Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(76)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/extensions/extension_management.cc

Issue 595363002: Add policy controlled permission block list for extensions (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@ext-fix
Patch Set: more minor format fix Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/extensions/extension_management.h ('K') | « chrome/browser/extensions/extension_management.h ('k') | chrome/browser/extensions/extension_management_constants.h » ('j') | chrome/browser/extensions/extension_management_internal.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/extensions/extension_management.h" 5 #include "chrome/browser/extensions/extension_management.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
11 #include "base/bind.h" 11 #include "base/bind.h"
12 #include "base/bind_helpers.h" 12 #include "base/bind_helpers.h"
13 #include "base/logging.h" 13 #include "base/logging.h"
14 #include "base/prefs/pref_service.h" 14 #include "base/prefs/pref_service.h"
15 #include "base/strings/string16.h"
15 #include "base/strings/string_util.h" 16 #include "base/strings/string_util.h"
16 #include "chrome/browser/extensions/extension_management_constants.h" 17 #include "chrome/browser/extensions/extension_management_constants.h"
17 #include "chrome/browser/extensions/extension_management_internal.h" 18 #include "chrome/browser/extensions/extension_management_internal.h"
18 #include "chrome/browser/extensions/external_policy_loader.h" 19 #include "chrome/browser/extensions/external_policy_loader.h"
19 #include "chrome/browser/extensions/external_provider_impl.h" 20 #include "chrome/browser/extensions/external_provider_impl.h"
21 #include "chrome/browser/extensions/permissions_based_management_policy_provider .h"
20 #include "chrome/browser/extensions/standard_management_policy_provider.h" 22 #include "chrome/browser/extensions/standard_management_policy_provider.h"
21 #include "chrome/browser/profiles/incognito_helpers.h" 23 #include "chrome/browser/profiles/incognito_helpers.h"
22 #include "chrome/browser/profiles/profile.h" 24 #include "chrome/browser/profiles/profile.h"
23 #include "components/crx_file/id_util.h" 25 #include "components/crx_file/id_util.h"
24 #include "components/keyed_service/content/browser_context_dependency_manager.h" 26 #include "components/keyed_service/content/browser_context_dependency_manager.h"
25 #include "components/pref_registry/pref_registry_syncable.h" 27 #include "components/pref_registry/pref_registry_syncable.h"
26 #include "extensions/browser/pref_names.h" 28 #include "extensions/browser/pref_names.h"
29 #include "extensions/common/permissions/api_permission_set.h"
30 #include "extensions/common/permissions/permission_set.h"
27 #include "extensions/common/url_pattern.h" 31 #include "extensions/common/url_pattern.h"
28 #include "url/gurl.h" 32 #include "url/gurl.h"
29 33
30 namespace extensions { 34 namespace extensions {
31 35
32 ExtensionManagement::ExtensionManagement(PrefService* pref_service) 36 ExtensionManagement::ExtensionManagement(PrefService* pref_service)
33 : pref_service_(pref_service) { 37 : pref_service_(pref_service) {
34 pref_change_registrar_.Init(pref_service_); 38 pref_change_registrar_.Init(pref_service_);
35 base::Closure pref_change_callback = base::Bind( 39 base::Closure pref_change_callback = base::Bind(
36 &ExtensionManagement::OnExtensionPrefChanged, base::Unretained(this)); 40 &ExtensionManagement::OnExtensionPrefChanged, base::Unretained(this));
37 pref_change_registrar_.Add(pref_names::kInstallAllowList, 41 pref_change_registrar_.Add(pref_names::kInstallAllowList,
38 pref_change_callback); 42 pref_change_callback);
39 pref_change_registrar_.Add(pref_names::kInstallDenyList, 43 pref_change_registrar_.Add(pref_names::kInstallDenyList,
40 pref_change_callback); 44 pref_change_callback);
41 pref_change_registrar_.Add(pref_names::kInstallForceList, 45 pref_change_registrar_.Add(pref_names::kInstallForceList,
42 pref_change_callback); 46 pref_change_callback);
43 pref_change_registrar_.Add(pref_names::kAllowedInstallSites, 47 pref_change_registrar_.Add(pref_names::kAllowedInstallSites,
44 pref_change_callback); 48 pref_change_callback);
45 pref_change_registrar_.Add(pref_names::kAllowedTypes, pref_change_callback); 49 pref_change_registrar_.Add(pref_names::kAllowedTypes, pref_change_callback);
46 pref_change_registrar_.Add(pref_names::kExtensionManagement, 50 pref_change_registrar_.Add(pref_names::kExtensionManagement,
47 pref_change_callback); 51 pref_change_callback);
48 // Note that both |global_settings_| and |default_settings_| will be null 52 // Note that both |global_settings_| and |default_settings_| will be null
49 // before first call to Refresh(), so in order to resolve this, Refresh() must 53 // before first call to Refresh(), so in order to resolve this, Refresh() must
50 // be called in the initialization of ExtensionManagement. 54 // be called in the initialization of ExtensionManagement.
