Chromium Code Reviews Chromium Code Reviews
Issue 2004043002:
Supervised Users Initiated Installs v2 (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@kid_initiated_install| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/supervised_user/supervised_user_service.h" | 5 #include "chrome/browser/supervised_user/supervised_user_service.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/feature_list.h" | |
| 10 #include "base/files/file_path.h" | 11 #include "base/files/file_path.h" |
| 11 #include "base/files/file_util.h" | 12 #include "base/files/file_util.h" |
| 12 #include "base/memory/ref_counted.h" | 13 #include "base/memory/ref_counted.h" |
| 13 #include "base/path_service.h" | 14 #include "base/path_service.h" |
| 14 #include "base/strings/stringprintf.h" | 15 #include "base/strings/stringprintf.h" |
| 15 #include "base/strings/utf_string_conversions.h" | 16 #include "base/strings/utf_string_conversions.h" |
| 16 #include "base/task_runner_util.h" | 17 #include "base/task_runner_util.h" |
| 17 #include "base/version.h" | 18 #include "base/version.h" |
| 18 #include "build/build_config.h" | 19 #include "build/build_config.h" |
| 19 #include "chrome/browser/browser_process.h" | 20 #include "chrome/browser/browser_process.h" |
| 20 #include "chrome/browser/component_updater/supervised_user_whitelist_installer.h " | 21 #include "chrome/browser/component_updater/supervised_user_whitelist_installer.h " |
| 21 #include "chrome/browser/profiles/profile.h" | 22 #include "chrome/browser/profiles/profile.h" |
| 22 #include "chrome/browser/profiles/profile_attributes_entry.h" | 23 #include "chrome/browser/profiles/profile_attributes_entry.h" |
| 23 #include "chrome/browser/profiles/profile_attributes_storage.h" | 24 #include "chrome/browser/profiles/profile_attributes_storage.h" |
| 24 #include "chrome/browser/profiles/profile_manager.h" | 25 #include "chrome/browser/profiles/profile_manager.h" |
| 25 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h" | 26 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h" |
| 26 #include "chrome/browser/signin/signin_manager_factory.h" | 27 #include "chrome/browser/signin/signin_manager_factory.h" |
| 27 #include "chrome/browser/supervised_user/experimental/supervised_user_filtering_ switches.h" | 28 #include "chrome/browser/supervised_user/experimental/supervised_user_filtering_ switches.h" |
| 28 #include "chrome/browser/supervised_user/permission_request_creator.h" | 29 #include "chrome/browser/supervised_user/permission_request_creator.h" |
| 29 #include "chrome/browser/supervised_user/supervised_user_constants.h" | 30 #include "chrome/browser/supervised_user/supervised_user_constants.h" |
| 31 #include "chrome/browser/supervised_user/supervised_user_features.h" | |
| 30 #include "chrome/browser/supervised_user/supervised_user_service_observer.h" | 32 #include "chrome/browser/supervised_user/supervised_user_service_observer.h" |
| 31 #include "chrome/browser/supervised_user/supervised_user_settings_service.h" | 33 #include "chrome/browser/supervised_user/supervised_user_settings_service.h" |
| 32 #include "chrome/browser/supervised_user/supervised_user_settings_service_factor y.h" | 34 #include "chrome/browser/supervised_user/supervised_user_settings_service_factor y.h" |
| 33 #include "chrome/browser/supervised_user/supervised_user_site_list.h" | 35 #include "chrome/browser/supervised_user/supervised_user_site_list.h" |
| 34 #include "chrome/browser/supervised_user/supervised_user_whitelist_service.h" | 36 #include "chrome/browser/supervised_user/supervised_user_whitelist_service.h" |
| 35 #include "chrome/browser/sync/profile_sync_service_factory.h" | 37 #include "chrome/browser/sync/profile_sync_service_factory.h" |
| 36 #include "chrome/browser/ui/browser.h" | 38 #include "chrome/browser/ui/browser.h" |
| 37 #include "chrome/browser/ui/browser_list.h" | 39 #include "chrome/browser/ui/browser_list.h" |
| 38 #include "chrome/common/chrome_paths.h" | 40 #include "chrome/common/chrome_paths.h" |
| 39 #include "chrome/common/chrome_switches.h" | 41 #include "chrome/common/chrome_switches.h" |
| (...skipping 21 matching lines...) Expand all Loading... | |
| 61 #endif | 63 #endif |
| 62 | 64 |
| 63 #if defined(OS_CHROMEOS) | 65 #if defined(OS_CHROMEOS) |
| 64 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h" | 66 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h" |
| 65 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" | 67 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" |
| 66 #include "components/user_manager/user_manager.h" | 68 #include "components/user_manager/user_manager.h" |
| 67 #endif | 69 #endif |
