1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CHROME_BROWSER_EXTENSIONS_EXTENSION_MANAGEMENT_H_
6 #define CHROME_BROWSER_EXTENSIONS_EXTENSION_MANAGEMENT_H_
7 
8 #include <memory>
9 #include <string>
10 #include <unordered_map>
11 #include <vector>
12 
13 #include "base/macros.h"
14 #include "base/memory/ref_counted.h"
15 #include "base/memory/singleton.h"
16 #include "base/observer_list.h"
17 #include "base/values.h"
18 #include "chrome/browser/extensions/forced_extensions/install_stage_tracker.h"
19 #include "components/keyed_service/content/browser_context_keyed_service_factory.h"
20 #include "components/keyed_service/core/keyed_service.h"
21 #include "components/prefs/pref_change_registrar.h"
22 #include "extensions/browser/management_policy.h"
23 #include "extensions/common/extension_id.h"
24 #include "extensions/common/manifest.h"
25 
26 class GURL;
27 class PrefService;
28 class Profile;
29 
30 namespace content {
31 class BrowserContext;
32 }  // namespace content
33 
34 namespace extensions {
35 
36 namespace internal {
37 
38 struct IndividualSettings;
39 struct GlobalSettings;
40 
41 }  // namespace internal
42 
43 class APIPermissionSet;
44 class Extension;
45 class PermissionSet;
46 
47 // Tracks the management policies that affect extensions and provides interfaces
48 // for observing and obtaining the global settings for all extensions, as well
49 // as per-extension settings.
50 class ExtensionManagement : public KeyedService {
51  public:
52   // Observer class for extension management settings changes.
53   class Observer {
54    public:
~Observer()55     virtual ~Observer() {}
56 
57     // Called when the extension management settings change.
58     virtual void OnExtensionManagementSettingsChanged() = 0;
59   };
60 
61   // Installation mode for extensions, default is INSTALLATION_ALLOWED.
62   // * INSTALLATION_ALLOWED: Extension can be installed.
63   // * INSTALLATION_BLOCKED: Extension cannot be installed.
64   // * INSTALLATION_FORCED: Extension will be installed automatically
65   //                        and cannot be disabled.
66   // * INSTALLATION_RECOMMENDED: Extension will be installed automatically but
67   //                             can be disabled.
68   // * INSTALLATION_REMOVED:  Extension cannot be installed and will be
69   //                          automatically removed.
70   enum InstallationMode {
71     INSTALLATION_ALLOWED = 0,
72     INSTALLATION_BLOCKED,
73     INSTALLATION_FORCED,
74     INSTALLATION_RECOMMENDED,
75     INSTALLATION_REMOVED,
76   };
77 
78   // Behavior for "Pin extension to toolbar" from the extensions menu, default
79   // is kDefaultUnpinned
80   // * kDefaultUnpinned: Extension starts unpinned, but the user can still pin
81   //                     it afterwards.
82   // * kForcePinned: Extension starts pinned to the toolbar, and the user
83   //                 cannot unpin it.
84   // TODO(crbug.com/1071314): Add kDefaultPinned state.
85   enum class ToolbarPinMode {
86     kDefaultUnpinned = 0,
87     kForcePinned,
88   };
89 
90   explicit ExtensionManagement(Profile* profile);
91   ~ExtensionManagement() override;
92 
93   // KeyedService implementations:
94   void Shutdown() override;
95 
96   void AddObserver(Observer* observer);
97   void RemoveObserver(Observer* observer);
98 
99   // Get the list of ManagementPolicy::Provider controlled by extension
100   // management policy settings.
101   const std::vector<std::unique_ptr<ManagementPolicy::Provider>>& GetProviders()
102       const;
103 
104   // Checks if extensions are blocklisted by default, by policy. When true,
105   // this means that even extensions without an ID should be blocklisted (e.g.
106   // from the command line, or when loaded as an unpacked extension).
107   bool BlocklistedByDefault() const;
108 
109   // Returns installation mode for an extension.
110   InstallationMode GetInstallationMode(const Extension* extension) const;
111 
112   // Returns installation mode for an extension with id |extension_id| and
113   // updated with |update_url|.
114   InstallationMode GetInstallationMode(const ExtensionId& extension_id,
115                                        const std::string& update_url) const;
116 
117   // Returns the force install list, in format specified by
118   // ExternalPolicyLoader::AddExtension().
119   std::unique_ptr<base::DictionaryValue> GetForceInstallList() const;
120 
121   // Like GetForceInstallList(), but returns recommended install list instead.
