search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ozone: evdev: Sync caps lock LED state to evdev
[chromium-blink-merge.git] / chrome / browser / extensions / permission_message_combinations_unittest.cc
blobc2ca60572d5edefde61de344dd4e8590214b7354
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/command_line.h"
6 #include "base/memory/scoped_ptr.h"
7 #include "base/strings/string_split.h"
8 #include "base/strings/string_util.h"
9 #include "base/strings/utf_string_conversions.h"
10 #include "base/test/values_test_util.h"
11 #include "chrome/browser/extensions/test_extension_environment.h"
12 #include "chrome/common/extensions/permissions/chrome_permission_message_provider.h"
13 #include "extensions/common/extension.h"
14 #include "extensions/common/permissions/permissions_data.h"
15 #include "extensions/common/switches.h"
16 #include "testing/gmock/include/gmock/gmock-matchers.h"
17 #include "testing/gtest/include/gtest/gtest.h"
18
19 using testing::Contains;
20 using testing::Eq;
21
22 namespace extensions {
23
24 // Tests that ChromePermissionMessageProvider produces the expected messages for
25 // various combinations of app/extension permissions.
26 class PermissionMessageCombinationsUnittest : public testing::Test {
27 public:
28 PermissionMessageCombinationsUnittest()
29 : message_provider_(new ChromePermissionMessageProvider()) {}
30 ~PermissionMessageCombinationsUnittest() override {}
31
32 // Overridden from testing::Test:
33 void SetUp() override {
34 testing::Test::SetUp();
35 // Force creation of ExtensionPrefs before adding extensions.
36 env_.GetExtensionPrefs();
37 }
38
39 protected:
40 // Create and install an app or extension with the given manifest JSON string.
41 // Single-quotes in the string will be replaced with double quotes.
42 void CreateAndInstall(const std::string& json_manifest) {
43 std::string json_manifest_with_double_quotes = json_manifest;
44 std::replace(json_manifest_with_double_quotes.begin(),
45 json_manifest_with_double_quotes.end(), '\'', '"');
46 app_ = env_.MakeExtension(
47 *base::test::ParseJson(json_manifest_with_double_quotes));
48 // Add the app to any whitelists so we can test all permissions.
49 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(
50 switches::kWhitelistedExtensionID, app_->id());
51 }
52
53 // Checks whether the currently installed app or extension produces the given
54 // permission messages. Call this after installing an app with the expected
55 // permission messages. The messages are tested for existence in any order.
56 testing::AssertionResult CheckManifestProducesPermissions() {
57 return CheckManifestProducesPermissions(
58 std::vector<std::string>(), GetPermissionMessages(),
59 GetCoalescedPermissionMessages(), "messages");
60 }
61 testing::AssertionResult CheckManifestProducesPermissions(
62 const std::string& expected_message_1) {
63 std::vector<std::string> expected_messages;
64 expected_messages.push_back(expected_message_1);
65 return CheckManifestProducesPermissions(
66 expected_messages, GetPermissionMessages(),
67 GetCoalescedPermissionMessages(), "messages");
68 }
69 testing::AssertionResult CheckManifestProducesPermissions(
70 const std::string& expected_message_1,
71 const std::string& expected_message_2) {
72 std::vector<std::string> expected_messages;
73 expected_messages.push_back(expected_message_1);
74 expected_messages.push_back(expected_message_2);
75 return CheckManifestProducesPermissions(
76 expected_messages, GetPermissionMessages(),
77 GetCoalescedPermissionMessages(), "messages");
78 }
79 testing::AssertionResult CheckManifestProducesPermissions(
80 const std::string& expected_message_1,
81 const std::string& expected_message_2,
82 const std::string& expected_message_3) {
83 std::vector<std::string> expected_messages;
84 expected_messages.push_back(expected_message_1);
85 expected_messages.push_back(expected_message_2);
86 expected_messages.push_back(expected_message_3);
87 return CheckManifestProducesPermissions(
88 expected_messages, GetPermissionMessages(),
89 GetCoalescedPermissionMessages(), "messages");
90 }
91 testing::AssertionResult CheckManifestProducesPermissions(
92 const std::string& expected_message_1,
93 const std::string& expected_message_2,
94 const std::string& expected_message_3,
95 const std::string& expected_message_4) {
96 std::vector<std::string> expected_messages;
97 expected_messages.push_back(expected_message_1);
98 expected_messages.push_back(expected_message_2);
99 expected_messages.push_back(expected_message_3);
100 expected_messages.push_back(expected_message_4);
101 return CheckManifestProducesPermissions(
102 expected_messages, GetPermissionMessages(),
103 GetCoalescedPermissionMessages(), "messages");
104 }
105 testing::AssertionResult CheckManifestProducesPermissions(
106 const std::string& expected_message_1,
107 const std::string& expected_message_2,
108 const std::string& expected_message_3,
109 const std::string& expected_message_4,
110 const std::string& expected_message_5) {
111 std::vector<std::string> expected_messages;
112 expected_messages.push_back(expected_message_1);
113 expected_messages.push_back(expected_message_2);
114 expected_messages.push_back(expected_message_3);
115 expected_messages.push_back(expected_message_4);
116 expected_messages.push_back(expected_message_5);
117 return CheckManifestProducesPermissions(
118 expected_messages, GetPermissionMessages(),
119 GetCoalescedPermissionMessages(), "messages");
120 }
121
122 // Checks whether the currently installed app or extension produces the given
123 // host permission messages. Call this after installing an app with the
124 // expected permission messages. The messages are tested for existence in any
125 // order.
