1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <string>
6
7 #include "base/compiler_specific.h"
8 #include "base/memory/scoped_ptr.h"
9 #include "base/message_loop/message_loop.h"
10 #include "base/values.h"
11 #include "chrome/browser/chrome_notification_types.h"
12 #include "chrome/browser/extensions/active_tab_permission_granter.h"
13 #include "chrome/browser/extensions/tab_helper.h"
14 #include "chrome/browser/profiles/profile.h"
15 #include "chrome/browser/sessions/session_tab_helper.h"
16 #include "chrome/common/extensions/features/feature_channel.h"
17 #include "chrome/test/base/chrome_render_view_host_test_harness.h"
18 #include "content/public/browser/browser_thread.h"
19 #include "content/public/browser/navigation_details.h"
20 #include "content/public/browser/navigation_entry.h"
21 #include "content/public/browser/notification_service.h"
22 #include "content/public/browser/notification_types.h"
23 #include "content/public/browser/web_contents.h"
24 #include "content/public/common/frame_navigate_params.h"
25 #include "content/public/test/test_browser_thread.h"
26 #include "extensions/browser/extension_registry.h"
27 #include "extensions/common/extension.h"
28 #include "extensions/common/extension_builder.h"
29 #include "extensions/common/features/feature.h"
30 #include "extensions/common/permissions/permissions_data.h"
31 #include "extensions/common/value_builder.h"
32
33 using base::DictionaryValue;
34 using base::ListValue;
35 using content::BrowserThread;
36 using content::NavigationController;
37
38 namespace extensions {
39 namespace {
40
CreateTestExtension(const std::string & id,bool has_active_tab_permission,bool has_tab_capture_permission)41 scoped_refptr<const Extension> CreateTestExtension(
42 const std::string& id,
43 bool has_active_tab_permission,
44 bool has_tab_capture_permission) {
45 ListBuilder permissions;
46 if (has_active_tab_permission)
47 permissions.Append("activeTab");
48 if (has_tab_capture_permission)
49 permissions.Append("tabCapture");
50 return ExtensionBuilder()
51 .SetManifest(DictionaryBuilder()
52 .Set("name", "Extension with ID " + id)
53 .Set("version", "1.0")
54 .Set("manifest_version", 2)
55 .Set("permissions", permissions))
56 .SetID(id)
57 .Build();
58 }
59
60 enum PermittedFeature {
61 PERMITTED_NONE,
62 PERMITTED_SCRIPT_ONLY,
63 PERMITTED_CAPTURE_ONLY,
64 PERMITTED_BOTH
65 };
66
67 class ActiveTabTest : public ChromeRenderViewHostTestHarness {
68 protected:
ActiveTabTest()69 ActiveTabTest()
70 : current_channel(chrome::VersionInfo::CHANNEL_DEV),
71 extension(CreateTestExtension("deadbeef", true, false)),
72 another_extension(CreateTestExtension("feedbeef", true, false)),
73 extension_without_active_tab(CreateTestExtension("badbeef",
74 false,
75 false)),
76 extension_with_tab_capture(CreateTestExtension("cafebeef",
77 true,
78 true)) {}
79
SetUp()80 virtual void SetUp() OVERRIDE {
81 ChromeRenderViewHostTestHarness::SetUp();
82 TabHelper::CreateForWebContents(web_contents());
83 }
84
tab_id()85 int tab_id() {
86 return SessionTabHelper::IdForTab(web_contents());
87 }
88
active_tab_permission_granter()89 ActiveTabPermissionGranter* active_tab_permission_granter() {
90 return extensions::TabHelper::FromWebContents(web_contents())->
91 active_tab_permission_granter();
92 }
93
IsAllowed(const scoped_refptr<const Extension> & extension,const GURL & url)94 bool IsAllowed(const scoped_refptr<const Extension>& extension,
95 const GURL& url) {
96 return IsAllowed(extension, url, PERMITTED_BOTH, tab_id());
97 }
98
IsAllowed(const scoped_refptr<const Extension> & extension,const GURL & url,PermittedFeature feature)99 bool IsAllowed(const scoped_refptr<const Extension>& extension,
100 const GURL& url,
101 PermittedFeature feature) {
102 return IsAllowed(extension, url, feature, tab_id());
103 }
104
IsAllowed(const scoped_refptr<const Extension> & extension,const GURL & url,PermittedFeature feature,int tab_id)105 bool IsAllowed(const scoped_refptr<const Extension>& extension,
