector<std::vector<std::string>> expected_submessages;
186 expected_submessages.push_back(expected_submessages_1);
187 expected_submessages.push_back(expected_submessages_2);
188 expected_submessages.push_back(expected_submessages_3);
189 expected_submessages.push_back(expected_submessages_4);
190 expected_submessages.push_back(expected_submessages_5);
191 return VerifyPermissionMessagesWithSubmessages(app_->permissions_data(),
192 expected_messages,
193 expected_submessages, false);
196 private:
197 extensions::TestExtensionEnvironment env_;
198 scoped_ptr<ChromePermissionMessageProvider> message_provider_;
199 scoped_refptr<const Extension> app_;
200 // Whitelist a known extension id so we can test all permissions. This ID
201 // will be used for each test app.
202 extensions::SimpleFeature::ScopedWhitelistForTest whitelisted_extension_id_;
204 DISALLOW_COPY_AND_ASSIGN(PermissionMessageCombinationsUnittest);
207 // Test that the USB, Bluetooth and Serial permissions do not coalesce on their
208 // own, but do coalesce when more than 1 is present.
209 TEST_F(PermissionMessageCombinationsUnittest, USBSerialBluetoothCoalescing) {
210 // Test that the USB permission does not coalesce on its own.
211 CreateAndInstall(
213 " 'app': {"
214 " 'background': {"
215 " 'scripts': ['background.js']"
216 " }"
217 " },"
218 " 'permissions': ["
219 " { 'usbDevices': [{ 'vendorId': 123, 'productId': 456 }] }"
220 " ]"
221 "}");
222 ASSERT_TRUE(CheckManifestProducesPermissions(
223 "Access USB devices from an unknown vendor"));
225 CreateAndInstall(
227 " 'app': {"
228 " 'background': {"
229 " 'scripts': ['background.js']"
230 " }"
231 " },"
232 " 'permissions': ["
233 " { 'usbDevices': [{ 'vendorId': 123, 'productId': 456 }] }"
234 " ]"
235 "}");
236 ASSERT_TRUE(CheckManifestProducesPermissions(
237 "Access USB devices from an unknown vendor"));
239 // Test that the serial permission does not coalesce on its own.
240 CreateAndInstall(
242 " 'app': {"
243 " 'background': {"
244 " 'scripts': ['background.js']"
245 " }"
246 " },"
247 " 'permissions': ["
248 " 'serial'"
249 " ]"
250 "}");
251 ASSERT_TRUE(CheckManifestProducesPermissions("Access your serial devices"));
253 // Test that the bluetooth permission does not coalesce on its own.
254 CreateAndInstall(
256 " 'app': {"
257 " 'background': {"
258 " 'scripts': ['background.js']"
259 " }"
260 " },"
261 " 'bluetooth': {}"
262 "}");
263 ASSERT_TRUE(CheckManifestProducesPermissions(
264 "Access information about Bluetooth devices paired with your system and "
265 "discover nearby Bluetooth devices."));
267 // Test that the bluetooth permission does not coalesce on its own, even
268 // when it specifies additional permissions.
269 CreateAndInstall(
271 " 'app': {"
272 " 'background': {"
273 " 'scripts': ['background.js']"
274 " }"
275 " },"
276 " 'bluetooth': {"
277 " 'uuids': ['1105', '1106']"
278 " }"
279 "}");
280 ASSERT_TRUE(CheckManifestProducesPermissions(
281 "Access information about Bluetooth devices paired with your system and "
282 "discover nearby Bluetooth devices."));
284 // Test that the USB and Serial permissions coalesce.
285 CreateAndInstall(
287 " 'app': {"
288 " 'background': {"
289 " 'scripts': ['background.js']"
290 " }"
291 " },"
292 " 'permissions': ["
293 " { 'usbDevices': [{ 'vendorId': 123, 'productId': 456 }] },"
294 " 'serial'"
295 " ]"
296 "}");
297 ASSERT_TRUE(CheckManifestProducesPermissions(
298 "Access USB devices from an unknown vendor",
299 "Access your serial devices"));
301 // Test that the USB, Serial and Bluetooth permissions coalesce.
