// Copyright 2021 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "extensions/browser/permissions_manager.h" #include "base/memory/raw_ptr.h" #include "base/test/gtest_util.h" #include "base/test/scoped_feature_list.h" #include "extensions/browser/extension_prefs.h" #include "extensions/browser/extension_registry.h" #include "extensions/browser/extension_util.h" #include "extensions/browser/extensions_test.h" #include "extensions/browser/pref_types.h" #include "extensions/common/extension_builder.h" #include "extensions/common/extension_features.h" #include "extensions/common/permissions/permissions_data.h" #include "extensions/common/url_pattern_set.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" #include "url/origin.h" namespace { std::unique_ptr SetTestingPermissionsManager( content::BrowserContext* browser_context) { return std::make_unique(browser_context); } } // namespace namespace extensions { using UserSiteSetting = PermissionsManager::UserSiteSetting; using UserSiteAccess = PermissionsManager::UserSiteAccess; class PermissionsManagerUnittest : public ExtensionsTest { public: PermissionsManagerUnittest() = default; ~PermissionsManagerUnittest() override = default; PermissionsManagerUnittest(const PermissionsManagerUnittest&) = delete; PermissionsManagerUnittest& operator=(const PermissionsManagerUnittest&) = delete; scoped_refptr AddExtension(const std::string& name); scoped_refptr AddExtensionWithAPIPermission( const std::string& name, const std::string& permission); scoped_refptr AddExtensionWithHostPermission( const std::string& name, const std::string& host_permission); scoped_refptr AddExtensionWithActiveTab( const std::string& name); // Returns the restricted sites stored in `manager_`. std::set GetRestrictedSitesFromManager(); // Returns the permittes sites stored in `manager_`. std::set GetPermittedSitesFromManager(); // Returns the restricted sites stored in `extension_prefs_`. const base::Value* GetRestrictedSitesFromPrefs(); // Returns the permitted sites stored in `extension_prefs_`. const base::Value* GetPermittedSitesFromPrefs(); // Returns the restricted sites stored in `PermissionsData`. std::set GetRestrictedSitesFromPermissionsData(); // Returns the permitted sites stored in `PermissionsData`. std::set GetPermittedSitesFromPermissionsData(); protected: // ExtensionsTest: void SetUp() override; // PermissionsManager being tested. raw_ptr manager_; raw_ptr extension_prefs_; }; void PermissionsManagerUnittest::SetUp() { ExtensionsTest::SetUp(); manager_ = static_cast( PermissionsManager::GetFactory()->SetTestingFactoryAndUse( browser_context(), base::BindRepeating(&SetTestingPermissionsManager))); extension_prefs_ = ExtensionPrefs::Get(browser_context()); } scoped_refptr PermissionsManagerUnittest::AddExtension( const std::string& name) { return AddExtensionWithHostPermission(name, ""); } scoped_refptr PermissionsManagerUnittest::AddExtensionWithAPIPermission( const std::string& name, const std::string& permission) { scoped_refptr extension = extensions::ExtensionBuilder(name) .SetManifestVersion(3) .AddPermission(permission) .Build(); DCHECK(extension->permissions_data()->HasAPIPermission(permission)); ExtensionRegistryFactory::GetForBrowserContext(browser_context()) ->AddEnabled(extension); return extension; } scoped_refptr PermissionsManagerUnittest::AddExtensionWithHostPermission( const std::string& name, const std::string& host_permission) { scoped_refptr extension = extensions::ExtensionBuilder(name) .SetManifestVersion(3) .SetManifestKey("host_permissions", base::Value::List().Append(host_permission)) .Build(); ExtensionRegistryFactory::GetForBrowserContext(browser_context()) ->AddEnabled(extension); return extension; } scoped_refptr PermissionsManagerUnittest::AddExtensionWithActiveTab(const std::string& name) { return