permission_set_unittest.cc revision 0529e5d033099cbfc42635f6f6183833b09dff6e
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "base/command_line.h" 6#include "base/json/json_file_value_serializer.h" 7#include "base/logging.h" 8#include "base/path_service.h" 9#include "base/strings/utf_string_conversions.h" 10#include "chrome/common/chrome_paths.h" 11#include "chrome/common/chrome_switches.h" 12#include "chrome/common/extensions/extension_test_util.h" 13#include "chrome/common/extensions/features/feature_channel.h" 14#include "chrome/common/extensions/permissions/chrome_permission_message_provider.h" 15#include "extensions/common/error_utils.h" 16#include "extensions/common/extension.h" 17#include "extensions/common/extension_builder.h" 18#include "extensions/common/permissions/permission_message_provider.h" 19#include "extensions/common/permissions/permission_message_util.h" 20#include "extensions/common/permissions/permission_set.h" 21#include "extensions/common/permissions/permissions_data.h" 22#include "extensions/common/permissions/permissions_info.h" 23#include "extensions/common/permissions/socket_permission.h" 24#include "extensions/common/value_builder.h" 25#include "grit/generated_resources.h" 26#include "testing/gtest/include/gtest/gtest.h" 27#include "ui/base/l10n/l10n_util.h" 28 29using extension_test_util::LoadManifest; 30 31namespace extensions { 32 33namespace { 34 35static void AddPattern(URLPatternSet* extent, const std::string& pattern) { 36 int schemes = URLPattern::SCHEME_ALL; 37 extent->AddPattern(URLPattern(schemes, pattern)); 38} 39 40size_t IndexOf(const std::vector<base::string16>& warnings, 41 const std::string& warning) { 42 for (size_t i = 0; i < warnings.size(); ++i) { 43 if (warnings[i] == base::ASCIIToUTF16(warning)) 44 return i; 45 } 46 47 return warnings.size(); 48} 49 50bool Contains(const std::vector<base::string16>& warnings, 51 const std::string& warning) { 52 return IndexOf(warnings, warning) != warnings.size(); 53} 54 55} // namespace 56 57// Tests GetByID. 58TEST(PermissionsTest, GetByID) { 59 PermissionsInfo* info = PermissionsInfo::GetInstance(); 60 APIPermissionSet apis = info->GetAll(); 61 for (APIPermissionSet::const_iterator i = apis.begin(); 62 i != apis.end(); ++i) { 63 EXPECT_EQ(i->id(), i->info()->id()); 64 } 65} 66 67// Tests that GetByName works with normal permission names and aliases. 68TEST(PermissionsTest, GetByName) { 69 PermissionsInfo* info = PermissionsInfo::GetInstance(); 70 EXPECT_EQ(APIPermission::kTab, info->GetByName("tabs")->id()); 71 EXPECT_EQ(APIPermission::kManagement, 72 info->GetByName("management")->id()); 73 EXPECT_FALSE(info->GetByName("alsdkfjasldkfj")); 74} 75 76TEST(PermissionsTest, GetAll) { 77 size_t count = 0; 78 PermissionsInfo* info = PermissionsInfo::GetInstance(); 79 APIPermissionSet apis = info->GetAll(); 80 for (APIPermissionSet::const_iterator api = apis.begin(); 81 api != apis.end(); ++api) { 82 // Make sure only the valid permission IDs get returned. 83 EXPECT_NE(APIPermission::kInvalid, api->id()); 84 EXPECT_NE(APIPermission::kUnknown, api->id()); 85 count++; 86 } 87 EXPECT_EQ(count, info->get_permission_count()); 88} 89 90TEST(PermissionsTest, GetAllByName) { 91 std::set<std::string> names; 92 names.insert("background"); 93 names.insert("management"); 94 95 // This is an alias of kTab 96 names.insert("windows"); 97 98 // This unknown name should get dropped. 99 names.insert("sdlkfjasdlkfj"); 100 101 APIPermissionSet expected; 102 expected.insert(APIPermission::kBackground); 103 expected.insert(APIPermission::kManagement); 104 expected.insert(APIPermission::kTab); 105 106 EXPECT_EQ(expected, 107 PermissionsInfo::GetInstance()->GetAllByName(names)); 108} 109 110// Tests that the aliases are properly mapped. 111TEST(PermissionsTest, Aliases) { 112 PermissionsInfo* info = PermissionsInfo::GetInstance(); 113 // tabs: tabs, windows 114 std::string tabs_name = "tabs"; 115 EXPECT_EQ(tabs_name, info->GetByID(APIPermission::kTab)->name()); 116 EXPECT_EQ(APIPermission::kTab, info->GetByName("tabs")->id()); 117 EXPECT_EQ(APIPermission::kTab, info->GetByName("windows")->id()); 118 119 // unlimitedStorage: unlimitedStorage, unlimited_storage 120 std::string storage_name = "unlimitedStorage"; 121 EXPECT_EQ(storage_name, info->GetByID( 122 APIPermission::kUnlimitedStorage)->name()); 123 EXPECT_EQ(APIPermission::kUnlimitedStorage, 124 info->GetByName("unlimitedStorage")->id()); 125 EXPECT_EQ(APIPermission::kUnlimitedStorage, 126 info->GetByName("unlimited_storage")->id()); 127} 128 129TEST(PermissionsTest, EffectiveHostPermissions) { 130 scoped_refptr<Extension> extension; 131 scoped_refptr<const PermissionSet> permissions; 132 133 extension = LoadManifest("effective_host_permissions", "empty.json"); 134 permissions = extension->GetActivePermissions(); 135 EXPECT_EQ(0u, 136 PermissionsData::GetEffectiveHostPermissions(extension.get()) 137 .patterns().size()); 138 EXPECT_FALSE( 139 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com"))); 140 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); 141 142 extension = LoadManifest("effective_host_permissions", "one_host.json"); 143 permissions = extension->GetActivePermissions(); 144 EXPECT_TRUE(permissions->HasEffectiveAccessToURL( 145 GURL("http://www.google.com"))); 146 EXPECT_FALSE(permissions->HasEffectiveAccessToURL( 147 GURL("https://www.google.com"))); 148 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); 149 150 extension = LoadManifest("effective_host_permissions", 151 "one_host_wildcard.json"); 152 permissions = extension->GetActivePermissions(); 153 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com"))); 154 EXPECT_TRUE(permissions->HasEffectiveAccessToURL( 155 GURL("http://foo.google.com"))); 156 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); 157 158 extension = LoadManifest("effective_host_permissions", "two_hosts.json"); 159 permissions = extension->GetActivePermissions(); 160 EXPECT_TRUE(permissions->HasEffectiveAccessToURL( 161 GURL("http://www.google.com"))); 162 EXPECT_TRUE(permissions->HasEffectiveAccessToURL( 163 GURL("http://www.reddit.com"))); 164 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); 165 166 extension = LoadManifest("effective_host_permissions", 167 "https_not_considered.json"); 168 permissions = extension->GetActivePermissions(); 169 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com"))); 170 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://google.com"))); 171 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); 172 173 extension = LoadManifest("effective_host_permissions", 174 "two_content_scripts.json"); 175 permissions = extension->GetActivePermissions(); 176 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com"))); 177 EXPECT_TRUE(permissions->HasEffectiveAccessToURL( 178 GURL("http://www.reddit.com"))); 179 EXPECT_TRUE(permissions->HasEffectiveAccessToURL( 180 GURL("http://news.ycombinator.com"))); 181 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); 182 183 extension = LoadManifest("effective_host_permissions", "all_hosts.json"); 184 permissions = extension->GetActivePermissions(); 185 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://test/"))); 186 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("https://test/"))); 187 EXPECT_TRUE( 188 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com"))); 189 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts()); 190 191 extension = LoadManifest("effective_host_permissions", "all_hosts2.json"); 192 permissions = extension->GetActivePermissions(); 193 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://test/"))); 194 EXPECT_TRUE( 195 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com"))); 196 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts()); 197 198 extension = LoadManifest("effective_host_permissions", "all_hosts3.json"); 199 permissions = extension->GetActivePermissions(); 200 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("http://test/"))); 201 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://test/"))); 202 EXPECT_TRUE( 203 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com"))); 204 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts()); 205} 206 207TEST(PermissionsTest, ExplicitAccessToOrigin) { 208 APIPermissionSet apis; 209 ManifestPermissionSet manifest_permissions; 210 URLPatternSet explicit_hosts; 211 URLPatternSet scriptable_hosts; 212 213 AddPattern(&explicit_hosts, "http://*.google.com/*"); 214 // The explicit host paths should get set to /*. 