summaryrefslogtreecommitdiffstats
path: root/chrome/browser/policy
diff options
context:
space:
mode:
authoraa@chromium.org <aa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-06-09 06:05:48 +0000
committeraa@chromium.org <aa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-06-09 06:05:48 +0000
commitd90398121f891434b26ecd0d886cdb9a1073cf87 (patch)
tree60fe71ad8d62a69840415e165a788d7cfb1087b8 /chrome/browser/policy
parentfc85d0c09ea726d5f4377a92f5f6ad2a904650e4 (diff)
downloadchromium_src-d90398121f891434b26ecd0d886cdb9a1073cf87.zip
chromium_src-d90398121f891434b26ecd0d886cdb9a1073cf87.tar.gz
chromium_src-d90398121f891434b26ecd0d886cdb9a1073cf87.tar.bz2
Add a group policy controlling which sites can install extensions.
BUG=55584 TBR=jhawkins@chromium.org Review URL: https://chromiumcodereview.appspot.com/10542048 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@141355 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/policy')
-rw-r--r--chrome/browser/policy/configuration_policy_handler.cc58
-rw-r--r--chrome/browser/policy/configuration_policy_handler.h20
-rw-r--r--chrome/browser/policy/configuration_policy_handler_list.cc4
-rw-r--r--chrome/browser/policy/configuration_policy_handler_unittest.cc59
4 files changed, 141 insertions, 0 deletions
diff --git a/chrome/browser/policy/configuration_policy_handler.cc b/chrome/browser/policy/configuration_policy_handler.cc
index 023cb1d..06ab093 100644
--- a/chrome/browser/policy/configuration_policy_handler.cc
+++ b/chrome/browser/policy/configuration_policy_handler.cc
@@ -280,6 +280,64 @@ bool ExtensionListPolicyHandler::CheckAndGetList(
return true;
}
+// ExtensionURLPatternListPolicyHandler implementation -------------------------
+
+ExtensionURLPatternListPolicyHandler::ExtensionURLPatternListPolicyHandler(
+ const char* policy_name,
+ const char* pref_path)
+ : TypeCheckingPolicyHandler(policy_name, base::Value::TYPE_LIST),
+ pref_path_(pref_path) {}
+
+ExtensionURLPatternListPolicyHandler::~ExtensionURLPatternListPolicyHandler() {}
+
+bool ExtensionURLPatternListPolicyHandler::CheckPolicySettings(
+ const PolicyMap& policies,
+ PolicyErrorMap* errors) {
+ const base::Value* value = NULL;
+ if (!CheckAndGetValue(policies, errors, &value))
+ return false;
+
+ if (!value)
+ return true;
+
+ const base::ListValue* list_value = NULL;
+ if (!value->GetAsList(&list_value)) {
+ NOTREACHED();
+ return false;
+ }
+
+ // Check that the list contains valid URLPattern strings only.
+ for (base::ListValue::const_iterator entry(list_value->begin());
+ entry != list_value->end(); ++entry) {
+ std::string url_pattern_string;
+ if (!(*entry)->GetAsString(&url_pattern_string)) {
+ errors->AddError(policy_name(),
+ entry - list_value->begin(),
+ IDS_POLICY_TYPE_ERROR,
+ ValueTypeToString(base::Value::TYPE_STRING));
+ return false;
+ }
+
+ URLPattern pattern(URLPattern::SCHEME_ALL);
+ if (pattern.Parse(url_pattern_string) != URLPattern::PARSE_SUCCESS) {
+ errors->AddError(policy_name(),
+ entry - list_value->begin(),
+ IDS_POLICY_VALUE_FORMAT_ERROR);
+ return false;
+ }
+ }
+
+ return true;
+}
+
+void ExtensionURLPatternListPolicyHandler::ApplyPolicySettings(
+ const PolicyMap& policies,
+ PrefValueMap* prefs) {
+ const Value* value = policies.GetValue(policy_name());
+ if (value)
+ prefs->SetValue(pref_path_, value->DeepCopy());
+}
+
// SimplePolicyHandler implementation ------------------------------------------
SimplePolicyHandler::SimplePolicyHandler(
diff --git a/chrome/browser/policy/configuration_policy_handler.h b/chrome/browser/policy/configuration_policy_handler.h
index 8ddf542..6b75800 100644
--- a/chrome/browser/policy/configuration_policy_handler.h
+++ b/chrome/browser/policy/configuration_policy_handler.h
@@ -128,6 +128,26 @@ class ExtensionListPolicyHandler : public TypeCheckingPolicyHandler {
DISALLOW_COPY_AND_ASSIGN(ExtensionListPolicyHandler);
};
+// Implements additional checks for policies that are lists of extension
+// URLPatterns.
