Fix the optional permissions API.

Make sure the Extension copies in the renderers have the active permissions and not just those defined in the manifest.

BUG=123250
TEST=ExtensionApiTest.ContentScriptPermissionsApi


Review URL: http://codereview.chromium.org/10073011

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@132289 0039d316-1c4b-4281-b951-d872f2087c98

chrome/browser/extensions/content_script_apitest.cc

@@ -3,6 +3,7 @@
 // found in the LICENSE file.
 
 #include "base/utf_string_conversions.h"
+#include "chrome/browser/extensions/api/permissions/permissions_api.h"
 #include "chrome/browser/extensions/extension_apitest.h"
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/ui/browser.h"
@@ -144,3 +145,11 @@ IN_PROC_BROWSER_TEST_F(ExtensionApiTest, ContentScriptExtensionAPIs) {
       NEW_FOREGROUND_TAB, ui_test_utils::BROWSER_TEST_NONE);
   EXPECT_TRUE(catcher.GetNextResult());
 }
+
+IN_PROC_BROWSER_TEST_F(ExtensionApiTest, ContentScriptPermissionsApi) {
+  RequestPermissionsFunction::SetIgnoreUserGestureForTests(true);
+  RequestPermissionsFunction::SetAutoConfirmForTests(true);
+  host_resolver()->AddRule("*.com", "127.0.0.1");
+  ASSERT_TRUE(StartTestServer());
+  ASSERT_TRUE(RunExtensionTest("content_scripts/permissions")) << message_;
+}

chrome/common/extensions/extension_messages.cc

@@ -19,6 +19,9 @@ ExtensionMsg_Loaded_Params::ExtensionMsg_Loaded_Params(
     : manifest(extension->manifest()->value()->DeepCopy()),
       location(extension->location()),
       path(extension->path()),
+      apis(extension->GetActivePermissions()->apis()),
+      explicit_hosts(extension->GetActivePermissions()->explicit_hosts()),
+      scriptable_hosts(extension->GetActivePermissions()->scriptable_hosts()),
       id(extension->id()),
       creation_flags(extension->creation_flags()) {
 }
@@ -30,9 +33,13 @@ scoped_refptr<Extension>
   scoped_refptr<Extension> extension(
       Extension::Create(path, location, *manifest, creation_flags,
                         &error));
-  if (!extension.get())
+  if (!extension.get()) {
     DLOG(ERROR) << "Error deserializing extension: " << error;
+    return extension;
+  }
 
+  extension->SetActivePermissions(
+        new ExtensionPermissionSet(apis, explicit_hosts, scriptable_hosts));
   return extension;
 }
 
@@ -133,6 +140,9 @@ void ParamTraits<ExtensionMsg_Loaded_Params>::Write(Message* m,
   WriteParam(m, p.path);
   WriteParam(m, *(p.manifest));
   WriteParam(m, p.creation_flags);
+  WriteParam(m, p.apis);
+  WriteParam(m, p.explicit_hosts);
+  WriteParam(m, p.scriptable_hosts);
 }
 
 bool ParamTraits<ExtensionMsg_Loaded_Params>::Read(const Message* m,
@@ -142,7 +152,10 @@ bool ParamTraits<ExtensionMsg_Loaded_Params>::Read(const Message* m,
   return ReadParam(m, iter, &p->location) &&
          ReadParam(m, iter, &p->path) &&
          ReadParam(m, iter, p->manifest.get()) &&
-         ReadParam(m, iter, &p->creation_flags);
+         ReadParam(m, iter, &p->creation_flags) &&
+         ReadParam(m, iter, &p->apis) &&
+         ReadParam(m, iter, &p->explicit_hosts) &&
+         ReadParam(m, iter, &p->scriptable_hosts);
 }
 
 void ParamTraits<ExtensionMsg_Loaded_Params>::Log(const param_type& p,

chrome/common/extensions/extension_messages.h

@@ -118,6 +118,11 @@ struct ExtensionMsg_Loaded_Params {
   // to generate the extension ID for extensions that are loaded unpacked.
   FilePath path;
 