215 AddPattern(&explicit_hosts, "http://www.example.com/a/particular/path/*"); 216 217 scoped_refptr<PermissionSet> perm_set = new PermissionSet( 218 apis, manifest_permissions, explicit_hosts, scriptable_hosts); 219 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( 220 GURL("http://www.google.com/"))); 221 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( 222 GURL("http://test.google.com/"))); 223 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( 224 GURL("http://www.example.com"))); 225 ASSERT_TRUE(perm_set->HasEffectiveAccessToURL( 226 GURL("http://www.example.com"))); 227 ASSERT_FALSE(perm_set->HasExplicitAccessToOrigin( 228 GURL("http://test.example.com"))); 229} 230 231TEST(PermissionsTest, CreateUnion) { 232 APIPermission* permission = NULL; 233 234 ManifestPermissionSet manifest_permissions; 235 APIPermissionSet apis1; 236 APIPermissionSet apis2; 237 APIPermissionSet expected_apis; 238 239 URLPatternSet explicit_hosts1; 240 URLPatternSet explicit_hosts2; 241 URLPatternSet expected_explicit_hosts; 242 243 URLPatternSet scriptable_hosts1; 244 URLPatternSet scriptable_hosts2; 245 URLPatternSet expected_scriptable_hosts; 246 247 URLPatternSet effective_hosts; 248 249 scoped_refptr<PermissionSet> set1; 250 scoped_refptr<PermissionSet> set2; 251 scoped_refptr<PermissionSet> union_set; 252 253 const APIPermissionInfo* permission_info = 254 PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket); 255 permission = permission_info->CreateAPIPermission(); 256 { 257 scoped_ptr<base::ListValue> value(new base::ListValue()); 258 value->Append( 259 base::Value::CreateStringValue("tcp-connect:*.example.com:80")); 260 value->Append(base::Value::CreateStringValue("udp-bind::8080")); 261 value->Append(base::Value::CreateStringValue("udp-send-to::8888")); 262 ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL)); 263 } 264 265 // Union with an empty set. 266 apis1.insert(APIPermission::kTab); 267 apis1.insert(APIPermission::kBackground); 268 apis1.insert(permission->Clone()); 269 expected_apis.insert(APIPermission::kTab); 270 expected_apis.insert(APIPermission::kBackground); 271 expected_apis.insert(permission); 272 273 AddPattern(&explicit_hosts1, "http://*.google.com/*"); 274 AddPattern(&expected_explicit_hosts, "http://*.google.com/*"); 275 AddPattern(&effective_hosts, "http://*.google.com/*"); 276 277 set1 = new PermissionSet(apis1, manifest_permissions, 278 explicit_hosts1, scriptable_hosts1); 279 set2 = new PermissionSet(apis2, manifest_permissions, 280 explicit_hosts2, scriptable_hosts2); 281 union_set = PermissionSet::CreateUnion(set1.get(), set2.get()); 282 EXPECT_TRUE(set1->Contains(*set2.get())); 283 EXPECT_TRUE(set1->Contains(*union_set.get())); 284 EXPECT_FALSE(set2->Contains(*set1.get())); 285 EXPECT_FALSE(set2->Contains(*union_set.get())); 286 EXPECT_TRUE(union_set->Contains(*set1.get())); 287 EXPECT_TRUE(union_set->Contains(*set2.get())); 288 289 EXPECT_FALSE(union_set->HasEffectiveFullAccess()); 290 EXPECT_EQ(expected_apis, union_set->apis()); 291 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts()); 292 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts()); 293 EXPECT_EQ(expected_explicit_hosts, union_set->effective_hosts()); 294 295 // Now use a real second set. 296 apis2.insert(APIPermission::kTab); 297 apis2.insert(APIPermission::kProxy); 298 apis2.insert(APIPermission::kClipboardWrite); 299 apis2.insert(APIPermission::kPlugin); 300 301 permission = permission_info->CreateAPIPermission(); 302 { 303 scoped_ptr<base::ListValue> value(new base::ListValue()); 304 value->Append( 305 base::Value::CreateStringValue("tcp-connect:*.example.com:80")); 306 value->Append(base::Value::CreateStringValue("udp-send-to::8899")); 307 ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL)); 308 } 309 apis2.insert(permission); 310 311 expected_apis.insert(APIPermission::kTab); 312 expected_apis.insert(APIPermission::kProxy); 313 expected_apis.insert(APIPermission::kClipboardWrite); 314 expected_apis.insert(APIPermission::kPlugin); 315 316 permission = permission_info->CreateAPIPermission(); 317 { 318 scoped_ptr<base::ListValue> value(new base::ListValue()); 319 value->Append( 320 base::Value::CreateStringValue("tcp-connect:*.example.com:80")); 321 value->Append(base::Value::CreateStringValue("udp-bind::8080")); 322 value->Append(base::Value::CreateStringValue("udp-send-to::8888")); 323 value->Append(base::Value::CreateStringValue("udp-send-to::8899")); 324 ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL)); 325 } 326 // Insert a new permission socket permisssion which will replace the old one. 327 expected_apis.insert(permission); 328 329 AddPattern(&explicit_hosts2, "http://*.example.com/*"); 330 AddPattern(&scriptable_hosts2, "http://*.google.com/*"); 331 AddPattern(&expected_explicit_hosts, "http://*.example.com/*"); 332 AddPattern(&expected_scriptable_hosts, "http://*.google.com/*"); 333 334 URLPatternSet::CreateUnion( 335 explicit_hosts2, scriptable_hosts2, &effective_hosts); 336 337 set2 = new PermissionSet(apis2, manifest_permissions, 338 explicit_hosts2, scriptable_hosts2); 339 union_set = PermissionSet::CreateUnion(set1.get(), set2.get()); 340 341 EXPECT_FALSE(set1->Contains(*set2.get())); 342 EXPECT_FALSE(set1->Contains(*union_set.get())); 343 EXPECT_FALSE(set2->Contains(*set1.get())); 344 EXPECT_FALSE(set2->Contains(*union_set.get())); 345 EXPECT_TRUE(union_set->Contains(*set1.get())); 346 EXPECT_TRUE(union_set->Contains(*set2.get())); 347 348 EXPECT_TRUE(union_set->HasEffectiveFullAccess()); 349 EXPECT_TRUE(union_set->HasEffectiveAccessToAllHosts()); 350 EXPECT_EQ(expected_apis, union_set->apis()); 351 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts()); 352 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts()); 353 EXPECT_EQ(effective_hosts, union_set->effective_hosts()); 354} 355 356TEST(PermissionsTest, CreateIntersection) { 357 APIPermission* permission = NULL; 358 359 ManifestPermissionSet manifest_permissions; 360 APIPermissionSet apis1; 361 APIPermissionSet apis2; 362 APIPermissionSet expected_apis; 363 364 URLPatternSet explicit_hosts1; 365 URLPatternSet explicit_hosts2; 366 URLPatternSet expected_explicit_hosts; 367 368 URLPatternSet scriptable_hosts1; 369 URLPatternSet scriptable_hosts2; 370 URLPatternSet expected_scriptable_hosts; 371 372 URLPatternSet effective_hosts; 373 374 scoped_refptr<PermissionSet> set1; 375 scoped_refptr<PermissionSet> set2; 376 scoped_refptr<PermissionSet> new_set; 377 378 const APIPermissionInfo* permission_info = 379 PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket); 380 381 // Intersection with an empty set. 382 apis1.insert(APIPermission::kTab); 383 apis1.insert(APIPermission::kBackground); 384 permission = permission_info->CreateAPIPermission(); 385 { 386 scoped_ptr<base::ListValue> value(new base::ListValue()); 387 value->Append( 388 base::Value::CreateStringValue("tcp-connect:*.example.com:80")); 389 value->Append(base::Value::CreateStringValue("udp-bind::8080")); 390 value->Append(base::Value::CreateStringValue("udp-send-to::8888")); 391 ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL)); 392 } 393 apis1.insert(permission); 394 395 AddPattern(&explicit_hosts1, "http://*.google.com/*"); 396 AddPattern(&scriptable_hosts1, "http://www.reddit.com/*"); 397 398 set1 = new PermissionSet(apis1, manifest_permissions, 399 explicit_hosts1, scriptable_hosts1); 400 set2 = new PermissionSet(apis2, manifest_permissions, 