chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.cc - platform/external/chromium_org - Git at Google

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.h"

 #include <string>

 #include "base/logging.h"
 #include "base/strings/utf_string_conversions.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/manifest.h"
 #include "grit/generated_resources.h"
 #include "ui/base/l10n/l10n_util.h"

 namespace chromeos {

 namespace {

 // Apps/extensions explicitly whitelisted for use in public sessions.
 const char* kPublicSessionWhitelist[] = {
     // Public sessions in general:
     "cbkkbcmdlboombapidmoeolnmdacpkch",  // Chrome RDP
     "djflhoibgkdhkhhcedjiklpkjnoahfmg",  // User Agent Switcher
     "iabmpiboiopbgfabjmgeedhcmjenhbla",  // VNC Viewer

     // Libraries:
     "aclofikceldphonlfmghmimkodjdmhck",  // Ancoris login component
     "eilbnahdgoddoedakcmfkcgfoegeloil",  // Ancoris proxy component
     "ceehlgckkmkaoggdnjhibffkphfnphmg",  // Libdata login

     // Retail mode:
     "ehcabepphndocfmgbdkbjibfodelmpbb",  // Angry Birds demo
     "kgimkbnclbekdkabkpjhpakhhalfanda",  // Bejeweled demo
     "joodangkbfjnajiiifokapkpmhfnpleo",  // Calculator
     "fpgfohogebplgnamlafljlcidjedbdeb",  // Calendar demo
     "hfhhnacclhffhdffklopdkcgdhifgngh",  // Camera
     "cdjikkcakjcdjemakobkmijmikhkegcj",  // Chrome Remote Desktop demo
     "jkoildpomkimndcphjpffmephmcmkfhn",  // Chromebook Demo App
     "ielkookhdphmgbipcfmafkaiagademfp",  // Custom bookmarks
     "kogjlbfgggambihdjcpijgcbmenblimd",  // Custom bookmarks
     "ogbkmlkceflgpilgbmbcfbifckpkfacf",  // Custom bookmarks
     "pbbbjjecobhljkkcenlakfnkmkfkfamd",  // Custom bookmarks
     "jkbfjmnjcdmhlfpephomoiipbhcoiffb",  // Custom bookmarks
     "dgmblbpgafgcgpkoiilhjifindhinmai",  // Custom bookmarks
     "iggnealjakkgfofealilhkkclnbnfnmo",  // Custom bookmarks
     "lplkobnahgbopmpkdapaihnnojkphahc",  // Custom bookmarks
     "lejnflfhjpcannpaghnahbedlabpmhoh",  // Custom bookmarks
     "ebkhfdfghngbimnpgelagnfacdafhaba",  // Deezer demo
     "npnjdccdffhdndcbeappiamcehbhjibf",  // Docs.app demo
     "iddohohhpmajlkbejjjcfednjnhlnenk",  // Evernote demo
     "bjdhhokmhgelphffoafoejjmlfblpdha",  // Gmail demo
     "mdhnphfgagkpdhndljccoackjjhghlif",  // Google Drive demo
     "dondgdlndnpianbklfnehgdhkickdjck",  // Google Keep demo
     "fgjnkhlabjcaajddbaenilcmpcidahll",  // Google+ demo
     "ifpkhncdnjfipfjlhfidljjffdgklanh",  // Google+ Photos demo
     "cgmlfbhkckbedohgdepgbkflommbfkep",  // Hangouts.app demo
     "edhhaiphkklkcfcbnlbpbiepchnkgkpn",  // Helper.extension demo
     "diehajhcjifpahdplfdkhiboknagmfii",  // Kindle demo
     "nhpmmldpbfjofkipjaieeomhnmcgihfm",  // Menu.app demo
     "onbhgdmifjebcabplolilidlpgeknifi",  // Music.app demo
     "kkkbcoabfhgekpnddfkaphobhinociem",  // Netflix demo
     "adlphlfdhhjenpgimjochcpelbijkich",  // New York Times demo
     "cgefhjmlaifaamhhoojmpcnihlbddeki",  // Pandora demo
     "kpjjigggmcjinapdeipapdcnmnjealll",  // Pixlr demo
     "aleodiobpjillgfjdkblghiiaegggmcm",  // Quickoffice demo
     "nifkmgcdokhkjghdlgflonppnefddien",  // Sheets demo
     "hdmobeajeoanbanmdlabnbnlopepchip",  // Slides demo
     "dgohlccohkojjgkkfholmobjjoledflp",  // Spotify demo
     "dhmdaeekeihmajjnmichlhiffffdbpde",  // Store.app demo
     "jeabmjjifhfcejonjjhccaeigpnnjaak",  // TweetDeck demo
     "pbdihpaifchmclcmkfdgffnnpfbobefh",  // YouTube demo

