1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.h"
9 #include "base/logging.h"
10 #include "base/strings/utf_string_conversions.h"
11 #include "extensions/common/extension.h"
12 #include "extensions/common/manifest.h"
13 #include "grit/generated_resources.h"
14 #include "ui/base/l10n/l10n_util.h"
20 // Apps/extensions explicitly whitelisted for use in public sessions.
21 const char* kPublicSessionWhitelist[] = {
22 // Public sessions in general:
23 "cbkkbcmdlboombapidmoeolnmdacpkch", // Chrome RDP
24 "djflhoibgkdhkhhcedjiklpkjnoahfmg", // User Agent Switcher
25 "iabmpiboiopbgfabjmgeedhcmjenhbla", // VNC Viewer
28 "aclofikceldphonlfmghmimkodjdmhck", // Ancoris login component
29 "eilbnahdgoddoedakcmfkcgfoegeloil", // Ancoris proxy component
30 "ceehlgckkmkaoggdnjhibffkphfnphmg", // Libdata login
33 "ehcabepphndocfmgbdkbjibfodelmpbb", // Angry Birds demo
34 "kgimkbnclbekdkabkpjhpakhhalfanda", // Bejeweled demo
35 "joodangkbfjnajiiifokapkpmhfnpleo", // Calculator
36 "fpgfohogebplgnamlafljlcidjedbdeb", // Calendar demo
37 "hfhhnacclhffhdffklopdkcgdhifgngh", // Camera
38 "cdjikkcakjcdjemakobkmijmikhkegcj", // Chrome Remote Desktop demo
39 "jkoildpomkimndcphjpffmephmcmkfhn", // Chromebook Demo App
40 "ielkookhdphmgbipcfmafkaiagademfp", // Custom bookmarks
41 "kogjlbfgggambihdjcpijgcbmenblimd", // Custom bookmarks
42 "ogbkmlkceflgpilgbmbcfbifckpkfacf", // Custom bookmarks
43 "pbbbjjecobhljkkcenlakfnkmkfkfamd", // Custom bookmarks
44 "jkbfjmnjcdmhlfpephomoiipbhcoiffb", // Custom bookmarks
45 "dgmblbpgafgcgpkoiilhjifindhinmai", // Custom bookmarks
46 "iggnealjakkgfofealilhkkclnbnfnmo", // Custom bookmarks
47 "lplkobnahgbopmpkdapaihnnojkphahc", // Custom bookmarks
48 "lejnflfhjpcannpaghnahbedlabpmhoh", // Custom bookmarks
49 "ebkhfdfghngbimnpgelagnfacdafhaba", // Deezer demo
50 "npnjdccdffhdndcbeappiamcehbhjibf", // Docs.app demo
51 "iddohohhpmajlkbejjjcfednjnhlnenk", // Evernote demo
52 "bjdhhokmhgelphffoafoejjmlfblpdha", // Gmail demo
53 "mdhnphfgagkpdhndljccoackjjhghlif", // Google Drive demo
54 "dondgdlndnpianbklfnehgdhkickdjck", // Google Keep demo
55 "fgjnkhlabjcaajddbaenilcmpcidahll", // Google+ demo
56 "ifpkhncdnjfipfjlhfidljjffdgklanh", // Google+ Photos demo
57 "cgmlfbhkckbedohgdepgbkflommbfkep", // Hangouts.app demo
58 "edhhaiphkklkcfcbnlbpbiepchnkgkpn", // Helper.extension demo
59 "diehajhcjifpahdplfdkhiboknagmfii", // Kindle demo
60 "nhpmmldpbfjofkipjaieeomhnmcgihfm", // Menu.app demo
61 "onbhgdmifjebcabplolilidlpgeknifi", // Music.app demo
62 "kkkbcoabfhgekpnddfkaphobhinociem", // Netflix demo
63 "adlphlfdhhjenpgimjochcpelbijkich", // New York Times demo
64 "cgefhjmlaifaamhhoojmpcnihlbddeki", // Pandora demo
65 "kpjjigggmcjinapdeipapdcnmnjealll", // Pixlr demo
66 "aleodiobpjillgfjdkblghiiaegggmcm", // Quickoffice demo
67 "nifkmgcdokhkjghdlgflonppnefddien", // Sheets demo
68 "hdmobeajeoanbanmdlabnbnlopepchip", // Slides demo
69 "dgohlccohkojjgkkfholmobjjoledflp", // Spotify demo
70 "dhmdaeekeihmajjnmichlhiffffdbpde", // Store.app demo
71 "jeabmjjifhfcejonjjhccaeigpnnjaak", // TweetDeck demo
72 "pbdihpaifchmclcmkfdgffnnpfbobefh", // YouTube demo
74 // Testing extensions:
75 "ongnjlefhnoajpbodoldndkbkdgfomlp", // Show Managed Storage
80 DeviceLocalAccountManagementPolicyProvider::
81 DeviceLocalAccountManagementPolicyProvider(
82 policy::DeviceLocalAccount::Type account_type)
83 : account_type_(account_type) {
86 DeviceLocalAccountManagementPolicyProvider::
87 ~DeviceLocalAccountManagementPolicyProvider() {
90 std::string DeviceLocalAccountManagementPolicyProvider::
91 GetDebugPolicyProviderName() const {
96 return "whitelist for device-local accounts";
100 bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad(
101 const extensions::Extension* extension,
102 base::string16* error) const {
103 if (account_type_ == policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION) {
104 // Allow extension if it is an externally hosted component of Chrome.
105 if (extension->location() ==
106 extensions::Manifest::EXTERNAL_COMPONENT) {
110 // Allow extension if its type is whitelisted for use in public sessions.
111 if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP)
114 // Allow extension if its specific ID is whitelisted for use in public
116 for (size_t i = 0; i < arraysize(kPublicSessionWhitelist); ++i) {
117 if (extension->id() == kPublicSessionWhitelist[i])
120 } else if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) {
121 // For single-app kiosk sessions, allow only platform apps.
122 if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP)
126 // Disallow all other extensions.
128 *error = l10n_util::GetStringFUTF16(
129 IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT,
130 base::UTF8ToUTF16(extension->name()),
131 base::UTF8ToUTF16(extension->id()));
136 } // namespace chromeos