1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/pickle.h"
6 #include "base/values.h"
7 #include "chrome/common/extensions/extension_messages.h"
8 #include "extensions/common/permissions/api_permission_set.h"
9 #include "extensions/common/permissions/permissions_info.h"
10 #include "ipc/ipc_message.h"
11 #include "testing/gtest/include/gtest/gtest.h"
13 namespace extensions {
15 TEST(APIPermissionSetTest, General) {
16 APIPermissionSet apis;
17 apis.insert(APIPermission::kTab);
18 apis.insert(APIPermission::kBackground);
19 apis.insert(APIPermission::kProxy);
20 apis.insert(APIPermission::kClipboardWrite);
21 apis.insert(APIPermission::kPlugin);
23 EXPECT_EQ(apis.find(APIPermission::kProxy)->id(), APIPermission::kProxy);
24 EXPECT_TRUE(apis.find(APIPermission::kSocket) == apis.end());
26 EXPECT_EQ(apis.size(), 5u);
28 EXPECT_EQ(apis.erase(APIPermission::kTab), 1u);
29 EXPECT_EQ(apis.size(), 4u);
31 EXPECT_EQ(apis.erase(APIPermission::kTab), 0u);
32 EXPECT_EQ(apis.size(), 4u);
35 TEST(APIPermissionSetTest, CreateUnion) {
36 APIPermission* permission = NULL;
38 APIPermissionSet apis1;
39 APIPermissionSet apis2;
40 APIPermissionSet expected_apis;
41 APIPermissionSet result;
43 const APIPermissionInfo* permission_info =
44 PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket);
45 permission = permission_info->CreateAPIPermission();
47 scoped_ptr<base::ListValue> value(new base::ListValue());
48 value->Append(new base::StringValue("tcp-connect:*.example.com:80"));
49 value->Append(new base::StringValue("udp-bind::8080"));
50 value->Append(new base::StringValue("udp-send-to::8888"));
51 if (!permission->FromValue(value.get())) {
56 // Union with an empty set.
57 apis1.insert(APIPermission::kTab);
58 apis1.insert(APIPermission::kBackground);
59 apis1.insert(permission->Clone());
60 expected_apis.insert(APIPermission::kTab);
61 expected_apis.insert(APIPermission::kBackground);
62 expected_apis.insert(permission);
64 APIPermissionSet::Union(apis1, apis2, &result);
66 EXPECT_TRUE(apis1.Contains(apis2));
67 EXPECT_TRUE(apis1.Contains(result));
68 EXPECT_FALSE(apis2.Contains(apis1));
69 EXPECT_FALSE(apis2.Contains(result));
70 EXPECT_TRUE(result.Contains(apis1));
71 EXPECT_TRUE(result.Contains(apis2));
73 EXPECT_EQ(expected_apis, result);
75 // Now use a real second set.
76 apis2.insert(APIPermission::kTab);
77 apis2.insert(APIPermission::kProxy);
78 apis2.insert(APIPermission::kClipboardWrite);
79 apis2.insert(APIPermission::kPlugin);
81 permission = permission_info->CreateAPIPermission();
83 scoped_ptr<base::ListValue> value(new base::ListValue());
84 value->Append(new base::StringValue("tcp-connect:*.example.com:80"));
85 value->Append(new base::StringValue("udp-send-to::8899"));
86 if (!permission->FromValue(value.get())) {
90 apis2.insert(permission);
92 expected_apis.insert(APIPermission::kTab);
93 expected_apis.insert(APIPermission::kProxy);
94 expected_apis.insert(APIPermission::kClipboardWrite);
95 expected_apis.insert(APIPermission::kPlugin);
97 permission = permission_info->CreateAPIPermission();
99 scoped_ptr<base::ListValue> value(new base::ListValue());
100 value->Append(new base::StringValue("tcp-connect:*.example.com:80"));
101 value->Append(new base::StringValue("udp-bind::8080"));
102 value->Append(new base::StringValue("udp-send-to::8888"));
103 value->Append(new base::StringValue("udp-send-to::8899"));
104 if (!permission->FromValue(value.get())) {
108 // Insert a new socket permission which will replace the old one.
