Sockets host patterns can be a single entry or an array of entries.

Add more unit tests.

BUG=

Review URL: https://codereview.chromium.org/74393002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@235897 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 351 insertions, 112 deletions

diff --git a/chrome/common/extensions/api/manifest_types.json b/chrome/common/extensions/api/manifest_types.json
index fc8592e..3e65db9 100644
--- a/chrome/common/extensions/api/manifest_types.json
+++ b/chrome/common/extensions/api/manifest_types.json
@@ -129,6 +129,14 @@
         }
       },
       {
+        "id": "SocketHostPatterns",
+        "description": "<p>A single string or a list of strings representing host:port patterns.</p>",
+        "choices": [
+          { "type": "string" },
+          { "type": "array", "items": { "type": "string" } }
+        ]
+      },
+      {
         "id": "sockets",
         "type": "object",
         "description": "The <code>sockets</code> manifest property declares which sockets operations an app can issue.",
@@ -141,17 +149,17 @@
               "bind": {
                 "description": "<p>The host:port pattern for <code>bind</code> operations.</p>",
                 "optional": true,
-                "type": "string"
+                "$ref": "SocketHostPatterns"
               },
               "send": {
                 "description": "<p>The host:port pattern for <code>send</code> operations.</p>",
                 "optional": true,
-                "type": "string"
+                "$ref": "SocketHostPatterns"
               },
               "multicastMembership": {
                 "description": "<p>The host:port pattern for <code>joinGroup</code> operations.</p>",
                 "optional": true,
-                "type": "string"
+                "$ref": "SocketHostPatterns"
               }
             }
           },
@@ -163,7 +171,7 @@
               "connect": {
                 "description": "<p>The host:port pattern for <code>connect</code> operations.</p>",
                 "optional": true,
-                "type": "string"
+                "$ref": "SocketHostPatterns"
               }
             }
           },
@@ -175,7 +183,7 @@
               "listen": {
                 "description": "<p>The host:port pattern for <code>listen</code> operations.</p>",
                 "optional": true,
-                "type": "string"
+                "$ref": "SocketHostPatterns"
               }
             }
           }
diff --git a/chrome/common/extensions/api/sockets/sockets_manifest_permission.cc b/chrome/common/extensions/api/sockets/sockets_manifest_permission.cc
index b654d38..4134495 100644
--- a/chrome/common/extensions/api/sockets/sockets_manifest_permission.cc
+++ b/chrome/common/extensions/api/sockets/sockets_manifest_permission.cc
@@ -24,8 +24,80 @@ const char kErrorInvalidHostPattern[] = "Invalid host:port pattern '*'";
 
 namespace errors = sockets_errors;
 using api::manifest_types::Sockets;
+using api::manifest_types::SocketHostPatterns;
 using content::SocketPermissionRequest;
 
