Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / extensions / permissions_based_management_policy_provider.cc
blob57fa45aa0394351a8488267d6b29056ec7d4f29d
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/extensions/permissions_based_management_policy_provider.h"
7 #include "base/strings/string16.h"
8 #include "base/strings/utf_string_conversions.h"
9 #include "chrome/browser/extensions/extension_management.h"
10 #include "extensions/common/extension.h"
11 #include "extensions/common/manifest_handlers/permissions_parser.h"
12 #include "extensions/common/permissions/permission_set.h"
13 #include "grit/extensions_strings.h"
14 #include "ui/base/l10n/l10n_util.h"
16 namespace extensions {
18 PermissionsBasedManagementPolicyProvider::
19 PermissionsBasedManagementPolicyProvider(ExtensionManagement* settings)
20 : settings_(settings) {
23 PermissionsBasedManagementPolicyProvider::
24 ~PermissionsBasedManagementPolicyProvider() {
27 std::string
28 PermissionsBasedManagementPolicyProvider::GetDebugPolicyProviderName() const {
29 #ifdef NDEBUG
30 NOTREACHED();
31 return std::string();
32 #else
33 return "Controlled by enterprise policy, restricting extension permissions.";
34 #endif
37 bool PermissionsBasedManagementPolicyProvider::UserMayLoad(
38 const Extension* extension,
39 base::string16* error) const {
40 // Component extensions are always allowed.
41 if (Manifest::IsComponentLocation(extension->location()))
42 return true;
44 scoped_refptr<const PermissionSet> required_permissions =
45 PermissionsParser::GetRequiredPermissions(extension);
47 if (!settings_->IsPermissionSetAllowed(extension, required_permissions)) {
48 if (error) {
49 *error =
50 l10n_util::GetStringFUTF16(IDS_EXTENSION_CANT_INSTALL_POLICY_BLOCKED,
51 base::UTF8ToUTF16(extension->name()),
52 base::UTF8ToUTF16(extension->id()));
54 return false;
57 return true;
60 } // namespace extensions