| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h" | 5 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/callback.h" | 8 #include "base/callback.h" |
| 9 #include "base/values.h" | 9 #include "base/values.h" |
| 10 #include "chrome/browser/policy/cloud/device_management_service.h" | 10 #include "chrome/browser/policy/cloud/device_management_service.h" |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 79 InstallPolicy(validator->policy_data().Pass(), validator->payload().Pass()); | 79 InstallPolicy(validator->policy_data().Pass(), validator->payload().Pass()); |
| 80 // Exit the session when the lid is closed. The default behavior is to | 80 // Exit the session when the lid is closed. The default behavior is to |
| 81 // suspend while leaving the session running, which is not desirable for | 81 // suspend while leaving the session running, which is not desirable for |
| 82 // public sessions. | 82 // public sessions. |
| 83 policy_map_.Set(key::kLidCloseAction, | 83 policy_map_.Set(key::kLidCloseAction, |
| 84 POLICY_LEVEL_MANDATORY, | 84 POLICY_LEVEL_MANDATORY, |
| 85 POLICY_SCOPE_USER, | 85 POLICY_SCOPE_USER, |
| 86 base::Value::CreateIntegerValue( | 86 base::Value::CreateIntegerValue( |
| 87 chromeos::PowerPolicyController::ACTION_STOP_SESSION), | 87 chromeos::PowerPolicyController::ACTION_STOP_SESSION), |
| 88 NULL); | 88 NULL); |
| 89 | |
| 90 // Force the |ShelfAutoHideBehavior| policy to |Never|, ensuring that the ash | 89 // Force the |ShelfAutoHideBehavior| policy to |Never|, ensuring that the ash |
| 91 // shelf does not auto-hide. | 90 // shelf does not auto-hide. |
| 92 policy_map_.Set(key::kShelfAutoHideBehavior, | 91 policy_map_.Set(key::kShelfAutoHideBehavior, |
| 93 POLICY_LEVEL_MANDATORY, | 92 POLICY_LEVEL_MANDATORY, |
| 94 POLICY_SCOPE_USER, | 93 POLICY_SCOPE_USER, |
| 95 Value::CreateStringValue("Never"), | 94 Value::CreateStringValue("Never"), |
| 96 NULL); | 95 NULL); |
| 97 // Force the |ShowLogoutButtonInTray| policy to |true|, ensuring that a big, | 96 // Force the |ShowLogoutButtonInTray| policy to |true|, ensuring that a big, |
| 98 // red logout button is shown in the ash system tray. | 97 // red logout button is shown in the ash system tray. |
| 99 policy_map_.Set(key::kShowLogoutButtonInTray, | 98 policy_map_.Set(key::kShowLogoutButtonInTray, |
| 100 POLICY_LEVEL_MANDATORY, | 99 POLICY_LEVEL_MANDATORY, |
| 101 POLICY_SCOPE_USER, | 100 POLICY_SCOPE_USER, |
| 102 Value::CreateBooleanValue(true), | 101 Value::CreateBooleanValue(true), |
| 103 NULL); | 102 NULL); |
| 104 // Force the |FullscreenAllowed| policy to |false|, ensuring that the ash | 103 // Force the |FullscreenAllowed| policy to |false|, ensuring that the ash |
| 105 // shelf cannot be hidden by entering fullscreen mode. | 104 // shelf cannot be hidden by entering fullscreen mode. |
| 106 policy_map_.Set(key::kFullscreenAllowed, | 105 policy_map_.Set(key::kFullscreenAllowed, |
| 107 POLICY_LEVEL_MANDATORY, | 106 POLICY_LEVEL_MANDATORY, |
| 108 POLICY_SCOPE_USER, | 107 POLICY_SCOPE_USER, |
| 109 Value::CreateBooleanValue(false), | 108 Value::CreateBooleanValue(false), |
| 110 NULL); | 109 NULL); |
| 111 // Restrict device-local accounts to hosted apps for now (i.e. no extensions, | |
| 112 // packaged apps etc.) for security/privacy reasons (i.e. we'd like to | |
| 113 // prevent the admin from stealing private information from random people). | |
| 114 scoped_ptr<base::ListValue> allowed_extension_types(new base::ListValue()); | |
| 115 allowed_extension_types->AppendString("hosted_app"); | |
| 116 policy_map_.Set(key::kExtensionAllowedTypes, | |
| 117 POLICY_LEVEL_MANDATORY, | |
| 118 POLICY_SCOPE_USER, | |
| 119 allowed_extension_types.release(), | |
| 120 NULL); | |
| 121 | 110 |
| 122 status_ = STATUS_OK; | 111 status_ = STATUS_OK; |
| 123 NotifyStoreLoaded(); | 112 NotifyStoreLoaded(); |
| 124 } | 113 } |
| 125 | 114 |
| 126 void DeviceLocalAccountPolicyStore::StoreValidatedPolicy( | 115 void DeviceLocalAccountPolicyStore::StoreValidatedPolicy( |
| 127 UserCloudPolicyValidator* validator) { | 116 UserCloudPolicyValidator* validator) { |
| 128 if (!validator->success()) { | 117 if (!validator->success()) { |
| 129 status_ = CloudPolicyStore::STATUS_VALIDATION_ERROR; | 118 status_ = CloudPolicyStore::STATUS_VALIDATION_ERROR; |
| 130 validation_status_ = validator->status(); | 119 validation_status_ = validator->status(); |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 186 validator->ValidateAgainstCurrentPolicy( | 175 validator->ValidateAgainstCurrentPolicy( |
| 187 policy(), | 176 policy(), |
| 188 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED, | 177 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED, |
| 189 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); | 178 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); |
| 190 validator->ValidatePayload(); | 179 validator->ValidatePayload(); |
| 191 validator->ValidateSignature(*key->public_key(), false); | 180 validator->ValidateSignature(*key->public_key(), false); |
| 192 validator.release()->StartValidation(callback); | 181 validator.release()->StartValidation(callback); |
| 193 } | 182 } |
| 194 | 183 |
| 195 } // namespace policy | 184 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 24261010:
Allow explicitly whitelisted apps/extensions in public sessions (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src