401 explicit_hosts2, scriptable_hosts2); 402 new_set = PermissionSet::CreateIntersection(set1.get(), set2.get()); 403 EXPECT_TRUE(set1->Contains(*new_set.get())); 404 EXPECT_TRUE(set2->Contains(*new_set.get())); 405 EXPECT_TRUE(set1->Contains(*set2.get())); 406 EXPECT_FALSE(set2->Contains(*set1.get())); 407 EXPECT_FALSE(new_set->Contains(*set1.get())); 408 EXPECT_TRUE(new_set->Contains(*set2.get())); 409 410 EXPECT_TRUE(new_set->IsEmpty()); 411 EXPECT_FALSE(new_set->HasEffectiveFullAccess()); 412 EXPECT_EQ(expected_apis, new_set->apis()); 413 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts()); 414 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts()); 415 EXPECT_EQ(expected_explicit_hosts, new_set->effective_hosts()); 416 417 // Now use a real second set. 418 apis2.insert(APIPermission::kTab); 419 apis2.insert(APIPermission::kProxy); 420 apis2.insert(APIPermission::kClipboardWrite); 421 apis2.insert(APIPermission::kPlugin); 422 permission = permission_info->CreateAPIPermission(); 423 { 424 scoped_ptr<base::ListValue> value(new base::ListValue()); 425 value->Append(base::Value::CreateStringValue("udp-bind::8080")); 426 value->Append(base::Value::CreateStringValue("udp-send-to::8888")); 427 value->Append(base::Value::CreateStringValue("udp-send-to::8899")); 428 ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL)); 429 } 430 apis2.insert(permission); 431 432 expected_apis.insert(APIPermission::kTab); 433 permission = permission_info->CreateAPIPermission(); 434 { 435 scoped_ptr<base::ListValue> value(new base::ListValue()); 436 value->Append(base::Value::CreateStringValue("udp-bind::8080")); 437 value->Append(base::Value::CreateStringValue("udp-send-to::8888")); 438 ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL)); 439 } 440 expected_apis.insert(permission); 441 442 AddPattern(&explicit_hosts2, "http://*.example.com/*"); 443 AddPattern(&explicit_hosts2, "http://*.google.com/*"); 444 AddPattern(&scriptable_hosts2, "http://*.google.com/*"); 445 AddPattern(&expected_explicit_hosts, "http://*.google.com/*"); 446 447 effective_hosts.ClearPatterns(); 448 AddPattern(&effective_hosts, "http://*.google.com/*"); 449 450 set2 = new PermissionSet(apis2, manifest_permissions, 451 explicit_hosts2, scriptable_hosts2); 452 new_set = PermissionSet::CreateIntersection(set1.get(), set2.get()); 453 454 EXPECT_TRUE(set1->Contains(*new_set.get())); 455 EXPECT_TRUE(set2->Contains(*new_set.get())); 456 EXPECT_FALSE(set1->Contains(*set2.get())); 457 EXPECT_FALSE(set2->Contains(*set1.get())); 458 EXPECT_FALSE(new_set->Contains(*set1.get())); 459 EXPECT_FALSE(new_set->Contains(*set2.get())); 460 461 EXPECT_FALSE(new_set->HasEffectiveFullAccess()); 462 EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts()); 463 EXPECT_EQ(expected_apis, new_set->apis()); 464 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts()); 465 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts()); 466 EXPECT_EQ(effective_hosts, new_set->effective_hosts()); 467} 468 469TEST(PermissionsTest, CreateDifference) { 470 APIPermission* permission = NULL; 471 472 ManifestPermissionSet manifest_permissions; 473 APIPermissionSet apis1; 474 APIPermissionSet apis2; 475 APIPermissionSet expected_apis; 476 477 URLPatternSet explicit_hosts1; 478 URLPatternSet explicit_hosts2; 479 URLPatternSet expected_explicit_hosts; 480 481 URLPatternSet scriptable_hosts1; 482 URLPatternSet scriptable_hosts2; 483 URLPatternSet expected_scriptable_hosts; 484 485 URLPatternSet effective_hosts; 486 487 scoped_refptr<PermissionSet> set1; 488 scoped_refptr<PermissionSet> set2; 489 scoped_refptr<PermissionSet> new_set; 490 491 const APIPermissionInfo* permission_info = 492 PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket); 493 494 // Difference with an empty set. 495 apis1.insert(APIPermission::kTab); 496 apis1.insert(APIPermission::kBackground); 497 permission = permission_info->CreateAPIPermission(); 498 { 499 scoped_ptr<base::ListValue> value(new base::ListValue()); 500 value->Append( 501 base::Value::CreateStringValue("tcp-connect:*.example.com:80")); 502 value->Append(base::Value::CreateStringValue("udp-bind::8080")); 503 value->Append(base::Value::CreateStringValue("udp-send-to::8888")); 504 ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL)); 505 } 506 apis1.insert(permission); 507 508 AddPattern(&explicit_hosts1, "http://*.google.com/*"); 509 AddPattern(&scriptable_hosts1, "http://www.reddit.com/*"); 510 511 set1 = new PermissionSet(apis1, manifest_permissions, 512 explicit_hosts1, scriptable_hosts1); 513 set2 = new PermissionSet(apis2, manifest_permissions, 514 explicit_hosts2, scriptable_hosts2); 515 new_set = PermissionSet::CreateDifference(set1.get(), set2.get()); 516 EXPECT_EQ(*set1.get(), *new_set.get()); 517 518 // Now use a real second set. 519 apis2.insert(APIPermission::kTab); 520 apis2.insert(APIPermission::kProxy); 521 apis2.insert(APIPermission::kClipboardWrite); 522 apis2.insert(APIPermission::kPlugin); 523 permission = permission_info->CreateAPIPermission(); 524 { 525 scoped_ptr<base::ListValue> value(new base::ListValue()); 526 value->Append( 527 base::Value::CreateStringValue("tcp-connect:*.example.com:80")); 528 value->Append(base::Value::CreateStringValue("udp-send-to::8899")); 529 ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL)); 530 } 531 apis2.insert(permission); 532 533 expected_apis.insert(APIPermission::kBackground); 534 permission = permission_info->CreateAPIPermission(); 535 { 536 scoped_ptr<base::ListValue> value(new base::ListValue()); 537 value->Append(base::Value::CreateStringValue("udp-bind::8080")); 538 value->Append(base::Value::CreateStringValue("udp-send-to::8888")); 539 ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL)); 540 } 541 expected_apis.insert(permission); 542 543 AddPattern(&explicit_hosts2, "http://*.example.com/*"); 544 AddPattern(&explicit_hosts2, "http://*.google.com/*"); 545 AddPattern(&scriptable_hosts2, "http://*.google.com/*"); 546 AddPattern(&expected_scriptable_hosts, "http://www.reddit.com/*"); 547 548 effective_hosts.ClearPatterns(); 549 AddPattern(&effective_hosts, "http://www.reddit.com/*"); 550 551 set2 = new PermissionSet(apis2, manifest_permissions, 552 explicit_hosts2, scriptable_hosts2); 553 new_set = PermissionSet::CreateDifference(set1.get(), set2.get()); 554 555 EXPECT_TRUE(set1->Contains(*new_set.get())); 556 EXPECT_FALSE(set2->Contains(*new_set.get())); 557 558 EXPECT_FALSE(new_set->HasEffectiveFullAccess()); 559 EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts()); 560 EXPECT_EQ(expected_apis, new_set->apis()); 561 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts()); 562 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts()); 563 EXPECT_EQ(effective_hosts, new_set->effective_hosts()); 564 565 // |set3| = |set1| - |set2| --> |set3| intersect |set2| == empty_set 566 set1 = PermissionSet::CreateIntersection(new_set.get(), set2.get()); 567 EXPECT_TRUE(set1->IsEmpty()); 568} 569 570TEST(PermissionsTest, IsPrivilegeIncrease) { 571 const struct { 572 const char* base_name; 573 bool expect_increase; 574 } kTests[] = { 575 { "allhosts1", false }, // all -> all 576 { "allhosts2", false }, // all -> one 577 { "allhosts3", true }, // one -> all 578 { "hosts1", false }, // http://a,http://b -> http://a,http://b 579 { "hosts2", true }, // http://a,http://b -> https://a,http://*.b 580 { "hosts3", false }, // http://a,http://b -> http://a 581 { "hosts4", true }, // http://a -> http://a,http://b 582 { "hosts5", false }, // http://a,b,c -> http://a,b,c + https://a,b,c 583 { "hosts6", false }, // http://a.com -> http://a.com + http://a.co.uk 584 { "permissions1", false }, // tabs -> tabs 585 { "permissions2", true }, // tabs -> tabs,bookmarks 586 { "permissions3", true }, // http://a -> http://a,tabs 587 { "permissions5", true }, // bookmarks -> bookmarks,history 588 { "equivalent_warnings", false }, // tabs --> tabs, webNavigation 589#if !defined(OS_CHROMEOS) // plugins aren't allowed in