| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/chromeos/extensions/device_local_account_management_pol
icy_provider.h" |
| 6 |
| 7 #include <string> |
| 8 |
| 9 #include "base/logging.h" |
| 10 #include "base/strings/utf_string_conversions.h" |
| 11 #include "chrome/common/extensions/extension.h" |
| 12 #include "extensions/common/manifest.h" |
| 13 #include "grit/generated_resources.h" |
| 14 #include "ui/base/l10n/l10n_util.h" |
| 15 |
| 16 namespace chromeos { |
| 17 |
| 18 namespace { |
| 19 |
| 20 // Apps/extensions explicitly whitelisted for use in device-local accounts. |
| 21 const char* kDeviceLocalAccountWhitelist[] = { |
| 22 "bpmcpldpdmajfigpchkicefoigmkfalc", // QuickOffice |
| 23 }; |
| 24 |
| 25 } // namespace |
| 26 |
| 27 DeviceLocalAccountManagementPolicyProvider:: |
| 28 DeviceLocalAccountManagementPolicyProvider( |
| 29 policy::DeviceLocalAccount::Type account_type) |
| 30 : account_type_(account_type) { |
| 31 } |
| 32 |
| 33 DeviceLocalAccountManagementPolicyProvider:: |
| 34 ~DeviceLocalAccountManagementPolicyProvider() { |
| 35 } |
| 36 |
| 37 std::string DeviceLocalAccountManagementPolicyProvider:: |
| 38 GetDebugPolicyProviderName() const { |
| 39 #if defined(NDEBUG) |
| 40 NOTREACHED(); |
| 41 return std::string(); |
| 42 #else |
| 43 return "whitelist for device-local accounts"; |
| 44 #endif |
| 45 } |
| 46 |
| 47 bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad( |
| 48 const extensions::Extension* extension, |
| 49 string16* error) const { |
| 50 if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) { |
| 51 // For single-app kiosk sessions, allow only platform apps. |
| 52 if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP) |
| 53 return true; |
| 54 |
| 55 } else { |
| 56 // Allow extension if its type is whitelisted for use in device-local |
| 57 // accounts. |
| 58 if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP) |
| 59 return true; |
| 60 |
| 61 // Allow extension if its specific ID is whitelisted for use in device-local |
| 62 // accounts. |
| 63 for (size_t i = 0; i < arraysize(kDeviceLocalAccountWhitelist); ++i) { |
| 64 if (extension->id() == kDeviceLocalAccountWhitelist[i]) |
| 65 return true; |
| 66 } |
| 67 } |
| 68 |
| 69 // Disallow all other extensions. |
| 70 if (error) { |
| 71 *error = l10n_util::GetStringFUTF16( |
| 72 IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT, |
| 73 UTF8ToUTF16(extension->name()), |
| 74 UTF8ToUTF16(extension->id())); |
| 75 } |
| 76 return false; |
| 77 } |
| 78 |
| 79 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 24261010:
Allow explicitly whitelisted apps/extensions in public sessions (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src