| OLD | NEW |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/extension_management.h" | 5 #include "chrome/browser/extensions/extension_management.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | |
| 10 | 9 |
| 11 #include "base/bind.h" | 10 #include "base/bind.h" |
| 12 #include "base/bind_helpers.h" | 11 #include "base/bind_helpers.h" |
| 13 #include "base/logging.h" | 12 #include "base/logging.h" |
| 14 #include "base/prefs/pref_service.h" | 13 #include "base/prefs/pref_service.h" |
| 14 #include "base/strings/string16.h" |
| 15 #include "base/strings/string_util.h" | 15 #include "base/strings/string_util.h" |
| 16 #include "chrome/browser/extensions/extension_management_constants.h" | 16 #include "chrome/browser/extensions/extension_management_constants.h" |
| 17 #include "chrome/browser/extensions/extension_management_internal.h" | 17 #include "chrome/browser/extensions/extension_management_internal.h" |
| 18 #include "chrome/browser/extensions/external_policy_loader.h" | 18 #include "chrome/browser/extensions/external_policy_loader.h" |
| 19 #include "chrome/browser/extensions/external_provider_impl.h" | 19 #include "chrome/browser/extensions/external_provider_impl.h" |
| 20 #include "chrome/browser/extensions/permissions_based_management_policy_provider
.h" |
| 20 #include "chrome/browser/extensions/standard_management_policy_provider.h" | 21 #include "chrome/browser/extensions/standard_management_policy_provider.h" |
| 21 #include "chrome/browser/profiles/incognito_helpers.h" | 22 #include "chrome/browser/profiles/incognito_helpers.h" |
| 22 #include "chrome/browser/profiles/profile.h" | 23 #include "chrome/browser/profiles/profile.h" |
| 23 #include "components/crx_file/id_util.h" | 24 #include "components/crx_file/id_util.h" |
| 24 #include "components/keyed_service/content/browser_context_dependency_manager.h" | 25 #include "components/keyed_service/content/browser_context_dependency_manager.h" |
| 25 #include "components/pref_registry/pref_registry_syncable.h" | 26 #include "components/pref_registry/pref_registry_syncable.h" |
| 26 #include "extensions/browser/pref_names.h" | 27 #include "extensions/browser/pref_names.h" |
| 28 #include "extensions/common/permissions/api_permission_set.h" |
| 29 #include "extensions/common/permissions/permission_set.h" |
| 27 #include "extensions/common/url_pattern.h" | 30 #include "extensions/common/url_pattern.h" |
| 28 #include "url/gurl.h" | 31 #include "url/gurl.h" |
| 29 | 32 |
| 30 namespace extensions { | 33 namespace extensions { |
| 31 | 34 |
| 32 ExtensionManagement::ExtensionManagement(PrefService* pref_service) | 35 ExtensionManagement::ExtensionManagement(PrefService* pref_service) |
| 33 : pref_service_(pref_service) { | 36 : pref_service_(pref_service) { |
| 34 pref_change_registrar_.Init(pref_service_); | 37 pref_change_registrar_.Init(pref_service_); |
| 35 base::Closure pref_change_callback = base::Bind( | 38 base::Closure pref_change_callback = base::Bind( |
| 36 &ExtensionManagement::OnExtensionPrefChanged, base::Unretained(this)); | 39 &ExtensionManagement::OnExtensionPrefChanged, base::Unretained(this)); |
| 37 pref_change_registrar_.Add(pref_names::kInstallAllowList, | 40 pref_change_registrar_.Add(pref_names::kInstallAllowList, |
| 38 pref_change_callback); | 41 pref_change_callback); |
| 39 pref_change_registrar_.Add(pref_names::kInstallDenyList, | 42 pref_change_registrar_.Add(pref_names::kInstallDenyList, |
| 40 pref_change_callback); | 43 pref_change_callback); |
| 41 pref_change_registrar_.Add(pref_names::kInstallForceList, | 44 pref_change_registrar_.Add(pref_names::kInstallForceList, |
| 42 pref_change_callback); | 45 pref_change_callback); |
| 43 pref_change_registrar_.Add(pref_names::kAllowedInstallSites, | 46 pref_change_registrar_.Add(pref_names::kAllowedInstallSites, |
| 44 pref_change_callback); | 47 pref_change_callback); |
| 45 pref_change_registrar_.Add(pref_names::kAllowedTypes, pref_change_callback); | 48 pref_change_registrar_.Add(pref_names::kAllowedTypes, pref_change_callback); |