ChromeOS 590 { "permissions4", false }, // plugin -> plugin,tabs 591 { "plugin1", false }, // plugin -> plugin 592 { "plugin2", false }, // plugin -> none 593 { "plugin3", true }, // none -> plugin 594#endif 595 { "storage", false }, // none -> storage 596 { "notifications", false }, // none -> notifications 597 { "platformapp1", false }, // host permissions for platform apps 598 { "platformapp2", true }, // API permissions for platform apps 599 { "media_galleries1", true }, // all -> read|all 600 { "media_galleries2", true }, // read|all -> read|delete|copyTo|all 601 { "media_galleries3", true }, // all -> read|delete|all 602 { "media_galleries4", false }, // read|all -> all 603 { "media_galleries5", false }, // read|copyTo|delete|all -> read|all 604 { "media_galleries6", false }, // read|all -> read|all 605 { "media_galleries7", true }, // read|delete|all -> read|copyTo|delete|all 606 { "sockets1", true }, // none -> tcp:*:* 607 { "sockets2", false }, // tcp:*:* -> tcp:*:* 608 { "sockets3", true }, // tcp:a.com:80 -> tcp:*:* 609 }; 610 611 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) { 612 scoped_refptr<Extension> old_extension( 613 LoadManifest("allow_silent_upgrade", 614 std::string(kTests[i].base_name) + "_old.json")); 615 scoped_refptr<Extension> new_extension( 616 LoadManifest("allow_silent_upgrade", 617 std::string(kTests[i].base_name) + "_new.json")); 618 619 EXPECT_TRUE(new_extension.get()) << kTests[i].base_name << "_new.json"; 620 if (!new_extension.get()) 621 continue; 622 623 scoped_refptr<const PermissionSet> old_p( 624 old_extension->GetActivePermissions()); 625 scoped_refptr<const PermissionSet> new_p( 626 new_extension->GetActivePermissions()); 627 Manifest::Type extension_type = old_extension->GetType(); 628 629 bool increased = PermissionMessageProvider::Get()->IsPrivilegeIncrease( 630 old_p.get(), new_p.get(), extension_type); 631 EXPECT_EQ(kTests[i].expect_increase, increased) << kTests[i].base_name; 632 } 633} 634 635TEST(PermissionsTest, PermissionMessages) { 636 // Ensure that all permissions that needs to show install UI actually have 637 // strings associated with them. 638 APIPermissionSet skip; 639 640 // These are considered "nuisance" or "trivial" permissions that don't need 641 // a prompt. 642 skip.insert(APIPermission::kActiveTab); 643 skip.insert(APIPermission::kAdView); 644 skip.insert(APIPermission::kAlarms); 645 skip.insert(APIPermission::kAlwaysOnTopWindows); 646 skip.insert(APIPermission::kAudio); 647 skip.insert(APIPermission::kBrowsingData); 648 skip.insert(APIPermission::kCastStreaming); 649 skip.insert(APIPermission::kContextMenus); 650 skip.insert(APIPermission::kDiagnostics); 651 skip.insert(APIPermission::kDns); 652 skip.insert(APIPermission::kDownloadsShelf); 653 skip.insert(APIPermission::kFontSettings); 654 skip.insert(APIPermission::kFullscreen); 655 skip.insert(APIPermission::kGcm); 656 skip.insert(APIPermission::kIdle); 657 skip.insert(APIPermission::kIdltest); 658 skip.insert(APIPermission::kLogPrivate); 659 skip.insert(APIPermission::kNotification); 660 skip.insert(APIPermission::kOverrideEscFullscreen); 661 skip.insert(APIPermission::kPointerLock); 662 skip.insert(APIPermission::kPower); 663 skip.insert(APIPermission::kPushMessaging); 664 skip.insert(APIPermission::kSessions); 665 skip.insert(APIPermission::kStorage); 666 skip.insert(APIPermission::kSystemCpu); 667 skip.insert(APIPermission::kSystemDisplay); 668 skip.insert(APIPermission::kSystemMemory); 669 skip.insert(APIPermission::kSystemNetwork); 670 skip.insert(APIPermission::kSystemStorage); 671 skip.insert(APIPermission::kTts); 672 skip.insert(APIPermission::kUnlimitedStorage); 673 skip.insert(APIPermission::kWebcamPrivate); 674 skip.insert(APIPermission::kWebView); 675 skip.insert(APIPermission::kWindowShape); 676 677 // TODO(erikkay) add a string for this permission. 678 skip.insert(APIPermission::kBackground); 679 680 skip.insert(APIPermission::kClipboardWrite); 681 682 // The cookie permission does nothing unless you have associated host 683 // permissions. 684 skip.insert(APIPermission::kCookie); 685 686 // These are warned as part of host permission checks. 687 skip.insert(APIPermission::kDeclarativeContent); 688 skip.insert(APIPermission::kPageCapture); 689 skip.insert(APIPermission::kProxy); 690 skip.insert(APIPermission::kTabCapture); 691 skip.insert(APIPermission::kWebRequest); 692 skip.insert(APIPermission::kWebRequestBlocking); 693 694 // This permission requires explicit user action (context menu handler) 695 // so we won't prompt for it for now. 696 skip.insert(APIPermission::kFileBrowserHandler); 697 698 // These permissions require explicit user action (configuration dialog) 699 // so we don't prompt for them at install time. 700 skip.insert(APIPermission::kMediaGalleries); 701 702 // If you've turned on the experimental command-line flag, we don't need 703 // to warn you further. 704 skip.insert(APIPermission::kExperimental); 705 706 // The Identity API has its own server-driven permission prompts. 707 skip.insert(APIPermission::kIdentity); 708 709 // These are private. 710 skip.insert(APIPermission::kAccessibilityPrivate); 711 skip.insert(APIPermission::kAutoTestPrivate); 712 skip.insert(APIPermission::kBookmarkManagerPrivate); 713 skip.insert(APIPermission::kBrailleDisplayPrivate); 714 skip.insert(APIPermission::kCast); 715 skip.insert(APIPermission::kCastStreaming); 716 skip.insert(APIPermission::kChromeosInfoPrivate); 717 skip.insert(APIPermission::kCloudPrintPrivate); 718 skip.insert(APIPermission::kCommandLinePrivate); 719 skip.insert(APIPermission::kDeveloperPrivate); 720 skip.insert(APIPermission::kDial); 721 skip.insert(APIPermission::kDownloadsInternal); 722 skip.insert(APIPermission::kEchoPrivate); 723 skip.insert(APIPermission::kEnterprisePlatformKeysPrivate); 724 skip.insert(APIPermission::kFeedbackPrivate); 725 skip.insert(APIPermission::kFileBrowserHandlerInternal); 726 skip.insert(APIPermission::kFileBrowserPrivate); 727 skip.insert(APIPermission::kFirstRunPrivate); 728 skip.insert(APIPermission::kHotwordPrivate); 729 skip.insert(APIPermission::kIdentityPrivate); 730 skip.insert(APIPermission::kInfobars); 731 skip.insert(APIPermission::kInputMethodPrivate); 732 skip.insert(APIPermission::kMediaGalleriesPrivate); 733 skip.insert(APIPermission::kMediaPlayerPrivate); 734 skip.insert(APIPermission::kMetricsPrivate); 735 skip.insert(APIPermission::kMDns); 736 skip.insert(APIPermission::kPreferencesPrivate); 737 skip.insert(APIPermission::kPrincipalsPrivate); 738 skip.insert(APIPermission::kImageWriterPrivate); 739 skip.insert(APIPermission::kReadingListPrivate); 740 skip.insert(APIPermission::kRtcPrivate); 741 skip.insert(APIPermission::kStreamsPrivate); 742 skip.insert(APIPermission::kSystemPrivate); 743 skip.insert(APIPermission::kTabCaptureForTab); 744 skip.insert(APIPermission::kTerminalPrivate); 745 skip.insert(APIPermission::kVirtualKeyboardPrivate); 746 skip.insert(APIPermission::kWallpaperPrivate); 747 skip.insert(APIPermission::kWebrtcAudioPrivate); 748 skip.insert(APIPermission::kWebrtcLoggingPrivate); 749 skip.insert(APIPermission::kWebstorePrivate); 750 751 // Warned as part of host permissions. 