[Forced Extensions] Let users control 'Allow access to file URLs' toggle

Previously, the toggle would be hidden for force-installed extensions because it didn't work. With this patch, it is visible again, and won't throw a "cannot modify" error when the user tries to change it. Bug: 173640 Change-Id: Iae7cf94b69da975449935ee4c7b8f68aebbe7fac Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2340317 Commit-Queue: Nicolas Ouellet-Payeur <nicolaso@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#796126}

[Forced Extensions] Let users control 'Allow access to file URLs' toggle
Previously, the toggle would be hidden for force-installed extensions because it didn't work. With this patch, it is visible again, and won't throw a "cannot modify" error when the user tries to change it. Bug: 173640 Change-Id: Iae7cf94b69da975449935ee4c7b8f68aebbe7fac Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2340317 Commit-Queue: Nicolas Ouellet-Payeur <nicolaso@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#796126}
07350bd4 · Nicolas Ouellet-Payeur · Commit Bot · cee6b7ce · 07350bd4 · 07350bd4
Commit 07350bd4 authored Aug 07, 2020 by Nicolas Ouellet-Payeur Committed by Commit Bot Aug 07, 2020
3 changed files
--- a/chrome/browser/extensions/api/developer_private/developer_private_api.cc
+++ b/chrome/browser/extensions/api/developer_private/developer_private_api.cc
@@ -109,8 +109,6 @@ namespace developer = api::developer_private;
 namespace {

 const char kNoSuchExtensionError[] = "No such extension.";
-const char kCannotModifyPolicyExtensionError[] =
-    "Cannot modify the extension by policy.";
 const char kRequiresUserGestureError[] =
    "This action requires a user gesture.";
 const char kCouldNotShowSelectFileDialogError[] =
@@ -183,23 +181,6 @@ void GetManifestError(const std::string& error,
      base::BindOnce(std::move(callback), extension_path, error, line));
 }

-bool UserCanModifyExtensionConfiguration(
-    const Extension* extension,
-    content::BrowserContext* browser_context,
-    std::string* error) {
-  ManagementPolicy* management_policy =
-      ExtensionSystem::Get(browser_context)->management_policy();
-  if (!management_policy->UserMayModifySettings(extension, nullptr)) {
-    LOG(ERROR) << "Attempt to change settings of an extension that is "
-               << "non-usermanagable was made. Extension id : "
-               << extension->id();
-    *error = kCannotModifyPolicyExtensionError;
-    return false;
-  }
-
-  return true;
-}
-
 // Runs the install verifier for all extensions that are enabled, disabled, or
 // terminated.
 void PerformVerificationCheck(content::BrowserContext* context) {
@@ -906,12 +887,6 @@ DeveloperPrivateUpdateExtensionConfigurationFunction::Run() {
    return RespondNow(Error(kRequiresUserGestureError));

  if (update.file_access) {
-    std::string error;
-    if (!UserCanModifyExtensionConfiguration(extension,
-                                             browser_context(),
-                                             &error)) {
-      return RespondNow(Error(std::move(error)));
-    }
    util::SetAllowFileAccess(
        extension->id(), browser_context(), *update.file_access);
  }

--- a/chrome/browser/extensions/api/developer_private/extension_info_generator.cc
+++ b/chrome/browser/extensions/api/developer_private/extension_info_generator.cc
@@ -585,8 +585,7 @@ void ExtensionInfoGenerator::CreateExtensionInfoHelper(
  ManagementPolicy* management_policy = extension_system_->management_policy();
  info->file_access.is_enabled =
      (extension.wants_file_access() ||
-       Manifest::ShouldAlwaysAllowFileAccess(extension.location())) &&
-      management_policy->UserMayModifySettings(&extension, nullptr);
+       Manifest::ShouldAlwaysAllowFileAccess(extension.location()));
  info->file_access.is_active =
      util::AllowFileAccess(extension.id(), browser_context_);


--- a/chrome/browser/extensions/api/developer_private/extension_info_generator_unittest.cc
+++ b/chrome/browser/extensions/api/developer_private/extension_info_generator_unittest.cc
@@ -763,24 +763,6 @@ TEST_F(ExtensionInfoGeneratorUnitTest,
  }
 }

-// Test that file:// access checkbox does not show up when the user can't
-// modify an extension's settings. https://crbug.com/173640.
-TEST_F(ExtensionInfoGeneratorUnitTest, ExtensionInfoLockedAllUrls) {
-  // Force installed extensions aren't user modifyable.
-  scoped_refptr<const Extension> locked_extension =
-      CreateExtension("locked", ListBuilder().Append("file://*/*").Build(),
-                      Manifest::EXTERNAL_POLICY_DOWNLOAD);
-
-  std::unique_ptr<developer::ExtensionInfo> info =
-      GenerateExtensionInfo(locked_extension->id());
-
-  // Extension wants file:// access but the checkbox will not appear
-  // in chrome://extensions.
-  EXPECT_TRUE(locked_extension->wants_file_access());
-  EXPECT_FALSE(info->file_access.is_enabled);
-  EXPECT_FALSE(info->file_access.is_active);
-}
-
 // Tests that file:// access checkbox shows up for extensions with activeTab
 // permission. See crbug.com/850643.
 TEST_F(ExtensionInfoGeneratorUnitTest, ActiveTabFileUrls) {