1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include <algorithm> 6 #include <vector> 7 8 #include "base/json/json_parser.h" 9 #include "base/memory/scoped_ptr.h" 10 #include "base/prefs/pref_registry_simple.h" 11 #include "base/prefs/testing_pref_service.h" 12 #include "base/values.h" 13 #include "chrome/browser/extensions/extension_management.h" 14 #include "chrome/browser/extensions/extension_management_test_util.h" 15 #include "chrome/browser/extensions/external_policy_loader.h" 16 #include "extensions/browser/pref_names.h" 17 #include "extensions/common/manifest.h" 18 #include "extensions/common/manifest_constants.h" 19 #include "extensions/common/url_pattern.h" 20 #include "testing/gtest/include/gtest/gtest.h" 21 #include "url/gurl.h" 22 23 namespace extensions { 24 25 namespace { 26 27 const char kTargetExtension[] = "abcdefghijklmnopabcdefghijklmnop"; 28 const char kTargetExtension2[] = "bcdefghijklmnopabcdefghijklmnopa"; 29 const char kTargetExtension3[] = "cdefghijklmnopabcdefghijklmnopab"; 30 const char kTargetExtension4[] = "defghijklmnopabcdefghijklmnopabc"; 31 const char kOtherExtension[] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; 32 const char kExampleUpdateUrl[] = "http://example.com/update_url"; 33 34 const char kExampleDictPreference[] = 35 "{" 36 " \"abcdefghijklmnopabcdefghijklmnop\": {" // kTargetExtension 37 " \"installation_mode\": \"allowed\"," 38 " }," 39 " \"bcdefghijklmnopabcdefghijklmnopa\": {" // kTargetExtension2 40 " \"installation_mode\": \"force_installed\"," 41 " \"update_url\": \"http://example.com/update_url\"," 42 " }," 43 " \"cdefghijklmnopabcdefghijklmnopab\": {" // kTargetExtension3 44 " \"installation_mode\": \"normal_installed\"," 45 " \"update_url\": \"http://example.com/update_url\"," 46 " }," 47 " \"defghijklmnopabcdefghijklmnopabc\": {" // kTargetExtension4 48 " \"installation_mode\": \"blocked\"," 49 " }," 50 " \"*\": {" 51 " \"installation_mode\": \"blocked\"," 52 " \"install_sources\": [\"*://foo.com/*\"]," 53 " \"allowed_types\": [\"theme\", \"user_script\"]," 54 " }," 55 "}"; 56 57 } // namespace 58 59 class ExtensionManagementServiceTest : public testing::Test { 60 public: 61 typedef ExtensionManagementPrefUpdater<TestingPrefServiceSimple> PrefUpdater; 62 63 ExtensionManagementServiceTest() {} 64 virtual ~ExtensionManagementServiceTest() {} 65 66 // testing::Test: 67 virtual void SetUp() OVERRIDE { 68 InitPrefService(); 69 } 70 71 void InitPrefService() { 72 extension_management_.reset(); 73 pref_service_.reset(new TestingPrefServiceSimple()); 74 pref_service_->registry()->RegisterListPref( 75 pref_names::kAllowedInstallSites); 76 pref_service_->registry()->RegisterListPref(pref_names::kAllowedTypes); 77 pref_service_->registry()->RegisterListPref(pref_names::kInstallDenyList); 78 pref_service_->registry()->RegisterListPref(pref_names::kInstallAllowList); 79 pref_service_->registry()->RegisterDictionaryPref( 80 pref_names::kInstallForceList); 81 pref_service_->registry()->RegisterDictionaryPref( 82 pref_names::kExtensionManagement); 83 extension_management_.reset(new ExtensionManagement(pref_service_.get())); 84 } 85 86 void SetPref(bool managed, const char* path, base::Value* value) { 87 if (managed) 88 pref_service_->SetManagedPref(path, value); 89 else 90 pref_service_->SetUserPref(path, value); 91 } 92 93 void RemovePref(bool managed, const char* path) { 94 if (managed) 95 pref_service_->RemoveManagedPref(path); 96 else 97 pref_service_->RemoveUserPref(path); 98 } 99 100 void SetExampleDictPref() { 101 std::string error_msg; 102 scoped_ptr<base::Value> parsed(base::JSONReader::ReadAndReturnError( 103 kExampleDictPreference, 