|  | // Copyright 2015 The Chromium Authors | 
|  | // Use of this source code is governed by a BSD-style license that can be | 
|  | // found in the LICENSE file. | 
|  |  | 
|  | #include "extensions/browser/api/management/management_api.h" | 
|  |  | 
|  | #include <memory> | 
|  | #include <optional> | 
|  | #include <utility> | 
|  |  | 
|  | #include "base/functional/bind.h" | 
|  | #include "base/memory/ptr_util.h" | 
|  | #include "base/memory/raw_ptr.h" | 
|  | #include "base/memory/ref_counted.h" | 
|  | #include "base/memory/scoped_refptr.h" | 
|  | #include "base/strings/stringprintf.h" | 
|  | #include "base/test/metrics/histogram_tester.h" | 
|  | #include "base/types/optional_ref.h" | 
|  | #include "build/chromeos_buildflags.h" | 
|  | #include "chrome/browser/extensions/extension_install_prompt_show_params.h" | 
|  | #include "chrome/browser/extensions/extension_service.h" | 
|  | #include "chrome/browser/extensions/extension_service_test_base.h" | 
|  | #include "chrome/browser/extensions/extension_service_test_with_install.h" | 
|  | #include "chrome/browser/extensions/extension_uninstall_dialog.h" | 
|  | #include "chrome/browser/extensions/test_extension_system.h" | 
|  | #include "chrome/browser/ui/browser.h" | 
|  | #include "chrome/test/base/test_browser_window.h" | 
|  | #include "content/public/browser/browser_context.h" | 
|  | #include "content/public/test/web_contents_tester.h" | 
|  | #include "extensions/browser/api/management/management_api_constants.h" | 
|  | #include "extensions/browser/api_test_utils.h" | 
|  | #include "extensions/browser/disable_reason.h" | 
|  | #include "extensions/browser/event_router_factory.h" | 
|  | #include "extensions/browser/extension_dialog_auto_confirm.h" | 
|  | #include "extensions/browser/extension_function_dispatcher.h" | 
|  | #include "extensions/browser/extension_prefs.h" | 
|  | #include "extensions/browser/extension_registry.h" | 
|  | #include "extensions/browser/extension_system.h" | 
|  | #include "extensions/browser/management_policy.h" | 
|  | #include "extensions/browser/test_management_policy.h" | 
|  | #include "extensions/browser/uninstall_reason.h" | 
|  | #include "extensions/common/api/management.h" | 
|  | #include "extensions/common/error_utils.h" | 
|  | #include "extensions/common/extension.h" | 
|  | #include "extensions/common/extension_builder.h" | 
|  | #include "extensions/common/extension_id.h" | 
|  | #include "extensions/common/extension_set.h" | 
|  | #include "extensions/common/extension_urls.h" | 
|  | #include "extensions/common/mojom/context_type.mojom.h" | 
|  | #include "extensions/common/permissions/permission_set.h" | 
|  |  | 
|  | // TODO(b/265970428): Fix and include extensions tests on LaCrOS. | 
|  | // TODO(b/266051970): Fix and include extensions tests on Windows/Mac/Linux. | 
|  | #if BUILDFLAG(IS_CHROMEOS_ASH) | 
|  | #include "base/test/metrics/histogram_tester.h" | 
|  | #include "base/test/metrics/user_action_tester.h" | 
|  | #include "chrome/browser/background/background_contents.h" | 
|  | #include "chrome/browser/supervised_user/supervised_user_extensions_delegate_impl.h" | 
|  | #include "chrome/browser/supervised_user/supervised_user_extensions_metrics_recorder.h" | 
|  | #include "chrome/browser/supervised_user/supervised_user_service_factory.h" | 
|  | #include "chrome/browser/supervised_user/supervised_user_test_util.h" | 
|  | #include "chrome/browser/ui/extensions/extensions_dialogs.h" | 
|  | #include "components/supervised_user/core/browser/supervised_user_service.h" | 
|  | #include "content/public/browser/gpu_data_manager.h" | 
|  | #include "extensions/browser/supervised_user_extensions_delegate.h" | 
|  | #endif  // BUILDFLAG(IS_CHROMEOS_ASH) | 
|  |  | 
|  | using extensions::mojom::ManifestLocation; | 
|  |  | 
|  | namespace extensions { | 
|  |  | 
|  | namespace { | 
|  |  | 
|  | std::unique_ptr<KeyedService> BuildManagementApi( | 
|  | content::BrowserContext* context) { | 
|  | return std::make_unique<ManagementAPI>(context); | 
|  | } | 
|  |  | 
|  | std::unique_ptr<KeyedService> BuildEventRouter( | 
|  | content::BrowserContext* profile) { | 
|  | return std::make_unique<extensions::EventRouter>( | 
|  | profile, ExtensionPrefs::Get(profile)); | 
|  | } | 
|  |  | 
|  | namespace constants = extension_management_api_constants; | 
|  |  | 
|  | // TODO(devlin): Unittests are awesome. Test more with unittests and less with | 
|  | // heavy api/browser tests. | 
|  | class ManagementApiUnitTest : public ExtensionServiceTestWithInstall { | 
|  | public: | 
|  | ManagementApiUnitTest(const ManagementApiUnitTest&) = delete; | 
|  | ManagementApiUnitTest& operator=(const ManagementApiUnitTest&) = delete; | 
|  |  | 
|  | protected: | 
|  | ManagementApiUnitTest() = default; | 
|  | ~ManagementApiUnitTest() override = default; | 
|  |  | 
|  | // A wrapper around api_test_utils::RunFunction that runs with | 
|  | // the associated browser, no flags, and can take stack-allocated arguments. | 
|  | bool RunFunction(const scoped_refptr<ExtensionFunction>& function, | 
|  | const base::Value::List& args); | 
|  |  | 
|  | // Runs the management.setEnabled() function to enable an extension. | 
|  | bool RunSetEnabledFunction(content::WebContents* web_contents, | 
|  | const ExtensionId& extension_id, | 
|  | bool use_user_gesture, | 
|  | bool accept_dialog, | 
|  | std::string* error, | 
|  | bool enabled = true); | 
|  |  | 
|  | Browser* browser() { return browser_.get(); } | 
|  |  | 
|  | // Returns the initialization parameters for the extension service. | 
|  | virtual ExtensionServiceInitParams GetExtensionServiceInitParams() { | 
|  | return ExtensionServiceInitParams(); | 
|  | } | 
|  |  | 
|  | // ExtensionServiceTestBase: | 
|  | void SetUp() override; | 
|  | void TearDown() override; | 
|  |  | 
|  | private: | 
|  | // This test does not create a root window. Because of this, | 
|  | // ScopedDisableRootChecking needs to be used (which disables the root window | 
|  | // check). | 
|  | test::ScopedDisableRootChecking disable_root_checking_; | 
|  | // The browser (and accompanying window). | 
|  | std::unique_ptr<TestBrowserWindow> browser_window_; | 
|  | std::unique_ptr<Browser> browser_; | 
|  | }; | 
|  |  | 
|  | bool ManagementApiUnitTest::RunFunction( | 
|  | const scoped_refptr<ExtensionFunction>& function, | 
|  | const base::Value::List& args) { | 
|  | auto dispatcher = std::make_unique<ExtensionFunctionDispatcher>(profile()); | 
|  | return api_test_utils::RunFunction(function.get(), args.Clone(), | 
|  | std::move(dispatcher), | 
|  | api_test_utils::FunctionMode::kNone); | 
|  | } | 
|  |  | 
|  | bool ManagementApiUnitTest::RunSetEnabledFunction( | 
|  | content::WebContents* web_contents, | 
|  | const ExtensionId& extension_id, | 
|  | bool use_user_gesture, | 
|  | bool accept_dialog, | 
|  | std::string* error, | 
|  | bool enabled) { | 
|  | ScopedTestDialogAutoConfirm auto_confirm( | 
|  | accept_dialog ? ScopedTestDialogAutoConfirm::ACCEPT | 
|  | : ScopedTestDialogAutoConfirm::CANCEL); | 
|  | std::optional<ExtensionFunction::ScopedUserGestureForTests> gesture = | 
|  | std::nullopt; | 
|  | if (use_user_gesture) | 
|  | gesture.emplace(); | 
|  | auto function = base::MakeRefCounted<ManagementSetEnabledFunction>(); | 
|  | if (web_contents) | 
|  | function->SetRenderFrameHost(web_contents->GetPrimaryMainFrame()); | 
|  | base::Value::List args; | 
|  | args.Append(extension_id); | 
|  | args.Append(enabled); | 
|  | bool result = RunFunction(function, args); | 
|  | if (error) | 
|  | *error = function->GetError(); | 
|  | return result; | 
|  | } | 
|  |  | 
|  | void ManagementApiUnitTest::SetUp() { | 
|  | ExtensionServiceTestBase::SetUp(); | 
|  | InitializeExtensionService(GetExtensionServiceInitParams()); | 
|  | ManagementAPI::GetFactoryInstance()->SetTestingFactory( | 
|  | profile(), base::BindRepeating(&BuildManagementApi)); | 
|  |  | 
|  | EventRouterFactory::GetInstance()->SetTestingFactory( | 
|  | profile(), base::BindRepeating(&BuildEventRouter)); | 
|  |  | 
|  | browser_window_ = std::make_unique<TestBrowserWindow>(); | 
|  | Browser::CreateParams params(profile(), true); | 
|  | params.type = Browser::TYPE_NORMAL; | 
|  | params.window = browser_window_.get(); | 
|  | browser_.reset(Browser::Create(params)); | 
|  | } | 
|  |  | 
|  | void ManagementApiUnitTest::TearDown() { | 
|  | browser_.reset(); | 
|  | browser_window_.reset(); | 
|  | ExtensionServiceTestBase::TearDown(); | 
|  | } | 
|  |  | 
|  | // Test the basic parts of management.setEnabled. | 
|  | TEST_F(ManagementApiUnitTest, ManagementSetEnabled) { | 
|  | scoped_refptr<const Extension> extension = ExtensionBuilder("Test").Build(); | 
|  | service()->AddExtension(extension.get()); | 
|  | scoped_refptr<const Extension> source_extension = | 
|  | ExtensionBuilder("Test").Build(); | 
|  | service()->AddExtension(source_extension.get()); | 
|  | const ExtensionId& extension_id = extension->id(); | 
|  | auto function = base::MakeRefCounted<ManagementSetEnabledFunction>(); | 
|  | function->set_extension(source_extension); | 
|  |  | 
|  | base::Value::List disable_args; | 
|  | disable_args.Append(extension_id); | 
|  | disable_args.Append(false); | 
|  |  | 
|  | // Test disabling an (enabled) extension. | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension_id)); | 
|  | EXPECT_TRUE(RunFunction(function, disable_args)) << function->GetError(); | 
|  | EXPECT_TRUE(registry()->disabled_extensions().Contains(extension_id)); | 
|  |  | 
|  | base::Value::List enable_args; | 
|  | enable_args.Append(extension_id); | 
|  | enable_args.Append(true); | 
|  |  | 
|  | // Test re-enabling it. | 
|  | function = base::MakeRefCounted<ManagementSetEnabledFunction>(); | 
|  | EXPECT_TRUE(RunFunction(function, enable_args)) << function->GetError(); | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension_id)); | 
|  |  | 
|  | // Test that the enable function checks management policy, so that we can't | 
|  | // disable an extension that is required. | 
|  | TestManagementPolicyProvider provider( | 