752 skip.insert(APIPermission::kDevtools); 753 754 // Platform apps. 755 skip.insert(APIPermission::kFileSystem); 756 skip.insert(APIPermission::kFileSystemProvider); 757 skip.insert(APIPermission::kFileSystemRetainEntries); 758 skip.insert(APIPermission::kSocket); 759 skip.insert(APIPermission::kUsbDevice); 760 761 PermissionsInfo* info = PermissionsInfo::GetInstance(); 762 APIPermissionSet permissions = info->GetAll(); 763 for (APIPermissionSet::const_iterator i = permissions.begin(); 764 i != permissions.end(); ++i) { 765 const APIPermissionInfo* permission_info = i->info(); 766 EXPECT_TRUE(permission_info != NULL); 767 768 if (skip.count(i->id())) { 769 EXPECT_EQ(PermissionMessage::kNone, permission_info->message_id()) 770 << "unexpected message_id for " << permission_info->name(); 771 } else { 772 EXPECT_NE(PermissionMessage::kNone, permission_info->message_id()) 773 << "missing message_id for " << permission_info->name(); 774 } 775 } 776} 777 778TEST(PermissionsTest, FileSystemPermissionMessages) { 779 APIPermissionSet api_permissions; 780 api_permissions.insert(APIPermission::kFileSystemWrite); 781 api_permissions.insert(APIPermission::kFileSystemDirectory); 782 scoped_refptr<PermissionSet> permissions( 783 new PermissionSet(api_permissions, ManifestPermissionSet(), 784 URLPatternSet(), URLPatternSet())); 785 PermissionMessages messages = 786 PermissionMessageProvider::Get()->GetPermissionMessages( 787 permissions, Manifest::TYPE_PLATFORM_APP); 788 ASSERT_EQ(2u, messages.size()); 789 std::sort(messages.begin(), messages.end()); 790 std::set<PermissionMessage::ID> ids; 791 for (PermissionMessages::const_iterator it = messages.begin(); 792 it != messages.end(); ++it) { 793 ids.insert(it->id()); 794 } 795 EXPECT_TRUE(ContainsKey(ids, PermissionMessage::kFileSystemDirectory)); 796 EXPECT_TRUE(ContainsKey(ids, PermissionMessage::kFileSystemWrite)); 797} 798 799TEST(PermissionsTest, HiddenFileSystemPermissionMessages) { 800 APIPermissionSet api_permissions; 801 api_permissions.insert(APIPermission::kFileSystemWrite); 802 api_permissions.insert(APIPermission::kFileSystemDirectory); 803 api_permissions.insert(APIPermission::kFileSystemWriteDirectory); 804 scoped_refptr<PermissionSet> permissions( 805 new PermissionSet(api_permissions, ManifestPermissionSet(), 806 URLPatternSet(), URLPatternSet())); 807 PermissionMessages messages = 808 PermissionMessageProvider::Get()->GetPermissionMessages( 809 permissions, Manifest::TYPE_PLATFORM_APP); 810 ASSERT_EQ(1u, messages.size()); 811 EXPECT_EQ(PermissionMessage::kFileSystemWriteDirectory, messages[0].id()); 812} 813 814TEST(PermissionsTest, SuppressedPermissionMessages) { 815 { 816 APIPermissionSet api_permissions; 817 api_permissions.insert(APIPermission::kTab); 818 api_permissions.insert(APIPermission::kHistory); 819 scoped_refptr<PermissionSet> permissions( 820 new PermissionSet(api_permissions, ManifestPermissionSet(), 821 URLPatternSet(), URLPatternSet())); 822 PermissionMessages messages = 823 PermissionMessageProvider::Get()->GetPermissionMessages( 824 permissions, Manifest::TYPE_EXTENSION); 825 EXPECT_EQ(1u, messages.size()); 826 EXPECT_EQ(PermissionMessage::kBrowsingHistory, messages[0].id()); 827 } 828 { 829 APIPermissionSet api_permissions; 830 api_permissions.insert(APIPermission::kTab); 831 URLPatternSet hosts; 832 hosts.AddPattern(URLPattern(URLPattern::SCHEME_CHROMEUI, 833 "chrome://favicon/")); 834 scoped_refptr<PermissionSet> permissions( 835 new PermissionSet(api_permissions, ManifestPermissionSet(), 836 hosts, URLPatternSet())); 837 PermissionMessages messages = 838 PermissionMessageProvider::Get()->GetPermissionMessages( 839 permissions, Manifest::TYPE_EXTENSION); 840 EXPECT_EQ(1u, messages.size()); 841 EXPECT_EQ(PermissionMessage::kTabs, messages[0].id()); 842 } 843 { 844 APIPermissionSet api_permissions; 845 api_permissions.insert(APIPermission::kHistory); 846 URLPatternSet hosts; 847 hosts.AddPattern(URLPattern(URLPattern::SCHEME_CHROMEUI, 848 "chrome://favicon/")); 849 scoped_refptr<PermissionSet> permissions( 850 new PermissionSet(api_permissions, ManifestPermissionSet(), 851 hosts, URLPatternSet())); 852 PermissionMessages messages = 853 PermissionMessageProvider::Get()->GetPermissionMessages( 854 permissions, Manifest::TYPE_EXTENSION); 855 EXPECT_EQ(1u, messages.size()); 856 EXPECT_EQ(PermissionMessage::kBrowsingHistory, messages[0].id()); 857 } 858} 859 860TEST(PermissionsTest, MergedFileSystemPermissionComparison) { 861 APIPermissionSet write_api_permissions; 862 write_api_permissions.insert(APIPermission::kFileSystemWrite); 863 scoped_refptr<PermissionSet> write_permissions( 864 new PermissionSet(write_api_permissions, ManifestPermissionSet(), 865 URLPatternSet(), URLPatternSet())); 866 867 APIPermissionSet directory_api_permissions; 868 directory_api_permissions.insert(APIPermission::kFileSystemDirectory); 869 scoped_refptr<PermissionSet> directory_permissions( 870 new PermissionSet(directory_api_permissions, ManifestPermissionSet(), 871 URLPatternSet(), URLPatternSet())); 872 873 APIPermissionSet write_directory_api_permissions; 874 write_directory_api_permissions.insert( 875 APIPermission::kFileSystemWriteDirectory); 876 scoped_refptr<PermissionSet> write_directory_permissions( 877 new PermissionSet(write_directory_api_permissions, 878 ManifestPermissionSet(), 879 URLPatternSet(), 880 URLPatternSet())); 881 882 const PermissionMessageProvider* provider = PermissionMessageProvider::Get(); 883 EXPECT_FALSE(provider->IsPrivilegeIncrease(write_directory_permissions, 884 write_permissions, 885 Manifest::TYPE_PLATFORM_APP)); 886 EXPECT_FALSE(provider->IsPrivilegeIncrease(write_directory_permissions, 887 directory_permissions, 888 Manifest::TYPE_PLATFORM_APP)); 889 EXPECT_TRUE(provider->IsPrivilegeIncrease(write_permissions, 890 directory_permissions, 891 Manifest::TYPE_PLATFORM_APP)); 892 EXPECT_TRUE(provider->IsPrivilegeIncrease(write_permissions, 893 write_directory_permissions, 894 Manifest::TYPE_PLATFORM_APP)); 895 EXPECT_TRUE(provider->IsPrivilegeIncrease(directory_permissions, 896 write_permissions, 897 Manifest::TYPE_PLATFORM_APP)); 898 EXPECT_TRUE(provider->IsPrivilegeIncrease(directory_permissions, 899 write_directory_permissions, 900 Manifest::TYPE_PLATFORM_APP)); 901} 902 903TEST(PermissionsTest, GetWarningMessages_ManyHosts) { 904 scoped_refptr<Extension> extension; 905 906 extension = LoadManifest("permissions", "many-hosts.json"); 907 std::vector<base::string16> warnings = 908 PermissionsData::GetPermissionMessageStrings(extension.get()); 909 ASSERT_EQ(1u, warnings.size()); 910 EXPECT_EQ("Access your data on encrypted.google.com and www.google.com", 911 base::UTF16ToUTF8(warnings[0])); 912} 913 914TEST(PermissionsTest, GetWarningMessages_Plugins) { 915 scoped_refptr<Extension> extension; 916 scoped_refptr<PermissionSet> permissions; 917 918 extension = LoadManifest("permissions", "plugins.json"); 919 std::vector<base::string16> warnings = 920 PermissionsData::GetPermissionMessageStrings(extension.get()); 921// We don't parse the plugins key on Chrome OS, so it should not ask for any 922 // permissions. 923#if defined(OS_CHROMEOS) 924 ASSERT_EQ(0u, warnings.size()); 925#else 926 ASSERT_EQ(1u, warnings.size()); 927 EXPECT_EQ("Access all data on your computer and the websites you visit", 928 base::UTF16ToUTF8(warnings[0])); 929#endif 930} 931 932TEST(PermissionsTest, GetWarningMessages_AudioVideo) { 933 // Both audio and video present. 934 scoped_refptr<Extension> extension = 935 LoadManifest("permissions", "audio-video.json"); 936 const PermissionMessageProvider* provider = PermissionMessageProvider::Get(); 937 PermissionSet* set = 938 const_cast<PermissionSet*>( 939 extension->GetActivePermissions().get()); 940 std::vector<base::string16> warnings = 941 provider->GetWarningMessages(set, extension->GetType()); 942 EXPECT_FALSE(Contains(warnings, "Use your microphone")); 943 EXPECT_FALSE(Contains(warnings, "Use your camera")); 944 EXPECT_TRUE(Contains(warnings, "Use your microphone and camera")); 945 size_t combined_index = IndexOf(warnings, "Use your microphone and camera"); 946 size_t combined_size = warnings.size(); 947 948 // Just audio present. 949 set->apis_.erase(APIPermission::kVideoCapture); 950 warnings = provider->GetWarningMessages(set, extension->GetType()); 951 EXPECT_EQ(combined_size, warnings.size()); 952 EXPECT_EQ(combined_index, IndexOf(warnings, "Use your microphone")); 953 EXPECT_FALSE(Contains(warnings, "Use your camera")); 954 EXPECT_FALSE(Contains(warnings, "Use your microphone and camera")); 955 956 // Just video present. 