126 testing::AssertionResult CheckManifestProducesHostPermissions() {
127 return CheckManifestProducesPermissions(
128 std::vector<std::string>(), GetHostPermissionMessages(),
129 GetCoalescedHostPermissionMessages(), "host messages");
130 }
131 testing::AssertionResult CheckManifestProducesHostPermissions(
132 const std::string& expected_message_1) {
133 std::vector<std::string> expected_messages;
134 expected_messages.push_back(expected_message_1);
135 return CheckManifestProducesPermissions(
136 expected_messages, GetHostPermissionMessages(),
137 GetCoalescedHostPermissionMessages(), "host messages");
138 }
139 testing::AssertionResult CheckManifestProducesHostPermissions(
140 const std::string& expected_message_1,
141 const std::string& expected_message_2) {
142 std::vector<std::string> expected_messages;
143 expected_messages.push_back(expected_message_1);
144 expected_messages.push_back(expected_message_2);
145 return CheckManifestProducesPermissions(
146 expected_messages, GetHostPermissionMessages(),
147 GetCoalescedHostPermissionMessages(), "host messages");
148 }
149 testing::AssertionResult CheckManifestProducesHostPermissions(
150 const std::string& expected_message_1,
151 const std::string& expected_message_2,
152 const std::string& expected_message_3) {
153 std::vector<std::string> expected_messages;
154 expected_messages.push_back(expected_message_1);
155 expected_messages.push_back(expected_message_2);
156 expected_messages.push_back(expected_message_3);
157 return CheckManifestProducesPermissions(
158 expected_messages, GetHostPermissionMessages(),
159 GetCoalescedHostPermissionMessages(), "host messages");
160 }
161 testing::AssertionResult CheckManifestProducesHostPermissions(
162 const std::string& expected_message_1,
163 const std::string& expected_message_2,
164 const std::string& expected_message_3,
165 const std::string& expected_message_4) {
166 std::vector<std::string> expected_messages;
167 expected_messages.push_back(expected_message_1);
168 expected_messages.push_back(expected_message_2);
169 expected_messages.push_back(expected_message_3);
170 expected_messages.push_back(expected_message_4);
171 return CheckManifestProducesPermissions(
172 expected_messages, GetHostPermissionMessages(),
173 GetCoalescedHostPermissionMessages(), "host messages");
174 }
175 testing::AssertionResult CheckManifestProducesHostPermissions(
176 const std::string& expected_message_1,
177 const std::string& expected_message_2,
178 const std::string& expected_message_3,
179 const std::string& expected_message_4,
180 const std::string& expected_message_5) {
181 std::vector<std::string> expected_messages;
182 expected_messages.push_back(expected_message_1);
183 expected_messages.push_back(expected_message_2);
184 expected_messages.push_back(expected_message_3);
185 expected_messages.push_back(expected_message_4);
186 expected_messages.push_back(expected_message_5);
187 return CheckManifestProducesPermissions(
188 expected_messages, GetHostPermissionMessages(),
189 GetCoalescedHostPermissionMessages(), "host messages");
190 }
191
192 private:
193 std::vector<base::string16> GetPermissionMessages() {
194 return app_->permissions_data()->GetPermissionMessageStrings();
195 }
196
197 std::vector<base::string16> GetCoalescedPermissionMessages() {
198 CoalescedPermissionMessages messages =
199 app_->permissions_data()->GetCoalescedPermissionMessages();
200 std::vector<base::string16> message_strings;
201 for (const auto& message : messages) {
202 message_strings.push_back(message.message());
203 }
204 return message_strings;
205 }
206
207 std::vector<base::string16> GetHostPermissionMessages() {
208 std::vector<base::string16> details =
209 app_->permissions_data()->GetPermissionMessageDetailsStrings();
210 // If we have a host permission, exactly one message will contain the
211 // details for it.
212 for (const auto& host_string : details) {
213 if (!host_string.empty()) {
214 // The host_string will be a newline-separated string of entries.
215 std::vector<base::string16> pieces;
216 base::SplitString(host_string, base::char16('\n'), &pieces);
217 return pieces;
218 }
219 }
220 return std::vector<base::string16>();
221 }
222
223 std::vector<base::string16> GetCoalescedHostPermissionMessages() {
224 // If we have a host permission, exactly one message will contain the
225 // details for it.
226 CoalescedPermissionMessages messages =
227 app_->permissions_data()->GetCoalescedPermissionMessages();
228 for (const auto& message : messages) {
229 if (!message.submessages().empty())
230 return message.submessages();
231 }
232 return std::vector<base::string16>();
233 }
234
235 // TODO(sashab): Remove the legacy messages from this function once the legacy
236 // messages system is no longer used.
237 testing::AssertionResult CheckManifestProducesPermissions(
238 const std::vector<std::string>& expected_messages,
239 const std::vector<base::string16>& actual_legacy_messages,
240 const std::vector<base::string16>& actual_messages,
241 const std::string& message_type_name) {
242 // Check the new messages system matches the legacy one.
243 if (actual_legacy_messages.size() != actual_messages.size()) {
244 // Message: Got 2 messages in the legacy system { "Bar", "Baz" }, but 0 in
245 // the new system {}
246 return testing::AssertionFailure()
247 << "Got " << actual_legacy_messages.size() << " "
248 << message_type_name << " in the legacy system "
249 << MessagesVectorToString(actual_legacy_messages) << ", but "
250 << actual_messages.size() << " in the new system "
251 << MessagesVectorToString(actual_messages);
252 }
253
254 for (const auto& actual_message : actual_messages) {
255 if (std::find(actual_legacy_messages.begin(),
256 actual_legacy_messages.end(),
257 actual_message) == actual_legacy_messages.end()) {
258 // Message: Got { "Foo" } in the legacy messages system, but { "Bar",
259 // "Baz" } in the new system
260 return testing::AssertionFailure()
261 << "Got " << MessagesVectorToString(actual_legacy_messages)
262 << " in the legacy " << message_type_name << " system, but "
263 << MessagesVectorToString(actual_messages)
264 << " in the new system";
265 }
266 }
267
268 // Check the non-legacy & actual messages are equal.
269 if (expected_messages.size() != actual_messages.size()) {
270 // Message: Expected 7 messages, got 5
271 return testing::AssertionFailure()
272 << "Expected " << expected_messages.size() << " "
273 << message_type_name << ", got " << actual_messages.size() << ": "
274 << MessagesVectorToString(actual_messages);
275 }
276
277 for (const auto& expected_message : expected_messages) {
278 if (std::find(actual_messages.begin(), actual_messages.end(),
279 base::ASCIIToUTF16(expected_message)) ==
280 actual_messages.end()) {
281 // Message: Expected messages to contain "Foo", got { "Bar", "Baz" }
282 return testing::AssertionFailure()
283 << "Expected " << message_type_name << " to contain \""
284 << expected_message << "\", got "
285 << MessagesVectorToString(actual_messages);
286 }
287 }
288
289 return testing::AssertionSuccess();
290 }
291
292 // Returns the vector of messages in a human-readable string format, e.g.:
293 // { "Bar", "Baz" }
294 base::string16 MessagesVectorToString(
295 const std::vector<base::string16>& messages) {
296 if (messages.empty())
297 return base::ASCIIToUTF16("{}");
298 return base::ASCIIToUTF16("{ \"") +
299 JoinString(messages, base::ASCIIToUTF16("\", \"")) +
300 base::ASCIIToUTF16("\" }");
301 }
302
303 extensions::TestExtensionEnvironment env_;
304 scoped_ptr<ChromePermissionMessageProvider> message_provider_;
305 scoped_refptr<const Extension> app_;
306
307 DISALLOW_COPY_AND_ASSIGN(PermissionMessageCombinationsUnittest);
308 };
309
310 // Test that the USB, Bluetooth and Serial permissions do not coalesce on their
311 // own, but do coalesce when more than 1 is present.