302 CreateAndInstall(
304 " 'app': {"
305 " 'background': {"
306 " 'scripts': ['background.js']"
307 " }"
308 " },"
309 " 'permissions': ["
310 " { 'usbDevices': [{ 'vendorId': 123, 'productId': 456 }] },"
311 " 'serial'"
312 " ],"
313 " 'bluetooth': {}"
314 "}");
315 ASSERT_TRUE(CheckManifestProducesPermissions(
316 "Access USB devices from an unknown vendor",
317 "Access your Bluetooth and Serial devices"));
319 // Test that the USB, Serial and Bluetooth permissions coalesce even when
320 // Bluetooth specifies multiple additional permissions.
321 CreateAndInstall(
323 " 'app': {"
324 " 'background': {"
325 " 'scripts': ['background.js']"
326 " }"
327 " },"
328 " 'permissions': ["
329 " { 'usbDevices': [{ 'vendorId': 123, 'productId': 456 }] },"
330 " 'serial'"
331 " ],"
332 " 'bluetooth': {"
333 " 'uuids': ['1105', '1106'],"
334 " 'socket': true,"
335 " 'low_energy': true"
336 " }"
337 "}");
338 ASSERT_TRUE(CheckManifestProducesPermissions(
339 "Access USB devices from an unknown vendor",
340 "Access your Bluetooth and Serial devices"));
343 // Test that the History permission takes precedence over the Tabs permission,
344 // and that the Sessions permission modifies this final message.
345 TEST_F(PermissionMessageCombinationsUnittest, TabsHistorySessionsCoalescing) {
346 CreateAndInstall(
348 " 'permissions': ["
349 " 'tabs'"
350 " ]"
351 "}");
352 ASSERT_TRUE(CheckManifestProducesPermissions("Read your browsing history"));
354 CreateAndInstall(
356 " 'permissions': ["
357 " 'tabs', 'sessions'"
358 " ]"
359 "}");
360 ASSERT_TRUE(CheckManifestProducesPermissions(
361 "Read your browsing history on all your signed-in devices"));
363 CreateAndInstall(
365 " 'permissions': ["
366 " 'tabs', 'history'"
367 " ]"
368 "}");
369 ASSERT_TRUE(CheckManifestProducesPermissions(
370 "Read and change your browsing history"));
372 CreateAndInstall(
374 " 'permissions': ["
375 " 'tabs', 'history', 'sessions'"
376 " ]"
377 "}");
378 ASSERT_TRUE(CheckManifestProducesPermissions(
379 "Read and change your browsing history on all your signed-in devices"));
382 // Test that the fileSystem permission produces no messages by itself, unless it
383 // has both the 'write' and 'directory' additional permissions, in which case it
384 // displays a message.
385 TEST_F(PermissionMessageCombinationsUnittest, FileSystemReadWriteCoalescing) {
386 CreateAndInstall(
388 " 'app': {"
389 " 'background': {"
390 " 'scripts': ['background.js']"
391 " }"
392 " },"
393 " 'permissions': ["
394 " 'fileSystem'"
395 " ]"
396 "}");
397 ASSERT_TRUE(CheckManifestProducesPermissions());
399 CreateAndInstall(
401 " 'app': {"
402 " 'background': {"
403 " 'scripts': ['background.js']"
404 " }"
405 " },"
406 " 'permissions': ["
407 " 'fileSystem', {'fileSystem': ['retainEntries', 'write']}"
408 " ]"
409 "}");
410 ASSERT_TRUE(CheckManifestProducesPermissions());
412 CreateAndInstall(
414 " 'app': {"
415 " 'background': {"
416 " 'scripts': ['background.js']"
417 " }"
418 " },"
419 " 'permissions': ["
420 " 'fileSystem', {'fileSystem': ["
421 " 'retainEntries', 'write', 'directory'"
422 " ]}"
423 " ]"
424 "}");
425 ASSERT_TRUE(CheckManifestProducesPermissions(
426 "Write to files and folders that you open in the application"));
429 // Check that host permission messages are generated correctly when URLs are
430 // entered as permissions.
