190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)// Copyright (c) 2013 The Chromium Authors. All rights reserved. 290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)// found in the LICENSE file. 490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#include <vector> 690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#include "base/command_line.h" 890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#include "base/memory/ref_counted.h" 9868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#include "base/strings/string16.h" 1090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#include "base/strings/utf_string_conversions.h" 1190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#include "chrome/common/extensions/extension_test_util.h" 1203b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)#include "components/crx_file/id_util.h" 1390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#include "content/public/common/socket_permission_request.h" 1490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#include "extensions/common/error_utils.h" 15f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "extensions/common/extension.h" 16cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "extensions/common/extension_builder.h" 17cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "extensions/common/manifest.h" 18d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)#include "extensions/common/manifest_constants.h" 194e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles)#include "extensions/common/permissions/api_permission.h" 201e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles)#include "extensions/common/permissions/permission_set.h" 21f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "extensions/common/permissions/permissions_data.h" 22effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch#include "extensions/common/permissions/socket_permission.h" 23ca12bfac764ba476d6cd062bf1dde12cc64c3f40Ben Murdoch#include "extensions/common/switches.h" 2490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#include "extensions/common/url_pattern_set.h" 25cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "extensions/common/value_builder.h" 2690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#include "testing/gtest/include/gtest/gtest.h" 27cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "url/gurl.h" 2890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)using base::UTF16ToUTF8; 3090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)using content::SocketPermissionRequest; 3190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)using extension_test_util::LoadManifest; 3290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)using extension_test_util::LoadManifestUnchecked; 3390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)using extension_test_util::LoadManifestStrict; 3490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 3590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)namespace extensions { 3690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 3790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)namespace { 3890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 39cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)const char kAllHostsPermission[] = "*://*/*"; 40cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 4190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)bool CheckSocketPermission( 4290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) scoped_refptr<Extension> extension, 4390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) SocketPermissionRequest::OperationType type, 4490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const char* host, 4590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) int port) { 4690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) SocketPermission::CheckParam param(type, host, port); 4746d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) return extension->permissions_data()->CheckAPIPermissionWithParam( 4846d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) APIPermission::kSocket, ¶m); 4990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)} 5090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 51cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)// Creates and returns an extension with the given |id|, |host_permissions|, and 52cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)// manifest |location|. 53cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)scoped_refptr<const Extension> GetExtensionWithHostPermission( 54cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) const std::string& id, 55cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) const std::string& host_permissions, 56cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) Manifest::Location location) { 57cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) ListBuilder permissions; 58cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) if (!host_permissions.empty()) 59cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) permissions.Append(host_permissions); 60cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 61cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) return ExtensionBuilder() 62cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) .SetManifest( 63cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) DictionaryBuilder() 64cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) .Set("name", id) 65cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) .Set("description", "an extension") 66cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) .Set("manifest_version", 2) 67cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) .Set("version", "1.0.0") 68cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) .Set("permissions", permissions.Pass()) 69cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) .Build()) 70cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) .SetLocation(location) 71cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) .SetID(id) 72cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) .Build(); 73cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)} 74cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 75116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch// Checks that urls are properly restricted for the given extension. 76116680a4aac90f2aa7413d9095a592090648e557Ben Murdochvoid CheckRestrictedUrls(const Extension* extension, 77116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch bool block_chrome_urls) { 78116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // We log the name so we know _which_ extension failed here. 79116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch const std::string& name = extension->name(); 80116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch const GURL chrome_settings_url("chrome://settings/"); 81116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch const GURL chrome_extension_url("chrome-extension://foo/bar.html"); 82116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch const GURL google_url("https://www.google.com/"); 83116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch const GURL self_url("chrome-extension://" + extension->id() + "/foo.html"); 84116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch const GURL invalid_url("chrome-debugger://foo/bar.html"); 85116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch 86116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch std::string error; 87116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch EXPECT_EQ(block_chrome_urls, 88116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch PermissionsData::IsRestrictedUrl( 89116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch chrome_settings_url, 90116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch chrome_settings_url, 91116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch extension, 92116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch &error)) << name; 93116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch if (block_chrome_urls) 94116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch EXPECT_EQ(manifest_errors::kCannotAccessChromeUrl, error) << name; 