104 base::JSONParserOptions::JSON_ALLOW_TRAILING_COMMAS, 105 NULL, 106 &error_msg)); 107 ASSERT_TRUE(parsed && parsed->IsType(base::Value::TYPE_DICTIONARY)) 108 << error_msg; 109 SetPref(true, pref_names::kExtensionManagement, parsed.release()); 110 } 111 112 protected: 113 scoped_ptr<TestingPrefServiceSimple> pref_service_; 114 scoped_ptr<ExtensionManagement> extension_management_; 115 }; 116 117 class ExtensionAdminPolicyTest : public ExtensionManagementServiceTest { 118 public: 119 ExtensionAdminPolicyTest() {} 120 virtual ~ExtensionAdminPolicyTest() {} 121 122 void CreateExtension(Manifest::Location location) { 123 base::DictionaryValue values; 124 CreateExtensionFromValues(location, &values); 125 } 126 127 void CreateHostedApp(Manifest::Location location) { 128 base::DictionaryValue values; 129 values.Set(extensions::manifest_keys::kWebURLs, new base::ListValue()); 130 values.SetString(extensions::manifest_keys::kLaunchWebURL, 131 "http://www.example.com"); 132 CreateExtensionFromValues(location, &values); 133 } 134 135 void CreateExtensionFromValues(Manifest::Location location, 136 base::DictionaryValue* values) { 137 values->SetString(extensions::manifest_keys::kName, "test"); 138 values->SetString(extensions::manifest_keys::kVersion, "0.1"); 139 std::string error; 140 extension_ = Extension::Create(base::FilePath(), location, *values, 141 Extension::NO_FLAGS, &error); 142 ASSERT_TRUE(extension_.get()); 143 } 144 145 // Wrappers for legacy admin policy functions, for testing purpose only. 146 bool BlacklistedByDefault(const base::ListValue* blacklist); 147 bool UserMayLoad(const base::ListValue* blacklist, 148 const base::ListValue* whitelist, 149 const base::DictionaryValue* forcelist, 150 const base::ListValue* allowed_types, 151 const Extension* extension, 152 base::string16* error); 153 bool UserMayModifySettings(const Extension* extension, base::string16* error); 154 bool MustRemainEnabled(const Extension* extension, base::string16* error); 155 156 protected: 157 scoped_refptr<Extension> extension_; 158 }; 159 160 bool ExtensionAdminPolicyTest::BlacklistedByDefault( 161 const base::ListValue* blacklist) { 162 InitPrefService(); 163 if (blacklist) 164 SetPref(true, pref_names::kInstallDenyList, blacklist->DeepCopy()); 165 return extension_management_->BlacklistedByDefault(); 166 } 167 168 bool ExtensionAdminPolicyTest::UserMayLoad( 169 const base::ListValue* blacklist, 170 const base::ListValue* whitelist, 171 const base::DictionaryValue* forcelist, 172 const base::ListValue* allowed_types, 173 const Extension* extension, 174 base::string16* error) { 175 InitPrefService(); 176 if (blacklist) 177 SetPref(true, pref_names::kInstallDenyList, blacklist->DeepCopy()); 178 if (whitelist) 179 SetPref(true, pref_names::kInstallAllowList, whitelist->DeepCopy()); 180 if (forcelist) 181 SetPref(true, pref_names::kInstallForceList, forcelist->DeepCopy()); 182 if (allowed_types) 183 SetPref(true, pref_names::kAllowedTypes, allowed_types->DeepCopy()); 184 return extension_management_->GetProvider()->UserMayLoad(extension, error); 185 } 186 187 bool ExtensionAdminPolicyTest::UserMayModifySettings(const Extension* extension, 188 base::string16* error) { 189 InitPrefService(); 190 return extension_management_->GetProvider()->UserMayModifySettings(extension, 191 error); 192 } 193 194 bool ExtensionAdminPolicyTest::MustRemainEnabled(const Extension* extension, 195 base::string16* error) { 196 InitPrefService(); 197 return extension_management_->GetProvider()->MustRemainEnabled(extension, 198 error); 199 } 200 201 // Verify that preference controlled by legacy ExtensionInstallSources policy is 202 // handled well. 203 TEST_F(ExtensionManagementServiceTest, LegacyInstallSources) { 204 base::ListValue allowed_sites_pref; 205 allowed_sites_pref.AppendString("https://www.example.com/foo"); 206 allowed_sites_pref.AppendString("https://corp.mycompany.com/*"); 207 SetPref( 208 true, pref_names::kAllowedInstallSites, allowed_sites_pref.DeepCopy()); 209 const URLPatternSet& allowed_sites = 210 extension_management_->ReadGlobalSettings().install_sources; 211 ASSERT_TRUE(extension_management_->ReadGlobalSettings() 212 .has_restricted_install_sources); 213 EXPECT_FALSE(allowed_sites.is_empty()); 214 EXPECT_TRUE(allowed_sites.MatchesURL(GURL("https://www.example.com/foo"))); 215 EXPECT_FALSE(allowed_sites.MatchesURL(GURL("https://www.example.com/bar"))); 216 EXPECT_TRUE( 217 allowed_sites.MatchesURL(GURL("https://corp.mycompany.com/entry"))); 218 EXPECT_FALSE( 219 allowed_sites.MatchesURL(GURL("https://www.mycompany.com/entry"))); 220 } 221 222 // Verify that preference controlled by legacy ExtensionAllowedTypes policy is 223 // handled well. 224 TEST_F(ExtensionManagementServiceTest, LegacyAllowedTypes) { 225 base::ListValue allowed_types_pref; 226 allowed_types_pref.AppendInteger(Manifest::TYPE_THEME); 227 allowed_types_pref.AppendInteger(Manifest::TYPE_USER_SCRIPT); 228 229 SetPref(true, pref_names::kAllowedTypes, allowed_types_pref.DeepCopy()); 230 const std::vector<Manifest::Type>& allowed_types = 231 extension_management_->ReadGlobalSettings().allowed_types; 232 ASSERT_TRUE( 233 extension_management_->ReadGlobalSettings().has_restricted_allowed_types); 234 EXPECT_TRUE(allowed_types.size() == 2); 235 EXPECT_FALSE(std::find(allowed_types.begin(), 236 allowed_types.end(), 237 Manifest::TYPE_EXTENSION) != allowed_types.end()); 238 EXPECT_TRUE(std::find(allowed_types.begin(), 239 allowed_types.end(), 240 Manifest::TYPE_THEME) != allowed_types.end()); 241 EXPECT_TRUE(std::find(allowed_types.begin(), 242 allowed_types.end(), 243 Manifest::TYPE_USER_SCRIPT) != allowed_types.end()); 244 } 245 246 // Verify that preference controlled by legacy ExtensionInstallBlacklist policy 247 // is handled well. 248 TEST_F(ExtensionManagementServiceTest, LegacyInstallBlacklist) { 249 base::ListValue denied_list_pref; 250 denied_list_pref.AppendString(kTargetExtension); 251 252 SetPref(true, pref_names::kInstallDenyList, denied_list_pref.DeepCopy()); 253 EXPECT_EQ(extension_management_->ReadById(kTargetExtension).installation_mode, 254 ExtensionManagement::INSTALLATION_BLOCKED); 255 EXPECT_EQ(extension_management_->ReadById(kOtherExtension).installation_mode, 256 ExtensionManagement::INSTALLATION_ALLOWED); 257 } 258 259 // Verify that preference controlled by legacy ExtensionInstallWhitelist policy 260 // is handled well. 261 TEST_F(ExtensionManagementServiceTest, LegacyInstallWhitelist) { 262 base::ListValue denied_list_pref; 263 denied_list_pref.AppendString("*"); 264 base::ListValue allowed_list_pref; 265 allowed_list_pref.AppendString(kTargetExtension); 266 267 SetPref(true, pref_names::kInstallDenyList, denied_list_pref.DeepCopy()); 268 SetPref(true, pref_names::kInstallAllowList, allowed_list_pref.DeepCopy()); 269 EXPECT_EQ(extension_management_->ReadById(kTargetExtension).installation_mode, 270 ExtensionManagement::INSTALLATION_ALLOWED); 271 EXPECT_EQ(extension_management_->ReadById(kOtherExtension).installation_mode, 272 ExtensionManagement::INSTALLATION_BLOCKED); 273 274 // Verify that install whitelist preference set by user is ignored. 