// Copyright 2023 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "extensions/browser/process_map.h" #include <memory> #include <string_view> #include <vector> #include "base/strings/stringprintf.h" #include "chrome/browser/extensions/extension_browsertest.h" #include "chrome/browser/profiles/profile.h" #include "chrome/browser/ui/browser.h" #include "chrome/browser/ui/tabs/tab_strip_model.h" #include "chrome/test/base/ui_test_utils.h" #include "content/public/browser/render_frame_host.h" #include "content/public/browser/render_process_host.h" #include "content/public/browser/site_isolation_policy.h" #include "content/public/browser/web_contents.h" #include "content/public/common/content_features.h" #include "content/public/test/browser_test.h" #include "content/public/test/browser_test_utils.h" #include "content/public/test/test_navigation_observer.h" #include "extensions/browser/app_window/app_window.h" #include "extensions/browser/app_window/app_window_registry.h" #include "extensions/browser/guest_view/web_view/web_view_guest.h" #include "extensions/common/constants.h" #include "extensions/common/mojom/context_type.mojom.h" #include "extensions/test/extension_test_message_listener.h" #include "extensions/test/test_extension_dir.h" #include "net/dns/mock_host_resolver.h" #include "testing/gtest/include/gtest/gtest.h" namespace extensions { class ProcessMapBrowserTest : public ExtensionBrowserTest { … }; // Check that when an extension frame is inadvertently loaded as sandboxed // because it inherits sandbox flags from its parent, the extension frame can // still use extension messaging APIs without triggering a renderer kill due // to sandboxed frame checks in ChildProcessSecurityPolicy. IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, SandboxedWebPageEmbedsExtension) { … } // Tests that extension E1 containing a sandboxed webpage A which then contains // extension E2 in a subframe results in the E2 frame being sandboxed. IN_PROC_BROWSER_TEST_F( ProcessMapBrowserTest, ExtensionFrameContainingSandboxedFrameContainingOtherExtensionFrame) { … } // Tests that web pages are not considered privileged extension processes. IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, IsPrivilegedExtensionProcess_WebPages) { … } // Tests the type of contexts that can be hosted in web page processes. IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, CanHostContextType_WebPages) { … } // Tests that web ui pages are not considered privileged extension processes. IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, IsPrivilegedExtensionProcess_WebUiPages) { … } // Tests the type of processes that can be hosted in web ui processes. IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, CanHostContextType_WebUiPages) { … } // Tests that normal extension pages are considered privileged extension // processes. IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, IsPrivilegedExtensionProcess_ExtensionPages) { … } // Tests the type of contexts that can be hosted in regular extension processes. IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, CanHostContextType_ExtensionPages) { … } // Tests that a web page with injected content scripts is not considered a // privileged extension process. IN_PROC_BROWSER_TEST_F( ProcessMapBrowserTest, IsPrivilegedExtensionProcess_WebPagesWithContentScripts) { … } // Tests the type of contexts that can be hosted in a web page process that has // had a content script injected in it. IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, CanHostContextType_WebPagesWithContentScripts) { … } // The following defines a common test body used by the // Sandboxed*Are*Isolated tests that follow. `frame_url` defines the page to // be loaded, and may be an regular (http/s) page, a data url, or an // about:srcdoc url. If it's about:srcdoc, the iframe srcdoc attribute will be // used, and set to the value of `content`. `expect_isolated_from_each_other` // indicates whether the subframes are expected to be isolated from each other, // and if the sandboxed frame should have a sandboxed SiteInstance. // `expect_sandboxed_subframe_isolated_from_extension_page` indicates we // expect the sandboxed frame to be isolated from the extension mainframe, // and `expect_non_sandboxed_subframe_isolated_from_extension_page` indicates // that we expect the non-sandboxed subframe to be process isolated from the // extension mainframe. This function is defined here to keep it close to the // tests that use it, for easier reference. void ProcessMapBrowserTest::VerifyWhetherSubframesAreIsolated( const GURL& frame_url, const std::string& content, bool expect_subframes_isolated_from_each_other, bool expect_sandboxed_subframe_isolated_from_extension_page, bool expect_non_sandboxed_subframe_isolated_from_extension_page) { … } // Tests that web pages loaded in sandboxed iframes inside an extension are // isolated from the extension and from non-sandboxed iframes of the same web // origin, if IsolateSandboxedIframes is enabled. There are three variations, // one for a web url, one for a data: url, and one for about:srcdoc. IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, SandboxedNonExtensionWebPagesAreIsolated) { … } IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, SandboxedDataFramesAreMaybeIsolated) { … } IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, SandboxedSrcdocFramesAreMaybeIsolated) { … } // Function implementation defined here to be close to the tests that use it. void ProcessMapBrowserTest:: VerifySandboxedSubframeHasResourceAccessButMaybeApiAccess( const std::string& parent_script_template, const bool is_subframe_data_url, const bool expects_api_access) { … } // Tests that a data: url in a sandboxed frame in an extension still has access // to resources. IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, SandboxedDataUrlStillHasAccessToExtensionResources) { … } // Tests that a srcdoc in a sandboxed frame in an extension still has access to // resources. IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, SandboxedSrcdocStillHasAccessToExtensionResources) { … } // Tests that an extension page in a sandboxed frame in an extension still has // access to resources. IN_PROC_BROWSER_TEST_F( ProcessMapBrowserTest, SandboxedExtensionPageStillHasAccessToExtensionResources) { … } // Tests that an extension inside a sandboxed subframe of another extension // still has privileges. It will be process isolated regardless of the sandbox // attribute since extensions are isolated from one another. IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, SandboxedSubframeExtensionHasPrivilege) { … } // At present, the default mode is IsolatedSandboxedIframes mode (which isolates // manifest-sandboxed extension pages in a different process that is not // privileged). If there are multiple manifest-sandboxed extension pages, // they will share a SiteInstance and non-privileged process. This test verifies // that all manifest-sandboxed frames load into the same (non-privileged) // process. IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, IsPrivilegedExtensionProcess_SandboxedExtensionFrame) { … } // Test class to run tests both with and without sandboxing. class ProcessMapAboutSrcdocBrowserTest : public ProcessMapBrowserTest, public ::testing::WithParamInterface<bool> { … }; // This test verifies that an about:srcdoc frame with a non-extension parent // cannot inherit an extension precursor origin that allows it to incorrectly // access extension resources. The srcdoc frame should also not inherit the // base URI of the extension. IN_PROC_BROWSER_TEST_P(ProcessMapAboutSrcdocBrowserTest, ExtensionCannotNavigateAboutSrcdocGrandchild) { … } INSTANTIATE_TEST_SUITE_P(…); // Tests the type of contexts that can be hosted in extension processes with // a sandboxed process frame. IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, CanHostContextType_SandboxedExtensionFrame) { … } IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, IsPrivilegedExtensionProcess_WebViews) { … } IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, CanHostContextType_WebViews) { … } IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, IsPrivilegedExtensionProcess_UserScripts) { … } IN_PROC_BROWSER_TEST_F(ProcessMapBrowserTest, CanHostContextType_UserScripts) { … } } // namespace extensions
Codebase Browser
chromium