chrome/browser/policy/site_isolation_policy_browsertest.cc - chromium/src - Git at Google

 // Copyright (c) 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "base/macros.h"
 #include "chrome/browser/chrome_content_browser_client.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/test/base/in_process_browser_test.h"
 #include "chrome/test/base/ui_test_utils.h"
 #include "components/policy/core/browser/browser_policy_connector.h"
 #include "components/policy/core/common/mock_configuration_policy_provider.h"
 #include "components/policy/policy_constants.h"
 #include "components/prefs/pref_service.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/site_instance.h"
 #include "content/public/common/content_client.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/test/browser_test_utils.h"
 #include "url/gurl.h"

 class SiteIsolationPolicyBrowserTest : public InProcessBrowserTest {
  protected:
   SiteIsolationPolicyBrowserTest() {}

   struct Expectations {
     const char* url;
     bool isolated;
   };

   void CheckExpectations(Expectations* expectations, size_t count) {
     content::BrowserContext* context = browser()->profile();
     for (size_t i = 0; i < count; ++i) {
       const GURL url(expectations[i].url);
       auto instance = content::SiteInstance::CreateForURL(context, url);
       EXPECT_EQ(expectations[i].isolated, instance->RequiresDedicatedProcess());
     }
   }

   policy::MockConfigurationPolicyProvider provider_;

  private:
   DISALLOW_COPY_AND_ASSIGN(SiteIsolationPolicyBrowserTest);
 };

 class SitePerProcessPolicyBrowserTest : public SiteIsolationPolicyBrowserTest {
  protected:
   SitePerProcessPolicyBrowserTest() {}

   void SetUpInProcessBrowserTestFixture() override {
     // We setup the policy here, because the policy must be 'live' before
     // the renderer is created, since the value for this policy is passed
     // to the renderer via a command-line. Setting the policy in the test
     // itself or in SetUpOnMainThread works for update-able policies, but
     // is too late for this one.
     EXPECT_CALL(provider_, IsInitializationComplete(testing::_))
         .WillRepeatedly(testing::Return(true));
     policy::BrowserPolicyConnector::SetPolicyProviderForTesting(&provider_);

     policy::PolicyMap values;
     values.Set(policy::key::kSitePerProcess, policy::POLICY_LEVEL_MANDATORY,
                policy::POLICY_SCOPE_USER, policy::POLICY_SOURCE_CLOUD,
                std::make_unique<base::Value>(true), nullptr);
     provider_.UpdateChromePolicy(values);

     // Append the automation switch which should disable Site Isolation when the
     // "WebDriverOverridesIncompatiblePolicies" is set. This is tested in the
     // WebDriverSitePerProcessPolicyBrowserTest class below.
     // NOTE: This flag is on for some tests per default but we still force it
     // it here to make sure to avoid possible regressions being missed
     base::CommandLine::ForCurrentProcess()->AppendSwitch(
         switches::kEnableAutomation);
   }

  private:
   DISALLOW_COPY_AND_ASSIGN(SitePerProcessPolicyBrowserTest);
 };

 class IsolateOriginsPolicyBrowserTest : public SiteIsolationPolicyBrowserTest {
  protected:
   IsolateOriginsPolicyBrowserTest() {}

   void SetUpInProcessBrowserTestFixture() override {
     // We setup the policy here, because the policy must be 'live' before
     // the renderer is created, since the value for this policy is passed
     // to the renderer via a command-line. Setting the policy in the test
     // itself or in SetUpOnMainThread works for update-able policies, but
     // is too late for this one.
     EXPECT_CALL(provider_, IsInitializationComplete(testing::_))
         .WillRepeatedly(testing::Return(true));
     policy::BrowserPolicyConnector::SetPolicyProviderForTesting(&provider_);

     policy::PolicyMap values;
     values.Set(policy::key::kIsolateOrigins, policy::POLICY_LEVEL_MANDATORY,
                policy::POLICY_SCOPE_USER, policy::POLICY_SOURCE_CLOUD,
                std::make_unique<base::Value>(
                    "https://example.org/,http://example.com"),
                nullptr);
     provider_.UpdateChromePolicy(values);
   }

  private:
   DISALLOW_COPY_AND_ASSIGN(IsolateOriginsPolicyBrowserTest);
 };

 class WebDriverSitePerProcessPolicyBrowserTest
     : public SitePerProcessPolicyBrowserTest {
  protected:
   WebDriverSitePerProcessPolicyBrowserTest()
       : are_sites_isolated_for_testing_(false) {}

   void SetUpInProcessBrowserTestFixture() override {
     // First take note if tests are running in site isolated environment as this
     // will change the outcome of the test. We can't just call this method after
     // the call to the base setup method because setting the Site Isolation
     // policy is indistinguishable from setting the the command line flag
     // directly.
     are_sites_isolated_for_testing_ = content::AreAllSitesIsolatedForTesting();

