Batch whitelist Imprivata extensions

Whitelisting a batch of extension IDs that will be used in form of our version pinning workaround (see bug for details). Bug: 1065112 Change-Id: Ibde37c10e3026a9340b3607f0b0be817c5648654 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2123667 Commit-Queue: Alexander Hendrich <hendrich@chromium.org> Reviewed-by: Reilly Grant <reillyg@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#754854}

Batch whitelist Imprivata extensions
Whitelisting a batch of extension IDs that will be used in form of our version pinning workaround (see bug for details). Bug: 1065112 Change-Id: Ibde37c10e3026a9340b3607f0b0be817c5648654 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2123667 Commit-Queue: Alexander Hendrich <hendrich@chromium.org> Reviewed-by: Reilly Grant <reillyg@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#754854}
4e776b9d · Alexander Hendrich · Commit Bot · f4f83402 · 4e776b9d · 4e776b9d
Commit 4e776b9d authored Mar 31, 2020 by Alexander Hendrich Committed by Commit Bot Mar 31, 2020
6 changed files
--- a/chrome/browser/chromeos/extensions/login_screen/login_screen_ui/ui_handler.cc
+++ b/chrome/browser/chromeos/extensions/login_screen/login_screen_ui/ui_handler.cc
@@ -4,6 +4,9 @@
 #include "chrome/browser/chromeos/extensions/login_screen/login_screen_ui/ui_handler.h"
+#include <algorithm>
+#include <iterator>
 #include "ash/public/cpp/login_screen.h"
 #include "ash/public/cpp/login_screen_model.h"
 #include "ash/public/cpp/login_types.h"
@@ -30,7 +33,7 @@ const char kErrorNoExistingWindow[] = "No open window to close.";
 const char kErrorNotOnLoginOrLockScreen[] =
    "Windows can only be created on the login and lock screen.";
-struct HardcodedExtensionNameMapping {
+struct ExtensionNameMapping {
  const char* extension_id;
  const char* extension_name;
 };
@@ -38,20 +41,45 @@ struct HardcodedExtensionNameMapping {
 // Hardcoded extension names to be used in the window's dialog title.
 // Intentionally not using |extension->name()| here to prevent a compromised
 // extension from being able to control the dialog title's content.
-const HardcodedExtensionNameMapping kHardcodedExtensionNameMappings[] = {
+// This list has to be sorted for quick access using std::lower_bound.
+const ExtensionNameMapping kExtensionNameMappings[] = {
+    {"bnfoibgpjolimhppjmligmcgklpboloj", "Imprivata"},
    {"cdgickkdpbekbnalbmpgochbninibkko", "Imprivata"},
+    {"dbknmmkopacopifbkgookcdbhfnggjjh", "Imprivata"},
+    {"ddcjglpbfbibgepfffpklmpihphbcdco", "Imprivata"},
+    {"dhodapiemamlmhlhblgcibabhdkohlen", "Imprivata"},
+    {"dlahpllbhpbkfnoiedkgombmegnnjopi", "Imprivata"},
    {"lpimkpkllnkdlcigdbgmabfplniahkgm", "Imprivata"},
    {"oclffehlkdgibkainkilopaalpdobkan", "LoginScreenUi test extension"},
+    {"odehonhhkcjnbeaomlodfkjaecbmhklm", "Imprivata"},
+    {"olnmflhcfkifkgbiegcoabineoknmbjc", "Imprivata"},
+    {"phjobickjiififdadeoepbdaciefacfj", "Imprivata"},
+    {"pkeacbojooejnjolgjdecbpnloibpafm", "Imprivata"},
+    {"pmhiabnkkchjeaehcodceadhdpfejmmd", "Imprivata"},
 };
+const ExtensionNameMapping* kExtensionNameMappingsEnd =
+    std::end(kExtensionNameMappings);
 std::string GetHardcodedExtensionName(const extensions::Extension* extension) {
-  for (const HardcodedExtensionNameMapping& mapping :
+  DCHECK(std::is_sorted(kExtensionNameMappings, kExtensionNameMappingsEnd,
-       kHardcodedExtensionNameMappings) {
+                        [](const ExtensionNameMapping& entry1,
