Google Git
Sign in
chromium / chromium / src / cbaaf9e4b2e38ef837831c07d3f25fc1e7276e96 / . / chrome / browser / extensions / api / permissions / permissions_apitest.cc
blob: a311cb4c6073e52203ec6122050d4c19c19f0de5 [file] [log] [blame]
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "base/test/metrics/histogram_tester.h"
#include "build/chromeos_buildflags.h"
#include "chrome/browser/extensions/api/permissions/permissions_api.h"
#include "chrome/browser/extensions/extension_apitest.h"
#include "chrome/browser/extensions/extension_management_test_util.h"
#include "chrome/browser/extensions/extension_with_management_policy_apitest.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/ui/browser.h"
#include "chrome/test/base/ui_test_utils.h"
#include "components/policy/core/browser/browser_policy_connector.h"
#include "components/policy/core/common/mock_configuration_policy_provider.h"
#include "content/public/test/browser_test.h"
#include "extensions/browser/extension_prefs.h"
#include "extensions/common/permissions/permission_set.h"
#include "extensions/common/scoped_worker_based_extensions_channel.h"
#include "extensions/common/switches.h"
#include "net/dns/mock_host_resolver.h"
namespace extensions {
namespace {
static void AddPattern(URLPatternSet* extent, const std::string& pattern) {
int schemes = URLPattern::SCHEME_ALL;
extent->AddPattern(URLPattern(schemes, pattern));
}
} // namespace
using ContextType = ExtensionBrowserTest::ContextType;
class ExperimentalApiTest : public ExtensionApiTest {
public:
void SetUpCommandLine(base::CommandLine* command_line) override {
ExtensionApiTest::SetUpCommandLine(command_line);
command_line->AppendSwitch(switches::kEnableExperimentalExtensionApis);
}
};
class PermissionsApiTest : public ExtensionApiTest {
public:
void SetUpOnMainThread() override {
ExtensionApiTest::SetUpOnMainThread();
host_resolver()->AddRule("*", "127.0.0.1");
}
};
class PermissionsApiTestWithContextType
: public PermissionsApiTest,
public testing::WithParamInterface<ContextType> {
public:
PermissionsApiTestWithContextType() {
// Service Workers are currently only available on certain channels, so set
// the channel for those tests.
if (GetParam() == ContextType::kServiceWorker) {
current_channel_ = std::make_unique<ScopedWorkerBasedExtensionsChannel>();
}
}
protected:
bool RunTest(const std::string& extension_name) {
int browser_test_flags = kFlagNone;
if (GetParam() == ContextType::kServiceWorker)
browser_test_flags |= kFlagRunAsServiceWorkerBasedExtension;
return RunExtensionTestWithFlags(extension_name, browser_test_flags,
kFlagNone);
}
private:
std::unique_ptr<extensions::ScopedWorkerBasedExtensionsChannel>
current_channel_;
};
IN_PROC_BROWSER_TEST_F(PermissionsApiTest, PermissionsFail) {
ASSERT_TRUE(RunExtensionTest("permissions/disabled")) << message_;
// Since the experimental APIs require a flag, this will fail even though
// it's enabled.
// TODO(erikkay) This test is currently broken because LoadExtension in
// ExtensionBrowserTest doesn't actually fail, it just times out. To fix this
// I'll need to add an EXTENSION_LOAD_ERROR notification, which is probably
// too much for the branch. I'll enable this on trunk later.
// ASSERT_FALSE(RunExtensionTest("permissions/enabled"))) << message_;
}
IN_PROC_BROWSER_TEST_F(ExperimentalApiTest, PermissionsSucceed) {
ASSERT_TRUE(RunExtensionTest("permissions/enabled")) << message_;
}
IN_PROC_BROWSER_TEST_F(PermissionsApiTest, ExperimentalPermissionsFail) {
// At the time this test is being created, there is no experimental
// function that will not be graduating soon, and does not require a
// tab id as an argument. So, we need the tab permission to get
// a tab id.
ASSERT_TRUE(RunExtensionTest("permissions/experimental_disabled"))
<< message_;
}
// TODO(crbug/1065399): Flaky on ChromeOS and Linux non-dbg builds.