| 68 | 70 |
| 69 #if defined(ENABLE_EXTENSIONS) | 71 #if defined(ENABLE_EXTENSIONS) |
| 70 #include "chrome/browser/extensions/extension_service.h" | 72 #include "chrome/browser/extensions/extension_service.h" |
| 73 #include "chrome/browser/supervised_user/supervised_user_service_factory.h" | |
| 74 #include "extensions/browser/extension_prefs.h" | |
| 71 #include "extensions/browser/extension_system.h" | 75 #include "extensions/browser/extension_system.h" |
| 72 #endif | 76 #endif |
| 73 | 77 |
| 74 #if defined(ENABLE_THEMES) | 78 #if defined(ENABLE_THEMES) |
| 75 #include "chrome/browser/themes/theme_service.h" | 79 #include "chrome/browser/themes/theme_service.h" |
| 76 #include "chrome/browser/themes/theme_service_factory.h" | 80 #include "chrome/browser/themes/theme_service_factory.h" |
| 77 #endif | 81 #endif |
| 78 | 82 |
| 79 using base::DictionaryValue; | 83 using base::DictionaryValue; |
| 80 using base::UserMetricsAction; | 84 using base::UserMetricsAction; |
| (...skipping 18 matching lines...) Expand all Loading... | |
| 99 prefs::kSupervisedUserSecondCustodianProfileURL, | 103 prefs::kSupervisedUserSecondCustodianProfileURL, |
| 100 }; | 104 }; |
| 101 | 105 |
| 102 void CreateURLAccessRequest( | 106 void CreateURLAccessRequest( |
| 103 const GURL& url, | 107 const GURL& url, |
| 104 PermissionRequestCreator* creator, | 108 PermissionRequestCreator* creator, |
| 105 const SupervisedUserService::SuccessCallback& callback) { | 109 const SupervisedUserService::SuccessCallback& callback) { |
| 106 creator->CreateURLAccessRequest(url, callback); | 110 creator->CreateURLAccessRequest(url, callback); |
| 107 } | 111 } |
| 108 | 112 |
| 113 void CreateExtensionInstallRequest( | |
| 114 const std::string& id, | |
| 115 PermissionRequestCreator* creator, | |
| 116 const SupervisedUserService::SuccessCallback& callback) { | |
| 117 creator->CreateExtensionInstallRequest(id, callback); | |
| 118 } | |
| 119 | |
| 109 void CreateExtensionUpdateRequest( | 120 void CreateExtensionUpdateRequest( |
| 110 const std::string& id, | 121 const std::string& id, |
| 111 PermissionRequestCreator* creator, | 122 PermissionRequestCreator* creator, |
| 112 const SupervisedUserService::SuccessCallback& callback) { | 123 const SupervisedUserService::SuccessCallback& callback) { |
| 113 creator->CreateExtensionUpdateRequest(id, callback); | 124 creator->CreateExtensionUpdateRequest(id, callback); |
| 114 } | 125 } |
| 115 | 126 |
| 127 // Default callback for AddExtensionInstallRequest. | |
| 128 void ExtensionInstallRequestSent(const std::string& id, bool success) { | |
| 129 VLOG_IF(1, !success) << "Failed sending install request for " << id; | |
| 130 } | |
| 131 | |
| 116 // Default callback for AddExtensionUpdateRequest. | 132 // Default callback for AddExtensionUpdateRequest. |
| 117 void ExtensionUpdateRequestSent(const std::string& id, bool success) { | 133 void ExtensionUpdateRequestSent(const std::string& id, bool success) { |
| 118 VLOG_IF(1, !success) << "Failed sending update request for " << id; | 134 VLOG_IF(1, !success) << "Failed sending update request for " << id; |
| 119 } | 135 } |
| 120 | 136 |
| 121 base::FilePath GetBlacklistPath() { | 137 base::FilePath GetBlacklistPath() { |
| 122 base::FilePath blacklist_dir; | 138 base::FilePath blacklist_dir; |
| 123 PathService::Get(chrome::DIR_USER_DATA, &blacklist_dir); | 139 PathService::Get(chrome::DIR_USER_DATA, &blacklist_dir); |
| 124 return blacklist_dir.AppendASCII(kBlacklistFilename); | 140 return blacklist_dir.AppendASCII(kBlacklistFilename); |
| 125 } | 141 } |
| 126 | |
| 127 #if defined(ENABLE_EXTENSIONS) | |
| 128 enum ExtensionState { | |
| 129 EXTENSION_FORCED, | |
| 130 EXTENSION_BLOCKED, | |
| 131 EXTENSION_ALLOWED | |
| 132 }; | |
| 133 | |
| 134 ExtensionState GetExtensionState(const extensions::Extension* extension) { | |
| 135 bool was_installed_by_default = extension->was_installed_by_default(); | |
| 136 #if defined(OS_CHROMEOS) | |
| 137 // On Chrome OS all external sources are controlled by us so it means that | |
| 138 // they are "default". Method was_installed_by_default returns false because | |
| 139 // extensions creation flags are ignored in case of default extensions with | |
| 140 // update URL(the flags aren't passed to OnExternalExtensionUpdateUrlFound). | |
| 141 // TODO(dpolukhin): remove this Chrome OS specific code as soon as creation | |
| 142 // flags are not ignored. | |
| 143 was_installed_by_default = | |
| 144 extensions::Manifest::IsExternalLocation(extension->location()); | |
| 145 #endif | |
| 146 // Note: Component extensions are protected from modification/uninstallation | |