-    if (mapping.extension_id == extension->id())
+                           const ExtensionNameMapping& entry2) {
-      return mapping.extension_name;
+                          return strcmp(entry1.extension_id,
+                                        entry2.extension_id) < 0;
+                        }));
+  const char* extension_id = extension->id().c_str();
+  const ExtensionNameMapping* entry = std::lower_bound(
+      kExtensionNameMappings, kExtensionNameMappingsEnd, extension_id,
+      [](const ExtensionNameMapping& entry, const char* key) {
+        return strcmp(entry.extension_id, key) < 0;
+      });
+  if (entry == kExtensionNameMappingsEnd ||
+      strcmp(entry->extension_id, extension_id) != 0) {
+    NOTREACHED();
+    return "UNKNOWN EXTENSION";
  }
-  NOTREACHED();
+  return entry->extension_name;
-  return "UNKNOWN EXTENSION";
 }
 bool CanUseLoginScreenUiApi(const extensions::Extension* extension) {

--- a/chrome/common/extensions/api/_permission_features.json
+++ b/chrome/common/extensions/api/_permission_features.json
@@ -270,8 +270,18 @@
    "location": "policy",
    "platforms": ["chromeos"],
    "whitelist": [
-      "E219EE36A3B40612FD2A8CD6937B03EF0C97D3FE",  // Imprivata (login screen)
+      "E219EE36A3B40612FD2A8CD6937B03EF0C97D3FE", // Imprivata (login screen) crbug.com/1065112
-      "4DBFC1C52D6660DD90791976DF7FEF7B3D360509"   // Imprivata (login screen) DEV
+      "4DBFC1C52D6660DD90791976DF7FEF7B3D360509", // Imprivata (login screen) crbug.com/1065112
+      "CDA6A10BE50CE65C59B766D0CE6A27E8E0A1533F", // Imprivata (login screen) crbug.com/1065112
+      "D85454743B32D9F5ABF3E5F18DF78809F3A0ABD4", // Imprivata (login screen) crbug.com/1065112
+      "04569B963251EB28C0906099668D98EE65ECA2D8", // Imprivata (login screen) crbug.com/1065112
+      "7BF5B69C3ACA9E6ACA5C480661B8073EB9FA32A9", // Imprivata (login screen) crbug.com/1065112
+      "5F2EF8E9F7E975090278D6A0AD039860430C5684", // Imprivata (login screen) crbug.com/1065112
+      "97A4DC8AFC1FCF665C71B624A55675C297AB256C", // Imprivata (login screen) crbug.com/1065112
+      "A00EB72B456C374F1EA86C09833C7DBB6CD95CAE", // Imprivata (login screen) crbug.com/1065112
+      "51DDBADA37EF4D25AD03CB1BB6451799456FE183", // Imprivata (login screen) crbug.com/1065112
+      "DD97CAE4D8658003658140109BC119188A19A5B8", // Imprivata (login screen) crbug.com/1065112
+      "320857126E2180A5751AA384B7B7332A4964BD8C"  // Imprivata (login screen) crbug.com/1065112
    ]
  }],
  "enterprise.hardwarePlatform": {
@@ -450,12 +460,32 @@
    "location": "policy",
    "platforms": ["chromeos"],
    "whitelist": [
-      "7FE4A999359A456C4B0FB7B7AD85CEA29CA50519",  // Login screen APIs test extension
+      "7FE4A999359A456C4B0FB7B7AD85CEA29CA50519", // Login screen APIs test extension
-      "3F5995FE79A861F019C6F093BEF98D73FA9D3A5F",  // Login screen APIs in-sesesion test extension
+      "3F5995FE79A861F019C6F093BEF98D73FA9D3A5F", // Login screen APIs in-sesesion test extension
-      "E219EE36A3B40612FD2A8CD6937B03EF0C97D3FE",  // Imprivata (login screen)
+      "E219EE36A3B40612FD2A8CD6937B03EF0C97D3FE", // Imprivata (login screen) crbug.com/1065112
-      "4DBFC1C52D6660DD90791976DF7FEF7B3D360509",  // Imprivata (login screen) DEV
+      "4DBFC1C52D6660DD90791976DF7FEF7B3D360509", // Imprivata (login screen) crbug.com/1065112
-      "A24DE1B21A67E25FB62AC8491642038FE25DA75B",  // Imprivata (in session)