957 set->apis_.erase(APIPermission::kAudioCapture); 958 set->apis_.insert(APIPermission::kVideoCapture); 959 warnings = provider->GetWarningMessages(set, extension->GetType()); 960 EXPECT_EQ(combined_size, warnings.size()); 961 EXPECT_FALSE(Contains(warnings, "Use your microphone")); 962 EXPECT_FALSE(Contains(warnings, "Use your microphone and camera")); 963 EXPECT_TRUE(Contains(warnings, "Use your camera")); 964} 965 966TEST(PermissionsTest, GetWarningMessages_DeclarativeWebRequest) { 967 // Test that if the declarativeWebRequest permission is present 968 // in combination with all hosts permission, then only the warning 969 // for host permissions is shown, because that covers the use of 970 // declarativeWebRequest. 971 972 // Until Declarative Web Request is in stable, let's make sure it is enabled 973 // on the current channel. 974 ScopedCurrentChannel sc(chrome::VersionInfo::CHANNEL_CANARY); 975 976 // First verify that declarativeWebRequest produces a message when host 977 // permissions do not cover all hosts. 978 scoped_refptr<Extension> extension = 979 LoadManifest("permissions", "web_request_not_all_host_permissions.json"); 980 const PermissionMessageProvider* provider = PermissionMessageProvider::Get(); 981 const PermissionSet* set = extension->GetActivePermissions().get(); 982 std::vector<base::string16> warnings = 983 provider->GetWarningMessages(set, extension->GetType()); 984 EXPECT_TRUE(Contains(warnings, "Block parts of web pages")); 985 EXPECT_FALSE(Contains(warnings, "Access your data on all websites")); 986 987 // Now verify that declarativeWebRequest does not produce a message when host 988 // permissions do cover all hosts. 989 extension = 990 LoadManifest("permissions", "web_request_all_host_permissions.json"); 991 set = extension->GetActivePermissions().get(); 992 warnings = provider->GetWarningMessages(set, extension->GetType()); 993 EXPECT_FALSE(Contains(warnings, "Block parts of web pages")); 994 EXPECT_TRUE(Contains(warnings, "Access your data on all websites")); 995} 996 997TEST(PermissionsTest, GetWarningMessages_Serial) { 998 scoped_refptr<Extension> extension = 999 LoadManifest("permissions", "serial.json"); 1000 1001 EXPECT_TRUE(extension->is_platform_app()); 1002 EXPECT_TRUE(extension->HasAPIPermission(APIPermission::kSerial)); 1003 std::vector<base::string16> warnings = 1004 PermissionsData::GetPermissionMessageStrings(extension.get()); 1005 EXPECT_TRUE( 1006 Contains(warnings, "Use serial devices attached to your computer")); 1007 ASSERT_EQ(1u, warnings.size()); 1008} 1009 1010TEST(PermissionsTest, GetWarningMessages_Socket_AnyHost) { 1011 ScopedCurrentChannel channel(chrome::VersionInfo::CHANNEL_DEV); 1012 1013 scoped_refptr<Extension> extension = 1014 LoadManifest("permissions", "socket_any_host.json"); 1015 EXPECT_TRUE(extension->is_platform_app()); 1016 EXPECT_TRUE(extension->HasAPIPermission(APIPermission::kSocket)); 1017 std::vector<base::string16> warnings = 1018 PermissionsData::GetPermissionMessageStrings(extension.get()); 1019 EXPECT_EQ(1u, warnings.size()); 1020 EXPECT_TRUE(Contains(warnings, "Exchange data with any computer " 1021 "on the local network or internet")); 1022} 1023 1024TEST(PermissionsTest, GetWarningMessages_Socket_OneDomainTwoHostnames) { 1025 ScopedCurrentChannel channel(chrome::VersionInfo::CHANNEL_DEV); 1026 1027 scoped_refptr<Extension> extension = 1028 LoadManifest("permissions", "socket_one_domain_two_hostnames.json"); 1029 EXPECT_TRUE(extension->is_platform_app()); 1030 EXPECT_TRUE(extension->HasAPIPermission(APIPermission::kSocket)); 1031 std::vector<base::string16> warnings = 1032 PermissionsData::GetPermissionMessageStrings(extension.get()); 1033 1034 // Verify the warnings, including support for unicode characters, the fact 1035 // that domain host warnings come before specific host warnings, and the fact 1036 // that domains and hostnames are in alphabetical order regardless of the 1037 // order in the manifest file. 1038 EXPECT_EQ(2u, warnings.size()); 1039 if (warnings.size() > 0) 1040 EXPECT_EQ(warnings[0], 1041 base::UTF8ToUTF16("Exchange data with any computer in the domain " 1042 "example.org")); 1043 if (warnings.size() > 1) 1044 EXPECT_EQ(warnings[1], 1045 base::UTF8ToUTF16("Exchange data with the computers named: " 1046 "b\xC3\xA5r.example.com foo.example.com")); 1047 // "\xC3\xA5" = UTF-8 for lowercase A with ring above 1048} 1049 1050TEST(PermissionsTest, GetWarningMessages_Socket_TwoDomainsOneHostname) { 1051 ScopedCurrentChannel channel(chrome::VersionInfo::CHANNEL_DEV); 1052 1053 scoped_refptr<Extension> extension = 1054 LoadManifest("permissions", "socket_two_domains_one_hostname.json"); 1055 EXPECT_TRUE(extension->is_platform_app()); 1056 EXPECT_TRUE(extension->HasAPIPermission(APIPermission::kSocket)); 1057 std::vector<base::string16> warnings = 1058 PermissionsData::GetPermissionMessageStrings(extension.get()); 1059 1060 // Verify the warnings, including the fact that domain host warnings come 1061 // before specific host warnings and the fact that domains and hostnames are 1062 // in alphabetical order regardless of the order in the manifest file. 1063 EXPECT_EQ(2u, warnings.size()); 1064 if (warnings.size() > 0) 1065 EXPECT_EQ(warnings[0], 1066 base::UTF8ToUTF16("Exchange data with any computer in the " 1067 "domains: example.com foo.example.org")); 1068 if (warnings.size() > 1) 1069 EXPECT_EQ(warnings[1], 1070 base::UTF8ToUTF16("Exchange data with the computer named " 1071 "bar.example.org")); 1072} 1073 1074TEST(PermissionsTest, GetWarningMessages_PlatformApppHosts) { 1075 scoped_refptr<Extension> extension; 1076 1077 extension = LoadManifest("permissions", "platform_app_hosts.json"); 1078 EXPECT_TRUE(extension->is_platform_app()); 1079 std::vector<base::string16> warnings = 1080 PermissionsData::GetPermissionMessageStrings(extension.get()); 1081 ASSERT_EQ(0u, warnings.size()); 1082 1083 extension = LoadManifest("permissions", "platform_app_all_urls.json"); 1084 EXPECT_TRUE(extension->is_platform_app()); 1085 warnings = PermissionsData::GetPermissionMessageStrings(extension.get()); 1086 ASSERT_EQ(0u, warnings.size()); 1087} 1088 1089bool ShowsAllHostsWarning(const std::string& pattern) { 1090 scoped_refptr<Extension> extension = 1091 ExtensionBuilder() 1092 .SetManifest(DictionaryBuilder() 1093 .Set("name", "TLDWildCardTest") 1094 .Set("version", "0.1.0") 1095 .Set("permissions", ListBuilder().Append(pattern)) 1096 .Build()) 1097 .Build(); 1098 1099 std::vector<base::string16> warnings = 1100 PermissionsData::GetPermissionMessageStrings(extension); 1101 1102 if (warnings.empty()) 1103 return false; 1104 1105 if (warnings[0] != 1106 l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_ALL_HOSTS)) { 1107 return false; 1108 } 1109 1110 return true; 1111} 1112 1113TEST(PermissionsTest, GetWarningMessages_TLDWildcardTreatedAsAllHosts) { 1114 EXPECT_TRUE(ShowsAllHostsWarning("http://*.com/*")); // most popular. 1115 EXPECT_TRUE(ShowsAllHostsWarning("http://*.org/*")); // sanity check. 1116 EXPECT_TRUE(ShowsAllHostsWarning("http://*.co.uk/*")); // eTLD. 1117 EXPECT_TRUE(ShowsAllHostsWarning("http://*.de/*")); // foreign country tld. 1118 1119 // We should still show the normal permissions (i.e., "Can access your data on 1120 // *.rdcronin.com") for things that are not TLDs. 1121 EXPECT_FALSE(ShowsAllHostsWarning("http://*.rdcronin.com/*")); 1122 1123 // Pseudo-TLDs, like appspot.com, should not show all hosts. 1124 EXPECT_FALSE(ShowsAllHostsWarning("http://*.appspot.com/*")); 1125 1126 // Non-TLDs should be likewise exempt. 1127 EXPECT_FALSE(ShowsAllHostsWarning("http://*.notarealtld/*")); 1128 1129 // Our internal checks use "foo", so let's make sure we're not messing 1130 // something up with it. 1131 EXPECT_FALSE(ShowsAllHostsWarning("http://*.foo.com")); 1132 EXPECT_FALSE(ShowsAllHostsWarning("http://foo.com")); 1133 // This will fail if foo becomes a recognized TLD. Which could be soon. 1134 // Update as needed. 1135 EXPECT_FALSE(ShowsAllHostsWarning("http://*.foo")); 1136} 1137 1138TEST(PermissionsTest, GetDistinctHosts) { 1139 URLPatternSet explicit_hosts; 1140 std::set<std::string> expected; 1141 expected.insert("www.foo.com"); 1142 expected.insert("www.bar.com"); 1143 expected.insert("www.baz.com"); 1144 1145 { 1146 SCOPED_TRACE("no dupes"); 1147 1148 // Simple list with no dupes. 