summaryrefslogtreecommitdiffstats
path: root/webkit/plugins/npapi/plugin_group.cc
diff options
context:
space:
mode:
authorpastarmovj@chromium.org <pastarmovj@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-03-01 13:28:58 +0000
committerpastarmovj@chromium.org <pastarmovj@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-03-01 13:28:58 +0000
commit24ff43d70bfae58e5b7fe4c607fe255ca1c665dd (patch)
treea02df6c3e178747e8b79adceb2a8f3307c7d4155 /webkit/plugins/npapi/plugin_group.cc
parent3ce02419d4f7b3cd1fc062f87fb63a78072b5483 (diff)
downloadchromium_src-24ff43d70bfae58e5b7fe4c607fe255ca1c665dd.zip
chromium_src-24ff43d70bfae58e5b7fe4c607fe255ca1c665dd.tar.gz
chromium_src-24ff43d70bfae58e5b7fe4c607fe255ca1c665dd.tar.bz2
Added EnabledPlugins policy.
The EnabledPlugins policy is linked to the plugins.plugins_whitelist preference. Renamed some methods to clarify that policies can both disable and enable plugins. Updated plugins.html (about:plugins) to display policy-enabled plugins. Lots of tweaks in PluginGroup and PluginList (webkit/plugins/npapi) to preserve the user's preference across policy changes. Removing a policy on a plugin restores the state that the user had configured before. TODO: The interaction of "EnabledPlugins" and "DisabledPlugins" when overlapping isn't very well addressed yet. Currently, any plugin matching the "disabled" list will be disabled, regardless of matching or not the "enabled" list. Small fixes: Added missing "noPlugins" string to the jstemplate strings for plugins.html. BUG=55022 TEST=Create a policy enabling a specific plugin and check about:plugins. Also test_shell_test PluginGroupTest.ManagedByPolicy, and unit_tests. Review URL: http://codereview.chromium.org/6469068 Patch from Joao da Silva <joaodasilva@chromium.org>. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@76373 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit/plugins/npapi/plugin_group.cc')
-rw-r--r--webkit/plugins/npapi/plugin_group.cc201
1 files changed, 145 insertions, 56 deletions
diff --git a/webkit/plugins/npapi/plugin_group.cc b/webkit/plugins/npapi/plugin_group.cc
index fc5a4c1..4b61baa 100644
--- a/webkit/plugins/npapi/plugin_group.cc
+++ b/webkit/plugins/npapi/plugin_group.cc
@@ -26,25 +26,42 @@ const char* PluginGroup::kShockwaveGroupName = "Shockwave";
/*static*/
std::set<string16>* PluginGroup::policy_disabled_plugin_patterns_;
+/*static*/
+std::set<string16>* PluginGroup::policy_disabled_plugin_exception_patterns_;
+/*static*/
+std::set<string16>* PluginGroup::policy_enabled_plugin_patterns_;
/*static*/
-void PluginGroup::SetPolicyDisabledPluginPatterns(
- const std::set<string16>& set) {
+void PluginGroup::SetPolicyEnforcedPluginPatterns(
+ const std::set<string16>& plugins_disabled,
+ const std::set<string16>& plugins_disabled_exceptions,
+ const std::set<string16>& plugins_enabled) {
if (!policy_disabled_plugin_patterns_)
- policy_disabled_plugin_patterns_ = new std::set<string16>(set);
+ policy_disabled_plugin_patterns_ = new std::set<string16>(plugins_disabled);
+ else
+ *policy_disabled_plugin_patterns_ = plugins_disabled;
+
+ if (!policy_disabled_plugin_exception_patterns_)
+ policy_disabled_plugin_exception_patterns_ =
+ new std::set<string16>(plugins_disabled_exceptions);
+ else
+ *policy_disabled_plugin_exception_patterns_ = plugins_disabled_exceptions;
+
+ if (!policy_enabled_plugin_patterns_)
+ policy_enabled_plugin_patterns_ = new std::set<string16>(plugins_enabled);
else
- *policy_disabled_plugin_patterns_ = set;
+ *policy_enabled_plugin_patterns_ = plugins_enabled;
}
/*static*/
-bool PluginGroup::IsPluginNameDisabledByPolicy(const string16& plugin_name) {
- if (!policy_disabled_plugin_patterns_)
+bool PluginGroup::IsStringMatchedInSet(const string16& name,
+ const std::set<string16>* pattern_set) {
+ if (!pattern_set)
return false;
- std::set<string16>::const_iterator pattern(
- policy_disabled_plugin_patterns_->begin());
- while (pattern != policy_disabled_plugin_patterns_->end()) {
- if (MatchPattern(plugin_name, *pattern))
+ std::set<string16>::const_iterator pattern(pattern_set->begin());
+ while (pattern != pattern_set->end()) {
+ if (MatchPattern(name, *pattern))
return true;
++pattern;
}
@@ -52,6 +69,38 @@ bool PluginGroup::IsPluginNameDisabledByPolicy(const string16& plugin_name) {
return false;
}
+/*static*/
+bool PluginGroup::IsPluginNameDisabledByPolicy(const string16& plugin_name) {
+ // A plugin that matches some "disabled" pattern but also matches an "enabled"
+ // pattern will be enabled. Example: disable "*", enable "Flash, Java".
