Allow explicitly whitelisted apps/extensions in public sessions

chrome/browser/chromeos/login/user_manager_impl.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/user_manager_impl.h"
 
 #include <cstddef>
 #include <set>
 
 #include "base/bind.h"
@@ skipping 344 matching lines @@
     user->set_username_hash(username_hash);
     logged_in_users_.push_back(user);
     lru_logged_in_users_.push_back(user);
     // Reset the new user flag if the user already exists.
     is_current_user_new_ = false;
     // Set active user wallpaper back.
     WallpaperManager::Get()->SetUserWallpaper(active_user_->email());
     return;
   }
 
+  policy::DeviceLocalAccount::Type device_local_account_type;
   if (email == UserManager::kGuestUserName) {
     GuestUserLoggedIn();
   } else if (email == UserManager::kRetailModeUserName) {
     RetailModeUserLoggedIn();
-  } else if (policy::IsKioskAppUser(email)) {
+  } else if (policy::IsDeviceLocalAccountUser(email,
+                                              &device_local_account_type) &&
+             device_local_account_type ==
+                 policy::DeviceLocalAccount::TYPE_KIOSK_APP) {
     KioskAppLoggedIn(email);
   } else {
     EnsureUsersLoaded();
 
     if (user && user->GetType() == User::USER_TYPE_PUBLIC_ACCOUNT) {
       PublicAccountUserLoggedIn(user);
     } else if ((user && user->GetType() == User::USER_TYPE_LOCALLY_MANAGED) ||
                (!user && gaia::ExtractDomainName(email) ==
                     UserManager::kLocallyManagedUserDomain)) {
       LocallyManagedUserLoggedIn(email);
@@ skipping 1015 matching lines @@
   active_user_ = user;
   // The UserImageManager chooses a random avatar picture when a user logs in
   // for the first time. Tell the UserImageManager that this user is not new to
   // prevent the avatar from getting changed.
   user_image_manager_->UserLoggedIn(user->email(), false, true);
   WallpaperManager::Get()->EnsureLoggedInUserWallpaperLoaded();
 }
 
 void UserManagerImpl::KioskAppLoggedIn(const std::string& username) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
-  DCHECK(policy::IsKioskAppUser(username));
+  policy::DeviceLocalAccount::Type device_local_account_type;
+  DCHECK(policy::IsDeviceLocalAccountUser(username,
+                                          &device_local_account_type));
+  DCHECK_EQ(policy::DeviceLocalAccount::TYPE_KIOSK_APP,
+            device_local_account_type);
 
   active_user_ = User::CreateKioskAppUser(username);
   active_user_->SetStubImage(User::kInvalidImageIndex, false);
   WallpaperManager::Get()->SetInitialUserWallpaper(username, false);
 
   // TODO(bartfab): Add KioskAppUsers to the users_ list and keep metadata like
   // the kiosk_app_id in these objects, removing the need to re-parse the
   // device-local account list here to extract the kiosk_app_id.
   const std::vector<policy::DeviceLocalAccount> device_local_accounts =
       policy::GetDeviceLocalAccounts(cros_settings_);
@@ skipping 578 matching lines @@
   }
 }
 
 void UserManagerImpl::OnUserNotAllowed() {
   LOG(ERROR) << "Shutdown session because a user is not allowed to be in the "
                 "current session";
   chrome::AttemptUserExit();
 }
 
 }  // namespace chromeos