| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/supervised_user/supervised_user_service.h" | 5 #include "chrome/browser/supervised_user/supervised_user_service.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/memory/ref_counted.h" | 9 #include "base/memory/ref_counted.h" |
| 10 #include "base/prefs/pref_service.h" | 10 #include "base/prefs/pref_service.h" |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 76 prefs::kSupervisedUserCustodianName, | 76 prefs::kSupervisedUserCustodianName, |
| 77 prefs::kSupervisedUserCustodianEmail, | 77 prefs::kSupervisedUserCustodianEmail, |
| 78 prefs::kSupervisedUserCustodianProfileImageURL, | 78 prefs::kSupervisedUserCustodianProfileImageURL, |
| 79 prefs::kSupervisedUserCustodianProfileURL, | 79 prefs::kSupervisedUserCustodianProfileURL, |
| 80 prefs::kSupervisedUserSecondCustodianName, | 80 prefs::kSupervisedUserSecondCustodianName, |
| 81 prefs::kSupervisedUserSecondCustodianEmail, | 81 prefs::kSupervisedUserSecondCustodianEmail, |
| 82 prefs::kSupervisedUserSecondCustodianProfileImageURL, | 82 prefs::kSupervisedUserSecondCustodianProfileImageURL, |
| 83 prefs::kSupervisedUserSecondCustodianProfileURL, | 83 prefs::kSupervisedUserSecondCustodianProfileURL, |
| 84 }; | 84 }; |
| 85 | 85 |
| 86 #if defined(ENABLE_EXTENSIONS) |
| 87 enum ExtensionState { |
| 88 EXTENSION_FORCED, |
| 89 EXTENSION_BLOCKED, |
| 90 EXTENSION_ALLOWED |
| 91 }; |
| 92 |
| 93 ExtensionState GetExtensionState(const extensions::Extension* extension) { |
| 94 if (extension->is_theme()) |
| 95 return EXTENSION_ALLOWED; |
| 96 |
| 97 bool was_installed_by_default = extension->was_installed_by_default(); |
| 98 bool was_installed_by_custodian = extension->was_installed_by_custodian(); |
| 99 #if defined(OS_CHROMEOS) |
| 100 // On Chrome OS all external sources are controlled by us so it means that |
| 101 // they are "default". Method was_installed_by_default returns false because |
| 102 // extensions creation flags are ignored in case of default extensions with |
| 103 // update URL(the flags aren't passed to OnExternalExtensionUpdateUrlFound). |
| 104 // TODO(dpolukhin): remove this Chrome OS specific code as soon as creation |
| 105 // flags are not ignored. |
| 106 was_installed_by_default = |
| 107 extensions::Manifest::IsExternalLocation(extension->location()); |
| 108 #endif |
| 109 if (extensions::Manifest::IsComponentLocation(extension->location()) || |
| 110 was_installed_by_default || |
| 111 was_installed_by_custodian) { |
| 112 // Enforce default extensions as well as custodian-installed extensions |
| 113 // (if we'd allow the supervised user to uninstall them, there'd be no way |
| 114 // to get them back). |
| 115 return EXTENSION_FORCED; |
| 116 } |
| 117 |
| 118 return EXTENSION_BLOCKED; |
| 119 } |
| 120 #endif |
| 121 |
| 86 } // namespace | 122 } // namespace |
| 87 | 123 |
| 88 base::FilePath SupervisedUserService::Delegate::GetBlacklistPath() const { | 124 base::FilePath SupervisedUserService::Delegate::GetBlacklistPath() const { |
| 89 return base::FilePath(); | 125 return base::FilePath(); |
| 90 } | 126 } |
| 91 | 127 |
| 92 GURL SupervisedUserService::Delegate::GetBlacklistURL() const { | 128 GURL SupervisedUserService::Delegate::GetBlacklistURL() const { |
| 93 return GURL(); | 129 return GURL(); |
| 94 } | 130 } |
| 95 | 131 |
| (...skipping 246 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 342 void SupervisedUserService::RemoveObserver( | 378 void SupervisedUserService::RemoveObserver( |
| 343 SupervisedUserServiceObserver* observer) { | 379 SupervisedUserServiceObserver* observer) { |
| 344 observer_list_.RemoveObserver(observer); | 380 observer_list_.RemoveObserver(observer); |
| 345 } | 381 } |
| 346 | 382 |