275 RemovePref(true, pref_names::kInstallAllowList); 276 SetPref(false, pref_names::kInstallAllowList, allowed_list_pref.DeepCopy()); 277 EXPECT_EQ(extension_management_->ReadById(kTargetExtension).installation_mode, 278 ExtensionManagement::INSTALLATION_BLOCKED); 279 } 280 281 // Verify that preference controlled by legacy ExtensionInstallForcelist policy 282 // is handled well. 283 TEST_F(ExtensionManagementServiceTest, LegacyInstallForcelist) { 284 base::DictionaryValue forced_list_pref; 285 ExternalPolicyLoader::AddExtension( 286 &forced_list_pref, kTargetExtension, kExampleUpdateUrl); 287 288 SetPref(true, pref_names::kInstallForceList, forced_list_pref.DeepCopy()); 289 EXPECT_EQ(extension_management_->ReadById(kTargetExtension).installation_mode, 290 ExtensionManagement::INSTALLATION_FORCED); 291 EXPECT_EQ(extension_management_->ReadById(kTargetExtension).update_url, 292 kExampleUpdateUrl); 293 EXPECT_EQ(extension_management_->ReadById(kOtherExtension).installation_mode, 294 ExtensionManagement::INSTALLATION_ALLOWED); 295 296 // Verify that install forcelist preference set by user is ignored. 297 RemovePref(true, pref_names::kInstallForceList); 298 SetPref(false, pref_names::kInstallForceList, forced_list_pref.DeepCopy()); 299 EXPECT_EQ(extension_management_->ReadById(kTargetExtension).installation_mode, 300 ExtensionManagement::INSTALLATION_ALLOWED); 301 } 302 303 // Tests parsing of new dictionary preference. 304 TEST_F(ExtensionManagementServiceTest, PreferenceParsing) { 305 SetExampleDictPref(); 306 307 // Verifies the installation mode settings. 308 EXPECT_TRUE(extension_management_->BlacklistedByDefault()); 309 EXPECT_EQ(extension_management_->ReadById(kTargetExtension).installation_mode, 310 ExtensionManagement::INSTALLATION_ALLOWED); 311 EXPECT_EQ( 312 extension_management_->ReadById(kTargetExtension2).installation_mode, 313 ExtensionManagement::INSTALLATION_FORCED); 314 EXPECT_EQ(extension_management_->ReadById(kTargetExtension2).update_url, 315 kExampleUpdateUrl); 316 EXPECT_EQ( 317 extension_management_->ReadById(kTargetExtension3).installation_mode, 318 ExtensionManagement::INSTALLATION_RECOMMENDED); 319 EXPECT_EQ(extension_management_->ReadById(kTargetExtension3).update_url, 320 kExampleUpdateUrl); 321 EXPECT_EQ(extension_management_->ReadById(kOtherExtension).installation_mode, 322 ExtensionManagement::INSTALLATION_BLOCKED); 323 324 // Verifies global settings. 325 EXPECT_TRUE(extension_management_->ReadGlobalSettings() 326 .has_restricted_install_sources); 327 const URLPatternSet& allowed_sites = 328 extension_management_->ReadGlobalSettings().install_sources; 329 EXPECT_EQ(allowed_sites.size(), 1u); 330 EXPECT_TRUE(allowed_sites.MatchesURL(GURL("http://foo.com/entry"))); 331 EXPECT_FALSE(allowed_sites.MatchesURL(GURL("http://bar.com/entry"))); 332 333 EXPECT_TRUE( 334 extension_management_->ReadGlobalSettings().has_restricted_allowed_types); 335 const std::vector<Manifest::Type>& allowed_types = 336 extension_management_->ReadGlobalSettings().allowed_types; 337 EXPECT_EQ(allowed_types.size(), 2u); 338 EXPECT_TRUE(std::find(allowed_types.begin(), 339 allowed_types.end(), 340 Manifest::TYPE_THEME) != allowed_types.end()); 341 EXPECT_TRUE(std::find(allowed_types.begin(), 342 allowed_types.end(), 343 Manifest::TYPE_USER_SCRIPT) != allowed_types.end()); 344 } 345 346 // Tests functionality of new preference as to deprecate legacy 347 // ExtensionInstallSources policy. 348 TEST_F(ExtensionManagementServiceTest, NewInstallSources) { 349 // Set the legacy preference, and verifies that it works. 350 base::ListValue allowed_sites_pref; 351 allowed_sites_pref.AppendString("https://www.example.com/foo"); 352 SetPref( 353 true, pref_names::kAllowedInstallSites, allowed_sites_pref.DeepCopy()); 354 EXPECT_TRUE(extension_management_->ReadGlobalSettings() 355 .has_restricted_install_sources); 356 EXPECT_TRUE( 357 extension_management_->ReadGlobalSettings() 358 .install_sources.MatchesURL(GURL("https://www.example.com/foo"))); 359 360 // Set the new dictionary preference. 