|  | TestManagementPolicyProvider::PROHIBIT_MODIFY_STATUS); | 
|  | ManagementPolicy* policy = | 
|  | ExtensionSystem::Get(profile())->management_policy(); | 
|  | policy->RegisterProvider(&provider); | 
|  |  | 
|  | function = base::MakeRefCounted<ManagementSetEnabledFunction>(); | 
|  | EXPECT_FALSE(RunFunction(function, disable_args)); | 
|  | EXPECT_EQ(ErrorUtils::FormatErrorMessage(constants::kUserCantModifyError, | 
|  | extension_id), | 
|  | function->GetError()); | 
|  | policy->UnregisterProvider(&provider); | 
|  | } | 
|  |  | 
|  | // Test that component extensions cannot be disabled, and that policy extensions | 
|  | // can be disabled only by component/policy extensions. | 
|  | TEST_F(ManagementApiUnitTest, ComponentPolicyDisabling) { | 
|  | auto component = ExtensionBuilder("component") | 
|  | .SetLocation(ManifestLocation::kComponent) | 
|  | .Build(); | 
|  | auto component2 = ExtensionBuilder("component2") | 
|  | .SetLocation(ManifestLocation::kComponent) | 
|  | .Build(); | 
|  | auto policy = ExtensionBuilder("policy") | 
|  | .SetLocation(ManifestLocation::kExternalPolicy) | 
|  | .Build(); | 
|  | auto policy2 = ExtensionBuilder("policy2") | 
|  | .SetLocation(ManifestLocation::kExternalPolicy) | 
|  | .Build(); | 
|  | auto internal = ExtensionBuilder("internal") | 
|  | .SetLocation(ManifestLocation::kInternal) | 
|  | .Build(); | 
|  |  | 
|  | service()->AddExtension(component.get()); | 
|  | service()->AddExtension(component2.get()); | 
|  | service()->AddExtension(policy.get()); | 
|  | service()->AddExtension(policy2.get()); | 
|  | service()->AddExtension(internal.get()); | 
|  |  | 
|  | auto extension_can_disable_extension = | 
|  | [this](scoped_refptr<const Extension> source_extension, | 
|  | scoped_refptr<const Extension> target_extension) { | 
|  | const ExtensionId& id = target_extension->id(); | 
|  | base::Value::List args; | 
|  | args.Append(id); | 
|  | args.Append(false /* disable the extension */); | 
|  | auto function = base::MakeRefCounted<ManagementSetEnabledFunction>(); | 
|  | function->set_extension(source_extension); | 
|  | bool did_disable = RunFunction(function, args); | 
|  | // If the extension was disabled, re-enable it. | 
|  | if (did_disable) { | 
|  | EXPECT_TRUE(registry()->disabled_extensions().Contains(id)); | 
|  | service()->EnableExtension(id); | 
|  | } else { | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(id)); | 
|  | } | 
|  | return did_disable; | 
|  | }; | 
|  |  | 
|  | // Component extension cannot be disabled. | 
|  | EXPECT_FALSE(extension_can_disable_extension(component2, component)); | 
|  | EXPECT_FALSE(extension_can_disable_extension(policy, component)); | 
|  | EXPECT_FALSE(extension_can_disable_extension(internal, component)); | 
|  |  | 
|  | // Policy extension can be disabled by component/policy extensions, but not | 
|  | // others. | 
|  | EXPECT_TRUE(extension_can_disable_extension(component, policy)); | 
|  | EXPECT_TRUE(extension_can_disable_extension(policy2, policy)); | 
|  | EXPECT_FALSE(extension_can_disable_extension(internal, policy)); | 
|  | } | 
|  |  | 
|  | // Test that policy extensions can be enabled only by component/policy | 
|  | // extensions. | 
|  | TEST_F(ManagementApiUnitTest, ComponentPolicyEnabling) { | 
|  | auto component = ExtensionBuilder("component") | 
|  | .SetLocation(ManifestLocation::kComponent) | 
|  | .Build(); | 
|  | auto policy = ExtensionBuilder("policy") | 
|  | .SetLocation(ManifestLocation::kExternalPolicy) | 
|  | .Build(); | 
|  | auto policy2 = ExtensionBuilder("policy2") | 
|  | .SetLocation(ManifestLocation::kExternalPolicy) | 
|  | .Build(); | 
|  | auto internal = ExtensionBuilder("internal") | 
|  | .SetLocation(ManifestLocation::kInternal) | 
|  | .Build(); | 
|  |  | 
|  | service()->AddExtension(component.get()); | 
|  | service()->AddExtension(policy.get()); | 
|  | service()->AddExtension(policy2.get()); | 
|  | service()->AddExtension(internal.get()); | 
|  | service()->DisableExtensionWithSource( | 
|  | component.get(), policy->id(), disable_reason::DISABLE_BLOCKED_BY_POLICY); | 
|  |  | 
|  | auto extension_can_enable_extension = | 
|  | [this, component](scoped_refptr<const Extension> source_extension, | 
|  | scoped_refptr<const Extension> target_extension) { | 
|  | const ExtensionId& id = target_extension->id(); | 
|  | base::Value::List args; | 
|  | args.Append(id); | 
|  | args.Append(true /* enable the extension */); | 
|  | auto function = base::MakeRefCounted<ManagementSetEnabledFunction>(); | 
|  | function->set_extension(source_extension); | 
|  | bool did_enable = RunFunction(function, args); | 
|  | // If the extension was enabled, disable it. | 
|  | if (did_enable) { | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(id)); | 
|  | service()->DisableExtensionWithSource( | 
|  | component.get(), id, disable_reason::DISABLE_BLOCKED_BY_POLICY); | 
|  | } else { | 
|  | EXPECT_TRUE(registry()->disabled_extensions().Contains(id)); | 
|  | } | 
|  | return did_enable; | 
|  | }; | 
|  |  | 
|  | // Policy extension can be enabled by component/policy extensions, but not | 
|  | // others. | 
|  | EXPECT_TRUE(extension_can_enable_extension(component, policy)); | 
|  | EXPECT_TRUE(extension_can_enable_extension(policy2, policy)); | 
|  | EXPECT_FALSE(extension_can_enable_extension(internal, policy)); | 
|  | } | 
|  |  | 
|  | // Tests management.uninstall. | 
|  | TEST_F(ManagementApiUnitTest, ManagementUninstall) { | 
|  | // Note: uninstall calls must come from an extension, WebUI or the Webstore. | 
|  | // To test default behavior we test calling from a WebUI context, akin to what | 
|  | // we would get from the extension management page. | 
|  | scoped_refptr<const Extension> extension = ExtensionBuilder("Test").Build(); | 
|  | service()->AddExtension(extension.get()); | 
|  | const ExtensionId& extension_id = extension->id(); | 
|  |  | 
|  | base::Value::List uninstall_args; | 
|  | uninstall_args.Append(extension->id()); | 
|  | base::HistogramTester tester; | 
|  |  | 
|  | // Auto-accept any uninstalls. | 
|  | { | 
|  | ScopedTestDialogAutoConfirm auto_confirm( | 
|  | ScopedTestDialogAutoConfirm::ACCEPT); | 
|  |  | 
|  | // Uninstall requires a user gesture, so this should fail. | 
|  | auto function = base::MakeRefCounted<ManagementUninstallFunction>(); | 
|  | function->set_source_context_type(mojom::ContextType::kWebUi); | 
|  | EXPECT_FALSE(RunFunction(function, uninstall_args)); | 
|  | EXPECT_EQ(std::string(constants::kGestureNeededForUninstallError), | 
|  | function->GetError()); | 
|  |  | 
|  | ExtensionFunction::ScopedUserGestureForTests scoped_user_gesture; | 
|  |  | 
|  | function = base::MakeRefCounted<ManagementUninstallFunction>(); | 
|  | function->set_source_context_type(mojom::ContextType::kWebUi); | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension_id)); | 
|  | EXPECT_TRUE(RunFunction(function, uninstall_args)) << function->GetError(); | 
|  | // The extension should be uninstalled. | 
|  | EXPECT_FALSE(registry()->GetExtensionById(extension_id, | 
|  | ExtensionRegistry::EVERYTHING)); | 
|  | tester.ExpectBucketCount( | 
|  | "Extensions.UninstallSource", | 
|  | extensions::UNINSTALL_SOURCE_CHROME_EXTENSIONS_PAGE, 1); | 
|  | } | 
|  |  | 
|  | // Install the extension again, and try uninstalling, auto-canceling the | 
|  | // dialog. | 
|  | { | 
|  | ScopedTestDialogAutoConfirm auto_confirm( | 
|  | ScopedTestDialogAutoConfirm::CANCEL); | 
|  | ExtensionFunction::ScopedUserGestureForTests scoped_user_gesture; | 
|  |  | 
|  | service()->AddExtension(extension.get()); | 
|  | scoped_refptr<ExtensionFunction> function = | 
|  | base::MakeRefCounted<ManagementUninstallFunction>(); | 
|  | function->set_source_context_type(mojom::ContextType::kWebUi); | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension_id)); | 
|  | EXPECT_FALSE(RunFunction(function, uninstall_args)); | 
|  | // The uninstall should have failed. | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension_id)); | 
|  | EXPECT_EQ(ErrorUtils::FormatErrorMessage(constants::kUninstallCanceledError, | 
|  | extension_id), | 
|  | function->GetError()); | 
|  | tester.ExpectBucketCount( | 
|  | "Extensions.UninstallSource", | 
|  | extensions::UNINSTALL_SOURCE_CHROME_EXTENSIONS_PAGE, 2); | 
|  |  | 
|  | // Try again, using showConfirmDialog: false. | 
|  | base::Value::Dict options; | 
|  | options.Set("showConfirmDialog", false); | 
|  | uninstall_args.Append(std::move(options)); | 
|  | function = base::MakeRefCounted<ManagementUninstallFunction>(); | 
|  | function->set_source_context_type(mojom::ContextType::kWebUi); | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension_id)); | 
|  | EXPECT_FALSE(RunFunction(function, uninstall_args)); | 
|  | // This should still fail, since extensions can only suppress the dialog for | 
|  | // uninstalling themselves. | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension_id)); | 
|  | EXPECT_EQ(ErrorUtils::FormatErrorMessage(constants::kUninstallCanceledError, | 
|  | extension_id), | 
|  | function->GetError()); | 
|  | tester.ExpectBucketCount( | 
|  | "Extensions.UninstallSource", | 
|  | extensions::UNINSTALL_SOURCE_CHROME_EXTENSIONS_PAGE, 3); | 
|  |  | 
|  | // If we have the extension uninstall itself, the uninstall should succeed | 
|  | // (even though we auto-cancel any dialog), because the dialog is never | 
|  | // shown. | 
|  | uninstall_args.erase(uninstall_args.begin()); | 
|  | function = base::MakeRefCounted<ManagementUninstallSelfFunction>(); | 
|  | // Note: this time the source is coming from the extension itself, not a | 
|  | // WebUI based context. | 
|  | function->set_extension(extension); | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension_id)); | 
|  | EXPECT_TRUE(RunFunction(function, uninstall_args)) << function->GetError(); | 
|  | EXPECT_FALSE(registry()->GetExtensionById(extension_id, | 
|  | ExtensionRegistry::EVERYTHING)); | 
|  | // Note: No Extensins.UninstallSource bucket is incremented here, as no | 
|  | // dialog was shown. | 