51 Refresh(); 55 Refresh();
52 provider_.reset(new StandardManagementPolicyProvider(this)); 56 providers_.push_back(new StandardManagementPolicyProvider(this));
57 providers_.push_back(new PermissionsBasedManagementPolicyProvider(this));
53 } 58 }
54 59
55 ExtensionManagement::~ExtensionManagement() { 60 ExtensionManagement::~ExtensionManagement() {
56 } 61 }
57 62
58 void ExtensionManagement::AddObserver(Observer* observer) { 63 void ExtensionManagement::AddObserver(Observer* observer) {
59 observer_list_.AddObserver(observer); 64 observer_list_.AddObserver(observer);
60 } 65 }
61 66
62 void ExtensionManagement::RemoveObserver(Observer* observer) { 67 void ExtensionManagement::RemoveObserver(Observer* observer) {
63 observer_list_.RemoveObserver(observer); 68 observer_list_.RemoveObserver(observer);
64 } 69 }
65 70
66 ManagementPolicy::Provider* ExtensionManagement::GetProvider() const { 71 std::vector<ManagementPolicy::Provider*> ExtensionManagement::GetProviders()
67 return provider_.get(); 72 const {
73 return providers_.get();
68 } 74 }
69 75
70 bool ExtensionManagement::BlacklistedByDefault() const { 76 bool ExtensionManagement::BlacklistedByDefault() const {
71 return default_settings_->installation_mode == INSTALLATION_BLOCKED; 77 return default_settings_->installation_mode == INSTALLATION_BLOCKED;
72 } 78 }
73 79
74 ExtensionManagement::InstallationMode ExtensionManagement::GetInstallationMode( 80 ExtensionManagement::InstallationMode ExtensionManagement::GetInstallationMode(
75 const ExtensionId& id) const { 81 const ExtensionId& id) const {
76 return ReadById(id)->installation_mode; 82 return ReadById(id)->installation_mode;
77 } 83 }
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
114 bool ExtensionManagement::IsAllowedManifestType( 120 bool ExtensionManagement::IsAllowedManifestType(
115 Manifest::Type manifest_type) const { 121 Manifest::Type manifest_type) const {
116 if (!global_settings_->has_restricted_allowed_types) 122 if (!global_settings_->has_restricted_allowed_types)
117 return true; 123 return true;
118 const std::vector<Manifest::Type>& allowed_types = 124 const std::vector<Manifest::Type>& allowed_types =
119 global_settings_->allowed_types; 125 global_settings_->allowed_types;
120 return std::find(allowed_types.begin(), allowed_types.end(), manifest_type) != 126 return std::find(allowed_types.begin(), allowed_types.end(), manifest_type) !=
121 allowed_types.end(); 127 allowed_types.end();
122 } 128 }
123 129
130 const APIPermissionSet& ExtensionManagement::GetBlockedAPIPermissions(
131 const ExtensionId& id) const {
132 return ReadById(id)->blocked_permissions;
133 }
134
135 scoped_refptr<const PermissionSet> ExtensionManagement::GetBlockedPermissions(
136 const ExtensionId& id) const {
137 // Only api permissions are supported currently.
138 return scoped_refptr<const PermissionSet>(
139 new PermissionSet(GetBlockedAPIPermissions(id),
140 ManifestPermissionSet(),
141 URLPatternSet(),
142 URLPatternSet()));
143 }
144
145 bool ExtensionManagement::IsPermissionSetAllowed(
146 const ExtensionId& id,
147 scoped_refptr<const PermissionSet> perms) const {
148 for (auto blocked_api : GetBlockedAPIPermissions(id)) {
Joao da Silva 2014/10/15 14:39:25 const auto&
binjin 2014/10/16 18:13:57 Done.
149 if (perms->HasAPIPermission(blocked_api->id()))
150 return false;
151 }
152 return true;
153 }
154
124 void ExtensionManagement::Refresh() { 155 void ExtensionManagement::Refresh() {
125 // Load all extension management settings preferences. 156 // Load all extension management settings preferences.
126 const base::ListValue* allowed_list_pref = 157 const base::ListValue* allowed_list_pref =
127 static_cast<const base::ListValue*>(LoadPreference( 158 static_cast<const base::ListValue*>(LoadPreference(
128 pref_names::kInstallAllowList, true, base::Value::TYPE_LIST)); 159 pref_names::kInstallAllowList, true, base::Value::TYPE_LIST));
129 // Allow user to use preference to block certain extensions. Note that policy 160 // Allow user to use preference to block certain extensions. Note that policy
130 // managed forcelist or whitelist will always override this. 161 // managed forcelist or whitelist will always override this.
131 const base::ListValue* denied_list_pref = 162 const base::ListValue* denied_list_pref =
132 static_cast<const base::ListValue*>(LoadPreference( 163 static_cast<const base::ListValue*>(LoadPreference(
133 pref_names::kInstallDenyList, false, base::Value::TYPE_LIST)); 164 pref_names::kInstallDenyList, false, base::Value::TYPE_LIST));
(...skipping 222 matching lines...) Expand 10 before | Expand all | Expand 10 after
356 } 387 }
357 388
358 void ExtensionManagementFactory::RegisterProfilePrefs( 389 void ExtensionManagementFactory::RegisterProfilePrefs(
359 user_prefs::PrefRegistrySyncable* user_prefs) { 390 user_prefs::PrefRegistrySyncable* user_prefs) {
360 user_prefs->RegisterDictionaryPref( 391 user_prefs->RegisterDictionaryPref(
361 pref_names::kExtensionManagement, 392 pref_names::kExtensionManagement,
362 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF); 393 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
363 } 394 }
364 395
365 } // namespace extensions 396 } // namespace extensions
OLDNEW
« chrome/browser/extensions/extension_management.h ('K') | « chrome/browser/extensions/extension_management.h ('k') | chrome/browser/extensions/extension_management_constants.h » ('j') | chrome/browser/extensions/extension_management_internal.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698