312 TEST_F(PermissionMessageCombinationsUnittest, USBSerialBluetoothCoalescing) {
313 // Test that the USB permission does not coalesce on its own.
314 CreateAndInstall(
315 "{"
316 " 'app': {"
317 " 'background': {"
318 " 'scripts': ['background.js']"
319 " }"
320 " },"
321 " 'permissions': ["
322 " { 'usbDevices': [{ 'vendorId': 123, 'productId': 456 }] }"
323 " ]"
324 "}");
325 ASSERT_TRUE(CheckManifestProducesPermissions(
326 "Access USB devices from an unknown vendor"));
327 ASSERT_TRUE(CheckManifestProducesHostPermissions());
328
329 CreateAndInstall(
330 "{"
331 " 'app': {"
332 " 'background': {"
333 " 'scripts': ['background.js']"
334 " }"
335 " },"
336 " 'permissions': ["
337 " { 'usbDevices': [{ 'vendorId': 123, 'productId': 456 }] }"
338 " ]"
339 "}");
340 ASSERT_TRUE(CheckManifestProducesPermissions(
341 "Access USB devices from an unknown vendor"));
342 ASSERT_TRUE(CheckManifestProducesHostPermissions());
343
344 // Test that the serial permission does not coalesce on its own.
345 CreateAndInstall(
346 "{"
347 " 'app': {"
348 " 'background': {"
349 " 'scripts': ['background.js']"
350 " }"
351 " },"
352 " 'permissions': ["
353 " 'serial'"
354 " ]"
355 "}");
356 ASSERT_TRUE(CheckManifestProducesPermissions("Access your serial devices"));
357 ASSERT_TRUE(CheckManifestProducesHostPermissions());
358
359 // Test that the bluetooth permission does not coalesce on its own.
360 CreateAndInstall(
361 "{"
362 " 'app': {"
363 " 'background': {"
364 " 'scripts': ['background.js']"
365 " }"
366 " },"
367 " 'bluetooth': {}"
368 "}");
369 ASSERT_TRUE(CheckManifestProducesPermissions(
370 "Access information about Bluetooth devices paired with your system and "
371 "discover nearby Bluetooth devices."));
372 ASSERT_TRUE(CheckManifestProducesHostPermissions());
373
374 // Test that the bluetooth permission does not coalesce on its own, even
375 // when it specifies additional permissions.
376 CreateAndInstall(
377 "{"
378 " 'app': {"
379 " 'background': {"
380 " 'scripts': ['background.js']"
381 " }"
382 " },"
383 " 'bluetooth': {"
384 " 'uuids': ['1105', '1106']"
385 " }"
386 "}");
387 ASSERT_TRUE(CheckManifestProducesPermissions(
388 "Access information about Bluetooth devices paired with your system and "
389 "discover nearby Bluetooth devices."));
390 ASSERT_TRUE(CheckManifestProducesHostPermissions());
391
392 // Test that the USB and Serial permissions coalesce.
393 CreateAndInstall(
394 "{"
395 " 'app': {"
396 " 'background': {"
397 " 'scripts': ['background.js']"
398 " }"
399 " },"
400 " 'permissions': ["
401 " { 'usbDevices': [{ 'vendorId': 123, 'productId': 456 }] },"
402 " 'serial'"
403 " ]"
404 "}");
405 ASSERT_TRUE(CheckManifestProducesPermissions(
406 "Access USB devices from an unknown vendor",
407 "Access your serial devices"));
408 ASSERT_TRUE(CheckManifestProducesHostPermissions());
409
410 // Test that the USB, Serial and Bluetooth permissions coalesce.
411 CreateAndInstall(
412 "{"
413 " 'app': {"
414 " 'background': {"
415 " 'scripts': ['background.js']"
416 " }"
417 " },"
418 " 'permissions': ["
419 " { 'usbDevices': [{ 'vendorId': 123, 'productId': 456 }] },"
420 " 'serial'"
421 " ],"
422 " 'bluetooth': {}"
423 "}");
424 ASSERT_TRUE(CheckManifestProducesPermissions(
425 "Access USB devices from an unknown vendor",
426 "Access your Bluetooth and Serial devices"));
427 ASSERT_TRUE(CheckManifestProducesHostPermissions());
428
429 // Test that the USB, Serial and Bluetooth permissions coalesce even when
430 // Bluetooth specifies multiple additional permissions.
431 CreateAndInstall(
432 "{"
433 " 'app': {"
434 " 'background': {"
435 " 'scripts': ['background.js']"
436 " }"
437 " },"
438 " 'permissions': ["
439 " { 'usbDevices': [{ 'vendorId': 123, 'productId': 456 }] },"
440 " 'serial'"
441 " ],"
442 " 'bluetooth': {"
443 " 'uuids': ['1105', '1106'],"
444 " 'socket': true,"
445 " 'low_energy': true"
446 " }"
447 "}");
448 ASSERT_TRUE(CheckManifestProducesPermissions(
449 "Access USB devices from an unknown vendor",
450 "Access your Bluetooth and Serial devices"));
451 ASSERT_TRUE(CheckManifestProducesHostPermissions());
452 }
453
454 // Test that the History permission takes precedence over the Tabs permission,
455 // and that the Sessions permission modifies this final message.