     // Testing extensions:
     "ongnjlefhnoajpbodoldndkbkdgfomlp",  // Show Managed Storage
 };

 }  // namespace

 DeviceLocalAccountManagementPolicyProvider::
     DeviceLocalAccountManagementPolicyProvider(
         policy::DeviceLocalAccount::Type account_type)
     : account_type_(account_type) {
 }

 DeviceLocalAccountManagementPolicyProvider::
     ~DeviceLocalAccountManagementPolicyProvider() {
 }

 std::string DeviceLocalAccountManagementPolicyProvider::
     GetDebugPolicyProviderName() const {
 #if defined(NDEBUG)
   NOTREACHED();
   return std::string();
 #else
   return "whitelist for device-local accounts";
 #endif
 }

 bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad(
     const extensions::Extension* extension,
     base::string16* error) const {
   if (account_type_ == policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION) {
     // Allow extension if it is an externally hosted component of Chrome.
     if (extension->location() ==
         extensions::Manifest::EXTERNAL_COMPONENT) {
       return true;
     }

     // Allow extension if its type is whitelisted for use in public sessions.
     if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP)
       return true;

     // Allow extension if its specific ID is whitelisted for use in public
     // sessions.
     for (size_t i = 0; i < arraysize(kPublicSessionWhitelist); ++i) {
       if (extension->id() == kPublicSessionWhitelist[i])
         return true;
     }
   } else if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) {
     // For single-app kiosk sessions, allow only platform apps.
     if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP)
       return true;
   }

   // Disallow all other extensions.
   if (error) {
     *error = l10n_util::GetStringFUTF16(
           IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT,
           base::UTF8ToUTF16(extension->name()),
           base::UTF8ToUTF16(extension->id()));
   }
   return false;
 }

 }  // namespace chromeos
	// Copyright 2013 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.h"

	#include <string>

	#include "base/logging.h"
	#include "base/strings/utf_string_conversions.h"
	#include "extensions/common/extension.h"
	#include "extensions/common/manifest.h"
	#include "grit/generated_resources.h"
	#include "ui/base/l10n/l10n_util.h"

	namespace chromeos {

	namespace {

	// Apps/extensions explicitly whitelisted for use in public sessions.
	const char* kPublicSessionWhitelist[] = {
	// Public sessions in general:
	"cbkkbcmdlboombapidmoeolnmdacpkch", // Chrome RDP
	"djflhoibgkdhkhhcedjiklpkjnoahfmg", // User Agent Switcher
	"iabmpiboiopbgfabjmgeedhcmjenhbla", // VNC Viewer

	// Libraries:
	"aclofikceldphonlfmghmimkodjdmhck", // Ancoris login component
	"eilbnahdgoddoedakcmfkcgfoegeloil", // Ancoris proxy component
	"ceehlgckkmkaoggdnjhibffkphfnphmg", // Libdata login

