chrome/browser/extensions/standard_management_policy_provider.cc - Issue 500043003: Add PolicyProvider to ExtensionManagement

Side by Side Diff: chrome/browser/extensions/standard_management_policy_provider.cc

Issue 500043003: Add PolicyProvider to ExtensionManagement (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@ext-1

Patch Set: fixes to #5 Created 6 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « chrome/browser/extensions/standard_management_policy_provider.h ('k') | chrome/browser/extensions/standard_management_policy_provider_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2012 The Chromium Authors. All rights reserved.	1 // Copyright 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/extensions/standard_management_policy_provider.h"	5 #include "chrome/browser/extensions/standard_management_policy_provider.h"

6	6

7 #include "base/prefs/pref_service.h"	7 #include <algorithm>

8 #include "chrome/browser/extensions/blacklist.h"	8 #include <string>

	9

	10 #include "base/logging.h"

	11 #include "base/strings/string16.h"

	12 #include "base/strings/utf_string_conversions.h"

	13 #include "chrome/browser/extensions/extension_management.h"

9 #include "chrome/browser/extensions/external_component_loader.h"	14 #include "chrome/browser/extensions/external_component_loader.h"

10 #include "chrome/common/pref_names.h"

11 #include "extensions/browser/admin_policy.h"

12 #include "extensions/browser/extension_prefs.h"

13 #include "extensions/browser/pref_names.h"

14 #include "extensions/common/extension.h"	15 #include "extensions/common/extension.h"

	16 #include "extensions/common/manifest.h"

	17 #include "grit/extensions_strings.h"

	18 #include "ui/base/l10n/l10n_util.h"

15	19

16 namespace extensions {	20 namespace extensions {

17	21

	22 namespace {

	23

	24 bool ManagementPolicyImpl(const extensions::Extension* extension,

	25 base::string16* error,

	26 bool modifiable_value) {
	Finnur 2014/09/04 11:29:46 This function is a bit weirdly named and needs som This function is a bit weirdly named and needs some explaining. What does the return value mean, for example? The name doesn't reflect what it does, so it makes the code at the bottom of this file harder to read. binjin 2014/09/04 13:06:57 Done. Show quoted text On 2014/09/04 11:29:46, Finnur wrote: > This function is a bit weirdly named and needs some explaining. What does the > return value mean, for example? The name doesn't reflect what it does, so it > makes the code at the bottom of this file harder to read. Done.
	27 const bool modifiable =

	28 !extensions::Manifest::IsComponentLocation(extension->location()) &&

	29 !extensions::Manifest::IsPolicyLocation(extension->location());

	30 // Some callers equate "no restriction" to true, others to false.

	31 if (modifiable)

	32 return modifiable_value;

	33

	34 if (error) {

	35 *error = l10n_util::GetStringFUTF16(

	36 IDS_EXTENSION_CANT_MODIFY_POLICY_REQUIRED,

	37 base::UTF8ToUTF16(extension->name()));

	38 }

	39 return !modifiable_value;

	40 }

	41

	42 bool ReturnLoadError(const extensions::Extension* extension,

	43 base::string16* error) {

	44 if (error) {

	45 *error = l10n_util::GetStringFUTF16(

	46 IDS_EXTENSION_CANT_INSTALL_POLICY_BLOCKED,

	47 base::UTF8ToUTF16(extension->name()),

	48 base::UTF8ToUTF16(extension->id()));

	49 }

	50 return false;

	51 }

	52

	53 } // namespace

	54

18 StandardManagementPolicyProvider::StandardManagementPolicyProvider(	55 StandardManagementPolicyProvider::StandardManagementPolicyProvider(

19 ExtensionPrefs* prefs)	56 const ExtensionManagement* settings)

20 : prefs_(prefs) {	57 : settings_(settings) {

21 }	58 }

22	59

23 StandardManagementPolicyProvider::~StandardManagementPolicyProvider() {	60 StandardManagementPolicyProvider::~StandardManagementPolicyProvider() {

24 }	61 }

25	62

26 std::string	63 std::string

27 StandardManagementPolicyProvider::GetDebugPolicyProviderName() const {	64 StandardManagementPolicyProvider::GetDebugPolicyProviderName() const {

28 #ifdef NDEBUG	65 #ifdef NDEBUG

29 NOTREACHED();	66 NOTREACHED();

30 return std::string();	67 return std::string();

31 #else	68 #else

32 return "admin policy black/white/forcelist, via the ExtensionPrefs";	69 return "extension management policy controlled settings";

33 #endif	70 #endif

34 }	71 }

35	72

36 bool StandardManagementPolicyProvider::UserMayLoad(	73 bool StandardManagementPolicyProvider::UserMayLoad(