| 147 // anyway, so there's no need to enforce them again for supervised users. | |
| 148 // Also, leave policy-installed extensions alone - they have their own | |
| 149 // management; in particular we don't want to override the force-install list. | |
| 150 if (extensions::Manifest::IsComponentLocation(extension->location()) || | |
| 151 extensions::Manifest::IsPolicyLocation(extension->location()) || | |
| 152 extension->is_theme() || | |
| 153 extension->from_bookmark() || | |
| 154 extension->is_shared_module() || | |
| 155 was_installed_by_default) { | |
| 156 return EXTENSION_ALLOWED; | |
| 157 } | |
| 158 | |
| 159 if (extension->was_installed_by_custodian()) | |
| 160 return EXTENSION_FORCED; | |
| 161 | |
| 162 return EXTENSION_BLOCKED; | |
| 163 } | |
| 164 #endif | |
| 165 | |
| 166 } // namespace | 142 } // namespace |
| 167 | 143 |
| 168 SupervisedUserService::~SupervisedUserService() { | 144 SupervisedUserService::~SupervisedUserService() { |
| 169 DCHECK(!did_init_ || did_shutdown_); | 145 DCHECK(!did_init_ || did_shutdown_); |
| 170 url_filter_context_.ui_url_filter()->RemoveObserver(this); | 146 url_filter_context_.ui_url_filter()->RemoveObserver(this); |
| 171 } | 147 } |
| 172 | 148 |
| 173 // static | 149 // static |
| 174 void SupervisedUserService::RegisterProfilePrefs( | 150 void SupervisedUserService::RegisterProfilePrefs( |
| 175 user_prefs::PrefRegistrySyncable* registry) { | 151 user_prefs::PrefRegistrySyncable* registry) { |
| 152 registry->RegisterDictionaryPref(prefs::kSupervisedUserApprovedExtensions); | |
| 176 registry->RegisterDictionaryPref(prefs::kSupervisedUserManualHosts); | 153 registry->RegisterDictionaryPref(prefs::kSupervisedUserManualHosts); |
| 177 registry->RegisterDictionaryPref(prefs::kSupervisedUserManualURLs); | 154 registry->RegisterDictionaryPref(prefs::kSupervisedUserManualURLs); |
| 178 registry->RegisterIntegerPref(prefs::kDefaultSupervisedUserFilteringBehavior, | 155 registry->RegisterIntegerPref(prefs::kDefaultSupervisedUserFilteringBehavior, |
| 179 SupervisedUserURLFilter::ALLOW); | 156 SupervisedUserURLFilter::ALLOW); |
| 180 registry->RegisterBooleanPref(prefs::kSupervisedUserCreationAllowed, true); | 157 registry->RegisterBooleanPref(prefs::kSupervisedUserCreationAllowed, true); |
| 181 registry->RegisterBooleanPref(prefs::kSupervisedUserSafeSites, true); | 158 registry->RegisterBooleanPref(prefs::kSupervisedUserSafeSites, true); |
| 182 for (const char* pref : kCustodianInfoPrefs) { | 159 for (const char* pref : kCustodianInfoPrefs) { |
| 183 registry->RegisterStringPref(pref, std::string()); | 160 registry->RegisterStringPref(pref, std::string()); |
| 184 } | 161 } |
| 185 } | 162 } |
| (...skipping 21 matching lines...) Expand all Loading... | |
| 207 | 184 |
| 208 std::string client_id = component_updater::SupervisedUserWhitelistInstaller:: | 185 std::string client_id = component_updater::SupervisedUserWhitelistInstaller:: |
| 209 ClientIdForProfilePath(profile_->GetPath()); | 186 ClientIdForProfilePath(profile_->GetPath()); |
| 210 whitelist_service_.reset(new SupervisedUserWhitelistService( | 187 whitelist_service_.reset(new SupervisedUserWhitelistService( |
| 211 profile_->GetPrefs(), | 188 profile_->GetPrefs(), |
| 212 g_browser_process->supervised_user_whitelist_installer(), client_id)); | 189 g_browser_process->supervised_user_whitelist_installer(), client_id)); |
| 213 whitelist_service_->AddSiteListsChangedCallback( | 190 whitelist_service_->AddSiteListsChangedCallback( |
| 214 base::Bind(&SupervisedUserService::OnSiteListsChanged, | 191 base::Bind(&SupervisedUserService::OnSiteListsChanged, |
| 215 weak_ptr_factory_.GetWeakPtr())); | 192 weak_ptr_factory_.GetWeakPtr())); |
| 216 | 193 |
| 194 approved_extensions_map_.reset(new std::map<std::string, std::string>()); | |
| 217 SetActive(ProfileIsSupervised()); | 195 SetActive(ProfileIsSupervised()); |
| 218 } | 196 } |
| 219 | 197 |
| 220 void SupervisedUserService::SetDelegate(Delegate* delegate) { | 198 void SupervisedUserService::SetDelegate(Delegate* delegate) { |
| 221 if (delegate) { | 199 if (delegate) { |
| 222 // Changing delegates isn't allowed. | 200 // Changing delegates isn't allowed. |
| 223 DCHECK(!delegate_); | 201 DCHECK(!delegate_); |
| 224 } else { | 202 } else { |
| 225 // If the delegate is removed, deactivate first to give the old delegate a | 203 // If the delegate is removed, deactivate first to give the old delegate a |
| 226 // chance to clean up. | 204 // chance to clean up. |
| (...skipping 29 matching lines...) Expand all Loading... | |
| 256 } | 234 } |
| 257 | 235 |