AddExtensionWithAPIPermission(name, "activeTab"); } const base::Value* PermissionsManagerUnittest::GetRestrictedSitesFromPrefs() { const base::Value::Dict& permissions = extension_prefs_->GetPrefAsDictionary(kUserPermissions); return permissions.Find("restricted_sites"); } const base::Value* PermissionsManagerUnittest::GetPermittedSitesFromPrefs() { const base::Value::Dict& permissions = extension_prefs_->GetPrefAsDictionary(kUserPermissions); return permissions.Find("permitted_sites"); } std::set PermissionsManagerUnittest::GetRestrictedSitesFromManager() { const PermissionsManager::UserPermissionsSettings& permissions = manager_->GetUserPermissionsSettings(); return permissions.restricted_sites; } std::set PermissionsManagerUnittest::GetPermittedSitesFromManager() { const PermissionsManager::UserPermissionsSettings& permissions = manager_->GetUserPermissionsSettings(); return permissions.permitted_sites; } std::set PermissionsManagerUnittest::GetRestrictedSitesFromPermissionsData() { std::set string_patterns; URLPatternSet patterns = PermissionsData::GetUserBlockedHosts( util::GetBrowserContextId(browser_context())); for (const auto& pattern : patterns) string_patterns.insert(pattern.GetAsString()); return string_patterns; } std::set PermissionsManagerUnittest::GetPermittedSitesFromPermissionsData() { std::set string_patterns; URLPatternSet patterns = PermissionsData::GetUserAllowedHosts( util::GetBrowserContextId(browser_context())); for (const auto& pattern : patterns) string_patterns.insert(pattern.GetAsString()); return string_patterns; } TEST_F(PermissionsManagerUnittest, AddAndRemoveRestrictedSite) { const url::Origin url = url::Origin::Create(GURL("http://a.example.com")); const std::string expected_url_pattern = "http://a.example.com/*"; std::set set_with_url; set_with_url.insert(url); base::Value::List value_with_url; value_with_url.Append(url.Serialize()); // Verify the restricted sites list is empty. EXPECT_EQ(GetRestrictedSitesFromManager(), std::set()); EXPECT_EQ(GetRestrictedSitesFromPrefs(), nullptr); EXPECT_THAT(GetRestrictedSitesFromPermissionsData(), testing::IsEmpty()); EXPECT_EQ(manager_->GetUserSiteSetting(url), UserSiteSetting::kCustomizeByExtension); // Add `url` to restricted sites. Verify the site is stored both in manager // and prefs restricted sites. manager_->AddUserRestrictedSite(url); EXPECT_EQ(GetRestrictedSitesFromManager(), set_with_url); EXPECT_EQ(*GetRestrictedSitesFromPrefs(), value_with_url); EXPECT_THAT(GetRestrictedSitesFromPermissionsData(), testing::UnorderedElementsAre(expected_url_pattern)); EXPECT_EQ(manager_->GetUserSiteSetting(url), UserSiteSetting::kBlockAllExtensions); // Adding an existent restricted site. Verify the entry is not duplicated. manager_->AddUserRestrictedSite(url); EXPECT_EQ(GetRestrictedSitesFromManager(), set_with_url); EXPECT_EQ(*GetRestrictedSitesFromPrefs(), value_with_url); EXPECT_THAT(GetRestrictedSitesFromPermissionsData(), testing::UnorderedElementsAre(expected_url_pattern)); // Remove `url` from restricted sites. Verify the site is removed from both // manager and prefs restricted sites. manager_->RemoveUserRestrictedSite(url); EXPECT_EQ(GetRestrictedSitesFromManager(), std::set()); EXPECT_EQ(*GetRestrictedSitesFromPrefs(), base::Value(base::Value::Type::LIST)); EXPECT_THAT(GetRestrictedSitesFromPermissionsData(), testing::IsEmpty()); EXPECT_EQ(manager_->GetUserSiteSetting(url), UserSiteSetting::kCustomizeByExtension); } TEST_F(PermissionsManagerUnittest, AddAndRemovePermittedSite) { // Verify the permitted sites list is empty. EXPECT_EQ(GetPermittedSitesFromManager(), std::set()); EXPECT_EQ(GetPermittedSitesFromPrefs(), nullptr); EXPECT_THAT(GetPermittedSitesFromPermissionsData(), testing::IsEmpty()); // Adding or removing a permitted site is only supported when // kExtensionsMenuAccessControlWithPermittedSites is enabled. const