95116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch else 96116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch EXPECT_TRUE(error.empty()) << name; 97116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch 98116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch error.clear(); 99116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch EXPECT_EQ(block_chrome_urls, 100116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch PermissionsData::IsRestrictedUrl( 101116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch chrome_extension_url, 102116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch chrome_extension_url, 103116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch extension, 104116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch &error)) << name; 105116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch if (block_chrome_urls) 106116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch EXPECT_EQ(manifest_errors::kCannotAccessExtensionUrl, error) << name; 107116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch else 108116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch EXPECT_TRUE(error.empty()) << name; 109116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch 110116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // Google should never be a restricted url. 111116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch error.clear(); 112116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch EXPECT_FALSE(PermissionsData::IsRestrictedUrl( 113116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch google_url, google_url, extension, &error)) << name; 114116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch EXPECT_TRUE(error.empty()) << name; 115116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch 116116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // We should always be able to access our own extension pages. 117116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch error.clear(); 118116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch EXPECT_FALSE(PermissionsData::IsRestrictedUrl( 119116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch self_url, self_url, extension, &error)) << name; 120116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch EXPECT_TRUE(error.empty()) << name; 121116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch 122116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // We should only allow other schemes for extensions when it's a whitelisted 123116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // extension. 124116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch error.clear(); 125116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch bool allow_on_other_schemes = 126116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch PermissionsData::CanExecuteScriptEverywhere(extension); 127116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch EXPECT_EQ(!allow_on_other_schemes, 128116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch PermissionsData::IsRestrictedUrl( 129116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch invalid_url, invalid_url, extension, &error)) << name; 130116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch if (!allow_on_other_schemes) { 131116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch EXPECT_EQ(ErrorUtils::FormatErrorMessage( 132116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch manifest_errors::kCannotAccessPage, 133116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch invalid_url.spec()), 134116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch error) << name; 135116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch } else { 136116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch EXPECT_TRUE(error.empty()); 137116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch } 138cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)} 139cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 14090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)} // namespace 14190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 1421320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci// NOTE: These tests run in Chrome's unit_tests suite because they depend on 1431320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci// extension manifest keys (like "content_scripts") that do not exist yet in the 1441320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci// src/extensions module. 1451320f92c476a1ad9d19dba2a48c72b75566198e9Primiano TucciTEST(PermissionsDataTest, EffectiveHostPermissions) { 14690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) scoped_refptr<Extension> extension; 14790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) URLPatternSet hosts; 14890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 14990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifest("effective_host_permissions", "empty.json"); 150868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_EQ(0u, 15146d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) extension->permissions_data() 15246d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) ->GetEffectiveHostPermissions() 15346d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) .patterns() 15446d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) .size()); 15590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_FALSE(hosts.MatchesURL(GURL("http://www.google.com"))); 15646d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); 15790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 15890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifest("effective_host_permissions", "one_host.json"); 15946d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) hosts = extension->permissions_data()->GetEffectiveHostPermissions(); 16090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 16190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_FALSE(hosts.MatchesURL(GURL("https://www.google.com"))); 16246d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); 16390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 16490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifest("effective_host_permissions", 16590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) "one_host_wildcard.json"); 16646d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) hosts = extension->permissions_data()->GetEffectiveHostPermissions(); 16790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com"))); 16890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_TRUE(hosts.MatchesURL(GURL("http://foo.google.com"))); 16946d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); 17090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 17190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifest("effective_host_permissions", "two_hosts.json"); 17246d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) hosts = extension->permissions_data()->GetEffectiveHostPermissions(); 17390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 17490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com"))); 17546d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); 17690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 17790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifest("effective_host_permissions", 17890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) "https_not_considered.json"); 17946d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) hosts = extension->permissions_data()->GetEffectiveHostPermissions(); 18090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com"))); 18190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_TRUE(hosts.MatchesURL(GURL("https://google.com"))); 18246d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); 18390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 18490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifest("effective_host_permissions", 18590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) "two_content_scripts.json"); 18646d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) hosts = extension->permissions_data()->GetEffectiveHostPermissions(); 18790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com"))); 18890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com"))); 