src/chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.h"
   6
   7 #include <string>
   8
   9 #include "base/logging.h"
  10 #include "base/strings/utf_string_conversions.h"
  11 #include "extensions/common/extension.h"
  12 #include "extensions/common/manifest.h"
  13 #include "grit/generated_resources.h"
  14 #include "ui/base/l10n/l10n_util.h"
  15
  16 namespace chromeos {
  17
  18 namespace {
  19
  20 // Apps/extensions explicitly whitelisted for use in public sessions.
  21 const char* kPublicSessionWhitelist[] = {
  22     // Public sessions in general:
  23     "cbkkbcmdlboombapidmoeolnmdacpkch",  // Chrome RDP
  24     "djflhoibgkdhkhhcedjiklpkjnoahfmg",  // User Agent Switcher
  25     "iabmpiboiopbgfabjmgeedhcmjenhbla",  // VNC Viewer
  26
  27     // Libraries:
  28     "aclofikceldphonlfmghmimkodjdmhck",  // Ancoris login component
  29     "eilbnahdgoddoedakcmfkcgfoegeloil",  // Ancoris proxy component
  30     "ceehlgckkmkaoggdnjhibffkphfnphmg",  // Libdata login
  31
  32     // Retail mode:
  33     "ehcabepphndocfmgbdkbjibfodelmpbb",  // Angry Birds demo
  34     "kgimkbnclbekdkabkpjhpakhhalfanda",  // Bejeweled demo
  35     "joodangkbfjnajiiifokapkpmhfnpleo",  // Calculator
  36     "fpgfohogebplgnamlafljlcidjedbdeb",  // Calendar demo
  37     "hfhhnacclhffhdffklopdkcgdhifgngh",  // Camera
  38     "cdjikkcakjcdjemakobkmijmikhkegcj",  // Chrome Remote Desktop demo
  39     "jkoildpomkimndcphjpffmephmcmkfhn",  // Chromebook Demo App
  40     "ielkookhdphmgbipcfmafkaiagademfp",  // Custom bookmarks
  41     "kogjlbfgggambihdjcpijgcbmenblimd",  // Custom bookmarks
  42     "ogbkmlkceflgpilgbmbcfbifckpkfacf",  // Custom bookmarks
  43     "pbbbjjecobhljkkcenlakfnkmkfkfamd",  // Custom bookmarks
  44     "jkbfjmnjcdmhlfpephomoiipbhcoiffb",  // Custom bookmarks
  45     "dgmblbpgafgcgpkoiilhjifindhinmai",  // Custom bookmarks
  46     "iggnealjakkgfofealilhkkclnbnfnmo",  // Custom bookmarks
  47     "lplkobnahgbopmpkdapaihnnojkphahc",  // Custom bookmarks
  48     "lejnflfhjpcannpaghnahbedlabpmhoh",  // Custom bookmarks
  49     "ebkhfdfghngbimnpgelagnfacdafhaba",  // Deezer demo
  50     "npnjdccdffhdndcbeappiamcehbhjibf",  // Docs.app demo
  51     "iddohohhpmajlkbejjjcfednjnhlnenk",  // Evernote demo
  52     "bjdhhokmhgelphffoafoejjmlfblpdha",  // Gmail demo
  53     "mdhnphfgagkpdhndljccoackjjhghlif",  // Google Drive demo
  54     "dondgdlndnpianbklfnehgdhkickdjck",  // Google Keep demo
  55     "fgjnkhlabjcaajddbaenilcmpcidahll",  // Google+ demo
  56     "ifpkhncdnjfipfjlhfidljjffdgklanh",  // Google+ Photos demo
  57     "cgmlfbhkckbedohgdepgbkflommbfkep",  // Hangouts.app demo
  58     "edhhaiphkklkcfcbnlbpbiepchnkgkpn",  // Helper.extension demo
  59     "diehajhcjifpahdplfdkhiboknagmfii",  // Kindle demo
  60     "nhpmmldpbfjofkipjaieeomhnmcgihfm",  // Menu.app demo
  61     "onbhgdmifjebcabplolilidlpgeknifi",  // Music.app demo
  62     "kkkbcoabfhgekpnddfkaphobhinociem",  // Netflix demo
  63     "adlphlfdhhjenpgimjochcpelbijkich",  // New York Times demo
  64     "cgefhjmlaifaamhhoojmpcnihlbddeki",  // Pandora demo
  65     "kpjjigggmcjinapdeipapdcnmnjealll",  // Pixlr demo
  66     "aleodiobpjillgfjdkblghiiaegggmcm",  // Quickoffice demo
  67     "nifkmgcdokhkjghdlgflonppnefddien",  // Sheets demo
  68     "hdmobeajeoanbanmdlabnbnlopepchip",  // Slides demo
  69     "dgohlccohkojjgkkfholmobjjoledflp",  // Spotify demo
  70     "dhmdaeekeihmajjnmichlhiffffdbpde",  // Store.app demo
  71     "jeabmjjifhfcejonjjhccaeigpnnjaak",  // TweetDeck demo
  72     "pbdihpaifchmclcmkfdgffnnpfbobefh",  // YouTube demo
  73
  74     // Testing extensions:
  75     "ongnjlefhnoajpbodoldndkbkdgfomlp",  // Show Managed Storage
  76 };
  77
  78 }  // namespace
  79
  80 DeviceLocalAccountManagementPolicyProvider::
  81     DeviceLocalAccountManagementPolicyProvider(
  82         policy::DeviceLocalAccount::Type account_type)
  83     : account_type_(account_type) {
  84 }
  85
  86 DeviceLocalAccountManagementPolicyProvider::
  87     ~DeviceLocalAccountManagementPolicyProvider() {
  88 }
  89
  90 std::string DeviceLocalAccountManagementPolicyProvider::
  91     GetDebugPolicyProviderName() const {
  92 #if defined(NDEBUG)
  93   NOTREACHED();
  94   return std::string();
  95 #else
  96   return "whitelist for device-local accounts";
  97 #endif
  98 }
  99
 100 bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad(
 101     const extensions::Extension* extension,
 102     base::string16* error) const {
 103   if (account_type_ == policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION) {
 104     // Allow extension if it is an externally hosted component of Chrome.
 105     if (extension->location() ==
 106         extensions::Manifest::EXTERNAL_COMPONENT) {
 107       return true;
 108     }
 109
 110     // Allow extension if its type is whitelisted for use in public sessions.
 111     if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP)
 112       return true;
 113
 114     // Allow extension if its specific ID is whitelisted for use in public
 115     // sessions.
 116     for (size_t i = 0; i < arraysize(kPublicSessionWhitelist); ++i) {
 117       if (extension->id() == kPublicSessionWhitelist[i])
 118         return true;
 119     }
 120   } else if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) {
 121     // For single-app kiosk sessions, allow only platform apps.
 122     if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP)
 123       return true;
 124   }
 125
 126   // Disallow all other extensions.
 127   if (error) {
 128     *error = l10n_util::GetStringFUTF16(
 129           IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT,
 130           base::UTF8ToUTF16(extension->name()),
 131           base::UTF8ToUTF16(extension->id()));
 132   }
 133   return false;
 134 }
 135
 136 }  // namespace chromeos