	// Retail mode:
	"ehcabepphndocfmgbdkbjibfodelmpbb", // Angry Birds demo
	"kgimkbnclbekdkabkpjhpakhhalfanda", // Bejeweled demo
	"joodangkbfjnajiiifokapkpmhfnpleo", // Calculator
	"fpgfohogebplgnamlafljlcidjedbdeb", // Calendar demo
	"hfhhnacclhffhdffklopdkcgdhifgngh", // Camera
	"cdjikkcakjcdjemakobkmijmikhkegcj", // Chrome Remote Desktop demo
	"jkoildpomkimndcphjpffmephmcmkfhn", // Chromebook Demo App
	"ielkookhdphmgbipcfmafkaiagademfp", // Custom bookmarks
	"kogjlbfgggambihdjcpijgcbmenblimd", // Custom bookmarks
	"ogbkmlkceflgpilgbmbcfbifckpkfacf", // Custom bookmarks
	"pbbbjjecobhljkkcenlakfnkmkfkfamd", // Custom bookmarks
	"jkbfjmnjcdmhlfpephomoiipbhcoiffb", // Custom bookmarks
	"dgmblbpgafgcgpkoiilhjifindhinmai", // Custom bookmarks
	"iggnealjakkgfofealilhkkclnbnfnmo", // Custom bookmarks
	"lplkobnahgbopmpkdapaihnnojkphahc", // Custom bookmarks
	"lejnflfhjpcannpaghnahbedlabpmhoh", // Custom bookmarks
	"ebkhfdfghngbimnpgelagnfacdafhaba", // Deezer demo
	"npnjdccdffhdndcbeappiamcehbhjibf", // Docs.app demo
	"iddohohhpmajlkbejjjcfednjnhlnenk", // Evernote demo
	"bjdhhokmhgelphffoafoejjmlfblpdha", // Gmail demo
	"mdhnphfgagkpdhndljccoackjjhghlif", // Google Drive demo
	"dondgdlndnpianbklfnehgdhkickdjck", // Google Keep demo
	"fgjnkhlabjcaajddbaenilcmpcidahll", // Google+ demo
	"ifpkhncdnjfipfjlhfidljjffdgklanh", // Google+ Photos demo
	"cgmlfbhkckbedohgdepgbkflommbfkep", // Hangouts.app demo
	"edhhaiphkklkcfcbnlbpbiepchnkgkpn", // Helper.extension demo
	"diehajhcjifpahdplfdkhiboknagmfii", // Kindle demo
	"nhpmmldpbfjofkipjaieeomhnmcgihfm", // Menu.app demo
	"onbhgdmifjebcabplolilidlpgeknifi", // Music.app demo
	"kkkbcoabfhgekpnddfkaphobhinociem", // Netflix demo
	"adlphlfdhhjenpgimjochcpelbijkich", // New York Times demo
	"cgefhjmlaifaamhhoojmpcnihlbddeki", // Pandora demo
	"kpjjigggmcjinapdeipapdcnmnjealll", // Pixlr demo
	"aleodiobpjillgfjdkblghiiaegggmcm", // Quickoffice demo
	"nifkmgcdokhkjghdlgflonppnefddien", // Sheets demo
	"hdmobeajeoanbanmdlabnbnlopepchip", // Slides demo
	"dgohlccohkojjgkkfholmobjjoledflp", // Spotify demo
	"dhmdaeekeihmajjnmichlhiffffdbpde", // Store.app demo
	"jeabmjjifhfcejonjjhccaeigpnnjaak", // TweetDeck demo
	"pbdihpaifchmclcmkfdgffnnpfbobefh", // YouTube demo

	// Testing extensions:
	"ongnjlefhnoajpbodoldndkbkdgfomlp", // Show Managed Storage
	};

	} // namespace

	DeviceLocalAccountManagementPolicyProvider::
	DeviceLocalAccountManagementPolicyProvider(
	policy::DeviceLocalAccount::Type account_type)
	: account_type_(account_type) {
	}

	DeviceLocalAccountManagementPolicyProvider::
	~DeviceLocalAccountManagementPolicyProvider() {
	}

	std::string DeviceLocalAccountManagementPolicyProvider::
	GetDebugPolicyProviderName() const {
	#if defined(NDEBUG)
	NOTREACHED();
	return std::string();
	#else
	return "whitelist for device-local accounts";
	#endif
	}

	bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad(
	const extensions::Extension* extension,
	base::string16* error) const {
	if (account_type_ == policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION) {
	// Allow extension if it is an externally hosted component of Chrome.
	if (extension->location() ==
	extensions::Manifest::EXTERNAL_COMPONENT) {
	return true;
	}

	// Allow extension if its type is whitelisted for use in public sessions.
	if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP)
	return true;

	// Allow extension if its specific ID is whitelisted for use in public
	// sessions.
	for (size_t i = 0; i < arraysize(kPublicSessionWhitelist); ++i) {
	if (extension->id() == kPublicSessionWhitelist[i])
	return true;
	}
	} else if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) {
	// For single-app kiosk sessions, allow only platform apps.
	if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP)
	return true;
	}

	// Disallow all other extensions.
	if (error) {
	*error = l10n_util::GetStringFUTF16(
	IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT,
	base::UTF8ToUTF16(extension->name()),
	base::UTF8ToUTF16(extension->id()));
	}
	return false;
	}

	} // namespace chromeos