Chromium Code Reviews Chromium Code Reviews
Issue 714133002:
Add more management policy checking after extension installed (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/extension_service.h" | 5 #include "chrome/browser/extensions/extension_service.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <iterator> | 8 #include <iterator> |
| 9 #include <set> | 9 #include <set> |
| 10 | 10 |
| (...skipping 1553 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1564 crash_keys::SetActiveExtensions(extension_ids); | 1564 crash_keys::SetActiveExtensions(extension_ids); |
| 1565 } | 1565 } |
| 1566 | 1566 |
| 1567 void ExtensionService::OnExtensionInstalled( | 1567 void ExtensionService::OnExtensionInstalled( |
| 1568 const Extension* extension, | 1568 const Extension* extension, |
| 1569 const syncer::StringOrdinal& page_ordinal, | 1569 const syncer::StringOrdinal& page_ordinal, |
| 1570 int install_flags) { | 1570 int install_flags) { |
| 1571 CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 1571 CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 1572 | 1572 |
| 1573 const std::string& id = extension->id(); | 1573 const std::string& id = extension->id(); |
| 1574 bool initial_enable = ShouldEnableOnInstall(extension); | 1574 // |new_disable_reason| contains the additional disable reason we need to |
| 1575 // add to extension prefs for extensions that supposed to be disabled | |
| 1576 // initially. | |
| 1577 Extension::DisableReason new_disable_reason = Extension::DISABLE_NONE; | |
| 1578 bool initial_enable = | |
| 1579 ShouldEnableOnInstall(extension, &new_disable_reason); | |
| 1575 std::string install_parameter; | 1580 std::string install_parameter; |
| 1576 const extensions::PendingExtensionInfo* pending_extension_info = | 1581 const extensions::PendingExtensionInfo* pending_extension_info = |
| 1577 pending_extension_manager()->GetById(id); | 1582 pending_extension_manager()->GetById(id); |
| 1578 if (pending_extension_info) { | 1583 if (pending_extension_info) { |
| 1579 if (!pending_extension_info->ShouldAllowInstall(extension)) { | 1584 if (!pending_extension_info->ShouldAllowInstall(extension)) { |
| 1580 pending_extension_manager()->Remove(id); | 1585 pending_extension_manager()->Remove(id); |
| 1581 | 1586 |
| 1582 LOG(WARNING) << "ShouldAllowInstall() returned false for " | 1587 LOG(WARNING) << "ShouldAllowInstall() returned false for " |
| 1583 << id << " of type " << extension->GetType() | 1588 << id << " of type " << extension->GetType() |
| 1584 << " and update URL " | 1589 << " and update URL " |
| (...skipping 19 matching lines...) Expand all Loading... | |
| 1604 // extension; if we're here, that means the user is manually | 1609 // extension; if we're here, that means the user is manually |
| 1605 // installing the extension. | 1610 // installing the extension. |
| 1606 if (extension_prefs_->IsExternalExtensionUninstalled(id)) { | 1611 if (extension_prefs_->IsExternalExtensionUninstalled(id)) { |
| 1607 initial_enable = true; | 1612 initial_enable = true; |
| 1608 } | 1613 } |
| 1609 } | 1614 } |
| 1610 | 1615 |
| 1611 // Unsupported requirements overrides the management policy. | 1616 // Unsupported requirements overrides the management policy. |
| 1612 if (install_flags & extensions::kInstallFlagHasRequirementErrors) { | 1617 if (install_flags & extensions::kInstallFlagHasRequirementErrors) { |
| 1613 initial_enable = false; | 1618 initial_enable = false; |
| 1614 extension_prefs_->AddDisableReason( | 1619 new_disable_reason = Extension::DISABLE_UNSUPPORTED_REQUIREMENT; |
| 1615 id, Extension::DISABLE_UNSUPPORTED_REQUIREMENT); | |
| 1616 // If the extension was disabled because of unsupported requirements but | 1620 // If the extension was disabled because of unsupported requirements but |
| 1617 // now supports all requirements after an update and there are not other | 1621 // now supports all requirements after an update and there are not other |
| 1618 // disable reasons, enable it. | 1622 // disable reasons, enable it. |
| 1619 } else if (extension_prefs_->GetDisableReasons(id) == | 1623 } else if (extension_prefs_->GetDisableReasons(id) == |