|  | } | 
|  | } | 
|  |  | 
|  | // Tests management.uninstall from the Web Store hosted app. | 
|  | TEST_F(ManagementApiUnitTest, ManagementUninstallWebstoreHostedApp) { | 
|  | scoped_refptr<const Extension> triggering_extension = | 
|  | ExtensionBuilder("Test").SetID(extensions::kWebStoreAppId).Build(); | 
|  | scoped_refptr<const Extension> extension = ExtensionBuilder("Test").Build(); | 
|  | service()->AddExtension(extension.get()); | 
|  | const ExtensionId& extension_id = extension->id(); | 
|  | base::Value::List uninstall_args; | 
|  | uninstall_args.Append(extension->id()); | 
|  | base::HistogramTester tester; | 
|  |  | 
|  | { | 
|  | auto function = base::MakeRefCounted<ManagementUninstallFunction>(); | 
|  | function->set_extension(triggering_extension); | 
|  |  | 
|  | ScopedTestDialogAutoConfirm auto_confirm( | 
|  | ScopedTestDialogAutoConfirm::CANCEL); | 
|  | ExtensionFunction::ScopedUserGestureForTests scoped_user_gesture; | 
|  |  | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension_id)); | 
|  | EXPECT_FALSE(RunFunction(function, uninstall_args)); | 
|  | // When the dialog is automatically canceled, an error will have been | 
|  | // reported to the extension telling it. | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension_id)); | 
|  | EXPECT_EQ(ErrorUtils::FormatErrorMessage(constants::kUninstallCanceledError, | 
|  | extension_id), | 
|  | function->GetError()); | 
|  | tester.ExpectBucketCount("Extensions.UninstallSource", | 
|  | extensions::UNINSTALL_SOURCE_CHROME_WEBSTORE, 1); | 
|  | } | 
|  |  | 
|  | { | 
|  | auto function = base::MakeRefCounted<ManagementUninstallFunction>(); | 
|  | function->set_extension(triggering_extension); | 
|  |  | 
|  | bool did_show = false; | 
|  | auto callback = base::BindRepeating( | 
|  | [](bool* did_show, extensions::ExtensionUninstallDialog* dialog) { | 
|  | // The dialog should be shown, only identifying the extension being | 
|  | // removed and not the caller of the function. | 
|  | EXPECT_EQ("Remove \"Test\"?", dialog->GetHeadingText()); | 
|  | *did_show = true; | 
|  | }, | 
|  | &did_show); | 
|  | extensions::ExtensionUninstallDialog::SetOnShownCallbackForTesting( | 
|  | &callback); | 
|  |  | 
|  | ScopedTestDialogAutoConfirm auto_confirm( | 
|  | ScopedTestDialogAutoConfirm::ACCEPT); | 
|  | ExtensionFunction::ScopedUserGestureForTests scoped_user_gesture; | 
|  |  | 
|  | EXPECT_TRUE(RunFunction(function, uninstall_args)) << function->GetError(); | 
|  | // The extension should be uninstalled. | 
|  | EXPECT_EQ(nullptr, registry()->GetInstalledExtension(extension_id)); | 
|  | EXPECT_TRUE(did_show); | 
|  | tester.ExpectBucketCount("Extensions.UninstallSource", | 
|  | extensions::UNINSTALL_SOURCE_CHROME_WEBSTORE, 2); | 
|  |  | 
|  | // Reset the callback. | 
|  | extensions::ExtensionUninstallDialog::SetOnShownCallbackForTesting(nullptr); | 
|  | } | 
|  | } | 
|  |  | 
|  | // Tests management.uninstall from the new Webstore domain. | 
|  | TEST_F(ManagementApiUnitTest, ManagementUninstallNewWebstore) { | 
|  | scoped_refptr<const Extension> extension = ExtensionBuilder("Test").Build(); | 
|  | service()->AddExtension(extension.get()); | 
|  | const ExtensionId& extension_id = extension->id(); | 
|  | base::Value::List uninstall_args; | 
|  | uninstall_args.Append(extension->id()); | 
|  | base::HistogramTester tester; | 
|  |  | 
|  | // Note: no triggering extension is set on the ExtensionFunction, but the | 
|  | // associated URL should be from the webstore domain. | 
|  | auto function = base::MakeRefCounted<ManagementUninstallFunction>(); | 
|  | function->set_source_url(GURL(extension_urls::GetNewWebstoreLaunchURL())); | 
|  |  | 
|  | bool did_show = false; | 
|  | auto callback = base::BindRepeating( | 
|  | [](bool* did_show, extensions::ExtensionUninstallDialog* dialog) { | 
|  | // The dialog should be shown, only identifying the extension being | 
|  | // removed and not the caller of the function. | 
|  | EXPECT_EQ("Remove \"Test\"?", dialog->GetHeadingText()); | 
|  | *did_show = true; | 
|  | }, | 
|  | &did_show); | 
|  | extensions::ExtensionUninstallDialog::SetOnShownCallbackForTesting(&callback); | 
|  |  | 
|  | ScopedTestDialogAutoConfirm auto_confirm(ScopedTestDialogAutoConfirm::ACCEPT); | 
|  | ExtensionFunction::ScopedUserGestureForTests scoped_user_gesture; | 
|  |  | 
|  | EXPECT_TRUE(RunFunction(function, uninstall_args)) << function->GetError(); | 
|  | // The extension should be uninstalled. | 
|  | EXPECT_EQ(nullptr, registry()->GetInstalledExtension(extension_id)); | 
|  | EXPECT_TRUE(did_show); | 
|  | tester.ExpectBucketCount("Extensions.UninstallSource", | 
|  | extensions::UNINSTALL_SOURCE_CHROME_WEBSTORE, 1); | 
|  |  | 
|  | // Reset the callback. | 
|  | extensions::ExtensionUninstallDialog::SetOnShownCallbackForTesting(nullptr); | 
|  | } | 
|  |  | 
|  | // Tests management.uninstall from a normal extension, which will create a | 
|  | // programmatic uninstall dialog that identifies the extension that called it. | 
|  | TEST_F(ManagementApiUnitTest, ManagementUninstallProgramatic) { | 
|  | scoped_refptr<const Extension> triggering_extension = | 
|  | ExtensionBuilder("Triggering Extension").SetID("123").Build(); | 
|  | scoped_refptr<const Extension> extension = ExtensionBuilder("Test").Build(); | 
|  | service()->AddExtension(extension.get()); | 
|  | const ExtensionId& extension_id = extension->id(); | 
|  | base::Value::List uninstall_args; | 
|  | uninstall_args.Append(extension->id()); | 
|  | base::HistogramTester tester; | 
|  | { | 
|  | auto function = base::MakeRefCounted<ManagementUninstallFunction>(); | 
|  | function->set_extension(triggering_extension); | 
|  |  | 
|  | bool did_show = false; | 
|  | auto callback = base::BindRepeating( | 
|  | [](bool* did_show, extensions::ExtensionUninstallDialog* dialog) { | 
|  | // The dialog should be shown, identifying the extension that called | 
|  | // the function and the extension being removed. | 
|  | EXPECT_EQ("\"Triggering Extension\" would like to remove \"Test\".", | 
|  | dialog->GetHeadingText()); | 
|  | *did_show = true; | 
|  | }, | 
|  | &did_show); | 
|  | extensions::ExtensionUninstallDialog::SetOnShownCallbackForTesting( | 
|  | &callback); | 
|  |  | 
|  | ScopedTestDialogAutoConfirm auto_confirm( | 
|  | ScopedTestDialogAutoConfirm::ACCEPT); | 
|  | ExtensionFunction::ScopedUserGestureForTests scoped_user_gesture; | 
|  | EXPECT_TRUE(RunFunction(function, uninstall_args)) << function->GetError(); | 
|  | // The extension should be uninstalled. | 
|  | EXPECT_EQ(nullptr, registry()->GetInstalledExtension(extension_id)); | 
|  | EXPECT_TRUE(did_show); | 
|  | tester.ExpectBucketCount("Extensions.UninstallSource", | 
|  | extensions::UNINSTALL_SOURCE_EXTENSION, 1); | 
|  |  | 
|  | // Reset the callback. | 
|  | extensions::ExtensionUninstallDialog::SetOnShownCallbackForTesting(nullptr); | 
|  | } | 
|  | } | 
|  | // Tests uninstalling a blocklisted extension via management.uninstall. | 
|  | TEST_F(ManagementApiUnitTest, ManagementUninstallBlocklisted) { | 
|  | scoped_refptr<const Extension> extension = ExtensionBuilder("Test").Build(); | 
|  | service()->AddExtension(extension.get()); | 
|  | const ExtensionId& id = extension->id(); | 
|  |  | 
|  | service()->BlocklistExtensionForTest(id); | 
|  | EXPECT_NE(nullptr, registry()->GetInstalledExtension(id)); | 
|  |  | 
|  | ScopedTestDialogAutoConfirm auto_confirm(ScopedTestDialogAutoConfirm::ACCEPT); | 
|  | ExtensionFunction::ScopedUserGestureForTests scoped_user_gesture; | 
|  | auto function = base::MakeRefCounted<ManagementUninstallFunction>(); | 
|  | function->set_source_context_type(mojom::ContextType::kWebUi); | 
|  | base::Value::List uninstall_args; | 
|  | uninstall_args.Append(id); | 
|  | EXPECT_TRUE(RunFunction(function, uninstall_args)) << function->GetError(); | 
|  |  | 
|  | EXPECT_EQ(nullptr, registry()->GetInstalledExtension(id)); | 
|  | } | 
|  |  | 
|  | TEST_F(ManagementApiUnitTest, ManagementEnableOrDisableBlocklisted) { | 
|  | scoped_refptr<const Extension> extension = ExtensionBuilder("Test").Build(); | 
|  | service()->AddExtension(extension.get()); | 
|  | const ExtensionId& id = extension->id(); | 
|  |  | 
|  | service()->BlocklistExtensionForTest(id); | 
|  | EXPECT_NE(nullptr, registry()->GetInstalledExtension(id)); | 
|  |  | 
|  | // Test enabling it. | 
|  | { | 
|  | base::Value::List enable_args; | 
|  | enable_args.Append(id); | 
|  | enable_args.Append(true); | 
|  | auto function = base::MakeRefCounted<ManagementSetEnabledFunction>(); | 
|  | EXPECT_TRUE(RunFunction(function, enable_args)) << function->GetError(); | 
|  | EXPECT_FALSE(registry()->enabled_extensions().Contains(id)); | 
|  | EXPECT_FALSE(registry()->disabled_extensions().Contains(id)); | 
|  | } | 
|  |  | 
|  | // Test disabling it | 
|  | { | 
|  | base::Value::List disable_args; | 
|  | disable_args.Append(id); | 
|  | disable_args.Append(false); | 
|  |  | 
|  | auto function = base::MakeRefCounted<ManagementSetEnabledFunction>(); | 
|  | EXPECT_TRUE(RunFunction(function, disable_args)) << function->GetError(); | 
|  | EXPECT_FALSE(registry()->enabled_extensions().Contains(id)); | 
|  | EXPECT_FALSE(registry()->disabled_extensions().Contains(id)); | 
|  | } | 
|  | } | 
|  |  | 
|  | TEST_F(ManagementApiUnitTest, ExtensionInfo_MayEnable) { | 
|  | using ExtensionInfo = api::management::ExtensionInfo; | 
|  |  | 
|  | scoped_refptr<const Extension> extension = ExtensionBuilder("Test").Build(); | 
|  | service()->AddExtension(extension.get()); | 
|  |  | 
|  | const std::string args = | 
|  | base::StringPrintf("[\"%s\"]", extension->id().c_str()); | 
|  |  | 
|  | // Initially the extension should show as enabled. | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension->id())); | 
|  | { | 
|  | auto function = base::MakeRefCounted<ManagementGetFunction>(); | 
|  | std::optional<base::Value> value = | 
|  | api_test_utils::RunFunctionAndReturnSingleResult(function.get(), args, | 
|  | profile()); | 
|  | ASSERT_TRUE(value); | 
