Plumbing for login apps device policy to extensions.

chrome/browser/extensions/extension_management.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/extension_management.h"
 
 #include <algorithm>
 #include <utility>
 
 #include "base/bind.h"
@@ skipping 18 matching lines @@
 #include "components/pref_registry/pref_registry_syncable.h"
 #include "components/prefs/pref_service.h"
 #include "extensions/browser/pref_names.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/manifest_constants.h"
 #include "extensions/common/permissions/api_permission_set.h"
 #include "extensions/common/permissions/permission_set.h"
 #include "extensions/common/url_pattern.h"
 #include "url/gurl.h"
 
+#if defined(OS_CHROMEOS)
+#include "chrome/browser/chromeos/profiles/profile_helper.h"
+#endif
+
 namespace extensions {
 
-ExtensionManagement::ExtensionManagement(PrefService* pref_service)
-    : pref_service_(pref_service) {
+ExtensionManagement::ExtensionManagement(Profile* profile) : profile_(profile) {
   TRACE_EVENT0("browser,startup",
                "ExtensionManagement::ExtensionManagement::ctor");
-  pref_change_registrar_.Init(pref_service_);
+  pref_change_registrar_.Init(profile_->GetPrefs());
   base::Closure pref_change_callback = base::Bind(
       &ExtensionManagement::OnExtensionPrefChanged, base::Unretained(this));
   pref_change_registrar_.Add(pref_names::kInstallAllowList,
                              pref_change_callback);
   pref_change_registrar_.Add(pref_names::kInstallDenyList,
                              pref_change_callback);
   pref_change_registrar_.Add(pref_names::kInstallForceList,
                              pref_change_callback);
+  pref_change_registrar_.Add(pref_names::kInstallLoginScreenAppList,
+                             pref_change_callback);
   pref_change_registrar_.Add(pref_names::kAllowedInstallSites,
                              pref_change_callback);
   pref_change_registrar_.Add(pref_names::kAllowedTypes, pref_change_callback);
   pref_change_registrar_.Add(pref_names::kExtensionManagement,
                              pref_change_callback);
   // Note that both |global_settings_| and |default_settings_| will be null
   // before first call to Refresh(), so in order to resolve this, Refresh() must
   // be called in the initialization of ExtensionManagement.
   Refresh();
   providers_.push_back(
       base::MakeUnique<StandardManagementPolicyProvider>(this));
   providers_.push_back(
       base::MakeUnique<PermissionsBasedManagementPolicyProvider>(this));
 }
 
 ExtensionManagement::~ExtensionManagement() {
 }
 
 void ExtensionManagement::Shutdown() {
   pref_change_registrar_.RemoveAll();
-  pref_service_ = nullptr;
+  profile_ = nullptr;
 }
 
 void ExtensionManagement::AddObserver(Observer* observer) {
   observer_list_.AddObserver(observer);
 }
 
 void ExtensionManagement::RemoveObserver(Observer* observer) {
   observer_list_.RemoveObserver(observer);
 }
 
@@ skipping 18 matching lines @@
                                        &update_url)) {
     auto iter_update_url = settings_by_update_url_.find(update_url);
     if (iter_update_url != settings_by_update_url_.end())
       return iter_update_url->second->installation_mode;
   }
   // Fall back to default installation mode setting.
   return default_settings_->installation_mode;
 }
 
 std::unique_ptr<base::DictionaryValue>
+ExtensionManagement::GetInstallListByMode(

[Devlin, 2017/03/03 17:24:47]

implementation order should (try) to match the declaration order in the header.

[achuithb, 2017/03/06 15:25:31]

Done.

+    InstallationMode installation_mode) const {
+  auto extension_dict = base::MakeUnique<base::DictionaryValue>();
+  for (const auto& entry : settings_by_id_) {
+    if (entry.second->installation_mode == installation_mode) {
+      ExternalPolicyLoader::AddExtension(extension_dict.get(), entry.first,
+                                         entry.second->update_url);
+    }
+  }
+  return extension_dict;
+}
+
+std::unique_ptr<base::DictionaryValue>
 ExtensionManagement::GetForceInstallList() const {
-  std::unique_ptr<base::DictionaryValue> install_list(
-      new base::DictionaryValue());
-  for (const auto& entry : settings_by_id_) {
-    if (entry.second->installation_mode == INSTALLATION_FORCED) {
-      ExternalPolicyLoader::AddExtension(install_list.get(), entry.first,
-                                         entry.second->update_url);
-    }
-  }
-  return install_list;
+  return GetInstallListByMode(INSTALLATION_FORCED);
 }
 