431 TEST_F(PermissionMessageCombinationsUnittest, HostsPermissionMessages) {
432 CreateAndInstall(
434 " 'permissions': ["
435 " 'http://www.blogger.com/',"
436 " ]"
437 "}");
438 ASSERT_TRUE(CheckManifestProducesPermissions(
439 "Read and change your data on www.blogger.com"));
441 CreateAndInstall(
443 " 'permissions': ["
444 " 'http://*.google.com/',"
445 " ]"
446 "}");
447 ASSERT_TRUE(CheckManifestProducesPermissions(
448 "Read and change your data on all google.com sites"));
450 CreateAndInstall(
452 " 'permissions': ["
453 " 'http://www.blogger.com/',"
454 " 'http://*.google.com/',"
455 " ]"
456 "}");
457 ASSERT_TRUE(CheckManifestProducesPermissions(
458 "Read and change your data on all google.com sites and "
459 "www.blogger.com"));
461 CreateAndInstall(
463 " 'permissions': ["
464 " 'http://www.blogger.com/',"
465 " 'http://*.google.com/',"
466 " 'http://*.news.com/',"
467 " ]"
468 "}");
469 ASSERT_TRUE(CheckManifestProducesPermissions(
470 "Read and change your data on all google.com sites, all news.com sites, "
471 "and www.blogger.com"));
473 CreateAndInstall(
475 " 'permissions': ["
476 " 'http://www.blogger.com/',"
477 " 'http://*.google.com/',"
478 " 'http://*.news.com/',"
479 " 'http://www.foobar.com/',"
480 " ]"
481 "}");
482 std::vector<std::string> submessages;
483 submessages.push_back("All google.com sites");
484 submessages.push_back("All news.com sites");
485 submessages.push_back("www.blogger.com");
486 submessages.push_back("www.foobar.com");
487 ASSERT_TRUE(CheckManifestProducesPermissions(
488 "Read and change your data on a number of websites", submessages));
490 CreateAndInstall(
492 " 'permissions': ["
493 " 'http://www.blogger.com/',"
494 " 'http://*.google.com/',"
495 " 'http://*.news.com/',"
496 " 'http://www.foobar.com/',"
497 " 'http://*.go.com/',"
498 " ]"
499 "}");
500 submessages.clear();
501 submessages.push_back("All go.com sites");
502 submessages.push_back("All google.com sites");
503 submessages.push_back("All news.com sites");
504 submessages.push_back("www.blogger.com");
505 submessages.push_back("www.foobar.com");
506 ASSERT_TRUE(CheckManifestProducesPermissions(
507 "Read and change your data on a number of websites", submessages));
509 CreateAndInstall(
511 " 'permissions': ["
512 " 'http://*.go.com/',"
513 " 'chrome://favicon/',"
514 " ]"
515 "}");
516 ASSERT_TRUE(CheckManifestProducesPermissions(
517 "Read and change your data on all go.com sites",
518 "Read the icons of the websites you visit"));
520 // Having the 'all sites' permission doesn't change the permission message,
521 // since its pseudo-granted at runtime.
522 CreateAndInstall(
524 " 'permissions': ["
525 " 'http://*.go.com/',"
526 " 'chrome://favicon/',"
527 " 'http://*.*',"
528 " ]"
529 "}");
530 ASSERT_TRUE(CheckManifestProducesPermissions(
531 "Read and change your data on all go.com sites",
532 "Read the icons of the websites you visit"));
535 // Check that permission messages are generated correctly for
536 // SocketsManifestPermission, which has host-like permission messages.
