1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include <string> 6 7 #include "base/compiler_specific.h" 8 #include "base/memory/scoped_ptr.h" 9 #include "base/message_loop/message_loop.h" 10 #include "base/values.h" 11 #include "chrome/browser/chrome_notification_types.h" 12 #include "chrome/browser/extensions/active_tab_permission_granter.h" 13 #include "chrome/browser/extensions/tab_helper.h" 14 #include "chrome/browser/profiles/profile.h" 15 #include "chrome/browser/sessions/session_tab_helper.h" 16 #include "chrome/common/extensions/features/feature_channel.h" 17 #include "chrome/test/base/chrome_render_view_host_test_harness.h" 18 #include "content/public/browser/browser_thread.h" 19 #include "content/public/browser/navigation_details.h" 20 #include "content/public/browser/navigation_entry.h" 21 #include "content/public/browser/notification_service.h" 22 #include "content/public/browser/notification_types.h" 23 #include "content/public/browser/web_contents.h" 24 #include "content/public/common/frame_navigate_params.h" 25 #include "content/public/test/test_browser_thread.h" 26 #include "extensions/browser/extension_registry.h" 27 #include "extensions/common/extension.h" 28 #include "extensions/common/extension_builder.h" 29 #include "extensions/common/features/feature.h" 30 #include "extensions/common/permissions/permissions_data.h" 31 #include "extensions/common/value_builder.h" 32 33 using base::DictionaryValue; 34 using base::ListValue; 35 using content::BrowserThread; 36 using content::NavigationController; 37 38 namespace extensions { 39 namespace { 40 41 scoped_refptr<const Extension> CreateTestExtension( 42 const std::string& id, 43 bool has_active_tab_permission, 44 bool has_tab_capture_permission) { 45 ListBuilder permissions; 46 if (has_active_tab_permission) 47 permissions.Append("activeTab"); 48 if (has_tab_capture_permission) 49 permissions.Append("tabCapture"); 50 return ExtensionBuilder() 51 .SetManifest(DictionaryBuilder() 52 .Set("name", "Extension with ID " + id) 53 .Set("version", "1.0") 54 .Set("manifest_version", 2) 55 .Set("permissions", permissions)) 56 .SetID(id) 57 .Build(); 58 } 59 60 enum PermittedFeature { 61 PERMITTED_NONE, 62 PERMITTED_SCRIPT_ONLY, 63 PERMITTED_CAPTURE_ONLY, 64 PERMITTED_BOTH 65 }; 66 67 class ActiveTabTest : public ChromeRenderViewHostTestHarness { 68 protected: 69 ActiveTabTest() 70 : current_channel(chrome::VersionInfo::CHANNEL_DEV), 71 extension(CreateTestExtension("deadbeef", true, false)), 72 another_extension(CreateTestExtension("feedbeef", true, false)), 73 extension_without_active_tab(CreateTestExtension("badbeef", 74 false, 75 false)), 76 extension_with_tab_capture(CreateTestExtension("cafebeef", 77 true, 78 true)) {} 79 80 virtual void SetUp() OVERRIDE { 81 ChromeRenderViewHostTestHarness::SetUp(); 82 TabHelper::CreateForWebContents(web_contents()); 83 } 84 85 int tab_id() { 86 return SessionTabHelper::IdForTab(web_contents()); 87 } 88 89 ActiveTabPermissionGranter* active_tab_permission_granter() { 90 return extensions::TabHelper::FromWebContents(web_contents())-> 91 active_tab_permission_granter(); 92 } 93 94 bool IsAllowed(const scoped_refptr<const Extension>& extension, 95 const GURL& url) { 96 return IsAllowed(extension, url, PERMITTED_BOTH, tab_id()); 97 } 98 99 bool IsAllowed(const scoped_refptr<const Extension>& extension, 100 const GURL& url, 101 PermittedFeature feature) { 102 return IsAllowed(extension, url, feature, tab_id()); 103 } 104 105 bool IsAllowed(const scoped_refptr<const Extension>& extension, 106 const GURL& url, 107 PermittedFeature feature, 108 int tab_id) { 109 const PermissionsData* permissions_data = extension->permissions_data(); 110 bool script = permissions_data->CanAccessPage( 111 extension.get(), url, url, tab_id, -1, NULL); 112 bool capture = HasTabsPermission(extension, tab_id) && 113 permissions_data->CanCaptureVisiblePage(tab_id, NULL); 114 switch (feature) { 115 case PERMITTED_SCRIPT_ONLY: 116 return script && !capture; 117 case PERMITTED_CAPTURE_ONLY: 118 return capture && !script; 119 case PERMITTED_BOTH: 120 return script && capture; 121 case PERMITTED_NONE: 122 return !script && !capture; 123 } 124 NOTREACHED(); 125 return false; 126 } 127 128 bool IsBlocked(const scoped_refptr<const Extension>& extension, 129 const GURL& url) { 130 return IsBlocked(extension, url, tab_id()); 131 } 132 133 bool IsBlocked(const scoped_refptr<const Extension>& extension, 134 const GURL& url, 135 int tab_id) { 136 return IsAllowed(extension, url, PERMITTED_NONE, tab_id); 137 } 138 139 bool HasTabsPermission(const scoped_refptr<const Extension>& extension) { 140 return HasTabsPermission(extension, tab_id()); 141 } 142 143 bool HasTabsPermission(const scoped_refptr<const Extension>& extension, 144 int tab_id) { 145 return extension->permissions_data()->HasAPIPermissionForTab( 146 tab_id, APIPermission::kTab); 147 } 148 149 bool IsGrantedForTab(const Extension* extension, 150 const content::WebContents* web_contents) { 151 return extension->permissions_data()->HasAPIPermissionForTab( 152 SessionTabHelper::IdForTab(web_contents), APIPermission::kTab); 153 } 154 155 // TODO(justinlin): Remove when tabCapture is moved to stable. 156 ScopedCurrentChannel current_channel; 157 158 // An extension with the activeTab permission. 159 scoped_refptr<const Extension> extension; 160 161 // Another extension with activeTab (for good measure). 162 scoped_refptr<const Extension> another_extension; 163 164 // An extension without the activeTab permission. 165 scoped_refptr<const Extension> extension_without_active_tab; 166 167 // An extension with both the activeTab and tabCapture permission. 168 scoped_refptr<const Extension> extension_with_tab_capture; 169 }; 170 171 TEST_F(ActiveTabTest, GrantToSinglePage) { 172 GURL google("http://www.google.com"); 173 NavigateAndCommit(google); 174 175 // No access unless it's been granted. 176 EXPECT_TRUE(IsBlocked(extension, google)); 177 EXPECT_TRUE(IsBlocked(another_extension, google)); 178 EXPECT_TRUE(IsBlocked(extension_without_active_tab, google)); 179 180 EXPECT_FALSE(HasTabsPermission(extension)); 181 EXPECT_FALSE(HasTabsPermission(another_extension)); 182 EXPECT_FALSE(HasTabsPermission(extension_without_active_tab)); 183 184 active_tab_permission_granter()->GrantIfRequested(extension.get()); 185 active_tab_permission_granter()->GrantIfRequested( 186 extension_without_active_tab.get()); 187 188 // Granted to extension and extension_without_active_tab, but the latter 189 // doesn't have the activeTab permission so not granted. 190 EXPECT_TRUE(IsAllowed(extension, google)); 191 EXPECT_TRUE(IsBlocked(another_extension, google)); 192 EXPECT_TRUE(IsBlocked(extension_without_active_tab, google)); 193 194 // Other subdomains shouldn't be given access. 195 GURL mail_google("http://mail.google.com"); 196 EXPECT_TRUE(IsAllowed(extension, mail_google, PERMITTED_CAPTURE_ONLY)); 197 EXPECT_TRUE(IsBlocked(another_extension, mail_google)); 198 EXPECT_TRUE(IsBlocked(extension_without_active_tab, mail_google)); 199 200 // Reloading the page should clear the active permissions. 201 Reload(); 202 203 EXPECT_TRUE(IsBlocked(extension, google)); 204 EXPECT_TRUE(IsBlocked(another_extension, google)); 205 EXPECT_TRUE(IsBlocked(extension_without_active_tab, google)); 206 207 EXPECT_FALSE(HasTabsPermission(extension)); 208 EXPECT_FALSE(HasTabsPermission(another_extension)); 209 EXPECT_FALSE(HasTabsPermission(extension_without_active_tab)); 210 211 // But they should still be able to be granted again. 