chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.h"
   6
   7 #include <string>
   8
   9 #include "base/logging.h"
  10 #include "base/strings/utf_string_conversions.h"
  11 #include "extensions/common/extension.h"
  12 #include "extensions/common/manifest.h"
  13 #include "grit/generated_resources.h"
  14 #include "ui/base/l10n/l10n_util.h"
  15
  16 namespace chromeos {
  17
  18 namespace {
  19
  20 // Apps/extensions explicitly whitelisted for use in device-local accounts.
  21 const char* kDeviceLocalAccountWhitelist[] = {
  22   // Public sessions in general:
  23   "cbkkbcmdlboombapidmoeolnmdacpkch",  // Chrome RDP
  24   "djflhoibgkdhkhhcedjiklpkjnoahfmg",  // User Agent Switcher
  25   "iabmpiboiopbgfabjmgeedhcmjenhbla",  // VNC Viewer
  26
  27   // Retail mode:
  28   "ehcabepphndocfmgbdkbjibfodelmpbb",  // Angry Birds demo
  29   "kgimkbnclbekdkabkpjhpakhhalfanda",  // Bejeweled demo
  30   "joodangkbfjnajiiifokapkpmhfnpleo",  // Calculator
  31   "fpgfohogebplgnamlafljlcidjedbdeb",  // Calendar demo
  32   "hfhhnacclhffhdffklopdkcgdhifgngh",  // Camera
  33   "cdjikkcakjcdjemakobkmijmikhkegcj",  // Chrome Remote Desktop demo
  34   "jkoildpomkimndcphjpffmephmcmkfhn",  // Chromebook Demo App
  35   "ielkookhdphmgbipcfmafkaiagademfp",  // Custom bookmarks
  36   "kogjlbfgggambihdjcpijgcbmenblimd",  // Custom bookmarks
  37   "ogbkmlkceflgpilgbmbcfbifckpkfacf",  // Custom bookmarks
  38   "pbbbjjecobhljkkcenlakfnkmkfkfamd",  // Custom bookmarks
  39   "jkbfjmnjcdmhlfpephomoiipbhcoiffb",  // Custom bookmarks
  40   "dgmblbpgafgcgpkoiilhjifindhinmai",  // Custom bookmarks
  41   "iggnealjakkgfofealilhkkclnbnfnmo",  // Custom bookmarks
  42   "lplkobnahgbopmpkdapaihnnojkphahc",  // Custom bookmarks
  43   "lejnflfhjpcannpaghnahbedlabpmhoh",  // Custom bookmarks
  44   "ebkhfdfghngbimnpgelagnfacdafhaba",  // Deezer demo
  45   "npnjdccdffhdndcbeappiamcehbhjibf",  // Docs.app demo
  46   "iddohohhpmajlkbejjjcfednjnhlnenk",  // Evernote demo
  47   "bjdhhokmhgelphffoafoejjmlfblpdha",  // Gmail demo
  48   "mdhnphfgagkpdhndljccoackjjhghlif",  // Google Drive demo
  49   "dondgdlndnpianbklfnehgdhkickdjck",  // Google Keep demo
  50   "fgjnkhlabjcaajddbaenilcmpcidahll",  // Google+ demo
  51   "ifpkhncdnjfipfjlhfidljjffdgklanh",  // Google+ Photos demo
  52   "cgmlfbhkckbedohgdepgbkflommbfkep",  // Hangouts.app demo
  53   "edhhaiphkklkcfcbnlbpbiepchnkgkpn",  // Helper.extension demo
  54   "diehajhcjifpahdplfdkhiboknagmfii",  // Kindle demo
  55   "nhpmmldpbfjofkipjaieeomhnmcgihfm",  // Menu.app demo
  56   "onbhgdmifjebcabplolilidlpgeknifi",  // Music.app demo
  57   "kkkbcoabfhgekpnddfkaphobhinociem",  // Netflix demo
  58   "adlphlfdhhjenpgimjochcpelbijkich",  // New York Times demo
  59   "cgefhjmlaifaamhhoojmpcnihlbddeki",  // Pandora demo
  60   "kpjjigggmcjinapdeipapdcnmnjealll",  // Pixlr demo
  61   "aleodiobpjillgfjdkblghiiaegggmcm",  // Quickoffice demo
  62   "nifkmgcdokhkjghdlgflonppnefddien",  // Sheets demo
  63   "hdmobeajeoanbanmdlabnbnlopepchip",  // Slides demo
  64   "dgohlccohkojjgkkfholmobjjoledflp",  // Spotify demo
  65   "dhmdaeekeihmajjnmichlhiffffdbpde",  // Store.app demo
  66   "jeabmjjifhfcejonjjhccaeigpnnjaak",  // TweetDeck demo
  67   "pbdihpaifchmclcmkfdgffnnpfbobefh",  // YouTube demo
  68 };
  69
  70 }  // namespace
  71
  72 DeviceLocalAccountManagementPolicyProvider::
  73     DeviceLocalAccountManagementPolicyProvider(
  74         policy::DeviceLocalAccount::Type account_type)
  75     : account_type_(account_type) {
  76 }
  77
  78 DeviceLocalAccountManagementPolicyProvider::
  79     ~DeviceLocalAccountManagementPolicyProvider() {
  80 }
  81
  82 std::string DeviceLocalAccountManagementPolicyProvider::
  83     GetDebugPolicyProviderName() const {
  84 #if defined(NDEBUG)
  85   NOTREACHED();
  86   return std::string();
  87 #else
  88   return "whitelist for device-local accounts";
  89 #endif
  90 }
  91
  92 bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad(
  93     const extensions::Extension* extension,
  94     base::string16* error) const {
  95   if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) {
  96     // For single-app kiosk sessions, allow only platform apps.
  97     if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP)
  98       return true;
  99
 100   } else {
 101     // Allow extension if its type is whitelisted for use in device-local
 102     // accounts.
 103     if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP)
 104       return true;
 105
 106     // Allow extension if its specific ID is whitelisted for use in device-local
 107     // accounts.
 108     for (size_t i = 0; i < arraysize(kDeviceLocalAccountWhitelist); ++i) {
 109       if (extension->id() == kDeviceLocalAccountWhitelist[i])
 110         return true;
 111     }
 112   }
 113
 114   // Disallow all other extensions.
 115   if (error) {
 116     *error = l10n_util::GetStringFUTF16(
 117           IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT,
 118           base::UTF8ToUTF16(extension->name()),
 119           base::UTF8ToUTF16(extension->id()));
 120   }
 121   return false;
 122 }
 123
 124 }  // namespace chromeos