forked from chromium/chromium
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow explicitly whitelisted apps/extensions in public sessions
This CL adds an extension management policy provider that allows explicitly whitelisted apps/extensions to be installed in public sessions. Right now, QuickOffice and all hosted apps are whitelisted. BUG=296868 TEST=New browser and unit tests Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=226494 Review URL: https://codereview.chromium.org/24261010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@227641 0039d316-1c4b-4281-b951-d872f2087c98
- Loading branch information
bartfab@chromium.org
committed
Oct 9, 2013
1 parent
5906629
commit 1a64361
Showing
20 changed files
with
721 additions
and
63 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
79 changes: 79 additions & 0 deletions
79
chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
// Copyright 2013 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#include "chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.h" | ||
|
||
#include <string> | ||
|
||
#include "base/logging.h" | ||
#include "base/strings/utf_string_conversions.h" | ||
#include "chrome/common/extensions/extension.h" | ||
#include "extensions/common/manifest.h" | ||
#include "grit/generated_resources.h" | ||
#include "ui/base/l10n/l10n_util.h" | ||
|
||
namespace chromeos { | ||
|
||
namespace { | ||
|
||
// Apps/extensions explicitly whitelisted for use in device-local accounts. | ||
const char* kDeviceLocalAccountWhitelist[] = { | ||
"bpmcpldpdmajfigpchkicefoigmkfalc", // QuickOffice | ||
}; | ||
|
||
} // namespace | ||
|
||
DeviceLocalAccountManagementPolicyProvider:: | ||
DeviceLocalAccountManagementPolicyProvider( | ||
policy::DeviceLocalAccount::Type account_type) | ||
: account_type_(account_type) { | ||
} | ||
|
||
DeviceLocalAccountManagementPolicyProvider:: | ||
~DeviceLocalAccountManagementPolicyProvider() { | ||
} | ||
|
||
std::string DeviceLocalAccountManagementPolicyProvider:: | ||
GetDebugPolicyProviderName() const { | ||
#if defined(NDEBUG) | ||
NOTREACHED(); | ||
return std::string(); | ||
#else | ||
return "whitelist for device-local accounts"; | ||
#endif | ||
} | ||
|
||
bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad( | ||
const extensions::Extension* extension, | ||
string16* error) const { | ||
if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) { | ||
// For single-app kiosk sessions, allow only platform apps. | ||
if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP) | ||
return true; | ||
|
||
} else { | ||
// Allow extension if its type is whitelisted for use in device-local | ||
// accounts. | ||
if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP) | ||
return true; | ||
|
||
// Allow extension if its specific ID is whitelisted for use in device-local | ||
// accounts. | ||
for (size_t i = 0; i < arraysize(kDeviceLocalAccountWhitelist); ++i) { | ||
if (extension->id() == kDeviceLocalAccountWhitelist[i]) | ||
return true; | ||
} | ||
} | ||
|
||
// Disallow all other extensions. | ||
if (error) { | ||
*error = l10n_util::GetStringFUTF16( | ||
IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT, | ||
UTF8ToUTF16(extension->name()), | ||
UTF8ToUTF16(extension->id())); | ||
} | ||
return false; | ||
} | ||
|
||
} // namespace chromeos |
38 changes: 38 additions & 0 deletions
38
chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.h
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
// Copyright 2013 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#ifndef CHROME_BROWSER_CHROMEOS_EXTENSIONS_DEVICE_LOCAL_ACCOUNT_MANAGEMENT_POLICY_PROVIDER_H_ | ||
#define CHROME_BROWSER_CHROMEOS_EXTENSIONS_DEVICE_LOCAL_ACCOUNT_MANAGEMENT_POLICY_PROVIDER_H_ | ||
|
||
#include "base/basictypes.h" | ||
#include "base/compiler_specific.h" | ||
#include "chrome/browser/chromeos/policy/device_local_account.h" | ||
#include "chrome/browser/extensions/management_policy.h" | ||
|
||
namespace chromeos { | ||
|
||
// A managed policy for device-local accounts that ensures only extensions whose | ||
// type or ID has been whitelisted for use in device-local accounts can be | ||
// installed. | ||
class DeviceLocalAccountManagementPolicyProvider | ||
: public extensions::ManagementPolicy::Provider { | ||
public: | ||
explicit DeviceLocalAccountManagementPolicyProvider( | ||
policy::DeviceLocalAccount::Type account_type); | ||
virtual ~DeviceLocalAccountManagementPolicyProvider(); | ||
|
||
// extensions::ManagementPolicy::Provider: | ||
virtual std::string GetDebugPolicyProviderName() const OVERRIDE; | ||
virtual bool UserMayLoad(const extensions::Extension* extension, | ||
string16* error) const OVERRIDE; | ||
|
||
private: | ||
const policy::DeviceLocalAccount::Type account_type_; | ||
|
||
DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountManagementPolicyProvider); | ||
}; | ||
|
||
} // namespace chromeos | ||
|
||
#endif // CHROME_BROWSER_CHROMEOS_EXTENSIONS_DEVICE_LOCAL_ACCOUNT_MANAGEMENT_POLICY_PROVIDER_H_ |