122   std::unique_ptr<base::DictionaryValue> GetRecommendedInstallList() const;
123 
124   // Returns |true| if there is at least one extension with
125   // |INSTALLATION_ALLOWED| as installation mode. This excludes force installed
126   // extensions.
127   bool HasAllowlistedExtension() const;
128 
129   // Returns if an extension with id |id| is explicitly allowed by enterprise
130   // policy or not.
131   bool IsInstallationExplicitlyAllowed(const ExtensionId& id) const;
132 
133   // Returns if an extension with id |id| is explicitly blocked by enterprise
134   // policy or not.
135   bool IsInstallationExplicitlyBlocked(const ExtensionId& id) const;
136 
137   // Returns true if an extension download should be allowed to proceed.
138   bool IsOffstoreInstallAllowed(const GURL& url,
139                                 const GURL& referrer_url) const;
140 
141   // Returns true if an extension with manifest type |manifest_type| and
142   // id |extension_id| is allowed to be installed.
143   bool IsAllowedManifestType(Manifest::Type manifest_type,
144                              const std::string& extension_id) const;
145 
146   // Returns the list of blocked API permissions for |extension|.
147   APIPermissionSet GetBlockedAPIPermissions(const Extension* extension) const;
148 
149   // Returns the list of blocked API permissions for an extension with id
150   // |extension_id| and updated with |update_url|.
151   APIPermissionSet GetBlockedAPIPermissions(
152       const ExtensionId& extension_id,
153       const std::string& update_url) const;
154 
155   // Returns the list of hosts blocked by policy for |extension|.
156   const URLPatternSet& GetPolicyBlockedHosts(const Extension* extension) const;
157 
158   // Returns the hosts exempted by policy from the PolicyBlockedHosts for
159   // |extension|.
160   const URLPatternSet& GetPolicyAllowedHosts(const Extension* extension) const;
161 
162   // Returns the list of hosts blocked by policy for Default scope. This can be
163   // overridden by an individual scope which is queried via
164   // GetPolicyBlockedHosts.
165   const URLPatternSet& GetDefaultPolicyBlockedHosts() const;
166 
167   // Returns the hosts exempted by policy from PolicyBlockedHosts for
168   // the default scope. This can be overridden by an individual scope which is
169   // queries via GetPolicyAllowedHosts. This should only be used to
170   // initialize a new renderer.
171   const URLPatternSet& GetDefaultPolicyAllowedHosts() const;
172 
173   // Checks if an |extension| has its own runtime_blocked_hosts or
174   // runtime_allowed_hosts defined in the individual scope of the
175   // ExtensionSettings policy.
176   // Returns false if an individual scoped setting isn't defined.
177   bool UsesDefaultPolicyHostRestrictions(const Extension* extension) const;
178 
179   // Checks if a URL is on the blocked host permissions list for a specific
180   // extension.
181   bool IsPolicyBlockedHost(const Extension* extension, const GURL& url) const;
182 
183   // Returns blocked permission set for |extension|.
184   std::unique_ptr<const PermissionSet> GetBlockedPermissions(
185       const Extension* extension) const;
186 
187   // If the extension is blocked from install and a custom error message
188   // was defined returns it. Otherwise returns an empty string. The maximum
189   // string length is 1000 characters.
190   const std::string BlockedInstallMessage(const ExtensionId& id) const;
191 
192   // Returns true if every permission in |perms| is allowed for |extension|.
193   bool IsPermissionSetAllowed(const Extension* extension,
194                               const PermissionSet& perms) const;
195 
196   // Returns true if every permission in |perms| is allowed for an extension
197   // with id |extension_id| and updated with |update_url|.
198   bool IsPermissionSetAllowed(const ExtensionId& extension_id,
199                               const std::string& update_url,
200                               const PermissionSet& perms) const;
201 
202   // Returns true if |extension| meets the minimum required version set for it.
203   // If there is no such requirement set for it, returns true as well.
204   // If false is returned and |required_version| is not null, the minimum
205   // required version is returned.
206   bool CheckMinimumVersion(const Extension* extension,
207                            std::string* required_version) const;
208 
209   // Returns the list of extensions with "force_pinned" mode for the
210   // "toolbar_pin" setting.
211   ExtensionIdSet GetForcePinnedList() const;
212 
213   // Returns whether the profile associated with this instance is supervised.
is_child()214   bool is_child() const { return is_child_; }
215 
216  private:
217   using SettingsIdMap =
218       std::unordered_map<ExtensionId,
219                          std::unique_ptr<internal::IndividualSettings>>;
220   using SettingsUpdateUrlMap =
221       std::unordered_map<std::string,
222                          std::unique_ptr<internal::IndividualSettings>>;
223   friend class ExtensionManagementServiceTest;
224 
225   // Load all extension management preferences from |pref_service|, and
226   // refresh the settings.