+      "CDA6A10BE50CE65C59B766D0CE6A27E8E0A1533F", // Imprivata (login screen) crbug.com/1065112
-      "6B25164FFE2BADB5F1DBBD301CC022170267022D"   // Imprivata (in session) DEV
+      "D85454743B32D9F5ABF3E5F18DF78809F3A0ABD4", // Imprivata (login screen) crbug.com/1065112
+      "04569B963251EB28C0906099668D98EE65ECA2D8", // Imprivata (login screen) crbug.com/1065112
+      "7BF5B69C3ACA9E6ACA5C480661B8073EB9FA32A9", // Imprivata (login screen) crbug.com/1065112
+      "5F2EF8E9F7E975090278D6A0AD039860430C5684", // Imprivata (login screen) crbug.com/1065112
+      "97A4DC8AFC1FCF665C71B624A55675C297AB256C", // Imprivata (login screen) crbug.com/1065112
+      "A00EB72B456C374F1EA86C09833C7DBB6CD95CAE", // Imprivata (login screen) crbug.com/1065112
+      "51DDBADA37EF4D25AD03CB1BB6451799456FE183", // Imprivata (login screen) crbug.com/1065112
+      "DD97CAE4D8658003658140109BC119188A19A5B8", // Imprivata (login screen) crbug.com/1065112
+      "320857126E2180A5751AA384B7B7332A4964BD8C", // Imprivata (login screen) crbug.com/1065112
+      "A24DE1B21A67E25FB62AC8491642038FE25DA75B", // Imprivata (in-session) crbug.com/1065112
+      "6B25164FFE2BADB5F1DBBD301CC022170267022D", // Imprivata (in-session) crbug.com/1065112
+      "4D15F9AFCF54E56F0A6E06D22DD15F133DCF0882", // Imprivata (in-session) crbug.com/1065112
+      "171F86E3D91235E5FC745282834BB3DA164F14B3", // Imprivata (in-session) crbug.com/1065112
+      "F7BDB4C21BFF955F851C6CF65167373BDEED6218", // Imprivata (in-session) crbug.com/1065112
+      "220ABCF657446B2CBEBDE2DDA09B6FC415E87FB7", // Imprivata (in-session) crbug.com/1065112
+      "B0092A67BFB22960DE49B11E9CA56035BD40BCFA", // Imprivata (in-session) crbug.com/1065112
+      "3899082721C4996840EA4DD3A7B604914FB915CF", // Imprivata (in-session) crbug.com/1065112
+      "0D0EF5C81661E90BAFD606EADD68D8BB5EDC7E9A", // Imprivata (in-session) crbug.com/1065112
+      "D53DFC9E0D738159557959ABCA61BDDC97470C87", // Imprivata (in-session) crbug.com/1065112
+      "579D5666AB7B27A2E9EA0B13FB7F70CA7D864F72", // Imprivata (in-session) crbug.com/1065112
+      "FC3BBFAD9D7E711BBBD8235E7640348A9B98EB5F" // Imprivata (in-session) crbug.com/1065112
    ]
  },
  "loginScreenStorage": {
@@ -464,10 +494,30 @@
    "location": "policy",
    "platforms": ["chromeos"],
    "whitelist": [
-      "E219EE36A3B40612FD2A8CD6937B03EF0C97D3FE",  // Imprivata (login screen)
+      "E219EE36A3B40612FD2A8CD6937B03EF0C97D3FE", // Imprivata (login screen) crbug.com/1065112
-      "4DBFC1C52D6660DD90791976DF7FEF7B3D360509",  // Imprivata (login screen) DEV
+      "4DBFC1C52D6660DD90791976DF7FEF7B3D360509", // Imprivata (login screen) crbug.com/1065112
-      "A24DE1B21A67E25FB62AC8491642038FE25DA75B",  // Imprivata (in session)
+      "CDA6A10BE50CE65C59B766D0CE6A27E8E0A1533F", // Imprivata (login screen) crbug.com/1065112
-      "6B25164FFE2BADB5F1DBBD301CC022170267022D"   // Imprivata (in session) DEV
+      "D85454743B32D9F5ABF3E5F18DF78809F3A0ABD4", // Imprivata (login screen) crbug.com/1065112
+      "04569B963251EB28C0906099668D98EE65ECA2D8", // Imprivata (login screen) crbug.com/1065112
+      "7BF5B69C3ACA9E6ACA5C480661B8073EB9FA32A9", // Imprivata (login screen) crbug.com/1065112
+      "5F2EF8E9F7E975090278D6A0AD039860430C5684", // Imprivata (login screen) crbug.com/1065112
+      "97A4DC8AFC1FCF665C71B624A55675C297AB256C", // Imprivata (login screen) crbug.com/1065112
+      "A00EB72B456C374F1EA86C09833C7DBB6CD95CAE", // Imprivata (login screen) crbug.com/1065112