| 46 pref_change_registrar_.Add(pref_names::kExtensionManagement, | 49 pref_change_registrar_.Add(pref_names::kExtensionManagement, |
| 47 pref_change_callback); | 50 pref_change_callback); |
| 48 // Note that both |global_settings_| and |default_settings_| will be null | 51 // Note that both |global_settings_| and |default_settings_| will be null |
| 49 // before first call to Refresh(), so in order to resolve this, Refresh() must | 52 // before first call to Refresh(), so in order to resolve this, Refresh() must |
| 50 // be called in the initialization of ExtensionManagement. | 53 // be called in the initialization of ExtensionManagement. |
| 51 Refresh(); | 54 Refresh(); |
| 52 provider_.reset(new StandardManagementPolicyProvider(this)); | 55 providers_.push_back(new StandardManagementPolicyProvider(this)); |
| 56 providers_.push_back(new PermissionsBasedManagementPolicyProvider(this)); |
| 53 } | 57 } |
| 54 | 58 |
| 55 ExtensionManagement::~ExtensionManagement() { | 59 ExtensionManagement::~ExtensionManagement() { |
| 56 } | 60 } |
| 57 | 61 |
| 62 void ExtensionManagement::Shutdown() { |
| 63 pref_change_registrar_.RemoveAll(); |
| 64 pref_service_ = nullptr; |
| 65 } |
| 66 |
| 58 void ExtensionManagement::AddObserver(Observer* observer) { | 67 void ExtensionManagement::AddObserver(Observer* observer) { |
| 59 observer_list_.AddObserver(observer); | 68 observer_list_.AddObserver(observer); |
| 60 } | 69 } |
| 61 | 70 |
| 62 void ExtensionManagement::RemoveObserver(Observer* observer) { | 71 void ExtensionManagement::RemoveObserver(Observer* observer) { |
| 63 observer_list_.RemoveObserver(observer); | 72 observer_list_.RemoveObserver(observer); |
| 64 } | 73 } |
| 65 | 74 |
| 66 ManagementPolicy::Provider* ExtensionManagement::GetProvider() const { | 75 std::vector<ManagementPolicy::Provider*> ExtensionManagement::GetProviders() |
| 67 return provider_.get(); | 76 const { |
| 77 return providers_.get(); |
| 68 } | 78 } |
| 69 | 79 |
| 70 bool ExtensionManagement::BlacklistedByDefault() const { | 80 bool ExtensionManagement::BlacklistedByDefault() const { |
| 71 return default_settings_->installation_mode == INSTALLATION_BLOCKED; | 81 return default_settings_->installation_mode == INSTALLATION_BLOCKED; |
| 72 } | 82 } |
| 73 | 83 |
| 74 ExtensionManagement::InstallationMode ExtensionManagement::GetInstallationMode( | 84 ExtensionManagement::InstallationMode ExtensionManagement::GetInstallationMode( |
| 75 const ExtensionId& id) const { | 85 const ExtensionId& id) const { |
| 76 return ReadById(id)->installation_mode; | 86 return ReadById(id)->installation_mode; |
| 77 } | 87 } |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 137 bool ExtensionManagement::IsAllowedManifestType( | 147 bool ExtensionManagement::IsAllowedManifestType( |
| 138 Manifest::Type manifest_type) const { | 148 Manifest::Type manifest_type) const { |
| 139 if (!global_settings_->has_restricted_allowed_types) | 149 if (!global_settings_->has_restricted_allowed_types) |
| 140 return true; | 150 return true; |
| 141 const std::vector<Manifest::Type>& allowed_types = | 151 const std::vector<Manifest::Type>& allowed_types = |
| 142 global_settings_->allowed_types; | 152 global_settings_->allowed_types; |
| 143 return std::find(allowed_types.begin(), allowed_types.end(), manifest_type) != | 153 return std::find(allowed_types.begin(), allowed_types.end(), manifest_type) != |
| 144 allowed_types.end(); | 154 allowed_types.end(); |
| 145 } | 155 } |
| 146 | 156 |
| 157 const APIPermissionSet& ExtensionManagement::GetBlockedAPIPermissions( |
| 158 const ExtensionId& id) const { |
| 159 return ReadById(id)->blocked_permissions; |
| 160 } |
| 161 |
| 162 scoped_refptr<const PermissionSet> ExtensionManagement::GetBlockedPermissions( |
| 163 const ExtensionId& id) const { |
| 164 // Only api permissions are supported currently. |
| 165 return scoped_refptr<const PermissionSet>( |
| 166 new PermissionSet(GetBlockedAPIPermissions(id), |
| 167 ManifestPermissionSet(), |
| 168 URLPatternSet(), |
| 169 URLPatternSet())); |
| 170 } |
| 171 |
| 172 bool ExtensionManagement::IsPermissionSetAllowed( |
| 173 const ExtensionId& id, |