+ // Same for matching an "exception" pattern.
+ return IsStringMatchedInSet(plugin_name, policy_disabled_plugin_patterns_) &&
+ !IsStringMatchedInSet(plugin_name, policy_enabled_plugin_patterns_) &&
+ !IsStringMatchedInSet(plugin_name,
+ policy_disabled_plugin_exception_patterns_);
+}
+
+/*static*/
+bool PluginGroup::IsPluginFileNameDisabledByPolicy(const string16& plugin_name,
+ const string16& group_name) {
+ // This handles a specific plugin within a group that is allowed,
+ // but whose name matches a disabled pattern.
+ // Example: disable "*", exception "Java".
+ bool group_has_exception = IsStringMatchedInSet(
+ group_name,
+ policy_disabled_plugin_exception_patterns_);
+
+ return !IsPluginNameEnabledByPolicy(plugin_name) &&
+ !group_has_exception &&
+ IsPluginNameDisabledByPolicy(plugin_name);
+}
+
+/*static*/
+bool PluginGroup::IsPluginNameEnabledByPolicy(const string16& plugin_name) {
+ // There are no exceptions to enabled plugins.
+ return IsStringMatchedInSet(plugin_name, policy_enabled_plugin_patterns_);
+}
+
VersionRange::VersionRange(VersionRangeDefinition definition)
: low_str(definition.version_matcher_low),
high_str(definition.version_matcher_high),
@@ -262,8 +311,13 @@ bool PluginGroup::EnablePlugin(const FilePath& filename) {
bool did_enable = false;
ResetGroupState();
for (size_t i = 0; i < web_plugin_infos_.size(); ++i) {
- if (web_plugin_infos_[i].path == filename)
- did_enable = Enable(&web_plugin_infos_[i], WebPluginInfo::USER_ENABLED);
+ if (web_plugin_infos_[i].path == filename) {
+ did_enable = Enable(
+ &web_plugin_infos_[i],
+ IsPluginNameEnabledByPolicy(web_plugin_infos_[i].name) ?
+ WebPluginInfo::USER_ENABLED_POLICY_ENABLED :
+ WebPluginInfo::USER_ENABLED);
+ }
UpdateActivePlugin(web_plugin_infos_[i]);
}
return did_enable;
@@ -326,23 +380,35 @@ DictionaryValue* PluginGroup::GetDataForUI() const {
result->SetBoolean("critical", IsVulnerable());
bool group_disabled_by_policy = IsPluginNameDisabledByPolicy(name);
+ bool group_enabled_by_policy = IsPluginNameEnabledByPolicy(name);
ListValue* plugin_files = new ListValue();
bool all_plugins_disabled_by_policy = true;
+ bool all_plugins_enabled_by_policy = true;
for (size_t i = 0; i < web_plugin_infos_.size(); ++i) {
DictionaryValue* plugin_file = new DictionaryValue();
plugin_file->SetString("name", web_plugin_infos_[i].name);
plugin_file->SetString("description", web_plugin_infos_[i].desc);
plugin_file->SetString("path", web_plugin_infos_[i].path.value());
plugin_file->SetString("version", web_plugin_infos_[i].version);
+
bool plugin_disabled_by_policy = group_disabled_by_policy ||
((web_plugin_infos_[i].enabled & WebPluginInfo::POLICY_DISABLED) != 0);
+ bool plugin_enabled_by_policy = group_enabled_by_policy ||
+ ((web_plugin_infos_[i].enabled & WebPluginInfo::POLICY_ENABLED) != 0);
+
+ if (!plugin_disabled_by_policy)
+ all_plugins_disabled_by_policy = false;
+ if (!plugin_enabled_by_policy)
+ all_plugins_enabled_by_policy = false;
+
if (plugin_disabled_by_policy) {
plugin_file->SetString("enabledMode", "disabledByPolicy");
+ } else if (plugin_enabled_by_policy) {
+ plugin_file->SetString("enabledMode", "enabledByPolicy");
} else {
- all_plugins_disabled_by_policy = false;
plugin_file->SetString(
"enabledMode", IsPluginEnabled(web_plugin_infos_[i]) ?