537 TEST_F(PermissionMessageCombinationsUnittest,
538 SocketsManifestPermissionMessages) {
539 CreateAndInstall(
541 " 'app': {"
542 " 'background': {"
543 " 'scripts': ['background.js']"
544 " }"
545 " },"
546 " 'sockets': {"
547 " 'udp': {'send': '*'},"
548 " }"
549 "}");
550 ASSERT_TRUE(CheckManifestProducesPermissions(
551 "Exchange data with any device on the local network or internet"));
553 CreateAndInstall(
555 " 'app': {"
556 " 'background': {"
557 " 'scripts': ['background.js']"
558 " }"
559 " },"
560 " 'sockets': {"
561 " 'udp': {'send': ':99'},"
562 " }"
563 "}");
564 ASSERT_TRUE(CheckManifestProducesPermissions(
565 "Exchange data with any device on the local network or internet"));
567 CreateAndInstall(
569 " 'app': {"
570 " 'background': {"
571 " 'scripts': ['background.js']"
572 " }"
573 " },"
574 " 'sockets': {"
575 " 'tcp': {'connect': '127.0.0.1:80'},"
576 " }"
577 "}");
578 ASSERT_TRUE(CheckManifestProducesPermissions(
579 "Exchange data with the device named 127.0.0.1"));
581 CreateAndInstall(
583 " 'app': {"
584 " 'background': {"
585 " 'scripts': ['background.js']"
586 " }"
587 " },"
588 " 'sockets': {"
589 " 'tcp': {'connect': 'www.example.com:23'},"
590 " }"
591 "}");
592 ASSERT_TRUE(CheckManifestProducesPermissions(
593 "Exchange data with the device named www.example.com"));
595 CreateAndInstall(
597 " 'app': {"
598 " 'background': {"
599 " 'scripts': ['background.js']"
600 " }"
601 " },"
602 " 'sockets': {"
603 " 'tcpServer': {'listen': '127.0.0.1:80'}"
604 " }"
605 "}");
606 ASSERT_TRUE(CheckManifestProducesPermissions(
607 "Exchange data with the device named 127.0.0.1"));
609 CreateAndInstall(
611 " 'app': {"
612 " 'background': {"
613 " 'scripts': ['background.js']"
614 " }"
615 " },"
616 " 'sockets': {"
617 " 'tcpServer': {'listen': ':8080'}"
618 " }"
619 "}");
620 ASSERT_TRUE(CheckManifestProducesPermissions(
621 "Exchange data with any device on the local network or internet"));
623 CreateAndInstall(
625 " 'app': {"
626 " 'background': {"
627 " 'scripts': ['background.js']"
628 " }"
629 " },"
630 " 'sockets': {"
631 " 'tcpServer': {"
632 " 'listen': ["
633 " '127.0.0.1:80',"
634 " 'www.google.com',"
635 " 'www.example.com:*',"
636 " 'www.foo.com:200',"
637 " 'www.bar.com:200'"
638 " ]"
639 " }"
640 " }"
641 "}");
642 ASSERT_TRUE(CheckManifestProducesPermissions(
643 "Exchange data with the devices named: 127.0.0.1 www.bar.com "
644 "www.example.com www.foo.com www.google.com"));
646 CreateAndInstall(
648 " 'app': {"
649 " 'background': {"
650 " 'scripts': ['background.js']"
651 " }"
652 " },"
653 " 'sockets': {"
654 " 'tcp': {"
655 " 'connect': ["
656 " 'www.abc.com:*',"
657 " 'www.mywebsite.com:320',"
658 " 'www.freestuff.com',"
659 " 'www.foo.com:34',"
660 " 'www.test.com'"
661 " ]"
662 " },"
663 " 'tcpServer': {"
664 " 'listen': ["
665 " '127.0.0.1:80',"
666 " 'www.google.com',"
667 " 'www.example.com:*',"
668 " 'www.foo.com:200',"
669 " ]"
670 " }"
671 " }"
672 "}");
673 ASSERT_TRUE(CheckManifestProducesPermissions(
674 "Exchange data with the devices named: 127.0.0.1 www.abc.com "
675 "www.example.com www.foo.com www.freestuff.com www.google.com "
676 "www.mywebsite.com www.test.com"));
678 CreateAndInstall(
680 " 'app': {"
681 " 'background': {"
682 " 'scripts': ['background.js']"
683 " }"
684 " },"
685 " 'sockets': {"
686 " 'tcp': {'send': '*:*'},"
687 " 'tcpServer': {'listen': '*:*'},"
688 " }"
689 "}");
690 ASSERT_TRUE(CheckManifestProducesPermissions(
691 "Exchange data with any device on the local network or internet"));
694 // Check that permission messages are generated correctly for
695 // MediaGalleriesPermission (an API permission with custom messages).