18946d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_TRUE(extension->permissions_data() 19046d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) ->active_permissions() 19146d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) ->HasEffectiveAccessToURL(GURL("http://www.reddit.com"))); 19290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_TRUE(hosts.MatchesURL(GURL("http://news.ycombinator.com"))); 19346d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_TRUE( 19446d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) extension->permissions_data() 19546d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) ->active_permissions() 19646d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) ->HasEffectiveAccessToURL(GURL("http://news.ycombinator.com"))); 19746d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); 19890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 19990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifest("effective_host_permissions", "all_hosts.json"); 20046d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) hosts = extension->permissions_data()->GetEffectiveHostPermissions(); 20190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/"))); 20290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_FALSE(hosts.MatchesURL(GURL("https://test/"))); 20390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 20446d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_TRUE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); 20590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 20690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifest("effective_host_permissions", "all_hosts2.json"); 20746d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) hosts = extension->permissions_data()->GetEffectiveHostPermissions(); 20890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/"))); 20990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 21046d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_TRUE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); 21190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 21290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifest("effective_host_permissions", "all_hosts3.json"); 21346d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) hosts = extension->permissions_data()->GetEffectiveHostPermissions(); 21490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_FALSE(hosts.MatchesURL(GURL("http://test/"))); 21590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_TRUE(hosts.MatchesURL(GURL("https://test/"))); 21690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 21746d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_TRUE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); 21890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)} 21990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 2201320f92c476a1ad9d19dba2a48c72b75566198e9Primiano TucciTEST(PermissionsDataTest, SocketPermissions) { 22190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) scoped_refptr<Extension> extension; 22290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) std::string error; 22390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 22490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifest("socket_permissions", "empty.json"); 22590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_FALSE(CheckSocketPermission(extension, 22690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); 22790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 22890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifestUnchecked("socket_permissions", 22990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) "socket1.json", 23090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) Manifest::INTERNAL, Extension::NO_FLAGS, 23190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) &error); 232868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(extension.get() == NULL); 2335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string expected_error_msg_header = ErrorUtils::FormatErrorMessage( 2345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) manifest_errors::kInvalidPermissionWithDetail, 2355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) "socket", 2365d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) "NULL or empty permission list"); 2375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_EQ(expected_error_msg_header, error); 23890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 23990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifest("socket_permissions", "socket2.json"); 24090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_TRUE(CheckSocketPermission(extension, 24190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); 24290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_FALSE(CheckSocketPermission( 24390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension, SocketPermissionRequest::UDP_BIND, "", 80)); 24490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_TRUE(CheckSocketPermission( 24590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension, SocketPermissionRequest::UDP_BIND, "", 8888)); 24690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 24790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_FALSE(CheckSocketPermission( 24890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension, SocketPermissionRequest::UDP_SEND_TO, "example.com", 1900)); 24990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_TRUE(CheckSocketPermission( 25090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension, 25190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) SocketPermissionRequest::UDP_SEND_TO, 25290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) "239.255.255.250", 1900)); 25390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)} 25490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 2551320f92c476a1ad9d19dba2a48c72b75566198e9Primiano TucciTEST(PermissionsDataTest, IsRestrictedUrl) { 256cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) scoped_refptr<const Extension> extension = 257116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch GetExtensionWithHostPermission("normal_extension", 258cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) kAllHostsPermission, 259cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) Manifest::INTERNAL); 260116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // Chrome urls should be blocked for normal extensions. 2611320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci CheckRestrictedUrls(extension.get(), true); 262116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch 263116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch scoped_refptr<const Extension> component = 264116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch GetExtensionWithHostPermission("component", 265116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch kAllHostsPermission, 266116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch Manifest::COMPONENT); 267116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // Chrome urls should be accessible by component extensions. 2681320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci CheckRestrictedUrls(component.get(), false); 269116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch 270116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch base::CommandLine::ForCurrentProcess()->AppendSwitch( 271116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch switches::kExtensionsOnChromeURLs); 272116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // Enabling the switch should allow all extensions to access chrome urls. 2731320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci CheckRestrictedUrls(extension.get(), false); 274cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)} 275cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 2761320f92c476a1ad9d19dba2a48c72b75566198e9Primiano TucciTEST(PermissionsDataTest, GetPermissionMessages_ManyAPIPermissions) { 27790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) scoped_refptr<Extension> extension; 27890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifest("permissions", "many-apis.json"); 2795d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::vector<base::string16> warnings = 28046d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) extension->permissions_data()->GetPermissionMessageStrings(); 2810529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch // Warning for "tabs" is suppressed by "history" permission. 