+namespace  {
+
+static bool ParseHostPattern(
+    SocketsManifestPermission* permission,
+    content::SocketPermissionRequest::OperationType operation_type,
+    const std::string& host_pattern,
+    string16* error) {
+  SocketPermissionEntry entry;
+  if (!SocketPermissionEntry::ParseHostPattern(
+        operation_type, host_pattern, &entry)) {
+    *error = ErrorUtils::FormatErrorMessageUTF16(
+        errors::kErrorInvalidHostPattern, host_pattern);
+    return false;
+  }
+  permission->AddPermission(entry);
+  return true;
+}
+
+static bool ParseHostPatterns(
+    SocketsManifestPermission* permission,
+    content::SocketPermissionRequest::OperationType operation_type,
+    const scoped_ptr<SocketHostPatterns>& host_patterns,
+    string16* error) {
+  if (!host_patterns)
+    return true;
+
+  if (host_patterns->as_string) {
+    return ParseHostPattern(permission, operation_type,
+                            *host_patterns->as_string, error);
+  }
+
+  CHECK(host_patterns->as_strings);
+  for (std::vector<std::string>::const_iterator it =
+      host_patterns->as_strings->begin();
+      it != host_patterns->as_strings->end(); ++it) {
+    if (!ParseHostPattern(permission, operation_type, *it, error)) {
+      return false;
+    }
+  }
+  return true;
+}
+
+static void SetHostPatterns(
+    scoped_ptr<SocketHostPatterns>& host_patterns,
+    const SocketsManifestPermission* permission,
+    content::SocketPermissionRequest::OperationType operation_type) {
+  host_patterns.reset(new SocketHostPatterns());
+  host_patterns->as_strings.reset(new std::vector<std::string>());
+  for (SocketsManifestPermission::SocketPermissionEntrySet::const_iterator it =
+      permission->entries().begin(); it != permission->entries().end() ; ++it) {
+    if (it->pattern().type == operation_type) {
+      host_patterns->as_strings->push_back(it->GetHostPatternAsString());
+      break;
+    }
+  }
+}
+
+static SocketsManifestPermission::PermissionKind HasOperationType(
+    const SocketsManifestPermission::SocketPermissionEntrySet& set,
+    SocketPermissionRequest::OperationType operation_type,
+    SocketsManifestPermission::PermissionKind kind) {
+  for (SocketsManifestPermission::SocketPermissionEntrySet::const_iterator
+      it = set.begin(); it != set.end() ; ++it) {
+    if (it->pattern().type == operation_type)
+      return kind;
+  }
+  return SocketsManifestPermission::kNone;
+}
+
+}  // namespace
+
 SocketsManifestPermission::SocketsManifestPermission()
     : kinds_(kNone) {
 }
@@ -43,40 +115,40 @@ scoped_ptr<SocketsManifestPermission> SocketsManifestPermission::FromValue(
   scoped_ptr<SocketsManifestPermission> result(new SocketsManifestPermission());
   if (sockets->udp) {
     result->kinds_ |= kUdpPermission;
-    if (!ParseHostPattern(result.get(),
-                          SocketPermissionRequest::UDP_BIND,
-                          sockets->udp->bind,
-                          error)) {
+    if (!ParseHostPatterns(result.get(),
+                           SocketPermissionRequest::UDP_BIND,
+                           sockets->udp->bind,
+                           error)) {
       return scoped_ptr<SocketsManifestPermission>();
     }
-    if (!ParseHostPattern(result.get(),
-                          SocketPermissionRequest::UDP_SEND_TO,
-                          sockets->udp->send,
-                          error)) {
+    if (!ParseHostPatterns(result.get(),
+                           SocketPermissionRequest::UDP_SEND_TO,
+                           sockets->udp->send,
+                           error)) {
       return scoped_ptr<SocketsManifestPermission>();
     }
-    if (!ParseHostPattern(result.get(),
-                          SocketPermissionRequest::UDP_MULTICAST_MEMBERSHIP,
-                          sockets->udp->multicast_membership,
-                          error)) {
+    if (!ParseHostPatterns(result.get(),
+                           SocketPermissionRequest::UDP_MULTICAST_MEMBERSHIP,
+                           sockets->udp->multicast_membership,
+                           error)) {
       return scoped_ptr<SocketsManifestPermission>();
     }
   }
   if (sockets->tcp) {
     result->kinds_ |= kTcpPermission;
-    if (!ParseHostPattern(result.get(),
-                          SocketPermissionRequest::TCP_CONNECT,
-                          sockets->tcp->connect,
-                          error)) {
+    if (!ParseHostPatterns(result.get(),
+                           SocketPermissionRequest::TCP_CONNECT,
+                           sockets->tcp->connect,
+                           error)) {
       return scoped_ptr<SocketsManifestPermission>();
     }
   }
   if (sockets->tcp_server) {
     result->kinds_ |= kTcpServerPermission;
-    if (!ParseHostPattern(result.get(),
-                          SocketPermissionRequest::TCP_LISTEN,
-                          sockets->tcp_server->listen,
-                          error)) {
+    if (!ParseHostPatterns(result.get(),
+                           SocketPermissionRequest::TCP_LISTEN,
+                           sockets->tcp_server->listen,
+                           error)) {
       return scoped_ptr<SocketsManifestPermission>();
     }
   }
@@ -138,20 +210,22 @@ scoped_ptr<base::Value> SocketsManifestPermission::ToValue() const {
   Sockets sockets;
   if (has_udp()) {
     sockets.udp.reset(new Sockets::Udp());
-    sockets.udp->bind = CreateHostPattern(SocketPermissionRequest::UDP_BIND);
-    sockets.udp->send = CreateHostPattern(SocketPermissionRequest::UDP_SEND_TO);
-    sockets.udp->multicast_membership =
-        CreateHostPattern(SocketPermissionRequest::UDP_MULTICAST_MEMBERSHIP);
+    SetHostPatterns(sockets.udp->bind, this,
+                    SocketPermissionRequest::UDP_BIND);
+    SetHostPatterns(sockets.udp->send, this,
+                    SocketPermissionRequest::UDP_SEND_TO);
+    SetHostPatterns(sockets.udp->multicast_membership, this,
+                    SocketPermissionRequest::UDP_MULTICAST_MEMBERSHIP);
   }
   if (has_tcp()) {
     sockets.tcp.reset(new Sockets::Tcp());
-    sockets.tcp->connect =
-        CreateHostPattern(SocketPermissionRequest::TCP_CONNECT);
+    SetHostPatterns(sockets.tcp->connect, this,
+                    SocketPermissionRequest::TCP_CONNECT);
   }
   if (has_tcp_server()) {
     sockets.tcp_server.reset(new Sockets::TcpServer());
-    sockets.tcp_server->listen =
-        CreateHostPattern(SocketPermissionRequest::TCP_LISTEN);
+    SetHostPatterns(sockets.tcp_server->listen, this,
+                    SocketPermissionRequest::TCP_LISTEN);
   }
 