696 TEST_F(PermissionMessageCombinationsUnittest,
697 MediaGalleriesPermissionMessages) {
698 CreateAndInstall(
700 " 'app': {"
701 " 'background': {"
702 " 'scripts': ['background.js']"
703 " }"
704 " },"
705 " 'permissions': ["
706 " { 'mediaGalleries': ['read'] }"
707 " ]"
708 "}");
709 ASSERT_TRUE(CheckManifestProducesPermissions());
711 CreateAndInstall(
713 " 'app': {"
714 " 'background': {"
715 " 'scripts': ['background.js']"
716 " }"
717 " },"
718 " 'permissions': ["
719 " { 'mediaGalleries': ['read', 'allAutoDetected'] }"
720 " ]"
721 "}");
722 ASSERT_TRUE(CheckManifestProducesPermissions(
723 "Access photos, music, and other media from your computer"));
725 // TODO(sashab): Add a test for the
726 // IDS_EXTENSION_PROMPT_WARNING_MEDIA_GALLERIES_READ_WRITE message (generated
727 // with the 'read' and 'copyTo' permissions, but not the 'delete' permission),
728 // if it's possible to get this message. Otherwise, remove it from the code.
730 CreateAndInstall(
732 " 'app': {"
733 " 'background': {"
734 " 'scripts': ['background.js']"
735 " }"
736 " },"
737 " 'permissions': ["
738 " { 'mediaGalleries': ['read', 'delete', 'allAutoDetected'] }"
739 " ]"
740 "}");
741 ASSERT_TRUE(CheckManifestProducesPermissions(
742 "Read and delete photos, music, and other media from your computer"));
744 CreateAndInstall(
746 " 'app': {"
747 " 'background': {"
748 " 'scripts': ['background.js']"
749 " }"
750 " },"
751 " 'permissions': ["
752 " { 'mediaGalleries':"
753 " [ 'read', 'delete', 'copyTo', 'allAutoDetected' ] }"
754 " ]"
755 "}");
756 ASSERT_TRUE(CheckManifestProducesPermissions(
757 "Read, change and delete photos, music, and other media from your "
758 "computer"));
760 // Without the allAutoDetected permission, there should be no install-time
761 // permission messages.
762 CreateAndInstall(
764 " 'app': {"
765 " 'background': {"
766 " 'scripts': ['background.js']"
767 " }"
768 " },"
769 " 'permissions': ["
770 " { 'mediaGalleries': ['read', 'delete', 'copyTo'] }"
771 " ]"
772 "}");
773 ASSERT_TRUE(CheckManifestProducesPermissions());
776 // TODO(sashab): Add tests for SettingsOverrideAPIPermission (an API permission
777 // with custom messages).
779 // Check that permission messages are generated correctly for SocketPermission
780 // (an API permission with custom messages).