+  // The extension's active permissions.
+  ExtensionAPIPermissionSet apis;
+  URLPatternSet explicit_hosts;
+  URLPatternSet scriptable_hosts;
+
   // We keep this separate so that it can be used in logging.
   std::string id;
 

chrome/test/data/extensions/api_test/content_scripts/permissions/background.js

+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+var assertEq = chrome.test.assertEq;
+var assertTrue = chrome.test.assertTrue;
+var pass = chrome.test.callbackPass;
+var callbackFail = chrome.test.callbackFail;
+var listenForever = chrome.test.listenForever;
+
+var testTabId;
+var port;
+
+function testUrl(domain) {
+  return 'http://' + domain + ':' + port +
+      '/files/extensions/test_file.html';
+}
+
+function error(domain) {
+  return 'Cannot access contents of url "' + testUrl(domain) + '".' +
+    ' Extension manifest must request permission to access this host.';
+}
+
+// Creates a new tab, navigated to the specified |domain|.
+function createTestTab(domain, callback) {
+  var createdTabId = -1;
+  var done = listenForever(
+      chrome.tabs.onUpdated,
+      function(tabId, changeInfo, tab) {
+    if (tabId == createdTabId && changeInfo.status != 'loading') {
+      callback(tab);
+      done();
+    }
+  });
+
+  chrome.tabs.create({url: testUrl(domain)}, pass(function(tab) {
+    createdTabId = tab.id;
+  }));
+}
+
+chrome.test.getConfig(function(config) {
+  port = config.testServer.port;
+  chrome.test.runTests([
+
+    // Before enabling the optional host permission, we shouldn't be able to
+    // inject content scripts.
+    function noAccess() {
+      createTestTab('a.com', pass(function(tab) {
+        testTabId = tab.id;
+        chrome.tabs.executeScript(
+            tab.id, {code: 'document.title = "success"'},
+            callbackFail(error('a.com')));
+      }));
+    },
+
+    // Add the host permission and see if we can inject a content script into
+    // existing and new tabs.
+    function addPermission() {
+      chrome.permissions.request(
+          {origins: ["http://*/*"]},
+          pass(function(granted) {
+        assertTrue(granted);
+
+        // Try accessing the existing tab.
+        chrome.tabs.executeScript(
+            testTabId, {code: 'document.title = "success"'},
+            pass(function() {
+          chrome.tabs.get(testTabId, pass(function(tab) {
+            assertEq('success', tab.title);
+          }));
+        }));
+
+        // Make sure we can inject a script into a new tab with that host.
+        createTestTab('a.com', pass(function(tab) {
+          chrome.tabs.executeScript(
+              tab.id, {code: 'document.title = "success"'},
+              pass(function() {
+            chrome.tabs.get(tab.id, pass(function(tab) {
+              assertEq('success', tab.title);
+            }));
+          }));
+        }));
+      }));
+    },
+
+    // Try the host again, except outside of the permissions.request callback.
+    function sameHost() {
+      createTestTab('a.com', pass(function(tab) {
+        chrome.tabs.executeScript(
+            tab.id, {code: 'document.title = "success"'},
+            pass(function() {
+          chrome.tabs.get(tab.id, pass(function(tab) {
+            assertEq('success', tab.title);
+          }));
+        }));
+      }));
+    },
+
+    // Try injecting the script into a new tab with a new host.
+    function newHost() {
+      createTestTab('b.com', pass(function(tab) {
+        chrome.tabs.executeScript(
+            tab.id, {code: 'document.title = "success"'},
+            pass(function() {
+          chrome.tabs.get(tab.id, pass(function(tab) {
+            assertEq('success', tab.title);
+          }));
+        }));
+      }));
+    }
+  ]);
+});

chrome/test/data/extensions/api_test/content_scripts/permissions/manifest.json

+{
+  "name": "content_scripts/permissions",
+  "version": "1",
+  "manifest_version": 2,
+  "permissions": ["tabs"],
+  "optional_permissions": ["http://*/*"],
+  "background": { "scripts": ["background.js"] }
+}