456 TEST_F(PermissionMessageCombinationsUnittest, TabsHistorySessionsCoalescing) {
457 CreateAndInstall(
458 "{"
459 " 'permissions': ["
460 " 'tabs'"
461 " ]"
462 "}");
463 ASSERT_TRUE(CheckManifestProducesPermissions("Read your browsing history"));
464 ASSERT_TRUE(CheckManifestProducesHostPermissions());
465
466 CreateAndInstall(
467 "{"
468 " 'permissions': ["
469 " 'tabs', 'sessions'"
470 " ]"
471 "}");
472 ASSERT_TRUE(CheckManifestProducesPermissions(
473 "Read your browsing history on all your signed-in devices"));
474 ASSERT_TRUE(CheckManifestProducesHostPermissions());
475
476 CreateAndInstall(
477 "{"
478 " 'permissions': ["
479 " 'tabs', 'history'"
480 " ]"
481 "}");
482 ASSERT_TRUE(CheckManifestProducesPermissions(
483 "Read and change your browsing history"));
484 ASSERT_TRUE(CheckManifestProducesHostPermissions());
485
486 CreateAndInstall(
487 "{"
488 " 'permissions': ["
489 " 'tabs', 'history', 'sessions'"
490 " ]"
491 "}");
492 ASSERT_TRUE(CheckManifestProducesPermissions(
493 "Read and change your browsing history on all your signed-in devices"));
494 ASSERT_TRUE(CheckManifestProducesHostPermissions());
495 }
496
497 // Test that the fileSystem permission produces no messages by itself, unless it
498 // has both the 'write' and 'directory' additional permissions, in which case it
499 // displays a message.
500 TEST_F(PermissionMessageCombinationsUnittest, FileSystemReadWriteCoalescing) {
501 CreateAndInstall(
502 "{"
503 " 'app': {"
504 " 'background': {"
505 " 'scripts': ['background.js']"
506 " }"
507 " },"
508 " 'permissions': ["
509 " 'fileSystem'"
510 " ]"
511 "}");
512 ASSERT_TRUE(CheckManifestProducesPermissions());
513 ASSERT_TRUE(CheckManifestProducesHostPermissions());
514
515 CreateAndInstall(
516 "{"
517 " 'app': {"
518 " 'background': {"
519 " 'scripts': ['background.js']"
520 " }"
521 " },"
522 " 'permissions': ["
523 " 'fileSystem', {'fileSystem': ['retainEntries', 'write']}"
524 " ]"
525 "}");
526 ASSERT_TRUE(CheckManifestProducesPermissions());
527 ASSERT_TRUE(CheckManifestProducesHostPermissions());
528
529 CreateAndInstall(
530 "{"
531 " 'app': {"
532 " 'background': {"
533 " 'scripts': ['background.js']"
534 " }"
535 " },"
536 " 'permissions': ["
537 " 'fileSystem', {'fileSystem': ["
538 " 'retainEntries', 'write', 'directory'"
539 " ]}"
540 " ]"
541 "}");
542 ASSERT_TRUE(CheckManifestProducesPermissions(
543 "Write to files and folders that you open in the application"));
544 ASSERT_TRUE(CheckManifestProducesHostPermissions());
545 }
546
547 // Check that host permission messages are generated correctly when URLs are
548 // entered as permissions.
549 TEST_F(PermissionMessageCombinationsUnittest, HostsPermissionMessages) {
550 CreateAndInstall(
551 "{"
552 " 'permissions': ["
553 " 'http://www.blogger.com/',"
554 " ]"
555 "}");
556 ASSERT_TRUE(CheckManifestProducesPermissions(
557 "Read and change your data on www.blogger.com"));
558 ASSERT_TRUE(CheckManifestProducesHostPermissions());
559
560 CreateAndInstall(
561 "{"
562 " 'permissions': ["
563 " 'http://*.google.com/',"
564 " ]"
565 "}");
566 ASSERT_TRUE(CheckManifestProducesPermissions(
567 "Read and change your data on all google.com sites"));
568 ASSERT_TRUE(CheckManifestProducesHostPermissions());
569
570 CreateAndInstall(
571 "{"
572 " 'permissions': ["
573 " 'http://www.blogger.com/',"
574 " 'http://*.google.com/',"
575 " ]"
576 "}");
577 ASSERT_TRUE(CheckManifestProducesPermissions(
578 "Read and change your data on all google.com sites and "
579 "www.blogger.com"));
580 ASSERT_TRUE(CheckManifestProducesHostPermissions());
581
582 CreateAndInstall(
583 "{"
584 " 'permissions': ["
585 " 'http://www.blogger.com/',"
586 " 'http://*.google.com/',"
587 " 'http://*.news.com/',"
588 " ]"
589 "}");
590 ASSERT_TRUE(CheckManifestProducesPermissions(
591 "Read and change your data on all google.com sites, all news.com sites, "
592 "and www.blogger.com"));
593 ASSERT_TRUE(CheckManifestProducesHostPermissions());
594
595 CreateAndInstall(
596 "{"
597 " 'permissions': ["
598 " 'http://www.blogger.com/',"
599 " 'http://*.google.com/',"
600 " 'http://*.news.com/',"
601 " 'http://www.foobar.com/',"
602 " ]"
603 "}");
604 ASSERT_TRUE(CheckManifestProducesPermissions(
605 "Read and change your data on a number of websites"));
606 ASSERT_TRUE(CheckManifestProducesHostPermissions(
607 "All google.com sites", "All news.com sites", "www.blogger.com",
608 "www.foobar.com"));
609
610 CreateAndInstall(
611 "{"
612 " 'permissions': ["
613 " 'http://www.blogger.com/',"
614 " 'http://*.google.com/',"
615 " 'http://*.news.com/',"
616 " 'http://www.foobar.com/',"
617 " 'http://*.go.com/',"
618 " ]"
619 "}");
620 ASSERT_TRUE(CheckManifestProducesPermissions(
621 "Read and change your data on a number of websites"));
622 ASSERT_TRUE(CheckManifestProducesHostPermissions(
623 "All go.com sites", "All google.com sites", "All news.com sites",
624 "www.blogger.com", "www.foobar.com"));
625
626 CreateAndInstall(
627 "{"
628 " 'permissions': ["
629 " 'http://*.go.com/',"
630 " 'chrome://favicon/',"
631 " ]"
632 "}");
633 ASSERT_TRUE(CheckManifestProducesPermissions(
634 "Read and change your data on all go.com sites",
635 "Read the icons of the websites you visit"));
636 ASSERT_TRUE(CheckManifestProducesHostPermissions());
637
638 // Having the 'all sites' permission doesn't change the permission message,
639 // since its pseudo-granted at runtime.