url::Origin url = url::Origin::Create(GURL("http://a.example.com")); EXPECT_DCHECK_DEATH(manager_->AddUserPermittedSite(url)); EXPECT_DCHECK_DEATH(manager_->RemoveUserPermittedSite(url)); } TEST_F(PermissionsManagerUnittest, UpdateUserSiteSetting) { const url::Origin url = url::Origin::Create(GURL("http://a.example.com")); std::set empty_set; std::set set_with_url; set_with_url.insert(url); { // Granting all extensions is only supported when // kExtensionsMenuAccessControlWithPermittedSites flag is enabled. EXPECT_DCHECK_DEATH(manager_->UpdateUserSiteSetting( url, PermissionsManager::UserSiteSetting::kGrantAllExtensions)); } { manager_->UpdateUserSiteSetting( url, PermissionsManager::UserSiteSetting::kBlockAllExtensions); const PermissionsManager::UserPermissionsSettings& actual_permissions = manager_->GetUserPermissionsSettings(); EXPECT_EQ(actual_permissions.restricted_sites, set_with_url); EXPECT_EQ(actual_permissions.permitted_sites, empty_set); EXPECT_EQ(manager_->GetUserSiteSetting(url), PermissionsManager::UserSiteSetting::kBlockAllExtensions); } { manager_->UpdateUserSiteSetting( url, PermissionsManager::UserSiteSetting::kCustomizeByExtension); const PermissionsManager::UserPermissionsSettings& actual_permissions = manager_->GetUserPermissionsSettings(); EXPECT_EQ(actual_permissions.restricted_sites, empty_set); EXPECT_EQ(actual_permissions.permitted_sites, empty_set); EXPECT_EQ(manager_->GetUserSiteSetting(url), PermissionsManager::UserSiteSetting::kCustomizeByExtension); } } TEST_F(PermissionsManagerUnittest, GetSiteAccess_AllUrls) { auto extension = AddExtensionWithHostPermission("AllUrls Extension", ""); const GURL non_restricted_url("https://www.non-restricted.com"); { const PermissionsManager::ExtensionSiteAccess site_access = manager_->GetSiteAccess(*extension, non_restricted_url); EXPECT_TRUE(site_access.has_site_access); EXPECT_FALSE(site_access.withheld_site_access); EXPECT_TRUE(site_access.has_all_sites_access); EXPECT_FALSE(site_access.withheld_all_sites_access); } // Chrome pages should be restricted, and the extension shouldn't have grant // or withheld site access. const GURL restricted_url("chrome://extensions"); { const PermissionsManager::ExtensionSiteAccess site_access = manager_->GetSiteAccess(*extension, restricted_url); EXPECT_FALSE(site_access.has_site_access); EXPECT_FALSE(site_access.withheld_site_access); EXPECT_TRUE(site_access.has_all_sites_access); EXPECT_FALSE(site_access.withheld_all_sites_access); } } TEST_F(PermissionsManagerUnittest, GetSiteAccess_RequestedUrl) { auto extension = AddExtensionWithHostPermission("RequestedUrl Extension", "*://*.requested.com/*"); const GURL requested_url("https://www.requested.com"); { const PermissionsManager::ExtensionSiteAccess site_access = manager_->GetSiteAccess(*extension, requested_url); EXPECT_TRUE(site_access.has_site_access); EXPECT_FALSE(site_access.withheld_site_access); EXPECT_FALSE(site_access.has_all_sites_access); EXPECT_FALSE(site_access.withheld_all_sites_access); } const GURL non_requested_url("https://non-requested.com"); { const PermissionsManager::ExtensionSiteAccess site_access = manager_->GetSiteAccess(*extension, non_requested_url); EXPECT_FALSE(site_access.has_site_access); EXPECT_FALSE(site_access.withheld_site_access); EXPECT_FALSE(site_access.has_all_sites_access); EXPECT_FALSE(site_access.withheld_all_sites_access); } } // Tests that for the purposes of displaying an extension's site access to the // user (or granting/revoking permissions), we ignore paths in the URL. We // always strip the path from host permissions directly, but we don't strip the // path from content scripts. TEST_F(PermissionsManagerUnittest, GetSiteAccess_ContentScript_RequestedUrlWithPath) { scoped_refptr extension = ExtensionBuilder("extension") .AddContentScript("foo.js", {"https://www.example.com/foo"}) .SetLocation(mojom::ManifestLocation::kInternal) .Build(); ExtensionRegistryFactory::GetForBrowserContext(browser_context()) ->AddEnabled(extension); const GURL other_path_url("https://www.example.com/bar"); { const PermissionsManager::ExtensionSiteAccess site_access = manager_->GetSiteAccess(*extension, other_path_url); // Even though the path doesn't match the one requested, the domain does // match and thus we treat it as if the site was requested. EXPECT_TRUE(site_access.has_site_access); EXPECT_FALSE(site_access.withheld_site_access); EXPECT_FALSE(site_access.has_all_sites_access); EXPECT_FALSE(site_access.withheld_all_sites_access); } } TEST_F(PermissionsManagerUnittest, GetSiteAccess_ActiveTab) { auto extension = AddExtensionWithActiveTab("ActiveTab Extension"); const GURL url("https://example.com"); { const PermissionsManager::ExtensionSiteAccess site_access = manager_->GetSiteAccess(*extension, url); // The site access computation does not take into account active tab, and // therefore it does not have or withheld any access. EXPECT_FALSE(site_access.has_site_access); EXPECT_FALSE(site_access.withheld_site_access); EXPECT_FALSE(site_access.has_all_sites_access); EXPECT_FALSE(site_access.withheld_all_sites_access); } } TEST_F(PermissionsManagerUnittest, GetSiteAccess_NoHostPermissions) { auto extension = AddExtension("Test"); const GURL url("https://example.com"); { const PermissionsManager::ExtensionSiteAccess site_access = manager_->GetSiteAccess(*extension, url); // The site access computation does not take into account active tab, and // therefore it does not have or withheld any access. EXPECT_FALSE(site_access.has_site_access); EXPECT_FALSE(site_access.withheld_site_access); EXPECT_FALSE(site_access.has_all_sites_access); EXPECT_FALSE(site_access.withheld_all_sites_access); } } TEST_F(PermissionsManagerUnittest, CanAffectExtension_ByLocation) { struct { mojom::ManifestLocation location; bool can_be_affected; } test_cases[] = { {mojom::ManifestLocation::kInternal, true}, {mojom::ManifestLocation::kExternalPref, true}, {mojom::ManifestLocation::kUnpacked, true}, {mojom::ManifestLocation::kExternalPolicyDownload, false}, {mojom::ManifestLocation::kComponent, false}, }; for (const auto& test_case : test_cases) { scoped_refptr extension = ExtensionBuilder("test") .SetLocation(test_case.location) .AddPermission("") .Build(); EXPECT_EQ(manager_->CanAffectExtension(*extension), test_case.can_be_affected) << test_case.location; } } TEST_F(PermissionsManagerUnittest, CanUserSelectSiteAccess_AllUrls) { auto extension = AddExtensionWithHostPermission("AllUrls Extension", ""); // Verify "on click", "on site" and "on all sites" site access can be selected // for a non-restricted url. const GURL url("http://www.example.com"); EXPECT_TRUE(manager_->CanUserSelectSiteAccess(*extension, url, UserSiteAccess::kOnClick)); EXPECT_TRUE(manager_->CanUserSelectSiteAccess(*extension, url, UserSiteAccess::kOnSite)); EXPECT_TRUE(manager_->CanUserSelectSiteAccess(*extension, url, UserSiteAccess::kOnAllSites)); // Verify "on click", "on site" and "on all sites" cannot be selected for a // restricted url. const GURL chrome_url("chrome://settings"); EXPECT_FALSE(manager_->CanUserSelectSiteAccess(*extension, chrome_url, UserSiteAccess::kOnClick)); EXPECT_FALSE(manager_->CanUserSelectSiteAccess(*extension, chrome_url, UserSiteAccess::kOnSite)); EXPECT_FALSE(manager_->CanUserSelectSiteAccess(*extension, chrome_url, UserSiteAccess::kOnAllSites)); } TEST_F(PermissionsManagerUnittest, CanUserSelectSiteAccess_SpecificUrl) { const GURL url_a("http://www.a.com"); auto extension = AddExtensionWithHostPermission("A Extension", url_a.spec()); // Verify "on click" and "on site" can be selected for the specific url, but // "on all sites" cannot be