chrome/browser/extensions/extension_management.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_EXTENSIONS_EXTENSION_MANAGEMENT_H_
   6 #define CHROME_BROWSER_EXTENSIONS_EXTENSION_MANAGEMENT_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/containers/scoped_ptr_hash_map.h"
  12 #include "base/macros.h"
  13 #include "base/memory/ref_counted.h"
  14 #include "base/memory/scoped_ptr.h"
  15 #include "base/memory/scoped_vector.h"
  16 #include "base/memory/singleton.h"
  17 #include "base/observer_list.h"
  18 #include "base/prefs/pref_change_registrar.h"
  19 #include "base/values.h"
  20 #include "components/keyed_service/content/browser_context_keyed_service_factory.h"
  21 #include "components/keyed_service/core/keyed_service.h"
  22 #include "extensions/browser/management_policy.h"
  23 #include "extensions/common/extension.h"
  24 #include "extensions/common/manifest.h"
  25
  26 class GURL;
  27 class PrefService;
  28
  29 namespace content {
  30 class BrowserContext;
  31 }  // namespace content
  32
  33 namespace extensions {
  34
  35 namespace internal {
  36
  37 struct IndividualSettings;
  38 struct GlobalSettings;
  39
  40 }  // namespace internal
  41
  42 class APIPermissionSet;
  43 class PermissionSet;
  44
  45 // Tracks the management policies that affect extensions and provides interfaces
  46 // for observing and obtaining the global settings for all extensions, as well
  47 // as per-extension settings.
  48 class ExtensionManagement : public KeyedService {
  49  public:
  50   // Observer class for extension management settings changes.
  51   class Observer {
  52    public:
  53     virtual ~Observer() {}
  54
  55     // Called when the extension management settings change.
  56     virtual void OnExtensionManagementSettingsChanged() = 0;
  57   };
  58
  59   // Installation mode for extensions, default is INSTALLATION_ALLOWED.
  60   // * INSTALLATION_ALLOWED: Extension can be installed.
  61   // * INSTALLATION_BLOCKED: Extension cannot be installed.
  62   // * INSTALLATION_FORCED: Extension will be installed automatically
  63   //                        and cannot be disabled.
  64   // * INSTALLATION_RECOMMENDED: Extension will be installed automatically but
  65   //                             can be disabled.
  66   enum InstallationMode {
  67     INSTALLATION_ALLOWED = 0,
  68     INSTALLATION_BLOCKED,
  69     INSTALLATION_FORCED,
  70     INSTALLATION_RECOMMENDED,
  71   };
  72
  73   explicit ExtensionManagement(PrefService* pref_service);
  74   ~ExtensionManagement() override;
  75
  76   // KeyedService implementations:
  77   void Shutdown() override;
  78
  79   void AddObserver(Observer* observer);
  80   void RemoveObserver(Observer* observer);
  81
  82   // Get the list of ManagementPolicy::Provider controlled by extension
  83   // management policy settings.
  84   std::vector<ManagementPolicy::Provider*> GetProviders() const;
  85
  86   // Checks if extensions are blacklisted by default, by policy. When true,
  87   // this means that even extensions without an ID should be blacklisted (e.g.
  88   // from the command line, or when loaded as an unpacked extension).
  89   bool BlacklistedByDefault() const;
  90
  91   // Returns installation mode for an extension.
  92   InstallationMode GetInstallationMode(const Extension* extension) const;
  93
  94   // Returns the force install list, in format specified by
  95   // ExternalPolicyLoader::AddExtension().
  96   scoped_ptr<base::DictionaryValue> GetForceInstallList() const;
  97
  98   // Like GetForceInstallList(), but returns recommended install list instead.
  99   scoped_ptr<base::DictionaryValue> GetRecommendedInstallList() const;
 100
 101   // Returns if an extension with id |id| is explicitly allowed by enterprise
 102   // policy or not.
 103   bool IsInstallationExplicitlyAllowed(const ExtensionId& id) const;
 104
 105   // Returns true if an extension download should be allowed to proceed.
 106   bool IsOffstoreInstallAllowed(const GURL& url,
 107                                 const GURL& referrer_url) const;
 108
 109   // Returns true if an extension with manifest type |manifest_type| is
 110   // allowed to be installed.
 111   bool IsAllowedManifestType(Manifest::Type manifest_type) const;
 112
 113   // Returns the list of blocked API permissions for |extension|.
 114   APIPermissionSet GetBlockedAPIPermissions(const Extension* extension) const;
 115
 116   // Returns blocked permission set for |extension|.