2820529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch ASSERT_EQ(5u, warnings.size()); 2835f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ("Read and change your data on api.flickr.com", 28490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) UTF16ToUTF8(warnings[0])); 285116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch EXPECT_EQ("Read and change your bookmarks", UTF16ToUTF8(warnings[1])); 28690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[2])); 287116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch EXPECT_EQ("Read and change your browsing history", UTF16ToUTF8(warnings[3])); 28890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_EQ("Manage your apps, extensions, and themes", 2890529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch UTF16ToUTF8(warnings[4])); 29090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)} 29190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 2921320f92c476a1ad9d19dba2a48c72b75566198e9Primiano TucciTEST(PermissionsDataTest, GetPermissionMessages_ManyHostsPermissions) { 2937dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch scoped_refptr<Extension> extension; 2947dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch extension = LoadManifest("permissions", "more-than-3-hosts.json"); 2955d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::vector<base::string16> warnings = 29646d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) extension->permissions_data()->GetPermissionMessageStrings(); 2975d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::vector<base::string16> warnings_details = 29846d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) extension->permissions_data()->GetPermissionMessageDetailsStrings(); 2997dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch ASSERT_EQ(1u, warnings.size()); 3007dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch ASSERT_EQ(1u, warnings_details.size()); 3015f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ("Read and change your data on a number of websites", 302cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) UTF16ToUTF8(warnings[0])); 3037dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch EXPECT_EQ("- www.a.com\n- www.b.com\n- www.c.com\n- www.d.com\n- www.e.com", 3047dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch UTF16ToUTF8(warnings_details[0])); 3057dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch} 3067dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 3071320f92c476a1ad9d19dba2a48c72b75566198e9Primiano TucciTEST(PermissionsDataTest, GetPermissionMessages_LocationApiPermission) { 30890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) scoped_refptr<Extension> extension; 30990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifest("permissions", 31090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) "location-api.json", 31190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) Manifest::COMPONENT, 31290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) Extension::NO_FLAGS); 3135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::vector<base::string16> warnings = 31446d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) extension->permissions_data()->GetPermissionMessageStrings(); 31590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) ASSERT_EQ(1u, warnings.size()); 31690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[0])); 31790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)} 31890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 3191320f92c476a1ad9d19dba2a48c72b75566198e9Primiano TucciTEST(PermissionsDataTest, GetPermissionMessages_ManyHosts) { 32090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) scoped_refptr<Extension> extension; 32190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifest("permissions", "many-hosts.json"); 3225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::vector<base::string16> warnings = 32346d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) extension->permissions_data()->GetPermissionMessageStrings(); 32490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) ASSERT_EQ(1u, warnings.size()); 325cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) EXPECT_EQ( 3265f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Read and change your data on encrypted.google.com and www.google.com", 327cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) UTF16ToUTF8(warnings[0])); 32890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)} 32990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 3301320f92c476a1ad9d19dba2a48c72b75566198e9Primiano TucciTEST(PermissionsDataTest, GetPermissionMessages_Plugins) { 33190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) scoped_refptr<Extension> extension; 33290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifest("permissions", "plugins.json"); 3335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::vector<base::string16> warnings = 33446d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) extension->permissions_data()->GetPermissionMessageStrings(); 335868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)// We don't parse the plugins key on Chrome OS, so it should not ask for any 3367dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch// permissions. 33790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#if defined(OS_CHROMEOS) 33890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) ASSERT_EQ(0u, warnings.size()); 33990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#else 34090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) ASSERT_EQ(1u, warnings.size()); 341cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) EXPECT_EQ( 342116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch "Read and change all your data on your computer and the websites you " 343cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) "visit", 344cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) UTF16ToUTF8(warnings[0])); 34590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#endif 34690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)} 34790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 34846d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles)// Base class for testing the CanAccessPage and CanCaptureVisiblePage 34990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)// methods of Extension for extensions with various permissions. 35090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)class ExtensionScriptAndCaptureVisibleTest : public testing::Test { 35190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) protected: 35290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) ExtensionScriptAndCaptureVisibleTest() 35390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) : http_url("http://www.google.com"), 35490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) http_url_with_path("http://www.google.com/index.html"), 35590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) https_url("https://www.google.com"), 35690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) file_url("file:///foo/bar"), 35790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) favicon_url("chrome://favicon/http://www.google.com"), 35890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension_url("chrome-extension://" + 35903b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles) crx_file::id_util::GenerateIdForPath( 36003b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles) base::FilePath(FILE_PATH_LITERAL("foo")))), 36190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) settings_url("chrome://settings"), 36290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) about_url("about:flags") { 36390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) urls_.insert(http_url); 36490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) urls_.insert(http_url_with_path); 36590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) urls_.insert(https_url); 