Home | History | Annotate | Download | only in extensions 
      1 // Copyright 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/browser/extensions/standard_management_policy_provider.h"
      6 
      7 #include <algorithm>
      8 #include <string>
      9 
     10 #include "base/logging.h"
     11 #include "base/strings/string16.h"
     12 #include "base/strings/utf_string_conversions.h"
     13 #include "chrome/browser/extensions/extension_management.h"
     14 #include "chrome/browser/extensions/external_component_loader.h"
     15 #include "extensions/common/extension.h"
     16 #include "extensions/common/manifest.h"
     17 #include "grit/extensions_strings.h"
     18 #include "ui/base/l10n/l10n_util.h"
     19 
     20 namespace extensions {
     21 
     22 namespace {
     23 
     24 // Returns whether the extension can be modified under admin policy or not, and
     25 // fills |error| with corresponding error message if necessary.
     26 bool AdminPolicyIsModifiable(const extensions::Extension* extension,
     27                              base::string16* error) {
     28   if (!extensions::Manifest::IsComponentLocation(extension->location()) &&
     29       !extensions::Manifest::IsPolicyLocation(extension->location())) {
     30     return true;
     31   }
     32 
     33   if (error) {
     34     *error = l10n_util::GetStringFUTF16(
     35         IDS_EXTENSION_CANT_MODIFY_POLICY_REQUIRED,
     36         base::UTF8ToUTF16(extension->name()));
     37   }
     38 
     39   return false;
     40 }
     41 
     42 bool ReturnLoadError(const extensions::Extension* extension,
     43                      base::string16* error) {
     44   if (error) {
     45     *error = l10n_util::GetStringFUTF16(
     46         IDS_EXTENSION_CANT_INSTALL_POLICY_BLOCKED,
     47         base::UTF8ToUTF16(extension->name()),
     48         base::UTF8ToUTF16(extension->id()));
     49   }
     50   return false;
     51 }
     52 
     53 }  // namespace
     54 
     55 StandardManagementPolicyProvider::StandardManagementPolicyProvider(
     56     const ExtensionManagement* settings)
     57     : settings_(settings) {
     58 }
     59 
     60 StandardManagementPolicyProvider::~StandardManagementPolicyProvider() {
     61 }
     62 
     63 std::string
     64     StandardManagementPolicyProvider::GetDebugPolicyProviderName() const {
     65 #ifdef NDEBUG
     66   NOTREACHED();
     67   return std::string();
     68 #else
     69   return "extension management policy controlled settings";
     70 #endif
     71 }
     72 
     73 bool StandardManagementPolicyProvider::UserMayLoad(
     74     const Extension* extension,
     75     base::string16* error) const {
     76   // Component extensions are always allowed.
     77   if (Manifest::IsComponentLocation(extension->location()))
     78     return true;
     79 
     80   // Fields in |by_id| will automatically fall back to default settings if
     81   // they are not specified by policy.
     82   const ExtensionManagement::IndividualSettings& by_id =
     83       settings_->ReadById(extension->id());
     84   const ExtensionManagement::GlobalSettings& global =
     85       settings_->ReadGlobalSettings();
     86 
     87   // Force-installed extensions cannot be overwritten manually.
     88   if (!Manifest::IsPolicyLocation(extension->location()) &&
     89       by_id.installation_mode == ExtensionManagement::INSTALLATION_FORCED) {
     90     return ReturnLoadError(extension, error);
     91   }
     92 
     93   // Check whether the extension type is allowed.
     94   //
     95   // If you get a compile error here saying that the type you added is not
     96   // handled by the switch statement below, please consider whether enterprise
     97   // policy should be able to disallow extensions of the new type. If so, add
     98   // a branch to the second block and add a line to the definition of
     99   // kExtensionAllowedTypesMap in configuration_policy_handler_list.cc.
    100   switch (extension->GetType()) {
    101     case Manifest::TYPE_UNKNOWN:
    102       break;
    103     case Manifest::TYPE_EXTENSION:
    104     case Manifest::TYPE_THEME:
    105     case Manifest::TYPE_USER_SCRIPT:
    106     case Manifest::TYPE_HOSTED_APP:
    107     case Manifest::TYPE_LEGACY_PACKAGED_APP:
    108     case Manifest::TYPE_PLATFORM_APP:
    109     case Manifest::TYPE_SHARED_MODULE: {
    110       if (global.has_restricted_allowed_types &&
    111           std::find(global.allowed_types.begin(),
    112                     global.allowed_types.end(),
    113                     extension->GetType()) == global.allowed_types.end()) {
    114         return ReturnLoadError(extension, error);
    115       }
    116       break;
    117     }
    118     case Manifest::NUM_LOAD_TYPES:
    119       NOTREACHED();
    120   }
    121 
    122   if (by_id.installation_mode == ExtensionManagement::INSTALLATION_BLOCKED)
    123     return ReturnLoadError(extension, error);
    124 
    125   return true;
    126 }
    127 
    128 bool StandardManagementPolicyProvider::UserMayModifySettings(
    129     const Extension* extension,
    130     base::string16* error) const {
    131   return AdminPolicyIsModifiable(extension, error) ||
    132          (extension->location() == extensions::Manifest::EXTERNAL_COMPONENT &&
    133           ExternalComponentLoader::IsModifiable(extension));
    134 }
    135 
    136 bool StandardManagementPolicyProvider::MustRemainEnabled(
    137     const Extension* extension,
    138     base::string16* error) const {
    139   return !AdminPolicyIsModifiable(extension, error) ||
    140          (extension->location() == extensions::Manifest::EXTERNAL_COMPONENT &&
    141           ExternalComponentLoader::IsModifiable(extension));
    142 }
    143 
    144 }  // namespace extensions
    145