361 { 362 PrefUpdater updater(pref_service_.get()); 363 updater.ClearInstallSources(); 364 } 365 // Verifies that the new one overrides the legacy ones. 366 EXPECT_TRUE(extension_management_->ReadGlobalSettings() 367 .has_restricted_install_sources); 368 EXPECT_FALSE( 369 extension_management_->ReadGlobalSettings() 370 .install_sources.MatchesURL(GURL("https://www.example.com/foo"))); 371 372 // Updates the new dictionary preference. 373 { 374 PrefUpdater updater(pref_service_.get()); 375 updater.AddInstallSource("https://corp.mycompany.com/*"); 376 } 377 EXPECT_TRUE(extension_management_->ReadGlobalSettings() 378 .has_restricted_install_sources); 379 EXPECT_TRUE(extension_management_->ReadGlobalSettings() 380 .install_sources.MatchesURL( 381 GURL("https://corp.mycompany.com/entry"))); 382 } 383 384 // Tests functionality of new preference as to deprecate legacy 385 // ExtensionAllowedTypes policy. 386 TEST_F(ExtensionManagementServiceTest, NewAllowedTypes) { 387 // Set the legacy preference, and verifies that it works. 388 base::ListValue allowed_types_pref; 389 allowed_types_pref.AppendInteger(Manifest::TYPE_USER_SCRIPT); 390 SetPref(true, pref_names::kAllowedTypes, allowed_types_pref.DeepCopy()); 391 EXPECT_TRUE( 392 extension_management_->ReadGlobalSettings().has_restricted_allowed_types); 393 EXPECT_EQ(extension_management_->ReadGlobalSettings().allowed_types.size(), 394 1u); 395 EXPECT_EQ(extension_management_->ReadGlobalSettings().allowed_types[0], 396 Manifest::TYPE_USER_SCRIPT); 397 398 // Set the new dictionary preference. 399 { 400 PrefUpdater updater(pref_service_.get()); 401 updater.ClearAllowedTypes(); 402 } 403 // Verifies that the new one overrides the legacy ones. 404 EXPECT_TRUE( 405 extension_management_->ReadGlobalSettings().has_restricted_allowed_types); 406 EXPECT_EQ(extension_management_->ReadGlobalSettings().allowed_types.size(), 407 0u); 408 409 // Updates the new dictionary preference. 410 { 411 PrefUpdater updater(pref_service_.get()); 412 updater.AddAllowedType("theme"); 413 } 414 EXPECT_TRUE( 415 extension_management_->ReadGlobalSettings().has_restricted_allowed_types); 416 EXPECT_EQ(extension_management_->ReadGlobalSettings().allowed_types.size(), 417 1u); 418 EXPECT_EQ(extension_management_->ReadGlobalSettings().allowed_types[0], 419 Manifest::TYPE_THEME); 420 } 421 422 // Tests functionality of new preference as to deprecate legacy 423 // ExtensionInstallBlacklist policy. 424 TEST_F(ExtensionManagementServiceTest, NewInstallBlacklist) { 425 // Set the new dictionary preference. 426 { 427 PrefUpdater updater(pref_service_.get()); 428 updater.SetBlacklistedByDefault(false); // Allowed by default. 429 updater.SetIndividualExtensionInstallationAllowed(kTargetExtension, false); 430 updater.ClearPerExtensionSettings(kTargetExtension2); 431 updater.ClearPerExtensionSettings(kOtherExtension); 432 } 433 EXPECT_FALSE(extension_management_->BlacklistedByDefault()); 434 EXPECT_EQ(extension_management_->ReadById(kTargetExtension).installation_mode, 435 ExtensionManagement::INSTALLATION_BLOCKED); 436 EXPECT_EQ(extension_management_->ReadById(kOtherExtension).installation_mode, 437 ExtensionManagement::INSTALLATION_ALLOWED); 438 439 // Set legacy preference. 