   return scoped_ptr<base::Value>(sockets.ToValue().release()).Pass();
@@ -259,52 +333,6 @@ void SocketsManifestPermission::Log(std::string* log) const {
   IPC::LogParam(kinds_, log);
 }
 
-// static
-bool SocketsManifestPermission::ParseHostPattern(
-    SocketsManifestPermission* manifest_data,
-    SocketPermissionRequest::OperationType operation_type,
-    const scoped_ptr<std::string>& value,
-    string16* error) {
-  if (value) {
-    SocketPermissionEntry entry;
-    if (!SocketPermissionEntry::ParseHostPattern(
-          operation_type, *value, &entry)) {
-      *error = ErrorUtils::FormatErrorMessageUTF16(
-          errors::kErrorInvalidHostPattern, *value);
-      return false;
-    }
-    manifest_data->AddPermission(entry);
-  }
-  return true;
-}
-
-// static
-SocketsManifestPermission::PermissionKind SocketsManifestPermission::
-    HasOperationType(const SocketPermissionEntrySet& set,
-                     SocketPermissionRequest::OperationType operation_type,
-                     PermissionKind kind) {
-  for (SocketPermissionEntrySet::const_iterator it = set.begin();
-      it != set.end() ; ++it) {
-    if (it->pattern().type == operation_type)
-      return kind;
-  }
-  return kNone;
-}
-
-
-scoped_ptr<std::string> SocketsManifestPermission::CreateHostPattern(
-    SocketPermissionRequest::OperationType operation_type) const {
-  scoped_ptr<std::string> result;
-  for (SocketPermissionEntrySet::const_iterator it =
-        entries().begin(); it != entries().end() ; ++it) {
-    if (it->pattern().type == operation_type) {
-      result.reset(new std::string(it->GetHostPatternAsString()));
-      break;
-    }
-  }
-  return result.Pass();
-}
-
 void SocketsManifestPermission::AddPermission(
     const SocketPermissionEntry& entry) {
   permissions_.insert(entry);
diff --git a/chrome/common/extensions/api/sockets/sockets_manifest_permission.h b/chrome/common/extensions/api/sockets/sockets_manifest_permission.h
index ca65b0f..d9003b6 100644
--- a/chrome/common/extensions/api/sockets/sockets_manifest_permission.h
+++ b/chrome/common/extensions/api/sockets/sockets_manifest_permission.h
@@ -44,6 +44,8 @@ class SocketsManifestPermission : public ManifestPermission {
   bool CheckRequest(const Extension* extension,
                     const content::SocketPermissionRequest& request) const;
 
+  void AddPermission(const SocketPermissionEntry& entry);
+
   // extensions::ManifestPermission overrides.
   virtual std::string name() const OVERRIDE;
   virtual std::string id() const OVERRIDE;
@@ -70,22 +72,6 @@ class SocketsManifestPermission : public ManifestPermission {
   const SocketPermissionEntrySet& entries() const { return permissions_; }
 
