| Index: chrome/browser/extensions/standard_management_policy_provider.cc
|
| diff --git a/chrome/browser/extensions/standard_management_policy_provider.cc b/chrome/browser/extensions/standard_management_policy_provider.cc
|
| index 28a52a0893255deefffdfff5734f4aab6067f0bb..8680212bf2a109522e0ad1c4753f167e46e7c3cb 100644
|
| --- a/chrome/browser/extensions/standard_management_policy_provider.cc
|
| +++ b/chrome/browser/extensions/standard_management_policy_provider.cc
|
| @@ -4,20 +4,57 @@
|
|
|
| #include "chrome/browser/extensions/standard_management_policy_provider.h"
|
|
|
| -#include "base/prefs/pref_service.h"
|
| -#include "chrome/browser/extensions/blacklist.h"
|
| +#include <algorithm>
|
| +#include <string>
|
| +
|
| +#include "base/logging.h"
|
| +#include "base/strings/string16.h"
|
| +#include "base/strings/utf_string_conversions.h"
|
| +#include "chrome/browser/extensions/extension_management.h"
|
| #include "chrome/browser/extensions/external_component_loader.h"
|
| -#include "chrome/common/pref_names.h"
|
| -#include "extensions/browser/admin_policy.h"
|
| -#include "extensions/browser/extension_prefs.h"
|
| -#include "extensions/browser/pref_names.h"
|
| #include "extensions/common/extension.h"
|
| +#include "extensions/common/manifest.h"
|
| +#include "grit/extensions_strings.h"
|
| +#include "ui/base/l10n/l10n_util.h"
|
|
|
| namespace extensions {
|
|
|
| +namespace {
|
| +
|
| +bool ManagementPolicyImpl(const extensions::Extension* extension,
|
| + base::string16* error,
|
| + bool modifiable_value) {
|
| + const bool modifiable =
|
| + !extensions::Manifest::IsComponentLocation(extension->location()) &&
|
| + !extensions::Manifest::IsPolicyLocation(extension->location());
|
| + // Some callers equate "no restriction" to true, others to false.
|
| + if (modifiable)
|
| + return modifiable_value;
|
| +
|
| + if (error) {
|
| + *error = l10n_util::GetStringFUTF16(
|
| + IDS_EXTENSION_CANT_MODIFY_POLICY_REQUIRED,
|
| + base::UTF8ToUTF16(extension->name()));
|
| + }
|
| + return !modifiable_value;
|
| +}
|
| +
|
| +bool ReturnLoadError(const extensions::Extension* extension,
|
| + base::string16* error) {
|
| + if (error) {
|
| + *error = l10n_util::GetStringFUTF16(
|
| + IDS_EXTENSION_CANT_INSTALL_POLICY_BLOCKED,
|
| + base::UTF8ToUTF16(extension->name()),
|
| + base::UTF8ToUTF16(extension->id()));
|
| + }
|
| + return false;
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| StandardManagementPolicyProvider::StandardManagementPolicyProvider(
|
| - ExtensionPrefs* prefs)
|
| - : prefs_(prefs) {
|
| + const ExtensionManagement* settings)
|
| + : settings_(settings) {
|
| }
|
|
|
| StandardManagementPolicyProvider::~StandardManagementPolicyProvider() {
|
| @@ -29,33 +66,69 @@ std::string
|
| NOTREACHED();
|
| return std::string();
|
| #else
|
| - return "admin policy black/white/forcelist, via the ExtensionPrefs";
|
| + return "extension management policy controlled settings";
|
| #endif
|
| }
|
|
|
| bool StandardManagementPolicyProvider::UserMayLoad(
|
| const Extension* extension,
|
| base::string16* error) const {
|
| - PrefService* pref_service = prefs_->pref_service();
|
| -
|
| - const base::ListValue* blacklist =
|
| - pref_service->GetList(pref_names::kInstallDenyList);
|
| - const base::ListValue* whitelist =
|
| - pref_service->GetList(pref_names::kInstallAllowList);
|
| - const base::DictionaryValue* forcelist =
|
| - pref_service->GetDictionary(pref_names::kInstallForceList);
|
| - const base::ListValue* allowed_types = NULL;
|
| - if (pref_service->HasPrefPath(pref_names::kAllowedTypes))
|
| - allowed_types = pref_service->GetList(pref_names::kAllowedTypes);
|
| -
|
| - return admin_policy::UserMayLoad(
|
| - blacklist, whitelist, forcelist, allowed_types, extension, error);
|
| + // Component extensions are always allowed.