+class ExtensionURLPatternListPolicyHandler : public TypeCheckingPolicyHandler {
+ public:
+ ExtensionURLPatternListPolicyHandler(const char* policy_name,
+ const char* pref_path);
+ virtual ~ExtensionURLPatternListPolicyHandler();
+
+ // ConfigurationPolicyHandler methods:
+ virtual bool CheckPolicySettings(const PolicyMap& policies,
+ PolicyErrorMap* errors) OVERRIDE;
+ virtual void ApplyPolicySettings(const PolicyMap& policies,
+ PrefValueMap* prefs) OVERRIDE;
+
+ private:
+ const char* pref_path_;
+
+ DISALLOW_COPY_AND_ASSIGN(ExtensionURLPatternListPolicyHandler);
+};
+
// ConfigurationPolicyHandler for the SyncDisabled policy.
class SyncPolicyHandler : public TypeCheckingPolicyHandler {
public:
diff --git a/chrome/browser/policy/configuration_policy_handler_list.cc b/chrome/browser/policy/configuration_policy_handler_list.cc
index b73caf7..23e19cc 100644
--- a/chrome/browser/policy/configuration_policy_handler_list.cc
+++ b/chrome/browser/policy/configuration_policy_handler_list.cc
@@ -336,6 +336,10 @@ ConfigurationPolicyHandlerList::ConfigurationPolicyHandlerList() {
new ExtensionListPolicyHandler(key::kExtensionInstallBlacklist,
prefs::kExtensionInstallDenyList,
true));
+ handlers_.push_back(
+ new ExtensionURLPatternListPolicyHandler(
+ key::kExtensionInstallSources,
+ prefs::kExtensionAllowedInstallSites));
#if !defined(OS_CHROMEOS)
handlers_.push_back(new DownloadDirPolicyHandler());
diff --git a/chrome/browser/policy/configuration_policy_handler_unittest.cc b/chrome/browser/policy/configuration_policy_handler_unittest.cc
index 17bfeaa..baba2ba 100644
--- a/chrome/browser/policy/configuration_policy_handler_unittest.cc
+++ b/chrome/browser/policy/configuration_policy_handler_unittest.cc
@@ -62,4 +62,63 @@ TEST(ExtensionListPolicyHandlerTest, ApplyPolicySettings) {
EXPECT_TRUE(base::Value::Equals(&list, value));
}
+TEST(ExtensionURLPatternListPolicyHandlerTest, CheckPolicySettings) {
+ base::ListValue list;
+ PolicyMap policy_map;
+ PolicyErrorMap errors;
+ ExtensionURLPatternListPolicyHandler handler(
+ key::kExtensionInstallSources,
+ prefs::kExtensionAllowedInstallSites);
+
+ policy_map.Set(key::kExtensionInstallSources, POLICY_LEVEL_MANDATORY,
+ POLICY_SCOPE_USER, list.DeepCopy());
+ EXPECT_TRUE(handler.CheckPolicySettings(policy_map, &errors));
+ EXPECT_TRUE(errors.empty());
+
+ list.Append(Value::CreateStringValue("http://*.google.com/*"));
+ policy_map.Set(key::kExtensionInstallSources, POLICY_LEVEL_MANDATORY,
+ POLICY_SCOPE_USER, list.DeepCopy());
+ EXPECT_TRUE(handler.CheckPolicySettings(policy_map, &errors));
+ EXPECT_TRUE(errors.empty());
+
+ list.Append(Value::CreateStringValue("<all_urls>"));
+ policy_map.Set(key::kExtensionInstallSources, POLICY_LEVEL_MANDATORY,
+ POLICY_SCOPE_USER, list.DeepCopy());
+ EXPECT_TRUE(handler.CheckPolicySettings(policy_map, &errors));
+ EXPECT_TRUE(errors.empty());
+
+ list.Append(Value::CreateStringValue("invalid"));
+ policy_map.Set(key::kExtensionInstallSources, POLICY_LEVEL_MANDATORY,
+ POLICY_SCOPE_USER, list.DeepCopy());
+ EXPECT_FALSE(handler.CheckPolicySettings(policy_map, &errors));
+ EXPECT_FALSE(errors.empty());
+ EXPECT_FALSE(errors.GetErrors(key::kExtensionInstallSources).empty());
+
+ // URLPattern syntax has a different way to express 'all urls'. Though '*'
+ // would be compatible today, it would be brittle, so we disallow.
+ list.Append(Value::CreateStringValue("*"));
+ policy_map.Set(key::kExtensionInstallSources, POLICY_LEVEL_MANDATORY,
+ POLICY_SCOPE_USER, list.DeepCopy());
+ EXPECT_FALSE(handler.CheckPolicySettings(policy_map, &errors));
+ EXPECT_FALSE(errors.empty());
+ EXPECT_FALSE(errors.GetErrors(key::kExtensionInstallSources).empty());
+}
+
+TEST(ExtensionURLPatternListPolicyHandlerTest, ApplyPolicySettings) {
+ base::ListValue list;
+ PolicyMap policy_map;
+ PrefValueMap prefs;
+ base::Value* value = NULL;
+ ExtensionURLPatternListPolicyHandler handler(
+ key::kExtensionInstallSources,
+ prefs::kExtensionAllowedInstallSites);
+
+ list.Append(Value::CreateStringValue("https://corp.monkey.net/*"));
+ policy_map.Set(key::kExtensionInstallSources, POLICY_LEVEL_MANDATORY,
+ POLICY_SCOPE_USER, list.DeepCopy());
+ handler.ApplyPolicySettings(policy_map, &prefs);
+ EXPECT_TRUE(prefs.GetValue(prefs::kExtensionAllowedInstallSites, &value));
+ EXPECT_TRUE(base::Value::Equals(&list, value));
+}
+
} // namespace policy