227   void Refresh();
228 
229   // Load preference with name |pref_name| and expected type |expected_type|.
230   // If |force_managed| is true, only loading from the managed preference store
231   // is allowed. Returns NULL if the preference is not present, not allowed to
232   // be loaded from or has the wrong type.
233   const base::Value* LoadPreference(const char* pref_name,
234                                     bool force_managed,
235                                     base::Value::Type expected_type) const;
236 
237   void OnExtensionPrefChanged();
238   void NotifyExtensionManagementPrefChanged();
239 
240   // Reports install creation stage to InstallStageTracker for the extensions.
241   // |forced_stage| is reported for the extensions which have installation mode
242   // as INSTALLATION_FORCED, and |other_stage| is reported for all other
243   // installation modes.
244   void ReportExtensionManagementInstallCreationStage(
245       InstallStageTracker::InstallCreationStage forced_stage,
246       InstallStageTracker::InstallCreationStage other_stage);
247 
248   // Helper to return an extension install list, in format specified by
249   // ExternalPolicyLoader::AddExtension().
250   std::unique_ptr<base::DictionaryValue> GetInstallListByMode(
251       InstallationMode installation_mode) const;
252 
253   // Helper to update |extension_dict| for forced installs.
254   void UpdateForcedExtensions(const base::DictionaryValue* extension_dict);
255 
256   // Helper function to access |settings_by_id_| with |id| as key.
257   // Adds a new IndividualSettings entry to |settings_by_id_| if none exists for
258   // |id| yet.
259   internal::IndividualSettings* AccessById(const ExtensionId& id);
260 
261   // Similar to AccessById(), but access |settings_by_update_url_| instead.
262   internal::IndividualSettings* AccessByUpdateUrl(
263       const std::string& update_url);
264 
265   // A map containing all IndividualSettings applied to an individual extension
266   // identified by extension ID. The extension ID is used as index key of the
267   // map.
268   SettingsIdMap settings_by_id_;
269 
270   // Similar to |settings_by_id_|, but contains the settings for a group of
271   // extensions with same update URL. The update url itself is used as index
272   // key for the map.
273   SettingsUpdateUrlMap settings_by_update_url_;
274 
275   // The default IndividualSettings.
276   // For extension settings applied to an individual extension (identified by
277   // extension ID) or a group of extension (with specified extension update
278   // URL), all unspecified part will take value from |default_settings_|.
279   // For all other extensions, all settings from |default_settings_| will be
280   // enforced.
281   std::unique_ptr<internal::IndividualSettings> default_settings_;
282 
283   // Extension settings applicable to all extensions.
284   std::unique_ptr<internal::GlobalSettings> global_settings_;
285 
286   Profile* const profile_ = nullptr;
287   PrefService* pref_service_ = nullptr;
288   bool is_signin_profile_ = false;
289   bool is_child_ = false;
290 
291   base::ObserverList<Observer, true>::Unchecked observer_list_;
292   PrefChangeRegistrar pref_change_registrar_;
293   std::vector<std::unique_ptr<ManagementPolicy::Provider>> providers_;
294 
295   DISALLOW_COPY_AND_ASSIGN(ExtensionManagement);
296 };
297 
298 class ExtensionManagementFactory : public BrowserContextKeyedServiceFactory {
299  public:
300   static ExtensionManagement* GetForBrowserContext(
301       content::BrowserContext* context);
302   static ExtensionManagementFactory* GetInstance();
303 
304  private:
305   friend struct base::DefaultSingletonTraits<ExtensionManagementFactory>;
306 
307   ExtensionManagementFactory();
308   ~ExtensionManagementFactory() override;
309 
310   // BrowserContextKeyedServiceExtensionManagementFactory:
311   KeyedService* BuildServiceInstanceFor(
312       content::BrowserContext* context) const override;
313   content::BrowserContext* GetBrowserContextToUse(
314       content::BrowserContext* context) const override;
315   void RegisterProfilePrefs(
316       user_prefs::PrefRegistrySyncable* registry) override;
317 
318   DISALLOW_COPY_AND_ASSIGN(ExtensionManagementFactory);
319 };
320 
321 }  // namespace extensions
322 
323 #endif  // CHROME_BROWSER_EXTENSIONS_EXTENSION_MANAGEMENT_H_
324