diff options
author | aa@chromium.org <aa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-09 06:05:48 +0000 |
---|---|---|
committer | aa@chromium.org <aa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-09 06:05:48 +0000 |
commit | d90398121f891434b26ecd0d886cdb9a1073cf87 (patch) | |
tree | 60fe71ad8d62a69840415e165a788d7cfb1087b8 /chrome/browser/policy | |
parent | fc85d0c09ea726d5f4377a92f5f6ad2a904650e4 (diff) | |
download | chromium_src-d90398121f891434b26ecd0d886cdb9a1073cf87.zip chromium_src-d90398121f891434b26ecd0d886cdb9a1073cf87.tar.gz chromium_src-d90398121f891434b26ecd0d886cdb9a1073cf87.tar.bz2 |
Add a group policy controlling which sites can install extensions.
BUG=55584
TBR=jhawkins@chromium.org
Review URL: https://chromiumcodereview.appspot.com/10542048
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@141355 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/policy')
4 files changed, 141 insertions, 0 deletions
diff --git a/chrome/browser/policy/configuration_policy_handler.cc b/chrome/browser/policy/configuration_policy_handler.cc index 023cb1d..06ab093 100644 --- a/chrome/browser/policy/configuration_policy_handler.cc +++ b/chrome/browser/policy/configuration_policy_handler.cc @@ -280,6 +280,64 @@ bool ExtensionListPolicyHandler::CheckAndGetList( return true; } +// ExtensionURLPatternListPolicyHandler implementation ------------------------- + +ExtensionURLPatternListPolicyHandler::ExtensionURLPatternListPolicyHandler( + const char* policy_name, + const char* pref_path) + : TypeCheckingPolicyHandler(policy_name, base::Value::TYPE_LIST), + pref_path_(pref_path) {} + +ExtensionURLPatternListPolicyHandler::~ExtensionURLPatternListPolicyHandler() {} + +bool ExtensionURLPatternListPolicyHandler::CheckPolicySettings( + const PolicyMap& policies, + PolicyErrorMap* errors) { + const base::Value* value = NULL; + if (!CheckAndGetValue(policies, errors, &value)) + return false; + + if (!value) + return true; + + const base::ListValue* list_value = NULL; + if (!value->GetAsList(&list_value)) { + NOTREACHED(); + return false; + } + + // Check that the list contains valid URLPattern strings only. + for (base::ListValue::const_iterator entry(list_value->begin()); + entry != list_value->end(); ++entry) { + std::string url_pattern_string; + if (!(*entry)->GetAsString(&url_pattern_string)) { + errors->AddError(policy_name(), + entry - list_value->begin(), + IDS_POLICY_TYPE_ERROR, + ValueTypeToString(base::Value::TYPE_STRING)); + return false; + } + + URLPattern pattern(URLPattern::SCHEME_ALL); + if (pattern.Parse(url_pattern_string) != URLPattern::PARSE_SUCCESS) { + errors->AddError(policy_name(), + entry - list_value->begin(), + IDS_POLICY_VALUE_FORMAT_ERROR); + return false; + } + } + + return true; +} + +void ExtensionURLPatternListPolicyHandler::ApplyPolicySettings( + const PolicyMap& policies, + PrefValueMap* prefs) { + const Value* value = policies.GetValue(policy_name()); + if (value) + prefs->SetValue(pref_path_, value->DeepCopy()); +} + // SimplePolicyHandler implementation ------------------------------------------ SimplePolicyHandler::SimplePolicyHandler( diff --git a/chrome/browser/policy/configuration_policy_handler.h b/chrome/browser/policy/configuration_policy_handler.h index 8ddf542..6b75800 100644 --- a/chrome/browser/policy/configuration_policy_handler.h +++ b/chrome/browser/policy/configuration_policy_handler.h @@ -128,6 +128,26 @@ class ExtensionListPolicyHandler : public TypeCheckingPolicyHandler { DISALLOW_COPY_AND_ASSIGN(ExtensionListPolicyHandler); }; +// Implements additional checks for policies that are lists of extension +// URLPatterns. +class ExtensionURLPatternListPolicyHandler : public TypeCheckingPolicyHandler { + public: + ExtensionURLPatternListPolicyHandler(const char* policy_name, + const char* pref_path); + virtual ~ExtensionURLPatternListPolicyHandler(); + + // ConfigurationPolicyHandler methods: + virtual bool CheckPolicySettings(const PolicyMap& policies, + PolicyErrorMap* errors) OVERRIDE; + virtual