1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef EXTENSIONS_BROWSER_MANAGEMENT_POLICY_H_ 6#define EXTENSIONS_BROWSER_MANAGEMENT_POLICY_H_ 7 8#include <set> 9#include <string> 10 11#include "base/basictypes.h" 12#include "extensions/common/extension.h" 13 14namespace extensions { 15 16// This class registers providers that want to prohibit certain actions from 17// being applied to extensions. It must be called, via the ExtensionService, 18// before allowing a user or a user-level mechanism to perform the respective 19// action. (That is, installing or otherwise modifying an extension in order 20// to conform to enterprise administrator policy must be exempted from these 21// checks.) 22// 23// This "policy" and its providers should not be confused with administrator 24// policy, although admin policy is one of the sources ("Providers") of 25// restrictions registered with and exposed by the ManagementPolicy. 26class ManagementPolicy { 27 public: 28 // Each mechanism that wishes to limit users' ability to control extensions, 29 // whether one individual extension or the whole system, should implement 30 // the methods of this Provider interface that it needs. In each case, if the 31 // provider does not need to control a certain action, that method does not 32 // need to be implemented. 33 // 34 // It is not guaranteed that a particular Provider's methods will be called 35 // each time a user tries to perform one of the controlled actions (the list 36 // of providers is short-circuited as soon as a decision is possible), so 37 // implementations of these methods must have no side effects. 38 // 39 // For all of the Provider methods below, if |error| is not NULL and the 40 // method imposes a restriction on the desired action, |error| may be set 41 // to an applicable error message, but this is not required. 42 class Provider { 43 public: 44 Provider() {} 45 virtual ~Provider() {} 46 47 // A human-readable name for this provider, for use in debug messages. 48 // Implementers should return an empty string in non-debug builds, to save 49 // executable size. 50 virtual std::string GetDebugPolicyProviderName() const = 0; 51 52 // Providers should return false if a user may not install the |extension|, 53 // or load or run it if it has already been installed. 54 virtual bool UserMayLoad(const Extension* extension, 55 base::string16* error) const; 56 57 // Providers should return false if a user may not enable, disable, or 58 // uninstall the |extension|, or change its usage options (incognito 59 // permission, file access, etc.). 60 virtual bool UserMayModifySettings(const Extension* extension, 61 base::string16* error) const; 62 63 // Providers should return true if the |extension| must always remain 64 // enabled. This is distinct from UserMayModifySettings() in that the latter 65 // also prohibits enabling the extension if it is currently disabled. 66 // Providers implementing this method should also implement the others 67 // above, if they wish to completely lock in an extension. 68 virtual bool MustRemainEnabled(const Extension* extension, 69 base::string16* error) const; 70 71 // Similar to MustRemainEnabled, but for whether an extension must remain 72 // disabled, and returns an error and/or reason if the caller needs it. 73 virtual bool MustRemainDisabled(const Extension* extension, 74 Extension::DisableReason* reason, 75 base::string16* error) const; 76 77 private: 78 DISALLOW_COPY_AND_ASSIGN(Provider); 79 }; 80 81 ManagementPolicy(); 82 ~ManagementPolicy(); 83 84 // Registers or unregisters a provider, causing it to be added to or removed 85 // from the list of providers queried. Ownership of the provider remains with 86 // the caller. Providers do not need to be unregistered on shutdown. 87 void RegisterProvider(Provider* provider); 88 void UnregisterProvider(Provider* provider); 89 90 // Returns true if the user is permitted to install, load, and run the given 91 // extension. If not, |error| may be set to an appropriate message. 92 bool UserMayLoad(const Extension* extension, base::string16* error) const; 93 94 // Returns true if the user is permitted to enable, disable, or uninstall the 95 // given extension, or change the extension's usage options (incognito mode, 96 // file access, etc.). If not, |error| may be set to an appropriate message. 97 bool UserMayModifySettings(const Extension* extension, 98 base::string16* error) const; 99 100 // Returns true if the extension must remain enabled at all times (e.g. a 101 // compoment extension). In that case, |error| may be set to an appropriate 102 // message. 103 bool MustRemainEnabled(const Extension* extension, 104 base::string16* error) const; 105 106 // Returns true immediately if any registered provider's MustRemainDisabled 107 // function returns true. 108 bool MustRemainDisabled(const Extension* extension, 109 Extension::DisableReason* reason, 110 base::string16* error) const; 111 112 // For use in testing. 113 void UnregisterAllProviders(); 114 int GetNumProviders() const; 115 116 private: 117 // This is a pointer to a function in the Provider interface, used in 118 // ApplyToProviderList. 119 typedef bool (Provider::*ProviderFunction)(const Extension*, 120 base::string16*) const; 121 122 typedef std::set<Provider*> ProviderList; 123 124 // This is a helper to apply a method in the Provider interface to each of 125 // the Provider objects in |providers_|. The return value of this function 126 // will be |normal_result|, unless any of the Provider calls to |function| 127 // return !normal_result, in which case this function will then early-return 128 // !normal_result. 129 bool ApplyToProviderList(ProviderFunction function, 130 const char* debug_operation_name, 131 bool normal_result, 132 const Extension* extension, 133 base::string16* error) const; 134 135 ProviderList providers_; 136 137 DISALLOW_COPY_AND_ASSIGN(ManagementPolicy); 138}; 139 140} // namespace extensions 141 142#endif // EXTENSIONS_BROWSER_MANAGEMENT_POLICY_H_ 143