device_local_account_management_policy_provider.cc revision 4e180b6a0b4720a9b8e9e959a882386f690f08ff 
1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.h"
6
7#include <string>
8
9#include "base/logging.h"
10#include "base/strings/utf_string_conversions.h"
11#include "chrome/common/extensions/extension.h"
12#include "extensions/common/manifest.h"
13#include "grit/generated_resources.h"
14#include "ui/base/l10n/l10n_util.h"
15
16namespace chromeos {
17
18namespace {
19
20// Apps/extensions explicitly whitelisted for use in device-local accounts.
21const char* kDeviceLocalAccountWhitelist[] = {
22  "bpmcpldpdmajfigpchkicefoigmkfalc",  // QuickOffice
23};
24
25}  // namespace
26
27DeviceLocalAccountManagementPolicyProvider::
28    DeviceLocalAccountManagementPolicyProvider(
29        policy::DeviceLocalAccount::Type account_type)
30    : account_type_(account_type) {
31}
32
33DeviceLocalAccountManagementPolicyProvider::
34    ~DeviceLocalAccountManagementPolicyProvider() {
35}
36
37std::string DeviceLocalAccountManagementPolicyProvider::
38    GetDebugPolicyProviderName() const {
39#if defined(NDEBUG)
40  NOTREACHED();
41  return std::string();
42#else
43  return "whitelist for device-local accounts";
44#endif
45}
46
47bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad(
48    const extensions::Extension* extension,
49    string16* error) const {
50  if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) {
51    // For single-app kiosk sessions, allow only platform apps.
52    if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP)
53      return true;
54
55  } else {
56    // Allow extension if its type is whitelisted for use in device-local
57    // accounts.
58    if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP)
59      return true;
60
61    // Allow extension if its specific ID is whitelisted for use in device-local
62    // accounts.
63    for (size_t i = 0; i < arraysize(kDeviceLocalAccountWhitelist); ++i) {
64      if (extension->id() == kDeviceLocalAccountWhitelist[i])
65        return true;
66    }
67  }
68
69  // Disallow all other extensions.
70  if (error) {
71    *error = l10n_util::GetStringFUTF16(
72          IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT,
73          UTF8ToUTF16(extension->name()),
74          UTF8ToUTF16(extension->id()));
75  }
76  return false;
77}
78
79}  // namespace chromeos
80