#include "base/command_line.h"
#include "base/json/json_file_value_serializer.h"
#include "base/logging.h"
-#include "base/path_service.h"
#include "base/strings/utf_string_conversions.h"
#include "chrome/common/chrome_paths.h"
#include "chrome/common/chrome_switches.h"
#include "chrome/common/extensions/extension_test_util.h"
#include "chrome/common/extensions/features/feature_channel.h"
#include "chrome/common/extensions/permissions/chrome_permission_message_provider.h"
-#include "chrome/common/extensions/permissions/permission_message_util.h"
-#include "chrome/common/extensions/permissions/socket_permission.h"
+#include "chrome/grit/generated_resources.h"
#include "extensions/common/error_utils.h"
#include "extensions/common/extension.h"
+#include "extensions/common/extension_builder.h"
#include "extensions/common/permissions/permission_message_provider.h"
+#include "extensions/common/permissions/permission_message_util.h"
#include "extensions/common/permissions/permission_set.h"
#include "extensions/common/permissions/permissions_data.h"
#include "extensions/common/permissions/permissions_info.h"
+#include "extensions/common/permissions/socket_permission.h"
+#include "extensions/common/value_builder.h"
+#include "extensions/strings/grit/extensions_strings.h"
#include "testing/gtest/include/gtest/gtest.h"
+#include "ui/base/l10n/l10n_util.h"
using extension_test_util::LoadManifest;
scoped_refptr<const PermissionSet> permissions;
extension = LoadManifest("effective_host_permissions", "empty.json");
- permissions = extension->GetActivePermissions();
+ permissions = extension->permissions_data()->active_permissions();
EXPECT_EQ(0u,
- PermissionsData::GetEffectiveHostPermissions(extension.get())
- .patterns().size());
+ extension->permissions_data()
+ ->GetEffectiveHostPermissions()
+ .patterns()
+ .size());
EXPECT_FALSE(
permissions->HasEffectiveAccessToURL(GURL("http://www.google.com")));
EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
extension = LoadManifest("effective_host_permissions", "one_host.json");
- permissions = extension->GetActivePermissions();
+ permissions = extension->permissions_data()->active_permissions();
EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
GURL("http://www.google.com")));
EXPECT_FALSE(permissions->HasEffectiveAccessToURL(
extension = LoadManifest("effective_host_permissions",
"one_host_wildcard.json");
- permissions = extension->GetActivePermissions();
+ permissions = extension->permissions_data()->active_permissions();
EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com")));
EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
GURL("http://foo.google.com")));
EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
extension = LoadManifest("effective_host_permissions", "two_hosts.json");
- permissions = extension->GetActivePermissions();
+ permissions = extension->permissions_data()->active_permissions();
EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
GURL("http://www.google.com")));
EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
extension = LoadManifest("effective_host_permissions",
"https_not_considered.json");
- permissions = extension->GetActivePermissions();
+ permissions = extension->permissions_data()->active_permissions();
EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com")));
EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://google.com")));
EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
extension = LoadManifest("effective_host_permissions",
"two_content_scripts.json");
- permissions = extension->GetActivePermissions();
+ permissions = extension->permissions_data()->active_permissions();
EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com")));
EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
GURL("http://www.reddit.com")));
EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
extension = LoadManifest("effective_host_permissions", "all_hosts.json");
- permissions = extension->GetActivePermissions();
+ permissions = extension->permissions_data()->active_permissions();
EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("https://test/")));
EXPECT_TRUE(
EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts());
extension = LoadManifest("effective_host_permissions", "all_hosts2.json");
- permissions = extension->GetActivePermissions();
+ permissions = extension->permissions_data()->active_permissions();
EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
EXPECT_TRUE(
permissions->HasEffectiveAccessToURL(GURL("http://www.google.com")));
EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts());
extension = LoadManifest("effective_host_permissions", "all_hosts3.json");
- permissions = extension->GetActivePermissions();
+ permissions = extension->permissions_data()->active_permissions();
EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://test/")));
EXPECT_TRUE(
permission = permission_info->CreateAPIPermission();
{
scoped_ptr<base::ListValue> value(new base::ListValue());
- value->Append(
- base::Value::CreateStringValue("tcp-connect:*.example.com:80"));
- value->Append(base::Value::CreateStringValue("udp-bind::8080"));
- value->Append(base::Value::CreateStringValue("udp-send-to::8888"));
- ASSERT_TRUE(permission->FromValue(value.get(), NULL));
+ value->Append(new base::StringValue("tcp-connect:*.example.com:80"));
+ value->Append(new base::StringValue("udp-bind::8080"));
+ value->Append(new base::StringValue("udp-send-to::8888"));
+ ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL));
}
// Union with an empty set.
permission = permission_info->CreateAPIPermission();
{
scoped_ptr<base::ListValue> value(new base::ListValue());
- value->Append(
- base::Value::CreateStringValue("tcp-connect:*.example.com:80"));
- value->Append(base::Value::CreateStringValue("udp-send-to::8899"));
- ASSERT_TRUE(permission->FromValue(value.get(), NULL));
+ value->Append(new base::StringValue("tcp-connect:*.example.com:80"));
+ value->Append(new base::StringValue("udp-send-to::8899"));
+ ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL));
}
apis2.insert(permission);
permission = permission_info->CreateAPIPermission();
{
scoped_ptr<base::ListValue> value(new base::ListValue());
- value->Append(
- base::Value::CreateStringValue("tcp-connect:*.example.com:80"));
- value->Append(base::Value::CreateStringValue("udp-bind::8080"));
- value->Append(base::Value::CreateStringValue("udp-send-to::8888"));
- value->Append(base::Value::CreateStringValue("udp-send-to::8899"));
- ASSERT_TRUE(permission->FromValue(value.get(), NULL));
+ value->Append(new base::StringValue("tcp-connect:*.example.com:80"));
+ value->Append(new base::StringValue("udp-bind::8080"));
+ value->Append(new base::StringValue("udp-send-to::8888"));
+ value->Append(new base::StringValue("udp-send-to::8899"));
+ ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL));
}
// Insert a new permission socket permisssion which will replace the old one.