106 const GURL& url,
107 PermittedFeature feature,
108 int tab_id) {
109 const PermissionsData* permissions_data = extension->permissions_data();
110 bool script = permissions_data->CanAccessPage(
111 extension.get(), url, url, tab_id, -1, NULL);
112 bool capture = HasTabsPermission(extension, tab_id) &&
113 permissions_data->CanCaptureVisiblePage(tab_id, NULL);
114 switch (feature) {
115 case PERMITTED_SCRIPT_ONLY:
116 return script && !capture;
117 case PERMITTED_CAPTURE_ONLY:
118 return capture && !script;
119 case PERMITTED_BOTH:
120 return script && capture;
121 case PERMITTED_NONE:
122 return !script && !capture;
123 }
124 NOTREACHED();
125 return false;
126 }
127
IsBlocked(const scoped_refptr<const Extension> & extension,const GURL & url)128 bool IsBlocked(const scoped_refptr<const Extension>& extension,
129 const GURL& url) {
130 return IsBlocked(extension, url, tab_id());
131 }
132
IsBlocked(const scoped_refptr<const Extension> & extension,const GURL & url,int tab_id)133 bool IsBlocked(const scoped_refptr<const Extension>& extension,
134 const GURL& url,
135 int tab_id) {
136 return IsAllowed(extension, url, PERMITTED_NONE, tab_id);
137 }
138
HasTabsPermission(const scoped_refptr<const Extension> & extension)139 bool HasTabsPermission(const scoped_refptr<const Extension>& extension) {
140 return HasTabsPermission(extension, tab_id());
141 }
142
HasTabsPermission(const scoped_refptr<const Extension> & extension,int tab_id)143 bool HasTabsPermission(const scoped_refptr<const Extension>& extension,
144 int tab_id) {
145 return extension->permissions_data()->HasAPIPermissionForTab(
146 tab_id, APIPermission::kTab);
147 }
148
IsGrantedForTab(const Extension * extension,const content::WebContents * web_contents)149 bool IsGrantedForTab(const Extension* extension,
150 const content::WebContents* web_contents) {
151 return extension->permissions_data()->HasAPIPermissionForTab(
152 SessionTabHelper::IdForTab(web_contents), APIPermission::kTab);
153 }
154
155 // TODO(justinlin): Remove when tabCapture is moved to stable.
156 ScopedCurrentChannel current_channel;
157
158 // An extension with the activeTab permission.
159 scoped_refptr<const Extension> extension;
160
161 // Another extension with activeTab (for good measure).
162 scoped_refptr<const Extension> another_extension;
163
164 // An extension without the activeTab permission.
165 scoped_refptr<const Extension> extension_without_active_tab;
166
167 // An extension with both the activeTab and tabCapture permission.
168 scoped_refptr<const Extension> extension_with_tab_capture;
169 };
170
TEST_F(ActiveTabTest,GrantToSinglePage)171 TEST_F(ActiveTabTest, GrantToSinglePage) {
172 GURL google("http://www.google.com");
173 NavigateAndCommit(google);
174
175 // No access unless it's been granted.
176 EXPECT_TRUE(IsBlocked(extension, google));
177 EXPECT_TRUE(IsBlocked(another_extension, google));
178 EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
179
180 EXPECT_FALSE(HasTabsPermission(extension));
181 EXPECT_FALSE(HasTabsPermission(another_extension));
182 EXPECT_FALSE(HasTabsPermission(extension_without_active_tab));
183
184 active_tab_permission_granter()->GrantIfRequested(extension.get());
185 active_tab_permission_granter()->GrantIfRequested(
186 extension_without_active_tab.get());
187
188 // Granted to extension and extension_without_active_tab, but the latter
189 // doesn't have the activeTab permission so not granted.
190 EXPECT_TRUE(IsAllowed(extension, google));
191 EXPECT_TRUE(IsBlocked(another_extension, google));
192 EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
193
194 // Other subdomains shouldn't be given access.
195 GURL mail_google("http://mail.google.com");
196 EXPECT_TRUE(IsAllowed(extension, mail_google, PERMITTED_CAPTURE_ONLY));
197 EXPECT_TRUE(IsBlocked(another_extension, mail_google));
198 EXPECT_TRUE(IsBlocked(extension_without_active_tab, mail_google));
199
200 // Reloading the page should clear the active permissions.
