Chromium Code Reviews Chromium Code Reviews
Issue 500043003:
Add PolicyProvider to ExtensionManagement (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@ext-1| Index: chrome/browser/extensions/standard_management_policy_provider.cc |
| diff --git a/chrome/browser/extensions/standard_management_policy_provider.cc b/chrome/browser/extensions/standard_management_policy_provider.cc |
| index 28a52a0893255deefffdfff5734f4aab6067f0bb..8680212bf2a109522e0ad1c4753f167e46e7c3cb 100644 |
| --- a/chrome/browser/extensions/standard_management_policy_provider.cc |
| +++ b/chrome/browser/extensions/standard_management_policy_provider.cc |
| @@ -4,20 +4,57 @@ |
| #include "chrome/browser/extensions/standard_management_policy_provider.h" |
| -#include "base/prefs/pref_service.h" |
| -#include "chrome/browser/extensions/blacklist.h" |
| +#include <algorithm> |
| +#include <string> |
| + |
| +#include "base/logging.h" |
| +#include "base/strings/string16.h" |
| +#include "base/strings/utf_string_conversions.h" |
| +#include "chrome/browser/extensions/extension_management.h" |
| #include "chrome/browser/extensions/external_component_loader.h" |
| -#include "chrome/common/pref_names.h" |
| -#include "extensions/browser/admin_policy.h" |
| -#include "extensions/browser/extension_prefs.h" |
| -#include "extensions/browser/pref_names.h" |
| #include "extensions/common/extension.h" |
| +#include "extensions/common/manifest.h" |
| +#include "grit/extensions_strings.h" |
| +#include "ui/base/l10n/l10n_util.h" |
| namespace extensions { |
| +namespace { |
| + |
| +bool ManagementPolicyImpl(const extensions::Extension* extension, |
| + base::string16* error, |
| + bool modifiable_value) { |
|
Finnur
2014/09/04 11:29:46
This function is a bit weirdly named and needs som
binjin
2014/09/04 13:06:57
Done.
|
| + const bool modifiable = |
| + !extensions::Manifest::IsComponentLocation(extension->location()) && |
| + !extensions::Manifest::IsPolicyLocation(extension->location()); |
| + // Some callers equate "no restriction" to true, others to false. |
| + if (modifiable) |
| + return modifiable_value; |
| + |
| + if (error) { |
| + *error = l10n_util::GetStringFUTF16( |
| + IDS_EXTENSION_CANT_MODIFY_POLICY_REQUIRED, |
| + base::UTF8ToUTF16(extension->name())); |
| + } |
| + return !modifiable_value; |
| +} |
| + |
| +bool ReturnLoadError(const extensions::Extension* extension, |
| + base::string16* error) { |
| + if (error) { |
| + *error = l10n_util::GetStringFUTF16( |
| + IDS_EXTENSION_CANT_INSTALL_POLICY_BLOCKED, |
| + base::UTF8ToUTF16(extension->name()), |
| + base::UTF8ToUTF16(extension->id())); |
| + } |
| + return false; |
| +} |
| + |
| +} // namespace |
| + |
| StandardManagementPolicyProvider::StandardManagementPolicyProvider( |
| - ExtensionPrefs* prefs) |
| - : prefs_(prefs) { |
| + const ExtensionManagement* settings) |
| + : settings_(settings) { |
| } |
| StandardManagementPolicyProvider::~StandardManagementPolicyProvider() { |
| @@ -29,33 +66,69 @@ std::string |
| NOTREACHED(); |
| return std::string(); |
| #else |
| - return "admin policy black/white/forcelist, via the ExtensionPrefs"; |
| + return "extension management policy controlled settings"; |
| #endif |
| } |
| bool StandardManagementPolicyProvider::UserMayLoad( |
| const Extension* extension, |
| base::string16* error) const { |
| - PrefService* pref_service = prefs_->pref_service(); |
| - |
| - const base::ListValue* blacklist = |
| - pref_service->GetList(pref_names::kInstallDenyList); |
| - const base::ListValue* whitelist = |
| - pref_service->GetList(pref_names::kInstallAllowList); |
| - const base::DictionaryValue* forcelist = |
| - pref_service->GetDictionary(pref_names::kInstallForceList); |
| - const base::ListValue* allowed_types = NULL; |
| - if (pref_service->HasPrefPath(pref_names::kAllowedTypes)) |
| - allowed_types = pref_service->GetList(pref_names::kAllowedTypes); |
| - |
| - return admin_policy::UserMayLoad( |
| - blacklist, whitelist, forcelist, allowed_types, extension, error); |
| + // Component extensions are always allowed. |
| + if (extension->location() == Manifest::COMPONENT) |
|
Finnur
2014/09/04 11:29:46
Should EXTERNAL_COMPONENT also be included?