640 CreateAndInstall(
641 "{"
642 " 'permissions': ["
643 " 'http://*.go.com/',"
644 " 'chrome://favicon/',"
645 " 'http://*.*',"
646 " ]"
647 "}");
648 ASSERT_TRUE(CheckManifestProducesPermissions(
649 "Read and change your data on all go.com sites",
650 "Read the icons of the websites you visit"));
651 ASSERT_TRUE(CheckManifestProducesHostPermissions());
652 }
653
654 // Check that permission messages are generated correctly for
655 // SocketsManifestPermission, which has host-like permission messages.
656 TEST_F(PermissionMessageCombinationsUnittest,
657 SocketsManifestPermissionMessages) {
658 CreateAndInstall(
659 "{"
660 " 'app': {"
661 " 'background': {"
662 " 'scripts': ['background.js']"
663 " }"
664 " },"
665 " 'sockets': {"
666 " 'udp': {'send': '*'},"
667 " }"
668 "}");
669 ASSERT_TRUE(CheckManifestProducesPermissions(
670 "Exchange data with any computer on the local network or internet"));
671 ASSERT_TRUE(CheckManifestProducesHostPermissions());
672
673 CreateAndInstall(
674 "{"
675 " 'app': {"
676 " 'background': {"
677 " 'scripts': ['background.js']"
678 " }"
679 " },"
680 " 'sockets': {"
681 " 'udp': {'send': ':99'},"
682 " }"
683 "}");
684 ASSERT_TRUE(CheckManifestProducesPermissions(
685 "Exchange data with any computer on the local network or internet"));
686 ASSERT_TRUE(CheckManifestProducesHostPermissions());
687
688 CreateAndInstall(
689 "{"
690 " 'app': {"
691 " 'background': {"
692 " 'scripts': ['background.js']"
693 " }"
694 " },"
695 " 'sockets': {"
696 " 'tcp': {'connect': '127.0.0.1:80'},"
697 " }"
698 "}");
699 ASSERT_TRUE(CheckManifestProducesPermissions(
700 "Exchange data with the computer named 127.0.0.1"));
701 ASSERT_TRUE(CheckManifestProducesHostPermissions());
702
703 CreateAndInstall(
704 "{"
705 " 'app': {"
706 " 'background': {"
707 " 'scripts': ['background.js']"
708 " }"
709 " },"
710 " 'sockets': {"
711 " 'tcp': {'connect': 'www.example.com:23'},"
712 " }"
713 "}");
714 ASSERT_TRUE(CheckManifestProducesPermissions(
715 "Exchange data with the computer named www.example.com"));
716 ASSERT_TRUE(CheckManifestProducesHostPermissions());
717
718 CreateAndInstall(
719 "{"
720 " 'app': {"
721 " 'background': {"
722 " 'scripts': ['background.js']"
723 " }"
724 " },"
725 " 'sockets': {"
726 " 'tcpServer': {'listen': '127.0.0.1:80'}"
727 " }"
728 "}");
729 ASSERT_TRUE(CheckManifestProducesPermissions(
730 "Exchange data with the computer named 127.0.0.1"));
731 ASSERT_TRUE(CheckManifestProducesHostPermissions());
732
733 CreateAndInstall(
734 "{"
735 " 'app': {"
736 " 'background': {"
737 " 'scripts': ['background.js']"
738 " }"
739 " },"
740 " 'sockets': {"
741 " 'tcpServer': {'listen': ':8080'}"
742 " }"
743 "}");
744 ASSERT_TRUE(CheckManifestProducesPermissions(
745 "Exchange data with any computer on the local network or internet"));
746 ASSERT_TRUE(CheckManifestProducesHostPermissions());
747
748 CreateAndInstall(
749 "{"
750 " 'app': {"
751 " 'background': {"
752 " 'scripts': ['background.js']"
753 " }"
754 " },"
755 " 'sockets': {"
756 " 'tcpServer': {"
757 " 'listen': ["
758 " '127.0.0.1:80',"
759 " 'www.google.com',"
760 " 'www.example.com:*',"
761 " 'www.foo.com:200',"
762 " 'www.bar.com:200'"
763 " ]"
764 " }"
765 " }"
766 "}");
767 ASSERT_TRUE(CheckManifestProducesPermissions(
768 "Exchange data with the computers named: 127.0.0.1 www.bar.com "
769 "www.example.com www.foo.com www.google.com"));
770 ASSERT_TRUE(CheckManifestProducesHostPermissions());
771
772 CreateAndInstall(
773 "{"
774 " 'app': {"
775 " 'background': {"
776 " 'scripts': ['background.js']"
777 " }"
778 " },"
779 " 'sockets': {"
780 " 'tcp': {"
781 " 'connect': ["
782 " 'www.abc.com:*',"
783 " 'www.mywebsite.com:320',"
784 " 'www.freestuff.com',"
785 " 'www.foo.com:34',"
786 " 'www.test.com'"
787 " ]"
788 " },"
789 " 'tcpServer': {"
790 " 'listen': ["
791 " '127.0.0.1:80',"
792 " 'www.google.com',"
793 " 'www.example.com:*',"
794 " 'www.foo.com:200',"
795 " ]"
796 " }"
797 " }"
798 "}");
799 ASSERT_TRUE(CheckManifestProducesPermissions(
800 "Exchange data with the computers named: 127.0.0.1 www.abc.com "
801 "www.example.com www.foo.com www.freestuff.com www.google.com "
802 "www.mywebsite.com www.test.com"));
803 ASSERT_TRUE(CheckManifestProducesHostPermissions());
804
805 CreateAndInstall(
806 "{"
807 " 'app': {"
808 " 'background': {"
809 " 'scripts': ['background.js']"
810 " }"
811 " },"
812 " 'sockets': {"
813 " 'tcp': {'send': '*:*'},"
814 " 'tcpServer': {'listen': '*:*'},"
815 " }"
816 "}");
817 ASSERT_TRUE(CheckManifestProducesPermissions(
818 "Exchange data with any computer on the local network or internet"));
819 ASSERT_TRUE(CheckManifestProducesHostPermissions());
820 }
821
822 // Check that permission messages are generated correctly for
823 // MediaGalleriesPermission (an API permission with custom messages).