     // We setup the policy here, because the policy must be 'live' before the
     // renderer is created, since the value for this policy is passed to the
     // renderer via a command-line. Setting the policy in the test itself or in
     // SetUpOnMainThread works for update-able policies, but is too late for
     // this one.
     SitePerProcessPolicyBrowserTest::SetUpInProcessBrowserTestFixture();

     policy::PolicyMap values;
     values.Set(policy::key::kWebDriverOverridesIncompatiblePolicies,
                policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_USER,
                policy::POLICY_SOURCE_CLOUD, std::make_unique<base::Value>(true),
                nullptr);
     provider_.UpdateChromePolicy(values);
   }

   bool are_sites_isolated_for_testing_;

  private:
   DISALLOW_COPY_AND_ASSIGN(WebDriverSitePerProcessPolicyBrowserTest);
 };

 IN_PROC_BROWSER_TEST_F(SitePerProcessPolicyBrowserTest, Simple) {
   Expectations expectations[] = {
       {"https://foo.com/noodles.html", true},
       {"http://foo.com/", true},
       {"http://example.org/pumpkins.html", true},
   };
   CheckExpectations(expectations, arraysize(expectations));
 }

 IN_PROC_BROWSER_TEST_F(IsolateOriginsPolicyBrowserTest, Simple) {
   // Skip this test if all sites are isolated.
   if (content::AreAllSitesIsolatedForTesting())
     return;

   Expectations expectations[] = {
       {"https://foo.com/noodles.html", false},
       {"http://foo.com/", false},
       {"https://example.org/pumpkins.html", true},
       {"http://example.com/index.php", true},
   };
   CheckExpectations(expectations, arraysize(expectations));
 }

 IN_PROC_BROWSER_TEST_F(WebDriverSitePerProcessPolicyBrowserTest, Simple) {
   Expectations expectations[] = {
       {"https://foo.com/noodles.html", are_sites_isolated_for_testing_},
       {"http://example.org/pumpkins.html", are_sites_isolated_for_testing_},
   };
   CheckExpectations(expectations, arraysize(expectations));
 }
	// Copyright (c) 2017 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "base/macros.h"
	#include "chrome/browser/chrome_content_browser_client.h"
	#include "chrome/browser/profiles/profile.h"
	#include "chrome/browser/ui/browser.h"
	#include "chrome/browser/ui/tabs/tab_strip_model.h"
	#include "chrome/common/pref_names.h"
	#include "chrome/test/base/in_process_browser_test.h"
	#include "chrome/test/base/ui_test_utils.h"
	#include "components/policy/core/browser/browser_policy_connector.h"
	#include "components/policy/core/common/mock_configuration_policy_provider.h"
	#include "components/policy/policy_constants.h"
	#include "components/prefs/pref_service.h"
	#include "content/public/browser/browser_context.h"
	#include "content/public/browser/site_instance.h"
	#include "content/public/common/content_client.h"
	#include "content/public/common/content_switches.h"
	#include "content/public/test/browser_test_utils.h"
	#include "url/gurl.h"

	class SiteIsolationPolicyBrowserTest : public InProcessBrowserTest {
	protected:
	SiteIsolationPolicyBrowserTest() {}

	struct Expectations {
	const char* url;
	bool isolated;
	};

	void CheckExpectations(Expectations* expectations, size_t count) {
	content::BrowserContext* context = browser()->profile();
	for (size_t i = 0; i < count; ++i) {
	const GURL url(expectations[i].url);
	auto instance = content::SiteInstance::CreateForURL(context, url);
	EXPECT_EQ(expectations[i].isolated, instance->RequiresDedicatedProcess());
	}
	}

	policy::MockConfigurationPolicyProvider provider_;

	private:
	DISALLOW_COPY_AND_ASSIGN(SiteIsolationPolicyBrowserTest);
	};

	class SitePerProcessPolicyBrowserTest : public SiteIsolationPolicyBrowserTest {
	protected:
	SitePerProcessPolicyBrowserTest() {}

	void SetUpInProcessBrowserTestFixture() override {
	// We setup the policy here, because the policy must be 'live' before
	// the renderer is created, since the value for this policy is passed
	// to the renderer via a command-line. Setting the policy in the test
	// itself or in SetUpOnMainThread works for update-able policies, but
	// is too late for this one.
	EXPECT_CALL(provider_, IsInitializationComplete(testing::_))
	.WillRepeatedly(testing::Return(true));
	policy::BrowserPolicyConnector::SetPolicyProviderForTesting(&provider_);

	policy::PolicyMap values;
	values.Set(policy::key::kSitePerProcess, policy::POLICY_LEVEL_MANDATORY,
	policy::POLICY_SCOPE_USER, policy::POLICY_SOURCE_CLOUD,
	std::make_unique<base::Value>(true), nullptr);
	provider_.UpdateChromePolicy(values);

