chrome/browser/extensions/admin_policy.cc


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chrome/browser/extensions/admin_policy.h"

#include "base/utf_string_conversions.h"
#include "chrome/common/extensions/extension.h"
#include "grit/generated_resources.h"
#include "ui/base/l10n/l10n_util.h"

namespace {

bool IsRequired(const extensions::Extension* extension) {
  return extensions::Extension::IsRequired(extension->location());
}

bool ManagementPolicyImpl(const extensions::Extension* extension,
                          string16* error,
                          bool modifiable_value) {
  bool modifiable = !IsRequired(extension);
  // Some callers equate "no restriction" to true, others to false.
  if (modifiable)
    return modifiable_value;

  if (error) {
    *error = l10n_util::GetStringFUTF16(
        IDS_EXTENSION_CANT_MODIFY_POLICY_REQUIRED,
        UTF8ToUTF16(extension->name()));
  }
  return !modifiable_value;
}

}  // namespace

namespace extensions {
namespace admin_policy {

bool BlacklistedByDefault(const base::ListValue* blacklist) {
  base::StringValue wildcard("*");
  return blacklist && blacklist->Find(wildcard) != blacklist->end();
}

bool UserMayLoad(const base::ListValue* blacklist,
                 const base::ListValue* whitelist,
                 const base::ListValue* forcelist,
                 const Extension* extension,
                 string16* error) {
  if (IsRequired(extension))
    return true;

  if (!blacklist || blacklist->empty())
    return true;

  // Check the whitelist/forcelist first.
  base::StringValue id_value(extension->id());
  if ((whitelist && whitelist->Find(id_value) != whitelist->end()) ||
      (forcelist && forcelist->Find(id_value) != forcelist->end()))
    return true;

  // Then check the admin blacklist.
  bool result = (!blacklist || blacklist->Find(id_value) == blacklist->end()) &&
                !BlacklistedByDefault(blacklist);
  if (error && !result) {
    *error = l10n_util::GetStringFUTF16(
          IDS_EXTENSION_CANT_INSTALL_POLICY_BLACKLIST,
          UTF8ToUTF16(extension->name()),
          UTF8ToUTF16(extension->id()));
  }
  return result;
}

bool UserMayModifySettings(const Extension* extension, string16* error) {
  return ManagementPolicyImpl(extension, error, true);
}

bool MustRemainEnabled(const Extension* extension, string16* error) {
  return ManagementPolicyImpl(extension, error, false);
}

}  // namespace
}  // namespace