Add new certificateProvider extension API.
[chromium-blink-merge.git] / chrome / browser / chromeos / extensions / device_local_account_management_policy_provider.cc
blob425d9a3cd3285b084541813e9f2006e52aebcb10
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.h"
7 #include <string>
9 #include "base/logging.h"
10 #include "base/strings/utf_string_conversions.h"
11 #include "chrome/grit/generated_resources.h"
12 #include "extensions/common/extension.h"
13 #include "extensions/common/manifest.h"
14 #include "ui/base/l10n/l10n_util.h"
16 namespace chromeos {
18 namespace {
20 // Apps/extensions explicitly whitelisted for use in public sessions.
21 const char* const kPublicSessionWhitelist[] = {
22 // Public sessions in general:
23 "cbkkbcmdlboombapidmoeolnmdacpkch", // Chrome RDP
24 "djflhoibgkdhkhhcedjiklpkjnoahfmg", // User Agent Switcher
25 "iabmpiboiopbgfabjmgeedhcmjenhbla", // VNC Viewer
26 "haiffjcadagjlijoggckpgfnoeiflnem", // Citrix Receiver
27 "mfaihdlpglflfgpfjcifdjdjcckigekc", // ARC Runtime
28 "ngjnkanfphagcaokhjecbgkboelgfcnf", // Print button
30 // Libraries:
31 "aclofikceldphonlfmghmimkodjdmhck", // Ancoris login component
32 "eilbnahdgoddoedakcmfkcgfoegeloil", // Ancoris proxy component
33 "ceehlgckkmkaoggdnjhibffkphfnphmg", // Libdata login
34 "fnhgfoccpcjdnjcobejogdnlnidceemb", // OverDrive
36 // Retail mode:
37 "bjfeaefhaooblkndnoabbkkkenknkemb", // 500 px demo
38 "ehcabepphndocfmgbdkbjibfodelmpbb", // Angry Birds demo
39 "kgimkbnclbekdkabkpjhpakhhalfanda", // Bejeweled demo
40 "joodangkbfjnajiiifokapkpmhfnpleo", // Calculator
41 "fpgfohogebplgnamlafljlcidjedbdeb", // Calendar demo
42 "hfhhnacclhffhdffklopdkcgdhifgngh", // Camera
43 "cdjikkcakjcdjemakobkmijmikhkegcj", // Chrome Remote Desktop demo
44 "jkoildpomkimndcphjpffmephmcmkfhn", // Chromebook Demo App
45 "lbhdhapagjhalobandnbdnmblnmocojh", // Crackle demo
46 "ielkookhdphmgbipcfmafkaiagademfp", // Custom bookmarks
47 "kogjlbfgggambihdjcpijgcbmenblimd", // Custom bookmarks
48 "ogbkmlkceflgpilgbmbcfbifckpkfacf", // Custom bookmarks
49 "pbbbjjecobhljkkcenlakfnkmkfkfamd", // Custom bookmarks
50 "jkbfjmnjcdmhlfpephomoiipbhcoiffb", // Custom bookmarks
51 "dgmblbpgafgcgpkoiilhjifindhinmai", // Custom bookmarks
52 "iggnealjakkgfofealilhkkclnbnfnmo", // Custom bookmarks
53 "lplkobnahgbopmpkdapaihnnojkphahc", // Custom bookmarks
54 "lejnflfhjpcannpaghnahbedlabpmhoh", // Custom bookmarks
55 "dhjmfhojkfjmfbnbnpichdmcdghdpccg", // Cut the Rope demo
56 "ebkhfdfghngbimnpgelagnfacdafhaba", // Deezer demo
57 "npnjdccdffhdndcbeappiamcehbhjibf", // Docs.app demo
58 "ekgadegabdkcbkodfbgidncffijbghhl", // Duolingo demo
59 "iddohohhpmajlkbejjjcfednjnhlnenk", // Evernote demo
60 "bjdhhokmhgelphffoafoejjmlfblpdha", // Gmail demo
61 "nldmakcnfaflagmohifhcihkfgcbmhph", // Gmail offline demo
62 "mdhnphfgagkpdhndljccoackjjhghlif", // Google Drive demo
63 "dondgdlndnpianbklfnehgdhkickdjck", // Google Keep demo
64 "amfoiggnkefambnaaphodjdmdooiinna", // Google Play Movie and TV demo
65 "fgjnkhlabjcaajddbaenilcmpcidahll", // Google+ demo
66 "ifpkhncdnjfipfjlhfidljjffdgklanh", // Google+ Photos demo
67 "cgmlfbhkckbedohgdepgbkflommbfkep", // Hangouts.app demo
68 "ndlgnmfmgpdecjgehbcejboifbbmlkhp", // Hash demo
69 "edhhaiphkklkcfcbnlbpbiepchnkgkpn", // Helper.extension demo
70 "jckncghadoodfbbbmbpldacojkooophh", // Journal demo
71 "diehajhcjifpahdplfdkhiboknagmfii", // Kindle demo
72 "idneggepppginmaklfbaniklagjghpio", // Kingsroad demo
