commit 0203be4af060be6e50ced42d50590f2b2ad0aa39
author Nick Peterson <nrpeter@google.com> Wed Jul 19 00:25:14 2017
committer Commit Bot <commit-bot@chromium.org> Wed Jul 19 00:25:14 2017
tree 2fb08d10df53cf88aa7b22903fa661681018a84e
parent b5b55e3f2de94682b20407e0a699a8fa27c31832

Prevent revocation of active permissions for components when ExtensionSettings policy updates.

Bug: 746017
Change-Id: Ie5d523be0d14323d6fb0e55eaf19efd196b8e100
Reviewed-on: https://chromium-review.googlesource.com/576514
Reviewed-by: Istiaque Ahmed <lazyboy@chromium.org>
Commit-Queue: Nick Peterson <nrpeter@google.com>
Cr-Commit-Position: refs/heads/master@{#487686}

chrome/browser/extensions/extension_service_unittest.cc

diff --git a/chrome/browser/extensions/extension_service_unittest.cc b/chrome/browser/extensions/extension_service_unittest.cc
index e154c55..5572d58 100644
--- a/chrome/browser/extensions/extension_service_unittest.cc
+++ b/chrome/browser/extensions/extension_service_unittest.cc
@@ -3640,6 +3640,45 @@
   EXPECT_TRUE(service()->GetExtensionById(good0, false));
 }
 
+// Tests that active permissions are not revoked from component extensions
+// by policy when the policy is updated. https://crbug.com/746017.
+TEST_F(ExtensionServiceTest, ComponentExtensionWhitelistedPermission) {
+  InitializeEmptyExtensionServiceWithTestingPrefs();
+
+  // Install a component extension.
+  base::FilePath path = data_dir()
+                            .AppendASCII("good")
+                            .AppendASCII("Extensions")
+                            .AppendASCII(good0)
+                            .AppendASCII("1.0.0.0");
+  std::string manifest;
+  ASSERT_TRUE(base::ReadFileToString(path.Append(extensions::kManifestFilename),
+                                     &manifest));
+  service()->component_loader()->Add(manifest, path);
+  service()->Init();
+
+  // Extension should have the "tabs" permission.
+  EXPECT_TRUE(service()
+                  ->GetExtensionById(good0, false)
+                  ->permissions_data()
+                  ->active_permissions()
+                  .HasAPIPermission(extensions::APIPermission::kTab));
+
+  // Component should not lose permissions on policy change.
+  {
+    ManagementPrefUpdater pref(profile_->GetTestingPrefService());
+    pref.AddBlockedPermission(good0, "tabs");
+  }
+
+  service()->OnExtensionManagementSettingsChanged();
+  content::RunAllBlockingPoolTasksUntilIdle();
+  EXPECT_TRUE(service()
+                  ->GetExtensionById(good0, false)
+                  ->permissions_data()
+                  ->active_permissions()
+                  .HasAPIPermission(extensions::APIPermission::kTab));
+}
+
 // Tests that policy-installed extensions are not blacklisted by policy.
 TEST_F(ExtensionServiceTest, PolicyInstalledExtensionsWhitelisted) {
   InitializeEmptyExtensionServiceWithTestingPrefs();