| 174 scoped_refptr<const PermissionSet> perms) const { |
| 175 for (const auto& blocked_api : GetBlockedAPIPermissions(id)) { |
| 176 if (perms->HasAPIPermission(blocked_api->id())) |
| 177 return false; |
| 178 } |
| 179 return true; |
| 180 } |
| 181 |
| 147 void ExtensionManagement::Refresh() { | 182 void ExtensionManagement::Refresh() { |
| 148 // Load all extension management settings preferences. | 183 // Load all extension management settings preferences. |
| 149 const base::ListValue* allowed_list_pref = | 184 const base::ListValue* allowed_list_pref = |
| 150 static_cast<const base::ListValue*>(LoadPreference( | 185 static_cast<const base::ListValue*>(LoadPreference( |
| 151 pref_names::kInstallAllowList, true, base::Value::TYPE_LIST)); | 186 pref_names::kInstallAllowList, true, base::Value::TYPE_LIST)); |
| 152 // Allow user to use preference to block certain extensions. Note that policy | 187 // Allow user to use preference to block certain extensions. Note that policy |
| 153 // managed forcelist or whitelist will always override this. | 188 // managed forcelist or whitelist will always override this. |
| 154 const base::ListValue* denied_list_pref = | 189 const base::ListValue* denied_list_pref = |
| 155 static_cast<const base::ListValue*>(LoadPreference( | 190 static_cast<const base::ListValue*>(LoadPreference( |
| 156 pref_names::kInstallDenyList, false, base::Value::TYPE_LIST)); | 191 pref_names::kInstallDenyList, false, base::Value::TYPE_LIST)); |
| (...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 294 << extension_id << "."; | 329 << extension_id << "."; |
| 295 } | 330 } |
| 296 } | 331 } |
| 297 } | 332 } |
| 298 } | 333 } |
| 299 | 334 |
| 300 const base::Value* ExtensionManagement::LoadPreference( | 335 const base::Value* ExtensionManagement::LoadPreference( |
| 301 const char* pref_name, | 336 const char* pref_name, |
| 302 bool force_managed, | 337 bool force_managed, |
| 303 base::Value::Type expected_type) { | 338 base::Value::Type expected_type) { |
| 339 if (!pref_service_) |
| 340 return nullptr; |
| 304 const PrefService::Preference* pref = | 341 const PrefService::Preference* pref = |
| 305 pref_service_->FindPreference(pref_name); | 342 pref_service_->FindPreference(pref_name); |
| 306 if (pref && !pref->IsDefaultValue() && | 343 if (pref && !pref->IsDefaultValue() && |
| 307 (!force_managed || pref->IsManaged())) { | 344 (!force_managed || pref->IsManaged())) { |
| 308 const base::Value* value = pref->GetValue(); | 345 const base::Value* value = pref->GetValue(); |
| 309 if (value && value->IsType(expected_type)) | 346 if (value && value->IsType(expected_type)) |
| 310 return value; | 347 return value; |
| 311 } | 348 } |
| 312 return NULL; | 349 return nullptr; |
| 313 } | 350 } |
| 314 | 351 |
| 315 void ExtensionManagement::OnExtensionPrefChanged() { | 352 void ExtensionManagement::OnExtensionPrefChanged() { |
| 316 Refresh(); | 353 Refresh(); |
| 317 NotifyExtensionManagementPrefChanged(); | 354 NotifyExtensionManagementPrefChanged(); |
| 318 } | 355 } |
| 319 | 356 |
| 320 void ExtensionManagement::NotifyExtensionManagementPrefChanged() { | 357 void ExtensionManagement::NotifyExtensionManagementPrefChanged() { |
| 321 FOR_EACH_OBSERVER( | 358 FOR_EACH_OBSERVER( |
| 322 Observer, observer_list_, OnExtensionManagementSettingsChanged()); | 359 Observer, observer_list_, OnExtensionManagementSettingsChanged()); |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 379 } | 416 } |
| 380 | 417 |
| 381 void ExtensionManagementFactory::RegisterProfilePrefs( | 418 void ExtensionManagementFactory::RegisterProfilePrefs( |
| 382 user_prefs::PrefRegistrySyncable* user_prefs) { | 419 user_prefs::PrefRegistrySyncable* user_prefs) { |
| 383 user_prefs->RegisterDictionaryPref( | 420 user_prefs->RegisterDictionaryPref( |
| 384 pref_names::kExtensionManagement, | 421 pref_names::kExtensionManagement, |
| 385 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF); | 422 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF); |
| 386 } | 423 } |
| 387 | 424 |
| 388 } // namespace extensions | 425 } // namespace extensions |
| OLD | NEW |