Enable networking.onc for autolaunched kiosk sessions (on dev)

extensions/browser/api/networking_private/networking_private_api.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/browser/api/networking_private/networking_private_api.h"
 
 #include <utility>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "components/onc/onc_constants.h"
 #include "extensions/browser/api/networking_private/networking_private_delegate.h"
 #include "extensions/browser/api/networking_private/networking_private_delegate_factory.h"
 #include "extensions/browser/extension_function_registry.h"
 #include "extensions/common/api/networking_private.h"
+#include "extensions/common/extension_api.h"
+#include "extensions/common/features/feature_provider.h"
+
+namespace extensions {
 
 namespace {
 
 const int kDefaultNetworkListLimit = 1000;
 
-extensions::NetworkingPrivateDelegate* GetDelegate(
+const char kPrivateOnlyError[] = "Requires networkingPrivate API access.";
+
+NetworkingPrivateDelegate* GetDelegate(
     content::BrowserContext* browser_context) {
-  return extensions::NetworkingPrivateDelegateFactory::GetForBrowserContext(
+  return NetworkingPrivateDelegateFactory::GetForBrowserContext(
       browser_context);
 }
 
+bool HasPrivateNetworkingAccess(const Extension* extension,
+                                Feature::Context context,
+                                const GURL& source_url) {
+  return ExtensionAPI::GetSharedInstance()
+      ->IsAvailable("networkingPrivate", extension, context, source_url,
+                    CheckAliasStatus::NOT_ALLOWED)
+      .is_available();
+}
+
 }  // namespace
 
-namespace extensions {
-
 namespace private_api = api::networking_private;
 
 namespace networking_private {
 
 // static
 const char kErrorInvalidNetworkGuid[] = "Error.InvalidNetworkGuid";
 const char kErrorInvalidNetworkOperation[] = "Error.InvalidNetworkOperation";
 const char kErrorNetworkUnavailable[] = "Error.NetworkUnavailable";
 const char kErrorEncryptionError[] = "Error.EncryptionError";
 const char kErrorNotReady[] = "Error.NotReady";
@@ skipping 233 matching lines @@
 
 NetworkingPrivateGetVisibleNetworksFunction::
     ~NetworkingPrivateGetVisibleNetworksFunction() {
 }
 
 bool NetworkingPrivateGetVisibleNetworksFunction::RunAsync() {
   std::unique_ptr<private_api::GetVisibleNetworks::Params> params =
       private_api::GetVisibleNetworks::Params::Create(*args_);
   EXTENSION_FUNCTION_VALIDATE(params);
 
+  // getVisibleNetworks is deprecated - allow it only for apps with
+  // networkingPrivate permissions, i.e. apps that might have started using it
+  // before its deprecation.
+  if (!HasPrivateNetworkingAccess(extension(), source_context_type(),
+                                  source_url())) {
+    error_ = kPrivateOnlyError;
+    return false;
+  }
+
   std::string network_type = private_api::ToString(params->network_type);
   const bool configured_only = false;
   const bool visible_only = true;
 
   GetDelegate(browser_context())
       ->GetNetworks(
           network_type, configured_only, visible_only, kDefaultNetworkListLimit,
           base::Bind(&NetworkingPrivateGetVisibleNetworksFunction::Success,
                      this),
           base::Bind(&NetworkingPrivateGetVisibleNetworksFunction::Failure,
@@ skipping 15 matching lines @@
 
 ////////////////////////////////////////////////////////////////////////////////
 // NetworkingPrivateGetEnabledNetworkTypesFunction
 
 NetworkingPrivateGetEnabledNetworkTypesFunction::
     ~NetworkingPrivateGetEnabledNetworkTypesFunction() {
 }
 
 ExtensionFunction::ResponseAction
 NetworkingPrivateGetEnabledNetworkTypesFunction::Run() {
+  // getEnabledNetworkTypes is deprecated - allow it only for apps with
+  // networkingPrivate permissions, i.e. apps that might have started using it
+  // before its deprecation.
+  if (!HasPrivateNetworkingAccess(extension(), source_context_type(),
+                                  source_url())) {
+    return RespondNow(Error(kPrivateOnlyError));
+  }
+
   std::unique_ptr<base::ListValue> enabled_networks_onc_types(
       GetDelegate(browser_context())->GetEnabledNetworkTypes());
   if (!enabled_networks_onc_types)
     return RespondNow(Error(networking_private::kErrorNotSupported));
   std::unique_ptr<base::ListValue> enabled_networks_list(new base::ListValue);
   for (base::ListValue::iterator iter = enabled_networks_onc_types->begin();
        iter != enabled_networks_onc_types->end(); ++iter) {
     std::string type;
     if (!(*iter)->GetAsString(&type))
       NOTREACHED();
@@ skipping 178 matching lines @@
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // NetworkingPrivateVerifyDestinationFunction
 
 NetworkingPrivateVerifyDestinationFunction::
     ~NetworkingPrivateVerifyDestinationFunction() {
 }
 
 bool NetworkingPrivateVerifyDestinationFunction::RunAsync() {
+  // This method is private - as such, it should not be exposed through public
+  // networking.onc API.
+  // TODO(tbarzic): Consider exposing this via separate API.
+  // http://crbug.com/678737
+  if (!HasPrivateNetworkingAccess(extension(), source_context_type(),
+                                  source_url())) {
+    error_ = kPrivateOnlyError;
+    return false;
+  }
+
   std::unique_ptr<private_api::VerifyDestination::Params> params =
       private_api::VerifyDestination::Params::Create(*args_);
   EXTENSION_FUNCTION_VALIDATE(params);
 