36690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) urls_.insert(file_url); 36790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) urls_.insert(favicon_url); 36890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) urls_.insert(extension_url); 36990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) urls_.insert(settings_url); 37090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) urls_.insert(about_url); 37190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Ignore the policy delegate for this test. 37290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) PermissionsData::SetPolicyDelegate(NULL); 37390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) } 37490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 37590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) bool AllowedScript(const Extension* extension, const GURL& url, 37690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const GURL& top_url) { 3775d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) return AllowedScript(extension, url, top_url, -1); 3785d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 3795d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3805d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) bool AllowedScript(const Extension* extension, const GURL& url, 3815d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const GURL& top_url, int tab_id) { 38246d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) return extension->permissions_data()->CanAccessPage( 38346d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) extension, url, top_url, tab_id, -1, NULL); 38490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) } 38590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 38690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) bool BlockedScript(const Extension* extension, const GURL& url, 38790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const GURL& top_url) { 38846d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) return !extension->permissions_data()->CanAccessPage( 38946d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) extension, url, top_url, -1, -1, NULL); 39090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) } 39190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 39290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) bool Allowed(const Extension* extension, const GURL& url) { 39390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) return Allowed(extension, url, -1); 39490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) } 39590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 39690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) bool Allowed(const Extension* extension, const GURL& url, int tab_id) { 39746d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) return (extension->permissions_data()->CanAccessPage( 39846d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) extension, url, url, tab_id, -1, NULL) && 39946d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL)); 40090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) } 40190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 40290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) bool CaptureOnly(const Extension* extension, const GURL& url) { 40390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) return CaptureOnly(extension, url, -1); 40490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) } 40590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 40690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) { 40746d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) return !extension->permissions_data()->CanAccessPage( 40846d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) extension, url, url, tab_id, -1, NULL) && 40946d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL); 4105d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 4115d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4125d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) bool ScriptOnly(const Extension* extension, const GURL& url, 4135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const GURL& top_url) { 4145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) return ScriptOnly(extension, url, top_url, -1); 4155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 4165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) bool ScriptOnly(const Extension* extension, const GURL& url, 4185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const GURL& top_url, int tab_id) { 4195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) return AllowedScript(extension, url, top_url, tab_id) && 42046d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) !extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL); 42190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) } 42290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 42390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) bool Blocked(const Extension* extension, const GURL& url) { 42490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) return Blocked(extension, url, -1); 42590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) } 42690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 42790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) bool Blocked(const Extension* extension, const GURL& url, int tab_id) { 42846d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) return !(extension->permissions_data()->CanAccessPage( 42946d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) extension, url, url, tab_id, -1, NULL) || 43046d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) extension->permissions_data()->CanCaptureVisiblePage(tab_id, 43146d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) NULL)); 43290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) } 43390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 4345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) bool ScriptAllowedExclusivelyOnTab( 43590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const Extension* extension, 43690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const std::set<GURL>& allowed_urls, 43790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) int tab_id) { 43890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) bool result = true; 43990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) { 44090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const GURL& url = *it; 44190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) if (allowed_urls.count(url)) 4425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) result &= AllowedScript(extension, url, url, tab_id); 44390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) else 44490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) result &= Blocked(extension, url, tab_id); 44590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) } 44690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) return result; 44790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) } 44890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 44990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // URLs that are "safe" to provide scripting and capture visible tab access 45090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // to if the permissions allow it. 45190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const GURL http_url; 45290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const GURL http_url_with_path; 45390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const GURL https_url; 45490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const GURL file_url; 45590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 45690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // We should allow host permission but not scripting permission for favicon 45790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // urls. 45890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const GURL favicon_url; 45990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 46090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // URLs that regular extensions should never get access to. 46190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const GURL extension_url; 46290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const GURL settings_url; 46390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const GURL about_url; 46490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 46590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) private: 46690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // The set of all URLs above. 