|  | std::optional<ExtensionInfo> info = ExtensionInfo::FromValue(*value); | 
|  | ASSERT_TRUE(info); | 
|  | EXPECT_TRUE(info->enabled); | 
|  | // |may_enable| is only returned for extensions which are not enabled. | 
|  | EXPECT_FALSE(info->may_enable); | 
|  | } | 
|  |  | 
|  | // Simulate blocklisting the extension and verify that the extension shows as | 
|  | // disabled with a false value of |may_enable|. | 
|  | ManagementPolicy* policy = | 
|  | ExtensionSystem::Get(profile())->management_policy(); | 
|  | policy->UnregisterAllProviders(); | 
|  | TestManagementPolicyProvider provider( | 
|  | TestManagementPolicyProvider::PROHIBIT_LOAD); | 
|  | policy->RegisterProvider(&provider); | 
|  | service()->CheckManagementPolicy(); | 
|  | EXPECT_TRUE(registry()->disabled_extensions().Contains(extension->id())); | 
|  | { | 
|  | auto function = base::MakeRefCounted<ManagementGetFunction>(); | 
|  | std::optional<base::Value> value = | 
|  | api_test_utils::RunFunctionAndReturnSingleResult(function.get(), args, | 
|  | profile()); | 
|  | ASSERT_TRUE(value); | 
|  | std::optional<ExtensionInfo> info = ExtensionInfo::FromValue(*value); | 
|  | ASSERT_TRUE(info); | 
|  | EXPECT_FALSE(info->enabled); | 
|  | ASSERT_TRUE(info->may_enable); | 
|  | EXPECT_FALSE(*(info->may_enable)); | 
|  | } | 
|  |  | 
|  | // Re-enable the extension. | 
|  | policy->UnregisterAllProviders(); | 
|  | service()->CheckManagementPolicy(); | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension->id())); | 
|  |  | 
|  | // Disable the extension with a normal user action. Verify the extension shows | 
|  | // as disabled with |may_enable| as true. | 
|  | service()->DisableExtension(extension->id(), | 
|  | disable_reason::DISABLE_USER_ACTION); | 
|  | EXPECT_TRUE(registry()->disabled_extensions().Contains(extension->id())); | 
|  | { | 
|  | auto function = base::MakeRefCounted<ManagementGetFunction>(); | 
|  | std::optional<base::Value> value = | 
|  | api_test_utils::RunFunctionAndReturnSingleResult(function.get(), args, | 
|  | profile()); | 
|  | ASSERT_TRUE(value); | 
|  | std::optional<ExtensionInfo> info = ExtensionInfo::FromValue(*value); | 
|  | ASSERT_TRUE(info); | 
|  | EXPECT_FALSE(info->enabled); | 
|  | ASSERT_TRUE(info->may_enable); | 
|  | EXPECT_TRUE(*(info->may_enable)); | 
|  | } | 
|  | } | 
|  |  | 
|  | TEST_F(ManagementApiUnitTest, ExtensionInfo_MayDisable) { | 
|  | using ExtensionInfo = api::management::ExtensionInfo; | 
|  |  | 
|  | scoped_refptr<const Extension> extension = ExtensionBuilder("Test").Build(); | 
|  | service()->AddExtension(extension.get()); | 
|  |  | 
|  | const std::string args = | 
|  | base::StringPrintf("[\"%s\"]", extension->id().c_str()); | 
|  |  | 
|  | // Initially the extension should show as enabled, so it may be disabled | 
|  | // freely. | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension->id())); | 
|  | { | 
|  | auto function = base::MakeRefCounted<ManagementGetFunction>(); | 
|  | std::optional<base::Value> value = | 
|  | api_test_utils::RunFunctionAndReturnSingleResult(function.get(), args, | 
|  | profile()); | 
|  | ASSERT_TRUE(value); | 
|  | std::optional<ExtensionInfo> info = ExtensionInfo::FromValue(*value); | 
|  | ASSERT_TRUE(info); | 
|  | EXPECT_TRUE(info->enabled); | 
|  | EXPECT_TRUE(info->may_disable); | 
|  | } | 
|  |  | 
|  | // Simulate forcing the extension and verify that the extension shows with | 
|  | // a false value of |may_disable|. | 
|  | ManagementPolicy* policy = | 
|  | ExtensionSystem::Get(profile())->management_policy(); | 
|  | policy->UnregisterAllProviders(); | 
|  | TestManagementPolicyProvider provider( | 
|  | TestManagementPolicyProvider::MUST_REMAIN_ENABLED); | 
|  | policy->RegisterProvider(&provider); | 
|  | service()->CheckManagementPolicy(); | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension->id())); | 
|  | { | 
|  | auto function = base::MakeRefCounted<ManagementGetFunction>(); | 
|  | std::optional<base::Value> value = | 
|  | api_test_utils::RunFunctionAndReturnSingleResult(function.get(), args, | 
|  | profile()); | 
|  | ASSERT_TRUE(value); | 
|  | std::optional<ExtensionInfo> info = ExtensionInfo::FromValue(*value); | 
|  | ASSERT_TRUE(info); | 
|  | EXPECT_TRUE(info->enabled); | 
|  | EXPECT_FALSE(info->may_disable); | 
|  | } | 
|  | } | 
|  |  | 
|  | // Tests enabling an extension via management API after it was disabled due to | 
|  | // permission increase. | 
|  | TEST_F(ManagementApiUnitTest, SetEnabledAfterIncreasedPermissions) { | 
|  | ExtensionPrefs* prefs = ExtensionPrefs::Get(profile()); | 
|  | std::unique_ptr<content::WebContents> web_contents( | 
|  | content::WebContentsTester::CreateTestWebContents(profile(), nullptr)); | 
|  |  | 
|  | base::FilePath base_path = data_dir().AppendASCII("permissions_increase"); | 
|  | base::FilePath pem_path = base_path.AppendASCII("permissions.pem"); | 
|  |  | 
|  | base::FilePath path = base_path.AppendASCII("v1"); | 
|  | const Extension* extension = PackAndInstallCRX(path, pem_path, INSTALL_NEW); | 
|  | // The extension must now be installed and enabled. | 
|  | ASSERT_TRUE(extension); | 
|  | ASSERT_TRUE(registry()->enabled_extensions().Contains(extension->id())); | 
|  |  | 
|  | // Save the id, as |extension| will be destroyed during updating. | 
|  | ExtensionId extension_id = extension->id(); | 
|  |  | 
|  | std::unique_ptr<const PermissionSet> known_perms = | 
|  | prefs->GetGrantedPermissions(extension_id); | 
|  | ASSERT_TRUE(known_perms); | 
|  | // v1 extension doesn't have any permissions. | 
|  | EXPECT_TRUE(known_perms->IsEmpty()); | 
|  |  | 
|  | // Update to a new version with increased permissions. | 
|  | path = base_path.AppendASCII("v2"); | 
|  | PackCRXAndUpdateExtension(extension_id, path, pem_path, DISABLED); | 
|  |  | 
|  | // The extension should be disabled. | 
|  | ASSERT_FALSE(registry()->enabled_extensions().Contains(extension_id)); | 
|  |  | 
|  | // Due to a permission increase, prefs will contain escalation information. | 
|  | EXPECT_TRUE(prefs->DidExtensionEscalatePermissions(extension_id)); | 
|  |  | 
|  | // 1) Confirm re-enable prompt without user gesture, expect the extension to | 
|  | // stay disabled. | 
|  | { | 
|  | std::string error; | 
|  | bool success = RunSetEnabledFunction(web_contents.get(), extension_id, | 
|  | false /* use_user_gesture */, | 
|  | true /* accept_dialog */, &error); | 
|  | EXPECT_FALSE(success); | 
|  | EXPECT_FALSE(error.empty()); | 
|  | EXPECT_FALSE(registry()->enabled_extensions().Contains(extension_id)); | 
|  | // Prefs should still contain permissions escalation information. | 
|  | EXPECT_TRUE(prefs->DidExtensionEscalatePermissions(extension_id)); | 
|  | } | 
|  |  | 
|  | // 2) Deny re-enable prompt without user gesture, expect the extension to stay | 
|  | // disabled. | 
|  | { | 
|  | std::string error; | 
|  | bool success = RunSetEnabledFunction(web_contents.get(), extension_id, | 
|  | false /* use_user_gesture */, | 
|  | false /* accept_dialog */, &error); | 
|  | EXPECT_FALSE(success); | 
|  | EXPECT_FALSE(error.empty()); | 
|  | EXPECT_FALSE(registry()->enabled_extensions().Contains(extension_id)); | 
|  | // Prefs should still contain permissions escalation information. | 
|  | EXPECT_TRUE(prefs->DidExtensionEscalatePermissions(extension_id)); | 
|  | } | 
|  |  | 
|  | // 3) Deny re-enable prompt with user gesture, expect the extension to stay | 
|  | // disabled. | 
|  | { | 
|  | std::string error; | 
|  | bool success = RunSetEnabledFunction(web_contents.get(), extension_id, | 
|  | true /* use_user_gesture */, | 
|  | false /* accept_dialog */, &error); | 
|  | EXPECT_FALSE(success); | 
|  | EXPECT_FALSE(error.empty()); | 
|  | EXPECT_FALSE(registry()->enabled_extensions().Contains(extension_id)); | 
|  | // Prefs should still contain permissions escalation information. | 
|  | EXPECT_TRUE(prefs->DidExtensionEscalatePermissions(extension_id)); | 
|  | } | 
|  |  | 
|  | // 4) Accept re-enable prompt with user gesture, expect the extension to be | 
|  | // enabled. | 
|  | { | 
|  | std::string error; | 
|  | bool success = RunSetEnabledFunction(web_contents.get(), extension_id, | 
|  | true /* use_user_gesture */, | 
|  | true /* accept_dialog */, &error); | 
|  | EXPECT_TRUE(success) << error; | 
|  | EXPECT_TRUE(error.empty()); | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension_id)); | 
|  | // Prefs will no longer contain the escalation information as user has | 
|  | // accepted increased permissions. | 
|  | EXPECT_FALSE(prefs->DidExtensionEscalatePermissions(extension_id)); | 
|  | } | 
|  |  | 
|  | // Some permissions for v2 extension should be granted by now. | 
|  | known_perms = prefs->GetGrantedPermissions(extension_id); | 
|  | ASSERT_TRUE(known_perms); | 
|  | EXPECT_FALSE(known_perms->IsEmpty()); | 
|  | } | 
|  |  | 
|  | // TODO(b/265970428): Fix and include extensions tests on LaCrOS. | 
|  | // TODO(b/266051970): Fix and include extensions tests on Windows/Mac/Linux. | 
|  | #if BUILDFLAG(IS_CHROMEOS_ASH) | 
|  |  | 
|  | // A delegate that senses when extensions are enabled or disabled. | 
|  | class TestManagementAPIDelegate : public ManagementAPIDelegate { | 
|  | public: | 
|  | TestManagementAPIDelegate() = default; | 
|  | ~TestManagementAPIDelegate() override = default; | 
|  |  | 
|  | bool LaunchAppFunctionDelegate( | 
|  | const Extension* extension, | 
|  | content::BrowserContext* context) const override { | 
|  | return false; | 
|  | } | 
|  | GURL GetFullLaunchURL(const Extension* extension) const override { | 
|  | return GURL(); | 
|  | } | 
|  | LaunchType GetLaunchType(const ExtensionPrefs* prefs, | 
|  | const Extension* extension) const override { | 
|  | return LaunchType::LAUNCH_TYPE_DEFAULT; | 
|  | } | 
|  | std::unique_ptr<InstallPromptDelegate> SetEnabledFunctionDelegate( | 
|  | content::WebContents* web_contents, | 
|  | content::BrowserContext* browser_context, | 
|  | const Extension* extension, | 
|  | base::OnceCallback<void(bool)> callback) const override { | 
|  | return nullptr; | 
|  | } | 