expected_apis.insert(permission);
permission = permission_info->CreateAPIPermission();
{
scoped_ptr<base::ListValue> value(new base::ListValue());
- value->Append(
- base::Value::CreateStringValue("tcp-connect:*.example.com:80"));
- value->Append(base::Value::CreateStringValue("udp-bind::8080"));
- value->Append(base::Value::CreateStringValue("udp-send-to::8888"));
- ASSERT_TRUE(permission->FromValue(value.get(), NULL));
+ value->Append(new base::StringValue("tcp-connect:*.example.com:80"));
+ value->Append(new base::StringValue("udp-bind::8080"));
+ value->Append(new base::StringValue("udp-send-to::8888"));
+ ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL));
}
apis1.insert(permission);
permission = permission_info->CreateAPIPermission();
{
scoped_ptr<base::ListValue> value(new base::ListValue());
- value->Append(base::Value::CreateStringValue("udp-bind::8080"));
- value->Append(base::Value::CreateStringValue("udp-send-to::8888"));
- value->Append(base::Value::CreateStringValue("udp-send-to::8899"));
- ASSERT_TRUE(permission->FromValue(value.get(), NULL));
+ value->Append(new base::StringValue("udp-bind::8080"));
+ value->Append(new base::StringValue("udp-send-to::8888"));
+ value->Append(new base::StringValue("udp-send-to::8899"));
+ ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL));
}
apis2.insert(permission);
permission = permission_info->CreateAPIPermission();
{
scoped_ptr<base::ListValue> value(new base::ListValue());
- value->Append(base::Value::CreateStringValue("udp-bind::8080"));
- value->Append(base::Value::CreateStringValue("udp-send-to::8888"));
- ASSERT_TRUE(permission->FromValue(value.get(), NULL));
+ value->Append(new base::StringValue("udp-bind::8080"));
+ value->Append(new base::StringValue("udp-send-to::8888"));
+ ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL));
}
expected_apis.insert(permission);
permission = permission_info->CreateAPIPermission();
{
scoped_ptr<base::ListValue> value(new base::ListValue());
- value->Append(
- base::Value::CreateStringValue("tcp-connect:*.example.com:80"));
- value->Append(base::Value::CreateStringValue("udp-bind::8080"));
- value->Append(base::Value::CreateStringValue("udp-send-to::8888"));
- ASSERT_TRUE(permission->FromValue(value.get(), NULL));
+ value->Append(new base::StringValue("tcp-connect:*.example.com:80"));
+ value->Append(new base::StringValue("udp-bind::8080"));
+ value->Append(new base::StringValue("udp-send-to::8888"));
+ ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL));
}
apis1.insert(permission);
permission = permission_info->CreateAPIPermission();
{
scoped_ptr<base::ListValue> value(new base::ListValue());
- value->Append(
- base::Value::CreateStringValue("tcp-connect:*.example.com:80"));
- value->Append(base::Value::CreateStringValue("udp-send-to::8899"));
- ASSERT_TRUE(permission->FromValue(value.get(), NULL));
+ value->Append(new base::StringValue("tcp-connect:*.example.com:80"));
+ value->Append(new base::StringValue("udp-send-to::8899"));
+ ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL));
}
apis2.insert(permission);
permission = permission_info->CreateAPIPermission();
{
scoped_ptr<base::ListValue> value(new base::ListValue());
- value->Append(base::Value::CreateStringValue("udp-bind::8080"));
- value->Append(base::Value::CreateStringValue("udp-send-to::8888"));
- ASSERT_TRUE(permission->FromValue(value.get(), NULL));
+ value->Append(new base::StringValue("udp-bind::8080"));
+ value->Append(new base::StringValue("udp-send-to::8888"));
+ ASSERT_TRUE(permission->FromValue(value.get(), NULL, NULL));
}
expected_apis.insert(permission);
{ "sockets3", true }, // tcp:a.com:80 -> tcp:*:*
};
- for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) {
+ for (size_t i = 0; i < arraysize(kTests); ++i) {
scoped_refptr<Extension> old_extension(
LoadManifest("allow_silent_upgrade",
std::string(kTests[i].base_name) + "_old.json"));
continue;
scoped_refptr<const PermissionSet> old_p(
- old_extension->GetActivePermissions());
+ old_extension->permissions_data()->active_permissions());
scoped_refptr<const PermissionSet> new_p(
- new_extension->GetActivePermissions());
+ new_extension->permissions_data()->active_permissions());
Manifest::Type extension_type = old_extension->GetType();
bool increased = PermissionMessageProvider::Get()->IsPrivilegeIncrease(
// These are considered "nuisance" or "trivial" permissions that don't need
// a prompt.
skip.insert(APIPermission::kActiveTab);
- skip.insert(APIPermission::kAdView);
skip.insert(APIPermission::kAlarms);
+ skip.insert(APIPermission::kAlphaEnabled);
skip.insert(APIPermission::kAlwaysOnTopWindows);
+ skip.insert(APIPermission::kAppView);
skip.insert(APIPermission::kAudio);
skip.insert(APIPermission::kBrowsingData);
skip.insert(APIPermission::kCastStreaming);
+ skip.insert(APIPermission::kCommandsAccessibility);
skip.insert(APIPermission::kContextMenus);
+ skip.insert(APIPermission::kCopresencePrivate);
skip.insert(APIPermission::kDiagnostics);
skip.insert(APIPermission::kDns);
skip.insert(APIPermission::kDownloadsShelf);
+ skip.insert(APIPermission::kEmbeddedExtensionOptions);
skip.insert(APIPermission::kFontSettings);
skip.insert(APIPermission::kFullscreen);
skip.insert(APIPermission::kGcm);
skip.insert(APIPermission::kIdle);
+ skip.insert(APIPermission::kImeWindowEnabled);
skip.insert(APIPermission::kIdltest);
skip.insert(APIPermission::kLogPrivate);
- skip.insert(APIPermission::kNotification);
+ skip.insert(APIPermission::kNotifications);
+ skip.insert(APIPermission::kNotificationProvider);
+ skip.insert(APIPermission::kOverrideEscFullscreen);
skip.insert(APIPermission::kPointerLock);
skip.insert(APIPermission::kPower);
+ skip.insert(APIPermission::kPrinterProvider);
skip.insert(APIPermission::kPushMessaging);
skip.insert(APIPermission::kSessions);
skip.insert(APIPermission::kStorage);
skip.insert(APIPermission::kSystemStorage);
skip.insert(APIPermission::kTts);
skip.insert(APIPermission::kUnlimitedStorage);
+ skip.insert(APIPermission::kWebcamPrivate);
skip.insert(APIPermission::kWebView);
- skip.insert(APIPermission::kOverrideEscFullscreen);
+ skip.insert(APIPermission::kWindowShape);
+
+ // These permissions are restricted to extensions force-installed by policy
+ // and don't require a prompt, i.e. they're restricted to location 'policy'.