781 TEST_F(PermissionMessageCombinationsUnittest, SocketPermissionMessages) {
782 CreateAndInstall(
784 " 'app': {"
785 " 'background': {"
786 " 'scripts': ['background.js']"
787 " }"
788 " },"
789 " 'permissions': ["
790 " { 'socket': ['tcp-connect:*:*'] }"
791 " ]"
792 "}");
793 ASSERT_TRUE(CheckManifestProducesPermissions(
794 "Exchange data with any device on the local network or internet"));
796 CreateAndInstall(
798 " 'app': {"
799 " 'background': {"
800 " 'scripts': ['background.js']"
801 " }"
802 " },"
803 " 'permissions': ["
804 " { 'socket': ["
805 " 'tcp-connect:*:443',"
806 " 'tcp-connect:*:50032',"
807 " 'tcp-connect:*:23',"
808 " ] }"
809 " ]"
810 "}");
811 ASSERT_TRUE(CheckManifestProducesPermissions(
812 "Exchange data with any device on the local network or internet"));
814 CreateAndInstall(
816 " 'app': {"
817 " 'background': {"
818 " 'scripts': ['background.js']"
819 " }"
820 " },"
821 " 'permissions': ["
822 " { 'socket': ['tcp-connect:foo.example.com:443'] }"
823 " ]"
824 "}");
825 ASSERT_TRUE(CheckManifestProducesPermissions(
826 "Exchange data with the device named foo.example.com"));
828 CreateAndInstall(
830 " 'app': {"
831 " 'background': {"
832 " 'scripts': ['background.js']"
833 " }"
834 " },"
835 " 'permissions': ["
836 " { 'socket': ['tcp-connect:foo.example.com:443', 'udp-send-to'] }"
837 " ]"
838 "}");
839 ASSERT_TRUE(CheckManifestProducesPermissions(
840 "Exchange data with any device on the local network or internet"));
842 CreateAndInstall(
844 " 'app': {"
845 " 'background': {"
846 " 'scripts': ['background.js']"
847 " }"
848 " },"
849 " 'permissions': ["
850 " { 'socket': ["
851 " 'tcp-connect:foo.example.com:443',"
852 " 'udp-send-to:test.ping.com:50032',"
853 " ] }"
854 " ]"
855 "}");
856 ASSERT_TRUE(CheckManifestProducesPermissions(
857 "Exchange data with the devices named: foo.example.com test.ping.com"));
859 CreateAndInstall(
861 " 'app': {"
862 " 'background': {"
863 " 'scripts': ['background.js']"
864 " }"
865 " },"
866 " 'permissions': ["
867 " { 'socket': ["
868 " 'tcp-connect:foo.example.com:443',"
869 " 'udp-send-to:test.ping.com:50032',"
870 " 'udp-send-to:www.ping.com:50032',"
871 " 'udp-send-to:test2.ping.com:50032',"
872 " 'udp-bind:test.ping.com:50032',"
873 " ] }"
874 " ]"
875 "}");
876 ASSERT_TRUE(CheckManifestProducesPermissions(
877 "Exchange data with the devices named: foo.example.com test.ping.com "
878 "test2.ping.com www.ping.com"));
880 CreateAndInstall(
882 " 'app': {"
883 " 'background': {"
884 " 'scripts': ['background.js']"
885 " }"
886 " },"
887 " 'permissions': ["
888 " { 'socket': ["
889 " 'tcp-connect:foo.example.com:443',"
890 " 'udp-send-to:test.ping.com:50032',"
891 " 'tcp-connect:*:23',"
892 " ] }"
893 " ]"
894 "}");
895 ASSERT_TRUE(CheckManifestProducesPermissions(
896 "Exchange data with any device on the local network or internet"));
899 // Check that permission messages are generated correctly for
900 // USBDevicePermission (an API permission with custom messages).
901 TEST_F(PermissionMessageCombinationsUnittest, USBDevicePermissionMessages) {
902 CreateAndInstall(
904 " 'app': {"
905 " 'background': {"
906 " 'scripts': ['background.js']"
907 " }"
908 " },"
909 " 'permissions': ["
910 " { 'usbDevices': ["
911 " { 'vendorId': 0, 'productId': 0 },"
912 " ] }"
913 " ]"
914 "}");
915 ASSERT_TRUE(CheckManifestProducesPermissions(
916 "Access USB devices from an unknown vendor"));
918 CreateAndInstall(
920 " 'app': {"
921 " 'background': {"
922 " 'scripts': ['background.js']"
923 " }"
924 " },"
925 " 'permissions': ["
926 " { 'usbDevices': ["
927 " { 'vendorId': 4179, 'productId': 529 },"
928 " ] }"
929 " ]"
930 "}");
931 ASSERT_TRUE(CheckManifestProducesPermissions(
932 "Access USB devices from Immanuel Electronics Co., Ltd"));
934 CreateAndInstall(
936 " 'app': {"
937 " 'background': {"
938 " 'scripts': ['background.js']"
939 " }"
940 " },"
941 " 'permissions': ["
942 " { 'usbDevices': ["
943 " { 'vendorId': 6353, 'productId': 8192 },"
944 " ] }"
945 " ]"
946 "}");
947 ASSERT_TRUE(
948 CheckManifestProducesPermissions("Access USB devices from Google Inc."));
950 CreateAndInstall(
952 " 'app': {"
953 " 'background': {"
954 " 'scripts': ['background.js']"
955 " }"
956 " },"
957 " 'permissions': ["
958 " { 'usbDevices': ["
959 " { 'vendorId': 4179, 'productId': 529 },"
960 " { 'vendorId': 6353, 'productId': 8192 },"
961 " ] }"
962 " ]"
963 "}");
964 std::vector<std::string> submessages;
965 submessages.push_back("unknown devices from Immanuel Electronics Co., Ltd");
966 submessages.push_back("unknown devices from Google Inc.");
967 ASSERT_TRUE(CheckManifestProducesPermissions(
968 "Access any of these USB devices", submessages));
970 // TODO(sashab): Add a test with a valid product/vendor USB device.
