| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/extension_management.h" | 5 #include "chrome/browser/extensions/extension_management.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/bind.h" | 11 #include "base/bind.h" |
| 12 #include "base/bind_helpers.h" | 12 #include "base/bind_helpers.h" |
| 13 #include "base/logging.h" | 13 #include "base/logging.h" |
| 14 #include "base/prefs/pref_service.h" | 14 #include "base/prefs/pref_service.h" |
| 15 #include "base/strings/string16.h" |
| 15 #include "base/strings/string_util.h" | 16 #include "base/strings/string_util.h" |
| 16 #include "chrome/browser/extensions/extension_management_constants.h" | 17 #include "chrome/browser/extensions/extension_management_constants.h" |
| 17 #include "chrome/browser/extensions/extension_management_internal.h" | 18 #include "chrome/browser/extensions/extension_management_internal.h" |
| 18 #include "chrome/browser/extensions/external_policy_loader.h" | 19 #include "chrome/browser/extensions/external_policy_loader.h" |
| 19 #include "chrome/browser/extensions/external_provider_impl.h" | 20 #include "chrome/browser/extensions/external_provider_impl.h" |
| 21 #include "chrome/browser/extensions/permissions_based_management_policy_provider
.h" |
| 20 #include "chrome/browser/extensions/standard_management_policy_provider.h" | 22 #include "chrome/browser/extensions/standard_management_policy_provider.h" |
| 21 #include "chrome/browser/profiles/incognito_helpers.h" | 23 #include "chrome/browser/profiles/incognito_helpers.h" |
| 22 #include "chrome/browser/profiles/profile.h" | 24 #include "chrome/browser/profiles/profile.h" |
| 23 #include "components/crx_file/id_util.h" | 25 #include "components/crx_file/id_util.h" |
| 24 #include "components/keyed_service/content/browser_context_dependency_manager.h" | 26 #include "components/keyed_service/content/browser_context_dependency_manager.h" |
| 25 #include "components/pref_registry/pref_registry_syncable.h" | 27 #include "components/pref_registry/pref_registry_syncable.h" |
| 26 #include "extensions/browser/pref_names.h" | 28 #include "extensions/browser/pref_names.h" |
| 29 #include "extensions/common/permissions/api_permission_set.h" |
| 30 #include "extensions/common/permissions/permission_set.h" |
| 27 #include "extensions/common/url_pattern.h" | 31 #include "extensions/common/url_pattern.h" |
| 28 #include "url/gurl.h" | 32 #include "url/gurl.h" |
| 29 | 33 |
| 30 namespace extensions { | 34 namespace extensions { |
| 31 | 35 |
| 32 ExtensionManagement::ExtensionManagement(PrefService* pref_service) | 36 ExtensionManagement::ExtensionManagement(PrefService* pref_service) |
| 33 : pref_service_(pref_service) { | 37 : pref_service_(pref_service) { |
| 34 pref_change_registrar_.Init(pref_service_); | 38 pref_change_registrar_.Init(pref_service_); |
| 35 base::Closure pref_change_callback = base::Bind( | 39 base::Closure pref_change_callback = base::Bind( |
| 36 &ExtensionManagement::OnExtensionPrefChanged, base::Unretained(this)); | 40 &ExtensionManagement::OnExtensionPrefChanged, base::Unretained(this)); |
| 37 pref_change_registrar_.Add(pref_names::kInstallAllowList, | 41 pref_change_registrar_.Add(pref_names::kInstallAllowList, |
| 38 pref_change_callback); | 42 pref_change_callback); |
| 39 pref_change_registrar_.Add(pref_names::kInstallDenyList, | 43 pref_change_registrar_.Add(pref_names::kInstallDenyList, |
| 40 pref_change_callback); | 44 pref_change_callback); |
| 41 pref_change_registrar_.Add(pref_names::kInstallForceList, | 45 pref_change_registrar_.Add(pref_names::kInstallForceList, |
| 42 pref_change_callback); | 46 pref_change_callback); |
| 43 pref_change_registrar_.Add(pref_names::kAllowedInstallSites, | 47 pref_change_registrar_.Add(pref_names::kAllowedInstallSites, |
| 44 pref_change_callback); | 48 pref_change_callback); |
| 45 pref_change_registrar_.Add(pref_names::kAllowedTypes, pref_change_callback); | 49 pref_change_registrar_.Add(pref_names::kAllowedTypes, pref_change_callback); |
| 46 pref_change_registrar_.Add(pref_names::kExtensionManagement, | 50 pref_change_registrar_.Add(pref_names::kExtensionManagement, |