#if (defined(OS_LINUX) || defined(OS_CHROMEOS)) && defined(NDEBUG)
#define MAYBE_FaviconPermission DISABLED_FaviconPermission
#else
#define MAYBE_FaviconPermission FaviconPermission
#endif
IN_PROC_BROWSER_TEST_F(PermissionsApiTest, MAYBE_FaviconPermission) {
base::HistogramTester tester;
ASSERT_TRUE(RunExtensionTest("permissions/favicon")) << message_;
tester.ExpectBucketCount("Extensions.FaviconResourceRequested",
Manifest::TYPE_EXTENSION, 1);
}
// Test functions and APIs that are always allowed (even if you ask for no
// permissions).
// Flaky on MacOS and Linux (see crbug/1064929, crbug/1101043).
#if (defined(OS_MAC) || BUILDFLAG(IS_CHROMEOS_ASH))
#define MAYBE_AlwaysAllowed DISABLED_AlwaysAllowed
#else
#define MAYBE_AlwaysAllowed AlwaysAllowed
#endif
IN_PROC_BROWSER_TEST_F(PermissionsApiTest, MAYBE_AlwaysAllowed) {
ASSERT_TRUE(RunExtensionTest("permissions/always_allowed")) << message_;
}
// Tests that the optional permissions API works correctly.
IN_PROC_BROWSER_TEST_P(PermissionsApiTestWithContextType,
OptionalPermissionsGranted) {
// Mark all the tested APIs as granted to bypass the confirmation UI.
APIPermissionSet apis;
apis.insert(APIPermission::kBookmark);
URLPatternSet explicit_hosts;
AddPattern(&explicit_hosts, "http://*.c.com/*");
ExtensionPrefs* prefs = ExtensionPrefs::Get(browser()->profile());
prefs->AddRuntimeGrantedPermissions(
"kjmkgkdkpedkejedfhmfcenooemhbpbo",
PermissionSet(std::move(apis), ManifestPermissionSet(),
std::move(explicit_hosts), URLPatternSet()));
PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
ASSERT_TRUE(StartEmbeddedTestServer());
EXPECT_TRUE(RunTest("permissions/optional")) << message_;
}
// Tests that the optional permissions API works correctly.
IN_PROC_BROWSER_TEST_P(PermissionsApiTestWithContextType,
OptionalPermissionsAutoConfirm) {
// Rather than setting the granted permissions, set the UI autoconfirm flag
// and run the same tests.
PermissionsRequestFunction::SetAutoConfirmForTests(true);
PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
ASSERT_TRUE(StartEmbeddedTestServer());
EXPECT_TRUE(RunTest("permissions/optional")) << message_;
}
// Test that denying the optional permissions confirmation dialog works.
IN_PROC_BROWSER_TEST_F(PermissionsApiTest, OptionalPermissionsDeny) {
// Mark the management permission as already granted since we auto reject
// user prompts.
APIPermissionSet apis;
apis.insert(APIPermission::kManagement);
ExtensionPrefs* prefs = ExtensionPrefs::Get(browser()->profile());
prefs->AddRuntimeGrantedPermissions(
"kjmkgkdkpedkejedfhmfcenooemhbpbo",
PermissionSet(std::move(apis), ManifestPermissionSet(), URLPatternSet(),
URLPatternSet()));
PermissionsRequestFunction::SetAutoConfirmForTests(false);
PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
ASSERT_TRUE(StartEmbeddedTestServer());
EXPECT_TRUE(RunExtensionTest("permissions/optional_deny")) << message_;
}
// Tests that the permissions.request function must be called from within a
// user gesture.
IN_PROC_BROWSER_TEST_F(PermissionsApiTest, OptionalPermissionsGesture) {
PermissionsRequestFunction::SetIgnoreUserGestureForTests(false);
ASSERT_TRUE(StartEmbeddedTestServer());
EXPECT_TRUE(RunExtensionTest("permissions/optional_gesture")) << message_;
}
// Tests that the user gesture is retained in the permissions.request function
// callback.
IN_PROC_BROWSER_TEST_F(PermissionsApiTest, OptionalPermissionsRetainGesture) {
PermissionsRequestFunction::SetAutoConfirmForTests(true);
PermissionsRequestFunction::SetIgnoreUserGestureForTests(false);
ASSERT_TRUE(StartEmbeddedTestServer());
EXPECT_TRUE(RunExtensionTest("permissions/optional_retain_gesture"))
<< message_;
}
// Test that optional permissions blocked by enterprise policy will be denied
// automatically.