440 base::ListValue denied_list_pref; 441 denied_list_pref.AppendString("*"); 442 denied_list_pref.AppendString(kTargetExtension2); 443 SetPref(true, pref_names::kInstallDenyList, denied_list_pref.DeepCopy()); 444 445 base::ListValue allowed_list_pref; 446 allowed_list_pref.AppendString(kTargetExtension); 447 SetPref(true, pref_names::kInstallAllowList, allowed_list_pref.DeepCopy()); 448 449 // Verifies that the new one have higher priority over the legacy ones. 450 EXPECT_FALSE(extension_management_->BlacklistedByDefault()); 451 EXPECT_EQ(extension_management_->ReadById(kTargetExtension).installation_mode, 452 ExtensionManagement::INSTALLATION_BLOCKED); 453 EXPECT_EQ( 454 extension_management_->ReadById(kTargetExtension2).installation_mode, 455 ExtensionManagement::INSTALLATION_BLOCKED); 456 EXPECT_EQ(extension_management_->ReadById(kOtherExtension).installation_mode, 457 ExtensionManagement::INSTALLATION_ALLOWED); 458 } 459 460 // Tests functionality of new preference as to deprecate legacy 461 // ExtensionInstallWhitelist policy. 462 TEST_F(ExtensionManagementServiceTest, NewInstallWhitelist) { 463 // Set the new dictionary preference. 464 { 465 PrefUpdater updater(pref_service_.get()); 466 updater.SetBlacklistedByDefault(true); // Disallowed by default. 467 updater.SetIndividualExtensionInstallationAllowed(kTargetExtension, true); 468 updater.ClearPerExtensionSettings(kTargetExtension2); 469 updater.ClearPerExtensionSettings(kOtherExtension); 470 } 471 EXPECT_TRUE(extension_management_->BlacklistedByDefault()); 472 EXPECT_EQ(extension_management_->ReadById(kTargetExtension).installation_mode, 473 ExtensionManagement::INSTALLATION_ALLOWED); 474 EXPECT_EQ(extension_management_->ReadById(kOtherExtension).installation_mode, 475 ExtensionManagement::INSTALLATION_BLOCKED); 476 477 // Set legacy preference. 478 base::ListValue denied_list_pref; 479 denied_list_pref.AppendString(kTargetExtension); 480 SetPref(true, pref_names::kInstallDenyList, denied_list_pref.DeepCopy()); 481 482 base::ListValue allowed_list_pref; 483 allowed_list_pref.AppendString(kTargetExtension2); 484 SetPref(true, pref_names::kInstallAllowList, allowed_list_pref.DeepCopy()); 485 486 // Verifies that the new one have higher priority over the legacy ones. 487 EXPECT_TRUE(extension_management_->BlacklistedByDefault()); 488 EXPECT_EQ(extension_management_->ReadById(kTargetExtension).installation_mode, 489 ExtensionManagement::INSTALLATION_ALLOWED); 490 EXPECT_EQ( 491 extension_management_->ReadById(kTargetExtension2).installation_mode, 492 ExtensionManagement::INSTALLATION_ALLOWED); 493 EXPECT_EQ(extension_management_->ReadById(kOtherExtension).installation_mode, 494 ExtensionManagement::INSTALLATION_BLOCKED); 495 } 496 497 // Tests functionality of new preference as to deprecate legacy 498 // ExtensionInstallForcelist policy. 499 TEST_F(ExtensionManagementServiceTest, NewInstallForcelist) { 500 // Set some legacy preferences, to verify that the new one overrides the 501 // legacy ones. 502 base::ListValue denied_list_pref; 503 denied_list_pref.AppendString(kTargetExtension); 504 SetPref(true, pref_names::kInstallDenyList, denied_list_pref.DeepCopy()); 505 506 // Set the new dictionary preference. 507 { 508 PrefUpdater updater(pref_service_.get()); 509 updater.SetIndividualExtensionAutoInstalled( 510 kTargetExtension, kExampleUpdateUrl, true); 511 updater.ClearPerExtensionSettings(kOtherExtension); 512 } 513 EXPECT_EQ(extension_management_->ReadById(kTargetExtension).installation_mode, 514 ExtensionManagement::INSTALLATION_FORCED); 515 EXPECT_EQ(extension_management_->ReadById(kTargetExtension).update_url, 516 kExampleUpdateUrl); 517 EXPECT_EQ(extension_management_->ReadById(kOtherExtension).installation_mode, 518 ExtensionManagement::INSTALLATION_ALLOWED); 519 } 520 521 // Tests the behavior of IsInstallationExplicitlyAllowed(). 