binjin
2014/09/04 13:06:57
Done. For reference, it seems that starting crrev.
|
| + return true; |
| + |
| + // Fields in |by_id| will automatically fall back to default settings if |
| + // they are not specified by policy. |
| + const ExtensionManagement::IndividualSettings& by_id = |
| + settings_->ReadById(extension->id()); |
| + const ExtensionManagement::GlobalSettings& global = |
| + settings_->ReadGlobalSettings(); |
| + |
| + // Force-installed extensions cannot be overwritten manually. |
| + if (!Manifest::IsPolicyLocation(extension->location()) && |
| + by_id.installation_mode == ExtensionManagement::INSTALLATION_FORCED) { |
| + return ReturnLoadError(extension, error); |
| + } |
| + |
| + // Check whether the extension type is allowed. |
| + // |
| + // If you get a compile error here saying that the type you added is not |
| + // handled by the switch statement below, please consider whether enterprise |
| + // policy should be able to disallow extensions of the new type. If so, add |
| + // a branch to the second block and add a line to the definition of |
| + // kExtensionAllowedTypesMap in configuration_policy_handler_list.cc. |
| + switch (extension->GetType()) { |
| + case Manifest::TYPE_UNKNOWN: |
| + break; |
| + case Manifest::TYPE_EXTENSION: |
| + case Manifest::TYPE_THEME: |
| + case Manifest::TYPE_USER_SCRIPT: |
| + case Manifest::TYPE_HOSTED_APP: |
| + case Manifest::TYPE_LEGACY_PACKAGED_APP: |
| + case Manifest::TYPE_PLATFORM_APP: |
| + case Manifest::TYPE_SHARED_MODULE: { |
| + if (global.has_restricted_allowed_types && |
| + std::find(global.allowed_types.begin(), |
| + global.allowed_types.end(), |
| + extension->GetType()) == global.allowed_types.end()) { |
| + return ReturnLoadError(extension, error); |
| + } |
| + break; |
| + } |
| + case Manifest::NUM_LOAD_TYPES: |
| + NOTREACHED(); |
| + } |
| + |
| + if (by_id.installation_mode == ExtensionManagement::INSTALLATION_BLOCKED) |
| + return ReturnLoadError(extension, error); |
| + |
| + return true; |
| } |
| bool StandardManagementPolicyProvider::UserMayModifySettings( |
| const Extension* extension, |
| base::string16* error) const { |
| - return admin_policy::UserMayModifySettings(extension, error) || |
| + return ManagementPolicyImpl(extension, error, true) || |
| (extension->location() == extensions::Manifest::EXTERNAL_COMPONENT && |
| ExternalComponentLoader::IsModifiable(extension)); |
| } |
| @@ -63,7 +136,7 @@ bool StandardManagementPolicyProvider::UserMayModifySettings( |
| bool StandardManagementPolicyProvider::MustRemainEnabled( |
| const Extension* extension, |
| base::string16* error) const { |
| - return admin_policy::MustRemainEnabled(extension, error) || |
| + return ManagementPolicyImpl(extension, error, false) || |
| (extension->location() == extensions::Manifest::EXTERNAL_COMPONENT && |
| ExternalComponentLoader::IsModifiable(extension)); |
| } |