	// Append the automation switch which should disable Site Isolation when the
	// "WebDriverOverridesIncompatiblePolicies" is set. This is tested in the
	// WebDriverSitePerProcessPolicyBrowserTest class below.
	// NOTE: This flag is on for some tests per default but we still force it
	// it here to make sure to avoid possible regressions being missed
	base::CommandLine::ForCurrentProcess()->AppendSwitch(
	switches::kEnableAutomation);
	}

	private:
	DISALLOW_COPY_AND_ASSIGN(SitePerProcessPolicyBrowserTest);
	};

	class IsolateOriginsPolicyBrowserTest : public SiteIsolationPolicyBrowserTest {
	protected:
	IsolateOriginsPolicyBrowserTest() {}

	void SetUpInProcessBrowserTestFixture() override {
	// We setup the policy here, because the policy must be 'live' before
	// the renderer is created, since the value for this policy is passed
	// to the renderer via a command-line. Setting the policy in the test
	// itself or in SetUpOnMainThread works for update-able policies, but
	// is too late for this one.
	EXPECT_CALL(provider_, IsInitializationComplete(testing::_))
	.WillRepeatedly(testing::Return(true));
	policy::BrowserPolicyConnector::SetPolicyProviderForTesting(&provider_);

	policy::PolicyMap values;
	values.Set(policy::key::kIsolateOrigins, policy::POLICY_LEVEL_MANDATORY,
	policy::POLICY_SCOPE_USER, policy::POLICY_SOURCE_CLOUD,
	std::make_unique<base::Value>(
	"https://example.org/,http://example.com"),
	nullptr);
	provider_.UpdateChromePolicy(values);
	}

	private:
	DISALLOW_COPY_AND_ASSIGN(IsolateOriginsPolicyBrowserTest);
	};

	class WebDriverSitePerProcessPolicyBrowserTest
	: public SitePerProcessPolicyBrowserTest {
	protected:
	WebDriverSitePerProcessPolicyBrowserTest()
	: are_sites_isolated_for_testing_(false) {}

	void SetUpInProcessBrowserTestFixture() override {
	// First take note if tests are running in site isolated environment as this
	// will change the outcome of the test. We can't just call this method after
	// the call to the base setup method because setting the Site Isolation
	// policy is indistinguishable from setting the the command line flag
	// directly.
	are_sites_isolated_for_testing_ = content::AreAllSitesIsolatedForTesting();

	// We setup the policy here, because the policy must be 'live' before the
	// renderer is created, since the value for this policy is passed to the
	// renderer via a command-line. Setting the policy in the test itself or in
	// SetUpOnMainThread works for update-able policies, but is too late for
	// this one.
	SitePerProcessPolicyBrowserTest::SetUpInProcessBrowserTestFixture();

	policy::PolicyMap values;
	values.Set(policy::key::kWebDriverOverridesIncompatiblePolicies,
	policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_USER,
	policy::POLICY_SOURCE_CLOUD, std::make_unique<base::Value>(true),
	nullptr);
	provider_.UpdateChromePolicy(values);
	}

	bool are_sites_isolated_for_testing_;

	private:
	DISALLOW_COPY_AND_ASSIGN(WebDriverSitePerProcessPolicyBrowserTest);
	};

	IN_PROC_BROWSER_TEST_F(SitePerProcessPolicyBrowserTest, Simple) {
	Expectations expectations[] = {
	{"https://foo.com/noodles.html", true},
	{"http://foo.com/", true},
	{"http://example.org/pumpkins.html", true},
	};
	CheckExpectations(expectations, arraysize(expectations));
	}

	IN_PROC_BROWSER_TEST_F(IsolateOriginsPolicyBrowserTest, Simple) {
	// Skip this test if all sites are isolated.
	if (content::AreAllSitesIsolatedForTesting())
	return;

	Expectations expectations[] = {
	{"https://foo.com/noodles.html", false},
	{"http://foo.com/", false},
	{"https://example.org/pumpkins.html", true},
	{"http://example.com/index.php", true},
	};
	CheckExpectations(expectations, arraysize(expectations));
	}

	IN_PROC_BROWSER_TEST_F(WebDriverSitePerProcessPolicyBrowserTest, Simple) {
	Expectations expectations[] = {
	{"https://foo.com/noodles.html", are_sites_isolated_for_testing_},
	{"http://example.org/pumpkins.html", are_sites_isolated_for_testing_},
	};
	CheckExpectations(expectations, arraysize(expectations));
	}