Home | History | Annotate | Download | only in browser 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "extensions/browser/admin_policy.h"
      6 
      7 #include "base/values.h"
      8 #include "extensions/common/extension.h"
      9 #include "extensions/common/manifest.h"
     10 #include "extensions/common/manifest_constants.h"
     11 #include "testing/gtest/include/gtest/gtest.h"
     12 
     13 using base::Value;
     14 using extensions::Extension;
     15 using extensions::Manifest;
     16 
     17 namespace ap = extensions::admin_policy;
     18 
     19 class ExtensionAdminPolicyTest : public testing::Test {
     20  public:
     21   void CreateExtension(Manifest::Location location) {
     22     base::DictionaryValue values;
     23     CreateExtensionFromValues(location, &values);
     24   }
     25 
     26   void CreateHostedApp(Manifest::Location location) {
     27     base::DictionaryValue values;
     28     values.Set(extensions::manifest_keys::kWebURLs, new base::ListValue());
     29     values.SetString(extensions::manifest_keys::kLaunchWebURL,
     30                      "http://www.example.com");
     31     CreateExtensionFromValues(location, &values);
     32   }
     33 
     34   void CreateExtensionFromValues(Manifest::Location location,
     35                                  base::DictionaryValue* values) {
     36     values->SetString(extensions::manifest_keys::kName, "test");
     37     values->SetString(extensions::manifest_keys::kVersion, "0.1");
     38     std::string error;
     39     extension_ = Extension::Create(base::FilePath(), location, *values,
     40                                    Extension::NO_FLAGS, &error);
     41     ASSERT_TRUE(extension_.get());
     42   }
     43 
     44  protected:
     45   scoped_refptr<Extension> extension_;
     46 };
     47 
     48 // Tests the flag value indicating that extensions are blacklisted by default.
     49 TEST_F(ExtensionAdminPolicyTest, BlacklistedByDefault) {
     50   EXPECT_FALSE(ap::BlacklistedByDefault(NULL));
     51 
     52   base::ListValue blacklist;
     53   blacklist.Append(new base::StringValue("http://www.google.com"));
     54   EXPECT_FALSE(ap::BlacklistedByDefault(&blacklist));
     55   blacklist.Append(new base::StringValue("*"));
     56   EXPECT_TRUE(ap::BlacklistedByDefault(&blacklist));
     57 
     58   blacklist.Clear();
     59   blacklist.Append(new base::StringValue("*"));
     60   EXPECT_TRUE(ap::BlacklistedByDefault(&blacklist));
     61 }
     62 
     63 // Tests UserMayLoad for required extensions.
     64 TEST_F(ExtensionAdminPolicyTest, UserMayLoadRequired) {
     65   CreateExtension(Manifest::COMPONENT);
     66   EXPECT_TRUE(ap::UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(), NULL));
     67   string16 error;
     68   EXPECT_TRUE(ap::UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(),
     69                               &error));
     70   EXPECT_TRUE(error.empty());
     71 
     72   // Required extensions may load even if they're on the blacklist.
     73   base::ListValue blacklist;
     74   blacklist.Append(new base::StringValue(extension_->id()));
     75   EXPECT_TRUE(ap::UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(),
     76                               NULL));
     77 
     78   blacklist.Append(new base::StringValue("*"));
     79   EXPECT_TRUE(ap::UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(),
     80                               NULL));
     81 }
     82 
     83 // Tests UserMayLoad when no blacklist exists, or it's empty.
     84 TEST_F(ExtensionAdminPolicyTest, UserMayLoadNoBlacklist) {
     85   CreateExtension(Manifest::INTERNAL);
     86   EXPECT_TRUE(ap::UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(), NULL));
     87   base::ListValue blacklist;
     88   EXPECT_TRUE(ap::UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(),
     89                               NULL));
     90   string16 error;
     91   EXPECT_TRUE(ap::UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(),
     92                               &error));
     93   EXPECT_TRUE(error.empty());
     94 }
     95 
     96 // Tests UserMayLoad for an extension on the whitelist.
     97 TEST_F(ExtensionAdminPolicyTest, UserMayLoadWhitelisted) {
     98   CreateExtension(Manifest::INTERNAL);
     99 
    100   base::ListValue whitelist;
    101   whitelist.Append(new base::StringValue(extension_->id()));
    102   EXPECT_TRUE(ap::UserMayLoad(NULL, &whitelist, NULL, NULL, extension_.get(),
    103                               NULL));
    104 
    105   base::ListValue blacklist;
    106   blacklist.Append(new base::StringValue(extension_->id()));
    107   EXPECT_TRUE(ap::UserMayLoad(NULL, &whitelist, NULL, NULL, extension_.get(),
    108                               NULL));
    109   string16 error;
    110   EXPECT_TRUE(ap::UserMayLoad(NULL, &whitelist, NULL, NULL, extension_.get(),
    111                               &error));
    112   EXPECT_TRUE(error.empty());
    113 }
    114 
    115 // Tests UserMayLoad for an extension on the blacklist.