| 258 void SupervisedUserService::ReportURL(const GURL& url, | 236 void SupervisedUserService::ReportURL(const GURL& url, |
| 259 const SuccessCallback& callback) { | 237 const SuccessCallback& callback) { |
| 260 if (url_reporter_) | 238 if (url_reporter_) |
| 261 url_reporter_->ReportUrl(url, callback); | 239 url_reporter_->ReportUrl(url, callback); |
| 262 else | 240 else |
| 263 callback.Run(false); | 241 callback.Run(false); |
| 264 } | 242 } |
| 265 | 243 |
| 244 void SupervisedUserService::AddExtensionInstallRequest( | |
| 245 const std::string& extension_id, | |
| 246 const base::Version& version, | |
| 247 const SuccessCallback& callback) { | |
| 248 std::string id = GetExtensionRequestId(extension_id, version); | |
| 249 AddPermissionRequestInternal(base::Bind(CreateExtensionInstallRequest, id), | |
| 250 callback, 0); | |
| 251 } | |
| 252 | |
| 253 void SupervisedUserService::AddExtensionInstallRequest( | |
| 254 const std::string& extension_id, | |
| 255 const base::Version& version) { | |
| 256 std::string id = GetExtensionRequestId(extension_id, version); | |
| 257 AddPermissionRequestInternal(base::Bind(CreateExtensionInstallRequest, id), | |
| 258 base::Bind(ExtensionInstallRequestSent, id), 0); | |
| 259 } | |
| 260 | |
| 266 void SupervisedUserService::AddExtensionUpdateRequest( | 261 void SupervisedUserService::AddExtensionUpdateRequest( |
| 267 const std::string& extension_id, | 262 const std::string& extension_id, |
| 268 const base::Version& version, | 263 const base::Version& version, |
| 269 const SuccessCallback& callback) { | 264 const SuccessCallback& callback) { |
| 270 std::string id = GetExtensionUpdateRequestId(extension_id, version); | 265 std::string id = GetExtensionRequestId(extension_id, version); |
| 271 AddPermissionRequestInternal( | 266 AddPermissionRequestInternal( |
| 272 base::Bind(CreateExtensionUpdateRequest, id), callback, 0); | 267 base::Bind(CreateExtensionUpdateRequest, id), callback, 0); |
| 273 } | 268 } |
| 274 | 269 |
| 275 void SupervisedUserService::AddExtensionUpdateRequest( | 270 void SupervisedUserService::AddExtensionUpdateRequest( |
| 276 const std::string& extension_id, | 271 const std::string& extension_id, |
| 277 const base::Version& version) { | 272 const base::Version& version) { |
| 278 std::string id = GetExtensionUpdateRequestId(extension_id, version); | 273 std::string id = GetExtensionRequestId(extension_id, version); |
| 279 AddExtensionUpdateRequest(extension_id, version, | 274 AddExtensionUpdateRequest(extension_id, version, |
| 280 base::Bind(ExtensionUpdateRequestSent, id)); | 275 base::Bind(ExtensionUpdateRequestSent, id)); |
| 281 } | 276 } |
| 282 | 277 |
| 283 // static | 278 // static |
| 284 std::string SupervisedUserService::GetExtensionUpdateRequestId( | 279 std::string SupervisedUserService::GetExtensionRequestId( |
| 285 const std::string& extension_id, | 280 const std::string& extension_id, |
| 286 const base::Version& version) { | 281 const base::Version& version) { |
| 287 return base::StringPrintf("%s:%s", extension_id.c_str(), | 282 return base::StringPrintf("%s:%s", extension_id.c_str(), |
| 288 version.GetString().c_str()); | 283 version.GetString().c_str()); |
| 289 } | 284 } |
| 290 | 285 |
| 291 std::string SupervisedUserService::GetCustodianEmailAddress() const { | 286 std::string SupervisedUserService::GetCustodianEmailAddress() const { |
| 292 std::string email = profile_->GetPrefs()->GetString( | 287 std::string email = profile_->GetPrefs()->GetString( |
| 293 prefs::kSupervisedUserCustodianEmail); | 288 prefs::kSupervisedUserCustodianEmail); |
| 294 #if defined(OS_CHROMEOS) | 289 #if defined(OS_CHROMEOS) |
| (...skipping 281 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 576 | 571 |
| 577 #if defined(ENABLE_EXTENSIONS) | 572 #if defined(ENABLE_EXTENSIONS) |
| 578 SetExtensionsActive(); | 573 SetExtensionsActive(); |
| 579 #endif | 574 #endif |
| 580 | 575 |
| 581 if (active_) { | 576 if (active_) { |
| 582 pref_change_registrar_.Add( | 577 pref_change_registrar_.Add( |
| 583 prefs::kDefaultSupervisedUserFilteringBehavior, | 578 prefs::kDefaultSupervisedUserFilteringBehavior, |
| 584 base::Bind(&SupervisedUserService::OnDefaultFilteringBehaviorChanged, | 579 base::Bind(&SupervisedUserService::OnDefaultFilteringBehaviorChanged, |
| 585 base::Unretained(this))); | 580 base::Unretained(this))); |
| 581 pref_change_registrar_.Add( | |
| 582 prefs::kSupervisedUserApprovedExtensions, | |
| 583 base::Bind(&SupervisedUserService::UpdateApprovedExtensions, | |
| 584 base::Unretained(this))); | |
| 586 pref_change_registrar_.Add(prefs::kSupervisedUserSafeSites, | 585 pref_change_registrar_.Add(prefs::kSupervisedUserSafeSites, |
