Extension request policy blocks all extension by default

When CloudExtensionRequestEnabled policy is set to true, all extensions are blocked by default. User can send request for block-by-default extension to admin. Bug: 1006899 Change-Id: I715ece27267bc38d894ffaee2c143fe8b200e430 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1872816Reviewed-by: Karan Bhatia <karandeepb@chromium.org> Commit-Queue: Owen Min <zmin@chromium.org> Cr-Commit-Position: refs/heads/master@{#709255}

Extension request policy blocks all extension by default
When CloudExtensionRequestEnabled policy is set to true, all extensions are blocked by default. User can send request for block-by-default extension to admin. Bug: 1006899 Change-Id: I715ece27267bc38d894ffaee2c143fe8b200e430 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1872816Reviewed-by: Karan Bhatia <karandeepb@chromium.org> Commit-Queue: Owen Min <zmin@chromium.org> Cr-Commit-Position: refs/heads/master@{#709255}
4792c39b · Owen Min · Commit Bot · cdc5debc · 4792c39b · 4792c39b
Commit 4792c39b authored Oct 24, 2019 by Owen Min Committed by Commit Bot Oct 24, 2019
2 changed files
--- a/chrome/browser/extensions/extension_management.cc
+++ b/chrome/browser/extensions/extension_management.cc
@@ -72,6 +72,8 @@ ExtensionManagement::ExtensionManagement(Profile* profile)
  pref_change_registrar_.Add(pref_names::kAllowedTypes, pref_change_callback);
  pref_change_registrar_.Add(pref_names::kExtensionManagement,
                             pref_change_callback);
+  pref_change_registrar_.Add(prefs::kCloudExtensionRequestEnabled,
+                             pref_change_callback);
 #if !defined(OS_CHROMEOS)
  pref_change_registrar_.Add(prefs::kCloudReportingEnabled,
                             pref_change_callback);
@@ -357,6 +359,8 @@ void ExtensionManagement::Refresh() {
          LoadPreference(pref_names::kExtensionManagement,
                         true,
                         base::Value::Type::DICTIONARY));
+  const base::Value* extension_request_pref = LoadPreference(
+      prefs::kCloudExtensionRequestEnabled, false, base::Value::Type::BOOLEAN);

  // Reset all settings.
  global_settings_.reset(new internal::GlobalSettings());
@@ -365,8 +369,9 @@ void ExtensionManagement::Refresh() {

  // Parse default settings.
  const base::Value wildcard("*");
-  if (denied_list_pref &&
-      denied_list_pref->Find(wildcard) != denied_list_pref->end()) {
+  if ((denied_list_pref &&
+       denied_list_pref->Find(wildcard) != denied_list_pref->end()) ||
+      (extension_request_pref && extension_request_pref->GetBool())) {
    default_settings_->installation_mode = INSTALLATION_BLOCKED;
  }


--- a/chrome/browser/extensions/extension_management_unittest.cc
+++ b/chrome/browser/extensions/extension_management_unittest.cc
@@ -1005,6 +1005,25 @@ TEST_F(ExtensionManagementServiceTest,
 }
 #endif

+TEST_F(ExtensionManagementServiceTest,
+       ExtensionsAreBlockedByDefaultForExtensionRequest) {
+  // When extension request policy is set to true, all extensions are blocked by
+  // default.
+  SetPref(true, prefs::kCloudExtensionRequestEnabled,
+          std::make_unique<base::Value>(true));
+  EXPECT_TRUE(extension_management_->BlacklistedByDefault());
+  EXPECT_EQ(ExtensionManagement::INSTALLATION_BLOCKED,
+            GetInstallationModeById(kTargetExtension));
+  // However, it will be overridden by ExtensionSettings
+  SetExampleDictPref(R"({
+    "*": {
+      "installation_mode": "removed",
+    }
+  })");
+  EXPECT_EQ(ExtensionManagement::INSTALLATION_REMOVED,
+            GetInstallationModeById(kTargetExtension));
+}
+
 // Tests the flag value indicating that extensions are blacklisted by default.
 TEST_F(ExtensionAdminPolicyTest, BlacklistedByDefault) {
  EXPECT_FALSE(BlacklistedByDefault(NULL));