| 1620 Extension::DISABLE_UNSUPPORTED_REQUIREMENT) { | 1624 Extension::DISABLE_UNSUPPORTED_REQUIREMENT) { |
| 1621 initial_enable = true; | 1625 initial_enable = true; |
| 1626 new_disable_reason = Extension::DISABLE_NONE; | |
| 1622 extension_prefs_->ClearDisableReasons(id); | 1627 extension_prefs_->ClearDisableReasons(id); |
| 1623 } | 1628 } |
| 1624 | 1629 |
| 1625 if (install_flags & extensions::kInstallFlagIsBlacklistedForMalware) { | 1630 if (install_flags & extensions::kInstallFlagIsBlacklistedForMalware) { |
| 1626 // Installation of a blacklisted extension can happen from sync, policy, | 1631 // Installation of a blacklisted extension can happen from sync, policy, |
| 1627 // etc, where to maintain consistency we need to install it, just never | 1632 // etc, where to maintain consistency we need to install it, just never |
| 1628 // load it (see AddExtension). Usually it should be the job of callers to | 1633 // load it (see AddExtension). Usually it should be the job of callers to |
| 1629 // incercept blacklisted extension earlier (e.g. CrxInstaller, before even | 1634 // incercept blacklisted extension earlier (e.g. CrxInstaller, before even |
| 1630 // showing the install dialogue). | 1635 // showing the install dialogue). |
| 1631 extension_prefs_->AcknowledgeBlacklistedExtension(id); | 1636 extension_prefs_->AcknowledgeBlacklistedExtension(id); |
| (...skipping 15 matching lines...) Expand all Loading... | |
| 1647 UMA_HISTOGRAM_ENUMERATION("Extensions.UpdateSource", | 1652 UMA_HISTOGRAM_ENUMERATION("Extensions.UpdateSource", |
| 1648 extension->location(), Manifest::NUM_LOCATIONS); | 1653 extension->location(), Manifest::NUM_LOCATIONS); |
| 1649 | 1654 |
| 1650 // A fully installed app cannot be demoted to an ephemeral app. | 1655 // A fully installed app cannot be demoted to an ephemeral app. |
| 1651 if ((install_flags & extensions::kInstallFlagIsEphemeral) && | 1656 if ((install_flags & extensions::kInstallFlagIsEphemeral) && |
| 1652 !extension_prefs_->IsEphemeralApp(id)) { | 1657 !extension_prefs_->IsEphemeralApp(id)) { |
| 1653 install_flags &= ~static_cast<int>(extensions::kInstallFlagIsEphemeral); | 1658 install_flags &= ~static_cast<int>(extensions::kInstallFlagIsEphemeral); |
| 1654 } | 1659 } |
| 1655 } | 1660 } |
| 1656 | 1661 |
| 1662 if (!initial_enable) | |
| 1663 extension_prefs_->AddDisableReason(id, new_disable_reason); | |
| 1664 | |
| 1657 const Extension::State initial_state = | 1665 const Extension::State initial_state = |
| 1658 initial_enable ? Extension::ENABLED : Extension::DISABLED; | 1666 initial_enable ? Extension::ENABLED : Extension::DISABLED; |
| 1659 if (ShouldDelayExtensionUpdate( | 1667 if (ShouldDelayExtensionUpdate( |
| 1660 id, | 1668 id, |
| 1661 !!(install_flags & extensions::kInstallFlagInstallImmediately))) { | 1669 !!(install_flags & extensions::kInstallFlagInstallImmediately))) { |
| 1662 extension_prefs_->SetDelayedInstallInfo( | 1670 extension_prefs_->SetDelayedInstallInfo( |
| 1663 extension, | 1671 extension, |
| 1664 initial_state, | 1672 initial_state, |
| 1665 install_flags, | 1673 install_flags, |
| 1666 extensions::ExtensionPrefs::DELAY_REASON_WAIT_FOR_IDLE, | 1674 extensions::ExtensionPrefs::DELAY_REASON_WAIT_FOR_IDLE, |
| (...skipping 478 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2145 case chrome::NOTIFICATION_PROFILE_DESTRUCTION_STARTED: { | 2153 case chrome::NOTIFICATION_PROFILE_DESTRUCTION_STARTED: { |
| 2146 OnProfileDestructionStarted(); | 2154 OnProfileDestructionStarted(); |
| 2147 break; | 2155 break; |
| 2148 } | 2156 } |
| 2149 | 2157 |
| 2150 default: | 2158 default: |
| 2151 NOTREACHED() << "Unexpected notification type."; | 2159 NOTREACHED() << "Unexpected notification type."; |
| 2152 } | 2160 } |
| 2153 } | 2161 } |
| 2154 | 2162 |
| 2155 bool ExtensionService::ShouldEnableOnInstall(const Extension* extension) { | 2163 bool ExtensionService::ShouldEnableOnInstall( |
| 2164 const Extension* extension, | |
| 2165 Extension::DisableReason* disable_reason) { | |
| 2166 // Extensions disabled by managemeny policy should always be disabled, even | |
|
not at google - send to devlin
2014/11/12 18:02:15
management
binjin
2014/11/12 18:39:01
Done.
