| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/extensions/device_local_account_management_pol
icy_provider.h" | 5 #include "chrome/browser/chromeos/extensions/device_local_account_management_pol
icy_provider.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/strings/utf_string_conversions.h" | 10 #include "base/strings/utf_string_conversions.h" |
| 11 #include "chrome/common/extensions/extension.h" | 11 #include "chrome/common/extensions/extension.h" |
| 12 #include "extensions/common/manifest.h" | 12 #include "extensions/common/manifest.h" |
| 13 #include "grit/generated_resources.h" | 13 #include "grit/generated_resources.h" |
| 14 #include "ui/base/l10n/l10n_util.h" | 14 #include "ui/base/l10n/l10n_util.h" |
| 15 | 15 |
| 16 namespace chromeos { | 16 namespace chromeos { |
| 17 | 17 |
| 18 namespace { | 18 namespace { |
| 19 | 19 |
| 20 // Apps/extensions explicitly whitelisted for use in device-local accounts. | 20 // Apps/extensions explicitly whitelisted for use in public sessions. |
| 21 const char* kDeviceLocalAccountWhitelist[] = { | 21 const char* kPublicSessionWhitelist[] = { |
| 22 // Public sessions in general: | 22 // Public sessions in general: |
| 23 "cbkkbcmdlboombapidmoeolnmdacpkch", // Chrome RDP | 23 "cbkkbcmdlboombapidmoeolnmdacpkch", // Chrome RDP |
| 24 "djflhoibgkdhkhhcedjiklpkjnoahfmg", // User Agent Switcher | 24 "djflhoibgkdhkhhcedjiklpkjnoahfmg", // User Agent Switcher |
| 25 "iabmpiboiopbgfabjmgeedhcmjenhbla", // VNC Viewer | 25 "iabmpiboiopbgfabjmgeedhcmjenhbla", // VNC Viewer |
| 26 | 26 |
| 27 // Retail mode: | 27 // Retail mode: |
| 28 "ehcabepphndocfmgbdkbjibfodelmpbb", // Angry Birds | 28 "ehcabepphndocfmgbdkbjibfodelmpbb", // Angry Birds |
| 29 "kgimkbnclbekdkabkpjhpakhhalfanda", // Bejeweled | 29 "kgimkbnclbekdkabkpjhpakhhalfanda", // Bejeweled |
| 30 "joodangkbfjnajiiifokapkpmhfnpleo", // Calculator | 30 "joodangkbfjnajiiifokapkpmhfnpleo", // Calculator |
| 31 "fpgfohogebplgnamlafljlcidjedbdeb", // Calendar | 31 "fpgfohogebplgnamlafljlcidjedbdeb", // Calendar |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 83 NOTREACHED(); | 83 NOTREACHED(); |
| 84 return std::string(); | 84 return std::string(); |
| 85 #else | 85 #else |
| 86 return "whitelist for device-local accounts"; | 86 return "whitelist for device-local accounts"; |
| 87 #endif | 87 #endif |
| 88 } | 88 } |
| 89 | 89 |
| 90 bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad( | 90 bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad( |
| 91 const extensions::Extension* extension, | 91 const extensions::Extension* extension, |
| 92 string16* error) const { | 92 string16* error) const { |
| 93 if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) { | 93 if (account_type_ == policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION) { |
| 94 // Allow extension if it is an externally hosted component of Chrome. |
| 95 if (extension->location() == |
| 96 extensions::Manifest::EXTERNAL_COMPONENT) { |
| 97 return true; |
| 98 } |
| 99 |
| 100 // Allow extension if its type is whitelisted for use in public sessions. |
| 101 if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP) |
| 102 return true; |
| 103 |
| 104 // Allow extension if its specific ID is whitelisted for use in public |
| 105 // sessions. |
| 106 for (size_t i = 0; i < arraysize(kPublicSessionWhitelist); ++i) { |
| 107 if (extension->id() == kPublicSessionWhitelist[i]) |
| 108 return true; |
| 109 } |
| 110 } else if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) { |
| 94 // For single-app kiosk sessions, allow only platform apps. | 111 // For single-app kiosk sessions, allow only platform apps. |
| 95 if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP) | 112 if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP) |
| 96 return true; | 113 return true; |
| 97 | |
| 98 } else { | |
| 99 // Allow extension if its type is whitelisted for use in device-local | |
| 100 // accounts. | |
| 101 if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP) | |
| 102 return true; | |
| 103 | |
| 104 // Allow extension if its specific ID is whitelisted for use in device-local | |
| 105 // accounts. | |
| 106 for (size_t i = 0; i < arraysize(kDeviceLocalAccountWhitelist); ++i) { | |
| 107 if (extension->id() == kDeviceLocalAccountWhitelist[i]) | |
| 108 return true; | |
| 109 } | |
| 110 } | 114 } |
| 111 | 115 |
| 112 // Disallow all other extensions. | 116 // Disallow all other extensions. |
| 113 if (error) { | 117 if (error) { |
| 114 *error = l10n_util::GetStringFUTF16( | 118 *error = l10n_util::GetStringFUTF16( |
| 115 IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT, | 119 IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT, |
| 116 UTF8ToUTF16(extension->name()), | 120 UTF8ToUTF16(extension->name()), |
| 117 UTF8ToUTF16(extension->id())); | 121 UTF8ToUTF16(extension->id())); |
| 118 } | 122 } |
| 119 return false; | 123 return false; |
| 120 } | 124 } |
| 121 | 125 |
| 122 } // namespace chromeos | 126 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 145083016:
Merge 246868 "Whitelist extensions from EXTERNAL_COMPONENT for p..." (Closed)
Base URL: svn://svn.chromium.org/chrome/branches/1700/src/