+ skip.insert(APIPermission::kEnterprisePlatformKeys);
// TODO(erikkay) add a string for this permission.
skip.insert(APIPermission::kBackground);
skip.insert(APIPermission::kIdentity);
// These are private.
+ skip.insert(APIPermission::kAccessibilityPrivate);
skip.insert(APIPermission::kAutoTestPrivate);
skip.insert(APIPermission::kBookmarkManagerPrivate);
skip.insert(APIPermission::kBrailleDisplayPrivate);
skip.insert(APIPermission::kDeveloperPrivate);
skip.insert(APIPermission::kDial);
skip.insert(APIPermission::kDownloadsInternal);
+ skip.insert(APIPermission::kEasyUnlockPrivate);
skip.insert(APIPermission::kEchoPrivate);
skip.insert(APIPermission::kEnterprisePlatformKeysPrivate);
skip.insert(APIPermission::kFeedbackPrivate);
skip.insert(APIPermission::kFileBrowserHandlerInternal);
- skip.insert(APIPermission::kFileBrowserPrivate);
+ skip.insert(APIPermission::kFileManagerPrivate);
skip.insert(APIPermission::kFirstRunPrivate);
+ skip.insert(APIPermission::kGcdPrivate);
skip.insert(APIPermission::kHotwordPrivate);
skip.insert(APIPermission::kIdentityPrivate);
skip.insert(APIPermission::kInfobars);
skip.insert(APIPermission::kReadingListPrivate);
skip.insert(APIPermission::kRtcPrivate);
skip.insert(APIPermission::kStreamsPrivate);
+ skip.insert(APIPermission::kSyncedNotificationsPrivate);
skip.insert(APIPermission::kSystemPrivate);
skip.insert(APIPermission::kTabCaptureForTab);
skip.insert(APIPermission::kTerminalPrivate);
skip.insert(APIPermission::kVirtualKeyboardPrivate);
skip.insert(APIPermission::kWallpaperPrivate);
- skip.insert(APIPermission::kWebRequestInternal);
skip.insert(APIPermission::kWebrtcAudioPrivate);
skip.insert(APIPermission::kWebrtcLoggingPrivate);
skip.insert(APIPermission::kWebstorePrivate);
skip.insert(APIPermission::kDevtools);
// Platform apps.
+ skip.insert(APIPermission::kBrowser);
skip.insert(APIPermission::kFileSystem);
skip.insert(APIPermission::kFileSystemProvider);
skip.insert(APIPermission::kFileSystemRetainEntries);
+ skip.insert(APIPermission::kFileSystemWrite);
skip.insert(APIPermission::kSocket);
skip.insert(APIPermission::kUsbDevice);
+ // We already have a generic message for declaring externally_connectable.
+ skip.insert(APIPermission::kExternallyConnectableAllUrls);
+
PermissionsInfo* info = PermissionsInfo::GetInstance();
APIPermissionSet permissions = info->GetAll();
for (APIPermissionSet::const_iterator i = permissions.begin();
URLPatternSet(), URLPatternSet()));
PermissionMessages messages =
PermissionMessageProvider::Get()->GetPermissionMessages(
- permissions, Manifest::TYPE_PLATFORM_APP);
- ASSERT_EQ(2u, messages.size());
+ permissions.get(), Manifest::TYPE_PLATFORM_APP);
+ ASSERT_EQ(1u, messages.size());
std::sort(messages.begin(), messages.end());
std::set<PermissionMessage::ID> ids;
for (PermissionMessages::const_iterator it = messages.begin();
ids.insert(it->id());
}
EXPECT_TRUE(ContainsKey(ids, PermissionMessage::kFileSystemDirectory));
- EXPECT_TRUE(ContainsKey(ids, PermissionMessage::kFileSystemWrite));
+}
+
+// The file system permissions have a special-case hack to show a warning for
+// write and directory at the same time.
+// TODO(sammc): Remove this. See http://crbug.com/284849.
+TEST(PermissionsTest, FileSystemImplicitPermissions) {
+ APIPermissionSet apis;
+ apis.insert(APIPermission::kFileSystemWrite);
+ apis.AddImpliedPermissions();
+
+ EXPECT_EQ(apis.find(APIPermission::kFileSystemWrite)->id(),
+ APIPermission::kFileSystemWrite);
+ EXPECT_EQ(apis.size(), 1u);
+
+ apis.erase(APIPermission::kFileSystemWrite);
+ apis.insert(APIPermission::kFileSystemDirectory);
+ apis.AddImpliedPermissions();
+
+ EXPECT_EQ(apis.find(APIPermission::kFileSystemDirectory)->id(),
+ APIPermission::kFileSystemDirectory);
+ EXPECT_EQ(apis.size(), 1u);
+
+ apis.insert(APIPermission::kFileSystemWrite);
+ apis.AddImpliedPermissions();
+
+ EXPECT_EQ(apis.find(APIPermission::kFileSystemWrite)->id(),
+ APIPermission::kFileSystemWrite);
+ EXPECT_EQ(apis.find(APIPermission::kFileSystemDirectory)->id(),
+ APIPermission::kFileSystemDirectory);
+ EXPECT_EQ(apis.find(APIPermission::kFileSystemWriteDirectory)->id(),
+ APIPermission::kFileSystemWriteDirectory);
+ EXPECT_EQ(apis.size(), 3u);
}
TEST(PermissionsTest, HiddenFileSystemPermissionMessages) {
URLPatternSet(), URLPatternSet()));
PermissionMessages messages =
PermissionMessageProvider::Get()->GetPermissionMessages(
- permissions, Manifest::TYPE_PLATFORM_APP);
+ permissions.get(), Manifest::TYPE_PLATFORM_APP);
ASSERT_EQ(1u, messages.size());
EXPECT_EQ(PermissionMessage::kFileSystemWriteDirectory, messages[0].id());
}
+TEST(PermissionsTest, SuppressedPermissionMessages) {
+ {
+ // Tabs warning suppresses favicon warning.
