#ifndef CHROME_BROWSER_EXTENSIONS_EXTENSION_MANAGEMENT_H_
#define CHROME_BROWSER_EXTENSIONS_EXTENSION_MANAGEMENT_H_
-#include <map>
#include <string>
#include <vector>
+#include "base/containers/scoped_ptr_hash_map.h"
#include "base/macros.h"
+#include "base/memory/ref_counted.h"
#include "base/memory/scoped_ptr.h"
+#include "base/memory/scoped_vector.h"
#include "base/memory/singleton.h"
#include "base/observer_list.h"
#include "base/prefs/pref_change_registrar.h"
#include "extensions/browser/management_policy.h"
#include "extensions/common/extension.h"
#include "extensions/common/manifest.h"
-#include "extensions/common/url_pattern_set.h"
class GURL;
class PrefService;
namespace extensions {
+namespace internal {
+
+struct IndividualSettings;
+struct GlobalSettings;
+
+} // namespace internal
+
+class APIPermissionSet;
+class PermissionSet;
+
// Tracks the management policies that affect extensions and provides interfaces
// for observing and obtaining the global settings for all extensions, as well
// as per-extension settings.
public:
virtual ~Observer() {}
- // Will be called when an extension management preference changes.
+ // Called when the extension management settings change.
virtual void OnExtensionManagementSettingsChanged() = 0;
};
INSTALLATION_RECOMMENDED,
};
- // Class to hold extension management settings for one or a group of
- // extensions. Settings can be applied to an individual extension identified
- // by an ID, a group of extensions with specific |update_url| or all
- // extensions at once.
- struct IndividualSettings {
- IndividualSettings();
- ~IndividualSettings();
-
- void Reset();
-
- // Extension installation mode. Setting this to INSTALLATION_FORCED or
- // INSTALLATION_RECOMMENDED will enable extension auto-loading (only
- // applicable to single extension), and in this case the |update_url| must
- // be specified, containing the update URL for this extension.
- // Note that |update_url| will be ignored for INSTALLATION_ALLOWED and
- // INSTALLATION_BLOCKED installation mode.
- // These settings will override the default settings, and unspecified
- // settings will take value from default settings.
- InstallationMode installation_mode;
- std::string update_url;
- };
-
- // Global extension management settings, applicable to all extensions.
- struct GlobalSettings {
- GlobalSettings();
- ~GlobalSettings();
-
- void Reset();
-
- // Settings specifying which URLs are allowed to install extensions, will be
- // enforced only if |has_restricted_install_sources| is set to true.
- URLPatternSet install_sources;
- bool has_restricted_install_sources;
-
- // Settings specifying all allowed app/extension types, will be enforced
- // only of |has_restricted_allowed_types| is set to true.
- std::vector<Manifest::Type> allowed_types;
- bool has_restricted_allowed_types;
- };
-
- typedef std::map<ExtensionId, IndividualSettings> SettingsIdMap;
-
explicit ExtensionManagement(PrefService* pref_service);
- virtual ~ExtensionManagement();
+ ~ExtensionManagement() override;
+
+ // KeyedService implementations:
+ void Shutdown() override;
void AddObserver(Observer* observer);
void RemoveObserver(Observer* observer);
- // Get the ManagementPolicy::Provider controlled by extension management
- // policy settings.
- ManagementPolicy::Provider* GetProvider();
+ // Get the list of ManagementPolicy::Provider controlled by extension
+ // management policy settings.
+ std::vector<ManagementPolicy::Provider*> GetProviders() const;
// Checks if extensions are blacklisted by default, by policy. When true,
// this means that even extensions without an ID should be blacklisted (e.g.
// from the command line, or when loaded as an unpacked extension).
- bool BlacklistedByDefault();
+ bool BlacklistedByDefault() const;
+
+ // Returns installation mode for an extension.
+ InstallationMode GetInstallationMode(const Extension* extension) const;
// Returns the force install list, in format specified by
// ExternalPolicyLoader::AddExtension().
scoped_ptr<base::DictionaryValue> GetForceInstallList() const;
+ // Like GetForceInstallList(), but returns recommended install list instead.
+ scoped_ptr<base::DictionaryValue> GetRecommendedInstallList() const;
+
// Returns if an extension with id |id| is explicitly allowed by enterprise
// policy or not.
bool IsInstallationExplicitlyAllowed(const ExtensionId& id) const;
// Returns true if an extension download should be allowed to proceed.