201 Reload();
202
203 EXPECT_TRUE(IsBlocked(extension, google));
204 EXPECT_TRUE(IsBlocked(another_extension, google));
205 EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
206
207 EXPECT_FALSE(HasTabsPermission(extension));
208 EXPECT_FALSE(HasTabsPermission(another_extension));
209 EXPECT_FALSE(HasTabsPermission(extension_without_active_tab));
210
211 // But they should still be able to be granted again.
212 active_tab_permission_granter()->GrantIfRequested(extension.get());
213
214 EXPECT_TRUE(IsAllowed(extension, google));
215 EXPECT_TRUE(IsBlocked(another_extension, google));
216 EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
217
218 // And grant a few more times redundantly for good measure.
219 active_tab_permission_granter()->GrantIfRequested(extension.get());
220 active_tab_permission_granter()->GrantIfRequested(extension.get());
221 active_tab_permission_granter()->GrantIfRequested(another_extension.get());
222 active_tab_permission_granter()->GrantIfRequested(another_extension.get());
223 active_tab_permission_granter()->GrantIfRequested(another_extension.get());
224 active_tab_permission_granter()->GrantIfRequested(extension.get());
225 active_tab_permission_granter()->GrantIfRequested(extension.get());
226 active_tab_permission_granter()->GrantIfRequested(another_extension.get());
227 active_tab_permission_granter()->GrantIfRequested(another_extension.get());
228
229 EXPECT_TRUE(IsAllowed(extension, google));
230 EXPECT_TRUE(IsAllowed(another_extension, google));
231 EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
232
233 // Navigating to a new URL should clear the active permissions.
234 GURL chromium("http://www.chromium.org");
235 NavigateAndCommit(chromium);
236
237 EXPECT_TRUE(IsBlocked(extension, google));
238 EXPECT_TRUE(IsBlocked(another_extension, google));
239 EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
240
241 EXPECT_TRUE(IsBlocked(extension, chromium));
242 EXPECT_TRUE(IsBlocked(another_extension, chromium));
243 EXPECT_TRUE(IsBlocked(extension_without_active_tab, chromium));
244
245 EXPECT_FALSE(HasTabsPermission(extension));
246 EXPECT_FALSE(HasTabsPermission(another_extension));
247 EXPECT_FALSE(HasTabsPermission(extension_without_active_tab));
248
249 // Should be able to grant to multiple extensions at the same time (if they
250 // have the activeTab permission, of course).
251 active_tab_permission_granter()->GrantIfRequested(extension.get());
252 active_tab_permission_granter()->GrantIfRequested(another_extension.get());
253 active_tab_permission_granter()->GrantIfRequested(
254 extension_without_active_tab.get());
255
256 EXPECT_TRUE(IsAllowed(extension, google, PERMITTED_CAPTURE_ONLY));
257 EXPECT_TRUE(IsAllowed(another_extension, google, PERMITTED_CAPTURE_ONLY));
258 EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
259
260 EXPECT_TRUE(IsAllowed(extension, chromium));
261 EXPECT_TRUE(IsAllowed(another_extension, chromium));
262 EXPECT_TRUE(IsBlocked(extension_without_active_tab, chromium));
263
264 // Should be able to go back to URLs that were previously cleared.
265 NavigateAndCommit(google);
266
267 active_tab_permission_granter()->GrantIfRequested(extension.get());
268 active_tab_permission_granter()->GrantIfRequested(another_extension.get());
269 active_tab_permission_granter()->GrantIfRequested(
270 extension_without_active_tab.get());
271
272 EXPECT_TRUE(IsAllowed(extension, google));
273 EXPECT_TRUE(IsAllowed(another_extension, google));
274 EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
275
276 EXPECT_TRUE(IsAllowed(extension, chromium, PERMITTED_CAPTURE_ONLY));
277 EXPECT_TRUE(IsAllowed(another_extension, chromium, PERMITTED_CAPTURE_ONLY));
278 EXPECT_TRUE(IsBlocked(extension_without_active_tab, chromium));
279 };
280
TEST_F(ActiveTabTest,Uninstalling)281 TEST_F(ActiveTabTest, Uninstalling) {
282 // Some semi-arbitrary setup.
283 GURL google("http://www.google.com");
284 NavigateAndCommit(google);
285
286 active_tab_permission_granter()->GrantIfRequested(extension.get());
287
288 EXPECT_TRUE(IsGrantedForTab(extension.get(), web_contents()));
289 EXPECT_TRUE(IsAllowed(extension, google));
290
291 // Uninstalling the extension should clear its tab permissions.
