chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.h"
   6
   7 #include <string>
   8
   9 #include "base/logging.h"
  10 #include "base/strings/utf_string_conversions.h"
  11 #include "chrome/grit/generated_resources.h"
  12 #include "extensions/common/extension.h"
  13 #include "extensions/common/manifest.h"
  14 #include "ui/base/l10n/l10n_util.h"
  15
  16 namespace chromeos {
  17
  18 namespace {
  19
  20 // Apps/extensions explicitly whitelisted for use in public sessions.
  21 const char* const kPublicSessionWhitelist[] = {
  22     // Public sessions in general:
  23     "cbkkbcmdlboombapidmoeolnmdacpkch",  // Chrome RDP
  24     "djflhoibgkdhkhhcedjiklpkjnoahfmg",  // User Agent Switcher
  25     "iabmpiboiopbgfabjmgeedhcmjenhbla",  // VNC Viewer
  26     "haiffjcadagjlijoggckpgfnoeiflnem",  // Citrix Receiver
  27     "mfaihdlpglflfgpfjcifdjdjcckigekc",  // ARC Runtime
  28
  29     // Libraries:
  30     "aclofikceldphonlfmghmimkodjdmhck",  // Ancoris login component
  31     "eilbnahdgoddoedakcmfkcgfoegeloil",  // Ancoris proxy component
  32     "ceehlgckkmkaoggdnjhibffkphfnphmg",  // Libdata login
  33
  34     // Retail mode:
  35     "bjfeaefhaooblkndnoabbkkkenknkemb",  // 500 px demo
  36     "ehcabepphndocfmgbdkbjibfodelmpbb",  // Angry Birds demo
  37     "kgimkbnclbekdkabkpjhpakhhalfanda",  // Bejeweled demo
  38     "joodangkbfjnajiiifokapkpmhfnpleo",  // Calculator
  39     "fpgfohogebplgnamlafljlcidjedbdeb",  // Calendar demo
  40     "hfhhnacclhffhdffklopdkcgdhifgngh",  // Camera
  41     "cdjikkcakjcdjemakobkmijmikhkegcj",  // Chrome Remote Desktop demo
  42     "jkoildpomkimndcphjpffmephmcmkfhn",  // Chromebook Demo App
  43     "lbhdhapagjhalobandnbdnmblnmocojh",  // Crackle demo
  44     "ielkookhdphmgbipcfmafkaiagademfp",  // Custom bookmarks
  45     "kogjlbfgggambihdjcpijgcbmenblimd",  // Custom bookmarks
  46     "ogbkmlkceflgpilgbmbcfbifckpkfacf",  // Custom bookmarks
  47     "pbbbjjecobhljkkcenlakfnkmkfkfamd",  // Custom bookmarks
  48     "jkbfjmnjcdmhlfpephomoiipbhcoiffb",  // Custom bookmarks
  49     "dgmblbpgafgcgpkoiilhjifindhinmai",  // Custom bookmarks
  50     "iggnealjakkgfofealilhkkclnbnfnmo",  // Custom bookmarks
  51     "lplkobnahgbopmpkdapaihnnojkphahc",  // Custom bookmarks
  52     "lejnflfhjpcannpaghnahbedlabpmhoh",  // Custom bookmarks
  53     "dhjmfhojkfjmfbnbnpichdmcdghdpccg",  // Cut the Rope demo
  54     "ebkhfdfghngbimnpgelagnfacdafhaba",  // Deezer demo
  55     "npnjdccdffhdndcbeappiamcehbhjibf",  // Docs.app demo
  56     "ekgadegabdkcbkodfbgidncffijbghhl",  // Duolingo demo
  57     "iddohohhpmajlkbejjjcfednjnhlnenk",  // Evernote demo
  58     "bjdhhokmhgelphffoafoejjmlfblpdha",  // Gmail demo
  59     "mdhnphfgagkpdhndljccoackjjhghlif",  // Google Drive demo
  60     "dondgdlndnpianbklfnehgdhkickdjck",  // Google Keep demo
  61     "amfoiggnkefambnaaphodjdmdooiinna",  // Google Play Movie and TV demo
  62     "fgjnkhlabjcaajddbaenilcmpcidahll",  // Google+ demo
  63     "ifpkhncdnjfipfjlhfidljjffdgklanh",  // Google+ Photos demo
  64     "cgmlfbhkckbedohgdepgbkflommbfkep",  // Hangouts.app demo
  65     "edhhaiphkklkcfcbnlbpbiepchnkgkpn",  // Helper.extension demo
  66     "jckncghadoodfbbbmbpldacojkooophh",  // Journal demo
  67     "diehajhcjifpahdplfdkhiboknagmfii",  // Kindle demo
  68     "idneggepppginmaklfbaniklagjghpio",  // Kingsroad demo
  69     "nhpmmldpbfjofkipjaieeomhnmcgihfm",  // Menu.app demo
  70     "kcjbmmhccecjokfmckhddpmghepcnidb",  // Mint demo
  71     "onbhgdmifjebcabplolilidlpgeknifi",  // Music.app demo
