Add managed policies for Native Messaging

chrome/browser/extensions/api/messaging/native_message_process_host.cc

Index: chrome/browser/extensions/api/messaging/native_message_process_host.cc
diff --git a/chrome/browser/extensions/api/messaging/native_message_process_host.cc b/chrome/browser/extensions/api/messaging/native_message_process_host.cc
index 7efce0d4c4e90f8899058fd69c101c8486980b2d..417144fda4a4bf2d791f627207c0ec463d487d16 100644
--- a/chrome/browser/extensions/api/messaging/native_message_process_host.cc
+++ b/chrome/browser/extensions/api/messaging/native_message_process_host.cc
@@ -8,12 +8,14 @@
 #include "base/files/file_path.h"
 #include "base/logging.h"
 #include "base/platform_file.h"
+#include "base/prefs/pref_service.h"
 #include "base/process/kill.h"
 #include "base/threading/sequenced_worker_pool.h"
 #include "base/values.h"
 #include "chrome/browser/extensions/api/messaging/native_messaging_host_manifest.h"
 #include "chrome/browser/extensions/api/messaging/native_process_launcher.h"
 #include "chrome/common/chrome_version_info.h"
+#include "chrome/common/pref_names.h"
 #include "extensions/common/constants.h"
 #include "extensions/common/features/feature.h"
 #include "net/base/file_stream.h"
@@ -49,6 +51,37 @@ const char kHostInputOuputError[] =
 
 namespace extensions {
 
+// static
+bool NativeMessageProcessHost::IsHostAllowed(
+    const PrefService* pref_service,
+    const std::string& native_host_name) {
+  // All native messaging hosts are allowed if there is no blacklist.
+  if (!pref_service->IsManagedPreference(prefs::kNativeMessagingBlacklist))

[not at google - send to devlin, 2013/12/28 04:55:51]

what is the difference between this check and the one on line 63?

[Sergey Ulanov, 2014/01/06 23:21:55]

Normally the preference will always be present in the prefs dictionary (because
it's registered in chrome/browser/extensions/extension_prefs.cc). This check
verifies that it's actually managed.

+    return true;
+  const base::ListValue* blacklist =
+      pref_service->GetList(prefs::kNativeMessagingBlacklist);
+  if (!blacklist)
+    return true;
+
+  // Check if the name or the wildcard is in the blacklist.
+  base::StringValue name_value(native_host_name);
+  base::StringValue wildcard_value("*");
+  if (blacklist->Find(name_value) == blacklist->end() &&
+      blacklist->Find(wildcard_value) == blacklist->end()) {
+    return true;
+  }
+
+  // The native messaging host is blacklisted. Check the whitelist.
+  if (pref_service->IsManagedPreference(prefs::kNativeMessagingWhitelist)) {

[not at google - send to devlin, 2013/12/28 04:55:51]

ditto

[Sergey Ulanov, 2014/01/06 23:21:55]

Same here.

+    const base::ListValue* whitelist =
+        pref_service->GetList(prefs::kNativeMessagingWhitelist);
+    if (whitelist && whitelist->Find(name_value) != whitelist->end())
+      return true;
+  }
+
+  return false;
+}
+
 NativeMessageProcessHost::NativeMessageProcessHost(
     base::WeakPtr<Client> weak_client_ui,
     const std::string& source_extension_id,