|  | void EnableExtension(content::BrowserContext* context, | 
|  | const ExtensionId& extension_id) const override { | 
|  | ++enable_count_; | 
|  | } | 
|  | void DisableExtension( | 
|  | content::BrowserContext* context, | 
|  | const Extension* source_extension, | 
|  | const ExtensionId& extension_id, | 
|  | disable_reason::DisableReason disable_reason) const override {} | 
|  | std::unique_ptr<UninstallDialogDelegate> UninstallFunctionDelegate( | 
|  | ManagementUninstallFunctionBase* function, | 
|  | const Extension* target_extension, | 
|  | bool show_programmatic_uninstall_ui) const override { | 
|  | return nullptr; | 
|  | } | 
|  | bool UninstallExtension(content::BrowserContext* context, | 
|  | const ExtensionId& transient_extension_id, | 
|  | UninstallReason reason, | 
|  | std::u16string* error) const override { | 
|  | return true; | 
|  | } | 
|  | bool CreateAppShortcutFunctionDelegate( | 
|  | ManagementCreateAppShortcutFunction* function, | 
|  | const Extension* extension, | 
|  | std::string* error) const override { | 
|  | return true; | 
|  | } | 
|  | void SetLaunchType(content::BrowserContext* context, | 
|  | const ExtensionId& extension_id, | 
|  | LaunchType launch_type) const override {} | 
|  |  | 
|  | std::unique_ptr<AppForLinkDelegate> GenerateAppForLinkFunctionDelegate( | 
|  | ManagementGenerateAppForLinkFunction* function, | 
|  | content::BrowserContext* context, | 
|  | const std::string& title, | 
|  | const GURL& launch_url) const override { | 
|  | return nullptr; | 
|  | } | 
|  | bool CanContextInstallWebApps( | 
|  | content::BrowserContext* context) const override { | 
|  | return true; | 
|  | } | 
|  | void InstallOrLaunchReplacementWebApp( | 
|  | content::BrowserContext* context, | 
|  | const GURL& web_app_url, | 
|  | InstallOrLaunchWebAppCallback callback) const override {} | 
|  | GURL GetIconURL(const Extension* extension, | 
|  | int icon_size, | 
|  | ExtensionIconSet::MatchType match, | 
|  | bool grayscale) const override { | 
|  | return GURL(); | 
|  | } | 
|  | GURL GetEffectiveUpdateURL(const extensions::Extension& extension, | 
|  | content::BrowserContext* context) const override { | 
|  | return GURL(); | 
|  | } | 
|  |  | 
|  | // EnableExtension is const, so this is mutable. | 
|  | mutable int enable_count_ = 0; | 
|  | }; | 
|  |  | 
|  | // A delegate that allows a child to try to install an extension and tracks | 
|  | // whether the parent permission dialog would have opened. | 
|  | class TestSupervisedUserExtensionsDelegate | 
|  | : public SupervisedUserExtensionsDelegateImpl { | 
|  | public: | 
|  | explicit TestSupervisedUserExtensionsDelegate( | 
|  | content::BrowserContext* context) | 
|  | : SupervisedUserExtensionsDelegateImpl(context) {} | 
|  | ~TestSupervisedUserExtensionsDelegate() override = default; | 
|  |  | 
|  | // SupervisedUserExtensionsDelegate: | 
|  | bool IsChild() const override { return true; } | 
|  |  | 
|  | void RequestToAddExtensionOrShowError( | 
|  | const extensions::Extension& extension, | 
|  | content::WebContents* contents, | 
|  | const gfx::ImageSkia& icon, | 
|  | ExtensionApprovalDoneCallback extension_approval_callback) override { | 
|  | // Preconditions. | 
|  | DCHECK(IsChild()); | 
|  | DCHECK(!IsExtensionAllowedByParent(extension)); | 
|  |  | 
|  | if (CanInstallExtensions()) { | 
|  | ShowParentPermissionDialogForExtension( | 
|  | extension, contents, std::move(extension_approval_callback), icon); | 
|  | } else { | 
|  | ShowInstallBlockedByParentDialogForExtension( | 
|  | extension, contents, | 
|  | ExtensionInstalledBlockedByParentDialogAction::kAdd, | 
|  | base::BindOnce(std::move(extension_approval_callback), | 
|  | SupervisedUserExtensionsDelegate:: | 
|  | ExtensionApprovalResult::kBlocked)); | 
|  | } | 
|  | } | 
|  |  | 
|  | void RequestToEnableExtensionOrShowError( | 
|  | const extensions::Extension& extension, | 
|  | content::WebContents* contents, | 
|  | ExtensionApprovalDoneCallback extension_approval_callback) override { | 
|  | // Preconditions. | 
|  | DCHECK(IsChild()); | 
|  | DCHECK(!IsExtensionAllowedByParent(extension)); | 
|  |  | 
|  | if (CanInstallExtensions()) { | 
|  | ShowParentPermissionDialogForExtension( | 
|  | extension, contents, std::move(extension_approval_callback), | 
|  | gfx::ImageSkia()); | 
|  | } else { | 
|  | ShowInstallBlockedByParentDialogForExtension( | 
|  | extension, contents, | 
|  | ExtensionInstalledBlockedByParentDialogAction::kEnable, | 
|  | base::BindOnce(std::move(extension_approval_callback), | 
|  | SupervisedUserExtensionsDelegate:: | 
|  | ExtensionApprovalResult::kBlocked)); | 
|  | } | 
|  | } | 
|  |  | 
|  | void set_next_parent_permission_dialog_result( | 
|  | ExtensionApprovalResult result) { | 
|  | dialog_result_ = result; | 
|  | } | 
|  |  | 
|  | int show_dialog_count() const { return show_dialog_count_; } | 
|  | int show_block_dialog_count() const { return show_block_dialog_count_; } | 
|  |  | 
|  | private: | 
|  | // Shows a parent permission dialog for |extension| and call |done_callback| | 
|  | // when it completes. | 
|  | void ShowParentPermissionDialogForExtension( | 
|  | const extensions::Extension& extension, | 
|  | content::WebContents* contents, | 
|  | extensions::SupervisedUserExtensionsDelegate:: | 
|  | ExtensionApprovalDoneCallback done_callback, | 
|  | const gfx::ImageSkia& icon) { | 
|  | ++show_dialog_count_; | 
|  | std::move(done_callback).Run(dialog_result_); | 
|  | } | 
|  |  | 
|  | // Shows a dialog indicating that |extension| has been blocked and call | 
|  | // |done_callback| when it completes. | 
|  | void ShowInstallBlockedByParentDialogForExtension( | 
|  | const extensions::Extension& extension, | 
|  | content::WebContents* contents, | 
|  | ExtensionInstalledBlockedByParentDialogAction blocked_action, | 
|  | base::OnceClosure done_callback) { | 
|  | show_block_dialog_count_++; | 
|  | std::move(done_callback).Run(); | 
|  | } | 
|  |  | 
|  | ExtensionApprovalResult dialog_result_ = ExtensionApprovalResult::kFailed; | 
|  | int show_dialog_count_ = 0; | 
|  | int show_block_dialog_count_ = 0; | 
|  | }; | 
|  |  | 
|  | // Tests for supervised users (child accounts). Supervised users are not allowed | 
|  | // to install apps or extensions unless their parent approves. | 
|  | class ManagementApiSupervisedUserTest : public ManagementApiUnitTest { | 
|  | public: | 
|  | ManagementApiSupervisedUserTest() = default; | 
|  | ~ManagementApiSupervisedUserTest() override = default; | 
|  |  | 
|  | // ManagementApiUnitTest: | 
|  | ExtensionServiceInitParams GetExtensionServiceInitParams() override { | 
|  | ExtensionServiceInitParams params; | 
|  | params.profile_is_supervised = true; | 
|  | return params; | 
|  | } | 
|  |  | 
|  | supervised_user::SupervisedUserService* GetSupervisedUserService() { | 
|  | return SupervisedUserServiceFactory::GetForProfile(profile()); | 
|  | } | 
|  |  | 
|  | SupervisedUserExtensionsDelegate* GetSupervisedUserExtensionsDelegate() { | 
|  | return supervised_user_delegate_; | 
|  | } | 
|  |  | 
|  | void SetUp() override { | 
|  | ManagementApiUnitTest::SetUp(); | 
|  |  | 
|  | // Set up custodians (parents) for the child. | 
|  | supervised_user_test_util::AddCustodians(browser()->profile()); | 
|  |  | 
|  | GetSupervisedUserService()->Init(); | 
|  | // Set the pref to allow the child to request extension install. | 
|  | supervised_user_test_util:: | 
|  | SetSupervisedUserExtensionsMayRequestPermissionsPref(profile(), true); | 
|  |  | 
|  | // Create a WebContents to simulate the Chrome Web Store. | 
|  | web_contents_ = | 
|  | content::WebContentsTester::CreateTestWebContents(profile(), nullptr); | 
|  |  | 
|  | management_api_ = ManagementAPI::GetFactoryInstance()->Get(profile()); | 
|  |  | 
|  | // Install a SupervisedUserExtensionsDelegate to sense the dialog state. | 
|  | supervised_user_delegate_ = | 
|  | new TestSupervisedUserExtensionsDelegate(profile()); | 
|  | management_api_->set_supervised_user_extensions_delegate_for_test( | 
|  | base::WrapUnique(supervised_user_delegate_.get())); | 
|  | } | 
|  |  | 
|  | std::unique_ptr<content::WebContents> web_contents_; | 
|  | raw_ptr<ManagementAPI> management_api_ = nullptr; | 
|  | raw_ptr<TestSupervisedUserExtensionsDelegate> supervised_user_delegate_ = | 
|  | nullptr; | 
|  | }; | 
|  |  | 
|  | TEST_F(ManagementApiSupervisedUserTest, SetEnabled_BlockedByParent) { | 
|  | // Preconditions. | 
|  | ASSERT_TRUE(profile()->IsChild()); | 
|  |  | 
|  | base::HistogramTester histogram_tester; | 
|  | base::UserActionTester user_action_tester; | 
|  |  | 
|  | base::FilePath base_path = data_dir().AppendASCII("permissions_increase"); | 
|  | base::FilePath pem_path = base_path.AppendASCII("permissions.pem"); | 
|  |  | 
|  | base::FilePath path = base_path.AppendASCII("v1"); | 
|  | const Extension* extension = | 
|  | PackAndInstallCRX(path, pem_path, INSTALL_WITHOUT_LOAD); | 
|  | ASSERT_TRUE(extension); | 
|  | // The extension should be installed but disabled. | 
|  | EXPECT_TRUE(registry()->disabled_extensions().Contains(extension->id())); | 
|  | const ExtensionId& extension_id = extension->id(); | 
|  | ExtensionPrefs* prefs = ExtensionPrefs::Get(profile()); | 
|  | EXPECT_TRUE(prefs->HasDisableReason( | 
|  | extension_id, disable_reason::DISABLE_CUSTODIAN_APPROVAL_REQUIRED)); | 
|  |  | 
|  | // Simulate disabling Permissions for sites, apps and extensions | 
|  | // in the testing supervised user service delegate used by the Management API. | 
|  | supervised_user_test_util:: | 
|  | SetSupervisedUserExtensionsMayRequestPermissionsPref(profile(), false); | 
|  |  | 
|  | // The supervised user trying to enable while Permissions for sites, apps and | 
|  | // extensions is disabled should fail. | 
|  | { | 
|  | std::string error; | 
|  | bool success = RunSetEnabledFunction(web_contents_.get(), extension_id, | 
|  | /*use_user_gesture=*/true, | 
|  | /*accept_dialog=*/true, &error); | 
|  | EXPECT_FALSE(success); | 
|  | EXPECT_FALSE(error.empty()); | 
|  | EXPECT_TRUE(registry()->disabled_extensions().Contains(extension_id)); | 