void ApplyPolicySettings(const PolicyMap& policies, + PrefValueMap* prefs) OVERRIDE; + + private: + const char* pref_path_; + + DISALLOW_COPY_AND_ASSIGN(ExtensionURLPatternListPolicyHandler); +}; + // ConfigurationPolicyHandler for the SyncDisabled policy. class SyncPolicyHandler : public TypeCheckingPolicyHandler { public: diff --git a/chrome/browser/policy/configuration_policy_handler_list.cc b/chrome/browser/policy/configuration_policy_handler_list.cc index b73caf7..23e19cc 100644 --- a/chrome/browser/policy/configuration_policy_handler_list.cc +++ b/chrome/browser/policy/configuration_policy_handler_list.cc @@ -336,6 +336,10 @@ ConfigurationPolicyHandlerList::ConfigurationPolicyHandlerList() { new ExtensionListPolicyHandler(key::kExtensionInstallBlacklist, prefs::kExtensionInstallDenyList, true)); + handlers_.push_back( + new ExtensionURLPatternListPolicyHandler( + key::kExtensionInstallSources, + prefs::kExtensionAllowedInstallSites)); #if !defined(OS_CHROMEOS) handlers_.push_back(new DownloadDirPolicyHandler()); diff --git a/chrome/browser/policy/configuration_policy_handler_unittest.cc b/chrome/browser/policy/configuration_policy_handler_unittest.cc index 17bfeaa..baba2ba 100644 --- a/chrome/browser/policy/configuration_policy_handler_unittest.cc +++ b/chrome/browser/policy/configuration_policy_handler_unittest.cc @@ -62,4 +62,63 @@ TEST(ExtensionListPolicyHandlerTest, ApplyPolicySettings) { EXPECT_TRUE(base::Value::Equals(&list, value)); } +TEST(ExtensionURLPatternListPolicyHandlerTest, CheckPolicySettings) { + base::ListValue list; + PolicyMap policy_map; + PolicyErrorMap errors; + ExtensionURLPatternListPolicyHandler handler( + key::kExtensionInstallSources, + prefs::kExtensionAllowedInstallSites); + + policy_map.Set(key::kExtensionInstallSources, POLICY_LEVEL_MANDATORY, + POLICY_SCOPE_USER, list.DeepCopy()); + EXPECT_TRUE(handler.CheckPolicySettings(policy_map, &errors)); + EXPECT_TRUE(errors.empty()); + + list.Append(Value::CreateStringValue("http://*.google.com/*")); + policy_map.Set(key::kExtensionInstallSources, POLICY_LEVEL_MANDATORY, + POLICY_SCOPE_USER, list.DeepCopy()); + EXPECT_TRUE(handler.CheckPolicySettings(policy_map, &errors)); + EXPECT_TRUE(errors.empty()); + + list.Append(Value::CreateStringValue("<all_urls>")); + policy_map.Set(key::kExtensionInstallSources, POLICY_LEVEL_MANDATORY, + POLICY_SCOPE_USER, list.DeepCopy()); + EXPECT_TRUE(handler.CheckPolicySettings(policy_map, &errors)); + EXPECT_TRUE(errors.empty()); + + list.Append(Value::CreateStringValue("invalid")); + policy_map.Set(key::kExtensionInstallSources, POLICY_LEVEL_MANDATORY, + POLICY_SCOPE_USER, list.DeepCopy()); + EXPECT_FALSE(handler.CheckPolicySettings(policy_map, &errors)); + EXPECT_FALSE(errors.empty()); + EXPECT_FALSE(errors.GetErrors(key::kExtensionInstallSources).empty()); + + // URLPattern syntax has a different way to express 'all urls'. Though '*' + // would be compatible today, it would be brittle, so we disallow. + list.Append(Value::CreateStringValue("*")); + policy_map.Set(key::kExtensionInstallSources, POLICY_LEVEL_MANDATORY, + POLICY_SCOPE_USER, list.DeepCopy()); + EXPECT_FALSE(handler.CheckPolicySettings(policy_map, &errors)); + EXPECT_FALSE(errors.empty()); + EXPECT_FALSE(errors.GetErrors(key::kExtensionInstallSources).empty()); +} + +TEST(ExtensionURLPatternListPolicyHandlerTest, ApplyPolicySettings) { + base::ListValue list; + PolicyMap policy_map; + PrefValueMap prefs; + base::Value* value = NULL; + ExtensionURLPatternListPolicyHandler handler( + key::kExtensionInstallSources, + prefs::kExtensionAllowedInstallSites); + + list.Append(Value::CreateStringValue("https://corp.monkey.net/*")); + policy_map.Set(key::kExtensionInstallSources, POLICY_LEVEL_MANDATORY, + POLICY_SCOPE_USER, list.DeepCopy()); + handler.ApplyPolicySettings(policy_map, &prefs); + EXPECT_TRUE(prefs.GetValue(prefs::kExtensionAllowedInstallSites, &value)); + EXPECT_TRUE(base::Value::Equals(&list, value)); +} + } // namespace policy |