212 active_tab_permission_granter()->GrantIfRequested(extension.get()); 213 214 EXPECT_TRUE(IsAllowed(extension, google)); 215 EXPECT_TRUE(IsBlocked(another_extension, google)); 216 EXPECT_TRUE(IsBlocked(extension_without_active_tab, google)); 217 218 // And grant a few more times redundantly for good measure. 219 active_tab_permission_granter()->GrantIfRequested(extension.get()); 220 active_tab_permission_granter()->GrantIfRequested(extension.get()); 221 active_tab_permission_granter()->GrantIfRequested(another_extension.get()); 222 active_tab_permission_granter()->GrantIfRequested(another_extension.get()); 223 active_tab_permission_granter()->GrantIfRequested(another_extension.get()); 224 active_tab_permission_granter()->GrantIfRequested(extension.get()); 225 active_tab_permission_granter()->GrantIfRequested(extension.get()); 226 active_tab_permission_granter()->GrantIfRequested(another_extension.get()); 227 active_tab_permission_granter()->GrantIfRequested(another_extension.get()); 228 229 EXPECT_TRUE(IsAllowed(extension, google)); 230 EXPECT_TRUE(IsAllowed(another_extension, google)); 231 EXPECT_TRUE(IsBlocked(extension_without_active_tab, google)); 232 233 // Navigating to a new URL should clear the active permissions. 234 GURL chromium("http://www.chromium.org"); 235 NavigateAndCommit(chromium); 236 237 EXPECT_TRUE(IsBlocked(extension, google)); 238 EXPECT_TRUE(IsBlocked(another_extension, google)); 239 EXPECT_TRUE(IsBlocked(extension_without_active_tab, google)); 240 241 EXPECT_TRUE(IsBlocked(extension, chromium)); 242 EXPECT_TRUE(IsBlocked(another_extension, chromium)); 243 EXPECT_TRUE(IsBlocked(extension_without_active_tab, chromium)); 244 245 EXPECT_FALSE(HasTabsPermission(extension)); 246 EXPECT_FALSE(HasTabsPermission(another_extension)); 247 EXPECT_FALSE(HasTabsPermission(extension_without_active_tab)); 248 249 // Should be able to grant to multiple extensions at the same time (if they 250 // have the activeTab permission, of course). 251 active_tab_permission_granter()->GrantIfRequested(extension.get()); 252 active_tab_permission_granter()->GrantIfRequested(another_extension.get()); 253 active_tab_permission_granter()->GrantIfRequested( 254 extension_without_active_tab.get()); 255 256 EXPECT_TRUE(IsAllowed(extension, google, PERMITTED_CAPTURE_ONLY)); 257 EXPECT_TRUE(IsAllowed(another_extension, google, PERMITTED_CAPTURE_ONLY)); 258 EXPECT_TRUE(IsBlocked(extension_without_active_tab, google)); 259 260 EXPECT_TRUE(IsAllowed(extension, chromium)); 261 EXPECT_TRUE(IsAllowed(another_extension, chromium)); 262 EXPECT_TRUE(IsBlocked(extension_without_active_tab, chromium)); 263 264 // Should be able to go back to URLs that were previously cleared. 265 NavigateAndCommit(google); 266 267 active_tab_permission_granter()->GrantIfRequested(extension.get()); 268 active_tab_permission_granter()->GrantIfRequested(another_extension.get()); 269 active_tab_permission_granter()->GrantIfRequested( 270 extension_without_active_tab.get()); 271 272 EXPECT_TRUE(IsAllowed(extension, google)); 273 EXPECT_TRUE(IsAllowed(another_extension, google)); 274 EXPECT_TRUE(IsBlocked(extension_without_active_tab, google)); 275 276 EXPECT_TRUE(IsAllowed(extension, chromium, PERMITTED_CAPTURE_ONLY)); 277 EXPECT_TRUE(IsAllowed(another_extension, chromium, PERMITTED_CAPTURE_ONLY)); 278 EXPECT_TRUE(IsBlocked(extension_without_active_tab, chromium)); 279 }; 280 281 TEST_F(ActiveTabTest, Uninstalling) { 282 // Some semi-arbitrary setup. 