| |
| 2167 // if it's force-installed. | |
| 2168 if (system_->management_policy()->MustRemainDisabled( | |
| 2169 extension, disable_reason, nullptr)) { | |
| 2170 return false; | |
| 2171 } | |
| 2172 | |
| 2156 // Extensions installed by policy can't be disabled. So even if a previous | 2173 // Extensions installed by policy can't be disabled. So even if a previous |
| 2157 // installation disabled the extension, make sure it is now enabled. | 2174 // installation disabled the extension, make sure it is now enabled. |
| 2158 if (system_->management_policy()->MustRemainEnabled(extension, NULL)) | 2175 if (system_->management_policy()->MustRemainEnabled(extension, nullptr)) |
| 2159 return true; | 2176 return true; |
| 2160 | 2177 |
| 2161 if (extension_prefs_->IsExtensionDisabled(extension->id())) | 2178 if (extension_prefs_->IsExtensionDisabled(extension->id())) { |
| 2179 *disable_reason = Extension::DISABLE_NONE; | |
| 2162 return false; | 2180 return false; |
| 2181 } | |
| 2163 | 2182 |
| 2164 if (FeatureSwitch::prompt_for_external_extensions()->IsEnabled()) { | 2183 if (FeatureSwitch::prompt_for_external_extensions()->IsEnabled()) { |
| 2165 // External extensions are initially disabled. We prompt the user before | 2184 // External extensions are initially disabled. We prompt the user before |
| 2166 // enabling them. Hosted apps are excepted because they are not dangerous | 2185 // enabling them. Hosted apps are excepted because they are not dangerous |
| 2167 // (they need to be launched by the user anyway). | 2186 // (they need to be launched by the user anyway). |
| 2168 if (extension->GetType() != Manifest::TYPE_HOSTED_APP && | 2187 if (extension->GetType() != Manifest::TYPE_HOSTED_APP && |
| 2169 Manifest::IsExternalLocation(extension->location()) && | 2188 Manifest::IsExternalLocation(extension->location()) && |
| 2170 !extension_prefs_->IsExternalExtensionAcknowledged(extension->id())) { | 2189 !extension_prefs_->IsExternalExtensionAcknowledged(extension->id())) { |
| 2190 *disable_reason = Extension::DISABLE_NONE; | |
| 2171 return false; | 2191 return false; |
| 2172 } | 2192 } |
| 2173 } | 2193 } |
| 2174 | 2194 |
| 2175 return true; | 2195 return true; |
| 2176 } | 2196 } |
| 2177 | 2197 |
| 2178 bool ExtensionService::ShouldDelayExtensionUpdate( | 2198 bool ExtensionService::ShouldDelayExtensionUpdate( |
| 2179 const std::string& extension_id, | 2199 const std::string& extension_id, |
| 2180 bool install_immediately) const { | 2200 bool install_immediately) const { |
| (...skipping 207 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2388 } | 2408 } |
| 2389 | 2409 |
| 2390 void ExtensionService::OnProfileDestructionStarted() { | 2410 void ExtensionService::OnProfileDestructionStarted() { |
| 2391 ExtensionIdSet ids_to_unload = registry_->enabled_extensions().GetIDs(); | 2411 ExtensionIdSet ids_to_unload = registry_->enabled_extensions().GetIDs(); |
| 2392 for (ExtensionIdSet::iterator it = ids_to_unload.begin(); | 2412 for (ExtensionIdSet::iterator it = ids_to_unload.begin(); |
| 2393 it != ids_to_unload.end(); | 2413 it != ids_to_unload.end(); |
| 2394 ++it) { | 2414 ++it) { |
| 2395 UnloadExtension(*it, UnloadedExtensionInfo::REASON_PROFILE_SHUTDOWN); | 2415 UnloadExtension(*it, UnloadedExtensionInfo::REASON_PROFILE_SHUTDOWN); |
| 2396 } | 2416 } |
| 2397 } | 2417 } |
| OLD | NEW |
