| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/chrome_content_verifier_delegate.h" | 5 #include "chrome/browser/extensions/chrome_content_verifier_delegate.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <set> | 8 #include <set> |
| 9 #include <string> | |
| 10 #include <vector> | 9 #include <vector> |
| 11 | 10 |
| 12 #include "base/base_switches.h" | 11 #include "base/base_switches.h" |
| 13 #include "base/command_line.h" | 12 #include "base/command_line.h" |
| 14 #include "base/metrics/field_trial.h" | 13 #include "base/metrics/field_trial.h" |
| 15 #include "base/metrics/histogram_macros.h" | 14 #include "base/metrics/histogram_macros.h" |
| 16 #include "base/strings/string_util.h" | 15 #include "base/strings/string_util.h" |
| 17 #include "base/version.h" | 16 #include "base/version.h" |
| 18 #include "build/build_config.h" | 17 #include "build/build_config.h" |
| 19 #include "chrome/browser/extensions/extension_service.h" | 18 #include "chrome/browser/extensions/extension_service.h" |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 95 } | 94 } |
| 96 | 95 |
| 97 // We don't want to allow the command-line flags to eg disable enforcement | 96 // We don't want to allow the command-line flags to eg disable enforcement |
| 98 // if the experiment group says it should be on, or malware may just modify | 97 // if the experiment group says it should be on, or malware may just modify |
| 99 // the command line flags. So return the more restrictive of the 2 values. | 98 // the command line flags. So return the more restrictive of the 2 values. |
| 100 return std::max(experiment_value, cmdline_value); | 99 return std::max(experiment_value, cmdline_value); |
| 101 } | 100 } |
| 102 | 101 |
| 103 ChromeContentVerifierDelegate::ChromeContentVerifierDelegate( | 102 ChromeContentVerifierDelegate::ChromeContentVerifierDelegate( |
| 104 content::BrowserContext* context) | 103 content::BrowserContext* context) |
| 105 : context_(context), default_mode_(GetDefaultMode()) { | 104 : context_(context), default_mode_(GetDefaultMode()) {} |
| 106 } | |
| 107 | 105 |
| 108 ChromeContentVerifierDelegate::~ChromeContentVerifierDelegate() { | 106 ChromeContentVerifierDelegate::~ChromeContentVerifierDelegate() { |
| 109 } | 107 } |
| 110 | 108 |
| 111 ContentVerifierDelegate::Mode ChromeContentVerifierDelegate::ShouldBeVerified( | 109 ContentVerifierDelegate::Mode ChromeContentVerifierDelegate::ShouldBeVerified( |
| 112 const Extension& extension) { | 110 const Extension& extension) { |
| 113 #if defined(OS_CHROMEOS) | 111 #if defined(OS_CHROMEOS) |
| 114 if (ExtensionAssetsManagerChromeOS::IsSharedInstall(&extension)) | 112 if (ExtensionAssetsManagerChromeOS::IsSharedInstall(&extension)) |
| 115 return ContentVerifierDelegate::ENFORCE_STRICT; | 113 return ContentVerifierDelegate::ENFORCE_STRICT; |
| 116 #endif | 114 #endif |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 164 | 162 |
| 165 void ChromeContentVerifierDelegate::VerifyFailed( | 163 void ChromeContentVerifierDelegate::VerifyFailed( |
| 166 const std::string& extension_id, | 164 const std::string& extension_id, |
| 167 ContentVerifyJob::FailureReason reason) { | 165 ContentVerifyJob::FailureReason reason) { |
| 168 ExtensionRegistry* registry = ExtensionRegistry::Get(context_); | 166 ExtensionRegistry* registry = ExtensionRegistry::Get(context_); |
| 169 const Extension* extension = | 167 const Extension* extension = |
| 170 registry->enabled_extensions().GetByID(extension_id); | 168 registry->enabled_extensions().GetByID(extension_id); |
| 171 if (!extension) | 169 if (!extension) |