824 TEST_F(PermissionMessageCombinationsUnittest,
825 MediaGalleriesPermissionMessages) {
826 CreateAndInstall(
827 "{"
828 " 'app': {"
829 " 'background': {"
830 " 'scripts': ['background.js']"
831 " }"
832 " },"
833 " 'permissions': ["
834 " { 'mediaGalleries': ['read'] }"
835 " ]"
836 "}");
837 ASSERT_TRUE(CheckManifestProducesPermissions());
838 ASSERT_TRUE(CheckManifestProducesHostPermissions());
839
840 CreateAndInstall(
841 "{"
842 " 'app': {"
843 " 'background': {"
844 " 'scripts': ['background.js']"
845 " }"
846 " },"
847 " 'permissions': ["
848 " { 'mediaGalleries': ['read', 'allAutoDetected'] }"
849 " ]"
850 "}");
851 ASSERT_TRUE(CheckManifestProducesPermissions(
852 "Access photos, music, and other media from your computer"));
853 ASSERT_TRUE(CheckManifestProducesHostPermissions());
854
855 // TODO(sashab): Add a test for the
856 // IDS_EXTENSION_PROMPT_WARNING_MEDIA_GALLERIES_READ_WRITE message (generated
857 // with the 'read' and 'copyTo' permissions, but not the 'delete' permission),
858 // if it's possible to get this message. Otherwise, remove it from the code.
859
860 CreateAndInstall(
861 "{"
862 " 'app': {"
863 " 'background': {"
864 " 'scripts': ['background.js']"
865 " }"
866 " },"
867 " 'permissions': ["
868 " { 'mediaGalleries': ['read', 'delete', 'allAutoDetected'] }"
869 " ]"
870 "}");
871 ASSERT_TRUE(CheckManifestProducesPermissions(
872 "Read and delete photos, music, and other media from your computer"));
873 ASSERT_TRUE(CheckManifestProducesHostPermissions());
874
875 CreateAndInstall(
876 "{"
877 " 'app': {"
878 " 'background': {"
879 " 'scripts': ['background.js']"
880 " }"
881 " },"
882 " 'permissions': ["
883 " { 'mediaGalleries':"
884 " [ 'read', 'delete', 'copyTo', 'allAutoDetected' ] }"
885 " ]"
886 "}");
887 ASSERT_TRUE(CheckManifestProducesPermissions(
888 "Read, change and delete photos, music, and other media from your "
889 "computer"));
890 ASSERT_TRUE(CheckManifestProducesHostPermissions());
891
892 // Without the allAutoDetected permission, there should be no install-time
893 // permission messages.
894 CreateAndInstall(
895 "{"
896 " 'app': {"
897 " 'background': {"
898 " 'scripts': ['background.js']"
899 " }"
900 " },"
901 " 'permissions': ["
902 " { 'mediaGalleries': ['read', 'delete', 'copyTo'] }"
903 " ]"
904 "}");
905 ASSERT_TRUE(CheckManifestProducesPermissions());
906 ASSERT_TRUE(CheckManifestProducesHostPermissions());
907 }
908
909 // TODO(sashab): Add tests for SettingsOverrideAPIPermission (an API permission
910 // with custom messages).
911
912 // Check that permission messages are generated correctly for SocketPermission
913 // (an API permission with custom messages).
914 TEST_F(PermissionMessageCombinationsUnittest, SocketPermissionMessages) {
915 CreateAndInstall(
916 "{"
917 " 'app': {"
918 " 'background': {"
919 " 'scripts': ['background.js']"
920 " }"
921 " },"
922 " 'permissions': ["
923 " { 'socket': ['tcp-connect:*:*'] }"
924 " ]"
925 "}");
926 ASSERT_TRUE(CheckManifestProducesPermissions(
927 "Exchange data with any computer on the local network or internet"));
928 ASSERT_TRUE(CheckManifestProducesHostPermissions());
929
930 CreateAndInstall(
931 "{"
932 " 'app': {"
933 " 'background': {"
934 " 'scripts': ['background.js']"
935 " }"
936 " },"
937 " 'permissions': ["
938 " { 'socket': ["
939 " 'tcp-connect:*:443',"
940 " 'tcp-connect:*:50032',"
941 " 'tcp-connect:*:23',"
942 " ] }"
943 " ]"
944 "}");
945 ASSERT_TRUE(CheckManifestProducesPermissions(
946 "Exchange data with any computer on the local network or internet"));
947 ASSERT_TRUE(CheckManifestProducesHostPermissions());
948
949 CreateAndInstall(
950 "{"
951 " 'app': {"
952 " 'background': {"
953 " 'scripts': ['background.js']"
954 " }"
955 " },"
956 " 'permissions': ["
957 " { 'socket': ['tcp-connect:foo.example.com:443'] }"
958 " ]"
959 "}");
960 ASSERT_TRUE(CheckManifestProducesPermissions(
961 "Exchange data with the computer named foo.example.com"));
962 ASSERT_TRUE(CheckManifestProducesHostPermissions());
963
964 CreateAndInstall(
965 "{"
966 " 'app': {"
967 " 'background': {"
968 " 'scripts': ['background.js']"
969 " }"
970 " },"
971 " 'permissions': ["
972 " { 'socket': ['tcp-connect:foo.example.com:443', 'udp-send-to'] }"
973 " ]"
974 "}");
975 ASSERT_TRUE(CheckManifestProducesPermissions(
976 "Exchange data with any computer on the local network or internet"));
977 ASSERT_TRUE(CheckManifestProducesHostPermissions());
978
979 CreateAndInstall(
980 "{"
981 " 'app': {"
982 " 'background': {"
983 " 'scripts': ['background.js']"
984 " }"
985 " },"
986 " 'permissions': ["
987 " { 'socket': ["
988 " 'tcp-connect:foo.example.com:443',"
989 " 'udp-send-to:test.ping.com:50032',"
990 " ] }"
991 " ]"
992 "}");
993 ASSERT_TRUE(CheckManifestProducesPermissions(
994 "Exchange data with the computers named: foo.example.com test.ping.com"));
995 ASSERT_TRUE(CheckManifestProducesHostPermissions());
996
997 CreateAndInstall(
998 "{"
999 " 'app': {"
1000 " 'background': {"
1001 " 'scripts': ['background.js']"
1002 " }"
1003 " },"
1004 " 'permissions': ["
1005 " { 'socket': ["
1006 " 'tcp-connect:foo.example.com:443',"
1007 " 'udp-send-to:test.ping.com:50032',"
1008 " 'udp-send-to:www.ping.com:50032',"
1009 " 'udp-send-to:test2.ping.com:50032',"
1010 " 'udp-bind:test.ping.com:50032',"
1011 " ] }"
1012 " ]"
1013 "}");
1014 ASSERT_TRUE(CheckManifestProducesPermissions(
1015 "Exchange data with the computers named: foo.example.com test.ping.com "
1016 "test2.ping.com www.ping.com"));
1017 ASSERT_TRUE(CheckManifestProducesHostPermissions());
1018
1019 CreateAndInstall(
1020 "{"
1021 " 'app': {"
1022 " 'background': {"
1023 " 'scripts': ['background.js']"
1024 " }"
1025 " },"
1026 " 'permissions': ["
1027 " { 'socket': ["
1028 " 'tcp-connect:foo.example.com:443',"
1029 " 'udp-send-to:test.ping.com:50032',"
1030 " 'tcp-connect:*:23',"
1031 " ] }"
1032 " ]"
1033 "}");
1034 ASSERT_TRUE(CheckManifestProducesPermissions(
1035 "Exchange data with any computer on the local network or internet"));
1036 ASSERT_TRUE(CheckManifestProducesHostPermissions());
1037 }
1038
1039 // Check that permission messages are generated correctly for
1040 // USBDevicePermission (an API permission with custom messages).
