1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/extensions/admin_policy.h" 6 7 #include "base/strings/utf_string_conversions.h" 8 #include "chrome/common/extensions/extension.h" 9 #include "chrome/common/extensions/manifest.h" 10 #include "grit/generated_resources.h" 11 #include "ui/base/l10n/l10n_util.h" 12 13 namespace { 14 15 bool ManagementPolicyImpl(const extensions::Extension* extension, 16 string16* error, 17 bool modifiable_value) { 18 bool modifiable = 19 extension->location() != extensions::Manifest::COMPONENT && 20 extension->location() != extensions::Manifest::EXTERNAL_POLICY_DOWNLOAD; 21 // Some callers equate "no restriction" to true, others to false. 22 if (modifiable) 23 return modifiable_value; 24 25 if (error) { 26 *error = l10n_util::GetStringFUTF16( 27 IDS_EXTENSION_CANT_MODIFY_POLICY_REQUIRED, 28 UTF8ToUTF16(extension->name())); 29 } 30 return !modifiable_value; 31 } 32 33 bool ReturnLoadError(const extensions::Extension* extension, string16* error) { 34 if (error) { 35 *error = l10n_util::GetStringFUTF16( 36 IDS_EXTENSION_CANT_INSTALL_POLICY_BLOCKED, 37 UTF8ToUTF16(extension->name()), 38 UTF8ToUTF16(extension->id())); 39 } 40 return false; 41 } 42 43 } // namespace 44 45 namespace extensions { 46 namespace admin_policy { 47 48 bool BlacklistedByDefault(const base::ListValue* blacklist) { 49 base::StringValue wildcard("*"); 50 return blacklist && blacklist->Find(wildcard) != blacklist->end(); 51 } 52 53 bool UserMayLoad(const base::ListValue* blacklist, 54 const base::ListValue* whitelist, 55 const base::DictionaryValue* forcelist, 56 const base::ListValue* allowed_types, 57 const Extension* extension, 58 string16* error) { 59 // Component extensions are always allowed. 60 if (extension->location() == Manifest::COMPONENT) 61 return true; 62 63 // Forced installed extensions cannot be overwritten manually. 64 if (extension->location() != Manifest::EXTERNAL_POLICY_DOWNLOAD && 65 forcelist && forcelist->HasKey(extension->id())) { 66 return ReturnLoadError(extension, error); 67 } 68 69 // Early exit for the common case of no policy restrictions. 70 if ((!blacklist || blacklist->empty()) && (!allowed_types)) 71 return true; 72 73 // Check whether the extension type is allowed. 74 // 75 // If you get a compile error here saying that the type you added is not 76 // handled by the switch statement below, please consider whether enterprise 77 // policy should be able to disallow extensions of the new type. If so, add a 78 // branch to the second block and add a line to the definition of 79 // kExtensionAllowedTypesMap in configuration_policy_handler_list.cc. 80 switch (extension->GetType()) { 81 case Manifest::TYPE_UNKNOWN: 82 break; 83 case Manifest::TYPE_EXTENSION: 84 case Manifest::TYPE_THEME: 85 case Manifest::TYPE_USER_SCRIPT: 86 case Manifest::TYPE_HOSTED_APP: 87 case Manifest::TYPE_LEGACY_PACKAGED_APP: 88 case Manifest::TYPE_PLATFORM_APP: 89 case Manifest::TYPE_SHARED_MODULE: 90 base::FundamentalValue type_value(extension->GetType()); 91 if (allowed_types && 92 allowed_types->Find(type_value) == allowed_types->end()) 93 return ReturnLoadError(extension, error); 94 break; 95 } 96 97 // Check the whitelist/forcelist first. 98 base::StringValue id_value(extension->id()); 99 if ((whitelist && whitelist->Find(id_value) != whitelist->end()) || 100 (forcelist && forcelist->HasKey(extension->id()))) 101 return true; 102 103 // Then check the admin blacklist. 104 if ((blacklist && blacklist->Find(id_value) != blacklist->end()) || 105 BlacklistedByDefault(blacklist)) 106 return ReturnLoadError(extension, error); 107 108 return true; 109 } 110 111 bool UserMayModifySettings(const Extension* extension, string16* error) { 112 return ManagementPolicyImpl(extension, error, true); 113 } 114 115 bool MustRemainEnabled(const Extension* extension, string16* error) { 116 return ManagementPolicyImpl(extension, error, false); 117 } 118 119 } // namespace 120 } // namespace 121
