1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "base/command_line.h" 6 #include "base/json/json_file_value_serializer.h" 7 #include "base/memory/linked_ptr.h" 8 #include "chrome/common/chrome_switches.h" 9 #include "chrome/common/extensions/csp_handler.h" 10 #include "chrome/common/extensions/extension_manifest_constants.h" 11 #include "chrome/common/extensions/incognito_handler.h" 12 #include "chrome/common/extensions/manifest_handlers/app_isolation_info.h" 13 #include "chrome/common/extensions/manifest_tests/extension_manifest_test.h" 14 #include "extensions/common/switches.h" 15 #include "testing/gtest/include/gtest/gtest.h" 16 17 namespace errors = extension_manifest_errors; 18 19 namespace extensions { 20 21 class PlatformAppsManifestTest : public ExtensionManifestTest { 22 }; 23 24 TEST_F(PlatformAppsManifestTest, PlatformApps) { 25 scoped_refptr<Extension> extension = 26 LoadAndExpectSuccess("init_valid_platform_app.json"); 27 EXPECT_TRUE(AppIsolationInfo::HasIsolatedStorage(extension.get())); 28 EXPECT_TRUE(IncognitoInfo::IsSplitMode(extension.get())); 29 30 extension = 31 LoadAndExpectSuccess("init_valid_platform_app_no_manifest_version.json"); 32 EXPECT_EQ(2, extension->manifest_version()); 33 34 extension = LoadAndExpectSuccess("incognito_valid_platform_app.json"); 35 EXPECT_TRUE(IncognitoInfo::IsSplitMode(extension.get())); 36 37 Testcase error_testcases[] = { 38 Testcase("init_invalid_platform_app_2.json", 39 errors::kBackgroundRequiredForPlatformApps), 40 Testcase("init_invalid_platform_app_3.json", 41 errors::kPlatformAppNeedsManifestVersion2), 42 }; 43 RunTestcases(error_testcases, arraysize(error_testcases), EXPECT_TYPE_ERROR); 44 45 Testcase warning_testcases[] = { 46 Testcase( 47 "init_invalid_platform_app_1.json", 48 "'app.launch' is only allowed for hosted apps and legacy packaged " 49 "apps, and this is a packaged app."), 50 Testcase( 51 "init_invalid_platform_app_4.json", 52 "'background' is only allowed for extensions, hosted apps and legacy " 53 "packaged apps, and this is a packaged app."), 54 Testcase( 55 "init_invalid_platform_app_5.json", 56 "'background' is only allowed for extensions, hosted apps and legacy " 57 "packaged apps, and this is a packaged app."), 58 Testcase("incognito_invalid_platform_app.json", 59 "'incognito' is only allowed for extensions and legacy packaged apps, " 60 "and this is a packaged app."), 61 }; 62 RunTestcases( 63 warning_testcases, arraysize(warning_testcases), EXPECT_TYPE_WARNING); 64 } 65 66 TEST_F(PlatformAppsManifestTest, PlatformAppContentSecurityPolicy) { 67 // Normal platform apps can't specify a CSP value. 68 Testcase warning_testcases[] = { 69 Testcase( 70 "init_platform_app_csp_warning_1.json", 71 "'content_security_policy' is only allowed for extensions and legacy " 72 "packaged apps, and this is a packaged app."), 73 Testcase( 74 "init_platform_app_csp_warning_2.json", 75 "'app.content_security_policy' is not allowed for specified extension " 76 "ID.") 77 }; 78 RunTestcases( 79 warning_testcases, arraysize(warning_testcases), EXPECT_TYPE_WARNING); 80 81 // Whitelisted ones can (this is the ID corresponding to the base 64 encoded 82 // key in the init_platform_app_csp.json manifest.) 83 std::string test_id = "ahplfneplbnjcflhdgkkjeiglkkfeelb"; 84 CommandLine::ForCurrentProcess()->AppendSwitchASCII( 85 ::switches::kWhitelistedExtensionID, test_id); 86 scoped_refptr<Extension> extension = 87 LoadAndExpectSuccess("init_platform_app_csp.json"); 88 EXPECT_EQ(0U, extension->install_warnings().size()) 89 << "Unexpected warning " << extension->install_warnings()[0].message; 90 EXPECT_TRUE(extension->is_platform_app()); 91 EXPECT_EQ("default-src 'self' https://www.google.com", 92 CSPInfo::GetResourceContentSecurityPolicy(extension.get(), 93 std::string())); 94 95 // But even whitelisted ones must specify a secure policy. 96 LoadAndExpectError( 97 "init_platform_app_csp_insecure.json", 98 errors::kInsecureContentSecurityPolicy); 99 } 100 101 TEST_F(PlatformAppsManifestTest, CertainApisRequirePlatformApps) { 102 // Put APIs here that should be restricted to platform apps, but that haven't 103 // yet graduated from experimental. 104 const char* kPlatformAppExperimentalApis[] = { 105 "dns", 106 "serial", 107 }; 108 // TODO(miket): When the first platform-app API leaves experimental, write 109 // similar code that tests without the experimental flag. 110 111 // This manifest is a skeleton used to build more specific manifests for 112 // testing. The requirements are that (1) it be a valid platform app, and (2) 113 // it contain no permissions dictionary. 114 std::string error; 115 scoped_ptr<base::DictionaryValue> manifest( 116 LoadManifest("init_valid_platform_app.json", &error)); 117 118 std::vector<linked_ptr<DictionaryValue> > manifests; 119 // Create each manifest. 120 for (size_t i = 0; i < arraysize(kPlatformAppExperimentalApis); ++i) { 121 const char* api_name = kPlatformAppExperimentalApis[i]; 122 123 // DictionaryValue will take ownership of this ListValue. 124 base::ListValue *permissions = new base::ListValue(); 125 permissions->Append(new base::StringValue("experimental")); 126 permissions->Append(new base::StringValue(api_name)); 127 manifest->Set("permissions", permissions); 128 manifests.push_back(make_linked_ptr(manifest->DeepCopy())); 129 } 130 131 // First try to load without any flags. This should fail for every API. 132 for (size_t i = 0; i < arraysize(kPlatformAppExperimentalApis); ++i) { 133 LoadAndExpectError(Manifest(manifests[i].get(), ""), 134 errors::kExperimentalFlagRequired); 135 } 136 137 // Now try again with the experimental flag set. 138 CommandLine::ForCurrentProcess()->AppendSwitch( 139 switches::kEnableExperimentalExtensionApis); 140 for (size_t i = 0; i < arraysize(kPlatformAppExperimentalApis); ++i) { 141 LoadAndExpectSuccess(Manifest(manifests[i].get(), "")); 142 } 143 } 144 145 } // namespace extensions 146