Chromium Code Reviews Chromium Code Reviews
Issue 595363002:
Add policy controlled permission block list for extensions (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@ext-fix| Index: chrome/browser/extensions/extension_management.cc |
| diff --git a/chrome/browser/extensions/extension_management.cc b/chrome/browser/extensions/extension_management.cc |
| index 33b066b7b7fed98337ca32c3b634ae8b5e8d6ada..fb4a0160305159839d8a958782ed4f9a7e357b8c 100644 |
| --- a/chrome/browser/extensions/extension_management.cc |
| +++ b/chrome/browser/extensions/extension_management.cc |
| @@ -12,11 +12,13 @@ |
| #include "base/bind_helpers.h" |
| #include "base/logging.h" |
| #include "base/prefs/pref_service.h" |
| +#include "base/strings/string16.h" |
| #include "base/strings/string_util.h" |
| #include "chrome/browser/extensions/extension_management_constants.h" |
| #include "chrome/browser/extensions/extension_management_internal.h" |
| #include "chrome/browser/extensions/external_policy_loader.h" |
| #include "chrome/browser/extensions/external_provider_impl.h" |
| +#include "chrome/browser/extensions/permissions_based_management_policy_provider.h" |
| #include "chrome/browser/extensions/standard_management_policy_provider.h" |
| #include "chrome/browser/profiles/incognito_helpers.h" |
| #include "chrome/browser/profiles/profile.h" |
| @@ -24,6 +26,8 @@ |
| #include "components/keyed_service/content/browser_context_dependency_manager.h" |
| #include "components/pref_registry/pref_registry_syncable.h" |
| #include "extensions/browser/pref_names.h" |
| +#include "extensions/common/permissions/api_permission_set.h" |
| +#include "extensions/common/permissions/permission_set.h" |
| #include "extensions/common/url_pattern.h" |
| #include "url/gurl.h" |
| @@ -49,7 +53,8 @@ ExtensionManagement::ExtensionManagement(PrefService* pref_service) |
| // before first call to Refresh(), so in order to resolve this, Refresh() must |
| // be called in the initialization of ExtensionManagement. |
| Refresh(); |
| - provider_.reset(new StandardManagementPolicyProvider(this)); |
| + providers_.push_back(new StandardManagementPolicyProvider(this)); |
| + providers_.push_back(new PermissionsBasedManagementPolicyProvider(this)); |
| } |
| ExtensionManagement::~ExtensionManagement() { |
| @@ -63,8 +68,9 @@ void ExtensionManagement::RemoveObserver(Observer* observer) { |
| observer_list_.RemoveObserver(observer); |
| } |
| -ManagementPolicy::Provider* ExtensionManagement::GetProvider() const { |
| - return provider_.get(); |
| +std::vector<ManagementPolicy::Provider*> ExtensionManagement::GetProviders() |
| + const { |
| + return providers_.get(); |
| } |
| bool ExtensionManagement::BlacklistedByDefault() const { |
| @@ -121,6 +127,31 @@ bool ExtensionManagement::IsAllowedManifestType( |
| allowed_types.end(); |
| } |
| +const APIPermissionSet& ExtensionManagement::GetBlockedAPIPermissions( |
| + const ExtensionId& id) const { |
| + return ReadById(id)->blocked_permissions; |
| +} |
| + |
| +scoped_refptr<const PermissionSet> ExtensionManagement::GetBlockedPermissions( |
| + const ExtensionId& id) const { |
| + // Only api permissions are supported currently. |
| + return scoped_refptr<const PermissionSet>( |
| + new PermissionSet(GetBlockedAPIPermissions(id), |
| + ManifestPermissionSet(), |
| + URLPatternSet(), |
| + URLPatternSet())); |
| +} |
| + |
| +bool ExtensionManagement::IsPermissionSetAllowed( |
| + const ExtensionId& id, |
| + scoped_refptr<const PermissionSet> perms) const { |
| + for (auto blocked_api : GetBlockedAPIPermissions(id)) { |
|
Joao da Silva
2014/10/15 14:39:25
const auto&
binjin
2014/10/16 18:13:57
Done.
|
| + if (perms->HasAPIPermission(blocked_api->id())) |
| + return false; |
| + } |
| + return true; |
| +} |
| + |
| void ExtensionManagement::Refresh() { |
| // Load all extension management settings preferences. |
| const base::ListValue* allowed_list_pref = |