IN_PROC_BROWSER_TEST_F(ExtensionApiTestWithManagementPolicy,
OptionalPermissionsPolicyBlocked) {
// Set enterprise policy to block some API permissions.
{
ExtensionManagementPolicyUpdater pref(&policy_provider_);
pref.AddBlockedPermission("*", "management");
}
// Set auto confirm UI flag.
PermissionsRequestFunction::SetAutoConfirmForTests(true);
PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
EXPECT_TRUE(RunExtensionTest("permissions/optional_policy_blocked"))
<< message_;
}
// Tests that an extension can't gain access to file: URLs without the checkbox
// entry in prefs. There shouldn't be a warning either.
IN_PROC_BROWSER_TEST_F(PermissionsApiTest, OptionalPermissionsFileAccess) {
// There shouldn't be a warning, so we shouldn't need to autoconfirm.
PermissionsRequestFunction::SetAutoConfirmForTests(false);
PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
ExtensionPrefs* prefs = ExtensionPrefs::Get(browser()->profile());
EXPECT_TRUE(
RunExtensionTestNoFileAccess("permissions/file_access_no")) << message_;
EXPECT_FALSE(prefs->AllowFileAccess("dgloelfbnddbdacakahpogklfdcccbib"));
EXPECT_TRUE(RunExtensionTest("permissions/file_access_yes")) << message_;
// TODO(kalman): ugh, it would be nice to test this condition, but it seems
// like there's somehow a race here where the prefs aren't updated in time
// with the "allow file access" bit, so we'll just have to trust that
// RunExtensionTest (unlike RunExtensionTestNoFileAccess) does indeed
// not set the allow file access bit. Otherwise this test doesn't mean
// a whole lot (i.e. file access works - but it'd better not be the case
// that the extension actually has file access, since that'd be the bug
// that this is supposed to be testing).
// EXPECT_TRUE(prefs->AllowFileAccess("hlonmbgfjccgolnaboonlakjckinmhmd"));
}
// Tests loading of files or directory listings when an extension has file
// access.
IN_PROC_BROWSER_TEST_F(PermissionsApiTest, FileLoad) {
base::ScopedTempDir temp_dir;
{
base::ScopedAllowBlockingForTesting allow_blocking;
ASSERT_TRUE(temp_dir.CreateUniqueTempDir());
base::FilePath empty_file = temp_dir.GetPath().AppendASCII("empty.html");
base::FilePath original_empty_file = ui_test_utils::GetTestFilePath(
base::FilePath(), base::FilePath().AppendASCII("empty.html"));
EXPECT_TRUE(base::PathExists(original_empty_file));
EXPECT_TRUE(base::CopyFile(original_empty_file, empty_file));
}
EXPECT_TRUE(RunExtensionTestWithFlagsAndArg(
"permissions/file_load", temp_dir.GetPath().MaybeAsASCII().c_str(),
kFlagEnableFileAccess, kFlagNone))
<< message_;
{
base::ScopedAllowBlockingForTesting allow_blocking;
ASSERT_TRUE(temp_dir.Delete());
}
}
// Test requesting, querying, and removing host permissions for host
// permissions that are a subset of the optional permissions.
IN_PROC_BROWSER_TEST_F(PermissionsApiTest, HostSubsets) {
PermissionsRequestFunction::SetAutoConfirmForTests(true);
PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
EXPECT_TRUE(RunExtensionTest("permissions/host_subsets")) << message_;
}
// Tests that requesting an optional permission from a background page, with
// another window open, grants the permission and updates the bindings
// (chrome.whatever, in this case chrome.alarms). Regression test for
// crbug.com/435141, see details there for trickiness.
IN_PROC_BROWSER_TEST_F(PermissionsApiTest, OptionalPermissionsUpdatesBindings) {
ASSERT_TRUE(RunExtensionTest("permissions/optional_updates_bindings"))
<< message_;
}
INSTANTIATE_TEST_SUITE_P(PersistentBackground,
PermissionsApiTestWithContextType,
testing::Values(ContextType::kPersistentBackground));
INSTANTIATE_TEST_SUITE_P(ServiceWorker,
PermissionsApiTestWithContextType,
testing::Values(ContextType::kServiceWorker));
} // namespace extensions