| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "extensions/browser/admin_policy.h" | |
| 6 | |
| 7 #include "base/strings/utf_string_conversions.h" | |
| 8 #include "extensions/common/extension.h" | |
| 9 #include "extensions/common/manifest.h" | |
| 10 #include "grit/extensions_strings.h" | |
| 11 #include "ui/base/l10n/l10n_util.h" | |
| 12 | |
| 13 namespace { | |
| 14 | |
| 15 bool ManagementPolicyImpl(const extensions::Extension* extension, | |
| 16 base::string16* error, | |
| 17 bool modifiable_value) { | |
| 18 bool modifiable = | |
| 19 !extensions::Manifest::IsComponentLocation(extension->location()) && | |
| 20 !extensions::Manifest::IsPolicyLocation(extension->location()); | |
| 21 // Some callers equate "no restriction" to true, others to false. | |
| 22 if (modifiable) | |
| 23 return modifiable_value; | |
| 24 | |
| 25 if (error) { | |
| 26 *error = l10n_util::GetStringFUTF16( | |
| 27 IDS_EXTENSION_CANT_MODIFY_POLICY_REQUIRED, | |
| 28 base::UTF8ToUTF16(extension->name())); | |
| 29 } | |
| 30 return !modifiable_value; | |
| 31 } | |
| 32 | |
| 33 bool ReturnLoadError(const extensions::Extension* extension, | |
| 34 base::string16* error) { | |
| 35 if (error) { | |
| 36 *error = l10n_util::GetStringFUTF16( | |
| 37 IDS_EXTENSION_CANT_INSTALL_POLICY_BLOCKED, | |
| 38 base::UTF8ToUTF16(extension->name()), | |
| 39 base::UTF8ToUTF16(extension->id())); | |
| 40 } | |
| 41 return false; | |
| 42 } | |
| 43 | |
| 44 } // namespace | |
| 45 | |
| 46 namespace extensions { | |
| 47 namespace admin_policy { | |
| 48 | |
| 49 bool BlacklistedByDefault(const base::ListValue* blacklist) { | |
| 50 base::StringValue wildcard("*"); | |
| 51 return blacklist && blacklist->Find(wildcard) != blacklist->end(); | |
| 52 } | |
| 53 | |
| 54 bool UserMayLoad(const base::ListValue* blacklist, | |
| 55 const base::ListValue* whitelist, | |
| 56 const base::DictionaryValue* forcelist, | |
| 57 const base::ListValue* allowed_types, | |
| 58 const Extension* extension, | |
| 59 base::string16* error) { | |
| 60 // Component extensions are always allowed. | |
| 61 if (extension->location() == Manifest::COMPONENT) | |
| 62 return true; | |
| 63 | |
| 64 // Forced installed extensions cannot be overwritten manually. | |
| 65 if (extension->location() != Manifest::EXTERNAL_POLICY && | |
| 66 extension->location() != Manifest::EXTERNAL_POLICY_DOWNLOAD && | |
| 67 forcelist && forcelist->HasKey(extension->id())) { | |
| 68 return ReturnLoadError(extension, error); | |
| 69 } | |
| 70 | |
| 71 // Early exit for the common case of no policy restrictions. | |
| 72 if ((!blacklist || blacklist->empty()) && (!allowed_types)) | |
| 73 return true; | |
| 74 | |
| 75 // Check whether the extension type is allowed. | |
| 76 // | |
| 77 // If you get a compile error here saying that the type you added is not | |
| 78 // handled by the switch statement below, please consider whether enterprise | |
| 79 // policy should be able to disallow extensions of the new type. If so, add a | |
| 80 // branch to the second block and add a line to the definition of | |
| 81 // kExtensionAllowedTypesMap in configuration_policy_handler_list.cc. | |
| 82 switch (extension->GetType()) { | |
| 83 case Manifest::TYPE_UNKNOWN: | |
| 84 break; | |
| 85 case Manifest::TYPE_EXTENSION: | |
| 86 case Manifest::TYPE_THEME: | |
| 87 case Manifest::TYPE_USER_SCRIPT: | |
| 88 case Manifest::TYPE_HOSTED_APP: | |
| 89 case Manifest::TYPE_LEGACY_PACKAGED_APP: | |
| 90 case Manifest::TYPE_PLATFORM_APP: | |
| 91 case Manifest::TYPE_SHARED_MODULE: { | |
| 92 base::FundamentalValue type_value(extension->GetType()); | |
| 93 if (allowed_types && | |
| 94 allowed_types->Find(type_value) == allowed_types->end()) | |
| 95 return ReturnLoadError(extension, error); | |
| 96 break; | |
| 97 } | |
| 98 case Manifest::NUM_LOAD_TYPES: | |
| 99 NOTREACHED(); | |
| 100 } | |
| 101 | |
| 102 // Check the whitelist/forcelist first. | |
| 103 base::StringValue id_value(extension->id()); | |
| 104 if ((whitelist && whitelist->Find(id_value) != whitelist->end()) || | |
| 105 (forcelist && forcelist->HasKey(extension->id()))) | |
| 106 return true; | |
| 107 | |
| 108 // Then check the admin blacklist. | |
| 109 if ((blacklist && blacklist->Find(id_value) != blacklist->end()) || | |
| 110 BlacklistedByDefault(blacklist)) | |
| 111 return ReturnLoadError(extension, error); | |
| 112 | |
| 113 return true; | |
| 114 } | |
| 115 | |
| 116 bool UserMayModifySettings(const Extension* extension, base::string16* error) { | |
| 117 return ManagementPolicyImpl(extension, error, true); | |
| 118 } | |
| 119 | |
| 120 bool MustRemainEnabled(const Extension* extension, base::string16* error) { | |
| 121 return ManagementPolicyImpl(extension, error, false); | |
| 122 } | |
| 123 | |
| 124 } // namespace admin_policy | |
| 125 } // namespace extensions | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 500043003:
Add PolicyProvider to ExtensionManagement (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@ext-1