Updating trunk VERSION from 2139.0 to 2140.0
[chromium-blink-merge.git] / extensions / browser / admin_policy.cc
blob5213db603ebf5721b10a5e96eac93833c689e24d
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "extensions/browser/admin_policy.h"
7 #include "base/strings/utf_string_conversions.h"
8 #include "extensions/common/extension.h"
9 #include "extensions/common/manifest.h"
10 #include "grit/extensions_strings.h"
11 #include "ui/base/l10n/l10n_util.h"
13 namespace {
15 bool ManagementPolicyImpl(const extensions::Extension* extension,
16 base::string16* error,
17 bool modifiable_value) {
18 bool modifiable =
19 !extensions::Manifest::IsComponentLocation(extension->location()) &&
20 !extensions::Manifest::IsPolicyLocation(extension->location());
21 // Some callers equate "no restriction" to true, others to false.
22 if (modifiable)
23 return modifiable_value;
25 if (error) {
26 *error = l10n_util::GetStringFUTF16(
27 IDS_EXTENSION_CANT_MODIFY_POLICY_REQUIRED,
28 base::UTF8ToUTF16(extension->name()));
30 return !modifiable_value;
33 bool ReturnLoadError(const extensions::Extension* extension,
34 base::string16* error) {
35 if (error) {
36 *error = l10n_util::GetStringFUTF16(
37 IDS_EXTENSION_CANT_INSTALL_POLICY_BLOCKED,
38 base::UTF8ToUTF16(extension->name()),
39 base::UTF8ToUTF16(extension->id()));
41 return false;
44 } // namespace
46 namespace extensions {
47 namespace admin_policy {
49 bool BlacklistedByDefault(const base::ListValue* blacklist) {
50 base::StringValue wildcard("*");
51 return blacklist && blacklist->Find(wildcard) != blacklist->end();
54 bool UserMayLoad(const base::ListValue* blacklist,
55 const base::ListValue* whitelist,
56 const base::DictionaryValue* forcelist,
57 const base::ListValue* allowed_types,
58 const Extension* extension,
59 base::string16* error) {
60 // Component extensions are always allowed.
61 if (extension->location() == Manifest::COMPONENT)
62 return true;
64 // Forced installed extensions cannot be overwritten manually.
65 if (extension->location() != Manifest::EXTERNAL_POLICY &&
66 extension->location() != Manifest::EXTERNAL_POLICY_DOWNLOAD &&
67 forcelist && forcelist->HasKey(extension->id())) {
68 return ReturnLoadError(extension, error);
71 // Early exit for the common case of no policy restrictions.
72 if ((!blacklist || blacklist->empty()) && (!allowed_types))
73 return true;
75 // Check whether the extension type is allowed.
77 // If you get a compile error here saying that the type you added is not
78 // handled by the switch statement below, please consider whether enterprise
79 // policy should be able to disallow extensions of the new type. If so, add a
80 // branch to the second block and add a line to the definition of
81 // kExtensionAllowedTypesMap in configuration_policy_handler_list.cc.
82 switch (extension->GetType()) {
83 case Manifest::TYPE_UNKNOWN:
84 break;
85 case Manifest::TYPE_EXTENSION:
86 case Manifest::TYPE_THEME:
87 case Manifest::TYPE_USER_SCRIPT:
88 case Manifest::TYPE_HOSTED_APP:
89 case Manifest::TYPE_LEGACY_PACKAGED_APP:
90 case Manifest::TYPE_PLATFORM_APP:
91 case Manifest::TYPE_SHARED_MODULE: {
92 base::FundamentalValue type_value(extension->GetType());
93 if (allowed_types &&
94 allowed_types->Find(type_value) == allowed_types->end())
95 return ReturnLoadError(extension, error);
96 break;
98 case Manifest::NUM_LOAD_TYPES:
99 NOTREACHED();
102 // Check the whitelist/forcelist first.
103 base::StringValue id_value(extension->id());
104 if ((whitelist && whitelist->Find(id_value) != whitelist->end()) ||
105 (forcelist && forcelist->HasKey(extension->id())))
106 return true;
108 // Then check the admin blacklist.
109 if ((blacklist && blacklist->Find(id_value) != blacklist->end()) ||
110 BlacklistedByDefault(blacklist))
111 return ReturnLoadError(extension, error);
113 return true;
116 bool UserMayModifySettings(const Extension* extension, base::string16* error) {
117 return ManagementPolicyImpl(extension, error, true);
120 bool MustRemainEnabled(const Extension* extension, base::string16* error) {
121 return ManagementPolicyImpl(extension, error, false);
124 } // namespace admin_policy
125 } // namespace extensions