109 expected_apis.insert(permission);
111 APIPermissionSet::Union(apis1, apis2, &result);
113 EXPECT_FALSE(apis1.Contains(apis2));
114 EXPECT_FALSE(apis1.Contains(result));
115 EXPECT_FALSE(apis2.Contains(apis1));
116 EXPECT_FALSE(apis2.Contains(result));
117 EXPECT_TRUE(result.Contains(apis1));
118 EXPECT_TRUE(result.Contains(apis2));
120 EXPECT_EQ(expected_apis, result);
123 TEST(APIPermissionSetTest, CreateIntersection) {
124 APIPermission* permission = NULL;
126 APIPermissionSet apis1;
127 APIPermissionSet apis2;
128 APIPermissionSet expected_apis;
129 APIPermissionSet result;
131 const APIPermissionInfo* permission_info =
132 PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket);
134 // Intersection with an empty set.
135 apis1.insert(APIPermission::kTab);
136 apis1.insert(APIPermission::kBackground);
137 permission = permission_info->CreateAPIPermission();
139 scoped_ptr<base::ListValue> value(new base::ListValue());
140 value->Append(new base::StringValue("tcp-connect:*.example.com:80"));
141 value->Append(new base::StringValue("udp-bind::8080"));
142 value->Append(new base::StringValue("udp-send-to::8888"));
143 if (!permission->FromValue(value.get())) {
147 apis1.insert(permission);
149 APIPermissionSet::Intersection(apis1, apis2, &result);
150 EXPECT_TRUE(apis1.Contains(result));
151 EXPECT_TRUE(apis2.Contains(result));
152 EXPECT_TRUE(apis1.Contains(apis2));
153 EXPECT_FALSE(apis2.Contains(apis1));
154 EXPECT_FALSE(result.Contains(apis1));
155 EXPECT_TRUE(result.Contains(apis2));
157 EXPECT_TRUE(result.empty());
158 EXPECT_EQ(expected_apis, result);
160 // Now use a real second set.
161 apis2.insert(APIPermission::kTab);
162 apis2.insert(APIPermission::kProxy);
163 apis2.insert(APIPermission::kClipboardWrite);
164 apis2.insert(APIPermission::kPlugin);
165 permission = permission_info->CreateAPIPermission();
167 scoped_ptr<base::ListValue> value(new base::ListValue());
168 value->Append(new base::StringValue("udp-bind::8080"));
169 value->Append(new base::StringValue("udp-send-to::8888"));
170 value->Append(new base::StringValue("udp-send-to::8899"));
171 if (!permission->FromValue(value.get())) {
175 apis2.insert(permission);
177 expected_apis.insert(APIPermission::kTab);
178 permission = permission_info->CreateAPIPermission();
180 scoped_ptr<base::ListValue> value(new base::ListValue());
181 value->Append(new base::StringValue("udp-bind::8080"));
182 value->Append(new base::StringValue("udp-send-to::8888"));
183 if (!permission->FromValue(value.get())) {
187 expected_apis.insert(permission);
189 APIPermissionSet::Intersection(apis1, apis2, &result);
191 EXPECT_TRUE(apis1.Contains(result));
192 EXPECT_TRUE(apis2.Contains(result));
193 EXPECT_FALSE(apis1.Contains(apis2));
194 EXPECT_FALSE(apis2.Contains(apis1));
195 EXPECT_FALSE(result.Contains(apis1));
196 EXPECT_FALSE(result.Contains(apis2));
198 EXPECT_EQ(expected_apis, result);
201 TEST(APIPermissionSetTest, CreateDifference) {
202 APIPermission* permission = NULL;
204 APIPermissionSet apis1;
205 APIPermissionSet apis2;
206 APIPermissionSet expected_apis;
207 APIPermissionSet result;
209 const APIPermissionInfo* permission_info =
210 PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket);
212 // Difference with an empty set.
213 apis1.insert(APIPermission::kTab);
214 apis1.insert(APIPermission::kBackground);
215 permission = permission_info->CreateAPIPermission();
217 scoped_ptr<base::ListValue> value(new base::ListValue());
218 value->Append(new base::StringValue("tcp-connect:*.example.com:80"));
219 value->Append(new base::StringValue("udp-bind::8080"));
220 value->Append(new base::StringValue("udp-send-to::8888"));
221 if (!permission->FromValue(value.get())) {
225 apis1.insert(permission);
227 APIPermissionSet::Difference(apis1, apis2, &result);
229 EXPECT_EQ(apis1, result);
231 // Now use a real second set.
