Add managed policies for Native Messaging

chrome/browser/extensions/api/messaging/native_message_process_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/api/messaging/native_message_process_host.h"
 
 #include "base/bind.h"
 #include "base/files/file_path.h"
 #include "base/logging.h"
 #include "base/platform_file.h"
+#include "base/prefs/pref_service.h"
 #include "base/process/kill.h"
 #include "base/threading/sequenced_worker_pool.h"
 #include "base/values.h"
 #include "chrome/browser/extensions/api/messaging/native_messaging_host_manifest.h"
 #include "chrome/browser/extensions/api/messaging/native_process_launcher.h"
 #include "chrome/common/chrome_version_info.h"
+#include "chrome/common/pref_names.h"
 #include "extensions/common/constants.h"
 #include "extensions/common/features/feature.h"
 #include "net/base/file_stream.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_util.h"
 #include "url/gurl.h"
 
 namespace {
 
@@ skipping 15 matching lines @@
 const char kNotFoundError[] = "Specified native messaging host not found.";
 const char kForbiddenError[] =
     "Access to the specified native messaging host is forbidden.";
 const char kHostInputOuputError[] =
     "Error when communicating with the native messaging host.";
 
 }  // namespace
 
 namespace extensions {
 
+// static
+bool NativeMessageProcessHost::IsHostAllowed(
+    const PrefService* pref_service,
+    const std::string& native_host_name) {
+  // All native messaging hosts are allowed if there is no blacklist.
+  if (!pref_service->IsManagedPreference(prefs::kNativeMessagingBlacklist))

[not at google - send to devlin, 2013/12/28 04:55:51]

what is the difference between this check and the one on line 63?

[Sergey Ulanov, 2014/01/06 23:21:55]

Normally the preference will always be present in the prefs dictionary (because
it's registered in chrome/browser/extensions/extension_prefs.cc). This check
verifies that it's actually managed.

+    return true;
+  const base::ListValue* blacklist =
+      pref_service->GetList(prefs::kNativeMessagingBlacklist);
+  if (!blacklist)
+    return true;
+
+  // Check if the name or the wildcard is in the blacklist.
+  base::StringValue name_value(native_host_name);
+  base::StringValue wildcard_value("*");
+  if (blacklist->Find(name_value) == blacklist->end() &&
+      blacklist->Find(wildcard_value) == blacklist->end()) {
+    return true;
+  }
+
+  // The native messaging host is blacklisted. Check the whitelist.
+  if (pref_service->IsManagedPreference(prefs::kNativeMessagingWhitelist)) {

[not at google - send to devlin, 2013/12/28 04:55:51]

ditto

[Sergey Ulanov, 2014/01/06 23:21:55]

Same here.

+    const base::ListValue* whitelist =
+        pref_service->GetList(prefs::kNativeMessagingWhitelist);
+    if (whitelist && whitelist->Find(name_value) != whitelist->end())
+      return true;
+  }
+
+  return false;
+}
+
 NativeMessageProcessHost::NativeMessageProcessHost(
     base::WeakPtr<Client> weak_client_ui,
     const std::string& source_extension_id,
     const std::string& native_host_name,
     int destination_port,
     scoped_ptr<NativeProcessLauncher> launcher)
     : weak_client_ui_(weak_client_ui),
       source_extension_id_(source_extension_id),
       native_host_name_(native_host_name),
       destination_port_(destination_port),
@@ skipping 299 matching lines @@
     content::BrowserThread::PostBlockingPoolTask(
         FROM_HERE, base::Bind(&base::EnsureProcessTerminated, process_handle_));
 #else
     base::EnsureProcessTerminated(process_handle_);
 #endif
     process_handle_ = base::kNullProcessHandle;
   }
 }
 
 }  // namespace extensions