Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1531)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.cc

Issue 141703003: Whitelist extensions from EXTERNAL_COMPONENT for public sessions (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/browser/chromeos/extensions/device_local_account_management_policy_provider_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.cc
diff --git a/chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.cc b/chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.cc
index 3fdb9fe14596f540dd01789f3f4acc0cb21fa952..9614868fb531e832e2c69bf0c7f439403fdbe351 100644
--- a/chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.cc
+++ b/chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.cc
@@ -17,8 +17,8 @@ namespace chromeos {
namespace {
-// Apps/extensions explicitly whitelisted for use in device-local accounts.
-const char* kDeviceLocalAccountWhitelist[] = {
+// Apps/extensions explicitly whitelisted for use in public sessions.
+const char* kPublicSessionWhitelist[] = {
// Public sessions in general:
"cbkkbcmdlboombapidmoeolnmdacpkch", // Chrome RDP
"djflhoibgkdhkhhcedjiklpkjnoahfmg", // User Agent Switcher
@@ -92,23 +92,27 @@ std::string DeviceLocalAccountManagementPolicyProvider::
bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad(
const extensions::Extension* extension,
base::string16* error) const {
- if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) {
- // For single-app kiosk sessions, allow only platform apps.
- if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP)
+ if (account_type_ == policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION) {
+ // Allow extension if it is an externally hosted component of Chrome.
+ if (extension->location() ==
+ extensions::Manifest::EXTERNAL_COMPONENT) {
return true;
+ }
- } else {
- // Allow extension if its type is whitelisted for use in device-local
- // accounts.
+ // Allow extension if its type is whitelisted for use in public sessions.
if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP)
return true;
- // Allow extension if its specific ID is whitelisted for use in device-local
- // accounts.
- for (size_t i = 0; i < arraysize(kDeviceLocalAccountWhitelist); ++i) {
- if (extension->id() == kDeviceLocalAccountWhitelist[i])
+ // Allow extension if its specific ID is whitelisted for use in public
+ // sessions.
+ for (size_t i = 0; i < arraysize(kPublicSessionWhitelist); ++i) {
+ if (extension->id() == kPublicSessionWhitelist[i])
return true;
}
asargent_no_longer_on_chrome 2014/01/23 18:53:35 Just to double-check, it looks like this CL change
bartfab (slow) 2014/01/24 10:06:19 Yes, this was intentional. There is actually no fu
+ } else if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) {
+ // For single-app kiosk sessions, allow only platform apps.
+ if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP)
+ return true;
}
// Disallow all other extensions.
« no previous file with comments | « no previous file | chrome/browser/chromeos/extensions/device_local_account_management_policy_provider_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698