1041 TEST_F(PermissionMessageCombinationsUnittest, USBDevicePermissionMessages) {
1042 CreateAndInstall(
1043 "{"
1044 " 'app': {"
1045 " 'background': {"
1046 " 'scripts': ['background.js']"
1047 " }"
1048 " },"
1049 " 'permissions': ["
1050 " { 'usbDevices': ["
1051 " { 'vendorId': 0, 'productId': 0 },"
1052 " ] }"
1053 " ]"
1054 "}");
1055 ASSERT_TRUE(CheckManifestProducesPermissions(
1056 "Access USB devices from an unknown vendor"));
1057 ASSERT_TRUE(CheckManifestProducesHostPermissions());
1058
1059 CreateAndInstall(
1060 "{"
1061 " 'app': {"
1062 " 'background': {"
1063 " 'scripts': ['background.js']"
1064 " }"
1065 " },"
1066 " 'permissions': ["
1067 " { 'usbDevices': ["
1068 " { 'vendorId': 4179, 'productId': 529 },"
1069 " ] }"
1070 " ]"
1071 "}");
1072 ASSERT_TRUE(CheckManifestProducesPermissions(
1073 "Access USB devices from Immanuel Electronics Co., Ltd"));
1074 ASSERT_TRUE(CheckManifestProducesHostPermissions());
1075
1076 CreateAndInstall(
1077 "{"
1078 " 'app': {"
1079 " 'background': {"
1080 " 'scripts': ['background.js']"
1081 " }"
1082 " },"
1083 " 'permissions': ["
1084 " { 'usbDevices': ["
1085 " { 'vendorId': 6353, 'productId': 8192 },"
1086 " ] }"
1087 " ]"
1088 "}");
1089 ASSERT_TRUE(
1090 CheckManifestProducesPermissions("Access USB devices from Google Inc."));
1091 ASSERT_TRUE(CheckManifestProducesHostPermissions());
1092
1093 CreateAndInstall(
1094 "{"
1095 " 'app': {"
1096 " 'background': {"
1097 " 'scripts': ['background.js']"
1098 " }"
1099 " },"
1100 " 'permissions': ["
1101 " { 'usbDevices': ["
1102 " { 'vendorId': 4179, 'productId': 529 },"
1103 " { 'vendorId': 6353, 'productId': 8192 },"
1104 " ] }"
1105 " ]"
1106 "}");
1107 ASSERT_TRUE(
1108 CheckManifestProducesPermissions("Access any of these USB devices"));
1109
1110 // Although technically not host permissions, devices are currently stored in
1111 // the 'host permissions' (details list) for the USB permission, in the same
1112 // format.
1113 // TODO(sashab): Rename host permissions to 'details list' or 'nested
1114 // permissions', and change this test system to allow specifying each message
1115 // as well as its corresponding nested messages, if any. Also add a test that
1116 // uses this to test an app with multiple nested permission lists (e.g. both
1117 // USB and host permissions).
1118 ASSERT_TRUE(CheckManifestProducesHostPermissions(
1119 "unknown devices from Immanuel Electronics Co., Ltd",
1120 "unknown devices from Google Inc."));
1121
1122 // TODO(sashab): Add a test with a valid product/vendor USB device.
1123 }
1124
1125 // Test that hosted apps are not given any messages for host permissions.
1126 TEST_F(PermissionMessageCombinationsUnittest,
1127 PackagedAppsHaveNoHostPermissions) {
1128 CreateAndInstall(
1129 "{"
1130 " 'app': {"
1131 " 'background': {"
1132 " 'scripts': ['background.js']"
1133 " }"
1134 " },"
1135 " 'permissions': ["
1136 " 'http://www.blogger.com/',"
1137 " 'http://*.google.com/',"
1138 " ]"
1139 "}");
1140 ASSERT_TRUE(CheckManifestProducesPermissions());
1141 ASSERT_TRUE(CheckManifestProducesHostPermissions());
1142
1143 CreateAndInstall(
1144 "{"
1145 " 'app': {"
1146 " 'background': {"
1147 " 'scripts': ['background.js']"
1148 " }"
1149 " },"
1150 " 'permissions': ["
1151 " 'serial',"
1152 " 'http://www.blogger.com/',"
1153 " 'http://*.google.com/',"
1154 " ]"
1155 "}");
1156 ASSERT_TRUE(CheckManifestProducesPermissions("Access your serial devices"));
1157 ASSERT_TRUE(CheckManifestProducesHostPermissions());
1158 }
1159
1160 // Test various apps with lots of permissions, including those with no
1161 // permission messages, or those that only apply to apps or extensions even when
1162 // the given manifest is for a different type.