   GetDelegate(browser_context())
       ->VerifyDestination(
           params->properties,
           base::Bind(&NetworkingPrivateVerifyDestinationFunction::Success,
                      this),
           base::Bind(&NetworkingPrivateVerifyDestinationFunction::Failure,
@@ skipping 13 matching lines @@
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // NetworkingPrivateVerifyAndEncryptCredentialsFunction
 
 NetworkingPrivateVerifyAndEncryptCredentialsFunction::
     ~NetworkingPrivateVerifyAndEncryptCredentialsFunction() {
 }
 
 bool NetworkingPrivateVerifyAndEncryptCredentialsFunction::RunAsync() {
+  // This method is private - as such, it should not be exposed through public
+  // networking.onc API.
+  // TODO(tbarzic): Consider exposing this via separate API.
+  // http://crbug.com/678737
+  if (!HasPrivateNetworkingAccess(extension(), source_context_type(),
+                                  source_url())) {
+    error_ = kPrivateOnlyError;
+    return false;
+  }
   std::unique_ptr<private_api::VerifyAndEncryptCredentials::Params> params =
       private_api::VerifyAndEncryptCredentials::Params::Create(*args_);
   EXTENSION_FUNCTION_VALIDATE(params);
 
   GetDelegate(browser_context())
       ->VerifyAndEncryptCredentials(
           params->network_guid, params->properties,
           base::Bind(
               &NetworkingPrivateVerifyAndEncryptCredentialsFunction::Success,
               this),
@@ skipping 16 matching lines @@
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // NetworkingPrivateVerifyAndEncryptDataFunction
 
 NetworkingPrivateVerifyAndEncryptDataFunction::
     ~NetworkingPrivateVerifyAndEncryptDataFunction() {
 }
 
 bool NetworkingPrivateVerifyAndEncryptDataFunction::RunAsync() {
+  // This method is private - as such, it should not be exposed through public
+  // networking.onc API.
+  // TODO(tbarzic): Consider exposing this via separate API.
+  // http://crbug.com/678737
+  if (!HasPrivateNetworkingAccess(extension(), source_context_type(),
+                                  source_url())) {
+    error_ = kPrivateOnlyError;
+    return false;
+  }
   std::unique_ptr<private_api::VerifyAndEncryptData::Params> params =
       private_api::VerifyAndEncryptData::Params::Create(*args_);
   EXTENSION_FUNCTION_VALIDATE(params);
 
   GetDelegate(browser_context())
       ->VerifyAndEncryptData(
           params->properties, params->data,
           base::Bind(&NetworkingPrivateVerifyAndEncryptDataFunction::Success,
                      this),
           base::Bind(&NetworkingPrivateVerifyAndEncryptDataFunction::Failure,
@@ skipping 14 matching lines @@
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // NetworkingPrivateSetWifiTDLSEnabledStateFunction
 
 NetworkingPrivateSetWifiTDLSEnabledStateFunction::
     ~NetworkingPrivateSetWifiTDLSEnabledStateFunction() {
 }
 
 bool NetworkingPrivateSetWifiTDLSEnabledStateFunction::RunAsync() {
+  // This method is private - as such, it should not be exposed through public
+  // networking.onc API.
+  // TODO(tbarzic): Consider exposing this via separate API.
+  // http://crbug.com/678737
+  if (!HasPrivateNetworkingAccess(extension(), source_context_type(),
+                                  source_url())) {
+    error_ = kPrivateOnlyError;
+    return false;
+  }
   std::unique_ptr<private_api::SetWifiTDLSEnabledState::Params> params =
       private_api::SetWifiTDLSEnabledState::Params::Create(*args_);
   EXTENSION_FUNCTION_VALIDATE(params);
 
   GetDelegate(browser_context())
       ->SetWifiTDLSEnabledState(
           params->ip_or_mac_address, params->enabled,
           base::Bind(&NetworkingPrivateSetWifiTDLSEnabledStateFunction::Success,
                      this),
           base::Bind(&NetworkingPrivateSetWifiTDLSEnabledStateFunction::Failure,
@@ skipping 15 matching lines @@
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // NetworkingPrivateGetWifiTDLSStatusFunction
 
 NetworkingPrivateGetWifiTDLSStatusFunction::
     ~NetworkingPrivateGetWifiTDLSStatusFunction() {
 }
 
 bool NetworkingPrivateGetWifiTDLSStatusFunction::RunAsync() {
+  // This method is private - as such, it should not be exposed through public
+  // networking.onc API.
+  // TODO(tbarzic): Consider exposing this via separate API.
+  // http://crbug.com/678737
+  if (!HasPrivateNetworkingAccess(extension(), source_context_type(),
+                                  source_url())) {
+    error_ = kPrivateOnlyError;
+    return false;
+  }
   std::unique_ptr<private_api::GetWifiTDLSStatus::Params> params =
       private_api::GetWifiTDLSStatus::Params::Create(*args_);
   EXTENSION_FUNCTION_VALIDATE(params);
 
   GetDelegate(browser_context())
       ->GetWifiTDLSStatus(
           params->ip_or_mac_address,
           base::Bind(&NetworkingPrivateGetWifiTDLSStatusFunction::Success,
                      this),
           base::Bind(&NetworkingPrivateGetWifiTDLSStatusFunction::Failure,
@@ skipping 127 matching lines @@
   // private_api::GlobalPolicy is a subset of the global policy dictionary
   // (by definition), so use the api setter/getter to generate the subset.
   std::unique_ptr<private_api::GlobalPolicy> policy(
       private_api::GlobalPolicy::FromValue(*policy_dict));
   DCHECK(policy);
   return RespondNow(
       ArgumentList(private_api::GetGlobalPolicy::Results::Create(*policy)));
 }
 
 }  // namespace extensions