| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/extensions/device_local_account_management_pol
icy_provider.h" | 5 #include "chrome/browser/chromeos/extensions/device_local_account_management_pol
icy_provider.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <cstddef> | 9 #include <cstddef> |
| 10 #include <string> | 10 #include <string> |
| (...skipping 871 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 882 DeviceLocalAccountManagementPolicyProvider:: | 882 DeviceLocalAccountManagementPolicyProvider:: |
| 883 DeviceLocalAccountManagementPolicyProvider( | 883 DeviceLocalAccountManagementPolicyProvider( |
| 884 policy::DeviceLocalAccount::Type account_type) | 884 policy::DeviceLocalAccount::Type account_type) |
| 885 : account_type_(account_type) { | 885 : account_type_(account_type) { |
| 886 } | 886 } |
| 887 | 887 |
| 888 DeviceLocalAccountManagementPolicyProvider:: | 888 DeviceLocalAccountManagementPolicyProvider:: |
| 889 ~DeviceLocalAccountManagementPolicyProvider() { | 889 ~DeviceLocalAccountManagementPolicyProvider() { |
| 890 } | 890 } |
| 891 | 891 |
| 892 // static |
| 893 bool DeviceLocalAccountManagementPolicyProvider::IsWhitelisted( |
| 894 const extensions::Extension* extension) { |
| 895 return ArrayContains(kPublicSessionWhitelist, extension->id()); |
| 896 } |
| 897 |
| 892 std::string DeviceLocalAccountManagementPolicyProvider:: | 898 std::string DeviceLocalAccountManagementPolicyProvider:: |
| 893 GetDebugPolicyProviderName() const { | 899 GetDebugPolicyProviderName() const { |
| 894 #if defined(NDEBUG) | 900 #if defined(NDEBUG) |
| 895 NOTREACHED(); | 901 NOTREACHED(); |
| 896 return std::string(); | 902 return std::string(); |
| 897 #else | 903 #else |
| 898 return "whitelist for device-local accounts"; | 904 return "whitelist for device-local accounts"; |
| 899 #endif | 905 #endif |
| 900 } | 906 } |
| 901 | 907 |
| 902 bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad( | 908 bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad( |
| 903 const extensions::Extension* extension, | 909 const extensions::Extension* extension, |
| 904 base::string16* error) const { | 910 base::string16* error) const { |
| 905 if (account_type_ == policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION) { | 911 if (account_type_ == policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION) { |
| 906 // Allow extension if it is an externally hosted component of Chrome. | 912 // Allow extension if it is an externally hosted component of Chrome. |
| 907 if (extension->location() == extensions::Manifest::EXTERNAL_COMPONENT) { | 913 if (extension->location() == extensions::Manifest::EXTERNAL_COMPONENT) { |
| 908 return true; | 914 return true; |
| 909 } | 915 } |
| 910 | 916 |
| 911 // TODO(isandrk): Remove when whitelisting work is done (crbug/651027). | 917 // TODO(isandrk): Remove when whitelisting work is done (crbug/651027). |
| 912 // Allow extension if its type is whitelisted for use in public sessions. | 918 // Allow extension if its type is whitelisted for use in public sessions. |
| 913 if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP) { | 919 if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP) { |
| 914 return true; | 920 return true; |
| 915 } | 921 } |
| 916 | 922 |
| 917 // Allow extension if its specific ID is whitelisted for use in public | 923 // Allow extension if its specific ID is whitelisted for use in public |
| 918 // sessions. | 924 // sessions. |
| 919 if (ArrayContains(kPublicSessionWhitelist, extension->id())) { | 925 if (IsWhitelisted(extension)) { |
| 920 return true; | 926 return true; |
| 921 } | 927 } |
| 922 | 928 |
| 923 // Allow force-installed extension if all manifest contents are whitelisted. | 929 // Allow force-installed extension if all manifest contents are whitelisted. |
| 924 if ((extension->location() == extensions::Manifest::EXTERNAL_POLICY_DOWNLOAD | 930 if ((extension->location() == extensions::Manifest::EXTERNAL_POLICY_DOWNLOAD |
| 925 || extension->location() == extensions::Manifest::EXTERNAL_POLICY) | 931 || extension->location() == extensions::Manifest::EXTERNAL_POLICY) |
| 926 && IsSafeForPublicSession(extension)) { | 932 && IsSafeForPublicSession(extension)) { |
| 927 return true; | 933 return true; |
| 928 } | 934 } |
| 929 } else if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) { | 935 } else if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) { |
| (...skipping 10 matching lines...) Expand all Loading... |
| 940 if (error) { | 946 if (error) { |
| 941 *error = l10n_util::GetStringFUTF16( | 947 *error = l10n_util::GetStringFUTF16( |
| 942 IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT, | 948 IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT, |
| 943 base::UTF8ToUTF16(extension->name()), | 949 base::UTF8ToUTF16(extension->name()), |
| 944 base::UTF8ToUTF16(extension->id())); | 950 base::UTF8ToUTF16(extension->id())); |
| 945 } | 951 } |
| 946 return false; | 952 return false; |
| 947 } | 953 } |
| 948 | 954 |
| 949 } // namespace chromeos | 955 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2794803003:
PS - Remove Clipboard Read permission from extensions in Public Sessions (except for whitelisted on… (Closed)