| 172 return; | 170 return; |
| 173 ExtensionSystem* system = ExtensionSystem::Get(context_); | 171 ExtensionSystem* system = ExtensionSystem::Get(context_); |
| 172 ExtensionService* service = system->extension_service(); |
| 174 Mode mode = ShouldBeVerified(*extension); | 173 Mode mode = ShouldBeVerified(*extension); |
| 175 if (mode >= ContentVerifierDelegate::ENFORCE) { | 174 if (mode >= ContentVerifierDelegate::ENFORCE) { |
| 176 if (!system->management_policy()->UserMayModifySettings(extension, NULL)) { | 175 if (!system->management_policy()->UserMayModifySettings(extension, NULL)) { |
| 177 LogFailureForPolicyForceInstall(extension_id); | 176 PendingExtensionManager* pending_manager = |
| 177 service->pending_extension_manager(); |
| 178 if (pending_manager->IsPolicyReinstallForCorruptionExpected(extension_id)) |
| 179 return; |
| 180 LOG(WARNING) << "Corruption detected in policy extension " << extension_id |
| 181 << " installed at: " << extension->path().value(); |
| 182 pending_manager->ExpectPolicyReinstallForCorruption(extension_id); |
| 183 service->DisableExtension(extension_id, Extension::DISABLE_CORRUPTED); |
| 184 service->CheckForExternalUpdates(); |
| 178 return; | 185 return; |
| 179 } | 186 } |
| 180 DLOG(WARNING) << "Disabling extension " << extension_id << " ('" | 187 DLOG(WARNING) << "Disabling extension " << extension_id << " ('" |
| 181 << extension->name() | 188 << extension->name() |
| 182 << "') due to content verification failure. In tests you " | 189 << "') due to content verification failure. In tests you " |
| 183 << "might want to use a ScopedIgnoreContentVerifierForTest " | 190 << "might want to use a ScopedIgnoreContentVerifierForTest " |
| 184 << "instance to prevent this."; | 191 << "instance to prevent this."; |
| 185 system->extension_service()->DisableExtension(extension_id, | 192 service->DisableExtension(extension_id, Extension::DISABLE_CORRUPTED); |
| 186 Extension::DISABLE_CORRUPTED); | |
| 187 ExtensionPrefs::Get(context_)->IncrementCorruptedDisableCount(); | 193 ExtensionPrefs::Get(context_)->IncrementCorruptedDisableCount(); |
| 188 UMA_HISTOGRAM_BOOLEAN("Extensions.CorruptExtensionBecameDisabled", true); | 194 UMA_HISTOGRAM_BOOLEAN("Extensions.CorruptExtensionBecameDisabled", true); |
| 189 UMA_HISTOGRAM_ENUMERATION("Extensions.CorruptExtensionDisabledReason", | 195 UMA_HISTOGRAM_ENUMERATION("Extensions.CorruptExtensionDisabledReason", |
| 190 reason, ContentVerifyJob::FAILURE_REASON_MAX); | 196 reason, ContentVerifyJob::FAILURE_REASON_MAX); |
| 191 } else if (!base::ContainsKey(would_be_disabled_ids_, extension_id)) { | 197 } else if (!base::ContainsKey(would_be_disabled_ids_, extension_id)) { |
| 192 UMA_HISTOGRAM_BOOLEAN("Extensions.CorruptExtensionWouldBeDisabled", true); | 198 UMA_HISTOGRAM_BOOLEAN("Extensions.CorruptExtensionWouldBeDisabled", true); |
| 193 would_be_disabled_ids_.insert(extension_id); | 199 would_be_disabled_ids_.insert(extension_id); |
| 194 } | 200 } |
| 195 } | 201 } |
| 196 | 202 |
| 197 void ChromeContentVerifierDelegate::LogFailureForPolicyForceInstall( | |
| 198 const std::string& extension_id) { | |
| 199 if (!base::ContainsKey(corrupt_policy_extensions_, extension_id)) { | |
| 200 corrupt_policy_extensions_.insert(extension_id); | |
| 201 UMA_HISTOGRAM_BOOLEAN("Extensions.CorruptPolicyExtensionWouldBeDisabled", | |
| 202 true); | |
| 203 } | |
| 204 } | |
| 205 | 203 |
| 206 } // namespace extensions | 204 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2299203004:
Attempt to repair corrupt enterprise policy force-installed extensions (Closed)
