// Copyright 2013 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "extensions/browser/admin_policy.h" #include "base/values.h" #include "extensions/common/extension.h" #include "extensions/common/manifest.h" #include "extensions/common/manifest_constants.h" #include "testing/gtest/include/gtest/gtest.h" using base::Value; using extensions::Extension; using extensions::Manifest; namespace ap = extensions::admin_policy; class ExtensionAdminPolicyTest : public testing::Test { public: void CreateExtension(Manifest::Location location) { base::DictionaryValue values; CreateExtensionFromValues(location, &values); } void CreateHostedApp(Manifest::Location location) { base::DictionaryValue values; values.Set(extensions::manifest_keys::kWebURLs, new base::ListValue()); values.SetString(extensions::manifest_keys::kLaunchWebURL, "http://www.example.com"); CreateExtensionFromValues(location, &values); } void CreateExtensionFromValues(Manifest::Location location, base::DictionaryValue* values) { values->SetString(extensions::manifest_keys::kName, "test"); values->SetString(extensions::manifest_keys::kVersion, "0.1"); std::string error; extension_ = Extension::Create(base::FilePath(), location, *values, Extension::NO_FLAGS, &error); ASSERT_TRUE(extension_.get()); } protected: scoped_refptr<Extension> extension_; }; // Tests the flag value indicating that extensions are blacklisted by default. TEST_F(ExtensionAdminPolicyTest, BlacklistedByDefault) { EXPECT_FALSE(ap::BlacklistedByDefault(NULL)); base::ListValue blacklist; blacklist.Append(new base::StringValue("http://www.google.com")); EXPECT_FALSE(ap::BlacklistedByDefault(&blacklist)); blacklist.Append(new base::StringValue("*")); EXPECT_TRUE(ap::BlacklistedByDefault(&blacklist)); blacklist.Clear(); blacklist.Append(new base::StringValue("*")); EXPECT_TRUE(ap::BlacklistedByDefault(&blacklist)); } // Tests UserMayLoad for required extensions. TEST_F(ExtensionAdminPolicyTest, UserMayLoadRequired) { CreateExtension(Manifest::COMPONENT); EXPECT_TRUE(ap::UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(), NULL)); string16 error; EXPECT_TRUE(ap::UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(), &error)); EXPECT_TRUE(error.empty()); // Required extensions may load even if they're on the blacklist. base::ListValue blacklist; blacklist.Append(new base::StringValue(extension_->id())); EXPECT_TRUE(ap::UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL)); blacklist.Append(new base::StringValue("*")); EXPECT_TRUE(ap::UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL)); } // Tests UserMayLoad when no blacklist exists, or it's empty. TEST_F(ExtensionAdminPolicyTest, UserMayLoadNoBlacklist) { CreateExtension(Manifest::INTERNAL); EXPECT_TRUE(ap::UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(), NULL)); base::ListValue blacklist; EXPECT_TRUE(ap::UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL)); string16 error; EXPECT_TRUE(ap::UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), &error)); EXPECT_TRUE(error.empty()); } // Tests UserMayLoad for an extension on the whitelist. TEST_F(ExtensionAdminPolicyTest, UserMayLoadWhitelisted) { CreateExtension(Manifest::INTERNAL); base::ListValue whitelist; whitelist.Append(new base::StringValue(extension_->id())); EXPECT_TRUE(ap::UserMayLoad(NULL, &whitelist, NULL, NULL, extension_.get(), NULL)); base::ListValue blacklist; blacklist.Append(new base::StringValue(extension_->id())); EXPECT_TRUE(ap::UserMayLoad(NULL, &whitelist, NULL, NULL, extension_.get(), NULL)); string16 error; EXPECT_TRUE(ap::UserMayLoad(NULL, &whitelist, NULL, NULL, extension_.get(), &error)); EXPECT_TRUE(error.empty()); } // Tests UserMayLoad for an extension on the blacklist. TEST_F(ExtensionAdminPolicyTest, UserMayLoadBlacklisted) { CreateExtension(Manifest::INTERNAL); // Blacklisted by default. base::ListValue blacklist; blacklist.Append(new base::StringValue("*")); EXPECT_FALSE(ap::UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL)); string16 error; EXPECT_FALSE(ap::UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), &error)); EXPECT_FALSE(error.empty()); // Extension on the blacklist, with and without wildcard. blacklist.Append(new base::StringValue(extension_->id())); EXPECT_FALSE(ap::UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL)); blacklist.Clear(); blacklist.Append(new base::StringValue(extension_->id())); EXPECT_FALSE(ap::UserMayLoad(&blacklist, NULL, NULL, NULL, extension_.get(), NULL)); // With a whitelist. There's no such thing as a whitelist wildcard. base::ListValue whitelist; whitelist.Append( new base::StringValue("behllobkkfkfnphdnhnkndlbkcpglgmj")); EXPECT_FALSE(ap::UserMayLoad(&blacklist, &whitelist, NULL, NULL, extension_.get(), NULL)); whitelist.Append(new base::StringValue("*")); EXPECT_FALSE(ap::UserMayLoad(&blacklist, &whitelist, NULL, NULL, extension_.get(), NULL)); } TEST_F(ExtensionAdminPolicyTest, UserMayLoadAllowedTypes) { CreateExtension(Manifest::INTERNAL); EXPECT_TRUE(ap::UserMayLoad(NULL, NULL, NULL, NULL, extension_.get(), NULL)); base::ListValue allowed_types; EXPECT_FALSE(ap::UserMayLoad(NULL, NULL, NULL, &allowed_types, extension_.get(), NULL)); allowed_types.AppendInteger(Manifest::TYPE_EXTENSION); EXPECT_TRUE(ap::UserMayLoad(NULL, NULL, NULL, &allowed_types, extension_.get(), NULL)); CreateHostedApp(Manifest::INTERNAL); EXPECT_FALSE(ap::UserMayLoad(NULL, NULL, NULL, &allowed_types, extension_.get(), NULL)); CreateHostedApp(Manifest::EXTERNAL_POLICY_DOWNLOAD); EXPECT_FALSE(ap::UserMayLoad(NULL, NULL, NULL, &allowed_types, extension_.get(), NULL)); } TEST_F(ExtensionAdminPolicyTest, UserMayModifySettings) { CreateExtension(Manifest::INTERNAL); EXPECT_TRUE(ap::UserMayModifySettings(extension_.get(), NULL)); string16 error; EXPECT_TRUE(ap::UserMayModifySettings(extension_.get(), &error)); EXPECT_TRUE(error.empty()); CreateExtension(Manifest::EXTERNAL_POLICY_DOWNLOAD); error.clear(); EXPECT_FALSE(ap::UserMayModifySettings(extension_.get(), NULL)); EXPECT_FALSE(ap::UserMayModifySettings(extension_.get(), &error)); EXPECT_FALSE(error.empty()); } TEST_F(ExtensionAdminPolicyTest, MustRemainEnabled) { CreateExtension(Manifest::EXTERNAL_POLICY_DOWNLOAD); EXPECT_TRUE(ap::MustRemainEnabled(extension_.get(), NULL)); string16 error; EXPECT_TRUE(ap::MustRemainEnabled(extension_.get(), &error)); EXPECT_FALSE(error.empty()); CreateExtension(Manifest::INTERNAL); error.clear(); EXPECT_FALSE(ap::MustRemainEnabled(extension_.get(), NULL)); EXPECT_FALSE(ap::MustRemainEnabled(extension_.get(), &error)); EXPECT_TRUE(error.empty()); }