+ APIPermissionSet api_permissions;
+ api_permissions.insert(APIPermission::kTab);
+ URLPatternSet hosts;
+ hosts.AddPattern(URLPattern(URLPattern::SCHEME_CHROMEUI,
+ "chrome://favicon/"));
+ scoped_refptr<PermissionSet> permissions(
+ new PermissionSet(api_permissions, ManifestPermissionSet(),
+ hosts, URLPatternSet()));
+ PermissionMessages messages =
+ PermissionMessageProvider::Get()->GetPermissionMessages(
+ permissions.get(), Manifest::TYPE_EXTENSION);
+ EXPECT_EQ(1u, messages.size());
+ EXPECT_EQ(PermissionMessage::kTabs, messages[0].id());
+ }
+ {
+ // History warning suppresses favicon warning.
+ APIPermissionSet api_permissions;
+ api_permissions.insert(APIPermission::kHistory);
+ URLPatternSet hosts;
+ hosts.AddPattern(URLPattern(URLPattern::SCHEME_CHROMEUI,
+ "chrome://favicon/"));
+ scoped_refptr<PermissionSet> permissions(
+ new PermissionSet(api_permissions, ManifestPermissionSet(),
+ hosts, URLPatternSet()));
+ PermissionMessages messages =
+ PermissionMessageProvider::Get()->GetPermissionMessages(
+ permissions.get(), Manifest::TYPE_EXTENSION);
+ EXPECT_EQ(1u, messages.size());
+ EXPECT_EQ(PermissionMessage::kBrowsingHistory, messages[0].id());
+ }
+ {
+ // All sites warning suppresses tabs warning.
+ APIPermissionSet api_permissions;
+ URLPatternSet hosts;
+ hosts.AddPattern(URLPattern(URLPattern::SCHEME_CHROMEUI, "*://*/*"));
+ api_permissions.insert(APIPermission::kTab);
+ scoped_refptr<PermissionSet> permissions(new PermissionSet(
+ api_permissions, ManifestPermissionSet(), hosts, URLPatternSet()));
+ PermissionMessages messages =
+ PermissionMessageProvider::Get()->GetPermissionMessages(
+ permissions.get(), Manifest::TYPE_EXTENSION);
+ EXPECT_EQ(1u, messages.size());
+ EXPECT_EQ(PermissionMessage::kHostsAll, messages[0].id());
+ }
+ {
+ // All sites warning suppresses topSites warning.
+ APIPermissionSet api_permissions;
+ URLPatternSet hosts;
+ hosts.AddPattern(URLPattern(URLPattern::SCHEME_CHROMEUI, "*://*/*"));
+ api_permissions.insert(APIPermission::kTopSites);
+ scoped_refptr<PermissionSet> permissions(new PermissionSet(
+ api_permissions, ManifestPermissionSet(), hosts, URLPatternSet()));
+ PermissionMessages messages =
+ PermissionMessageProvider::Get()->GetPermissionMessages(
+ permissions.get(), Manifest::TYPE_EXTENSION);
+ EXPECT_EQ(1u, messages.size());
+ EXPECT_EQ(PermissionMessage::kHostsAll, messages[0].id());
+ }
+ {
+ // All sites warning suppresses declarativeWebRequest warning.
+ APIPermissionSet api_permissions;
+ URLPatternSet hosts;
+ hosts.AddPattern(URLPattern(URLPattern::SCHEME_CHROMEUI, "*://*/*"));
+ api_permissions.insert(APIPermission::kDeclarativeWebRequest);
+ scoped_refptr<PermissionSet> permissions(new PermissionSet(
+ api_permissions, ManifestPermissionSet(), hosts, URLPatternSet()));
+ PermissionMessages messages =
+ PermissionMessageProvider::Get()->GetPermissionMessages(
+ permissions.get(), Manifest::TYPE_EXTENSION);
+ EXPECT_EQ(1u, messages.size());
+ EXPECT_EQ(PermissionMessage::kHostsAll, messages[0].id());
+ }
+ {
+ // BrowsingHistory warning suppresses all history read/write warnings.
+ APIPermissionSet api_permissions;
+ api_permissions.insert(APIPermission::kHistory);
+ api_permissions.insert(APIPermission::kTab);
+ api_permissions.insert(APIPermission::kTopSites);
+ api_permissions.insert(APIPermission::kProcesses);
+ api_permissions.insert(APIPermission::kWebNavigation);
+ scoped_refptr<PermissionSet> permissions(
+ new PermissionSet(api_permissions, ManifestPermissionSet(),
+ URLPatternSet(), URLPatternSet()));
+ PermissionMessages messages =
+ PermissionMessageProvider::Get()->GetPermissionMessages(
+ permissions.get(), Manifest::TYPE_EXTENSION);
+ EXPECT_EQ(1u, messages.size());
+ EXPECT_EQ(PermissionMessage::kBrowsingHistory, messages[0].id());
+ }
+ {
+ // Tabs warning suppresses all read-only history warnings.
+ APIPermissionSet api_permissions;
+ api_permissions.insert(APIPermission::kTab);
+ api_permissions.insert(APIPermission::kTopSites);
+ api_permissions.insert(APIPermission::kProcesses);
+ api_permissions.insert(APIPermission::kWebNavigation);
+ scoped_refptr<PermissionSet> permissions(
+ new PermissionSet(api_permissions, ManifestPermissionSet(),
+ URLPatternSet(), URLPatternSet()));
+ PermissionMessages messages =
+ PermissionMessageProvider::Get()->GetPermissionMessages(
+ permissions.get(), Manifest::TYPE_EXTENSION);
+ EXPECT_EQ(1u, messages.size());
+ EXPECT_EQ(PermissionMessage::kTabs, messages[0].id());
+ }
+}
+
+TEST(PermissionsTest, AccessToDevicesMessages) {
+ {
+ APIPermissionSet api_permissions;
+ api_permissions.insert(APIPermission::kUsb);
+ scoped_refptr<PermissionSet> permissions(
+ new PermissionSet(api_permissions,
+ ManifestPermissionSet(),
+ URLPatternSet(),
+ URLPatternSet()));
+ std::vector<base::string16> messages =
+ PermissionMessageProvider::Get()->GetWarningMessages(
+ permissions.get(), Manifest::TYPE_EXTENSION);
+ EXPECT_EQ(1u, messages.size());
+ EXPECT_EQ(l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_USB),
+ messages[0]);
+ }
+ {
+ // Testing that multiple permissions will show the one message.