    116 TEST_F(ExtensionAdminPolicyTest, UserMayLoadBlacklisted) {
    117   CreateExtension(Manifest::INTERNAL);
    118 
    119   // Blacklisted by default.
    120   base::ListValue blacklist;
    121   blacklist.Append(new base::StringValue("*"));
    122   EXPECT_FALSE(ap::UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(),
    123                                NULL));
    124   string16 error;
    125   EXPECT_FALSE(ap::UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(),
    126                                &error));
    127   EXPECT_FALSE(error.empty());
    128 
    129   // Extension on the blacklist, with and without wildcard.
    130   blacklist.Append(new base::StringValue(extension_->id()));
    131   EXPECT_FALSE(ap::UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(),
    132                                NULL));
    133   blacklist.Clear();
    134   blacklist.Append(new base::StringValue(extension_->id()));
    135   EXPECT_FALSE(ap::UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(),
    136                                NULL));
    137 
    138   // With a whitelist. There's no such thing as a whitelist wildcard.
    139   base::ListValue whitelist;
    140   whitelist.Append(
    141       new base::StringValue("behllobkkfkfnphdnhnkndlbkcpglgmj"));
    142   EXPECT_FALSE(ap::UserMayLoad(&blacklist, &whitelist, NULL, NULL,
    143                                extension_.get(), NULL));
    144   whitelist.Append(new base::StringValue("*"));
    145   EXPECT_FALSE(ap::UserMayLoad(&blacklist, &whitelist, NULL, NULL,
    146                                extension_.get(), NULL));
    147 }
    148 
    149 TEST_F(ExtensionAdminPolicyTest, UserMayLoadAllowedTypes) {
    150   CreateExtension(Manifest::INTERNAL);
    151   EXPECT_TRUE(ap::UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(), NULL));
    152 
    153   base::ListValue allowed_types;
    154   EXPECT_FALSE(ap::UserMayLoad(NULL, NULL, NULL, &allowed_types,
    155                                extension_.get(), NULL));
    156 
    157   allowed_types.AppendInteger(Manifest::TYPE_EXTENSION);
    158   EXPECT_TRUE(ap::UserMayLoad(NULL, NULL, NULL, &allowed_types,
    159                               extension_.get(), NULL));
    160 
    161   CreateHostedApp(Manifest::INTERNAL);
    162   EXPECT_FALSE(ap::UserMayLoad(NULL, NULL, NULL, &allowed_types,
    163                                extension_.get(), NULL));
    164 
    165   CreateHostedApp(Manifest::EXTERNAL_POLICY_DOWNLOAD);
    166   EXPECT_FALSE(ap::UserMayLoad(NULL, NULL, NULL, &allowed_types,
    167                                extension_.get(), NULL));
    168 }
    169 
    170 TEST_F(ExtensionAdminPolicyTest, UserMayModifySettings) {
    171   CreateExtension(Manifest::INTERNAL);
    172   EXPECT_TRUE(ap::UserMayModifySettings(extension_.get(), NULL));
    173   string16 error;
    174   EXPECT_TRUE(ap::UserMayModifySettings(extension_.get(), &error));
    175   EXPECT_TRUE(error.empty());
    176 
    177   CreateExtension(Manifest::EXTERNAL_POLICY_DOWNLOAD);
    178   error.clear();
    179   EXPECT_FALSE(ap::UserMayModifySettings(extension_.get(), NULL));
    180   EXPECT_FALSE(ap::UserMayModifySettings(extension_.get(), &error));
    181   EXPECT_FALSE(error.empty());
    182 }
    183 
    184 TEST_F(ExtensionAdminPolicyTest, MustRemainEnabled) {
    185   CreateExtension(Manifest::EXTERNAL_POLICY_DOWNLOAD);
    186   EXPECT_TRUE(ap::MustRemainEnabled(extension_.get(), NULL));
    187   string16 error;
    188   EXPECT_TRUE(ap::MustRemainEnabled(extension_.get(), &error));
    189   EXPECT_FALSE(error.empty());
    190 
    191   CreateExtension(Manifest::INTERNAL);
    192   error.clear();
    193   EXPECT_FALSE(ap::MustRemainEnabled(extension_.get(), NULL));
    194   EXPECT_FALSE(ap::MustRemainEnabled(extension_.get(), &error));
    195   EXPECT_TRUE(error.empty());
    196 }
    197