46790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) std::set<GURL> urls_; 46890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)}; 46990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 47090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)TEST_F(ExtensionScriptAndCaptureVisibleTest, Permissions) { 47190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Test <all_urls> for regular extensions. 47290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) scoped_refptr<Extension> extension = LoadManifestStrict("script_and_capture", 47390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) "extension_regular_all.json"); 47490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 475868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Allowed(extension.get(), http_url)); 476868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Allowed(extension.get(), https_url)); 4775d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(CaptureOnly(extension.get(), file_url)); 4785d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(CaptureOnly(extension.get(), settings_url)); 479868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url)); 4805d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(CaptureOnly(extension.get(), about_url)); 4815d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(CaptureOnly(extension.get(), extension_url)); 48290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 48390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Test access to iframed content. 48490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) GURL within_extension_url = extension->GetResourceURL("page.html"); 485868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path)); 486868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path)); 487868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url)); 488868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url)); 489868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url)); 490868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url)); 491868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) 49246d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url)); 49346d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_FALSE(extension->permissions_data()->HasHostPermission(about_url)); 49446d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url)); 49590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 49690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Test * for scheme, which implies just the http/https schemes. 49790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifestStrict("script_and_capture", 49890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) "extension_wildcard.json"); 4995d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url)); 5005d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptOnly(extension.get(), https_url, https_url)); 501868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), settings_url)); 502868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), about_url)); 503868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), file_url)); 504868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 505868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) extension = 506868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) LoadManifest("script_and_capture", "extension_wildcard_settings.json"); 507868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), settings_url)); 50890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 50990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Having chrome://*/ should not work for regular extensions. Note that 51090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // for favicon access, we require the explicit pattern chrome://favicon/*. 51190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) std::string error; 51290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifestUnchecked("script_and_capture", 51390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) "extension_wildcard_chrome.json", 51490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) Manifest::INTERNAL, Extension::NO_FLAGS, 51590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) &error); 51658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) std::vector<InstallWarning> warnings = extension->install_warnings(); 51758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) EXPECT_FALSE(warnings.empty()); 51858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) EXPECT_EQ(ErrorUtils::FormatErrorMessage( 519d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles) manifest_errors::kInvalidPermissionScheme, 52058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) "chrome://*/"), 52158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) warnings[0].message); 52258537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), settings_url)); 52358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 52458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), about_url)); 52590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 52690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Having chrome://favicon/* should not give you chrome://* 52790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifestStrict("script_and_capture", 52890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) "extension_chrome_favicon_wildcard.json"); 529868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), settings_url)); 5305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 531868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), about_url)); 53246d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url)); 53390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 53490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Having http://favicon should not give you chrome://favicon 53590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifestStrict("script_and_capture", 53690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) "extension_http_favicon.json"); 537868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), settings_url)); 538868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 53990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 54090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Component extensions with <all_urls> should get everything. 54190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifest("script_and_capture", "extension_component_all.json", 54290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) Manifest::COMPONENT, Extension::NO_FLAGS); 543868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Allowed(extension.get(), http_url)); 544868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Allowed(extension.get(), https_url)); 545868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Allowed(extension.get(), settings_url)); 546868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Allowed(extension.get(), about_url)); 547868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Allowed(extension.get(), favicon_url)); 54846d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url)); 54990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 55090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Component extensions should only get access to what they ask for. 55190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifest("script_and_capture", 55290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) "extension_component_google.json", Manifest::COMPONENT, 55390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) Extension::NO_FLAGS); 5545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url)); 555868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), https_url)); 556868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), file_url)); 557868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), settings_url)); 558868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 559868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), about_url)); 560868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), extension_url)); 56146d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url)); 56290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)} 56390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 56490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)TEST_F(ExtensionScriptAndCaptureVisibleTest, PermissionsWithChromeURLsEnabled) { 56590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) CommandLine::ForCurrentProcess()->AppendSwitch( 56690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) switches::kExtensionsOnChromeURLs); 56790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 56890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) scoped_refptr<Extension> extension; 56990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 57090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Test <all_urls> for regular extensions. 