+ APIPermissionSet api_permissions;
+ api_permissions.insert(APIPermission::kUsb);
+ api_permissions.insert(APIPermission::kUsb);
+ scoped_refptr<PermissionSet> permissions(
+ new PermissionSet(api_permissions,
+ ManifestPermissionSet(),
+ URLPatternSet(),
+ URLPatternSet()));
+ std::vector<base::string16> messages =
+ PermissionMessageProvider::Get()->GetWarningMessages(
+ permissions.get(), Manifest::TYPE_EXTENSION);
+ EXPECT_EQ(1u, messages.size());
+ EXPECT_EQ(l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_USB),
+ messages[0]);
+ }
+ {
+ APIPermissionSet api_permissions;
+ api_permissions.insert(APIPermission::kSerial);
+ scoped_refptr<PermissionSet> permissions(
+ new PermissionSet(api_permissions,
+ ManifestPermissionSet(),
+ URLPatternSet(),
+ URLPatternSet()));
+ std::vector<base::string16> messages =
+ PermissionMessageProvider::Get()->GetWarningMessages(
+ permissions.get(), Manifest::TYPE_EXTENSION);
+ EXPECT_EQ(1u, messages.size());
+ EXPECT_EQ(l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_SERIAL),
+ messages[0]);
+ }
+ {
+ APIPermissionSet api_permissions;
+ api_permissions.insert(APIPermission::kUsb);
+ api_permissions.insert(APIPermission::kSerial);
+ scoped_refptr<PermissionSet> permissions(
+ new PermissionSet(api_permissions,
+ ManifestPermissionSet(),
+ URLPatternSet(),
+ URLPatternSet()));
+ std::vector<base::string16> messages =
+ PermissionMessageProvider::Get()->GetWarningMessages(
+ permissions.get(), Manifest::TYPE_EXTENSION);
+ EXPECT_EQ(1u, messages.size());
+ EXPECT_EQ(
+ l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_USB_SERIAL),
+ messages[0]);
+ }
+ {
+ // Testing that the same permission(s) will show one message.
+ APIPermissionSet api_permissions;
+ api_permissions.insert(APIPermission::kUsb);
+ api_permissions.insert(APIPermission::kSerial);
+ api_permissions.insert(APIPermission::kUsb);
+ scoped_refptr<PermissionSet> permissions(
+ new PermissionSet(api_permissions,
+ ManifestPermissionSet(),
+ URLPatternSet(),
+ URLPatternSet()));
+ std::vector<base::string16> messages =
+ PermissionMessageProvider::Get()->GetWarningMessages(
+ permissions.get(), Manifest::TYPE_EXTENSION);
+ EXPECT_EQ(1u, messages.size());
+ EXPECT_EQ(
+ l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_USB_SERIAL),
+ messages[0]);
+ }
+ {
+ scoped_refptr<Extension> extension =
+ LoadManifest("permissions", "access_to_devices_bluetooth.json");
+ const PermissionMessageProvider* provider =
+ PermissionMessageProvider::Get();
+ PermissionSet* set = const_cast<PermissionSet*>(
+ extension->permissions_data()->active_permissions().get());
+ std::vector<base::string16> warnings =
+ provider->GetWarningMessages(set, extension->GetType());
+ EXPECT_EQ(1u, warnings.size());
+ EXPECT_EQ(l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH),
+ warnings[0]);
+
+ // Test Bluetooth and Serial
+ set->apis_.insert(APIPermission::kSerial);
+ warnings = provider->GetWarningMessages(set, extension->GetType());
+ EXPECT_EQ(1u, warnings.size());
+ EXPECT_EQ(l10n_util::GetStringUTF16(
+ IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH_SERIAL),
+ warnings[0]);
+ set->apis_.erase(APIPermission::kSerial);
+
+ // Test USB and Bluetooth
+ set->apis_.insert(APIPermission::kUsb);
+ warnings = provider->GetWarningMessages(set, extension->GetType());
+ EXPECT_EQ(1u, warnings.size());
+ EXPECT_EQ(
+ l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_USB_BLUETOOTH),
+ warnings[0]);
+
+ // Test USB, Bluetooth and Serial
+ set->apis_.insert(APIPermission::kSerial);
+ warnings = provider->GetWarningMessages(set, extension->GetType());
+ EXPECT_EQ(1u, warnings.size());
+ EXPECT_EQ(
+ l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_ALL_DEVICES),
+ warnings[0]);
+ }
+}
+
TEST(PermissionsTest, MergedFileSystemPermissionComparison) {
APIPermissionSet write_api_permissions;
write_api_permissions.insert(APIPermission::kFileSystemWrite);
URLPatternSet()));
const PermissionMessageProvider* provider = PermissionMessageProvider::Get();
- EXPECT_FALSE(provider->IsPrivilegeIncrease(write_directory_permissions,
- write_permissions,
+ EXPECT_FALSE(provider->IsPrivilegeIncrease(write_directory_permissions.get(),
+ write_permissions.get(),
Manifest::TYPE_PLATFORM_APP));
- EXPECT_FALSE(provider->IsPrivilegeIncrease(write_directory_permissions,
- directory_permissions,
+ EXPECT_FALSE(provider->IsPrivilegeIncrease(write_directory_permissions.get(),
+ directory_permissions.get(),
Manifest::TYPE_PLATFORM_APP));
- EXPECT_TRUE(provider->IsPrivilegeIncrease(write_permissions,
- directory_permissions,
- Manifest::TYPE_PLATFORM_APP));
- EXPECT_TRUE(provider->IsPrivilegeIncrease(write_permissions,
- write_directory_permissions,
+ EXPECT_TRUE(provider->IsPrivilegeIncrease(write_permissions.get(),
+ directory_permissions.get(),
Manifest::TYPE_PLATFORM_APP));
- EXPECT_TRUE(provider->IsPrivilegeIncrease(directory_permissions,
- write_permissions,
+ EXPECT_TRUE(provider->IsPrivilegeIncrease(write_permissions.get(),
+ write_directory_permissions.get(),
Manifest::TYPE_PLATFORM_APP));
- EXPECT_TRUE(provider->IsPrivilegeIncrease(directory_permissions,
- write_directory_permissions,
+ EXPECT_FALSE(provider->IsPrivilegeIncrease(directory_permissions.get(),
+ write_permissions.get(),
+ Manifest::TYPE_PLATFORM_APP));
+ EXPECT_TRUE(provider->IsPrivilegeIncrease(directory_permissions.get(),
+ write_directory_permissions.get(),
Manifest::TYPE_PLATFORM_APP));
}
extension = LoadManifest("permissions", "many-hosts.json");
std::vector<base::string16> warnings =
- PermissionsData::GetPermissionMessageStrings(extension.get());
+ extension->permissions_data()->GetPermissionMessageStrings();
ASSERT_EQ(1u, warnings.size());
- EXPECT_EQ("Access your data on encrypted.google.com and www.google.com",
- base::UTF16ToUTF8(warnings[0]));
+ EXPECT_EQ(
+ "Read and change your data on encrypted.google.com and "
+ "www.google.com",
+ base::UTF16ToUTF8(warnings[0]));
}
TEST(PermissionsTest, GetWarningMessages_Plugins) {
extension = LoadManifest("permissions", "plugins.json");
std::vector<base::string16> warnings =
- PermissionsData::GetPermissionMessageStrings(extension.get());
+ extension->permissions_data()->GetPermissionMessageStrings();
// We don't parse the plugins key on Chrome OS, so it should not ask for any
// permissions.
