Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / extensions / permissions_based_management_policy_provider_unittest.cc
blobe7eacfd3745121812202c44327db1d6c2b163a86
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include <string>
6 #include <vector>
8 #include "base/logging.h"
9 #include "base/memory/ref_counted.h"
10 #include "base/memory/scoped_ptr.h"
11 #include "base/prefs/pref_registry_simple.h"
12 #include "base/prefs/testing_pref_service.h"
13 #include "base/stl_util.h"
14 #include "base/strings/string16.h"
15 #include "base/values.h"
16 #include "chrome/browser/extensions/extension_management.h"
17 #include "chrome/browser/extensions/extension_management_test_util.h"
18 #include "chrome/browser/extensions/permissions_based_management_policy_provider.h"
19 #include "chrome/common/extensions/permissions/chrome_api_permissions.h"
20 #include "extensions/common/extension.h"
21 #include "extensions/common/manifest.h"
22 #include "extensions/common/manifest_constants.h"
23 #include "extensions/common/permissions/api_permission.h"
24 #include "testing/gtest/include/gtest/gtest.h"
26 namespace extensions {
28 class PermissionsBasedManagementPolicyProviderTest : public testing::Test {
29 public:
30 typedef ExtensionManagementPrefUpdater<TestingPrefServiceSimple> PrefUpdater;
32 PermissionsBasedManagementPolicyProviderTest()
33 : pref_service_(new TestingPrefServiceSimple()),
34 settings_(new ExtensionManagement(pref_service_.get())),
35 provider_(settings_.get()) {}
37 void SetUp() override {
38 ChromeAPIPermissions api_permissions;
39 perm_list_ = api_permissions.GetAllPermissions();
40 pref_service_->registry()->RegisterDictionaryPref(
41 pref_names::kExtensionManagement);
44 void TearDown() override {
45 STLDeleteElements(&perm_list_);
48 // Get API permissions name for |id|, we cannot use arbitrary strings since
49 // they will be ignored by ExtensionManagementService.
50 std::string GetAPIPermissionName(APIPermission::ID id) {
51 for (const auto& perm : perm_list_) {
52 if (perm->id() == id)
53 return perm->name();
55 ADD_FAILURE() << "Permission not found: " << id;
56 return std::string();
59 // Create an extension with specified |location|, |required_permissions| and
60 // |optional_permissions|.
61 scoped_refptr<const Extension> CreateExtensionWithPermission(
62 Manifest::Location location,
63 const base::ListValue* required_permissions,
64 const base::ListValue* optional_permissions) {
65 base::DictionaryValue manifest_dict;
66 manifest_dict.SetString(manifest_keys::kName, "test");
67 manifest_dict.SetString(manifest_keys::kVersion, "0.1");
68 if (required_permissions) {
69 manifest_dict.Set(manifest_keys::kPermissions,
70 required_permissions->DeepCopy());
72 if (optional_permissions) {
73 manifest_dict.Set(manifest_keys::kOptionalPermissions,
74 optional_permissions->DeepCopy());
76 std::string error;
77 scoped_refptr<const Extension> extension = Extension::Create(
78 base::FilePath(), location, manifest_dict, Extension::NO_FLAGS, &error);
79 CHECK(extension.get()) << error;
80 return extension;
83 protected:
84 std::vector<APIPermissionInfo*> perm_list_;
86 scoped_ptr<TestingPrefServiceSimple> pref_service_;
87 scoped_ptr<ExtensionManagement> settings_;
89 PermissionsBasedManagementPolicyProvider provider_;
92 // Verifies that extensions with conflicting permissions cannot be loaded.
93 TEST_F(PermissionsBasedManagementPolicyProviderTest, APIPermissions) {
94 // Prepares the extension manifest.
95 base::ListValue required_permissions;
96 required_permissions.AppendString(
97 GetAPIPermissionName(APIPermission::kDownloads));
98 required_permissions.AppendString(
99 GetAPIPermissionName(APIPermission::kCookie));
100 base::ListValue optional_permissions;
101 optional_permissions.AppendString(
102 GetAPIPermissionName(APIPermission::kProxy));
104 scoped_refptr<const Extension> extension =
105 CreateExtensionWithPermission(Manifest::EXTERNAL_POLICY_DOWNLOAD,
106 &required_permissions,
107 &optional_permissions);
109 base::string16 error16;
110 // The extension should be allowed to be loaded by default.
111 error16.clear();
112 EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error16));
113 EXPECT_TRUE(error16.empty());
115 // Blocks kProxy by default. The test extension should still be allowed.
117 PrefUpdater pref(pref_service_.get());
118 pref.AddBlockedPermission("*",
119 GetAPIPermissionName(APIPermission::kProxy));
121 error16.clear();
122 EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error16));
123 EXPECT_TRUE(error16.empty());
125 // Blocks kCookie this time. The test extension should not be allowed now.
127 PrefUpdater pref(pref_service_.get());
128 pref.AddBlockedPermission("*",
129 GetAPIPermissionName(APIPermission::kCookie));
131 error16.clear();
132 EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error16));
133 EXPECT_FALSE(error16.empty());
135 // Explictly allows kCookie for test extension. It should be allowed again.
137 PrefUpdater pref(pref_service_.get());
138 pref.AddAllowedPermission(extension->id(),
139 GetAPIPermissionName(APIPermission::kCookie));
141 error16.clear();
142 EXPECT_TRUE(provider_.UserMayLoad(extension.get(), &error16));
143 EXPECT_TRUE(error16.empty());
145 // Explictly blocks kCookie for test extension. It should be blocked again.
147 PrefUpdater pref(pref_service_.get());
148 pref.AddBlockedPermission(extension->id(),
149 GetAPIPermissionName(APIPermission::kCookie));
151 error16.clear();
152 EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error16));
153 EXPECT_FALSE(error16.empty());
155 // Blocks kDownloads by default. It should be blocked.
157 PrefUpdater pref(pref_service_.get());
158 pref.UnsetBlockedPermissions(extension->id());
159 pref.UnsetAllowedPermissions(extension->id());
160 pref.ClearBlockedPermissions("*");
161 pref.AddBlockedPermission("*",
162 GetAPIPermissionName(APIPermission::kDownloads));
164 error16.clear();
165 EXPECT_FALSE(provider_.UserMayLoad(extension.get(), &error16));
166 EXPECT_FALSE(error16.empty());
169 } // namespace extensions