124 changes: 124 additions & 0 deletions
124
...e/browser/chromeos/extensions/device_local_account_management_policy_provider_unittest.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,124 @@ | ||
// Copyright 2013 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#include "chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.h" | ||
|
||
#include <string> | ||
|
||
#include "base/files/file_path.h" | ||
#include "base/memory/ref_counted.h" | ||
#include "base/values.h" | ||
#include "chrome/common/extensions/extension.h" | ||
#include "extensions/common/manifest.h" | ||
#include "extensions/common/manifest_constants.h" | ||
#include "testing/gtest/include/gtest/gtest.h" | ||
|
||
namespace chromeos { | ||
|
||
namespace { | ||
|
||
const char kWhitelistedId[] = "bpmcpldpdmajfigpchkicefoigmkfalc"; | ||
|
||
scoped_refptr<const extensions::Extension> CreateExtensionFromValues( | ||
const std::string& id, | ||
base::DictionaryValue* values) { | ||
values->SetString(extensions::manifest_keys::kName, "test"); | ||
values->SetString(extensions::manifest_keys::kVersion, "0.1"); | ||
std::string error; | ||
return extensions::Extension::Create(base::FilePath(), | ||
extensions::Manifest::INTERNAL, | ||
*values, | ||
extensions::Extension::NO_FLAGS, | ||
id, | ||
&error); | ||
} | ||
|
||
scoped_refptr<const extensions::Extension> CreateExtension( | ||
const std::string& id) { | ||
base::DictionaryValue values; | ||
return CreateExtensionFromValues(id, &values); | ||
} | ||
|
||
scoped_refptr<const extensions::Extension> CreateHostedApp() { | ||
base::DictionaryValue values; | ||
values.Set(extensions::manifest_keys::kApp, new base::DictionaryValue); | ||
values.Set(extensions::manifest_keys::kWebURLs, new base::ListValue); | ||
return CreateExtensionFromValues(std::string(), &values); | ||
} | ||
|
||
scoped_refptr<const extensions::Extension> CreatePlatformApp() { | ||
base::DictionaryValue values; | ||
values.Set(extensions::manifest_keys::kApp, new base::DictionaryValue); | ||
values.Set(extensions::manifest_keys::kPlatformAppBackground, | ||
new base::DictionaryValue); | ||
values.Set(extensions::manifest_keys::kPlatformAppBackgroundPage, | ||
new base::StringValue("background.html")); | ||
return CreateExtensionFromValues(std::string(), &values); | ||
} | ||
|
||
} // namespace | ||
|
||
TEST(DeviceLocalAccountManagementPolicyProviderTest, PublicSession) { | ||
DeviceLocalAccountManagementPolicyProvider | ||
provider(policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION); | ||
|
||
// Verify that if an extension's type has been whitelisted for use in | ||
// device-local accounts, the extension can be installed. | ||
scoped_refptr<const extensions::Extension> extension = CreateHostedApp(); | ||
ASSERT_TRUE(extension); | ||
string16 error; | ||
EXPECT_TRUE(provider.UserMayLoad(extension.get(), &error)); | ||
EXPECT_EQ(string16(), error); | ||
error.clear(); | ||
|
||
// Verify that if an extension's ID has been explicitly whitelisted for use in | ||
// device-local accounts, the extension can be installed. | ||
extension = CreateExtension(kWhitelistedId); | ||
ASSERT_TRUE(extension); | ||
EXPECT_TRUE(provider.UserMayLoad(extension.get(), &error)); | ||
EXPECT_EQ(string16(), error); | ||
error.clear(); | ||
|
||
// Verify that if neither the type nor the ID of an extension have been | ||
// whitelisted for use in device-local accounts, the extension cannot be | ||
// installed. | ||
extension = CreateExtension(std::string()); | ||
ASSERT_TRUE(extension); | ||
EXPECT_FALSE(provider.UserMayLoad(extension.get(), &error)); | ||
EXPECT_NE(string16(), error); | ||
error.clear(); | ||
} | ||
|
||
TEST(DeviceLocalAccountManagementPolicyProviderTest, KioskAppSession) { | ||
DeviceLocalAccountManagementPolicyProvider | ||
provider(policy::DeviceLocalAccount::TYPE_KIOSK_APP); | ||
|
||
// Verify that a platform app can be installed. | ||
scoped_refptr<const extensions::Extension> extension = CreatePlatformApp(); | ||
ASSERT_TRUE(extension); | ||
string16 error; | ||
EXPECT_TRUE(provider.UserMayLoad(extension.get(), &error)); | ||
EXPECT_EQ(string16(), error); | ||
error.clear(); | ||
|
||
// Verify that an extension whose type has been whitelisted for use in other | ||
// types of device-local accounts cannot be installed in a single-app kiosk | ||
// session. | ||
extension = CreateHostedApp(); | ||
ASSERT_TRUE(extension); | ||
EXPECT_FALSE(provider.UserMayLoad(extension.get(), &error)); | ||
EXPECT_NE(string16(), error); | ||
error.clear(); | ||
|
||
// Verify that an extension whose ID has been whitelisted for use in other | ||
// types of device-local accounts cannot be installed in a single-app kiosk | ||
// session. | ||
extension = CreateExtension(kWhitelistedId); | ||
ASSERT_TRUE(extension); | ||
EXPECT_FALSE(provider.UserMayLoad(extension.get(), &error)); | ||
EXPECT_NE(string16(), error); | ||
error.clear(); | ||
} | ||
|
||
} // namespace chromeos |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.