#if defined(OS_CHROMEOS)
ASSERT_EQ(0u, warnings.size());
#else
ASSERT_EQ(1u, warnings.size());
- EXPECT_EQ("Access all data on your computer and the websites you visit",
- base::UTF16ToUTF8(warnings[0]));
+ EXPECT_EQ(
+ "Read and change all your data on your computer and the websites "
+ "you visit",
+ base::UTF16ToUTF8(warnings[0]));
#endif
}
scoped_refptr<Extension> extension =
LoadManifest("permissions", "audio-video.json");
const PermissionMessageProvider* provider = PermissionMessageProvider::Get();
- PermissionSet* set =
- const_cast<PermissionSet*>(
- extension->GetActivePermissions().get());
+ PermissionSet* set = const_cast<PermissionSet*>(
+ extension->permissions_data()->active_permissions().get());
std::vector<base::string16> warnings =
provider->GetWarningMessages(set, extension->GetType());
EXPECT_FALSE(Contains(warnings, "Use your microphone"));
EXPECT_TRUE(Contains(warnings, "Use your camera"));
}
+TEST(PermissionsTest, GetWarningMessages_CombinedSessions) {
+ {
+ APIPermissionSet api_permissions;
+ api_permissions.insert(APIPermission::kTab);
+ api_permissions.insert(APIPermission::kTopSites);
+ api_permissions.insert(APIPermission::kProcesses);
+ api_permissions.insert(APIPermission::kWebNavigation);
+ api_permissions.insert(APIPermission::kSessions);
+ scoped_refptr<PermissionSet> permissions(
+ new PermissionSet(api_permissions, ManifestPermissionSet(),
+ URLPatternSet(), URLPatternSet()));
+ std::vector<base::string16> messages =
+ PermissionMessageProvider::Get()->GetWarningMessages(
+ permissions.get(), Manifest::TYPE_EXTENSION);
+ EXPECT_EQ(1u, messages.size());
+ EXPECT_EQ(l10n_util::GetStringUTF16(
+ IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ_AND_SESSIONS),
+ messages[0]);
+ }
+ {
+ APIPermissionSet api_permissions;
+ api_permissions.insert(APIPermission::kHistory);
+ api_permissions.insert(APIPermission::kTab);
+ api_permissions.insert(APIPermission::kTopSites);
+ api_permissions.insert(APIPermission::kProcesses);
+ api_permissions.insert(APIPermission::kWebNavigation);
+ api_permissions.insert(APIPermission::kSessions);
+ scoped_refptr<PermissionSet> permissions(
+ new PermissionSet(api_permissions, ManifestPermissionSet(),
+ URLPatternSet(), URLPatternSet()));
+ std::vector<base::string16> messages =
+ PermissionMessageProvider::Get()->GetWarningMessages(
+ permissions.get(), Manifest::TYPE_EXTENSION);
+ EXPECT_EQ(1u, messages.size());
+ EXPECT_EQ(l10n_util::GetStringUTF16(
+ IDS_EXTENSION_PROMPT_WARNING_HISTORY_WRITE_AND_SESSIONS),
+ messages[0]);
+ }
+}
+
TEST(PermissionsTest, GetWarningMessages_DeclarativeWebRequest) {
// Test that if the declarativeWebRequest permission is present
// in combination with all hosts permission, then only the warning
// First verify that declarativeWebRequest produces a message when host
// permissions do not cover all hosts.
scoped_refptr<Extension> extension =
- LoadManifest("permissions", "web_request_com_host_permissions.json");
+ LoadManifest("permissions", "web_request_not_all_host_permissions.json");
const PermissionMessageProvider* provider = PermissionMessageProvider::Get();
- const PermissionSet* set = extension->GetActivePermissions().get();
+ const PermissionSet* set =
+ extension->permissions_data()->active_permissions().get();
std::vector<base::string16> warnings =
provider->GetWarningMessages(set, extension->GetType());
EXPECT_TRUE(Contains(warnings, "Block parts of web pages"));
- EXPECT_FALSE(Contains(warnings, "Access your data on all websites"));
+ EXPECT_FALSE(Contains(
+ warnings, "Read and change all your data on the websites you visit"));
// Now verify that declarativeWebRequest does not produce a message when host
// permissions do cover all hosts.