| 347 void SupervisedUserService::AddPermissionRequestCreator( | 383 void SupervisedUserService::AddPermissionRequestCreator( |
| 348 scoped_ptr<PermissionRequestCreator> creator) { | 384 scoped_ptr<PermissionRequestCreator> creator) { |
| 349 permissions_creators_.push_back(creator.release()); | 385 permissions_creators_.push_back(creator.release()); |
| 350 } | 386 } |
| 351 | 387 |
| 352 #if defined(ENABLE_EXTENSIONS) | |
| 353 std::string SupervisedUserService::GetDebugPolicyProviderName() const { | |
| 354 // Save the string space in official builds. | |
| 355 #ifdef NDEBUG | |
| 356 NOTREACHED(); | |
| 357 return std::string(); | |
| 358 #else | |
| 359 return "Supervised User Service"; | |
| 360 #endif | |
| 361 } | |
| 362 | |
| 363 bool SupervisedUserService::UserMayLoad(const extensions::Extension* extension, | |
| 364 base::string16* error) const { | |
| 365 base::string16 tmp_error; | |
| 366 if (ExtensionManagementPolicyImpl(extension, &tmp_error)) | |
| 367 return true; | |
| 368 | |
| 369 bool was_installed_by_default = extension->was_installed_by_default(); | |
| 370 bool was_installed_by_custodian = extension->was_installed_by_custodian(); | |
| 371 #if defined(OS_CHROMEOS) | |
| 372 // On Chrome OS all external sources are controlled by us so it means that | |
| 373 // they are "default". Method was_installed_by_default returns false because | |
| 374 // extensions creation flags are ignored in case of default extensions with | |
| 375 // update URL(the flags aren't passed to OnExternalExtensionUpdateUrlFound). | |
| 376 // TODO(dpolukhin): remove this Chrome OS specific code as soon as creation | |
| 377 // flags are not ignored. | |
| 378 was_installed_by_default = | |
| 379 extensions::Manifest::IsExternalLocation(extension->location()); | |
| 380 #endif | |
| 381 if (extensions::Manifest::IsComponentLocation(extension->location()) || | |
| 382 was_installed_by_default || | |
| 383 was_installed_by_custodian) { | |
| 384 return true; | |
| 385 } | |
| 386 | |
| 387 if (error) | |
| 388 *error = tmp_error; | |
| 389 return false; | |
| 390 } | |
| 391 | |
| 392 bool SupervisedUserService::UserMayModifySettings( | |
| 393 const extensions::Extension* extension, | |
| 394 base::string16* error) const { | |
| 395 return ExtensionManagementPolicyImpl(extension, error); | |
| 396 } | |
| 397 | |
| 398 #endif // defined(ENABLE_EXTENSIONS) | |
| 399 | |
| 400 syncer::ModelTypeSet SupervisedUserService::GetPreferredDataTypes() const { | 388 syncer::ModelTypeSet SupervisedUserService::GetPreferredDataTypes() const { |
| 401 if (!ProfileIsSupervised()) | 389 if (!ProfileIsSupervised()) |
| 402 return syncer::ModelTypeSet(); | 390 return syncer::ModelTypeSet(); |
| 403 | 391 |
| 404 syncer::ModelTypeSet result; | 392 syncer::ModelTypeSet result; |
| 405 if (IncludesSyncSessionsType()) | 393 if (IncludesSyncSessionsType()) |
| 406 result.Put(syncer::SESSIONS); | 394 result.Put(syncer::SESSIONS); |
| 407 result.Put(syncer::EXTENSIONS); | 395 result.Put(syncer::EXTENSIONS); |
| 408 result.Put(syncer::EXTENSION_SETTINGS); | 396 result.Put(syncer::EXTENSION_SETTINGS); |
| 409 result.Put(syncer::APPS); | 397 result.Put(syncer::APPS); |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 479 bool sync_everything = false; | 467 bool sync_everything = false; |
| 480 syncer::ModelTypeSet synced_datatypes; | 468 syncer::ModelTypeSet synced_datatypes; |
| 481 service->OnUserChoseDatatypes(sync_everything, synced_datatypes); | 469 service->OnUserChoseDatatypes(sync_everything, synced_datatypes); |
| 482 | 470 |
| 483 // Notify ProfileSyncService that we are done with configuration. | 471 // Notify ProfileSyncService that we are done with configuration. |
| 484 service->SetSetupInProgress(false); | 472 service->SetSetupInProgress(false); |