|
| + if (extension->location() == Manifest::COMPONENT)
|
| + return true;
|
| +
|
| + // Fields in |by_id| will automatically fall back to default settings if
|
| + // they are not specified by policy.
|
| + const ExtensionManagement::IndividualSettings& by_id =
|
| + settings_->ReadById(extension->id());
|
| + const ExtensionManagement::GlobalSettings& global =
|
| + settings_->ReadGlobalSettings();
|
| +
|
| + // Force-installed extensions cannot be overwritten manually.
|
| + if (!Manifest::IsPolicyLocation(extension->location()) &&
|
| + by_id.installation_mode == ExtensionManagement::INSTALLATION_FORCED) {
|
| + return ReturnLoadError(extension, error);
|
| + }
|
| +
|
| + // Check whether the extension type is allowed.
|
| + //
|
| + // If you get a compile error here saying that the type you added is not
|
| + // handled by the switch statement below, please consider whether enterprise
|
| + // policy should be able to disallow extensions of the new type. If so, add
|
| + // a branch to the second block and add a line to the definition of
|
| + // kExtensionAllowedTypesMap in configuration_policy_handler_list.cc.
|
| + switch (extension->GetType()) {
|
| + case Manifest::TYPE_UNKNOWN:
|
| + break;
|
| + case Manifest::TYPE_EXTENSION:
|
| + case Manifest::TYPE_THEME:
|
| + case Manifest::TYPE_USER_SCRIPT:
|
| + case Manifest::TYPE_HOSTED_APP:
|
| + case Manifest::TYPE_LEGACY_PACKAGED_APP:
|
| + case Manifest::TYPE_PLATFORM_APP:
|
| + case Manifest::TYPE_SHARED_MODULE: {
|
| + if (global.has_restricted_allowed_types &&
|
| + std::find(global.allowed_types.begin(),
|
| + global.allowed_types.end(),
|
| + extension->GetType()) == global.allowed_types.end()) {
|
| + return ReturnLoadError(extension, error);
|
| + }
|
| + break;
|
| + }
|
| + case Manifest::NUM_LOAD_TYPES:
|
| + NOTREACHED();
|
| + }
|
| +
|
| + if (by_id.installation_mode == ExtensionManagement::INSTALLATION_BLOCKED)
|
| + return ReturnLoadError(extension, error);
|
| +
|
| + return true;
|
| }
|
|
|
| bool StandardManagementPolicyProvider::UserMayModifySettings(
|
| const Extension* extension,
|
| base::string16* error) const {
|
| - return admin_policy::UserMayModifySettings(extension, error) ||
|
| + return ManagementPolicyImpl(extension, error, true) ||
|
| (extension->location() == extensions::Manifest::EXTERNAL_COMPONENT &&
|
| ExternalComponentLoader::IsModifiable(extension));
|
| }
|
| @@ -63,7 +136,7 @@ bool StandardManagementPolicyProvider::UserMayModifySettings(
|
| bool StandardManagementPolicyProvider::MustRemainEnabled(
|
| const Extension* extension,
|
| base::string16* error) const {
|
| - return admin_policy::MustRemainEnabled(extension, error) ||
|
| + return ManagementPolicyImpl(extension, error, false) ||
|
| (extension->location() == extensions::Manifest::EXTERNAL_COMPONENT &&
|
| ExternalComponentLoader::IsModifiable(extension));
|
| }
|
|
|
Chromium Code Reviews
Issue 500043003:
Add PolicyProvider to ExtensionManagement (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@ext-1