522 TEST_F(ExtensionManagementServiceTest, IsInstallationExplicitlyAllowed) { 523 SetExampleDictPref(); 524 525 // Constant name indicates the installation_mode of extensions in example 526 // preference. 527 const char* allowed = kTargetExtension; 528 const char* forced = kTargetExtension2; 529 const char* recommended = kTargetExtension3; 530 const char* blocked = kTargetExtension4; 531 const char* not_specified = kOtherExtension; 532 533 // BlacklistedByDefault() is true in example preference. 534 EXPECT_TRUE(extension_management_->IsInstallationExplicitlyAllowed(allowed)); 535 EXPECT_TRUE(extension_management_->IsInstallationExplicitlyAllowed(forced)); 536 EXPECT_TRUE( 537 extension_management_->IsInstallationExplicitlyAllowed(recommended)); 538 EXPECT_FALSE(extension_management_->IsInstallationExplicitlyAllowed(blocked)); 539 EXPECT_FALSE( 540 extension_management_->IsInstallationExplicitlyAllowed(not_specified)); 541 542 { 543 // Set BlacklistedByDefault() to false. 544 PrefUpdater pref(pref_service_.get()); 545 pref.SetBlacklistedByDefault(false); 546 } 547 548 // The result should remain the same. 549 EXPECT_TRUE(extension_management_->IsInstallationExplicitlyAllowed(allowed)); 550 EXPECT_TRUE(extension_management_->IsInstallationExplicitlyAllowed(forced)); 551 EXPECT_TRUE( 552 extension_management_->IsInstallationExplicitlyAllowed(recommended)); 553 EXPECT_FALSE(extension_management_->IsInstallationExplicitlyAllowed(blocked)); 554 EXPECT_FALSE( 555 extension_management_->IsInstallationExplicitlyAllowed(not_specified)); 556 } 557 558 // Tests the flag value indicating that extensions are blacklisted by default. 559 TEST_F(ExtensionAdminPolicyTest, BlacklistedByDefault) { 560 EXPECT_FALSE(BlacklistedByDefault(NULL)); 561 562 base::ListValue blacklist; 563 blacklist.Append(new base::StringValue(kOtherExtension)); 564 EXPECT_FALSE(BlacklistedByDefault(&blacklist)); 565 blacklist.Append(new base::StringValue("*")); 566 EXPECT_TRUE(BlacklistedByDefault(&blacklist)); 567 568 blacklist.Clear(); 569 blacklist.Append(new base::StringValue("*")); 570 EXPECT_TRUE(BlacklistedByDefault(&blacklist)); 571 } 572 573 // Tests UserMayLoad for required extensions. 574 TEST_F(ExtensionAdminPolicyTest, UserMayLoadRequired) { 575 CreateExtension(Manifest::COMPONENT); 576 EXPECT_TRUE(UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(), NULL)); 577 base::string16 error; 578 EXPECT_TRUE(UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(), &error)); 579 EXPECT_TRUE(error.empty()); 580 581 // Required extensions may load even if they're on the blacklist. 582 base::ListValue blacklist; 583 blacklist.Append(new base::StringValue(extension_->id())); 584 EXPECT_TRUE( 585 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL)); 586 587 blacklist.Append(new base::StringValue("*")); 588 EXPECT_TRUE( 589 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL)); 590 } 591 592 // Tests UserMayLoad when no blacklist exists, or it's empty. 593 TEST_F(ExtensionAdminPolicyTest, UserMayLoadNoBlacklist) { 594 CreateExtension(Manifest::INTERNAL); 595 EXPECT_TRUE(UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(), NULL)); 596 base::ListValue blacklist; 597 EXPECT_TRUE( 598 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL)); 599 base::string16 error; 600 EXPECT_TRUE( 601 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), &error)); 602 EXPECT_TRUE(error.empty()); 603 } 604 605 // Tests UserMayLoad for an extension on the whitelist. 