- "enabled" : "disabledByUser");
+ "enabledByUser" : "disabledByUser");
}
ListValue* mime_types = new ListValue();
@@ -369,8 +435,12 @@ DictionaryValue* PluginGroup::GetDataForUI() const {
if (group_disabled_by_policy || all_plugins_disabled_by_policy) {
result->SetString("enabledMode", "disabledByPolicy");
+ } else if (group_enabled_by_policy || all_plugins_enabled_by_policy) {
+ result->SetString("enabledMode", "enabledByPolicy");
} else {
- result->SetString("enabledMode", enabled_ ? "enabled" : "disabledByUser");
+ result->SetString("enabledMode", enabled_ ?
+ "enabledByUser" :
+ "disabledByUser");
}
result->Set("plugin_files", plugin_files);
@@ -440,21 +510,28 @@ void PluginGroup::DisableOutdatedPlugins() {
bool PluginGroup::EnableGroup(bool enable) {
bool group_disabled_by_policy = IsPluginNameDisabledByPolicy(group_name_);
- // We can't enable groups disabled by policy
- if (group_disabled_by_policy && enable)
+ bool group_enabled_by_policy = IsPluginNameEnabledByPolicy(group_name_);
+
+ // We can't enable nor disable groups controlled by policy.
+ if ((group_disabled_by_policy && enable) ||
+ (group_enabled_by_policy && !enable))
return false;
ResetGroupState();
for (size_t i = 0; i < web_plugin_infos_.size(); ++i) {
+ bool policy_enabled =
+ IsPluginNameEnabledByPolicy(web_plugin_infos_[i].name);
bool policy_disabled =
- IsPluginNameDisabledByPolicy(web_plugin_infos_[i].name);
- if (enable && !policy_disabled) {
+ IsPluginFileNameDisabledByPolicy(web_plugin_infos_[i].name,
+ group_name_);
+ if (policy_disabled) {
+ Disable(&web_plugin_infos_[i], WebPluginInfo::POLICY_DISABLED);
+ } else if (policy_enabled) {
+ Enable(&web_plugin_infos_[i], WebPluginInfo::POLICY_ENABLED);
+ } else if (enable) {
Enable(&web_plugin_infos_[i], WebPluginInfo::USER_ENABLED);
} else {
- Disable(&web_plugin_infos_[i],
- policy_disabled || group_disabled_by_policy ?
- WebPluginInfo::POLICY_DISABLED :
- WebPluginInfo::USER_DISABLED);
+ Disable(&web_plugin_infos_[i], WebPluginInfo::USER_DISABLED);
}
UpdateActivePlugin(web_plugin_infos_[i]);
}
@@ -463,19 +540,30 @@ bool PluginGroup::EnableGroup(bool enable) {
void PluginGroup::EnforceGroupPolicy() {
bool group_disabled_by_policy = IsPluginNameDisabledByPolicy(group_name_);
+ bool group_enabled_by_policy = IsPluginNameEnabledByPolicy(group_name_);
ResetGroupState();
for (size_t i = 0; i < web_plugin_infos_.size(); ++i) {
+ bool policy_enabled =
+ group_enabled_by_policy ||
+ IsPluginNameEnabledByPolicy(web_plugin_infos_[i].name);
bool policy_disabled =
- IsPluginNameDisabledByPolicy(web_plugin_infos_[i].name) |
- group_disabled_by_policy;
-
- // TODO(pastarmovj): Add the code for enforcing enabled by policy...
+ !policy_enabled &&
+ (group_disabled_by_policy ||
+ IsPluginFileNameDisabledByPolicy(web_plugin_infos_[i].name,
+ group_name_));
if (policy_disabled) {
Disable(&web_plugin_infos_[i], WebPluginInfo::POLICY_DISABLED);
- // ...here would a else if (policy_enabled) { ... } be then.
