1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "extensions/browser/admin_policy.h"
7 #include "base/strings/utf_string_conversions.h"
8 #include "extensions/common/extension.h"
9 #include "extensions/common/manifest.h"
10 #include "grit/generated_resources.h"
11 #include "ui/base/l10n/l10n_util.h"
15 bool ManagementPolicyImpl(const extensions::Extension* extension,
16 base::string16* error,
17 bool modifiable_value) {
19 !extensions::Manifest::IsComponentLocation(extension->location()) &&
20 !extensions::Manifest::IsPolicyLocation(extension->location());
21 // Some callers equate "no restriction" to true, others to false.
23 return modifiable_value;
26 *error = l10n_util::GetStringFUTF16(
27 IDS_EXTENSION_CANT_MODIFY_POLICY_REQUIRED,
28 base::UTF8ToUTF16(extension->name()));
30 return !modifiable_value;
33 bool ReturnLoadError(const extensions::Extension* extension,
34 base::string16* error) {
36 *error = l10n_util::GetStringFUTF16(
37 IDS_EXTENSION_CANT_INSTALL_POLICY_BLOCKED,
38 base::UTF8ToUTF16(extension->name()),
39 base::UTF8ToUTF16(extension->id()));
46 namespace extensions {
47 namespace admin_policy {
49 bool BlacklistedByDefault(const base::ListValue* blacklist) {
50 base::StringValue wildcard("*");
51 return blacklist && blacklist->Find(wildcard) != blacklist->end();
54 bool UserMayLoad(const base::ListValue* blacklist,
55 const base::ListValue* whitelist,
56 const base::DictionaryValue* forcelist,
57 const base::ListValue* allowed_types,
58 const Extension* extension,
59 base::string16* error) {
60 // Component extensions are always allowed.
61 if (extension->location() == Manifest::COMPONENT)
64 // Forced installed extensions cannot be overwritten manually.
65 if (extension->location() != Manifest::EXTERNAL_POLICY &&
66 extension->location() != Manifest::EXTERNAL_POLICY_DOWNLOAD &&
67 forcelist && forcelist->HasKey(extension->id())) {
68 return ReturnLoadError(extension, error);
71 // Early exit for the common case of no policy restrictions.
72 if ((!blacklist || blacklist->empty()) && (!allowed_types))
75 // Check whether the extension type is allowed.
77 // If you get a compile error here saying that the type you added is not
78 // handled by the switch statement below, please consider whether enterprise
79 // policy should be able to disallow extensions of the new type. If so, add a
80 // branch to the second block and add a line to the definition of
81 // kExtensionAllowedTypesMap in configuration_policy_handler_list.cc.
82 switch (extension->GetType()) {
83 case Manifest::TYPE_UNKNOWN:
85 case Manifest::TYPE_EXTENSION:
86 case Manifest::TYPE_THEME:
87 case Manifest::TYPE_USER_SCRIPT:
88 case Manifest::TYPE_HOSTED_APP:
89 case Manifest::TYPE_LEGACY_PACKAGED_APP:
90 case Manifest::TYPE_PLATFORM_APP:
91 case Manifest::TYPE_SHARED_MODULE:
92 base::FundamentalValue type_value(extension->GetType());
94 allowed_types->Find(type_value) == allowed_types->end())
95 return ReturnLoadError(extension, error);
99 // Check the whitelist/forcelist first.
100 base::StringValue id_value(extension->id());
101 if ((whitelist && whitelist->Find(id_value) != whitelist->end()) ||
102 (forcelist && forcelist->HasKey(extension->id())))
105 // Then check the admin blacklist.
106 if ((blacklist && blacklist->Find(id_value) != blacklist->end()) ||
107 BlacklistedByDefault(blacklist))
108 return ReturnLoadError(extension, error);
113 bool UserMayModifySettings(const Extension* extension, base::string16* error) {
114 return ManagementPolicyImpl(extension, error, true);
117 bool MustRemainEnabled(const Extension* extension, base::string16* error) {
118 return ManagementPolicyImpl(extension, error, false);
121 } // namespace admin_policy
122 } // namespace extensions
projects / platform / framework / web / crosswalk.git / blob