606 TEST_F(ExtensionAdminPolicyTest, UserMayLoadWhitelisted) { 607 CreateExtension(Manifest::INTERNAL); 608 609 base::ListValue whitelist; 610 whitelist.Append(new base::StringValue(extension_->id())); 611 EXPECT_TRUE( 612 UserMayLoad(NULL, &whitelist, NULL, NULL, extension_.get(), NULL)); 613 614 base::ListValue blacklist; 615 blacklist.Append(new base::StringValue(extension_->id())); 616 EXPECT_TRUE( 617 UserMayLoad(NULL, &whitelist, NULL, NULL, extension_.get(), NULL)); 618 base::string16 error; 619 EXPECT_TRUE( 620 UserMayLoad(NULL, &whitelist, NULL, NULL, extension_.get(), &error)); 621 EXPECT_TRUE(error.empty()); 622 } 623 624 // Tests UserMayLoad for an extension on the blacklist. 625 TEST_F(ExtensionAdminPolicyTest, UserMayLoadBlacklisted) { 626 CreateExtension(Manifest::INTERNAL); 627 628 // Blacklisted by default. 629 base::ListValue blacklist; 630 blacklist.Append(new base::StringValue("*")); 631 EXPECT_FALSE( 632 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL)); 633 base::string16 error; 634 EXPECT_FALSE( 635 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), &error)); 636 EXPECT_FALSE(error.empty()); 637 638 // Extension on the blacklist, with and without wildcard. 639 blacklist.Append(new base::StringValue(extension_->id())); 640 EXPECT_FALSE( 641 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL)); 642 blacklist.Clear(); 643 blacklist.Append(new base::StringValue(extension_->id())); 644 EXPECT_FALSE( 645 UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL)); 646 647 // With a whitelist. There's no such thing as a whitelist wildcard. 648 base::ListValue whitelist; 649 whitelist.Append(new base::StringValue("behllobkkfkfnphdnhnkndlbkcpglgmj")); 650 EXPECT_FALSE( 651 UserMayLoad(&blacklist, &whitelist, NULL, NULL, extension_.get(), NULL)); 652 whitelist.Append(new base::StringValue("*")); 653 EXPECT_FALSE( 654 UserMayLoad(&blacklist, &whitelist, NULL, NULL, extension_.get(), NULL)); 655 } 656 657 TEST_F(ExtensionAdminPolicyTest, UserMayLoadAllowedTypes) { 658 CreateExtension(Manifest::INTERNAL); 659 EXPECT_TRUE(UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(), NULL)); 660 661 base::ListValue allowed_types; 662 EXPECT_FALSE( 663 UserMayLoad(NULL, NULL, NULL, &allowed_types, extension_.get(), NULL)); 664 665 allowed_types.AppendInteger(Manifest::TYPE_EXTENSION); 666 EXPECT_TRUE( 667 UserMayLoad(NULL, NULL, NULL, &allowed_types, extension_.get(), NULL)); 668 669 CreateHostedApp(Manifest::INTERNAL); 670 EXPECT_FALSE( 671 UserMayLoad(NULL, NULL, NULL, &allowed_types, extension_.get(), NULL)); 672 673 CreateHostedApp(Manifest::EXTERNAL_POLICY_DOWNLOAD); 674 EXPECT_FALSE( 675 UserMayLoad(NULL, NULL, NULL, &allowed_types, extension_.get(), NULL)); 676 } 677 678 TEST_F(ExtensionAdminPolicyTest, UserMayModifySettings) { 679 CreateExtension(Manifest::INTERNAL); 680 EXPECT_TRUE(UserMayModifySettings(extension_.get(), NULL)); 681 base::string16 error; 682 EXPECT_TRUE(UserMayModifySettings(extension_.get(), &error)); 683 EXPECT_TRUE(error.empty()); 684 685 CreateExtension(Manifest::EXTERNAL_POLICY_DOWNLOAD); 686 error.clear(); 687 EXPECT_FALSE(UserMayModifySettings(extension_.get(), NULL)); 688 EXPECT_FALSE(UserMayModifySettings(extension_.get(), &error)); 689 EXPECT_FALSE(error.empty()); 690 } 691 692 TEST_F(ExtensionAdminPolicyTest, MustRemainEnabled) { 693 CreateExtension(Manifest::EXTERNAL_POLICY_DOWNLOAD); 694 EXPECT_TRUE(MustRemainEnabled(extension_.get(), NULL)); 695 base::string16 error; 696 EXPECT_TRUE(MustRemainEnabled(extension_.get(), &error)); 697 EXPECT_FALSE(error.empty()); 698 699 CreateExtension(Manifest::INTERNAL); 700 error.clear(); 701 EXPECT_FALSE(MustRemainEnabled(extension_.get(), NULL)); 702 EXPECT_FALSE(MustRemainEnabled(extension_.get(), &error)); 703 EXPECT_TRUE(error.empty()); 704 } 705 706 } // namespace extensions 707