73 "nhpmmldpbfjofkipjaieeomhnmcgihfm", // Menu.app demo
74 "kcjbmmhccecjokfmckhddpmghepcnidb", // Mint demo
75 "onbhgdmifjebcabplolilidlpgeknifi", // Music.app demo
76 "kkkbcoabfhgekpnddfkaphobhinociem", // Netflix demo
77 "adlphlfdhhjenpgimjochcpelbijkich", // New York Times demo
78 "cgefhjmlaifaamhhoojmpcnihlbddeki", // Pandora demo
79 "kpjjigggmcjinapdeipapdcnmnjealll", // Pixlr demo
80 "ifnadhpngkodeccijnalokiabanejfgm", // Pixsta demo
81 "klcojgagjmpgmffcildkgbfmfffncpcd", // Plex demo
82 "nnikmgjhdlphciaonjmoppfckbpoinnb", // Pocket demo
83 "khldngaiohpnnoikfmnmfnebecgeobep", // Polarr Photo demo
84 "aleodiobpjillgfjdkblghiiaegggmcm", // Quickoffice demo
85 "nifkmgcdokhkjghdlgflonppnefddien", // Sheets demo
86 "hdmobeajeoanbanmdlabnbnlopepchip", // Slides demo
87 "ikmidginfdcbojdbmejkeakncgdbmonc", // Soundtrap demo
88 "dgohlccohkojjgkkfholmobjjoledflp", // Spotify demo
89 "dhmdaeekeihmajjnmichlhiffffdbpde", // Store.app demo
90 "onklhlmbpfnmgmelakhgehkfdmkpmekd", // Todoist demo
91 "jeabmjjifhfcejonjjhccaeigpnnjaak", // TweetDeck demo
92 "gnckahkflocidcgjbeheneogeflpjien", // Vine demo
93 "pdckcbpciaaicoomipamcabpdadhofgh", // Weatherbug demo
94 "biliocemfcghhioihldfdmkkhnofcgmb", // Webcam Toy demo
95 "bhfoghflalnnjfcfkaelngenjgjjhapk", // Wevideo demo
96 "pjckdjlmdcofkkkocnmhcbehkiapalho", // Wunderlist demo
97 "pbdihpaifchmclcmkfdgffnnpfbobefh", // YouTube demo
99 // Testing extensions:
100 "ongnjlefhnoajpbodoldndkbkdgfomlp", // Show Managed Storage
101 "ilnpadgckeacioehlommkaafedibdeob", // Enterprise DeviceAttributes
104 } // namespace
106 DeviceLocalAccountManagementPolicyProvider::
107 DeviceLocalAccountManagementPolicyProvider(
108 policy::DeviceLocalAccount::Type account_type)
109 : account_type_(account_type) {
112 DeviceLocalAccountManagementPolicyProvider::
113 ~DeviceLocalAccountManagementPolicyProvider() {
116 std::string DeviceLocalAccountManagementPolicyProvider::
117 GetDebugPolicyProviderName() const {
118 #if defined(NDEBUG)
119 NOTREACHED();
120 return std::string();
121 #else
122 return "whitelist for device-local accounts";
123 #endif
126 bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad(
127 const extensions::Extension* extension,
128 base::string16* error) const {
129 if (account_type_ == policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION) {
130 // Allow extension if it is an externally hosted component of Chrome.
131 if (extension->location() ==
132 extensions::Manifest::EXTERNAL_COMPONENT) {
133 return true;
136 // Allow extension if its type is whitelisted for use in public sessions.
137 if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP)
138 return true;
140 // Allow extension if its specific ID is whitelisted for use in public
141 // sessions.
142 for (size_t i = 0; i < arraysize(kPublicSessionWhitelist); ++i) {
143 if (extension->id() == kPublicSessionWhitelist[i])
144 return true;
146 } else if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) {
147 // For single-app kiosk sessions, allow platform apps and shared modules.
148 if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP ||
149 extension->GetType() == extensions::Manifest::TYPE_SHARED_MODULE)
150 return true;
153 // Disallow all other extensions.
154 if (error) {
155 *error = l10n_util::GetStringFUTF16(
156 IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT,
157 base::UTF8ToUTF16(extension->name()),
158 base::UTF8ToUTF16(extension->id()));
160 return false;
163 } // namespace chromeos