extension =
LoadManifest("permissions", "web_request_all_host_permissions.json");
- set = extension->GetActivePermissions().get();
+ set = extension->permissions_data()->active_permissions().get();
warnings = provider->GetWarningMessages(set, extension->GetType());
EXPECT_FALSE(Contains(warnings, "Block parts of web pages"));
- EXPECT_TRUE(Contains(warnings, "Access your data on all websites"));
+ EXPECT_TRUE(Contains(
+ warnings, "Read and change all your data on the websites you visit"));
}
TEST(PermissionsTest, GetWarningMessages_Serial) {
LoadManifest("permissions", "serial.json");
EXPECT_TRUE(extension->is_platform_app());
- EXPECT_TRUE(extension->HasAPIPermission(APIPermission::kSerial));
- std::vector<base::string16> warnings =
- PermissionsData::GetPermissionMessageStrings(extension.get());
EXPECT_TRUE(
- Contains(warnings, "Use serial devices attached to your computer"));
+ extension->permissions_data()->HasAPIPermission(APIPermission::kSerial));
+ std::vector<base::string16> warnings =
+ extension->permissions_data()->GetPermissionMessageStrings();
+ EXPECT_TRUE(Contains(warnings, "Access your serial devices"));
ASSERT_EQ(1u, warnings.size());
}
scoped_refptr<Extension> extension =
LoadManifest("permissions", "socket_any_host.json");
EXPECT_TRUE(extension->is_platform_app());
- EXPECT_TRUE(extension->HasAPIPermission(APIPermission::kSocket));
+ EXPECT_TRUE(
+ extension->permissions_data()->HasAPIPermission(APIPermission::kSocket));
std::vector<base::string16> warnings =
- PermissionsData::GetPermissionMessageStrings(extension.get());
+ extension->permissions_data()->GetPermissionMessageStrings();
EXPECT_EQ(1u, warnings.size());
EXPECT_TRUE(Contains(warnings, "Exchange data with any computer "
"on the local network or internet"));
scoped_refptr<Extension> extension =
LoadManifest("permissions", "socket_one_domain_two_hostnames.json");
EXPECT_TRUE(extension->is_platform_app());
- EXPECT_TRUE(extension->HasAPIPermission(APIPermission::kSocket));
+ EXPECT_TRUE(
+ extension->permissions_data()->HasAPIPermission(APIPermission::kSocket));
std::vector<base::string16> warnings =
- PermissionsData::GetPermissionMessageStrings(extension.get());
+ extension->permissions_data()->GetPermissionMessageStrings();
// Verify the warnings, including support for unicode characters, the fact
// that domain host warnings come before specific host warnings, and the fact
scoped_refptr<Extension> extension =
LoadManifest("permissions", "socket_two_domains_one_hostname.json");
EXPECT_TRUE(extension->is_platform_app());
- EXPECT_TRUE(extension->HasAPIPermission(APIPermission::kSocket));
+ EXPECT_TRUE(
+ extension->permissions_data()->HasAPIPermission(APIPermission::kSocket));
std::vector<base::string16> warnings =
- PermissionsData::GetPermissionMessageStrings(extension.get());
+ extension->permissions_data()->GetPermissionMessageStrings();
// Verify the warnings, including the fact that domain host warnings come
// before specific host warnings and the fact that domains and hostnames are
extension = LoadManifest("permissions", "platform_app_hosts.json");
EXPECT_TRUE(extension->is_platform_app());
std::vector<base::string16> warnings =
- PermissionsData::GetPermissionMessageStrings(extension.get());
+ extension->permissions_data()->GetPermissionMessageStrings();
ASSERT_EQ(0u, warnings.size());
extension = LoadManifest("permissions", "platform_app_all_urls.json");
EXPECT_TRUE(extension->is_platform_app());
- warnings = PermissionsData::GetPermissionMessageStrings(extension.get());
+ warnings = extension->permissions_data()->GetPermissionMessageStrings();
ASSERT_EQ(0u, warnings.size());
}
+bool ShowsAllHostsWarning(const std::string& pattern) {
+ scoped_refptr<Extension> extension =
+ ExtensionBuilder()
+ .SetManifest(DictionaryBuilder()
+ .Set("name", "TLDWildCardTest")
+ .Set("version", "0.1.0")
+ .Set("permissions", ListBuilder().Append(pattern))
+ .Build())
+ .Build();
+
+ std::vector<base::string16> warnings =
+ extension->permissions_data()->GetPermissionMessageStrings();
+
+ if (warnings.empty())
+ return false;
+
+ if (warnings[0] !=
+ l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_ALL_HOSTS)) {
+ return false;
+ }
+
+ return true;
+}
+
+TEST(PermissionsTest, GetWarningMessages_TLDWildcardTreatedAsAllHosts) {
+ EXPECT_TRUE(ShowsAllHostsWarning("http://*.com/*")); // most popular.
+ EXPECT_TRUE(ShowsAllHostsWarning("http://*.org/*")); // sanity check.
+ EXPECT_TRUE(ShowsAllHostsWarning("http://*.co.uk/*")); // eTLD.
+ EXPECT_TRUE(ShowsAllHostsWarning("http://*.de/*")); // foreign country tld.
+
+ // We should still show the normal permissions (i.e., "Can access your data on
+ // *.rdcronin.com") for things that are not TLDs.
+ EXPECT_FALSE(ShowsAllHostsWarning("http://*.rdcronin.com/*"));
+
+ // Pseudo-TLDs, like appspot.com, should not show all hosts.
+ EXPECT_FALSE(ShowsAllHostsWarning("http://*.appspot.com/*"));
+
+ // Non-TLDs should be likewise exempt.
+ EXPECT_FALSE(ShowsAllHostsWarning("http://*.notarealtld/*"));
+
+ // Our internal checks use "foo", so let's make sure we're not messing
+ // something up with it.
+ EXPECT_FALSE(ShowsAllHostsWarning("http://*.foo.com"));
+ EXPECT_FALSE(ShowsAllHostsWarning("http://foo.com"));
+ // This will fail if foo becomes a recognized TLD. Which could be soon.
+ // Update as needed.