232 apis2.insert(APIPermission::kTab);
233 apis2.insert(APIPermission::kProxy);
234 apis2.insert(APIPermission::kClipboardWrite);
235 apis2.insert(APIPermission::kPlugin);
236 permission = permission_info->CreateAPIPermission();
238 scoped_ptr<base::ListValue> value(new base::ListValue());
239 value->Append(new base::StringValue("tcp-connect:*.example.com:80"));
240 value->Append(new base::StringValue("udp-send-to::8899"));
241 if (!permission->FromValue(value.get())) {
245 apis2.insert(permission);
247 expected_apis.insert(APIPermission::kBackground);
248 permission = permission_info->CreateAPIPermission();
250 scoped_ptr<base::ListValue> value(new base::ListValue());
251 value->Append(new base::StringValue("udp-bind::8080"));
252 value->Append(new base::StringValue("udp-send-to::8888"));
253 if (!permission->FromValue(value.get())) {
257 expected_apis.insert(permission);
259 APIPermissionSet::Difference(apis1, apis2, &result);
261 EXPECT_TRUE(apis1.Contains(result));
262 EXPECT_FALSE(apis2.Contains(result));
264 EXPECT_EQ(expected_apis, result);
266 // |result| = |apis1| - |apis2| --> |result| intersect |apis2| == empty_set
267 APIPermissionSet result2;
268 APIPermissionSet::Intersection(result, apis2, &result2);
269 EXPECT_TRUE(result2.empty());
272 TEST(APIPermissionSetTest, IPC) {
273 APIPermission* permission = NULL;
275 APIPermissionSet apis;
276 APIPermissionSet expected_apis;
278 const APIPermissionInfo* permission_info =
279 PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket);
281 apis.insert(APIPermission::kTab);
282 apis.insert(APIPermission::kBackground);
283 permission = permission_info->CreateAPIPermission();
285 scoped_ptr<base::ListValue> value(new base::ListValue());
286 value->Append(new base::StringValue("tcp-connect:*.example.com:80"));
287 value->Append(new base::StringValue("udp-bind::8080"));
288 value->Append(new base::StringValue("udp-send-to::8888"));
289 if (!permission->FromValue(value.get())) {
293 apis.insert(permission);
295 EXPECT_NE(apis, expected_apis);
298 WriteParam(&m, apis);
299 PickleIterator iter(m);
300 CHECK(ReadParam(&m, &iter, &expected_apis));
301 EXPECT_EQ(apis, expected_apis);
304 TEST(APIPermissionSetTest, ImplicitPermissions) {
305 APIPermissionSet apis;
306 apis.insert(APIPermission::kFileSystemWrite);
307 apis.AddImpliedPermissions();
309 EXPECT_EQ(apis.find(APIPermission::kFileSystemWrite)->id(),
310 APIPermission::kFileSystemWrite);
311 EXPECT_EQ(apis.size(), 1u);
313 apis.erase(APIPermission::kFileSystemWrite);
314 apis.insert(APIPermission::kFileSystemDirectory);
315 apis.AddImpliedPermissions();
317 EXPECT_EQ(apis.find(APIPermission::kFileSystemDirectory)->id(),
318 APIPermission::kFileSystemDirectory);
319 EXPECT_EQ(apis.size(), 1u);
321 apis.insert(APIPermission::kFileSystemWrite);
322 apis.AddImpliedPermissions();
324 EXPECT_EQ(apis.find(APIPermission::kFileSystemWrite)->id(),
325 APIPermission::kFileSystemWrite);
326 EXPECT_EQ(apis.find(APIPermission::kFileSystemDirectory)->id(),
327 APIPermission::kFileSystemDirectory);
328 EXPECT_EQ(apis.find(APIPermission::kFileSystemWriteDirectory)->id(),
329 APIPermission::kFileSystemWriteDirectory);
330 EXPECT_EQ(apis.size(), 3u);
333 } // namespace extensions