Enable networking.onc for autolaunched kiosk sessions (on dev)

extensions/browser/api/networking_private/networking_private_api.cc

Index: extensions/browser/api/networking_private/networking_private_api.cc
diff --git a/extensions/browser/api/networking_private/networking_private_api.cc b/extensions/browser/api/networking_private/networking_private_api.cc
index 5bfc42bd84eaff1c42a689290eb0cddcb8f1f316..ccd3b1be599a907206a178abcb35a1a8e8d6c0ca 100644
--- a/extensions/browser/api/networking_private/networking_private_api.cc
+++ b/extensions/browser/api/networking_private/networking_private_api.cc
@@ -14,20 +14,33 @@
 #include "extensions/browser/api/networking_private/networking_private_delegate_factory.h"
 #include "extensions/browser/extension_function_registry.h"
 #include "extensions/common/api/networking_private.h"
+#include "extensions/common/extension_api.h"
+#include "extensions/common/features/feature_provider.h"
+
+namespace extensions {
 
 namespace {
 
 const int kDefaultNetworkListLimit = 1000;
 
-extensions::NetworkingPrivateDelegate* GetDelegate(
+const char kPrivateOnlyError[] = "Requires networkingPrivate API access.";
+
+NetworkingPrivateDelegate* GetDelegate(
     content::BrowserContext* browser_context) {
-  return extensions::NetworkingPrivateDelegateFactory::GetForBrowserContext(
+  return NetworkingPrivateDelegateFactory::GetForBrowserContext(
       browser_context);
 }
 
-}  // namespace
+bool HasPrivateNetworkingAccess(const Extension* extension,

[Devlin, 2017/01/12 22:44:45]

It might be worth adding a comment why we do this (there are private methods
that shouldn't be exposed as part of onc). Although I suppose it's above each of
the call sites, so, up to you.

[tbarzic, 2017/01/12 22:59:46]

Call sites do have comments stating reason these are restricted - I made them a
little clearer.

+                                Feature::Context context,
+                                const GURL& source_url) {
+  return ExtensionAPI::GetSharedInstance()
+      ->IsAvailable("networkingPrivate", extension, context, source_url,
+                    CheckAliasStatus::NOT_ALLOWED)
+      .is_available();
+}
 
-namespace extensions {
+}  // namespace
 
 namespace private_api = api::networking_private;
 
@@ -282,6 +295,14 @@ bool NetworkingPrivateGetVisibleNetworksFunction::RunAsync() {
       private_api::GetVisibleNetworks::Params::Create(*args_);
   EXTENSION_FUNCTION_VALIDATE(params);
 
+  // getVisibleNetworks is deprecated - allow it only for apps with
+  // networkingPrivate permissions.
+  if (!HasPrivateNetworkingAccess(extension(), source_context_type(),
+                                  source_url())) {
+    error_ = kPrivateOnlyError;
+    return false;
+  }
+
   std::string network_type = private_api::ToString(params->network_type);
   const bool configured_only = false;
   const bool visible_only = true;
@@ -317,6 +338,13 @@ NetworkingPrivateGetEnabledNetworkTypesFunction::
 
 ExtensionFunction::ResponseAction
 NetworkingPrivateGetEnabledNetworkTypesFunction::Run() {
+  // getEnabledNetworkTypes is deprecated - allow it only for apps with
+  // networkingPrivate permissions.
+  if (!HasPrivateNetworkingAccess(extension(), source_context_type(),
+                                  source_url())) {
+    return RespondNow(Error(kPrivateOnlyError));
+  }
+
   std::unique_ptr<base::ListValue> enabled_networks_onc_types(
       GetDelegate(browser_context())->GetEnabledNetworkTypes());
   if (!enabled_networks_onc_types)
@@ -515,6 +543,14 @@ NetworkingPrivateVerifyDestinationFunction::
 }
 
 bool NetworkingPrivateVerifyDestinationFunction::RunAsync() {
+  // TODO(tbarzic): Consider exposing this via separate API.
+  // http://crbug.com/678737
+  if (!HasPrivateNetworkingAccess(extension(), source_context_type(),
+                                  source_url())) {
+    error_ = kPrivateOnlyError;
+    return false;
+  }
+
   std::unique_ptr<private_api::VerifyDestination::Params> params =
       private_api::VerifyDestination::Params::Create(*args_);
   EXTENSION_FUNCTION_VALIDATE(params);
@@ -548,6 +584,13 @@ NetworkingPrivateVerifyAndEncryptCredentialsFunction::
 }
 
 bool NetworkingPrivateVerifyAndEncryptCredentialsFunction::RunAsync() {
+  // TODO(tbarzic): Consider exposing this via separate API.
+  // http://crbug.com/678737
+  if (!HasPrivateNetworkingAccess(extension(), source_context_type(),
+                                  source_url())) {
+    error_ = kPrivateOnlyError;
+    return false;
+  }
   std::unique_ptr<private_api::VerifyAndEncryptCredentials::Params> params =
       private_api::VerifyAndEncryptCredentials::Params::Create(*args_);
   EXTENSION_FUNCTION_VALIDATE(params);
@@ -584,6 +627,13 @@ NetworkingPrivateVerifyAndEncryptDataFunction::
 }
 
 bool NetworkingPrivateVerifyAndEncryptDataFunction::RunAsync() {
+  // TODO(tbarzic): Consider exposing this via separate API.
+  // http://crbug.com/678737
+  if (!HasPrivateNetworkingAccess(extension(), source_context_type(),
+                                  source_url())) {
+    error_ = kPrivateOnlyError;
+    return false;
+  }
   std::unique_ptr<private_api::VerifyAndEncryptData::Params> params =
       private_api::VerifyAndEncryptData::Params::Create(*args_);
   EXTENSION_FUNCTION_VALIDATE(params);
@@ -618,6 +668,13 @@ NetworkingPrivateSetWifiTDLSEnabledStateFunction::
 }
 
 bool NetworkingPrivateSetWifiTDLSEnabledStateFunction::RunAsync() {
+  // TODO(tbarzic): Consider exposing this via separate API.
+  // http://crbug.com/678737
+  if (!HasPrivateNetworkingAccess(extension(), source_context_type(),
+                                  source_url())) {
+    error_ = kPrivateOnlyError;
+    return false;
+  }
   std::unique_ptr<private_api::SetWifiTDLSEnabledState::Params> params =
       private_api::SetWifiTDLSEnabledState::Params::Create(*args_);
   EXTENSION_FUNCTION_VALIDATE(params);
@@ -653,6 +710,13 @@ NetworkingPrivateGetWifiTDLSStatusFunction::
 }
 
 bool NetworkingPrivateGetWifiTDLSStatusFunction::RunAsync() {
+  // TODO(tbarzic): Consider exposing this via separate API.
+  // http://crbug.com/678737
+  if (!HasPrivateNetworkingAccess(extension(), source_context_type(),
+                                  source_url())) {
+    error_ = kPrivateOnlyError;
+    return false;
+  }
   std::unique_ptr<private_api::GetWifiTDLSStatus::Params> params =
       private_api::GetWifiTDLSStatus::Params::Create(*args_);
   EXTENSION_FUNCTION_VALIDATE(params);