| 587 base::Bind(&SupervisedUserService::OnSafeSitesSettingChanged, | 586 base::Bind(&SupervisedUserService::OnSafeSitesSettingChanged, |
| 588 base::Unretained(this))); | 587 base::Unretained(this))); |
| 589 pref_change_registrar_.Add(prefs::kSupervisedUserManualHosts, | 588 pref_change_registrar_.Add(prefs::kSupervisedUserManualHosts, |
| 590 base::Bind(&SupervisedUserService::UpdateManualHosts, | 589 base::Bind(&SupervisedUserService::UpdateManualHosts, |
| 591 base::Unretained(this))); | 590 base::Unretained(this))); |
| 592 pref_change_registrar_.Add(prefs::kSupervisedUserManualURLs, | 591 pref_change_registrar_.Add(prefs::kSupervisedUserManualURLs, |
| 593 base::Bind(&SupervisedUserService::UpdateManualURLs, | 592 base::Bind(&SupervisedUserService::UpdateManualURLs, |
| 594 base::Unretained(this))); | 593 base::Unretained(this))); |
| 595 for (const char* pref : kCustodianInfoPrefs) { | 594 for (const char* pref : kCustodianInfoPrefs) { |
| 596 pref_change_registrar_.Add(pref, | 595 pref_change_registrar_.Add(pref, |
| 597 base::Bind(&SupervisedUserService::OnCustodianInfoChanged, | 596 base::Bind(&SupervisedUserService::OnCustodianInfoChanged, |
| 598 base::Unretained(this))); | 597 base::Unretained(this))); |
| 599 } | 598 } |
| 600 | 599 |
| 601 // Initialize the filter. | 600 // Initialize the filter. |
| 602 OnDefaultFilteringBehaviorChanged(); | 601 OnDefaultFilteringBehaviorChanged(); |
| 603 OnSafeSitesSettingChanged(); | 602 OnSafeSitesSettingChanged(); |
| 604 whitelist_service_->Init(); | 603 whitelist_service_->Init(); |
| 605 UpdateManualHosts(); | 604 UpdateManualHosts(); |
| 606 UpdateManualURLs(); | 605 UpdateManualURLs(); |
| 606 UpdateApprovedExtensions(); | |
| 607 | 607 |
| 608 #if !defined(OS_ANDROID) | 608 #if !defined(OS_ANDROID) |
| 609 // TODO(bauerb): Get rid of the platform-specific #ifdef here. | 609 // TODO(bauerb): Get rid of the platform-specific #ifdef here. |
| 610 // http://crbug.com/313377 | 610 // http://crbug.com/313377 |
| 611 BrowserList::AddObserver(this); | 611 BrowserList::AddObserver(this); |
| 612 #endif | 612 #endif |
| 613 } else { | 613 } else { |
| 614 permissions_creators_.clear(); | 614 permissions_creators_.clear(); |
| 615 url_reporter_.reset(); | 615 url_reporter_.reset(); |
| 616 | 616 |
| 617 pref_change_registrar_.Remove( | 617 pref_change_registrar_.Remove( |
| 618 prefs::kDefaultSupervisedUserFilteringBehavior); | 618 prefs::kDefaultSupervisedUserFilteringBehavior); |
| 619 pref_change_registrar_.Remove(prefs::kSupervisedUserApprovedExtensions); | |
| 619 pref_change_registrar_.Remove(prefs::kSupervisedUserManualHosts); | 620 pref_change_registrar_.Remove(prefs::kSupervisedUserManualHosts); |
| 620 pref_change_registrar_.Remove(prefs::kSupervisedUserManualURLs); | 621 pref_change_registrar_.Remove(prefs::kSupervisedUserManualURLs); |
| 621 for (const char* pref : kCustodianInfoPrefs) { | 622 for (const char* pref : kCustodianInfoPrefs) { |
| 622 pref_change_registrar_.Remove(pref); | 623 pref_change_registrar_.Remove(pref); |
| 623 } | 624 } |
| 624 | 625 |
| 625 url_filter_context_.Clear(); | 626 url_filter_context_.Clear(); |
| 626 FOR_EACH_OBSERVER( | 627 FOR_EACH_OBSERVER( |
| 627 SupervisedUserServiceObserver, observer_list_, OnURLFilterChanged()); | 628 SupervisedUserServiceObserver, observer_list_, OnURLFilterChanged()); |
| 628 | 629 |
| (...skipping 275 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 904 bool result = it.value().GetAsBoolean(&allow); | 905 bool result = it.value().GetAsBoolean(&allow); |
| 905 DCHECK(result); | 906 DCHECK(result); |
| 906 (*url_map)[GURL(it.key())] = allow; | 907 (*url_map)[GURL(it.key())] = allow; |
| 907 } | 908 } |
| 908 url_filter_context_.SetManualURLs(std::move(url_map)); | 909 url_filter_context_.SetManualURLs(std::move(url_map)); |
| 909 | 910 |
| 910 FOR_EACH_OBSERVER( | 911 FOR_EACH_OBSERVER( |
| 911 SupervisedUserServiceObserver, observer_list_, OnURLFilterChanged()); | 912 SupervisedUserServiceObserver, observer_list_, OnURLFilterChanged()); |
| 912 } | 913 } |
| 913 | 914 |
| 915 void SupervisedUserService::UpdateApprovedExtensions() { | |
| 916 const base::DictionaryValue* dict = profile_->GetPrefs()->GetDictionary( | |
| 917 prefs::kSupervisedUserApprovedExtensions); | |
| 918 std::unique_ptr<std::map<std::string, std::string>> approved_extensions_map( | |
| 919 new std::map<std::string, std::string>()); | |
| 920 for (base::DictionaryValue::Iterator it(*dict); !it.IsAtEnd(); it.Advance()) { | |
| 921 std::string version = ""; | |
|
Marc Treib
2016/05/23 15:32:42
No need to initialize with empty string, it'll do
mamir
2016/05/23 19:35:14
Done.