973 // Test that hosted apps are not given any messages for host permissions.
974 TEST_F(PermissionMessageCombinationsUnittest,
975 PackagedAppsHaveNoHostPermissions) {
976 CreateAndInstall(
978 " 'app': {"
979 " 'background': {"
980 " 'scripts': ['background.js']"
981 " }"
982 " },"
983 " 'permissions': ["
984 " 'http://www.blogger.com/',"
985 " 'http://*.google.com/',"
986 " ]"
987 "}");
988 ASSERT_TRUE(CheckManifestProducesPermissions());
990 CreateAndInstall(
992 " 'app': {"
993 " 'background': {"
994 " 'scripts': ['background.js']"
995 " }"
996 " },"
997 " 'permissions': ["
998 " 'serial',"
999 " 'http://www.blogger.com/',"
1000 " 'http://*.google.com/',"
1001 " ]"
1002 "}");
1003 ASSERT_TRUE(CheckManifestProducesPermissions("Access your serial devices"));
1006 // Test various apps with lots of permissions, including those with no
1007 // permission messages, or those that only apply to apps or extensions even when
1008 // the given manifest is for a different type.
1009 TEST_F(PermissionMessageCombinationsUnittest, PermissionMessageCombos) {
1010 CreateAndInstall(
1012 " 'permissions': ["
1013 " 'tabs',"
1014 " 'bookmarks',"
1015 " 'http://www.blogger.com/',"
1016 " 'http://*.google.com/',"
1017 " 'unlimitedStorage',"
1018 " ]"
1019 "}");
1020 ASSERT_TRUE(CheckManifestProducesPermissions(
1021 "Read and change your data on all google.com sites and www.blogger.com",
1022 "Read your browsing history", "Read and change your bookmarks"));
1024 CreateAndInstall(
1026 " 'permissions': ["
1027 " 'tabs',"
1028 " 'sessions',"
1029 " 'bookmarks',"
1030 " 'unlimitedStorage',"
1031 " 'syncFileSystem',"
1032 " 'http://www.blogger.com/',"
1033 " 'http://*.google.com/',"
1034 " 'http://*.news.com/',"
1035 " 'http://www.foobar.com/',"
1036 " 'http://*.go.com/',"
1037 " ]"
1038 "}");
1039 std::vector<std::string> submessages;
1040 submessages.push_back("All go.com sites");
1041 submessages.push_back("All google.com sites");
1042 submessages.push_back("All news.com sites");
1043 submessages.push_back("www.blogger.com");
1044 submessages.push_back("www.foobar.com");
1045 ASSERT_TRUE(CheckManifestProducesPermissions(
1046 "Read your browsing history on all your signed-in devices",
1047 std::vector<std::string>(), "Read and change your bookmarks",
1048 std::vector<std::string>(),
1049 "Read and change your data on a number of websites", submessages));
1051 CreateAndInstall(
1053 " 'permissions': ["
1054 " 'tabs',"
1055 " 'sessions',"
1056 " 'bookmarks',"
1057 " 'accessibilityFeatures.read',"
1058 " 'accessibilityFeatures.modify',"
1059 " 'alarms',"
1060 " 'browsingData',"
1061 " 'cookies',"
1062 " 'desktopCapture',"
1063 " 'gcm',"
1064 " 'topSites',"
1065 " 'storage',"
1066 " 'unlimitedStorage',"
1067 " 'syncFileSystem',"
1068 " 'http://www.blogger.com/',"
1069 " 'http://*.google.com/',"
1070 " 'http://*.news.com/',"
1071 " 'http://www.foobar.com/',"
1072 " 'http://*.go.com/',"
1073 " ]"
1074 "}");
1076 submessages.clear();
1077 submessages.push_back("All go.com sites");