| 47 pref_change_callback); | 51 pref_change_callback); |
| 48 // Note that both |global_settings_| and |default_settings_| will be null | 52 // Note that both |global_settings_| and |default_settings_| will be null |
| 49 // before first call to Refresh(), so in order to resolve this, Refresh() must | 53 // before first call to Refresh(), so in order to resolve this, Refresh() must |
| 50 // be called in the initialization of ExtensionManagement. | 54 // be called in the initialization of ExtensionManagement. |
| 51 Refresh(); | 55 Refresh(); |
| 52 provider_.reset(new StandardManagementPolicyProvider(this)); | 56 providers_.push_back(new StandardManagementPolicyProvider(this)); |
| 57 providers_.push_back(new PermissionsBasedManagementPolicyProvider(this)); |
| 53 } | 58 } |
| 54 | 59 |
| 55 ExtensionManagement::~ExtensionManagement() { | 60 ExtensionManagement::~ExtensionManagement() { |
| 56 } | 61 } |
| 57 | 62 |
| 63 void ExtensionManagement::ShutDown() { |
| 64 pref_change_registrar_.RemoveAll(); |
| 65 pref_service_ = nullptr; |
| 66 } |
| 67 |
| 58 void ExtensionManagement::AddObserver(Observer* observer) { | 68 void ExtensionManagement::AddObserver(Observer* observer) { |
| 59 observer_list_.AddObserver(observer); | 69 observer_list_.AddObserver(observer); |
| 60 } | 70 } |
| 61 | 71 |
| 62 void ExtensionManagement::RemoveObserver(Observer* observer) { | 72 void ExtensionManagement::RemoveObserver(Observer* observer) { |
| 63 observer_list_.RemoveObserver(observer); | 73 observer_list_.RemoveObserver(observer); |
| 64 } | 74 } |
| 65 | 75 |
| 66 ManagementPolicy::Provider* ExtensionManagement::GetProvider() const { | 76 std::vector<ManagementPolicy::Provider*> ExtensionManagement::GetProviders() |
| 67 return provider_.get(); | 77 const { |
| 78 return providers_.get(); |
| 68 } | 79 } |
| 69 | 80 |
| 70 bool ExtensionManagement::BlacklistedByDefault() const { | 81 bool ExtensionManagement::BlacklistedByDefault() const { |
| 71 return default_settings_->installation_mode == INSTALLATION_BLOCKED; | 82 return default_settings_->installation_mode == INSTALLATION_BLOCKED; |
| 72 } | 83 } |
| 73 | 84 |
| 74 ExtensionManagement::InstallationMode ExtensionManagement::GetInstallationMode( | 85 ExtensionManagement::InstallationMode ExtensionManagement::GetInstallationMode( |
| 75 const ExtensionId& id) const { | 86 const ExtensionId& id) const { |
| 76 return ReadById(id)->installation_mode; | 87 return ReadById(id)->installation_mode; |
| 77 } | 88 } |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 137 bool ExtensionManagement::IsAllowedManifestType( | 148 bool ExtensionManagement::IsAllowedManifestType( |
| 138 Manifest::Type manifest_type) const { | 149 Manifest::Type manifest_type) const { |
| 139 if (!global_settings_->has_restricted_allowed_types) | 150 if (!global_settings_->has_restricted_allowed_types) |
| 140 return true; | 151 return true; |
| 141 const std::vector<Manifest::Type>& allowed_types = | 152 const std::vector<Manifest::Type>& allowed_types = |
| 142 global_settings_->allowed_types; | 153 global_settings_->allowed_types; |
| 143 return std::find(allowed_types.begin(), allowed_types.end(), manifest_type) != | 154 return std::find(allowed_types.begin(), allowed_types.end(), manifest_type) != |
| 144 allowed_types.end(); | 155 allowed_types.end(); |
| 145 } | 156 } |
| 146 | 157 |
| 158 const APIPermissionSet& ExtensionManagement::GetBlockedAPIPermissions( |
| 159 const ExtensionId& id) const { |
| 160 return ReadById(id)->blocked_permissions; |
| 161 } |
| 162 |
| 163 scoped_refptr<const PermissionSet> ExtensionManagement::GetBlockedPermissions( |
| 164 const ExtensionId& id) const { |
| 165 // Only api permissions are supported currently. |
| 166 return scoped_refptr<const PermissionSet>( |
| 167 new PermissionSet(GetBlockedAPIPermissions(id), |
| 168 ManifestPermissionSet(), |
| 169 URLPatternSet(), |
| 170 URLPatternSet())); |
| 171 } |
| 172 |
| 173 bool ExtensionManagement::IsPermissionSetAllowed( |
| 174 const ExtensionId& id, |
| 175 scoped_refptr<const PermissionSet> perms) const { |
| 176 for (const auto& blocked_api : GetBlockedAPIPermissions(id)) { |