57190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifestStrict("script_and_capture", 57290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) "extension_regular_all.json"); 573868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Allowed(extension.get(), http_url)); 574868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Allowed(extension.get(), https_url)); 5755d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(CaptureOnly(extension.get(), file_url)); 5765d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(CaptureOnly(extension.get(), settings_url)); 577868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested 5785d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(CaptureOnly(extension.get(), about_url)); 5795d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(CaptureOnly(extension.get(), extension_url)); 58090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 58190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Test access to iframed content. 58290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) GURL within_extension_url = extension->GetResourceURL("page.html"); 583868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path)); 584868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path)); 585868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url)); 586868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url)); 587116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch EXPECT_TRUE(AllowedScript(extension.get(), http_url, extension_url)); 588116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch EXPECT_TRUE(AllowedScript(extension.get(), https_url, extension_url)); 589868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) 59046d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) const PermissionsData* permissions_data = extension->permissions_data(); 59146d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_FALSE(permissions_data->HasHostPermission(settings_url)); 59246d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_FALSE(permissions_data->HasHostPermission(about_url)); 59346d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_TRUE(permissions_data->HasHostPermission(favicon_url)); 59490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 59590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Test * for scheme, which implies just the http/https schemes. 59690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifestStrict("script_and_capture", 59790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) "extension_wildcard.json"); 5985d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url)); 5995d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptOnly(extension.get(), https_url, https_url)); 600868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), settings_url)); 601868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), about_url)); 602868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), file_url)); 603868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 604868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) extension = 605868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) LoadManifest("script_and_capture", "extension_wildcard_settings.json"); 606868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), settings_url)); 60790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 60890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Having chrome://*/ should work for regular extensions with the flag 60990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // enabled. 61090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) std::string error; 61190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifestUnchecked("script_and_capture", 61290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) "extension_wildcard_chrome.json", 61390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) Manifest::INTERNAL, Extension::NO_FLAGS, 61490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) &error); 615868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_FALSE(extension.get() == NULL); 616868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), http_url)); 617868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), https_url)); 6185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptOnly(extension.get(), settings_url, settings_url)); 619868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), about_url)); 620868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), file_url)); 6215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url, favicon_url)); 62290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 62390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Having chrome://favicon/* should not give you chrome://* 62490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifestStrict("script_and_capture", 62590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) "extension_chrome_favicon_wildcard.json"); 626868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), settings_url)); 6275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url, favicon_url)); 628868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), about_url)); 62946d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url)); 63090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 63190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Having http://favicon should not give you chrome://favicon 63290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifestStrict("script_and_capture", 63390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) "extension_http_favicon.json"); 634868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), settings_url)); 635868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 63690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 63790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Component extensions with <all_urls> should get everything. 63890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifest("script_and_capture", "extension_component_all.json", 63990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) Manifest::COMPONENT, Extension::NO_FLAGS); 640868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Allowed(extension.get(), http_url)); 641868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Allowed(extension.get(), https_url)); 642868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Allowed(extension.get(), settings_url)); 643868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Allowed(extension.get(), about_url)); 644868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Allowed(extension.get(), favicon_url)); 64546d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url)); 64690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 64790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Component extensions should only get access to what they ask for. 64890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) extension = LoadManifest("script_and_capture", 64990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) "extension_component_google.json", Manifest::COMPONENT, 65090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) Extension::NO_FLAGS); 6515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url)); 652868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), https_url)); 