1149 explicit_hosts.AddPattern( 1150 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path")); 1151 explicit_hosts.AddPattern( 1152 URLPattern(URLPattern::SCHEME_HTTP, "http://www.bar.com/path")); 1153 explicit_hosts.AddPattern( 1154 URLPattern(URLPattern::SCHEME_HTTP, "http://www.baz.com/path")); 1155 EXPECT_EQ(expected, 1156 permission_message_util::GetDistinctHosts( 1157 explicit_hosts, true, true)); 1158 } 1159 1160 { 1161 SCOPED_TRACE("two dupes"); 1162 1163 // Add some dupes. 1164 explicit_hosts.AddPattern( 1165 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path")); 1166 explicit_hosts.AddPattern( 1167 URLPattern(URLPattern::SCHEME_HTTP, "http://www.baz.com/path")); 1168 EXPECT_EQ(expected, 1169 permission_message_util::GetDistinctHosts( 1170 explicit_hosts, true, true)); 1171 } 1172 1173 { 1174 SCOPED_TRACE("schemes differ"); 1175 1176 // Add a pattern that differs only by scheme. This should be filtered out. 1177 explicit_hosts.AddPattern( 1178 URLPattern(URLPattern::SCHEME_HTTPS, "https://www.bar.com/path")); 1179 EXPECT_EQ(expected, 1180 permission_message_util::GetDistinctHosts( 1181 explicit_hosts, true, true)); 1182 } 1183 1184 { 1185 SCOPED_TRACE("paths differ"); 1186 1187 // Add some dupes by path. 1188 explicit_hosts.AddPattern( 1189 URLPattern(URLPattern::SCHEME_HTTP, "http://www.bar.com/pathypath")); 1190 EXPECT_EQ(expected, 1191 permission_message_util::GetDistinctHosts( 1192 explicit_hosts, true, true)); 1193 } 1194 1195 { 1196 SCOPED_TRACE("subdomains differ"); 1197 1198 // We don't do anything special for subdomains. 1199 explicit_hosts.AddPattern( 1200 URLPattern(URLPattern::SCHEME_HTTP, "http://monkey.www.bar.com/path")); 1201 explicit_hosts.AddPattern( 1202 URLPattern(URLPattern::SCHEME_HTTP, "http://bar.com/path")); 1203 1204 expected.insert("monkey.www.bar.com"); 1205 expected.insert("bar.com"); 1206 1207 EXPECT_EQ(expected, 1208 permission_message_util::GetDistinctHosts( 1209 explicit_hosts, true, true)); 1210 } 1211 1212 { 1213 SCOPED_TRACE("RCDs differ"); 1214 1215 // Now test for RCD uniquing. 1216 explicit_hosts.AddPattern( 1217 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path")); 1218 explicit_hosts.AddPattern( 1219 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); 1220 explicit_hosts.AddPattern( 1221 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.de/path")); 1222 explicit_hosts.AddPattern( 1223 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca.us/path")); 1224 explicit_hosts.AddPattern( 1225 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path")); 1226 explicit_hosts.AddPattern( 1227 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com.my/path")); 1228 1229 // This is an unknown RCD, which shouldn't be uniqued out. 1230 explicit_hosts.AddPattern( 1231 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.xyzzy/path")); 1232 // But it should only occur once. 1233 explicit_hosts.AddPattern( 1234 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.xyzzy/path")); 1235 1236 expected.insert("www.foo.xyzzy"); 1237 1238 EXPECT_EQ(expected, 1239 permission_message_util::GetDistinctHosts( 1240 explicit_hosts, true, true)); 1241 } 1242 1243 { 1244 SCOPED_TRACE("wildcards"); 1245 1246 explicit_hosts.AddPattern( 1247 URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com/*")); 1248 1249 expected.insert("*.google.com"); 1250 1251 EXPECT_EQ(expected, 1252 permission_message_util::GetDistinctHosts( 1253 explicit_hosts, true, true)); 1254 } 1255 1256 { 1257 SCOPED_TRACE("scriptable hosts"); 1258 1259 APIPermissionSet empty_perms; 1260 explicit_hosts.ClearPatterns(); 1261 URLPatternSet scriptable_hosts; 1262 expected.clear(); 1263 1264 explicit_hosts.AddPattern( 1265 URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com/*")); 1266 scriptable_hosts.AddPattern( 1267 URLPattern(URLPattern::SCHEME_HTTP, "http://*.example.com/*")); 1268 1269 expected.insert("*.google.com"); 1270 expected.insert("*.example.com"); 1271 1272 scoped_refptr<PermissionSet> perm_set(new PermissionSet( 1273 empty_perms, ManifestPermissionSet(), 1274 explicit_hosts, scriptable_hosts)); 1275 EXPECT_EQ(expected, 1276 permission_message_util::GetDistinctHosts( 1277 perm_set->effective_hosts(), true, true)); 1278 } 1279 1280 { 1281 // We don't display warnings for file URLs because they are off by default. 1282 SCOPED_TRACE("file urls"); 1283 1284 explicit_hosts.ClearPatterns(); 1285 expected.clear(); 1286 1287 explicit_hosts.AddPattern( 1288 URLPattern(URLPattern::SCHEME_FILE, "file:///*")); 1289 1290 EXPECT_EQ(expected, 1291 permission_message_util::GetDistinctHosts( 1292 explicit_hosts, true, true)); 1293 } 1294} 1295 1296TEST(PermissionsTest, GetDistinctHosts_ComIsBestRcd) { 1297 URLPatternSet explicit_hosts; 1298 explicit_hosts.AddPattern( 1299 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); 1300 explicit_hosts.AddPattern( 1301 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); 1302 explicit_hosts.AddPattern( 1303 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); 1304 explicit_hosts.AddPattern( 1305 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path")); 1306 explicit_hosts.AddPattern( 1307 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); 1308 explicit_hosts.AddPattern( 1309 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path")); 1310 1311 std::set<std::string> expected; 1312 expected.insert("www.foo.com"); 1313 EXPECT_EQ(expected, 1314 permission_message_util::GetDistinctHosts( 1315 explicit_hosts, true, true)); 1316} 1317 1318TEST(PermissionsTest, GetDistinctHosts_NetIs2ndBestRcd) { 1319 URLPatternSet explicit_hosts; 1320 explicit_hosts.AddPattern( 1321 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); 1322 explicit_hosts.AddPattern( 1323 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); 1324 explicit_hosts.AddPattern( 1325 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); 1326 explicit_hosts.AddPattern( 1327 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path")); 1328 explicit_hosts.AddPattern( 1329 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); 1330 // No http://www.foo.com/path 1331 1332 std::set<std::string> expected; 1333 expected.insert("www.foo.net"); 1334 EXPECT_EQ(expected, 1335 permission_message_util::GetDistinctHosts( 1336 explicit_hosts, true, true)); 1337} 1338 1339TEST(PermissionsTest, GetDistinctHosts_OrgIs3rdBestRcd) { 1340 URLPatternSet explicit_hosts; 1341 explicit_hosts.AddPattern( 1342 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); 1343 explicit_hosts.AddPattern( 1344 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); 1345 explicit_hosts.AddPattern( 1346 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); 1347 // No http://www.foo.net/path 1348 explicit_hosts.AddPattern( 1349 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); 1350 // No http://www.foo.com/path 1351 1352 std::set<std::string> expected; 1353 expected.insert("www.foo.org"); 1354 EXPECT_EQ(expected, 1355 permission_message_util::GetDistinctHosts( 1356 explicit_hosts, true, true)); 1357} 1358 1359TEST(PermissionsTest, GetDistinctHosts_FirstInListIs4thBestRcd) { 1360 URLPatternSet explicit_hosts; 1361 explicit_hosts.AddPattern( 1362 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); 1363 // No http://www.foo.org/path 1364 explicit_hosts.AddPattern( 1365 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); 1366 // No http://www.foo.net/path 1367 explicit_hosts.AddPattern( 1368 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); 1369 // No http://www.foo.com/path 1370 1371 std::set<std::string> expected; 1372 expected.insert("www.foo.ca"); 1373 EXPECT_EQ(expected, 1374 permission_message_util::GetDistinctHosts( 1375 explicit_hosts, true, true)); 1376} 1377 1378TEST(PermissionsTest, IsHostPrivilegeIncrease) { 1379 Manifest::Type type = Manifest::TYPE_EXTENSION; 1380 const PermissionMessageProvider* provider = PermissionMessageProvider::Get(); 1381 ManifestPermissionSet empty_manifest_permissions; 1382 URLPatternSet elist1; 1383 URLPatternSet elist2; 1384 URLPatternSet slist1; 1385 URLPatternSet slist2; 1386 scoped_refptr<PermissionSet> set1; 1387 scoped_refptr<PermissionSet> set2; 1388 APIPermissionSet empty_perms; 1389 elist1.AddPattern( 1390 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path")); 1391 elist1.AddPattern( 1392 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path")); 1393 1394 // Test that the host order does not matter. 