Codebase Browser
chromium
Go to App

chromium/chrome/browser/ash/fileapi/file_access_permissions_unittest.cc 

// Copyright 2013 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chrome/browser/ash/fileapi/file_access_permissions.h"

#include "extensions/common/extension.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "url/gurl.h"
#include "url/origin.h"

namespace ash {

TEST(FileAccessPermissionsTest, FileAccessChecks) {
  base::FilePath good_dir(FILE_PATH_LITERAL("/root/dir"));
  base::FilePath bad_dir(FILE_PATH_LITERAL("/root"));
  base::FilePath good_file(FILE_PATH_LITERAL("/root/dir/good_file.txt"));
  base::FilePath bad_file(FILE_PATH_LITERAL("/root/dir/bad_file.txt"));

  url::Origin extension1_origin =
      url::Origin::Create(extensions::Extension::GetBaseURLFromExtensionId(
          "ddammdhioacbehjngdmkjcjbnfginlla"));
  url::Origin extension2_origin =
      url::Origin::Create(extensions::Extension::GetBaseURLFromExtensionId(
          "jkhdjkhkhsdkfhsdkhrterwmtermeter"));
  url::Origin app_origin = url::Origin::Create(GURL("chrome://file-manager"));

  FileAccessPermissions permissions;
  // By default extension have no access to any local file.
  EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, good_dir));
  EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, good_file));
  EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, bad_file));
  EXPECT_FALSE(permissions.HasAccessPermission(extension2_origin, good_dir));
  EXPECT_FALSE(permissions.HasAccessPermission(extension2_origin, good_file));
  EXPECT_FALSE(permissions.HasAccessPermission(extension2_origin, bad_file));
  EXPECT_FALSE(permissions.HasAccessPermission(app_origin, good_dir));
  EXPECT_FALSE(permissions.HasAccessPermission(app_origin, good_file));
  EXPECT_FALSE(permissions.HasAccessPermission(app_origin, bad_file));

  // After granting file access to the handler extension for a given file, it
  // can only access that file an nothing else.
  permissions.GrantAccessPermission(extension1_origin, good_file);
  EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, good_dir));
  EXPECT_TRUE(permissions.HasAccessPermission(extension1_origin, good_file));
  EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, bad_file));
  EXPECT_FALSE(permissions.HasAccessPermission(extension2_origin, good_dir));
  EXPECT_FALSE(permissions.HasAccessPermission(extension2_origin, good_file));
  EXPECT_FALSE(permissions.HasAccessPermission(extension2_origin, bad_file));
  EXPECT_FALSE(permissions.HasAccessPermission(app_origin, good_dir));
  EXPECT_FALSE(permissions.HasAccessPermission(app_origin, good_file));
  EXPECT_FALSE(permissions.HasAccessPermission(app_origin, bad_file));

  // After granting file access to the handler extension for a given directory,
  // it can access that directory and all files within it.
  permissions.GrantAccessPermission(extension2_origin, good_dir);
  EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, good_dir));
  EXPECT_TRUE(permissions.HasAccessPermission(extension1_origin, good_file));
  EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, bad_file));
  EXPECT_TRUE(permissions.HasAccessPermission(extension2_origin, good_dir));
  EXPECT_TRUE(permissions.HasAccessPermission(extension2_origin, good_file));
  EXPECT_TRUE(permissions.HasAccessPermission(extension2_origin, bad_file));
  EXPECT_FALSE(permissions.HasAccessPermission(app_origin, good_dir));
  EXPECT_FALSE(permissions.HasAccessPermission(app_origin, good_file));
  EXPECT_FALSE(permissions.HasAccessPermission(app_origin, bad_file));

  // Finally, after granting permission to the app for the given directory
  // it can access that director all all files within it.
  permissions.GrantAccessPermission(app_origin, good_dir);
  EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, good_dir));
  EXPECT_TRUE(permissions.HasAccessPermission(extension1_origin, good_file));
  EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, bad_file));
  EXPECT_TRUE(permissions.HasAccessPermission(extension2_origin, good_dir));
  EXPECT_TRUE(permissions.HasAccessPermission(extension2_origin, good_file));
  EXPECT_TRUE(permissions.HasAccessPermission(extension2_origin, bad_file));
  EXPECT_TRUE(permissions.HasAccessPermission(app_origin, good_dir));
  EXPECT_TRUE(permissions.HasAccessPermission(app_origin, good_file));
  EXPECT_TRUE(permissions.HasAccessPermission(app_origin, bad_file));

  // After revoking rights for extensions, they should not be able to access
  // any file system element anymore.
  permissions.RevokePermissions(extension1_origin);
  permissions.RevokePermissions(extension2_origin);
  permissions.RevokePermissions(app_origin);
  EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, good_dir));
  EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, good_file));
  EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, bad_file));
  EXPECT_FALSE(permissions.HasAccessPermission(extension2_origin, good_dir));
  EXPECT_FALSE(permissions.HasAccessPermission(extension2_origin, good_file));
  EXPECT_FALSE(permissions.HasAccessPermission(extension2_origin, bad_file));
  EXPECT_FALSE(permissions.HasAccessPermission(app_origin, good_dir));
  EXPECT_FALSE(permissions.HasAccessPermission(app_origin, good_file));
  EXPECT_FALSE(permissions.HasAccessPermission(app_origin, bad_file));
}

}  // namespace ash