1078 submessages.push_back("All google.com sites");
1079 submessages.push_back("All news.com sites");
1080 submessages.push_back("www.blogger.com");
1081 submessages.push_back("www.foobar.com");
1082 ASSERT_TRUE(CheckManifestProducesPermissions(
1083 "Read your browsing history on all your signed-in devices",
1084 std::vector<std::string>(), "Capture content of your screen",
1085 std::vector<std::string>(), "Read and change your bookmarks",
1086 std::vector<std::string>(),
1087 "Read and change your data on a number of websites", submessages,
1088 "Read and change your accessibility settings",
1089 std::vector<std::string>()));
1091 // Create an App instead, ensuring that the host permission messages are not
1092 // added.
1093 CreateAndInstall(
1095 " 'app': {"
1096 " 'background': {"
1097 " 'scripts': ['background.js']"
1098 " }"
1099 " },"
1100 " 'permissions': ["
1101 " 'contextMenus',"
1102 " 'permissions',"
1103 " 'accessibilityFeatures.read',"
1104 " 'accessibilityFeatures.modify',"
1105 " 'alarms',"
1106 " 'power',"
1107 " 'cookies',"
1108 " 'serial',"
1109 " 'usb',"
1110 " 'storage',"
1111 " 'gcm',"
1112 " 'topSites',"
1113 " 'storage',"
1114 " 'unlimitedStorage',"
1115 " 'syncFileSystem',"
1116 " 'http://www.blogger.com/',"
1117 " 'http://*.google.com/',"
1118 " 'http://*.news.com/',"
1119 " 'http://www.foobar.com/',"
1120 " 'http://*.go.com/',"
1121 " ]"
1122 "}");
1124 ASSERT_TRUE(CheckManifestProducesPermissions(
1125 "Access your serial devices", "Store data in your Google Drive account",
1126 "Read and change your accessibility settings"));
1130 // Tests that the 'plugin' manifest key produces the correct permission.
1131 TEST_F(PermissionMessageCombinationsUnittest, PluginPermission) {
1132 // Extensions can have plugins.
1133 CreateAndInstall(
1135 " 'plugins': ["
1136 " { 'path': 'extension_plugin.dll' }"
1137 " ]"
1138 "}");
1140 #ifdef OS_CHROMEOS
1141 ASSERT_TRUE(CheckManifestProducesPermissions());
1142 #else
1143 ASSERT_TRUE(CheckManifestProducesPermissions(
1144 "Read and change all your data on your computer and the websites you "
1145 "visit"));
1146 #endif
1148 // Apps can't have plugins.
1149 CreateAndInstall(
1151 " 'app': {"
1152 " 'background': {"
1153 " 'scripts': ['background.js']"
1154 " }"
1155 " },"
1156 " 'plugins': ["
1157 " { 'path': 'extension_plugin.dll' }"
1158 " ]"
1159 "}");
1160 ASSERT_TRUE(CheckManifestProducesPermissions());
1163 // TODO(sashab): Add a test that checks that messages are generated correctly
1164 // for withheld permissions, when an app is granted the 'all sites' permission.
1166 // TODO(sashab): Add a test that ensures that all permissions that can generate
1167 // a coalesced message can also generate a message on their own (i.e. ensure
1168 // that no permissions only modify other permissions).
1170 // TODO(sashab): Add a test for every permission message combination that can
1171 // generate a message.
1173 // TODO(aboxhall): Add tests for the automation API permission messages.
1175 } // namespace extensions