| |
| 922 bool result = it.value().GetAsString(&version); | |
| 923 DCHECK(result); | |
| 924 (*approved_extensions_map)[it.key()] = version; | |
|
Marc Treib
2016/05/23 15:32:42
Convert version to an actual base::Version, to mak
mamir
2016/05/23 19:35:14
Done.
| |
| 925 } | |
| 926 approved_extensions_map_ = std::move(approved_extensions_map); | |
| 927 | |
| 928 ExtensionService* service = | |
| 929 extensions::ExtensionSystem::Get(profile_)->extension_service(); | |
| 930 for (const auto& extensions_entry : *approved_extensions_map_) { | |
| 931 // Try to Enable the extension, this will call the ManagmentPolicy and | |
|
Marc Treib
2016/05/23 15:32:42
nit: don't capitalize "Enable"
mamir
2016/05/23 19:35:14
Done.
| |
| 932 // properly enable the extension if possible. | |
| 933 service->EnableExtension(extensions_entry.first); | |
|
Marc Treib
2016/05/23 15:32:42
This will also re-enable extensions that have othe
mamir
2016/05/23 19:35:14
Done.
| |
| 934 } | |
| 935 } | |
| 936 | |
| 914 std::string SupervisedUserService::GetSupervisedUserName() const { | 937 std::string SupervisedUserService::GetSupervisedUserName() const { |
| 915 #if defined(OS_CHROMEOS) | 938 #if defined(OS_CHROMEOS) |
| 916 // The active user can be NULL in unit tests. | 939 // The active user can be NULL in unit tests. |
| 917 if (user_manager::UserManager::Get()->GetActiveUser()) { | 940 if (user_manager::UserManager::Get()->GetActiveUser()) { |
| 918 return UTF16ToUTF8(user_manager::UserManager::Get()->GetUserDisplayName( | 941 return UTF16ToUTF8(user_manager::UserManager::Get()->GetUserDisplayName( |
| 919 user_manager::UserManager::Get()->GetActiveUser()->GetAccountId())); | 942 user_manager::UserManager::Get()->GetActiveUser()->GetAccountId())); |
| 920 } | 943 } |
| 921 return std::string(); | 944 return std::string(); |
| 922 #else | 945 #else |
| 923 return profile_->GetPrefs()->GetString(prefs::kProfileName); | 946 return profile_->GetPrefs()->GetString(prefs::kProfileName); |
| (...skipping 24 matching lines...) Expand all Loading... | |
| 948 | 971 |
| 949 ProfileSyncService* sync_service = | 972 ProfileSyncService* sync_service = |
| 950 ProfileSyncServiceFactory::GetForProfile(profile_); | 973 ProfileSyncServiceFactory::GetForProfile(profile_); |
| 951 | 974 |
| 952 // Can be null in tests. | 975 // Can be null in tests. |
| 953 if (sync_service) | 976 if (sync_service) |
| 954 sync_service->RemovePreferenceProvider(this); | 977 sync_service->RemovePreferenceProvider(this); |
| 955 } | 978 } |
| 956 | 979 |
| 957 #if defined(ENABLE_EXTENSIONS) | 980 #if defined(ENABLE_EXTENSIONS) |
| 981 SupervisedUserService::ExtensionState SupervisedUserService::GetExtensionState( | |
| 982 const extensions::Extension& extension) const { | |
| 983 bool was_installed_by_default = extension.was_installed_by_default(); | |
| 984 #if defined(OS_CHROMEOS) | |
| 985 // On Chrome OS all external sources are controlled by us so it means that | |
| 986 // they are "default". Method was_installed_by_default returns false because | |
| 987 // extensions creation flags are ignored in case of default extensions with | |
| 988 // update URL(the flags aren't passed to OnExternalExtensionUpdateUrlFound). | |
| 989 // TODO(dpolukhin): remove this Chrome OS specific code as soon as creation | |
| 990 // flags are not ignored. | |
| 991 was_installed_by_default = | |
| 992 extensions::Manifest::IsExternalLocation(extension->location()); | |
| 993 #endif | |
| 994 // Note: Component extensions are protected from modification/uninstallation | |
| 995 // anyway, so there's no need to enforce them again for supervised users. | |
| 996 // Also, leave policy-installed extensions alone - they have their own | |
| 997 // management; in particular we don't want to override the force-install list. | |
| 998 if (extensions::Manifest::IsComponentLocation(extension.location()) || | |
| 999 extensions::Manifest::IsPolicyLocation(extension.location()) || | |
| 1000 extension.is_theme() || extension.from_bookmark() || | |
| 1001 extension.is_shared_module() || was_installed_by_default) { | |
| 1002 return ExtensionState::ALLOWED; | |
| 1003 } | |
| 1004 | |
| 1005 if (extension.was_installed_by_custodian()) | |
| 1006 return ExtensionState::FORCED; | |
| 1007 | |
| 1008 // TODO(mamir): if(on blacklist) return EXTENSION_BLOCKED; | |
| 1009 if (!base::FeatureList::IsEnabled( | |
| 1010 supervised_users::kSupervisedUserInitiatedExtensionInstall)) | |
| 1011 return ExtensionState::BLOCKED; | |
| 1012 | |
| 1013 const std::string& id = extension.id(); | |
| 1014 extensions::ExtensionPrefs* extension_prefs = | |
| 1015 extensions::ExtensionPrefs::Get(profile_); | |
| 1016 | |
| 1017 // If it wasn't installed before, and it wasn't installed by custodian | |
| 1018 // which is taken care of by a previous check, then it requires approval. | |
| 1019 if (!extension_prefs->GetInstalledExtensionInfo(id)) | |