  private:
-  static bool ParseHostPattern(
-      SocketsManifestPermission* manifest_data,
-      content::SocketPermissionRequest::OperationType operation_type,
-      const scoped_ptr<std::string>& value,
-      string16* error);
-
-  static PermissionKind HasOperationType(
-      const SocketPermissionEntrySet& set,
-      content::SocketPermissionRequest::OperationType operation_type,
-      PermissionKind kind);
-
-  scoped_ptr<std::string> CreateHostPattern(
-    content::SocketPermissionRequest::OperationType operation_type) const;
-
-  void AddPermission(const SocketPermissionEntry& entry);
-
   bool AddAnyHostMessage(PermissionMessages& messages) const;
   void AddSubdomainHostMessage(PermissionMessages& messages) const;
   void AddSpecificHostMessage(PermissionMessages& messages) const;
diff --git a/chrome/common/extensions/api/sockets/sockets_manifest_permission_unittest.cc b/chrome/common/extensions/api/sockets/sockets_manifest_permission_unittest.cc
index 67ece853..f5e5249 100644
--- a/chrome/common/extensions/api/sockets/sockets_manifest_permission_unittest.cc
+++ b/chrome/common/extensions/api/sockets/sockets_manifest_permission_unittest.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <set>
+
 #include "base/json/json_reader.h"
 #include "base/pickle.h"
 #include "base/values.h"
@@ -11,10 +13,24 @@
 #include "ipc/ipc_message.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
+using content::SocketPermissionRequest;
+
 namespace extensions {
 
 namespace {
 
+const char kUdpBindPermission[]=
+    "{ \"udp\": { \"bind\": \"127.0.0.1:3007\" } }";
+
+const char kUdpSendPermission[]=
+    "{ \"udp\": { \"send\": \"\" } }";
+
+const char kTcpConnectPermission[]=
+    "{ \"tcp\": { \"connect\": \"127.0.0.1:80\" } }";
+
+const char kTcpServerListenPermission[]=
+    "{ \"tcpServer\": { \"listen\": \"127.0.0.1:80\" } }";
+
 static void AssertEmptyPermission(const SocketsManifestPermission* permission) {
   EXPECT_TRUE(permission);
   EXPECT_EQ(std::string(extensions::manifest_keys::kSockets), permission->id());
@@ -23,6 +39,125 @@ static void AssertEmptyPermission(const SocketsManifestPermission* permission) {
   EXPECT_EQ(0u, permission->entries().size());
 }
 