292 ExtensionRegistry* registry =
293 ExtensionRegistry::Get(web_contents()->GetBrowserContext());
294 registry->TriggerOnUnloaded(extension.get(),
295 UnloadedExtensionInfo::REASON_DISABLE);
296
297 // Note: can't EXPECT_FALSE(IsAllowed) here because uninstalled extensions
298 // are just that... considered to be uninstalled, and the manager might
299 // just ignore them from here on.
300
301 // Granting the extension again should give them back.
302 active_tab_permission_granter()->GrantIfRequested(extension.get());
303
304 EXPECT_TRUE(IsGrantedForTab(extension.get(), web_contents()));
305 EXPECT_TRUE(IsAllowed(extension, google));
306 }
307
TEST_F(ActiveTabTest,OnlyActiveTab)308 TEST_F(ActiveTabTest, OnlyActiveTab) {
309 GURL google("http://www.google.com");
310 NavigateAndCommit(google);
311
312 active_tab_permission_granter()->GrantIfRequested(extension.get());
313
314 EXPECT_TRUE(IsAllowed(extension, google, PERMITTED_BOTH, tab_id()));
315 EXPECT_TRUE(IsBlocked(extension, google, tab_id() + 1));
316 EXPECT_FALSE(HasTabsPermission(extension, tab_id() + 1));
317 }
318
TEST_F(ActiveTabTest,NavigateInPage)319 TEST_F(ActiveTabTest, NavigateInPage) {
320 GURL google("http://www.google.com");
321 NavigateAndCommit(google);
322
323 active_tab_permission_granter()->GrantIfRequested(extension.get());
324
325 // Perform an in-page navigation. The extension should not lose the temporary
326 // permission.
327 GURL google_h1("http://www.google.com#h1");
328 NavigateAndCommit(google_h1);
329
330 EXPECT_TRUE(IsAllowed(extension, google));
331 EXPECT_TRUE(IsAllowed(extension, google_h1));
332
333 GURL chromium("http://www.chromium.org");
334 NavigateAndCommit(chromium);
335
336 EXPECT_FALSE(IsAllowed(extension, google));
337 EXPECT_FALSE(IsAllowed(extension, google_h1));
338 EXPECT_FALSE(IsAllowed(extension, chromium));
339
340 active_tab_permission_granter()->GrantIfRequested(extension.get());
341
342 EXPECT_FALSE(IsAllowed(extension, google));
343 EXPECT_FALSE(IsAllowed(extension, google_h1));
344 EXPECT_TRUE(IsAllowed(extension, chromium));
345
346 GURL chromium_h1("http://www.chromium.org#h1");
347 NavigateAndCommit(chromium_h1);
348
349 EXPECT_FALSE(IsAllowed(extension, google));
350 EXPECT_FALSE(IsAllowed(extension, google_h1));
351 EXPECT_TRUE(IsAllowed(extension, chromium));
352 EXPECT_TRUE(IsAllowed(extension, chromium_h1));
353
354 Reload();
355
356 EXPECT_FALSE(IsAllowed(extension, google));
357 EXPECT_FALSE(IsAllowed(extension, google_h1));
358 EXPECT_FALSE(IsAllowed(extension, chromium));
359 EXPECT_FALSE(IsAllowed(extension, chromium_h1));
360 }
361
TEST_F(ActiveTabTest,ChromeUrlGrants)362 TEST_F(ActiveTabTest, ChromeUrlGrants) {
363 GURL internal("chrome://version");
364 NavigateAndCommit(internal);
365 active_tab_permission_granter()->GrantIfRequested(
366 extension_with_tab_capture.get());
367 // Do not grant tabs/hosts permissions for tab.
368 EXPECT_TRUE(IsAllowed(extension_with_tab_capture, internal,
369 PERMITTED_CAPTURE_ONLY));
370 const PermissionsData* permissions_data =
371 extension_with_tab_capture->permissions_data();
372 EXPECT_TRUE(permissions_data->HasAPIPermissionForTab(
373 tab_id(), APIPermission::kTabCaptureForTab));
374
375 EXPECT_TRUE(IsBlocked(extension_with_tab_capture, internal, tab_id() + 1));
376 EXPECT_FALSE(permissions_data->HasAPIPermissionForTab(
377 tab_id() + 1, APIPermission::kTabCaptureForTab));
378 }
379
380 } // namespace
381 } // namespace extensions
382