| 1020 return ExtensionState::REQUIRE_APPROVAL; | |
| 1021 | |
| 1022 if (extension_prefs->HasDisableReason( | |
| 1023 id, extensions::Extension::DISABLE_CUSTODIAN_APPROVAL_REQUIRED) || | |
| 1024 extension_prefs->HasDisableReason( | |
| 1025 id, extensions::Extension::DISABLE_PERMISSIONS_INCREASE)) { | |
| 1026 return ExtensionState::REQUIRE_APPROVAL; | |
| 1027 } | |
| 1028 return ExtensionState::ALLOWED; | |
| 1029 } | |
| 1030 | |
| 958 std::string SupervisedUserService::GetDebugPolicyProviderName() const { | 1031 std::string SupervisedUserService::GetDebugPolicyProviderName() const { |
| 959 // Save the string space in official builds. | 1032 // Save the string space in official builds. |
| 960 #ifdef NDEBUG | 1033 #ifdef NDEBUG |
| 961 NOTREACHED(); | 1034 NOTREACHED(); |
| 962 return std::string(); | 1035 return std::string(); |
| 963 #else | 1036 #else |
| 964 return "Supervised User Service"; | 1037 return "Supervised User Service"; |
| 965 #endif | 1038 #endif |
| 966 } | 1039 } |
| 967 | 1040 |
| 968 bool SupervisedUserService::UserMayLoad(const extensions::Extension* extension, | 1041 bool SupervisedUserService::UserMayLoad(const extensions::Extension* extension, |
| 969 base::string16* error) const { | 1042 base::string16* error) const { |
| 970 DCHECK(ProfileIsSupervised()); | 1043 DCHECK(ProfileIsSupervised()); |
| 971 ExtensionState result = GetExtensionState(extension); | 1044 ExtensionState result = GetExtensionState(*extension); |
| 972 bool may_load = (result != EXTENSION_BLOCKED); | 1045 bool may_load = (result != ExtensionState::BLOCKED); |
| 973 if (!may_load && error) | 1046 if (!may_load && error) |
| 974 *error = GetExtensionsLockedMessage(); | 1047 *error = GetExtensionsLockedMessage(); |
| 975 return may_load; | 1048 return may_load; |
| 976 } | 1049 } |
| 977 | 1050 |
| 978 bool SupervisedUserService::UserMayModifySettings( | 1051 bool SupervisedUserService::UserMayModifySettings( |
| 979 const extensions::Extension* extension, | 1052 const extensions::Extension* extension, |
| 980 base::string16* error) const { | 1053 base::string16* error) const { |
| 981 DCHECK(ProfileIsSupervised()); | 1054 DCHECK(ProfileIsSupervised()); |
| 982 ExtensionState result = GetExtensionState(extension); | 1055 ExtensionState result = GetExtensionState(*extension); |
| 983 bool may_modify = (result == EXTENSION_ALLOWED); | 1056 // While the following check allows the SU to modify the settings and enable |
| 1057 // or disable the extension, MustRemainDisabled properly takes care of | |
| 1058 // keeping an extension disabled when required. | |
| 1059 // For custodian-installed extensions, the state is always FORCED, even if | |
| 1060 // it's waiting for an update approval. | |
| 1061 bool may_modify = (result != ExtensionState::FORCED); | |
| 984 if (!may_modify && error) | 1062 if (!may_modify && error) |
| 985 *error = GetExtensionsLockedMessage(); | 1063 *error = GetExtensionsLockedMessage(); |
| 986 return may_modify; | 1064 return may_modify; |
| 987 } | 1065 } |
| 988 | 1066 |
| 989 // Note: Having MustRemainInstalled always say "true" for custodian-installed | 1067 // Note: Having MustRemainInstalled always say "true" for custodian-installed |
| 990 // extensions does NOT prevent remote uninstalls (which is a bit unexpected, but | 1068 // extensions does NOT prevent remote uninstalls (which is a bit unexpected, but |
| 991 // exactly what we want). | 1069 // exactly what we want). |
| 992 bool SupervisedUserService::MustRemainInstalled( | 1070 bool SupervisedUserService::MustRemainInstalled( |
| 993 const extensions::Extension* extension, | 1071 const extensions::Extension* extension, |
| 994 base::string16* error) const { | 1072 base::string16* error) const { |
| 995 DCHECK(ProfileIsSupervised()); | 1073 DCHECK(ProfileIsSupervised()); |
| 996 ExtensionState result = GetExtensionState(extension); | 1074 ExtensionState result = GetExtensionState(*extension); |
| 997 bool may_not_uninstall = (result == EXTENSION_FORCED); | 1075 bool may_not_uninstall = (result == ExtensionState::FORCED); |
| 998 if (may_not_uninstall && error) | 1076 if (may_not_uninstall && error) |
| 999 *error = GetExtensionsLockedMessage(); | 1077 *error = GetExtensionsLockedMessage(); |
| 1000 return may_not_uninstall; | 1078 return may_not_uninstall; |
| 1001 } | 1079 } |
| 1002 | 1080 |
| 1081 bool SupervisedUserService::MustRemainDisabled( | |
| 1082 const extensions::Extension* extension, | |
| 1083 extensions::Extension::DisableReason* reason, | |
| 1084 base::string16* error) const { | |
| 1085 DCHECK(ProfileIsSupervised()); | |
| 1086 extensions::ExtensionPrefs* extension_prefs = | |
| 1087 extensions::ExtensionPrefs::Get(profile_); | |
| 1088 | |
| 1089 auto extention_it = approved_extensions_map_->find(extension->id()); | |
|
Marc Treib
2016/05/23 15:32:42
"extension"
But IMO something like
bool approved =
mamir
2016/05/23 19:35:14
Done.