+static scoped_ptr<base::Value> ParsePermissionJSON(const std::string& json) {
+  scoped_ptr<base::Value> result(base::JSONReader::Read(json));
+  EXPECT_TRUE(result) << "Invalid JSON string: " << json;
+  return result.Pass();
+}
+
+static scoped_ptr<SocketsManifestPermission> PermissionFromValue(
+    const base::Value& value) {
+  base::string16 error16;
+  scoped_ptr<SocketsManifestPermission> permission(
+      SocketsManifestPermission::FromValue(value, &error16));
+  EXPECT_TRUE(permission)
+      << "Error parsing Value into permission: " << error16;
+  return permission.Pass();
+}
+
+static scoped_ptr<SocketsManifestPermission> PermissionFromJSON(
+    const std::string& json) {
+  scoped_ptr<base::Value> value(ParsePermissionJSON(json));
+  return PermissionFromValue(*value);
+}
+
+struct CheckFormatEntry {
+  CheckFormatEntry(SocketPermissionRequest::OperationType operation_type,
+                   std::string host_pattern)
+      : operation_type(operation_type),
+        host_pattern(host_pattern) {
+  }
+
+  // operators <, == are needed by container std::set and algorithms
+  // std::set_includes and std::set_differences.
+  bool operator<(const CheckFormatEntry& rhs) const {
+    if (operation_type == rhs.operation_type)
+      return  host_pattern < rhs.host_pattern;
+
+    return operation_type < rhs.operation_type;
+  }
+
+  bool operator==(const CheckFormatEntry& rhs) const {
+    return operation_type == rhs.operation_type &&
+      host_pattern == rhs.host_pattern;
+  }
+
+  SocketPermissionRequest::OperationType operation_type;
+  std::string host_pattern;
+};
+
+static testing::AssertionResult CheckFormat(
+    std::multiset<CheckFormatEntry> permissions,
+    const std::string& json) {
+  scoped_ptr<SocketsManifestPermission> permission(PermissionFromJSON(json));
+  if (!permission)
+    return testing::AssertionFailure() << "Invalid permission " << json;
+
+  if (permissions.size() != permission->entries().size()) {
+    return testing::AssertionFailure()
+        << "Incorrect # of entries in json: " << json;
+  }
+
+  // Note: We use multiset because SocketsManifestPermission does not have to
+  // store entries in the order found in the json message.
+  std::multiset<CheckFormatEntry> parsed_permissions;
+  for (SocketsManifestPermission::SocketPermissionEntrySet::const_iterator
+      it = permission->entries().begin(); it != permission->entries().end();
+      ++it) {
+    parsed_permissions.insert(
+        CheckFormatEntry(it->pattern().type,  it->GetHostPatternAsString()));
+  }
+
+  if (!std::equal(permissions.begin(), permissions.end(),
+      parsed_permissions.begin())) {
+    return testing::AssertionFailure() << "Incorrect socket operations.";
+  }
+  return testing::AssertionSuccess();
+}
+
+static testing::AssertionResult CheckFormat(const std::string& json) {
+  return CheckFormat(std::multiset<CheckFormatEntry>(), json);
+}
+
+static testing::AssertionResult CheckFormat(
+    const std::string& json,
+    const CheckFormatEntry& op1) {
+  CheckFormatEntry entries[] = {
+    op1
+  };
+  return CheckFormat(std::multiset<CheckFormatEntry>(
+      entries, entries + arraysize(entries)), json);
+}
+
+static testing::AssertionResult CheckFormat(
+    const std::string& json,
+    const CheckFormatEntry& op1,
+    const CheckFormatEntry& op2) {
+  CheckFormatEntry entries[] = {
+    op1, op2
+  };
+  return CheckFormat(std::multiset<CheckFormatEntry>(
+      entries, entries + arraysize(entries)), json);
+}
+
+static testing::AssertionResult CheckFormat(
+    const std::string& json,
+    const CheckFormatEntry& op1,
+    const CheckFormatEntry& op2,
+    const CheckFormatEntry& op3,
+    const CheckFormatEntry& op4,
+    const CheckFormatEntry& op5,
+    const CheckFormatEntry& op6,
+    const CheckFormatEntry& op7,
+    const CheckFormatEntry& op8,
+    const CheckFormatEntry& op9) {
+  CheckFormatEntry entries[] = {
+    op1, op2, op3, op4, op5, op6, op7, op8, op9
+  };
+  return CheckFormat(std::multiset<CheckFormatEntry>(
+      entries, entries + arraysize(entries)), json);
+}
+
 }  // namespace
 
 TEST(SocketsManifestPermissionTest, Empty) {
@@ -74,26 +209,80 @@ TEST(SocketsManifestPermissionTest, Empty) {
   AssertEmptyPermission(ipc_perm2.get());
 }
 