|  |  | 
|  | // The block dialog should have been shown. | 
|  | EXPECT_EQ(supervised_user_delegate_->show_block_dialog_count(), 1); | 
|  | } | 
|  |  | 
|  | // Metrics reporting cannot be tested here, because the current implementation | 
|  | // of `TestSupervisedUserExtensionsDelegate` overrides the | 
|  | // `ShowInstallBlockedByParentDialogForExtension` method that records the | 
|  | // metric in the production code. | 
|  | } | 
|  |  | 
|  | // Tests enabling an extension via management API after it was disabled due to | 
|  | // permission increase for supervised users. | 
|  | // Prevents a regression to crbug/1068660. | 
|  | TEST_F(ManagementApiSupervisedUserTest, SetEnabled_AfterIncreasedPermissions) { | 
|  | // Preconditions. | 
|  | ASSERT_TRUE(profile()->IsChild()); | 
|  |  | 
|  | base::HistogramTester histogram_tester; | 
|  |  | 
|  | base::FilePath base_path = data_dir().AppendASCII("permissions_increase"); | 
|  | base::FilePath pem_path = base_path.AppendASCII("permissions.pem"); | 
|  |  | 
|  | base::FilePath path = base_path.AppendASCII("v1"); | 
|  | const Extension* extension = | 
|  | PackAndInstallCRX(path, pem_path, INSTALL_WITHOUT_LOAD); | 
|  | ASSERT_TRUE(extension); | 
|  | // The extension should be installed but disabled pending custodian approval. | 
|  | EXPECT_TRUE(registry()->disabled_extensions().Contains(extension->id())); | 
|  | // Save the id, as |extension| will be destroyed during updating. | 
|  | const ExtensionId extension_id = extension->id(); | 
|  |  | 
|  | // Simulate parent approval for the extension installation. | 
|  | GetSupervisedUserExtensionsDelegate()->AddExtensionApproval(*extension); | 
|  | // The extension should be enabled now. | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension_id)); | 
|  |  | 
|  | // Should see 1 kApprovalGranted UMA metric. | 
|  | histogram_tester.ExpectUniqueSample( | 
|  | SupervisedUserExtensionsMetricsRecorder::kExtensionsHistogramName, | 
|  | SupervisedUserExtensionsMetricsRecorder::UmaExtensionState:: | 
|  | kApprovalGranted, | 
|  | 1); | 
|  | histogram_tester.ExpectTotalCount( | 
|  | SupervisedUserExtensionsMetricsRecorder::kExtensionsHistogramName, 1); | 
|  |  | 
|  | ExtensionPrefs* prefs = ExtensionPrefs::Get(profile()); | 
|  | std::unique_ptr<const PermissionSet> known_perms = | 
|  | prefs->GetGrantedPermissions(extension_id); | 
|  | ASSERT_TRUE(known_perms); | 
|  | // v1 extension doesn't have any permissions. | 
|  | EXPECT_TRUE(known_perms->IsEmpty()); | 
|  |  | 
|  | // Update to a new version with increased permissions. | 
|  | path = base_path.AppendASCII("v2"); | 
|  | PackCRXAndUpdateExtension(extension_id, path, pem_path, DISABLED); | 
|  | // The extension should be disabled. | 
|  | EXPECT_TRUE(registry()->disabled_extensions().Contains(extension_id)); | 
|  | // Due to a permission increase, prefs will contain escalation information. | 
|  | EXPECT_TRUE(prefs->DidExtensionEscalatePermissions(extension_id)); | 
|  |  | 
|  | // Accept re-enable prompt with user gesture, expect the extension to be | 
|  | // enabled. | 
|  | { | 
|  | // The supervised user will approve the additional permissions without | 
|  | // parent approval. | 
|  | std::string error; | 
|  | bool success = RunSetEnabledFunction(web_contents_.get(), extension_id, | 
|  | /*use_user_gesture=*/true, | 
|  | /*accept_dialog=*/true, &error); | 
|  | EXPECT_TRUE(success) << error; | 
|  | EXPECT_TRUE(error.empty()); | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension_id)); | 
|  | // Prefs will no longer contain the escalation information as the supervised | 
|  | // user has accepted the increased permissions. | 
|  | EXPECT_FALSE(prefs->DidExtensionEscalatePermissions(extension_id)); | 
|  | } | 
|  |  | 
|  | // Permissions for v2 extension should be granted now. | 
|  | known_perms = prefs->GetGrantedPermissions(extension_id); | 
|  | ASSERT_TRUE(known_perms); | 
|  | EXPECT_FALSE(known_perms->IsEmpty()); | 
|  |  | 
|  | // The parent approval dialog should have not appeared. | 
|  | EXPECT_EQ(0, supervised_user_delegate_->show_dialog_count()); | 
|  |  | 
|  | // Should see 1 kPermissionsIncreaseGranted UMA metric. | 
|  | histogram_tester.ExpectBucketCount( | 
|  | SupervisedUserExtensionsMetricsRecorder::kExtensionsHistogramName, | 
|  | SupervisedUserExtensionsMetricsRecorder::UmaExtensionState:: | 
|  | kPermissionsIncreaseGranted, | 
|  | 1); | 
|  | histogram_tester.ExpectTotalCount( | 
|  | SupervisedUserExtensionsMetricsRecorder::kExtensionsHistogramName, 2); | 
|  | } | 
|  |  | 
|  | // Tests that supervised users can't approve permission updates by themselves | 
|  | // when the "Permissions for sites, apps and extensions" toggle is off. | 
|  | TEST_F(ManagementApiSupervisedUserTest, | 
|  | SetEnabled_CantApprovePermissionUpdatesToggleOff) { | 
|  | // Preconditions. | 
|  | ASSERT_TRUE(profile()->IsChild()); | 
|  |  | 
|  | base::HistogramTester histogram_tester; | 
|  |  | 
|  | base::FilePath base_path = data_dir().AppendASCII("permissions_increase"); | 
|  | base::FilePath pem_path = base_path.AppendASCII("permissions.pem"); | 
|  |  | 
|  | base::FilePath path = base_path.AppendASCII("v1"); | 
|  | const Extension* extension = | 
|  | PackAndInstallCRX(path, pem_path, INSTALL_WITHOUT_LOAD); | 
|  | ASSERT_TRUE(extension); | 
|  | // The extension should be installed but disabled pending custodian approval. | 
|  | EXPECT_TRUE(registry()->disabled_extensions().Contains(extension->id())); | 
|  | // Save the id, as |extension| will be destroyed during updating. | 
|  | const ExtensionId extension_id = extension->id(); | 
|  |  | 
|  | // Simulate parent approval for the extension installation. | 
|  | GetSupervisedUserExtensionsDelegate()->AddExtensionApproval(*extension); | 
|  | // The extension should be enabled now. | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension_id)); | 
|  |  | 
|  | // There should be 1 kApprovalGranted UMA metric. | 
|  | histogram_tester.ExpectUniqueSample( | 
|  | SupervisedUserExtensionsMetricsRecorder::kExtensionsHistogramName, | 
|  | SupervisedUserExtensionsMetricsRecorder::UmaExtensionState:: | 
|  | kApprovalGranted, | 
|  | 1); | 
|  | histogram_tester.ExpectTotalCount( | 
|  | SupervisedUserExtensionsMetricsRecorder::kExtensionsHistogramName, 1); | 
|  |  | 
|  | ExtensionPrefs* prefs = ExtensionPrefs::Get(profile()); | 
|  | std::unique_ptr<const PermissionSet> known_perms = | 
|  | prefs->GetGrantedPermissions(extension_id); | 
|  | ASSERT_TRUE(known_perms); | 
|  | // v1 extension doesn't have any permissions. | 
|  | EXPECT_TRUE(known_perms->IsEmpty()); | 
|  |  | 
|  | // Update to a new version with increased permissions. | 
|  | path = base_path.AppendASCII("v2"); | 
|  | PackCRXAndUpdateExtension(extension_id, path, pem_path, DISABLED); | 
|  | // The extension should be disabled. | 
|  | EXPECT_TRUE(registry()->disabled_extensions().Contains(extension_id)); | 
|  | // Due to a permission increase, prefs will contain escalation information. | 
|  | EXPECT_TRUE(prefs->DidExtensionEscalatePermissions(extension_id)); | 
|  |  | 
|  | // If the "Permissions for sites, apps and extensions" toggle is off, then the | 
|  | // enable attempt should fail. | 
|  | { | 
|  | supervised_user_test_util:: | 
|  | SetSupervisedUserExtensionsMayRequestPermissionsPref(profile(), false); | 
|  | std::string error; | 
|  | bool success = RunSetEnabledFunction(web_contents_.get(), extension_id, | 
|  | /*use_user_gesture=*/true, | 
|  | /*accept_dialog=*/true, &error); | 
|  | EXPECT_FALSE(success); | 
|  | EXPECT_FALSE(error.empty()); | 
|  | EXPECT_TRUE(registry()->disabled_extensions().Contains(extension_id)); | 
|  | // Prefs will still contain the escalation information as the enable attempt | 
|  | // failed. | 
|  | EXPECT_TRUE(prefs->DidExtensionEscalatePermissions(extension_id)); | 
|  | } | 
|  |  | 
|  | // Permissions for v2 extension should not be granted. | 
|  | known_perms = prefs->GetGrantedPermissions(extension_id); | 
|  | ASSERT_TRUE(known_perms); | 
|  | EXPECT_TRUE(known_perms->IsEmpty()); | 
|  |  | 
|  | // The parent approval dialog should have not appeared. The parent approval | 
|  | // dialog should never appear when the "Permissions for sites, apps and | 
|  | // extensions" toggle is off. | 
|  | EXPECT_EQ(0, supervised_user_delegate_->show_dialog_count()); | 
|  |  | 
|  | // There should be no new UMA metrics. | 
|  | histogram_tester.ExpectTotalCount( | 
|  | SupervisedUserExtensionsMetricsRecorder::kExtensionsHistogramName, 1); | 
|  | } | 
|  |  | 
|  | // Tests that if an extension still requires parental consent, the supervised | 
|  | // user approving it for permissions increase won't enable the extension and | 
|  | // bypass parental consent. | 
|  | // Prevents a regression to crbug/1070760. | 
|  | TEST_F(ManagementApiSupervisedUserTest, | 
|  | SetEnabled_CustodianApprovalRequiredAndPermissionsIncrease) { | 
|  | // Preconditions. | 
|  | ASSERT_TRUE(profile()->IsChild()); | 
|  |  | 
|  | base::FilePath base_path = data_dir().AppendASCII("permissions_increase"); | 
|  | base::FilePath pem_path = base_path.AppendASCII("permissions.pem"); | 
|  |  | 
|  | base::FilePath path = base_path.AppendASCII("v1"); | 
|  | const Extension* extension = | 
|  | PackAndInstallCRX(path, pem_path, INSTALL_WITHOUT_LOAD); | 
|  | ASSERT_TRUE(extension); | 
|  | // The extension should be installed but disabled pending custodian approval. | 
|  | EXPECT_TRUE(registry()->disabled_extensions().Contains(extension->id())); | 
|  | // Save the id, as |extension| will be destroyed during updating. | 
|  | const ExtensionId extension_id = extension->id(); | 
|  |  | 
|  | ExtensionPrefs* prefs = ExtensionPrefs::Get(profile()); | 
|  | std::unique_ptr<const PermissionSet> known_perms = | 
|  | prefs->GetGrantedPermissions(extension_id); | 
|  | ASSERT_TRUE(known_perms); | 
|  | // v1 extension doesn't have any permissions. | 
|  | EXPECT_TRUE(known_perms->IsEmpty()); | 
|  |  | 
|  | // Update to a new version with increased permissions. | 