1163 TEST_F(PermissionMessageCombinationsUnittest, PermissionMessageCombos) {
1164 CreateAndInstall(
1165 "{"
1166 " 'permissions': ["
1167 " 'tabs',"
1168 " 'bookmarks',"
1169 " 'http://www.blogger.com/',"
1170 " 'http://*.google.com/',"
1171 " 'unlimitedStorage',"
1172 " ]"
1173 "}");
1174 ASSERT_TRUE(CheckManifestProducesPermissions(
1175 "Read and change your data on all google.com sites and www.blogger.com",
1176 "Read your browsing history", "Read and change your bookmarks"));
1177 ASSERT_TRUE(CheckManifestProducesHostPermissions());
1178
1179 CreateAndInstall(
1180 "{"
1181 " 'permissions': ["
1182 " 'tabs',"
1183 " 'sessions',"
1184 " 'bookmarks',"
1185 " 'unlimitedStorage',"
1186 " 'syncFileSystem',"
1187 " 'http://www.blogger.com/',"
1188 " 'http://*.google.com/',"
1189 " 'http://*.news.com/',"
1190 " 'http://www.foobar.com/',"
1191 " 'http://*.go.com/',"
1192 " ]"
1193 "}");
1194 ASSERT_TRUE(CheckManifestProducesPermissions(
1195 "Read your browsing history on all your signed-in devices",
1196 "Read and change your bookmarks",
1197 "Read and change your data on a number of websites"));
1198 ASSERT_TRUE(CheckManifestProducesHostPermissions(
1199 "All go.com sites", "All google.com sites", "All news.com sites",
1200 "www.blogger.com", "www.foobar.com"));
1201
1202 CreateAndInstall(
1203 "{"
1204 " 'permissions': ["
1205 " 'tabs',"
1206 " 'sessions',"
1207 " 'bookmarks',"
1208 " 'accessibilityFeatures.read',"
1209 " 'accessibilityFeatures.modify',"
1210 " 'alarms',"
1211 " 'browsingData',"
1212 " 'cookies',"
1213 " 'desktopCapture',"
1214 " 'gcm',"
1215 " 'topSites',"
1216 " 'storage',"
1217 " 'unlimitedStorage',"
1218 " 'syncFileSystem',"
1219 " 'http://www.blogger.com/',"
1220 " 'http://*.google.com/',"
1221 " 'http://*.news.com/',"
1222 " 'http://www.foobar.com/',"
1223 " 'http://*.go.com/',"
1224 " ]"
1225 "}");
1226
1227 ASSERT_TRUE(CheckManifestProducesPermissions(
1228 "Read your browsing history on all your signed-in devices",
1229 "Capture content of your screen", "Read and change your bookmarks",
1230 "Read and change your data on a number of websites",
1231 "Read and change your accessibility settings"));
1232
1233 ASSERT_TRUE(CheckManifestProducesHostPermissions(
1234 "All go.com sites", "All google.com sites", "All news.com sites",
1235 "www.blogger.com", "www.foobar.com"));
1236
1237 // Create an App instead, ensuring that the host permission messages are not
1238 // added.
1239 CreateAndInstall(
1240 "{"
1241 " 'app': {"
1242 " 'background': {"
1243 " 'scripts': ['background.js']"
1244 " }"
1245 " },"
1246 " 'permissions': ["
1247 " 'contextMenus',"
1248 " 'permissions',"
1249 " 'accessibilityFeatures.read',"
1250 " 'accessibilityFeatures.modify',"
1251 " 'alarms',"
1252 " 'power',"
1253 " 'cookies',"
1254 " 'serial',"
1255 " 'usb',"
1256 " 'storage',"
1257 " 'gcm',"
1258 " 'topSites',"
1259 " 'storage',"
1260 " 'unlimitedStorage',"
1261 " 'syncFileSystem',"
1262 " 'http://www.blogger.com/',"
1263 " 'http://*.google.com/',"
1264 " 'http://*.news.com/',"
1265 " 'http://www.foobar.com/',"
1266 " 'http://*.go.com/',"
1267 " ]"
1268 "}");
1269
1270 ASSERT_TRUE(CheckManifestProducesPermissions(
1271 "Access your serial devices", "Store data in your Google Drive account",
1272 "Read and change your accessibility settings"));
1273
1274 ASSERT_TRUE(CheckManifestProducesHostPermissions());
1275 }
1276
1277 // Tests that the 'plugin' manifest key produces the correct permission.
1278 TEST_F(PermissionMessageCombinationsUnittest, PluginPermission) {
1279 // Extensions can have plugins.
1280 CreateAndInstall(
1281 "{"
1282 " 'plugins': ["
1283 " { 'path': 'extension_plugin.dll' }"
1284 " ]"
1285 "}");
1286
1287 #ifdef OS_CHROMEOS
1288 ASSERT_TRUE(CheckManifestProducesPermissions());
1289 #else
1290 ASSERT_TRUE(CheckManifestProducesPermissions(
1291 "Read and change all your data on your computer and the websites you "
1292 "visit"));
1293 #endif
1294
1295 ASSERT_TRUE(CheckManifestProducesHostPermissions());
1296
1297 // Apps can't have plugins.
1298 CreateAndInstall(
1299 "{"
1300 " 'app': {"
1301 " 'background': {"
1302 " 'scripts': ['background.js']"
1303 " }"
1304 " },"
1305 " 'plugins': ["
1306 " { 'path': 'extension_plugin.dll' }"
1307 " ]"
1308 "}");
1309 ASSERT_TRUE(CheckManifestProducesPermissions());
1310 ASSERT_TRUE(CheckManifestProducesHostPermissions());
1311 }
1312
1313 // TODO(sashab): Add a test that checks that messages are generated correctly
1314 // for withheld permissions, when an app is granted the 'all sites' permission.
1315
1316 // TODO(sashab): Add a test that ensures that all permissions that can generate
1317 // a coalesced message can also generate a message on their own (i.e. ensure
1318 // that no permissions only modify other permissions).
1319
1320 // TODO(sashab): Add a test for every permission message combination that can
1321 // generate a message.
1322
1323 // TODO(aboxhall): Add tests for the automation API permission messages.
1324
1325 } // namespace extensions