283 GURL google("http://www.google.com"); 284 NavigateAndCommit(google); 285 286 active_tab_permission_granter()->GrantIfRequested(extension.get()); 287 288 EXPECT_TRUE(IsGrantedForTab(extension.get(), web_contents())); 289 EXPECT_TRUE(IsAllowed(extension, google)); 290 291 // Uninstalling the extension should clear its tab permissions. 292 ExtensionRegistry* registry = 293 ExtensionRegistry::Get(web_contents()->GetBrowserContext()); 294 registry->TriggerOnUnloaded(extension.get(), 295 UnloadedExtensionInfo::REASON_DISABLE); 296 297 // Note: can't EXPECT_FALSE(IsAllowed) here because uninstalled extensions 298 // are just that... considered to be uninstalled, and the manager might 299 // just ignore them from here on. 300 301 // Granting the extension again should give them back. 302 active_tab_permission_granter()->GrantIfRequested(extension.get()); 303 304 EXPECT_TRUE(IsGrantedForTab(extension.get(), web_contents())); 305 EXPECT_TRUE(IsAllowed(extension, google)); 306 } 307 308 TEST_F(ActiveTabTest, OnlyActiveTab) { 309 GURL google("http://www.google.com"); 310 NavigateAndCommit(google); 311 312 active_tab_permission_granter()->GrantIfRequested(extension.get()); 313 314 EXPECT_TRUE(IsAllowed(extension, google, PERMITTED_BOTH, tab_id())); 315 EXPECT_TRUE(IsBlocked(extension, google, tab_id() + 1)); 316 EXPECT_FALSE(HasTabsPermission(extension, tab_id() + 1)); 317 } 318 319 TEST_F(ActiveTabTest, NavigateInPage) { 320 GURL google("http://www.google.com"); 321 NavigateAndCommit(google); 322 323 active_tab_permission_granter()->GrantIfRequested(extension.get()); 324 325 // Perform an in-page navigation. The extension should not lose the temporary 326 // permission. 327 GURL google_h1("http://www.google.com#h1"); 328 NavigateAndCommit(google_h1); 329 330 EXPECT_TRUE(IsAllowed(extension, google)); 331 EXPECT_TRUE(IsAllowed(extension, google_h1)); 332 333 GURL chromium("http://www.chromium.org"); 334 NavigateAndCommit(chromium); 335 336 EXPECT_FALSE(IsAllowed(extension, google)); 337 EXPECT_FALSE(IsAllowed(extension, google_h1)); 338 EXPECT_FALSE(IsAllowed(extension, chromium)); 339 340 active_tab_permission_granter()->GrantIfRequested(extension.get()); 341 342 EXPECT_FALSE(IsAllowed(extension, google)); 343 EXPECT_FALSE(IsAllowed(extension, google_h1)); 344 EXPECT_TRUE(IsAllowed(extension, chromium)); 345 346 GURL chromium_h1("http://www.chromium.org#h1"); 347 NavigateAndCommit(chromium_h1); 348 349 EXPECT_FALSE(IsAllowed(extension, google)); 350 EXPECT_FALSE(IsAllowed(extension, google_h1)); 351 EXPECT_TRUE(IsAllowed(extension, chromium)); 352 EXPECT_TRUE(IsAllowed(extension, chromium_h1)); 353 354 Reload(); 355 356 EXPECT_FALSE(IsAllowed(extension, google)); 357 EXPECT_FALSE(IsAllowed(extension, google_h1)); 358 EXPECT_FALSE(IsAllowed(extension, chromium)); 359 EXPECT_FALSE(IsAllowed(extension, chromium_h1)); 360 } 361 362 TEST_F(ActiveTabTest, ChromeUrlGrants) { 363 GURL internal("chrome://version"); 364 NavigateAndCommit(internal); 365 active_tab_permission_granter()->GrantIfRequested( 366 extension_with_tab_capture.get()); 367 // Do not grant tabs/hosts permissions for tab. 368 EXPECT_TRUE(IsAllowed(extension_with_tab_capture, internal, 369 PERMITTED_CAPTURE_ONLY)); 370 const PermissionsData* permissions_data = 371 extension_with_tab_capture->permissions_data(); 372 EXPECT_TRUE(permissions_data->HasAPIPermissionForTab( 373 tab_id(), APIPermission::kTabCaptureForTab)); 374 375 EXPECT_TRUE(IsBlocked(extension_with_tab_capture, internal, tab_id() + 1)); 376 EXPECT_FALSE(permissions_data->HasAPIPermissionForTab( 377 tab_id() + 1, APIPermission::kTabCaptureForTab)); 378 } 379 380 } // namespace 381 } // namespace extensions 382