|  | path = base_path.AppendASCII("v2"); | 
|  | PackCRXAndUpdateExtension(extension_id, path, pem_path, DISABLED); | 
|  | // The extension should still be disabled. | 
|  | EXPECT_TRUE(registry()->disabled_extensions().Contains(extension_id)); | 
|  | // This extension has two concurrent disable reasons. | 
|  | EXPECT_TRUE(prefs->HasDisableReason( | 
|  | extension_id, disable_reason::DISABLE_PERMISSIONS_INCREASE)); | 
|  | EXPECT_TRUE(prefs->HasDisableReason( | 
|  | extension_id, disable_reason::DISABLE_CUSTODIAN_APPROVAL_REQUIRED)); | 
|  |  | 
|  | // The supervised user trying to enable without parent approval should fail. | 
|  | { | 
|  | std::string error; | 
|  | bool success = RunSetEnabledFunction(web_contents_.get(), extension_id, | 
|  | /*use_user_gesture=*/true, | 
|  | /*accept_dialog=*/true, &error); | 
|  | EXPECT_FALSE(success); | 
|  | EXPECT_FALSE(error.empty()); | 
|  | EXPECT_TRUE(registry()->disabled_extensions().Contains(extension_id)); | 
|  | // Both disable reasons should still be present. | 
|  | EXPECT_TRUE(prefs->HasDisableReason( | 
|  | extension_id, disable_reason::DISABLE_PERMISSIONS_INCREASE)); | 
|  | EXPECT_TRUE(prefs->HasDisableReason( | 
|  | extension_id, disable_reason::DISABLE_CUSTODIAN_APPROVAL_REQUIRED)); | 
|  | } | 
|  |  | 
|  | // Permissions for v2 extension should not be granted. | 
|  | known_perms = prefs->GetGrantedPermissions(extension_id); | 
|  | ASSERT_TRUE(known_perms); | 
|  | EXPECT_TRUE(known_perms->IsEmpty()); | 
|  |  | 
|  | // The parent approval dialog should have appeared. | 
|  | EXPECT_EQ(1, supervised_user_delegate_->show_dialog_count()); | 
|  |  | 
|  | // Now try again with parent approval, and this should succeed. | 
|  | { | 
|  | supervised_user_delegate_->set_next_parent_permission_dialog_result( | 
|  | SupervisedUserExtensionsDelegate::ExtensionApprovalResult::kApproved); | 
|  | std::string error; | 
|  | bool success = RunSetEnabledFunction(web_contents_.get(), extension_id, | 
|  | /*use_user_gesture=*/true, | 
|  | /*accept_dialog=*/true, &error); | 
|  | EXPECT_TRUE(success) << error; | 
|  | EXPECT_TRUE(error.empty()); | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension_id)); | 
|  | // All disable reasons are gone. | 
|  | EXPECT_FALSE(prefs->DidExtensionEscalatePermissions(extension_id)); | 
|  | EXPECT_FALSE(prefs->HasDisableReason( | 
|  | extension_id, disable_reason::DISABLE_CUSTODIAN_APPROVAL_REQUIRED)); | 
|  | } | 
|  |  | 
|  | // Permissions for v2 extension should now be granted. | 
|  | known_perms = prefs->GetGrantedPermissions(extension_id); | 
|  | ASSERT_TRUE(known_perms); | 
|  | EXPECT_FALSE(known_perms->IsEmpty()); | 
|  |  | 
|  | // The parent approval dialog should have appeared again. | 
|  | EXPECT_EQ(2, supervised_user_delegate_->show_dialog_count()); | 
|  | } | 
|  |  | 
|  | // Tests that trying to enable an extension with parent approval for supervised | 
|  | // users still fails, if there's unsupported requirements. | 
|  | TEST_F(ManagementApiSupervisedUserTest, SetEnabled_UnsupportedRequirement) { | 
|  | // Preconditions. | 
|  | ASSERT_TRUE(profile()->IsChild()); | 
|  | ASSERT_EQ(0, supervised_user_delegate_->show_dialog_count()); | 
|  |  | 
|  | // No WebGL will be the unsupported requirement. | 
|  | content::GpuDataManager::GetInstance()->BlocklistWebGLForTesting(); | 
|  |  | 
|  | base::FilePath base_path = data_dir().AppendASCII("requirements"); | 
|  | base::FilePath pem_path = base_path.AppendASCII("v1_good.pem"); | 
|  | base::FilePath path = base_path.AppendASCII("v2_bad_requirements"); | 
|  | const Extension* extension = | 
|  | PackAndInstallCRX(path, pem_path, INSTALL_WITHOUT_LOAD); | 
|  | ASSERT_TRUE(extension); | 
|  | // The extension should be installed but disabled pending custodian approval | 
|  | // and unsupported requirements. | 
|  | EXPECT_TRUE(registry()->disabled_extensions().Contains(extension->id())); | 
|  | ExtensionPrefs* prefs = ExtensionPrefs::Get(profile()); | 
|  | EXPECT_TRUE(prefs->HasDisableReason( | 
|  | extension->id(), disable_reason::DISABLE_CUSTODIAN_APPROVAL_REQUIRED)); | 
|  | EXPECT_TRUE(prefs->HasDisableReason( | 
|  | extension->id(), disable_reason::DISABLE_UNSUPPORTED_REQUIREMENT)); | 
|  |  | 
|  | // Parent approval should fail because of the unsupported requirements. | 
|  | { | 
|  | supervised_user_delegate_->set_next_parent_permission_dialog_result( | 
|  | SupervisedUserExtensionsDelegate::ExtensionApprovalResult::kApproved); | 
|  | std::string error; | 
|  | bool success = RunSetEnabledFunction(web_contents_.get(), extension->id(), | 
|  | /*user_user_gesture=*/true, | 
|  | /*accept_dialog=*/true, &error); | 
|  | EXPECT_FALSE(success); | 
|  | EXPECT_FALSE(error.empty()); | 
|  | // The parent permission dialog was never opened. | 
|  | EXPECT_EQ(0, supervised_user_delegate_->show_dialog_count()); | 
|  | EXPECT_TRUE(registry()->disabled_extensions().Contains(extension->id())); | 
|  | // The extension should still require parent approval. | 
|  | EXPECT_TRUE(prefs->HasDisableReason( | 
|  | extension->id(), disable_reason::DISABLE_CUSTODIAN_APPROVAL_REQUIRED)); | 
|  | EXPECT_TRUE(prefs->HasDisableReason( | 
|  | extension->id(), disable_reason::DISABLE_UNSUPPORTED_REQUIREMENT)); | 
|  | } | 
|  | } | 
|  |  | 
|  | // Tests UMA metrics related to supervised users enabling and disabling | 
|  | // extensions. | 
|  | TEST_F(ManagementApiSupervisedUserTest, SetEnabledDisabled_UmaMetrics) { | 
|  | base::HistogramTester histogram_tester; | 
|  | base::UserActionTester user_action_tester; | 
|  |  | 
|  | base::FilePath base_path = data_dir().AppendASCII("permissions_increase"); | 
|  | base::FilePath pem_path = base_path.AppendASCII("permissions.pem"); | 
|  |  | 
|  | base::FilePath path = base_path.AppendASCII("v1"); | 
|  | const Extension* extension = | 
|  | PackAndInstallCRX(path, pem_path, INSTALL_WITHOUT_LOAD); | 
|  | ASSERT_TRUE(extension); | 
|  |  | 
|  | // The parent will approve. | 
|  | supervised_user_delegate_->set_next_parent_permission_dialog_result( | 
|  | SupervisedUserExtensionsDelegate::ExtensionApprovalResult::kApproved); | 
|  |  | 
|  | RunSetEnabledFunction(web_contents_.get(), extension->id(), | 
|  | /*use_user_gesture=*/true, /*accept_dialog=*/true, | 
|  | nullptr, /*enabled=*/true); | 
|  | histogram_tester.ExpectUniqueSample( | 
|  | SupervisedUserExtensionsMetricsRecorder::kEnablementHistogramName, | 
|  | SupervisedUserExtensionsMetricsRecorder::EnablementState::kEnabled, 1); | 
|  | histogram_tester.ExpectTotalCount( | 
|  | SupervisedUserExtensionsMetricsRecorder::kEnablementHistogramName, 1); | 
|  | EXPECT_EQ(1, | 
|  | user_action_tester.GetActionCount( | 
|  | SupervisedUserExtensionsMetricsRecorder::kEnabledActionName)); | 
|  | EXPECT_EQ(0, | 
|  | user_action_tester.GetActionCount( | 
|  | SupervisedUserExtensionsMetricsRecorder::kDisabledActionName)); | 
|  |  | 
|  | // Simulate supervised user disabling extension. | 
|  | RunSetEnabledFunction(web_contents_.get(), extension->id(), | 
|  | /*use_user_gesture=*/true, /*accept_dialog=*/true, | 
|  | nullptr, /*enabled=*/false); | 
|  | histogram_tester.ExpectBucketCount( | 
|  | SupervisedUserExtensionsMetricsRecorder::kEnablementHistogramName, | 
|  | SupervisedUserExtensionsMetricsRecorder::EnablementState::kDisabled, 1); | 
|  | histogram_tester.ExpectTotalCount( | 
|  | SupervisedUserExtensionsMetricsRecorder::kEnablementHistogramName, 2); | 
|  | EXPECT_EQ(1, | 
|  | user_action_tester.GetActionCount( | 
|  | SupervisedUserExtensionsMetricsRecorder::kEnabledActionName)); | 
|  | EXPECT_EQ(1, | 
|  | user_action_tester.GetActionCount( | 
|  | SupervisedUserExtensionsMetricsRecorder::kDisabledActionName)); | 
|  |  | 
|  | // Simulate supervised user re-enabling extension. | 
|  | RunSetEnabledFunction(web_contents_.get(), extension->id(), | 
|  | /*use_user_gesture=*/true, /*accept_dialog=*/true, | 
|  | nullptr, /*enabled=*/true); | 
|  | histogram_tester.ExpectBucketCount( | 
|  | SupervisedUserExtensionsMetricsRecorder::kEnablementHistogramName, | 
|  | SupervisedUserExtensionsMetricsRecorder::EnablementState::kEnabled, 2); | 
|  | histogram_tester.ExpectTotalCount( | 
|  | SupervisedUserExtensionsMetricsRecorder::kEnablementHistogramName, 3); | 
|  | EXPECT_EQ(2, | 
|  | user_action_tester.GetActionCount( | 
|  | SupervisedUserExtensionsMetricsRecorder::kEnabledActionName)); | 
|  | EXPECT_EQ(1, | 
|  | user_action_tester.GetActionCount( | 
|  | SupervisedUserExtensionsMetricsRecorder::kDisabledActionName)); | 
|  | } | 
|  |  | 
|  | // Tests for supervised users (child accounts) with additional setup code. | 
|  | class ManagementApiSupervisedUserTestWithSetup | 
|  | : public ManagementApiSupervisedUserTest { | 
|  | public: | 
|  | ManagementApiSupervisedUserTestWithSetup() = default; | 
|  | ~ManagementApiSupervisedUserTestWithSetup() override = default; | 
|  |  | 
|  | void SetUp() override { | 
|  | ManagementApiSupervisedUserTest::SetUp(); | 
|  |  | 
|  | // Install a ManagementAPIDelegate to sense extension enable. | 
|  | delegate_ = new TestManagementAPIDelegate; | 
|  | management_api_->set_delegate_for_test(base::WrapUnique(delegate_.get())); | 
|  |  | 
|  | // Add a generic extension. | 
|  | extension_ = ExtensionBuilder("Test").Build(); | 
|  | service()->AddExtension(extension_.get()); | 
|  | EXPECT_TRUE(registry()->enabled_extensions().Contains(extension_->id())); | 
|  | } | 
|  |  | 
|  | raw_ptr<TestManagementAPIDelegate> delegate_ = nullptr; | 
|  | scoped_refptr<const Extension> extension_; | 
|  | }; | 
|  |  | 
|  | TEST_F(ManagementApiSupervisedUserTestWithSetup, SetEnabled_ParentApproves) { | 
|  | // Preconditions. | 
|  | ASSERT_TRUE(profile()->IsChild()); | 
|  | ASSERT_EQ(0, delegate_->enable_count_); | 
|  | ASSERT_EQ(0, supervised_user_delegate_->show_dialog_count()); | 
|  |  | 
|  | // Start with a disabled extension that needs parent permission. | 
|  | service()->DisableExtension( | 
|  | extension_->id(), disable_reason::DISABLE_CUSTODIAN_APPROVAL_REQUIRED); | 
|  |  | 