 117   scoped_refptr<const PermissionSet> GetBlockedPermissions(
 118       const Extension* extension) const;
 119
 120   // Returns true if every permission in |perms| is allowed for |extension|.
 121   bool IsPermissionSetAllowed(const Extension* extension,
 122                               scoped_refptr<const PermissionSet> perms) const;
 123
 124   // Returns true if |extension| meets the minimum required version set for it.
 125   // If there is no such requirement set for it, returns true as well.
 126   // If false is returned and |required_version| is not null, the minimum
 127   // required version is returned.
 128   bool CheckMinimumVersion(const Extension* extension,
 129                            std::string* required_version) const;
 130
 131  private:
 132   typedef base::ScopedPtrHashMap<ExtensionId, internal::IndividualSettings>
 133       SettingsIdMap;
 134   typedef base::ScopedPtrHashMap<std::string, internal::IndividualSettings>
 135       SettingsUpdateUrlMap;
 136   friend class ExtensionManagementServiceTest;
 137
 138   // Load all extension management preferences from |pref_service|, and
 139   // refresh the settings.
 140   void Refresh();
 141
 142   // Load preference with name |pref_name| and expected type |expected_type|.
 143   // If |force_managed| is true, only loading from the managed preference store
 144   // is allowed. Returns NULL if the preference is not present, not allowed to
 145   // be loaded from or has the wrong type.
 146   const base::Value* LoadPreference(const char* pref_name,
 147                                     bool force_managed,
 148                                     base::Value::Type expected_type);
 149
 150   void OnExtensionPrefChanged();
 151   void NotifyExtensionManagementPrefChanged();
 152
 153   // Helper function to access |settings_by_id_| with |id| as key.
 154   // Adds a new IndividualSettings entry to |settings_by_id_| if none exists for
 155   // |id| yet.
 156   internal::IndividualSettings* AccessById(const ExtensionId& id);
 157
 158   // Similar to AccessById(), but access |settings_by_update_url_| instead.
 159   internal::IndividualSettings* AccessByUpdateUrl(
 160       const std::string& update_url);
 161
 162   // A map containing all IndividualSettings applied to an individual extension
 163   // identified by extension ID. The extension ID is used as index key of the
 164   // map.
 165   SettingsIdMap settings_by_id_;
 166
 167   // Similar to |settings_by_id_|, but contains the settings for a group of
 168   // extensions with same update URL. The update url itself is used as index
 169   // key for the map.
 170   SettingsUpdateUrlMap settings_by_update_url_;
 171
 172   // The default IndividualSettings.
 173   // For extension settings applied to an individual extension (identified by
 174   // extension ID) or a group of extension (with specified extension update
 175   // URL), all unspecified part will take value from |default_settings_|.
 176   // For all other extensions, all settings from |default_settings_| will be
 177   // enforced.
 178   scoped_ptr<internal::IndividualSettings> default_settings_;
 179
 180   // Extension settings applicable to all extensions.
 181   scoped_ptr<internal::GlobalSettings> global_settings_;
 182
 183   PrefService* pref_service_;
 184
 185   ObserverList<Observer, true> observer_list_;
 186   PrefChangeRegistrar pref_change_registrar_;
 187   ScopedVector<ManagementPolicy::Provider> providers_;
 188
 189   DISALLOW_COPY_AND_ASSIGN(ExtensionManagement);
 190 };
 191
 192 class ExtensionManagementFactory : public BrowserContextKeyedServiceFactory {
 193  public:
 194   static ExtensionManagement* GetForBrowserContext(
 195       content::BrowserContext* context);
 196   static ExtensionManagementFactory* GetInstance();
 197
 198  private:
 199   friend struct DefaultSingletonTraits<ExtensionManagementFactory>;
 200
 201   ExtensionManagementFactory();
 202   ~ExtensionManagementFactory() override;
 203
 204   // BrowserContextKeyedServiceExtensionManagementFactory:
 205   KeyedService* BuildServiceInstanceFor(
 206       content::BrowserContext* context) const override;
 207   content::BrowserContext* GetBrowserContextToUse(
 208       content::BrowserContext* context) const override;
 209   void RegisterProfilePrefs(
 210       user_prefs::PrefRegistrySyncable* registry) override;
 211
 212   DISALLOW_COPY_AND_ASSIGN(ExtensionManagementFactory);
 213 };
 214
 215 }  // namespace extensions
 216
 217 #endif  // CHROME_BROWSER_EXTENSIONS_EXTENSION_MANAGEMENT_H_