Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(371)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/supervised_user/supervised_user_service.cc

Issue 925563002: Supervised users: Slightly relax restrictions around extensions. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@test_ext_install_disable
Patch Set: fix Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/resources/extensions/extension_list.js ('K') | « chrome/browser/supervised_user/supervised_user_service.h ('k') | chrome/browser/supervised_user/supervised_user_service_unittest.cc » ('j') | chrome/browser/ui/webui/extensions/extension_settings_handler.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/supervised_user/supervised_user_service.cc
diff --git a/chrome/browser/supervised_user/supervised_user_service.cc b/chrome/browser/supervised_user/supervised_user_service.cc
index af166b662b4ee63a119b911e77a51972d1579d2f..1236e26adbcee4522d7a750fa7fcceef25fc8ff7 100644
--- a/chrome/browser/supervised_user/supervised_user_service.cc
+++ b/chrome/browser/supervised_user/supervised_user_service.cc
@@ -83,6 +83,43 @@ const char* const kCustodianInfoPrefs[] = {
prefs::kSupervisedUserSecondCustodianProfileURL,
};
+#if defined(ENABLE_EXTENSIONS)
+enum ExtensionState {
+ EXTENSION_FORCED,
+ EXTENSION_BLOCKED,
+ EXTENSION_ALLOWED
+};
+
+ExtensionState GetExtensionState(const extensions::Extension* extension) {
+ // |extension| can be NULL in unit_tests.
+ if (extension && extension->is_theme())
+ return EXTENSION_ALLOWED;
+
+ bool was_installed_by_default = extension->was_installed_by_default();
Pam (message me for reviews) 2015/02/23 10:18:50 If indeed |extension| can be NULL in unit tests, k
Marc Treib 2015/02/23 12:07:38 Huh. Since I got green try runs, looks like extens
+ bool was_installed_by_custodian = extension->was_installed_by_custodian();
+#if defined(OS_CHROMEOS)
+ // On Chrome OS all external sources are controlled by us so it means that
+ // they are "default". Method was_installed_by_default returns false because
+ // extensions creation flags are ignored in case of default extensions with
+ // update URL(the flags aren't passed to OnExternalExtensionUpdateUrlFound).
+ // TODO(dpolukhin): remove this Chrome OS specific code as soon as creation
+ // flags are not ignored.
+ was_installed_by_default =
+ extensions::Manifest::IsExternalLocation(extension->location());
+#endif
+ if (extensions::Manifest::IsComponentLocation(extension->location()) ||
+ was_installed_by_default ||
+ was_installed_by_custodian) {
+ // Enforce default extensions as well as custodian-installed extensions
+ // (if we'd allow the supervised user to uninstall them, there'd be no way
+ // to get them back).
+ return EXTENSION_FORCED;
+ }
+
+ return EXTENSION_BLOCKED;
+}
+#endif
+
} // namespace
base::FilePath SupervisedUserService::Delegate::GetBlacklistPath() const {
@@ -349,54 +386,6 @@ void SupervisedUserService::AddPermissionRequestCreator(
permissions_creators_.push_back(creator.release());
}
-#if defined(ENABLE_EXTENSIONS)
-std::string SupervisedUserService::GetDebugPolicyProviderName() const {
- // Save the string space in official builds.
-#ifdef NDEBUG
- NOTREACHED();
- return std::string();
-#else
- return "Supervised User Service";
-#endif
-}
-
-bool SupervisedUserService::UserMayLoad(const extensions::Extension* extension,
- base::string16* error) const {
- base::string16 tmp_error;
- if (ExtensionManagementPolicyImpl(extension, &tmp_error))
- return true;
-
- bool was_installed_by_default = extension->was_installed_by_default();
- bool was_installed_by_custodian = extension->was_installed_by_custodian();
-#if defined(OS_CHROMEOS)
- // On Chrome OS all external sources are controlled by us so it means that
- // they are "default". Method was_installed_by_default returns false because
- // extensions creation flags are ignored in case of default extensions with
- // update URL(the flags aren't passed to OnExternalExtensionUpdateUrlFound).
- // TODO(dpolukhin): remove this Chrome OS specific code as soon as creation
- // flags are not ignored.
- was_installed_by_default =
- extensions::Manifest::IsExternalLocation(extension->location());
-#endif
- if (extensions::Manifest::IsComponentLocation(extension->location()) ||
- was_installed_by_default ||
- was_installed_by_custodian) {
- return true;
- }
-
- if (error)
- *error = tmp_error;
- return false;
-}
-
-bool SupervisedUserService::UserMayModifySettings(
- const extensions::Extension* extension,
- base::string16* error) const {
- return ExtensionManagementPolicyImpl(extension, error);
-}
-
-#endif // defined(ENABLE_EXTENSIONS)
-
syncer::ModelTypeSet SupervisedUserService::GetPreferredDataTypes() const {
if (!ProfileIsSupervised())
return syncer::ModelTypeSet();
@@ -486,16 +475,38 @@ void SupervisedUserService::FinishSetupSync() {
}
#if defined(ENABLE_EXTENSIONS)
-bool SupervisedUserService::ExtensionManagementPolicyImpl(
+std::string SupervisedUserService::GetDebugPolicyProviderName() const {
+ // Save the string space in official builds.
+#ifdef NDEBUG
+ NOTREACHED();
+ return std::string();
+#else
+ return "Supervised User Service";
+#endif
+}
+
+bool SupervisedUserService::UserMayLoad(const extensions::Extension* extension,
+ base::string16* error) const {
+ DCHECK(ProfileIsSupervised());
+ ExtensionState result = GetExtensionState(extension);
+ bool may_load = (result != EXTENSION_BLOCKED);
+ if (!may_load && error)
+ *error = l10n_util::GetStringUTF16(IDS_EXTENSIONS_LOCKED_SUPERVISED_USER);
+ return may_load;
+}
+
+// Note: Having MustRemainInstalled always say "true" for custodian-installed
+// extensions does NOT prevent remote uninstalls (which is a bit unexpected, but
+// exactly what we want).
+bool SupervisedUserService::MustRemainInstalled(
const extensions::Extension* extension,
base::string16* error) const {
- // |extension| can be NULL in unit_tests.
- if (!ProfileIsSupervised() || (extension && extension->is_theme()))
- return true;
-
- if (error)
+ DCHECK(ProfileIsSupervised());
+ ExtensionState result = GetExtensionState(extension);
+ bool may_uninstall = (result != EXTENSION_FORCED);
Pam (message me for reviews) 2015/02/23 10:18:50 Please change the sense of this (i.e. use may_not_
Marc Treib 2015/02/23 12:07:38 Done.
+ if (!may_uninstall && error)
*error = l10n_util::GetStringUTF16(IDS_EXTENSIONS_LOCKED_SUPERVISED_USER);
- return false;
+ return !may_uninstall;
}
void SupervisedUserService::SetExtensionsActive() {
« chrome/browser/resources/extensions/extension_list.js ('K') | « chrome/browser/supervised_user/supervised_user_service.h ('k') | chrome/browser/supervised_user/supervised_user_service_unittest.cc » ('j') | chrome/browser/ui/webui/extensions/extension_settings_handler.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698