|  | // The parent will approve. | 
|  | supervised_user_delegate_->set_next_parent_permission_dialog_result( | 
|  | SupervisedUserExtensionsDelegate::ExtensionApprovalResult::kApproved); | 
|  |  | 
|  | // Simulate a call to chrome.management.setEnabled(). It should succeed. | 
|  | std::string error; | 
|  | bool success = RunSetEnabledFunction(web_contents_.get(), extension_->id(), | 
|  | /*use_user_gesture=*/true, | 
|  | /*accept_dialog=*/true, &error); | 
|  | EXPECT_TRUE(success) << error; | 
|  | EXPECT_TRUE(error.empty()); | 
|  |  | 
|  | // Parent permission dialog was opened. | 
|  | EXPECT_EQ(1, supervised_user_delegate_->show_dialog_count()); | 
|  |  | 
|  | // Extension was enabled. | 
|  | EXPECT_EQ(1, delegate_->enable_count_); | 
|  | } | 
|  |  | 
|  | TEST_F(ManagementApiSupervisedUserTestWithSetup, SetEnabled_ParentDenies) { | 
|  | // Start with a disabled extension that needs parent permission. | 
|  | service()->DisableExtension( | 
|  | extension_->id(), disable_reason::DISABLE_CUSTODIAN_APPROVAL_REQUIRED); | 
|  |  | 
|  | // The parent will deny the next dialog. | 
|  | supervised_user_delegate_->set_next_parent_permission_dialog_result( | 
|  | SupervisedUserExtensionsDelegate::ExtensionApprovalResult::kCanceled); | 
|  |  | 
|  | // Simulate a call to chrome.management.setEnabled(). It should not succeed. | 
|  | std::string error; | 
|  | bool success = RunSetEnabledFunction(web_contents_.get(), extension_->id(), | 
|  | /*use_user_gesture=*/true, | 
|  | /*accept_dialog=*/true, &error); | 
|  | EXPECT_FALSE(success); | 
|  | EXPECT_FALSE(error.empty()); | 
|  |  | 
|  | // Parent permission dialog was opened. | 
|  | EXPECT_EQ(1, supervised_user_delegate_->show_dialog_count()); | 
|  |  | 
|  | // Extension was not enabled. | 
|  | EXPECT_EQ(0, delegate_->enable_count_); | 
|  | } | 
|  |  | 
|  | TEST_F(ManagementApiSupervisedUserTestWithSetup, SetEnabled_DialogFails) { | 
|  | // Start with a disabled extension that needs parent permission. | 
|  | service()->DisableExtension( | 
|  | extension_->id(), disable_reason::DISABLE_CUSTODIAN_APPROVAL_REQUIRED); | 
|  |  | 
|  | // The next dialog will close due to a failure (e.g. network failure while | 
|  | // looking up parent information). | 
|  | supervised_user_delegate_->set_next_parent_permission_dialog_result( | 
|  | SupervisedUserExtensionsDelegate::ExtensionApprovalResult::kFailed); | 
|  |  | 
|  | // Simulate a call to chrome.management.setEnabled(). It should not succeed. | 
|  | std::string error; | 
|  | bool success = RunSetEnabledFunction(web_contents_.get(), extension_->id(), | 
|  | /*use_user_gesture=*/true, | 
|  | /*accept_dialog=*/true, &error); | 
|  | EXPECT_FALSE(success); | 
|  | EXPECT_FALSE(error.empty()); | 
|  |  | 
|  | // Extension was not enabled. | 
|  | EXPECT_EQ(0, delegate_->enable_count_); | 
|  | } | 
|  |  | 
|  | TEST_F(ManagementApiSupervisedUserTestWithSetup, SetEnabled_PreviouslyAllowed) { | 
|  | // Disable the extension. | 
|  | service()->DisableExtension(extension_->id(), | 
|  | disable_reason::DISABLE_USER_ACTION); | 
|  |  | 
|  | // Simulate previous parent approval. | 
|  | GetSupervisedUserExtensionsDelegate()->AddExtensionApproval(*extension_); | 
|  |  | 
|  | // Simulate a call to chrome.management.setEnabled(). | 
|  | std::string error; | 
|  | bool success = RunSetEnabledFunction(web_contents_.get(), extension_->id(), | 
|  | /*use_user_gesture=*/true, | 
|  | /*accept_dialog=*/true, &error); | 
|  | EXPECT_TRUE(success) << error; | 
|  | EXPECT_TRUE(error.empty()); | 
|  |  | 
|  | // Parent permission dialog was not opened. | 
|  | EXPECT_EQ(0, supervised_user_delegate_->show_dialog_count()); | 
|  | } | 
|  |  | 
|  | // Tests launching the Parent Permission Dialog from a background page, where | 
|  | // there isn't active web contents. The parent approves the request. | 
|  | TEST_F(ManagementApiSupervisedUserTestWithSetup, | 
|  | SetEnabled_ParentPermissionApprovedFromBackgroundPage) { | 
|  | // Preconditions. | 
|  | ASSERT_TRUE(profile()->IsChild()); | 
|  |  | 
|  | // Start with a disabled extension that needs parent permission. | 
|  | service()->DisableExtension( | 
|  | extension_->id(), disable_reason::DISABLE_CUSTODIAN_APPROVAL_REQUIRED); | 
|  |  | 
|  | // The parent will approve. | 
|  | supervised_user_delegate_->set_next_parent_permission_dialog_result( | 
|  | SupervisedUserExtensionsDelegate::ExtensionApprovalResult::kApproved); | 
|  |  | 
|  | // Simulate a call to chrome.management.setEnabled(). It should succeed | 
|  | // despite a lack of web contents. | 
|  | std::string error; | 
|  | bool success = RunSetEnabledFunction( | 
|  | /*web_contents=*/nullptr, extension_->id(), /*use_user_gesture=*/true, | 
|  | /*accept_dialog=*/true, &error); | 
|  | EXPECT_TRUE(success); | 
|  | EXPECT_TRUE(error.empty()); | 
|  |  | 
|  | // Parent Permission Dialog still opened despite the lack of web contents. | 
|  | EXPECT_EQ(1, supervised_user_delegate_->show_dialog_count()); | 
|  | EXPECT_EQ(0, supervised_user_delegate_->show_block_dialog_count()); | 
|  |  | 
|  | // Extension is now enabled. | 
|  | EXPECT_EQ(1, delegate_->enable_count_); | 
|  | } | 
|  |  | 
|  | // Tests launching the Parent Permission Dialog from a background page, where | 
|  | // there isn't active web contents. The parent cancels the request. | 
|  | TEST_F(ManagementApiSupervisedUserTestWithSetup, | 
|  | SetEnabled_ParentPermissionCanceledFromBackgroundPage) { | 
|  | // Preconditions. | 
|  | ASSERT_TRUE(profile()->IsChild()); | 
|  |  | 
|  | // Start with a disabled extension that needs parent permission. | 
|  | service()->DisableExtension( | 
|  | extension_->id(), disable_reason::DISABLE_CUSTODIAN_APPROVAL_REQUIRED); | 
|  |  | 
|  | // The parent will cancel. | 
|  | supervised_user_delegate_->set_next_parent_permission_dialog_result( | 
|  | SupervisedUserExtensionsDelegate::ExtensionApprovalResult::kCanceled); | 
|  |  | 
|  | // Simulate a call to chrome.management.setEnabled() with no web contents. | 
|  | std::string error; | 
|  | bool success = RunSetEnabledFunction( | 
|  | /*web_contents=*/nullptr, extension_->id(), /*use_user_gesture=*/true, | 
|  | /*accept_dialog=*/true, &error); | 
|  | EXPECT_FALSE(success); | 
|  | EXPECT_EQ(extension_management_api_constants::kUserDidNotReEnableError, | 
|  | error); | 
|  |  | 
|  | // Parent Permission Dialog still opened despite the lack of web contents. | 
|  | EXPECT_EQ(1, supervised_user_delegate_->show_dialog_count()); | 
|  | EXPECT_EQ(0, supervised_user_delegate_->show_block_dialog_count()); | 
|  |  | 
|  | // Extension was not enabled. | 
|  | EXPECT_EQ(0, delegate_->enable_count_); | 
|  | } | 
|  |  | 
|  | // Tests launching the Parent Permission Dialog from a background page, where | 
|  | // there isn't active web contents. The request will fail due to some sort of | 
|  | // error, such as a network error. | 
|  | TEST_F(ManagementApiSupervisedUserTestWithSetup, | 
|  | SetEnabled_ParentPermissionFailedFromBackgroundPage) { | 
|  | // Preconditions. | 
|  | ASSERT_TRUE(profile()->IsChild()); | 
|  |  | 
|  | // Start with a disabled extension that needs parent permission. | 
|  | service()->DisableExtension( | 
|  | extension_->id(), disable_reason::DISABLE_CUSTODIAN_APPROVAL_REQUIRED); | 
|  |  | 
|  | // The request will fail. | 
|  | supervised_user_delegate_->set_next_parent_permission_dialog_result( | 
|  | SupervisedUserExtensionsDelegate::ExtensionApprovalResult::kFailed); | 
|  |  | 
|  | // Simulate a call to chrome.management.setEnabled() with no web contents. | 
|  | std::string error; | 
|  | bool success = RunSetEnabledFunction( | 
|  | /*web_contents=*/nullptr, extension_->id(), /*use_user_gesture=*/true, | 
|  | /*accept_dialog=*/true, &error); | 
|  | EXPECT_FALSE(success); | 
|  | EXPECT_EQ(extension_management_api_constants::kParentPermissionFailedError, | 
|  | error); | 
|  |  | 
|  | // Parent Permission Dialog still opened despite the lack of web contents. | 
|  | EXPECT_EQ(1, supervised_user_delegate_->show_dialog_count()); | 
|  | EXPECT_EQ(0, supervised_user_delegate_->show_block_dialog_count()); | 
|  |  | 
|  | // Extension was not enabled. | 
|  | EXPECT_EQ(0, delegate_->enable_count_); | 
|  | } | 
|  |  | 
|  | // Tests launching the Extension Install Blocked By Parent Dialog from a | 
|  | // background page, where there isn't active web contents. | 
|  | TEST_F(ManagementApiSupervisedUserTestWithSetup, | 
|  | SetEnabled_ExtensionInstallBlockedByParentFromBackgroundPage) { | 
|  | // Preconditions. | 
|  | ASSERT_TRUE(profile()->IsChild()); | 
|  |  | 
|  | // Start with a disabled extension that needs parent permission. | 
|  | service()->DisableExtension( | 
|  | extension_->id(), disable_reason::DISABLE_CUSTODIAN_APPROVAL_REQUIRED); | 
|  |  | 
|  | // Simulate the parent disabling the "Permissions for sites, apps and | 
|  | // extensions" toggle. | 
|  | supervised_user_test_util:: | 
|  | SetSupervisedUserExtensionsMayRequestPermissionsPref(profile(), false); | 
|  |  | 
|  | // Simulate a call to chrome.management.setEnabled(). The enable attempt | 
|  | // should be blocked. | 
|  | std::string error; | 
|  | bool success = RunSetEnabledFunction( | 
|  | /*web_contents=*/nullptr, extension_->id(), /*use_user_gesture=*/true, | 
|  | /*accept_dialog=*/true, &error); | 
|  | EXPECT_FALSE(success); | 
|  | const std::string expected_error = ErrorUtils::FormatErrorMessage( | 
|  | extension_management_api_constants::kUserCantModifyError, | 
|  | extension_->id()); | 
|  | EXPECT_EQ(expected_error, error); | 
|  |  | 
|  | // The Extension Install Blocked By Parent Dialog should have opened despite | 
|  | // the lack of web contents. | 
|  | EXPECT_EQ(1, supervised_user_delegate_->show_block_dialog_count()); | 
|  | EXPECT_EQ(0, supervised_user_delegate_->show_dialog_count()); | 
|  |  | 
|  | // Extension was not enabled. | 
|  | EXPECT_EQ(0, delegate_->enable_count_); | 
|  | } | 
|  | #endif  // BUILDFLAG(IS_CHROMEOS_ASH) | 
|  |  | 
|  | }  // namespace | 
|  | }  // namespace extensions |