 std::unique_ptr<base::DictionaryValue>
 ExtensionManagement::GetRecommendedInstallList() const {
-  std::unique_ptr<base::DictionaryValue> install_list(
-      new base::DictionaryValue());
-  for (const auto& entry : settings_by_id_) {
-    if (entry.second->installation_mode == INSTALLATION_RECOMMENDED) {
-      ExternalPolicyLoader::AddExtension(install_list.get(), entry.first,
-                                         entry.second->update_url);
-    }
-  }
-  return install_list;
+  return GetInstallListByMode(INSTALLATION_RECOMMENDED);
 }
 
 bool ExtensionManagement::IsInstallationExplicitlyAllowed(
     const ExtensionId& id) const {
   auto it = settings_by_id_.find(id);
   // No settings explicitly specified for |id|.
   if (it == settings_by_id_.end())
     return false;
   // Checks if the extension is on the automatically installed list or
   // install white-list.
@@ skipping 102 matching lines @@
       static_cast<const base::ListValue*>(LoadPreference(
           pref_names::kInstallAllowList, true, base::Value::Type::LIST));
   // Allow user to use preference to block certain extensions. Note that policy
   // managed forcelist or whitelist will always override this.
   const base::ListValue* denied_list_pref =
       static_cast<const base::ListValue*>(LoadPreference(
           pref_names::kInstallDenyList, false, base::Value::Type::LIST));
   const base::DictionaryValue* forced_list_pref =
       static_cast<const base::DictionaryValue*>(LoadPreference(
           pref_names::kInstallForceList, true, base::Value::Type::DICTIONARY));
+#if defined(OS_CHROMEOS)
+  const base::DictionaryValue* login_screen_app_list_pref =
+      static_cast<const base::DictionaryValue*>(
+          LoadPreference(pref_names::kInstallLoginScreenAppList, true,

[Devlin, 2017/03/03 17:24:48]

Can we gate loading this on whether or not this is a sign-in profile? 
Presumably it won't succeed otherwise, but it'd be cheaper to check a bool than
perform a dictionary lookup.

[achuithb, 2017/03/06 15:25:31]

Done. I've moved up the IsSigninProfile check to here instead of
UpdateForcedExtensions (we don't need to check in both places), and this removes
one #if defined(OS_CHROMEOS) block as well.

+                         base::Value::Type::DICTIONARY));
+#endif
   const base::ListValue* install_sources_pref =
       static_cast<const base::ListValue*>(LoadPreference(
           pref_names::kAllowedInstallSites, true, base::Value::Type::LIST));
   const base::ListValue* allowed_types_pref =
       static_cast<const base::ListValue*>(LoadPreference(
           pref_names::kAllowedTypes, true, base::Value::Type::LIST));
   const base::DictionaryValue* dict_pref =
       static_cast<const base::DictionaryValue*>(
           LoadPreference(pref_names::kExtensionManagement,
                          true,
@@ skipping 40 matching lines @@
   }
 
   if (denied_list_pref) {
     for (base::ListValue::const_iterator it = denied_list_pref->begin();
          it != denied_list_pref->end(); ++it) {
       if ((*it)->GetAsString(&id) && crx_file::id_util::IdIsValid(id))
         AccessById(id)->installation_mode = INSTALLATION_BLOCKED;
     }
   }
 
-  if (forced_list_pref) {
-    std::string update_url;
-    for (base::DictionaryValue::Iterator it(*forced_list_pref); !it.IsAtEnd();
-         it.Advance()) {
-      if (!crx_file::id_util::IdIsValid(it.key()))
-        continue;
-      const base::DictionaryValue* dict_value = NULL;
-      if (it.value().GetAsDictionary(&dict_value) &&
-          dict_value->GetStringWithoutPathExpansion(
-              ExternalProviderImpl::kExternalUpdateUrl, &update_url)) {
-        internal::IndividualSettings* by_id = AccessById(it.key());
-        by_id->installation_mode = INSTALLATION_FORCED;
-        by_id->update_url = update_url;
-      }
-    }
-  }
+  UpdateForcedExtensions(forced_list_pref);
+#if defined(OS_CHROMEOS)
+  if (chromeos::ProfileHelper::IsSigninProfile(profile_))
+    UpdateForcedExtensions(login_screen_app_list_pref);
+#endif
 