+ EXPECT_FALSE(ShowsAllHostsWarning("http://*.foo"));
+}
+
TEST(PermissionsTest, GetDistinctHosts) {
URLPatternSet explicit_hosts;
std::set<std::string> expected;
set2 = new PermissionSet(empty_perms, empty_manifest_permissions,
elist2, slist2);
- EXPECT_FALSE(provider->IsPrivilegeIncrease(set1, set2, type));
- EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type));
+ EXPECT_FALSE(provider->IsPrivilegeIncrease(set1.get(), set2.get(), type));
+ EXPECT_FALSE(provider->IsPrivilegeIncrease(set2.get(), set1.get(), type));
// Test that paths are ignored.
elist2.ClearPatterns();
URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/*"));
set2 = new PermissionSet(empty_perms, empty_manifest_permissions,
elist2, slist2);
- EXPECT_FALSE(provider->IsPrivilegeIncrease(set1, set2, type));
- EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type));
+ EXPECT_FALSE(provider->IsPrivilegeIncrease(set1.get(), set2.get(), type));
+ EXPECT_FALSE(provider->IsPrivilegeIncrease(set2.get(), set1.get(), type));
// Test that RCDs are ignored.
elist2.ClearPatterns();
URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/*"));
set2 = new PermissionSet(empty_perms, empty_manifest_permissions,
elist2, slist2);
- EXPECT_FALSE(provider->IsPrivilegeIncrease(set1, set2, type));
- EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type));
+ EXPECT_FALSE(provider->IsPrivilegeIncrease(set1.get(), set2.get(), type));
+ EXPECT_FALSE(provider->IsPrivilegeIncrease(set2.get(), set1.get(), type));
// Test that subdomain wildcards are handled properly.
elist2.ClearPatterns();
URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com.hk/*"));
set2 = new PermissionSet(empty_perms, empty_manifest_permissions,
elist2, slist2);
- EXPECT_TRUE(provider->IsPrivilegeIncrease(set1, set2, type));
+ EXPECT_TRUE(provider->IsPrivilegeIncrease(set1.get(), set2.get(), type));
// TODO(jstritar): Does not match subdomains properly. http://crbug.com/65337
// EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type));
URLPattern(URLPattern::SCHEME_HTTP, "http://www.example.org/path"));
set2 = new PermissionSet(empty_perms, empty_manifest_permissions,
elist2, slist2);
- EXPECT_TRUE(provider->IsPrivilegeIncrease(set1, set2, type));
- EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type));
+ EXPECT_TRUE(provider->IsPrivilegeIncrease(set1.get(), set2.get(), type));
+ EXPECT_FALSE(provider->IsPrivilegeIncrease(set2.get(), set1.get(), type));
// Test that different subdomains count as different hosts.
elist2.ClearPatterns();
URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*"));
set2 = new PermissionSet(empty_perms, empty_manifest_permissions,
elist2, slist2);
- EXPECT_TRUE(provider->IsPrivilegeIncrease(set1, set2, type));
- EXPECT_TRUE(provider->IsPrivilegeIncrease(set2, set1, type));
+ EXPECT_TRUE(provider->IsPrivilegeIncrease(set1.get(), set2.get(), type));
+ EXPECT_TRUE(provider->IsPrivilegeIncrease(set2.get(), set1.get(), type));
// Test that platform apps do not have host permissions increases.
type = Manifest::TYPE_PLATFORM_APP;
- EXPECT_FALSE(provider->IsPrivilegeIncrease(set1, set2, type));
- EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type));
+ EXPECT_FALSE(provider->IsPrivilegeIncrease(set1.get(), set2.get(), type));
+ EXPECT_FALSE(provider->IsPrivilegeIncrease(set2.get(), set1.get(), type));
}
TEST(PermissionsTest, GetAPIsAsStrings) {
apis.insert(APIPermission::kProxy);
apis.insert(APIPermission::kBackground);
- apis.insert(APIPermission::kNotification);
+ apis.insert(APIPermission::kNotifications);
apis.insert(APIPermission::kTab);
scoped_refptr<PermissionSet> perm_set = new PermissionSet(
TEST(PermissionsTest, ImpliedPermissions) {
URLPatternSet empty_extent;
APIPermissionSet apis;
- apis.insert(APIPermission::kWebRequest);
apis.insert(APIPermission::kFileBrowserHandler);
- EXPECT_EQ(2U, apis.size());
+ EXPECT_EQ(1U, apis.size());
scoped_refptr<PermissionSet> perm_set;
perm_set = new PermissionSet(apis, ManifestPermissionSet(),
empty_extent, empty_extent);
- EXPECT_EQ(4U, perm_set->apis().size());
+ EXPECT_EQ(2U, perm_set->apis().size());
}
TEST(PermissionsTest, SyncFileSystemPermission) {
APIPermissionSet apis;
apis.insert(APIPermission::kSyncFileSystem);
EXPECT_TRUE(extension->is_platform_app());
- EXPECT_TRUE(extension->HasAPIPermission(APIPermission::kSyncFileSystem));
+ EXPECT_TRUE(extension->permissions_data()->HasAPIPermission(
+ APIPermission::kSyncFileSystem));
std::vector<base::string16> warnings =
- PermissionsData::GetPermissionMessageStrings(extension.get());
+ extension->permissions_data()->GetPermissionMessageStrings();
EXPECT_TRUE(Contains(warnings, "Store data in your Google Drive account"));
ASSERT_EQ(1u, warnings.size());
}
scoped_refptr<PermissionSet> permissions(
new PermissionSet(APIPermissionSet(), ManifestPermissionSet(),
allowed_hosts, URLPatternSet()));
- PermissionMessageProvider::Get()->
- GetPermissionMessages(permissions, Manifest::TYPE_EXTENSION);
+ PermissionMessageProvider::Get()->GetPermissionMessages(
+ permissions.get(), Manifest::TYPE_EXTENSION);
}
TEST(PermissionsTest, IsPrivilegeIncrease_DeclarativeWebRequest) {
scoped_refptr<Extension> extension(
LoadManifest("permissions", "permissions_all_urls.json"));
scoped_refptr<const PermissionSet> permissions(
- extension->GetActivePermissions());
+ extension->permissions_data()->active_permissions());
scoped_refptr<Extension> extension_dwr(
LoadManifest("permissions", "web_request_all_host_permissions.json"));
scoped_refptr<const PermissionSet> permissions_dwr(
- extension_dwr->GetActivePermissions());
+ extension_dwr->permissions_data()->active_permissions());
EXPECT_FALSE(PermissionMessageProvider::Get()->
IsPrivilegeIncrease(permissions.get(),