-TEST(SocketsManifestPermissionTest, General) {
-  std::string udp_send_string = "{ \"udp\": { \"send\": \"\" } }";
-  scoped_ptr<base::Value> udp_send(base::JSONReader::Read(udp_send_string));
-  EXPECT_TRUE(udp_send);
+TEST(SocketsManifestPermissionTest, JSONFormats) {
+  EXPECT_TRUE(CheckFormat("{\"udp\":{\"send\":\"\"}}",
+      CheckFormatEntry(SocketPermissionRequest::UDP_SEND_TO, "*:*")));
+  EXPECT_TRUE(CheckFormat("{\"udp\":{\"send\":[]}}"));
+  EXPECT_TRUE(CheckFormat("{\"udp\":{\"send\":[\"\"]}}",
+      CheckFormatEntry(SocketPermissionRequest::UDP_SEND_TO, "*:*")));
+  EXPECT_TRUE(CheckFormat("{\"udp\":{\"send\":[\"a:80\", \"b:10\"]}}",
+      CheckFormatEntry(SocketPermissionRequest::UDP_SEND_TO, "a:80"),
+      CheckFormatEntry(SocketPermissionRequest::UDP_SEND_TO, "b:10")));
+
+  EXPECT_TRUE(CheckFormat("{\"udp\":{\"bind\":\"\"}}",
+      CheckFormatEntry(SocketPermissionRequest::UDP_BIND, "*:*")));
+  EXPECT_TRUE(CheckFormat("{\"udp\":{\"bind\":[]}}"));
+  EXPECT_TRUE(CheckFormat("{\"udp\":{\"bind\":[\"\"]}}",
+      CheckFormatEntry(SocketPermissionRequest::UDP_BIND, "*:*")));
+  EXPECT_TRUE(CheckFormat("{\"udp\":{\"bind\":[\"a:80\", \"b:10\"]}}",
+      CheckFormatEntry(SocketPermissionRequest::UDP_BIND, "a:80"),
+      CheckFormatEntry(SocketPermissionRequest::UDP_BIND, "b:10")));
+
+  EXPECT_TRUE(CheckFormat("{\"udp\":{\"multicastMembership\":\"\"}}",
+      CheckFormatEntry(SocketPermissionRequest::UDP_MULTICAST_MEMBERSHIP, "")));
+  EXPECT_TRUE(CheckFormat("{\"udp\":{\"multicastMembership\":[]}}"));
+  EXPECT_TRUE(CheckFormat("{\"udp\":{\"multicastMembership\":[\"\"]}}",
+      CheckFormatEntry(SocketPermissionRequest::UDP_MULTICAST_MEMBERSHIP, "")));
+  EXPECT_TRUE(CheckFormat("{\"udp\":{\"multicastMembership\":[\"\", \"\"]}}",
+      CheckFormatEntry(SocketPermissionRequest::UDP_MULTICAST_MEMBERSHIP, "")));
+
+  EXPECT_TRUE(CheckFormat("{\"tcp\":{\"connect\":\"\"}}",
+      CheckFormatEntry(SocketPermissionRequest::TCP_CONNECT, "*:*")));
+  EXPECT_TRUE(CheckFormat("{\"tcp\":{\"connect\":[]}}"));
+  EXPECT_TRUE(CheckFormat("{\"tcp\":{\"connect\":[\"\"]}}",
+      CheckFormatEntry(SocketPermissionRequest::TCP_CONNECT, "*:*")));
+  EXPECT_TRUE(CheckFormat("{\"tcp\":{\"connect\":[\"a:80\", \"b:10\"]}}",
+      CheckFormatEntry(SocketPermissionRequest::TCP_CONNECT, "a:80"),
+      CheckFormatEntry(SocketPermissionRequest::TCP_CONNECT, "b:10")));
+
+  EXPECT_TRUE(CheckFormat("{\"tcpServer\":{\"listen\":\"\"}}",
+      CheckFormatEntry(SocketPermissionRequest::TCP_LISTEN, "*:*")));
+  EXPECT_TRUE(CheckFormat("{\"tcpServer\":{\"listen\":[]}}"));
+  EXPECT_TRUE(CheckFormat("{\"tcpServer\":{\"listen\":[\"\"]}}",
+      CheckFormatEntry(SocketPermissionRequest::TCP_LISTEN, "*:*")));
+  EXPECT_TRUE(CheckFormat("{\"tcpServer\":{\"listen\":[\"a:80\", \"b:10\"]}}",
+      CheckFormatEntry(SocketPermissionRequest::TCP_LISTEN, "a:80"),
+      CheckFormatEntry(SocketPermissionRequest::TCP_LISTEN, "b:10")));
+
+  EXPECT_TRUE(CheckFormat(
+      "{"
+        "\"udp\":{"
+          "\"send\":[\"a:80\", \"b:10\"],"
+          "\"bind\":[\"a:80\", \"b:10\"],"
+          "\"multicastMembership\":\"\""
+        "},"
+        "\"tcp\":{\"connect\":[\"a:80\", \"b:10\"]},"
+        "\"tcpServer\":{\"listen\":[\"a:80\", \"b:10\"]}"
+      "}",
+      CheckFormatEntry(SocketPermissionRequest::UDP_SEND_TO, "a:80"),
+      CheckFormatEntry(SocketPermissionRequest::UDP_SEND_TO, "b:10"),
+      CheckFormatEntry(SocketPermissionRequest::UDP_BIND, "a:80"),
+      CheckFormatEntry(SocketPermissionRequest::UDP_BIND, "b:10"),
+      CheckFormatEntry(SocketPermissionRequest::UDP_MULTICAST_MEMBERSHIP, ""),
+      CheckFormatEntry(SocketPermissionRequest::TCP_CONNECT, "a:80"),
+      CheckFormatEntry(SocketPermissionRequest::TCP_CONNECT, "b:10"),
+      CheckFormatEntry(SocketPermissionRequest::TCP_LISTEN, "a:80"),
+      CheckFormatEntry(SocketPermissionRequest::TCP_LISTEN, "b:10")));
 