   if (install_sources_pref) {
     global_settings_->has_restricted_install_sources = true;
     for (base::ListValue::const_iterator it = install_sources_pref->begin();
          it != install_sources_pref->end(); ++it) {
       std::string url_pattern;
       if ((*it)->GetAsString(&url_pattern)) {
         URLPattern entry(URLPattern::SCHEME_ALL);
         if (entry.Parse(url_pattern) == URLPattern::PARSE_SUCCESS) {
           global_settings_->install_sources.AddPattern(entry);
@@ skipping 64 matching lines @@
         }
       }
     }
   }
 }
 
 const base::Value* ExtensionManagement::LoadPreference(
     const char* pref_name,
     bool force_managed,
     base::Value::Type expected_type) {
-  if (!pref_service_)
+  if (!profile_)
     return nullptr;
   const PrefService::Preference* pref =
-      pref_service_->FindPreference(pref_name);
+      profile_->GetPrefs()->FindPreference(pref_name);
   if (pref && !pref->IsDefaultValue() &&
       (!force_managed || pref->IsManaged())) {
     const base::Value* value = pref->GetValue();
     if (value && value->IsType(expected_type))
       return value;
   }
   return nullptr;
 }
 
 void ExtensionManagement::OnExtensionPrefChanged() {
   Refresh();
   NotifyExtensionManagementPrefChanged();
 }
 
 void ExtensionManagement::NotifyExtensionManagementPrefChanged() {
   for (auto& observer : observer_list_)
     observer.OnExtensionManagementSettingsChanged();
 }
 
+void ExtensionManagement::UpdateForcedExtensions(
+    const base::DictionaryValue* extension_dict) {
+  if (!extension_dict)
+    return;
+
+  std::string update_url;
+  for (base::DictionaryValue::Iterator it(*extension_dict); !it.IsAtEnd();
+       it.Advance()) {
+    if (!crx_file::id_util::IdIsValid(it.key()))
+      continue;
+    const base::DictionaryValue* dict_value = nullptr;
+    if (it.value().GetAsDictionary(&dict_value) &&
+        dict_value->GetStringWithoutPathExpansion(
+            ExternalProviderImpl::kExternalUpdateUrl, &update_url)) {
+      internal::IndividualSettings* by_id = AccessById(it.key());
+      by_id->installation_mode = INSTALLATION_FORCED;
+      by_id->update_url = update_url;
+    }
+  }
+}
+
 internal::IndividualSettings* ExtensionManagement::AccessById(
     const ExtensionId& id) {
   DCHECK(crx_file::id_util::IdIsValid(id)) << "Invalid ID: " << id;
   std::unique_ptr<internal::IndividualSettings>& settings = settings_by_id_[id];
   if (!settings) {
     settings =
         base::MakeUnique<internal::IndividualSettings>(default_settings_.get());
   }
   return settings.get();
 }
@@ skipping 26 matching lines @@
           BrowserContextDependencyManager::GetInstance()) {
 }
 
 ExtensionManagementFactory::~ExtensionManagementFactory() {
 }
 
 KeyedService* ExtensionManagementFactory::BuildServiceInstanceFor(
     content::BrowserContext* context) const {
   TRACE_EVENT0("browser,startup",
                "ExtensionManagementFactory::BuildServiceInstanceFor");
-  return new ExtensionManagement(
-      Profile::FromBrowserContext(context)->GetPrefs());
+  return new ExtensionManagement(Profile::FromBrowserContext(context));
 }
 
 content::BrowserContext* ExtensionManagementFactory::GetBrowserContextToUse(
     content::BrowserContext* context) const {
   return chrome::GetBrowserContextRedirectedInIncognito(context);
 }
 
 void ExtensionManagementFactory::RegisterProfilePrefs(
     user_prefs::PrefRegistrySyncable* user_prefs) {
   user_prefs->RegisterDictionaryPref(pref_names::kExtensionManagement);
 }
 
 }  // namespace extensions