selected. EXPECT_TRUE(manager_->CanUserSelectSiteAccess(*extension, url_a, UserSiteAccess::kOnClick)); EXPECT_TRUE(manager_->CanUserSelectSiteAccess(*extension, url_a, UserSiteAccess::kOnSite)); EXPECT_FALSE(manager_->CanUserSelectSiteAccess(*extension, url_a, UserSiteAccess::kOnAllSites)); // Verify "on click", "on site" and "on all sites" cannot be selected for any // other url. const GURL url_b("http://www.b.com"); EXPECT_FALSE(manager_->CanUserSelectSiteAccess(*extension, url_b, UserSiteAccess::kOnClick)); EXPECT_FALSE(manager_->CanUserSelectSiteAccess(*extension, url_b, UserSiteAccess::kOnSite)); EXPECT_FALSE(manager_->CanUserSelectSiteAccess(*extension, url_b, UserSiteAccess::kOnAllSites)); } TEST_F(PermissionsManagerUnittest, CanUserSelectSiteAccess_NoHostPermissions) { auto extension = AddExtension("Extension"); // Verify "on click", "on site" and "on all sites" cannot be selected for any // url. const GURL url("http://www.example.com"); EXPECT_FALSE(manager_->CanUserSelectSiteAccess(*extension, url, UserSiteAccess::kOnClick)); EXPECT_FALSE(manager_->CanUserSelectSiteAccess(*extension, url, UserSiteAccess::kOnSite)); EXPECT_FALSE(manager_->CanUserSelectSiteAccess(*extension, url, UserSiteAccess::kOnAllSites)); } TEST_F(PermissionsManagerUnittest, CanUserSelectSiteAccess_ActiveTab) { auto extension = AddExtensionWithActiveTab("ActiveTab Extension"); // Verify "on click" can be selected for the specific url, but "on site" and // "on all sites" cannot be selected. const GURL url("http://www.example.com"); EXPECT_TRUE(manager_->CanUserSelectSiteAccess(*extension, url, UserSiteAccess::kOnClick)); EXPECT_FALSE(manager_->CanUserSelectSiteAccess(*extension, url, UserSiteAccess::kOnSite)); EXPECT_FALSE(manager_->CanUserSelectSiteAccess(*extension, url, UserSiteAccess::kOnAllSites)); } TEST_F(PermissionsManagerUnittest, ExtensionRequestsHostPermissionsOrActiveTab) { auto no_permissions_extension = AddExtension("Extension"); auto dnr_extension = AddExtensionWithAPIPermission("DNR extension", "declarativeNetRequest"); auto active_tab_extension = AddExtensionWithActiveTab("ActiveTab Extension"); auto host_permissions_extension = AddExtensionWithHostPermission( "RequestedUrl Extension", "*://*.requested.com/*"); // Verify that ExtensionRequestsHostPermissionsOrActiveTab returns true only // for extensions that explicitly request host permissions or activeTab. EXPECT_FALSE(manager_->ExtensionRequestsHostPermissionsOrActiveTab( *no_permissions_extension)); EXPECT_FALSE( manager_->ExtensionRequestsHostPermissionsOrActiveTab(*dnr_extension)); EXPECT_TRUE(manager_->ExtensionRequestsHostPermissionsOrActiveTab( *active_tab_extension)); EXPECT_TRUE(manager_->ExtensionRequestsHostPermissionsOrActiveTab( *host_permissions_extension)); } class PermissionsManagerWithPermittedSitesUnitTest : public PermissionsManagerUnittest { public: PermissionsManagerWithPermittedSitesUnitTest(); PermissionsManagerWithPermittedSitesUnitTest( const PermissionsManagerWithPermittedSitesUnitTest&) = delete; const PermissionsManagerWithPermittedSitesUnitTest& operator=( const PermissionsManagerWithPermittedSitesUnitTest&) = delete; ~PermissionsManagerWithPermittedSitesUnitTest() override = default; private: base::test::ScopedFeatureList feature_list_; }; PermissionsManagerWithPermittedSitesUnitTest:: PermissionsManagerWithPermittedSitesUnitTest() { feature_list_.InitAndEnableFeature( extensions_features::kExtensionsMenuAccessControlWithPermittedSites); } TEST_F(PermissionsManagerWithPermittedSitesUnitTest, AddAndRemovePermittedSite) { const url::Origin url = url::Origin::Create(GURL("http://a.example.com")); const std::string expected_url_pattern = "http://a.example.com/*"; std::set set_with_url; set_with_url.insert(url); base::Value::List value_with_url; value_with_url.Append(url.Serialize()); // Verify the permitted sites list is