Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / extensions / standard_management_policy_provider.cc
blob1a0542f4ddab8e03e7e59657ee7555114bf3182a
1 // Copyright 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/extensions/standard_management_policy_provider.h"
7 #include <string>
9 #include "base/logging.h"
10 #include "base/strings/string16.h"
11 #include "base/strings/utf_string_conversions.h"
12 #include "chrome/browser/extensions/extension_management.h"
13 #include "extensions/common/extension.h"
14 #include "extensions/common/manifest.h"
15 #include "grit/extensions_strings.h"
16 #include "ui/base/l10n/l10n_util.h"
18 namespace extensions {
20 namespace {
22 // Returns whether the extension can be modified under admin policy or not, and
23 // fills |error| with corresponding error message if necessary.
24 bool AdminPolicyIsModifiable(const extensions::Extension* extension,
25 base::string16* error) {
26 if (!extensions::Manifest::IsComponentLocation(extension->location()) &&
27 !extensions::Manifest::IsPolicyLocation(extension->location())) {
28 return true;
31 if (error) {
32 *error = l10n_util::GetStringFUTF16(
33 IDS_EXTENSION_CANT_MODIFY_POLICY_REQUIRED,
34 base::UTF8ToUTF16(extension->name()));
37 return false;
40 bool ReturnLoadError(const extensions::Extension* extension,
41 base::string16* error) {
42 if (error) {
43 *error = l10n_util::GetStringFUTF16(
44 IDS_EXTENSION_CANT_INSTALL_POLICY_BLOCKED,
45 base::UTF8ToUTF16(extension->name()),
46 base::UTF8ToUTF16(extension->id()));
48 return false;
51 } // namespace
53 StandardManagementPolicyProvider::StandardManagementPolicyProvider(
54 const ExtensionManagement* settings)
55 : settings_(settings) {
58 StandardManagementPolicyProvider::~StandardManagementPolicyProvider() {
61 std::string
62 StandardManagementPolicyProvider::GetDebugPolicyProviderName() const {
63 #ifdef NDEBUG
64 NOTREACHED();
65 return std::string();
66 #else
67 return "extension management policy controlled settings";
68 #endif
71 bool StandardManagementPolicyProvider::UserMayLoad(
72 const Extension* extension,
73 base::string16* error) const {
74 // Component extensions are always allowed.
75 if (Manifest::IsComponentLocation(extension->location()))
76 return true;
78 // Shared modules are always allowed too: they only contain resources that
79 // are used by other extensions. The extension that depends on the shared
80 // module may be filtered by policy.
81 if (extension->is_shared_module())
82 return true;
84 ExtensionManagement::InstallationMode installation_mode =
85 settings_->GetInstallationMode(extension);
87 // Force-installed extensions cannot be overwritten manually.
88 if (!Manifest::IsPolicyLocation(extension->location()) &&
89 installation_mode == ExtensionManagement::INSTALLATION_FORCED) {
90 return ReturnLoadError(extension, error);
93 // Check whether the extension type is allowed.
95 // If you get a compile error here saying that the type you added is not
96 // handled by the switch statement below, please consider whether enterprise
97 // policy should be able to disallow extensions of the new type. If so, add
98 // a branch to the second block and add a line to the definition of
99 // kAllowedTypesMap in extension_management_constants.h.
100 switch (extension->GetType()) {
101 case Manifest::TYPE_UNKNOWN:
102 break;
103 case Manifest::TYPE_EXTENSION:
104 case Manifest::TYPE_THEME:
105 case Manifest::TYPE_USER_SCRIPT:
106 case Manifest::TYPE_HOSTED_APP:
107 case Manifest::TYPE_LEGACY_PACKAGED_APP:
108 case Manifest::TYPE_PLATFORM_APP:
109 case Manifest::TYPE_SHARED_MODULE: {
110 if (!settings_->IsAllowedManifestType(extension->GetType()))
111 return ReturnLoadError(extension, error);
112 break;
114 case Manifest::NUM_LOAD_TYPES:
115 NOTREACHED();
118 if (installation_mode == ExtensionManagement::INSTALLATION_BLOCKED)
119 return ReturnLoadError(extension, error);
121 return true;
124 bool StandardManagementPolicyProvider::UserMayModifySettings(
125 const Extension* extension,
126 base::string16* error) const {
127 return AdminPolicyIsModifiable(extension, error);
130 bool StandardManagementPolicyProvider::MustRemainEnabled(
131 const Extension* extension,
132 base::string16* error) const {
133 return !AdminPolicyIsModifiable(extension, error);
136 bool StandardManagementPolicyProvider::MustRemainDisabled(
137 const Extension* extension,
138 Extension::DisableReason* reason,
139 base::string16* error) const {
140 std::string required_version;
141 if (!settings_->CheckMinimumVersion(extension, &required_version)) {
142 if (reason)
143 *reason = Extension::DISABLE_UPDATE_REQUIRED_BY_POLICY;
144 if (error) {
145 *error = l10n_util::GetStringFUTF16(
146 IDS_EXTENSION_DISABLED_UPDATE_REQUIRED_BY_POLICY,
147 base::UTF8ToUTF16(extension->name()),
148 base::ASCIIToUTF16(required_version));
150 return true;
152 return false;
155 bool StandardManagementPolicyProvider::MustRemainInstalled(
156 const Extension* extension,
157 base::string16* error) const {
158 ExtensionManagement::InstallationMode mode =
159 settings_->GetInstallationMode(extension);
160 // Disallow removing of recommended extension, to avoid re-install it
161 // again while policy is reload. But disabling of recommended extension is
162 // allowed.
163 if (mode == ExtensionManagement::INSTALLATION_FORCED ||
164 mode == ExtensionManagement::INSTALLATION_RECOMMENDED) {
165 if (error) {
166 *error = l10n_util::GetStringFUTF16(
167 IDS_EXTENSION_CANT_UNINSTALL_POLICY_REQUIRED,
168 base::UTF8ToUTF16(extension->name()));
170 return true;
172 return false;
175 } // namespace extensions