-  std::string udp_bind_string = "{ \"udp\": { \"bind\": \"127.0.0.1:3007\" } }";
-  scoped_ptr<base::Value> udp_bind(base::JSONReader::Read(udp_bind_string));
-  EXPECT_TRUE(udp_bind);
+}
 
-  std::string tcp_connect_string =
-      "{ \"tcp\": { \"connect\": \"127.0.0.1:80\" } }";
+TEST(SocketsManifestPermissionTest, FromToValue) {
+  scoped_ptr<base::Value> udp_send(ParsePermissionJSON(kUdpBindPermission));
+  scoped_ptr<base::Value> udp_bind(ParsePermissionJSON(kUdpSendPermission));
   scoped_ptr<base::Value> tcp_connect(
-      base::JSONReader::Read(tcp_connect_string));
-  EXPECT_TRUE(tcp_connect);
-
-  std::string tcp_server_listen_string =
-      "{ \"tcpServer\": { \"listen\": \"127.0.0.1:80\" } }";
+      ParsePermissionJSON(kTcpConnectPermission));
   scoped_ptr<base::Value> tcp_server_listen(
-      base::JSONReader::Read(tcp_server_listen_string));
-  EXPECT_TRUE(tcp_server_listen);
+      ParsePermissionJSON(kTcpServerListenPermission));
 
   // FromValue()
   scoped_ptr<SocketsManifestPermission> permission1(
@@ -144,8 +333,19 @@ TEST(SocketsManifestPermissionTest, General) {
       new SocketsManifestPermission());
   EXPECT_TRUE(permission4_1->FromValue(value4.get()));
   EXPECT_TRUE(permission4->Equal(permission4_1.get()));
+}
 
-  // Union/Diff/Intersection
+TEST(SocketsManifestPermissionTest, SetOperations) {
+  scoped_ptr<SocketsManifestPermission> permission1(
+      PermissionFromJSON(kUdpBindPermission));
+  scoped_ptr<SocketsManifestPermission> permission2(
+      PermissionFromJSON(kUdpSendPermission));
+  scoped_ptr<SocketsManifestPermission> permission3(
+      PermissionFromJSON(kTcpConnectPermission));
+  scoped_ptr<SocketsManifestPermission> permission4(
+      PermissionFromJSON(kTcpServerListenPermission));
+
+  // Union
   scoped_ptr<SocketsManifestPermission> union_perm(
       static_cast<SocketsManifestPermission*>(
           permission1->Union(permission2.get())));
@@ -157,6 +357,7 @@ TEST(SocketsManifestPermissionTest, General) {
   EXPECT_FALSE(union_perm->Contains(permission3.get()));
   EXPECT_FALSE(union_perm->Contains(permission4.get()));
 
+  // Diff
   scoped_ptr<SocketsManifestPermission> diff_perm1(
       static_cast<SocketsManifestPermission*>(
           permission1->Diff(permission2.get())));
@@ -172,6 +373,7 @@ TEST(SocketsManifestPermissionTest, General) {
   EXPECT_TRUE(diff_perm2);
   AssertEmptyPermission(diff_perm2.get());
 
+  // Intersection
   scoped_ptr<SocketsManifestPermission> intersect_perm1(
       static_cast<SocketsManifestPermission*>(
           union_perm->Intersect(permission1.get())));
@@ -180,7 +382,22 @@ TEST(SocketsManifestPermissionTest, General) {
 
   EXPECT_TRUE(permission1->Equal(intersect_perm1.get()));
   EXPECT_TRUE(intersect_perm1->Equal(permission1.get()));
+}
 
+TEST(SocketsManifestPermissionTest, IPC) {
+  scoped_ptr<SocketsManifestPermission> permission(
+      PermissionFromJSON(kUdpBindPermission));
+
+  scoped_ptr<SocketsManifestPermission> ipc_perm(
+      static_cast<SocketsManifestPermission*>(permission->Clone()));
+  scoped_ptr<SocketsManifestPermission> ipc_perm2(
+      new SocketsManifestPermission());
+
+  IPC::Message m;
+  ipc_perm->Write(&m);
+  PickleIterator iter(m);
+  EXPECT_TRUE(ipc_perm2->Read(&m, &iter));
+  EXPECT_TRUE(permission->Equal(ipc_perm2.get()));
 }
 
 }  // namespace extensions