1395 elist2.AddPattern( 1396 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path")); 1397 elist2.AddPattern( 1398 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path")); 1399 1400 set1 = new PermissionSet(empty_perms, empty_manifest_permissions, 1401 elist1, slist1); 1402 set2 = new PermissionSet(empty_perms, empty_manifest_permissions, 1403 elist2, slist2); 1404 1405 EXPECT_FALSE(provider->IsPrivilegeIncrease(set1, set2, type)); 1406 EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type)); 1407 1408 // Test that paths are ignored. 1409 elist2.ClearPatterns(); 1410 elist2.AddPattern( 1411 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/*")); 1412 set2 = new PermissionSet(empty_perms, empty_manifest_permissions, 1413 elist2, slist2); 1414 EXPECT_FALSE(provider->IsPrivilegeIncrease(set1, set2, type)); 1415 EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type)); 1416 1417 // Test that RCDs are ignored. 1418 elist2.ClearPatterns(); 1419 elist2.AddPattern( 1420 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/*")); 1421 set2 = new PermissionSet(empty_perms, empty_manifest_permissions, 1422 elist2, slist2); 1423 EXPECT_FALSE(provider->IsPrivilegeIncrease(set1, set2, type)); 1424 EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type)); 1425 1426 // Test that subdomain wildcards are handled properly. 1427 elist2.ClearPatterns(); 1428 elist2.AddPattern( 1429 URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com.hk/*")); 1430 set2 = new PermissionSet(empty_perms, empty_manifest_permissions, 1431 elist2, slist2); 1432 EXPECT_TRUE(provider->IsPrivilegeIncrease(set1, set2, type)); 1433 // TODO(jstritar): Does not match subdomains properly. http://crbug.com/65337 1434 // EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type)); 1435 1436 // Test that different domains count as different hosts. 1437 elist2.ClearPatterns(); 1438 elist2.AddPattern( 1439 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path")); 1440 elist2.AddPattern( 1441 URLPattern(URLPattern::SCHEME_HTTP, "http://www.example.org/path")); 1442 set2 = new PermissionSet(empty_perms, empty_manifest_permissions, 1443 elist2, slist2); 1444 EXPECT_TRUE(provider->IsPrivilegeIncrease(set1, set2, type)); 1445 EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type)); 1446 1447 // Test that different subdomains count as different hosts. 1448 elist2.ClearPatterns(); 1449 elist2.AddPattern( 1450 URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*")); 1451 set2 = new PermissionSet(empty_perms, empty_manifest_permissions, 1452 elist2, slist2); 1453 EXPECT_TRUE(provider->IsPrivilegeIncrease(set1, set2, type)); 1454 EXPECT_TRUE(provider->IsPrivilegeIncrease(set2, set1, type)); 1455 1456 // Test that platform apps do not have host permissions increases. 1457 type = Manifest::TYPE_PLATFORM_APP; 1458 EXPECT_FALSE(provider->IsPrivilegeIncrease(set1, set2, type)); 1459 EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type)); 1460} 1461 1462TEST(PermissionsTest, GetAPIsAsStrings) { 1463 APIPermissionSet apis; 1464 URLPatternSet empty_set; 1465 1466 apis.insert(APIPermission::kProxy); 1467 apis.insert(APIPermission::kBackground); 1468 apis.insert(APIPermission::kNotification); 1469 apis.insert(APIPermission::kTab); 1470 1471 scoped_refptr<PermissionSet> perm_set = new PermissionSet( 1472 apis, ManifestPermissionSet(), empty_set, empty_set); 1473 std::set<std::string> api_names = perm_set->GetAPIsAsStrings(); 1474 1475 // The result is correct if it has the same number of elements 1476 // and we can convert it back to the id set. 1477 EXPECT_EQ(4u, api_names.size()); 1478 EXPECT_EQ(apis, 1479 PermissionsInfo::GetInstance()->GetAllByName(api_names)); 1480} 1481 1482TEST(PermissionsTest, IsEmpty) { 1483 APIPermissionSet empty_apis; 1484 URLPatternSet empty_extent; 1485 1486 scoped_refptr<PermissionSet> empty = new PermissionSet(); 1487 EXPECT_TRUE(empty->IsEmpty()); 1488 scoped_refptr<PermissionSet> perm_set; 1489 1490 perm_set = new PermissionSet(empty_apis, ManifestPermissionSet(), 1491 empty_extent, empty_extent); 1492 EXPECT_TRUE(perm_set->IsEmpty()); 1493 1494 APIPermissionSet non_empty_apis; 1495 non_empty_apis.insert(APIPermission::kBackground); 1496 perm_set = new PermissionSet(non_empty_apis, ManifestPermissionSet(), 1497 empty_extent, empty_extent); 1498 EXPECT_FALSE(perm_set->IsEmpty()); 1499 1500 // Try non standard host 1501 URLPatternSet non_empty_extent; 1502 AddPattern(&non_empty_extent, "http://www.google.com/*"); 1503 1504 perm_set = new PermissionSet(empty_apis, ManifestPermissionSet(), 1505 non_empty_extent, empty_extent); 1506 EXPECT_FALSE(perm_set->IsEmpty()); 1507 1508 perm_set = new PermissionSet(empty_apis, ManifestPermissionSet(), 1509 empty_extent, non_empty_extent); 1510 EXPECT_FALSE(perm_set->IsEmpty()); 1511} 1512 1513TEST(PermissionsTest, ImpliedPermissions) { 1514 URLPatternSet empty_extent; 1515 APIPermissionSet apis; 1516 apis.insert(APIPermission::kFileBrowserHandler); 1517 EXPECT_EQ(1U, apis.size()); 1518 1519 scoped_refptr<PermissionSet> perm_set; 1520 perm_set = new PermissionSet(apis, ManifestPermissionSet(), 1521 empty_extent, empty_extent); 1522 EXPECT_EQ(2U, perm_set->apis().size()); 1523} 1524 1525TEST(PermissionsTest, SyncFileSystemPermission) { 1526 scoped_refptr<Extension> extension = LoadManifest( 1527 "permissions", "sync_file_system.json"); 1528 APIPermissionSet apis; 1529 apis.insert(APIPermission::kSyncFileSystem); 1530 EXPECT_TRUE(extension->is_platform_app()); 1531 EXPECT_TRUE(extension->HasAPIPermission(APIPermission::kSyncFileSystem)); 1532 std::vector<base::string16> warnings = 1533 PermissionsData::GetPermissionMessageStrings(extension.get()); 1534 EXPECT_TRUE(Contains(warnings, "Store data in your Google Drive account")); 1535 ASSERT_EQ(1u, warnings.size()); 1536} 1537 1538// Make sure that we don't crash when we're trying to show the permissions 1539// even though chrome://thumb (and everything that's not chrome://favicon with 1540// a chrome:// scheme) is not a valid permission. 1541// More details here: crbug/246314. 1542TEST(PermissionsTest, ChromeURLs) { 1543 URLPatternSet allowed_hosts; 1544 allowed_hosts.AddPattern( 1545 URLPattern(URLPattern::SCHEME_ALL, "http://www.google.com/")); 1546 allowed_hosts.AddPattern( 1547 URLPattern(URLPattern::SCHEME_ALL, "chrome://favicon/")); 1548 allowed_hosts.AddPattern( 1549 URLPattern(URLPattern::SCHEME_ALL, "chrome://thumb/")); 1550 scoped_refptr<PermissionSet> permissions( 1551 new PermissionSet(APIPermissionSet(), ManifestPermissionSet(), 1552 allowed_hosts, URLPatternSet())); 1553 PermissionMessageProvider::Get()-> 1554 GetPermissionMessages(permissions, Manifest::TYPE_EXTENSION); 1555} 1556 1557TEST(PermissionsTest, IsPrivilegeIncrease_DeclarativeWebRequest) { 1558 scoped_refptr<Extension> extension( 1559 LoadManifest("permissions", "permissions_all_urls.json")); 1560 scoped_refptr<const PermissionSet> permissions( 1561 extension->GetActivePermissions()); 1562 1563 scoped_refptr<Extension> extension_dwr( 1564 LoadManifest("permissions", "web_request_all_host_permissions.json")); 1565 scoped_refptr<const PermissionSet> permissions_dwr( 1566 extension_dwr->GetActivePermissions()); 1567 1568 EXPECT_FALSE(PermissionMessageProvider::Get()-> 1569 IsPrivilegeIncrease(permissions.get(), 1570 permissions_dwr.get(), 1571 extension->GetType())); 1572} 1573 1574} // namespace extensions 1575