1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "extensions/browser/admin_policy.h"
7 #include "base/strings/utf_string_conversions.h"
8 #include "extensions/common/extension.h"
9 #include "extensions/common/manifest.h"
10 #include "grit/extensions_strings.h"
11 #include "ui/base/l10n/l10n_util.h"
15 bool ManagementPolicyImpl(const extensions::Extension
* extension
,
16 base::string16
* error
,
17 bool modifiable_value
) {
19 !extensions::Manifest::IsComponentLocation(extension
->location()) &&
20 !extensions::Manifest::IsPolicyLocation(extension
->location());
21 // Some callers equate "no restriction" to true, others to false.
23 return modifiable_value
;
26 *error
= l10n_util::GetStringFUTF16(
27 IDS_EXTENSION_CANT_MODIFY_POLICY_REQUIRED
,
28 base::UTF8ToUTF16(extension
->name()));
30 return !modifiable_value
;
33 bool ReturnLoadError(const extensions::Extension
* extension
,
34 base::string16
* error
) {
36 *error
= l10n_util::GetStringFUTF16(
37 IDS_EXTENSION_CANT_INSTALL_POLICY_BLOCKED
,
38 base::UTF8ToUTF16(extension
->name()),
39 base::UTF8ToUTF16(extension
->id()));
46 namespace extensions
{
47 namespace admin_policy
{
49 bool BlacklistedByDefault(const base::ListValue
* blacklist
) {
50 base::StringValue
wildcard("*");
51 return blacklist
&& blacklist
->Find(wildcard
) != blacklist
->end();
54 bool UserMayLoad(const base::ListValue
* blacklist
,
55 const base::ListValue
* whitelist
,
56 const base::DictionaryValue
* forcelist
,
57 const base::ListValue
* allowed_types
,
58 const Extension
* extension
,
59 base::string16
* error
) {
60 // Component extensions are always allowed.
61 if (extension
->location() == Manifest::COMPONENT
)
64 // Forced installed extensions cannot be overwritten manually.
65 if (extension
->location() != Manifest::EXTERNAL_POLICY
&&
66 extension
->location() != Manifest::EXTERNAL_POLICY_DOWNLOAD
&&
67 forcelist
&& forcelist
->HasKey(extension
->id())) {
68 return ReturnLoadError(extension
, error
);
71 // Early exit for the common case of no policy restrictions.
72 if ((!blacklist
|| blacklist
->empty()) && (!allowed_types
))
75 // Check whether the extension type is allowed.
77 // If you get a compile error here saying that the type you added is not
78 // handled by the switch statement below, please consider whether enterprise
79 // policy should be able to disallow extensions of the new type. If so, add a
80 // branch to the second block and add a line to the definition of
81 // kExtensionAllowedTypesMap in configuration_policy_handler_list.cc.
82 switch (extension
->GetType()) {
83 case Manifest::TYPE_UNKNOWN
:
85 case Manifest::TYPE_EXTENSION
:
86 case Manifest::TYPE_THEME
:
87 case Manifest::TYPE_USER_SCRIPT
:
88 case Manifest::TYPE_HOSTED_APP
:
89 case Manifest::TYPE_LEGACY_PACKAGED_APP
:
90 case Manifest::TYPE_PLATFORM_APP
:
91 case Manifest::TYPE_SHARED_MODULE
: {
92 base::FundamentalValue
type_value(extension
->GetType());
94 allowed_types
->Find(type_value
) == allowed_types
->end())
95 return ReturnLoadError(extension
, error
);
98 case Manifest::NUM_LOAD_TYPES
:
102 // Check the whitelist/forcelist first.
103 base::StringValue
id_value(extension
->id());
104 if ((whitelist
&& whitelist
->Find(id_value
) != whitelist
->end()) ||
105 (forcelist
&& forcelist
->HasKey(extension
->id())))
108 // Then check the admin blacklist.
109 if ((blacklist
&& blacklist
->Find(id_value
) != blacklist
->end()) ||
110 BlacklistedByDefault(blacklist
))
111 return ReturnLoadError(extension
, error
);
116 bool UserMayModifySettings(const Extension
* extension
, base::string16
* error
) {
117 return ManagementPolicyImpl(extension
, error
, true);
120 bool MustRemainEnabled(const Extension
* extension
, base::string16
* error
) {
121 return ManagementPolicyImpl(extension
, error
, false);
124 } // namespace admin_policy
125 } // namespace extensions