  72     "kkkbcoabfhgekpnddfkaphobhinociem",  // Netflix demo
  73     "adlphlfdhhjenpgimjochcpelbijkich",  // New York Times demo
  74     "cgefhjmlaifaamhhoojmpcnihlbddeki",  // Pandora demo
  75     "kpjjigggmcjinapdeipapdcnmnjealll",  // Pixlr demo
  76     "ifnadhpngkodeccijnalokiabanejfgm",  // Pixsta demo
  77     "klcojgagjmpgmffcildkgbfmfffncpcd",  // Plex demo
  78     "nnikmgjhdlphciaonjmoppfckbpoinnb",  // Pocket demo
  79     "khldngaiohpnnoikfmnmfnebecgeobep",  // Polarr Photo demo
  80     "aleodiobpjillgfjdkblghiiaegggmcm",  // Quickoffice demo
  81     "nifkmgcdokhkjghdlgflonppnefddien",  // Sheets demo
  82     "hdmobeajeoanbanmdlabnbnlopepchip",  // Slides demo
  83     "dgohlccohkojjgkkfholmobjjoledflp",  // Spotify demo
  84     "dhmdaeekeihmajjnmichlhiffffdbpde",  // Store.app demo
  85     "onklhlmbpfnmgmelakhgehkfdmkpmekd",  // Todoist demo
  86     "jeabmjjifhfcejonjjhccaeigpnnjaak",  // TweetDeck demo
  87     "pdckcbpciaaicoomipamcabpdadhofgh",  // Weatherbug demo
  88     "biliocemfcghhioihldfdmkkhnofcgmb",  // Webcam Toy demo
  89     "bhfoghflalnnjfcfkaelngenjgjjhapk",  // Wevideo demo
  90     "pjckdjlmdcofkkkocnmhcbehkiapalho",  // Wunderlist demo
  91     "pbdihpaifchmclcmkfdgffnnpfbobefh",  // YouTube demo
  92
  93     // Testing extensions:
  94     "ongnjlefhnoajpbodoldndkbkdgfomlp",  // Show Managed Storage
  95 };
  96
  97 }  // namespace
  98
  99 DeviceLocalAccountManagementPolicyProvider::
 100     DeviceLocalAccountManagementPolicyProvider(
 101         policy::DeviceLocalAccount::Type account_type)
 102     : account_type_(account_type) {
 103 }
 104
 105 DeviceLocalAccountManagementPolicyProvider::
 106     ~DeviceLocalAccountManagementPolicyProvider() {
 107 }
 108
 109 std::string DeviceLocalAccountManagementPolicyProvider::
 110     GetDebugPolicyProviderName() const {
 111 #if defined(NDEBUG)
 112   NOTREACHED();
 113   return std::string();
 114 #else
 115   return "whitelist for device-local accounts";
 116 #endif
 117 }
 118
 119 bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad(
 120     const extensions::Extension* extension,
 121     base::string16* error) const {
 122   if (account_type_ == policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION) {
 123     // Allow extension if it is an externally hosted component of Chrome.
 124     if (extension->location() ==
 125         extensions::Manifest::EXTERNAL_COMPONENT) {
 126       return true;
 127     }
 128
 129     // Allow extension if its type is whitelisted for use in public sessions.
 130     if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP)
 131       return true;
 132
 133     // Allow extension if its specific ID is whitelisted for use in public
 134     // sessions.
 135     for (size_t i = 0; i < arraysize(kPublicSessionWhitelist); ++i) {
 136       if (extension->id() == kPublicSessionWhitelist[i])
 137         return true;
 138     }
 139   } else if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) {
 140     // For single-app kiosk sessions, allow only platform apps.
 141     if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP)
 142       return true;
 143   }
 144
 145   // Disallow all other extensions.
 146   if (error) {
 147     *error = l10n_util::GetStringFUTF16(
 148           IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT,
 149           base::UTF8ToUTF16(extension->name()),
 150           base::UTF8ToUTF16(extension->id()));
 151   }
 152   return false;
 153 }
 154
 155 }  // namespace chromeos