| 485 service->SetSyncSetupCompleted(); | 473 service->SetSyncSetupCompleted(); |
| 486 } | 474 } |
| 487 | 475 |
| 488 #if defined(ENABLE_EXTENSIONS) | 476 #if defined(ENABLE_EXTENSIONS) |
| 489 bool SupervisedUserService::ExtensionManagementPolicyImpl( | 477 std::string SupervisedUserService::GetDebugPolicyProviderName() const { |
| 478 // Save the string space in official builds. |
| 479 #ifdef NDEBUG |
| 480 NOTREACHED(); |
| 481 return std::string(); |
| 482 #else |
| 483 return "Supervised User Service"; |
| 484 #endif |
| 485 } |
| 486 |
| 487 bool SupervisedUserService::UserMayLoad(const extensions::Extension* extension, |
| 488 base::string16* error) const { |
| 489 DCHECK(ProfileIsSupervised()); |
| 490 ExtensionState result = GetExtensionState(extension); |
| 491 bool may_load = (result != EXTENSION_BLOCKED); |
| 492 if (!may_load && error) |
| 493 *error = l10n_util::GetStringUTF16(IDS_EXTENSIONS_LOCKED_SUPERVISED_USER); |
| 494 return may_load; |
| 495 } |
| 496 |
| 497 // Note: Having MustRemainInstalled always say "true" for custodian-installed |
| 498 // extensions does NOT prevent remote uninstalls (which is a bit unexpected, but |
| 499 // exactly what we want). |
| 500 bool SupervisedUserService::MustRemainInstalled( |
| 490 const extensions::Extension* extension, | 501 const extensions::Extension* extension, |
| 491 base::string16* error) const { | 502 base::string16* error) const { |
| 492 // |extension| can be NULL in unit_tests. | 503 DCHECK(ProfileIsSupervised()); |
| 493 if (!ProfileIsSupervised() || (extension && extension->is_theme())) | 504 ExtensionState result = GetExtensionState(extension); |
| 494 return true; | 505 bool may_not_uninstall = (result == EXTENSION_FORCED); |
| 495 | 506 if (may_not_uninstall && error) |
| 496 if (error) | |
| 497 *error = l10n_util::GetStringUTF16(IDS_EXTENSIONS_LOCKED_SUPERVISED_USER); | 507 *error = l10n_util::GetStringUTF16(IDS_EXTENSIONS_LOCKED_SUPERVISED_USER); |
| 498 return false; | 508 return may_not_uninstall; |
| 499 } | 509 } |
| 500 | 510 |
| 501 void SupervisedUserService::SetExtensionsActive() { | 511 void SupervisedUserService::SetExtensionsActive() { |
| 502 extensions::ExtensionSystem* extension_system = | 512 extensions::ExtensionSystem* extension_system = |
| 503 extensions::ExtensionSystem::Get(profile_); | 513 extensions::ExtensionSystem::Get(profile_); |
| 504 extensions::ManagementPolicy* management_policy = | 514 extensions::ManagementPolicy* management_policy = |
| 505 extension_system->management_policy(); | 515 extension_system->management_policy(); |
| 506 | 516 |
| 507 if (management_policy) { | 517 if (management_policy) { |
| 508 if (active_) | 518 if (active_) |
| (...skipping 438 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 947 // The active user can be NULL in unit tests. | 957 // The active user can be NULL in unit tests. |
| 948 if (user_manager::UserManager::Get()->GetActiveUser()) { | 958 if (user_manager::UserManager::Get()->GetActiveUser()) { |
| 949 return UTF16ToUTF8(user_manager::UserManager::Get()->GetUserDisplayName( | 959 return UTF16ToUTF8(user_manager::UserManager::Get()->GetUserDisplayName( |
| 950 user_manager::UserManager::Get()->GetActiveUser()->GetUserID())); | 960 user_manager::UserManager::Get()->GetActiveUser()->GetUserID())); |
| 951 } | 961 } |
| 952 return std::string(); | 962 return std::string(); |
| 953 #else | 963 #else |
| 954 return profile_->GetPrefs()->GetString(prefs::kProfileName); | 964 return profile_->GetPrefs()->GetString(prefs::kProfileName); |
| 955 #endif | 965 #endif |
| 956 } | 966 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 925563002:
Supervised users: Slightly relax restrictions around extensions. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@test_ext_install_disable