device_local_account_management_policy_provider.cc revision 4e180b6a0b4720a9b8e9e959a882386f690f08ff
1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.h" 6 7#include <string> 8 9#include "base/logging.h" 10#include "base/strings/utf_string_conversions.h" 11#include "chrome/common/extensions/extension.h" 12#include "extensions/common/manifest.h" 13#include "grit/generated_resources.h" 14#include "ui/base/l10n/l10n_util.h" 15 16namespace chromeos { 17 18namespace { 19 20// Apps/extensions explicitly whitelisted for use in device-local accounts. 21const char* kDeviceLocalAccountWhitelist[] = { 22 "bpmcpldpdmajfigpchkicefoigmkfalc", // QuickOffice 23}; 24 25} // namespace 26 27DeviceLocalAccountManagementPolicyProvider:: 28 DeviceLocalAccountManagementPolicyProvider( 29 policy::DeviceLocalAccount::Type account_type) 30 : account_type_(account_type) { 31} 32 33DeviceLocalAccountManagementPolicyProvider:: 34 ~DeviceLocalAccountManagementPolicyProvider() { 35} 36 37std::string DeviceLocalAccountManagementPolicyProvider:: 38 GetDebugPolicyProviderName() const { 39#if defined(NDEBUG) 40 NOTREACHED(); 41 return std::string(); 42#else 43 return "whitelist for device-local accounts"; 44#endif 45} 46 47bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad( 48 const extensions::Extension* extension, 49 string16* error) const { 50 if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) { 51 // For single-app kiosk sessions, allow only platform apps. 52 if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP) 53 return true; 54 55 } else { 56 // Allow extension if its type is whitelisted for use in device-local 57 // accounts. 58 if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP) 59 return true; 60 61 // Allow extension if its specific ID is whitelisted for use in device-local 62 // accounts. 63 for (size_t i = 0; i < arraysize(kDeviceLocalAccountWhitelist); ++i) { 64 if (extension->id() == kDeviceLocalAccountWhitelist[i]) 65 return true; 66 } 67 } 68 69 // Disallow all other extensions. 70 if (error) { 71 *error = l10n_util::GetStringFUTF16( 72 IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT, 73 UTF8ToUTF16(extension->name()), 74 UTF8ToUTF16(extension->id())); 75 } 76 return false; 77} 78 79} // namespace chromeos 80