653868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), file_url)); 654868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), settings_url)); 655868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 656868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), about_url)); 657868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) EXPECT_TRUE(Blocked(extension.get(), extension_url)); 65846d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url)); 65990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)} 66090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 66190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) { 66290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) scoped_refptr<Extension> extension = 66390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) LoadManifestStrict("script_and_capture", "tab_specific.json"); 66490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 66546d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) const PermissionsData* permissions_data = extension->permissions_data(); 6661320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(0).get()); 6671320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(1).get()); 6681320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(2).get()); 66990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 67090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) std::set<GURL> no_urls; 67190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 6725d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0)); 6735d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1)); 6745d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 67590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 67690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) URLPatternSet allowed_hosts; 67790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL, 67890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) http_url.spec())); 67990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) std::set<GURL> allowed_urls; 68090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) allowed_urls.insert(http_url); 68190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // http_url_with_path() will also be allowed, because Extension should be 68290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // considering the security origin of the URL not the URL itself, and 68390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // http_url is in allowed_hosts. 68490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) allowed_urls.insert(http_url_with_path); 68590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 68690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) { 68790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) scoped_refptr<PermissionSet> permissions( 688f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) new PermissionSet(APIPermissionSet(), ManifestPermissionSet(), 689f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) allowed_hosts, URLPatternSet())); 69046d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) permissions_data->UpdateTabSpecificPermissions(0, permissions); 69190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_EQ(permissions->explicit_hosts(), 69246d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) permissions_data->GetTabSpecificPermissionsForTesting(0) 693868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) ->explicit_hosts()); 69490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) } 69590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 6965d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), allowed_urls, 0)); 6975d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1)); 6985d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 69990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 70046d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) permissions_data->ClearTabSpecificPermissions(0); 7011320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(0).get()); 70290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 7035d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0)); 7045d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1)); 7055d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 70690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 70790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) std::set<GURL> more_allowed_urls = allowed_urls; 70890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) more_allowed_urls.insert(https_url); 70990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) URLPatternSet more_allowed_hosts = allowed_hosts; 71090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) more_allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL, 71190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) https_url.spec())); 71290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 71390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) { 71490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) scoped_refptr<PermissionSet> permissions( 715f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) new PermissionSet(APIPermissionSet(), ManifestPermissionSet(), 716f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) allowed_hosts, URLPatternSet())); 71746d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) permissions_data->UpdateTabSpecificPermissions(0, permissions); 71890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_EQ(permissions->explicit_hosts(), 71946d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) permissions_data->GetTabSpecificPermissionsForTesting(0) 720868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) ->explicit_hosts()); 72190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 72290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) permissions = new PermissionSet(APIPermissionSet(), 723f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) ManifestPermissionSet(), 72490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) more_allowed_hosts, 72590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) URLPatternSet()); 72646d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) permissions_data->UpdateTabSpecificPermissions(1, permissions); 72790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_EQ(permissions->explicit_hosts(), 72846d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) permissions_data->GetTabSpecificPermissionsForTesting(1) 729868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) ->explicit_hosts()); 73090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) } 73190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 7325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), allowed_urls, 0)); 7335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE( 7345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ScriptAllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1)); 7355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 73690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 73746d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) permissions_data->ClearTabSpecificPermissions(0); 7381320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(0).get()); 73990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 7405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0)); 7415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE( 7425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ScriptAllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1)); 7435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 74490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 74546d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) permissions_data->ClearTabSpecificPermissions(1); 7461320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(1).get()); 74790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 7485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0)); 7495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1)); 7505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 75190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)} 75290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 75390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)} // namespace extensions 754