empty. EXPECT_EQ(GetPermittedSitesFromManager(), std::set()); EXPECT_EQ(GetPermittedSitesFromPrefs(), nullptr); EXPECT_THAT(GetPermittedSitesFromPermissionsData(), testing::IsEmpty()); EXPECT_EQ(manager_->GetUserSiteSetting(url), PermissionsManager::UserSiteSetting::kCustomizeByExtension); manager_->AddUserPermittedSite(url); // Verify the site is stored both in manager and prefs permitted sites. EXPECT_EQ(GetPermittedSitesFromManager(), set_with_url); EXPECT_EQ(*GetPermittedSitesFromPrefs(), value_with_url); EXPECT_THAT(GetPermittedSitesFromPermissionsData(), testing::UnorderedElementsAre(expected_url_pattern)); EXPECT_EQ(manager_->GetUserSiteSetting(url), PermissionsManager::UserSiteSetting::kGrantAllExtensions); // Adding an existent permitted site. manager_->AddUserPermittedSite(url); // Verify the entry is not duplicated. EXPECT_EQ(GetPermittedSitesFromManager(), set_with_url); EXPECT_EQ(*GetPermittedSitesFromPrefs(), value_with_url); EXPECT_THAT(GetPermittedSitesFromPermissionsData(), testing::UnorderedElementsAre(expected_url_pattern)); // Remove `url` from permitted sites. Verify the site is removed from both // manager and prefs permitted sites. manager_->RemoveUserPermittedSite(url); EXPECT_EQ(GetPermittedSitesFromManager(), std::set()); EXPECT_EQ(*GetPermittedSitesFromPrefs(), base::Value(base::Value::Type::LIST)); EXPECT_THAT(GetPermittedSitesFromPermissionsData(), testing::IsEmpty()); EXPECT_EQ(manager_->GetUserSiteSetting(url), PermissionsManager::UserSiteSetting::kCustomizeByExtension); } TEST_F(PermissionsManagerWithPermittedSitesUnitTest, GrantAllExtensionsAccess) { const url::Origin url = url::Origin::Create(GURL("http://a.example.com")); std::set empty_set; std::set set_with_url; set_with_url.insert(url); manager_->UpdateUserSiteSetting( url, PermissionsManager::UserSiteSetting::kGrantAllExtensions); const PermissionsManager::UserPermissionsSettings& actual_permissions = manager_->GetUserPermissionsSettings(); EXPECT_EQ(actual_permissions.restricted_sites, empty_set); EXPECT_EQ(actual_permissions.permitted_sites, set_with_url); EXPECT_EQ(manager_->GetUserSiteSetting(url), PermissionsManager::UserSiteSetting::kGrantAllExtensions); } TEST_F(PermissionsManagerWithPermittedSitesUnitTest, RestrictedAndPermittedSitesAreMutuallyExclusive) { const url::Origin url = url::Origin::Create(GURL("http://a.example.com")); std::set empty_set; std::set set_with_url; set_with_url.insert(url); { manager_->AddUserRestrictedSite(url); const PermissionsManager::UserPermissionsSettings& actual_permissions = manager_->GetUserPermissionsSettings(); EXPECT_EQ(actual_permissions.restricted_sites, set_with_url); EXPECT_EQ(actual_permissions.permitted_sites, empty_set); EXPECT_EQ(manager_->GetUserSiteSetting(url), PermissionsManager::UserSiteSetting::kBlockAllExtensions); } { // Adding an url to the permitted sites that is already in the restricted // sites should remove it from restricted sites and add it to permitted // sites. manager_->AddUserPermittedSite(url); const PermissionsManager::UserPermissionsSettings& actual_permissions = manager_->GetUserPermissionsSettings(); EXPECT_EQ(actual_permissions.restricted_sites, empty_set); EXPECT_EQ(actual_permissions.permitted_sites, set_with_url); EXPECT_EQ(manager_->GetUserSiteSetting(url), PermissionsManager::UserSiteSetting::kGrantAllExtensions); } { // Adding an url to the restricted sites that is already in the permitted // sites should remove it from permitted sites and add it to restricted // sites. manager_->AddUserRestrictedSite(url); const PermissionsManager::UserPermissionsSettings& actual_permissions = manager_->GetUserPermissionsSettings(); EXPECT_EQ(actual_permissions.restricted_sites, set_with_url); EXPECT_EQ(actual_permissions.permitted_sites, empty_set); EXPECT_EQ(manager_->GetUserSiteSetting(url), PermissionsManager::UserSiteSetting::kBlockAllExtensions); } } } // namespace extensions