1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.h"
6
7#include <string>
8
9#include "base/logging.h"
10#include "base/strings/utf_string_conversions.h"
11#include "chrome/grit/generated_resources.h"
12#include "extensions/common/extension.h"
13#include "extensions/common/manifest.h"
14#include "ui/base/l10n/l10n_util.h"
15
16namespace chromeos {
17
18namespace {
19
20// Apps/extensions explicitly whitelisted for use in public sessions.
21const char* kPublicSessionWhitelist[] = {
22    // Public sessions in general:
23    "cbkkbcmdlboombapidmoeolnmdacpkch",  // Chrome RDP
24    "djflhoibgkdhkhhcedjiklpkjnoahfmg",  // User Agent Switcher
25    "iabmpiboiopbgfabjmgeedhcmjenhbla",  // VNC Viewer
26
27    // Libraries:
28    "aclofikceldphonlfmghmimkodjdmhck",  // Ancoris login component
29    "eilbnahdgoddoedakcmfkcgfoegeloil",  // Ancoris proxy component
30    "ceehlgckkmkaoggdnjhibffkphfnphmg",  // Libdata login
31
32    // Retail mode:
33    "ehcabepphndocfmgbdkbjibfodelmpbb",  // Angry Birds demo
34    "kgimkbnclbekdkabkpjhpakhhalfanda",  // Bejeweled demo
35    "joodangkbfjnajiiifokapkpmhfnpleo",  // Calculator
36    "fpgfohogebplgnamlafljlcidjedbdeb",  // Calendar demo
37    "hfhhnacclhffhdffklopdkcgdhifgngh",  // Camera
38    "cdjikkcakjcdjemakobkmijmikhkegcj",  // Chrome Remote Desktop demo
39    "jkoildpomkimndcphjpffmephmcmkfhn",  // Chromebook Demo App
40    "ielkookhdphmgbipcfmafkaiagademfp",  // Custom bookmarks
41    "kogjlbfgggambihdjcpijgcbmenblimd",  // Custom bookmarks
42    "ogbkmlkceflgpilgbmbcfbifckpkfacf",  // Custom bookmarks
43    "pbbbjjecobhljkkcenlakfnkmkfkfamd",  // Custom bookmarks
44    "jkbfjmnjcdmhlfpephomoiipbhcoiffb",  // Custom bookmarks
45    "dgmblbpgafgcgpkoiilhjifindhinmai",  // Custom bookmarks
46    "iggnealjakkgfofealilhkkclnbnfnmo",  // Custom bookmarks
47    "lplkobnahgbopmpkdapaihnnojkphahc",  // Custom bookmarks
48    "lejnflfhjpcannpaghnahbedlabpmhoh",  // Custom bookmarks
49    "ebkhfdfghngbimnpgelagnfacdafhaba",  // Deezer demo
50    "npnjdccdffhdndcbeappiamcehbhjibf",  // Docs.app demo
51    "iddohohhpmajlkbejjjcfednjnhlnenk",  // Evernote demo
52    "bjdhhokmhgelphffoafoejjmlfblpdha",  // Gmail demo
53    "mdhnphfgagkpdhndljccoackjjhghlif",  // Google Drive demo
54    "dondgdlndnpianbklfnehgdhkickdjck",  // Google Keep demo
55    "fgjnkhlabjcaajddbaenilcmpcidahll",  // Google+ demo
56    "ifpkhncdnjfipfjlhfidljjffdgklanh",  // Google+ Photos demo
57    "cgmlfbhkckbedohgdepgbkflommbfkep",  // Hangouts.app demo
58    "edhhaiphkklkcfcbnlbpbiepchnkgkpn",  // Helper.extension demo
59    "diehajhcjifpahdplfdkhiboknagmfii",  // Kindle demo
60    "nhpmmldpbfjofkipjaieeomhnmcgihfm",  // Menu.app demo
61    "onbhgdmifjebcabplolilidlpgeknifi",  // Music.app demo
62    "kkkbcoabfhgekpnddfkaphobhinociem",  // Netflix demo
63    "adlphlfdhhjenpgimjochcpelbijkich",  // New York Times demo
64    "cgefhjmlaifaamhhoojmpcnihlbddeki",  // Pandora demo
65    "kpjjigggmcjinapdeipapdcnmnjealll",  // Pixlr demo
66    "aleodiobpjillgfjdkblghiiaegggmcm",  // Quickoffice demo
67    "nifkmgcdokhkjghdlgflonppnefddien",  // Sheets demo
68    "hdmobeajeoanbanmdlabnbnlopepchip",  // Slides demo
69    "dgohlccohkojjgkkfholmobjjoledflp",  // Spotify demo
70    "dhmdaeekeihmajjnmichlhiffffdbpde",  // Store.app demo
71    "jeabmjjifhfcejonjjhccaeigpnnjaak",  // TweetDeck demo
72    "pbdihpaifchmclcmkfdgffnnpfbobefh",  // YouTube demo
73
74    // Testing extensions:
75    "ongnjlefhnoajpbodoldndkbkdgfomlp",  // Show Managed Storage
76};
77
78}  // namespace
79
80DeviceLocalAccountManagementPolicyProvider::
81    DeviceLocalAccountManagementPolicyProvider(
82        policy::DeviceLocalAccount::Type account_type)
83    : account_type_(account_type) {
84}
85
86DeviceLocalAccountManagementPolicyProvider::
87    ~DeviceLocalAccountManagementPolicyProvider() {
88}
89
90std::string DeviceLocalAccountManagementPolicyProvider::
91    GetDebugPolicyProviderName() const {
92#if defined(NDEBUG)
93  NOTREACHED();
94  return std::string();
95#else
96  return "whitelist for device-local accounts";
97#endif
98}
99
100bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad(
101    const extensions::Extension* extension,
102    base::string16* error) const {
103  if (account_type_ == policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION) {
104    // Allow extension if it is an externally hosted component of Chrome.
105    if (extension->location() ==
106        extensions::Manifest::EXTERNAL_COMPONENT) {
107      return true;
108    }
109
110    // Allow extension if its type is whitelisted for use in public sessions.
111    if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP)
112      return true;
113
114    // Allow extension if its specific ID is whitelisted for use in public
115    // sessions.
116    for (size_t i = 0; i < arraysize(kPublicSessionWhitelist); ++i) {
117      if (extension->id() == kPublicSessionWhitelist[i])
118        return true;
119    }
120  } else if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) {
121    // For single-app kiosk sessions, allow only platform apps.
122    if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP)
123      return true;
124  }
125
126  // Disallow all other extensions.
127  if (error) {
128    *error = l10n_util::GetStringFUTF16(
129          IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT,
130          base::UTF8ToUTF16(extension->name()),
131          base::UTF8ToUTF16(extension->id()));
132  }
133  return false;
134}
135
136}  // namespace chromeos
137