| 177 if (perms->HasAPIPermission(blocked_api->id())) |
| 178 return false; |
| 179 } |
| 180 return true; |
| 181 } |
| 182 |
| 147 void ExtensionManagement::Refresh() { | 183 void ExtensionManagement::Refresh() { |
| 148 // Load all extension management settings preferences. | 184 // Load all extension management settings preferences. |
| 149 const base::ListValue* allowed_list_pref = | 185 const base::ListValue* allowed_list_pref = |
| 150 static_cast<const base::ListValue*>(LoadPreference( | 186 static_cast<const base::ListValue*>(LoadPreference( |
| 151 pref_names::kInstallAllowList, true, base::Value::TYPE_LIST)); | 187 pref_names::kInstallAllowList, true, base::Value::TYPE_LIST)); |
| 152 // Allow user to use preference to block certain extensions. Note that policy | 188 // Allow user to use preference to block certain extensions. Note that policy |
| 153 // managed forcelist or whitelist will always override this. | 189 // managed forcelist or whitelist will always override this. |
| 154 const base::ListValue* denied_list_pref = | 190 const base::ListValue* denied_list_pref = |
| 155 static_cast<const base::ListValue*>(LoadPreference( | 191 static_cast<const base::ListValue*>(LoadPreference( |
| 156 pref_names::kInstallDenyList, false, base::Value::TYPE_LIST)); | 192 pref_names::kInstallDenyList, false, base::Value::TYPE_LIST)); |
| (...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 294 << extension_id << "."; | 330 << extension_id << "."; |
| 295 } | 331 } |
| 296 } | 332 } |
| 297 } | 333 } |
| 298 } | 334 } |
| 299 | 335 |
| 300 const base::Value* ExtensionManagement::LoadPreference( | 336 const base::Value* ExtensionManagement::LoadPreference( |
| 301 const char* pref_name, | 337 const char* pref_name, |
| 302 bool force_managed, | 338 bool force_managed, |
| 303 base::Value::Type expected_type) { | 339 base::Value::Type expected_type) { |
| 340 if (!pref_service_) |
| 341 return nullptr; |
| 304 const PrefService::Preference* pref = | 342 const PrefService::Preference* pref = |
| 305 pref_service_->FindPreference(pref_name); | 343 pref_service_->FindPreference(pref_name); |
| 306 if (pref && !pref->IsDefaultValue() && | 344 if (pref && !pref->IsDefaultValue() && |
| 307 (!force_managed || pref->IsManaged())) { | 345 (!force_managed || pref->IsManaged())) { |
| 308 const base::Value* value = pref->GetValue(); | 346 const base::Value* value = pref->GetValue(); |
| 309 if (value && value->IsType(expected_type)) | 347 if (value && value->IsType(expected_type)) |
| 310 return value; | 348 return value; |
| 311 } | 349 } |
| 312 return NULL; | 350 return nullptr; |
| 313 } | 351 } |
| 314 | 352 |
| 315 void ExtensionManagement::OnExtensionPrefChanged() { | 353 void ExtensionManagement::OnExtensionPrefChanged() { |
| 316 Refresh(); | 354 Refresh(); |
| 317 NotifyExtensionManagementPrefChanged(); | 355 NotifyExtensionManagementPrefChanged(); |
| 318 } | 356 } |
| 319 | 357 |
| 320 void ExtensionManagement::NotifyExtensionManagementPrefChanged() { | 358 void ExtensionManagement::NotifyExtensionManagementPrefChanged() { |
| 321 FOR_EACH_OBSERVER( | 359 FOR_EACH_OBSERVER( |
| 322 Observer, observer_list_, OnExtensionManagementSettingsChanged()); | 360 Observer, observer_list_, OnExtensionManagementSettingsChanged()); |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 379 } | 417 } |
| 380 | 418 |
| 381 void ExtensionManagementFactory::RegisterProfilePrefs( | 419 void ExtensionManagementFactory::RegisterProfilePrefs( |
| 382 user_prefs::PrefRegistrySyncable* user_prefs) { | 420 user_prefs::PrefRegistrySyncable* user_prefs) { |
| 383 user_prefs->RegisterDictionaryPref( | 421 user_prefs->RegisterDictionaryPref( |
| 384 pref_names::kExtensionManagement, | 422 pref_names::kExtensionManagement, |
| 385 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF); | 423 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF); |
| 386 } | 424 } |
| 387 | 425 |
| 388 } // namespace extensions | 426 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 595363002:
Add policy controlled permission block list for extensions (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@ext-fix