+ } else if (policy_enabled) {
+ Enable(&web_plugin_infos_[i], WebPluginInfo::POLICY_ENABLED);
} else {
- Enable(&web_plugin_infos_[i], WebPluginInfo::POLICY_UNMANAGED);
+ // If not managed, use the user's preference.
+ if ((web_plugin_infos_[i].enabled & WebPluginInfo::USER_MASK) ==
+ WebPluginInfo::USER_ENABLED) {
+ Enable(&web_plugin_infos_[i], WebPluginInfo::POLICY_UNMANAGED);
+ } else {
+ Disable(&web_plugin_infos_[i], WebPluginInfo::POLICY_UNMANAGED);
+ }
}
UpdateActivePlugin(web_plugin_infos_[i]);
}
@@ -487,45 +575,46 @@ void PluginGroup::ResetGroupState() {
version_.reset(Version::GetVersionFromString("0"));
}
-bool PluginGroup::Enable(WebPluginInfo* plugin,
- int new_reason) {
- DCHECK(new_reason == WebPluginInfo::USER_ENABLED ||
- new_reason == WebPluginInfo::POLICY_UNMANAGED ||
- new_reason == WebPluginInfo::POLICY_ENABLED);
+/*static*/
+bool PluginGroup::SetPluginState(WebPluginInfo* plugin,
+ int new_reason,
+ bool state_changes) {
// If we are only stripping the policy then mask the policy bits.
if (new_reason == WebPluginInfo::POLICY_UNMANAGED) {
plugin->enabled &= WebPluginInfo::USER_MASK;
return true;
}
- // If already enabled just upgrade the reason.
- if (IsPluginEnabled(*plugin)) {
- plugin->enabled |= new_reason;
- return true;
+ if (new_reason & WebPluginInfo::MANAGED_MASK) {
+ // Policy-enforced change: preserve the user's preference, and override
+ // a possible previous policy flag.
+ plugin->enabled = (plugin->enabled & WebPluginInfo::USER_MASK) | new_reason;
+ } else if (state_changes && (plugin->enabled & WebPluginInfo::MANAGED_MASK)) {
+ // Refuse change when managed.
+ return false;
} else {
- // Only changeable if not managed.
- if (plugin->enabled & WebPluginInfo::MANAGED_MASK)
- return false;
- plugin->enabled = new_reason;
+ // Accept the user update, but keep the policy flag if present.
+ plugin->enabled = (plugin->enabled & WebPluginInfo::MANAGED_MASK) |
+ new_reason;
}
return true;
}
-bool PluginGroup::Disable(WebPluginInfo* plugin,
- int new_reason) {
+/*static*/
+bool PluginGroup::Enable(WebPluginInfo* plugin, int new_reason) {
+ DCHECK(new_reason == WebPluginInfo::USER_ENABLED ||
+ new_reason == WebPluginInfo::POLICY_ENABLED ||
+ new_reason == WebPluginInfo::USER_ENABLED_POLICY_ENABLED ||
+ new_reason == WebPluginInfo::POLICY_UNMANAGED);
+ return SetPluginState(plugin, new_reason, !IsPluginEnabled(*plugin));
+}
+
+/*static*/
+bool PluginGroup::Disable(WebPluginInfo* plugin, int new_reason) {
DCHECK(new_reason == WebPluginInfo::USER_DISABLED ||
new_reason == WebPluginInfo::POLICY_DISABLED ||
- new_reason == WebPluginInfo::USER_DISABLED_POLICY_DISABLED);
- // If already disabled just upgrade the reason.
- if (!IsPluginEnabled(*plugin)) {
- plugin->enabled |= new_reason;
- return true;
- } else {
- // Only changeable if not managed.
- if (plugin->enabled & WebPluginInfo::MANAGED_MASK)
- return false;
- plugin->enabled = new_reason;
- }
- return true;
+ new_reason == WebPluginInfo::USER_DISABLED_POLICY_DISABLED ||
+ new_reason == WebPluginInfo::POLICY_UNMANAGED);
+ return SetPluginState(plugin, new_reason, IsPluginEnabled(*plugin));
}
} // namespace npapi
generated by cgit v1.1 at 2025-01-08 08:54:43 +0000