Chromium Code Reviews Chromium Code Reviews
Issue 2159103006:
Add policy provider that would filter extensions/apps allowed on the (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/chromeos/extensions/signin_screen_policy_provider.cc |
| diff --git a/chrome/browser/chromeos/extensions/signin_screen_policy_provider.cc b/chrome/browser/chromeos/extensions/signin_screen_policy_provider.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..6cc23a201fd43d34e5a7380eb97ac2822e877dc4 |
| --- /dev/null |
| +++ b/chrome/browser/chromeos/extensions/signin_screen_policy_provider.cc |
| @@ -0,0 +1,85 @@ |
| +// Copyright 2016 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "chrome/browser/chromeos/extensions/signin_screen_policy_provider.h" |
| + |
| +#include <stddef.h> |
| + |
| +#include <cstddef> |
| +#include <string> |
| + |
| +#include "base/logging.h" |
| +#include "base/strings/string_util.h" |
| +#include "base/strings/utf_string_conversions.h" |
| +#include "base/values.h" |
| +#include "chrome/grit/generated_resources.h" |
| +#include "extensions/common/extension.h" |
| +#include "extensions/common/features/behavior_feature.h" |
| +#include "extensions/common/features/feature.h" |
| +#include "extensions/common/features/feature_provider.h" |
| +#include "extensions/common/manifest.h" |
| +#include "extensions/common/manifest_constants.h" |
| +#include "ui/base/l10n/l10n_util.h" |
| + |
| +namespace chromeos { |
| + |
| +SigninScreenPolicyProvider::SigninScreenPolicyProvider() {} |
| + |
| +SigninScreenPolicyProvider::~SigninScreenPolicyProvider() {} |
| + |
| +std::string SigninScreenPolicyProvider::GetDebugPolicyProviderName() const { |
| +#if defined(NDEBUG) |
| + NOTREACHED(); |
| + return std::string(); |
| +#else |
| + return "Guard for sign-in screen"; |
| +#endif |
| +} |
| + |
| +bool SigninScreenPolicyProvider::UserMayLoad( |
| + const extensions::Extension* extension, |
| + base::string16* error) const { |
| + const extensions::Feature* feature = |
| + extensions::FeatureProvider::GetBehaviorFeature( |
| + extensions::BehaviorFeature::kSigninScreen); |
| + |
| + const extensions::Feature* whitelist_feature = |
| + extensions::FeatureProvider::GetBehaviorFeature( |
| + extensions::BehaviorFeature::kSigninScreen); |
|
emaxx
2016/08/30 13:01:41
Shouldn't kSigninScreenWhitelist be used here?
An
Denis Kuznetsov (DE-MUC)
2016/09/01 17:28:57
Ah, yes.
|
| + |
| + if (!feature) { |
| + LOG(ERROR) << "Feature " << extensions::BehaviorFeature::kSigninScreen |
| + << " is not defined"; |
| + return false; |
|
emaxx
2016/08/30 13:01:41
The error message should be probably also set here
Denis Kuznetsov (DE-MUC)
2016/09/01 17:28:57
Done.
|
| + } |
| + |
| + if (whitelist_feature && |
| + whitelist_feature->IsIdInWhitelist(extension->id())) { |
| + LOG(ERROR) << "Extension whitelisted : " << extension->id(); |
|
emaxx
2016/08/30 13:01:42
I guess this shouldn't be an ERROR message.
Denis Kuznetsov (DE-MUC)
2016/09/01 17:28:57
Done.
|
| + return true; |
| + } |
| + |
| + extensions::Feature::Availability availability = |
| + feature->IsAvailableToExtension(extension); |
| + |
| + if (availability.is_available()) { |
| + LOG(ERROR) << "Extension allowed : " << extension->id() << " / " |
|
emaxx
2016/08/30 13:01:41
And this also looks like logging left from the deb
Denis Kuznetsov (DE-MUC)
2016/09/01 17:28:57
Done.
|
| + << extension->name(); |
| + return true; |
| + } |
| + |
| + // Disallow all other extensions. |
| + if (error) { |
| + *error = |
| + l10n_util::GetStringFUTF16(IDS_EXTENSION_CANT_INSTALL_ON_LOGIN_SCREEN, |
| + base::UTF8ToUTF16(extension->name()), |
| + base::UTF8ToUTF16(extension->id())); |
| + } |
| + |
| + LOG(ERROR) << "Extension disabled : " << extension->id() << " / " |
| + << extension->name() << " because of " << availability.message(); |
| + return false; |
| +} |
| + |
| +} // namespace chromeos |