| |
| 1090 bool is_approved_by_custodian = | |
| 1091 (extention_it != approved_extensions_map_->end()); | |
|
Marc Treib
2016/05/23 15:32:42
Can we use GetExtensionState here, like all the ot
mamir
2016/05/23 19:35:14
Done.
| |
| 1092 | |
| 1093 bool may_enable = | |
| 1094 extension->was_installed_by_custodian() || is_approved_by_custodian; | |
| 1095 | |
| 1096 if (!may_enable) { | |
| 1097 if (reason) | |
| 1098 *reason = extensions::Extension::DISABLE_CUSTODIAN_APPROVAL_REQUIRED; | |
| 1099 if (error) | |
| 1100 *error = l10n_util::GetStringUTF16(IDS_EXTENSIONS_LOCKED_SUPERVISED_USER); | |
| 1101 if (base::FeatureList::IsEnabled( | |
| 1102 supervised_users::kSupervisedUserInitiatedExtensionInstall)) { | |
| 1103 // If the Extension isn't pending a custodian approval already, send | |
| 1104 // an approval request. | |
| 1105 if (!extension_prefs->HasDisableReason( | |
| 1106 extension->id(), | |
| 1107 extensions::Extension::DISABLE_CUSTODIAN_APPROVAL_REQUIRED)) { | |
| 1108 // MustRemainDisabled is a const method and hence cannot call | |
| 1109 // AddExtensionInstallRequest directly. | |
| 1110 SupervisedUserService* supervised_user_service = | |
| 1111 SupervisedUserServiceFactory::GetForProfile(profile_); | |
| 1112 supervised_user_service->AddExtensionInstallRequest( | |
| 1113 extension->id(), *extension->version()); | |
| 1114 } | |
| 1115 } | |
| 1116 } | |
| 1117 return !may_enable; | |
| 1118 } | |
| 1119 | |
| 1003 void SupervisedUserService::SetExtensionsActive() { | 1120 void SupervisedUserService::SetExtensionsActive() { |
| 1004 extensions::ExtensionSystem* extension_system = | 1121 extensions::ExtensionSystem* extension_system = |
| 1005 extensions::ExtensionSystem::Get(profile_); | 1122 extensions::ExtensionSystem::Get(profile_); |
| 1006 extensions::ManagementPolicy* management_policy = | 1123 extensions::ManagementPolicy* management_policy = |
| 1007 extension_system->management_policy(); | 1124 extension_system->management_policy(); |
| 1008 | 1125 |
| 1009 if (management_policy) { | 1126 if (management_policy) { |
| 1010 if (active_) | 1127 if (active_) |
| 1011 management_policy->RegisterProvider(this); | 1128 management_policy->RegisterProvider(this); |
| 1012 else | 1129 else |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1058 content::RecordAction(UserMetricsAction("ManagedUsers_SwitchProfile")); | 1175 content::RecordAction(UserMetricsAction("ManagedUsers_SwitchProfile")); |
| 1059 | 1176 |
| 1060 is_profile_active_ = profile_became_active; | 1177 is_profile_active_ = profile_became_active; |
| 1061 } | 1178 } |
| 1062 #endif // !defined(OS_ANDROID) | 1179 #endif // !defined(OS_ANDROID) |
| 1063 | 1180 |
| 1064 void SupervisedUserService::OnSiteListUpdated() { | 1181 void SupervisedUserService::OnSiteListUpdated() { |
| 1065 FOR_EACH_OBSERVER( | 1182 FOR_EACH_OBSERVER( |
| 1066 SupervisedUserServiceObserver, observer_list_, OnURLFilterChanged()); | 1183 SupervisedUserServiceObserver, observer_list_, OnURLFilterChanged()); |
| 1067 } | 1184 } |
| OLD | NEW |
