1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.h" 6 7#include <string> 8 9#include "base/logging.h" 10#include "base/strings/utf_string_conversions.h" 11#include "extensions/common/extension.h" 12#include "extensions/common/manifest.h" 13#include "grit/generated_resources.h" 14#include "ui/base/l10n/l10n_util.h" 15 16namespace chromeos { 17 18namespace { 19 20// Apps/extensions explicitly whitelisted for use in public sessions. 21const char* kPublicSessionWhitelist[] = { 22 // Public sessions in general: 23 "cbkkbcmdlboombapidmoeolnmdacpkch", // Chrome RDP 24 "djflhoibgkdhkhhcedjiklpkjnoahfmg", // User Agent Switcher 25 "iabmpiboiopbgfabjmgeedhcmjenhbla", // VNC Viewer 26 27 // Libraries: 28 "aclofikceldphonlfmghmimkodjdmhck", // Ancoris login component 29 "eilbnahdgoddoedakcmfkcgfoegeloil", // Ancoris proxy component 30 "ceehlgckkmkaoggdnjhibffkphfnphmg", // Libdata login 31 32 // Retail mode: 33 "ehcabepphndocfmgbdkbjibfodelmpbb", // Angry Birds demo 34 "kgimkbnclbekdkabkpjhpakhhalfanda", // Bejeweled demo 35 "joodangkbfjnajiiifokapkpmhfnpleo", // Calculator 36 "fpgfohogebplgnamlafljlcidjedbdeb", // Calendar demo 37 "hfhhnacclhffhdffklopdkcgdhifgngh", // Camera 38 "cdjikkcakjcdjemakobkmijmikhkegcj", // Chrome Remote Desktop demo 39 "jkoildpomkimndcphjpffmephmcmkfhn", // Chromebook Demo App 40 "ielkookhdphmgbipcfmafkaiagademfp", // Custom bookmarks 41 "kogjlbfgggambihdjcpijgcbmenblimd", // Custom bookmarks 42 "ogbkmlkceflgpilgbmbcfbifckpkfacf", // Custom bookmarks 43 "pbbbjjecobhljkkcenlakfnkmkfkfamd", // Custom bookmarks 44 "jkbfjmnjcdmhlfpephomoiipbhcoiffb", // Custom bookmarks 45 "dgmblbpgafgcgpkoiilhjifindhinmai", // Custom bookmarks 46 "iggnealjakkgfofealilhkkclnbnfnmo", // Custom bookmarks 47 "lplkobnahgbopmpkdapaihnnojkphahc", // Custom bookmarks 48 "lejnflfhjpcannpaghnahbedlabpmhoh", // Custom bookmarks 49 "ebkhfdfghngbimnpgelagnfacdafhaba", // Deezer demo 50 "npnjdccdffhdndcbeappiamcehbhjibf", // Docs.app demo 51 "iddohohhpmajlkbejjjcfednjnhlnenk", // Evernote demo 52 "bjdhhokmhgelphffoafoejjmlfblpdha", // Gmail demo 53 "mdhnphfgagkpdhndljccoackjjhghlif", // Google Drive demo 54 "dondgdlndnpianbklfnehgdhkickdjck", // Google Keep demo 55 "fgjnkhlabjcaajddbaenilcmpcidahll", // Google+ demo 56 "ifpkhncdnjfipfjlhfidljjffdgklanh", // Google+ Photos demo 57 "cgmlfbhkckbedohgdepgbkflommbfkep", // Hangouts.app demo 58 "edhhaiphkklkcfcbnlbpbiepchnkgkpn", // Helper.extension demo 59 "diehajhcjifpahdplfdkhiboknagmfii", // Kindle demo 60 "nhpmmldpbfjofkipjaieeomhnmcgihfm", // Menu.app demo 61 "onbhgdmifjebcabplolilidlpgeknifi", // Music.app demo 62 "kkkbcoabfhgekpnddfkaphobhinociem", // Netflix demo 63 "adlphlfdhhjenpgimjochcpelbijkich", // New York Times demo 64 "cgefhjmlaifaamhhoojmpcnihlbddeki", // Pandora demo 65 "kpjjigggmcjinapdeipapdcnmnjealll", // Pixlr demo 66 "aleodiobpjillgfjdkblghiiaegggmcm", // Quickoffice demo 67 "nifkmgcdokhkjghdlgflonppnefddien", // Sheets demo 68 "hdmobeajeoanbanmdlabnbnlopepchip", // Slides demo 69 "dgohlccohkojjgkkfholmobjjoledflp", // Spotify demo 70 "dhmdaeekeihmajjnmichlhiffffdbpde", // Store.app demo 71 "jeabmjjifhfcejonjjhccaeigpnnjaak", // TweetDeck demo 72 "pbdihpaifchmclcmkfdgffnnpfbobefh", // YouTube demo 73 74 // Testing extensions: 75 "ongnjlefhnoajpbodoldndkbkdgfomlp", // Show Managed Storage 76}; 77 78} // namespace 79 80DeviceLocalAccountManagementPolicyProvider:: 81 DeviceLocalAccountManagementPolicyProvider( 82 policy::DeviceLocalAccount::Type account_type) 83 : account_type_(account_type) { 84} 85 86DeviceLocalAccountManagementPolicyProvider:: 87 ~DeviceLocalAccountManagementPolicyProvider() { 88} 89 90std::string DeviceLocalAccountManagementPolicyProvider:: 91 GetDebugPolicyProviderName() const { 92#if defined(NDEBUG) 93 NOTREACHED(); 94 return std::string(); 95#else 96 return "whitelist for device-local accounts"; 97#endif 98} 99 100bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad( 101 const extensions::Extension* extension, 102 base::string16* error) const { 103 if (account_type_ == policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION) { 104 // Allow extension if it is an externally hosted component of Chrome. 105 if (extension->location() == 106 extensions::Manifest::EXTERNAL_COMPONENT) { 107 return true; 108 } 109 110 // Allow extension if its type is whitelisted for use in public sessions. 111 if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP) 112 return true; 113 114 // Allow extension if its specific ID is whitelisted for use in public 115 // sessions. 116 for (size_t i = 0; i < arraysize(kPublicSessionWhitelist); ++i) { 117 if (extension->id() == kPublicSessionWhitelist[i]) 118 return true; 119 } 120 } else if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) { 121 // For single-app kiosk sessions, allow only platform apps. 122 if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP) 123 return true; 124 } 125 126 // Disallow all other extensions. 127 if (error) { 128 *error = l10n_util::GetStringFUTF16( 129 IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT, 130 base::UTF8ToUTF16(extension->name()), 131 base::UTF8ToUTF16(extension->id())); 132 } 133 return false; 134} 135 136} // namespace chromeos 137