- bool IsOffstoreInstallAllowed(const GURL& url, const GURL& referrer_url);
+ bool IsOffstoreInstallAllowed(const GURL& url,
+ const GURL& referrer_url) const;
- // Helper function to read |settings_by_id_| with |id| as key. Returns a
- // constant reference to default settings if |id| does not exist.
- const IndividualSettings& ReadById(const ExtensionId& id) const;
+ // Returns true if an extension with manifest type |manifest_type| is
+ // allowed to be installed.
+ bool IsAllowedManifestType(Manifest::Type manifest_type) const;
- // Returns a constant reference to |global_settings_|.
- const GlobalSettings& ReadGlobalSettings() const;
+ // Returns the list of blocked API permissions for |extension|.
+ APIPermissionSet GetBlockedAPIPermissions(const Extension* extension) const;
+
+ // Returns blocked permission set for |extension|.
+ scoped_refptr<const PermissionSet> GetBlockedPermissions(
+ const Extension* extension) const;
+
+ // Returns true if every permission in |perms| is allowed for |extension|.
+ bool IsPermissionSetAllowed(const Extension* extension,
+ scoped_refptr<const PermissionSet> perms) const;
private:
+ typedef base::ScopedPtrHashMap<ExtensionId, internal::IndividualSettings>
+ SettingsIdMap;
+ typedef base::ScopedPtrHashMap<std::string, internal::IndividualSettings>
+ SettingsUpdateUrlMap;
+ friend class ExtensionManagementServiceTest;
+
// Load all extension management preferences from |pref_service|, and
// refresh the settings.
void Refresh();
// Helper function to access |settings_by_id_| with |id| as key.
// Adds a new IndividualSettings entry to |settings_by_id_| if none exists for
// |id| yet.
- IndividualSettings* AccessById(const ExtensionId& id);
+ internal::IndividualSettings* AccessById(const ExtensionId& id);
+
+ // Similar to AccessById(), but access |settings_by_update_url_| instead.
+ internal::IndividualSettings* AccessByUpdateUrl(
+ const std::string& update_url);
// A map containing all IndividualSettings applied to an individual extension
// identified by extension ID. The extension ID is used as index key of the
// map.
- // TODO(binjin): Add |settings_by_update_url_|, and implement mechanism for
- // it.
SettingsIdMap settings_by_id_;
+ // Similar to |settings_by_id_|, but contains the settings for a group of
+ // extensions with same update URL. The update url itself is used as index
+ // key for the map.
+ SettingsUpdateUrlMap settings_by_update_url_;
+
// The default IndividualSettings.
// For extension settings applied to an individual extension (identified by
// extension ID) or a group of extension (with specified extension update
// URL), all unspecified part will take value from |default_settings_|.
// For all other extensions, all settings from |default_settings_| will be
// enforced.
- IndividualSettings default_settings_;
+ scoped_ptr<internal::IndividualSettings> default_settings_;
// Extension settings applicable to all extensions.
- GlobalSettings global_settings_;
+ scoped_ptr<internal::GlobalSettings> global_settings_;
PrefService* pref_service_;
ObserverList<Observer, true> observer_list_;
PrefChangeRegistrar pref_change_registrar_;
- scoped_ptr<ManagementPolicy::Provider> provider_;
+ ScopedVector<ManagementPolicy::Provider> providers_;
DISALLOW_COPY_AND_ASSIGN(ExtensionManagement);
};
friend struct DefaultSingletonTraits<ExtensionManagementFactory>;
ExtensionManagementFactory();
- virtual ~ExtensionManagementFactory();
+ ~ExtensionManagementFactory() override;
// BrowserContextKeyedServiceExtensionManagementFactory:
- virtual KeyedService* BuildServiceInstanceFor(
- content::BrowserContext* context) const OVERRIDE;
- virtual content::BrowserContext* GetBrowserContextToUse(
- content::BrowserContext* context) const OVERRIDE;
- virtual void RegisterProfilePrefs(
- user_prefs::PrefRegistrySyncable* registry) OVERRIDE;
+ KeyedService* BuildServiceInstanceFor(
+ content::BrowserContext* context) const override;
+ content::BrowserContext* GetBrowserContextToUse(
+ content::BrowserContext* context) const override;
+ void RegisterProfilePrefs(
+ user_prefs::PrefRegistrySyncable* registry) override;
DISALLOW_COPY_AND_ASSIGN(ExtensionManagementFactory);
};