37 const Extension* extension,	74 const Extension* extension,

38 base::string16* error) const {	75 base::string16* error) const {

39 PrefService* pref_service = prefs_->pref_service();	76 // Component extensions are always allowed.

	77 if (extension->location() == Manifest::COMPONENT)
	Finnur 2014/09/04 11:29:46 Should EXTERNAL_COMPONENT also be included? Should EXTERNAL_COMPONENT also be included? binjin 2014/09/04 13:06:57 Done. For reference, it seems that starting crrev. Show quoted text On 2014/09/04 11:29:46, Finnur wrote: > Should EXTERNAL_COMPONENT also be included? Done. For reference, it seems that starting crrev.com/ab89454 EXTERNAL_COMPONENT was treat same as COMPONENT from management policy aspect.
	78 return true;

40	79

41 const base::ListValue* blacklist =	80 // Fields in \|by_id\| will automatically fall back to default settings if

42 pref_service->GetList(pref_names::kInstallDenyList);	81 // they are not specified by policy.

43 const base::ListValue* whitelist =	82 const ExtensionManagement::IndividualSettings& by_id =

44 pref_service->GetList(pref_names::kInstallAllowList);	83 settings_->ReadById(extension->id());

45 const base::DictionaryValue* forcelist =	84 const ExtensionManagement::GlobalSettings& global =

46 pref_service->GetDictionary(pref_names::kInstallForceList);	85 settings_->ReadGlobalSettings();

47 const base::ListValue* allowed_types = NULL;

48 if (pref_service->HasPrefPath(pref_names::kAllowedTypes))

49 allowed_types = pref_service->GetList(pref_names::kAllowedTypes);

50	86

51 return admin_policy::UserMayLoad(	87 // Force-installed extensions cannot be overwritten manually.

52 blacklist, whitelist, forcelist, allowed_types, extension, error);	88 if (!Manifest::IsPolicyLocation(extension->location()) &&

	89 by_id.installation_mode == ExtensionManagement::INSTALLATION_FORCED) {

	90 return ReturnLoadError(extension, error);

	91 }

	92

	93 // Check whether the extension type is allowed.

	94 //

	95 // If you get a compile error here saying that the type you added is not

	96 // handled by the switch statement below, please consider whether enterprise

	97 // policy should be able to disallow extensions of the new type. If so, add

	98 // a branch to the second block and add a line to the definition of

	99 // kExtensionAllowedTypesMap in configuration_policy_handler_list.cc.

	100 switch (extension->GetType()) {

	101 case Manifest::TYPE_UNKNOWN:

	102 break;

	103 case Manifest::TYPE_EXTENSION:

	104 case Manifest::TYPE_THEME:

	105 case Manifest::TYPE_USER_SCRIPT:

	106 case Manifest::TYPE_HOSTED_APP:

	107 case Manifest::TYPE_LEGACY_PACKAGED_APP:

	108 case Manifest::TYPE_PLATFORM_APP:

	109 case Manifest::TYPE_SHARED_MODULE: {

	110 if (global.has_restricted_allowed_types &&

	111 std::find(global.allowed_types.begin(),

	112 global.allowed_types.end(),

	113 extension->GetType()) == global.allowed_types.end()) {

	114 return ReturnLoadError(extension, error);

	115 }

	116 break;

	117 }

	118 case Manifest::NUM_LOAD_TYPES:

	119 NOTREACHED();

	120 }

	121

	122 if (by_id.installation_mode == ExtensionManagement::INSTALLATION_BLOCKED)

	123 return ReturnLoadError(extension, error);

	124

	125 return true;

53 }	126 }

54	127

55 bool StandardManagementPolicyProvider::UserMayModifySettings(	128 bool StandardManagementPolicyProvider::UserMayModifySettings(

56 const Extension* extension,	129 const Extension* extension,

57 base::string16* error) const {	130 base::string16* error) const {

58 return admin_policy::UserMayModifySettings(extension, error) \|\|	131 return ManagementPolicyImpl(extension, error, true) \|\|

59 (extension->location() == extensions::Manifest::EXTERNAL_COMPONENT &&	132 (extension->location() == extensions::Manifest::EXTERNAL_COMPONENT &&

60 ExternalComponentLoader::IsModifiable(extension));	133 ExternalComponentLoader::IsModifiable(extension));

61 }	134 }

62	135

63 bool StandardManagementPolicyProvider::MustRemainEnabled(	136 bool StandardManagementPolicyProvider::MustRemainEnabled(

64 const Extension* extension,	137 const Extension* extension,

65 base::string16* error) const {	138 base::string16* error) const {

66 return admin_policy::MustRemainEnabled(extension, error) \|\|	139 return ManagementPolicyImpl(extension, error, false) \|\|

67 (extension->location() == extensions::Manifest::EXTERNAL_COMPONENT &&	140 (extension->location() == extensions::Manifest::EXTERNAL_COMPONENT &&

68 ExternalComponentLoader::IsModifiable(extension));	141 ExternalComponentLoader::IsModifiable(extension));

69 }	142 }

70	143

71 } // namespace extensions	144 } // namespace extensions

OLD	NEW