+      "51DDBADA37EF4D25AD03CB1BB6451799456FE183", // Imprivata (login screen) crbug.com/1065112
+      "DD97CAE4D8658003658140109BC119188A19A5B8", // Imprivata (login screen) crbug.com/1065112
+      "320857126E2180A5751AA384B7B7332A4964BD8C", // Imprivata (login screen) crbug.com/1065112
+      "A24DE1B21A67E25FB62AC8491642038FE25DA75B", // Imprivata (in-session) crbug.com/1065112
+      "6B25164FFE2BADB5F1DBBD301CC022170267022D", // Imprivata (in-session) crbug.com/1065112
+      "4D15F9AFCF54E56F0A6E06D22DD15F133DCF0882", // Imprivata (in-session) crbug.com/1065112
+      "171F86E3D91235E5FC745282834BB3DA164F14B3", // Imprivata (in-session) crbug.com/1065112
+      "F7BDB4C21BFF955F851C6CF65167373BDEED6218", // Imprivata (in-session) crbug.com/1065112
+      "220ABCF657446B2CBEBDE2DDA09B6FC415E87FB7", // Imprivata (in-session) crbug.com/1065112
+      "B0092A67BFB22960DE49B11E9CA56035BD40BCFA", // Imprivata (in-session) crbug.com/1065112
+      "3899082721C4996840EA4DD3A7B604914FB915CF", // Imprivata (in-session) crbug.com/1065112
+      "0D0EF5C81661E90BAFD606EADD68D8BB5EDC7E9A", // Imprivata (in-session) crbug.com/1065112
+      "D53DFC9E0D738159557959ABCA61BDDC97470C87", // Imprivata (in-session) crbug.com/1065112
+      "579D5666AB7B27A2E9EA0B13FB7F70CA7D864F72", // Imprivata (in-session) crbug.com/1065112
+      "FC3BBFAD9D7E711BBBD8235E7640348A9B98EB5F"  // Imprivata (in-session) crbug.com/1065112
    ]
  },
  "loginScreenUi": {
@@ -477,8 +527,18 @@
    "platforms": ["chromeos"],
    "whitelist": [
      "7FE4A999359A456C4B0FB7B7AD85CEA29CA50519", // Login screen APIs test extension
-      "E219EE36A3B40612FD2A8CD6937B03EF0C97D3FE", // Imprivata (login screen)
+      "E219EE36A3B40612FD2A8CD6937B03EF0C97D3FE", // Imprivata (login screen) crbug.com/1065112
-      "4DBFC1C52D6660DD90791976DF7FEF7B3D360509"  // Imprivata (login screen) DEV
+      "4DBFC1C52D6660DD90791976DF7FEF7B3D360509", // Imprivata (login screen) crbug.com/1065112
+      "CDA6A10BE50CE65C59B766D0CE6A27E8E0A1533F", // Imprivata (login screen) crbug.com/1065112
+      "D85454743B32D9F5ABF3E5F18DF78809F3A0ABD4", // Imprivata (login screen) crbug.com/1065112
+      "04569B963251EB28C0906099668D98EE65ECA2D8", // Imprivata (login screen) crbug.com/1065112
+      "7BF5B69C3ACA9E6ACA5C480661B8073EB9FA32A9", // Imprivata (login screen) crbug.com/1065112
+      "5F2EF8E9F7E975090278D6A0AD039860430C5684", // Imprivata (login screen) crbug.com/1065112
+      "97A4DC8AFC1FCF665C71B624A55675C297AB256C", // Imprivata (login screen) crbug.com/1065112
+      "A00EB72B456C374F1EA86C09833C7DBB6CD95CAE", // Imprivata (login screen) crbug.com/1065112
+      "51DDBADA37EF4D25AD03CB1BB6451799456FE183", // Imprivata (login screen) crbug.com/1065112
+      "DD97CAE4D8658003658140109BC119188A19A5B8", // Imprivata (login screen) crbug.com/1065112
+      "320857126E2180A5751AA384B7B7332A4964BD8C"  // Imprivata (login screen) crbug.com/1065112
    ]
  },
  "loginState": [

--- a/extensions/common/api/_behavior_features.json
+++ b/extensions/common/api/_behavior_features.json
@@ -89,8 +89,18 @@
    "whitelist": [
      "FA84F98B32AFC3013F5711F8711F8F38DB210AB7", // Sign-in Screen Test Extension
      "7FE4A999359A456C4B0FB7B7AD85CEA29CA50519", // Login screen APIs test extension
-      "E219EE36A3B40612FD2A8CD6937B03EF0C97D3FE", // Imprivata (login screen)
+      "E219EE36A3B40612FD2A8CD6937B03EF0C97D3FE", // Imprivata (login screen) crbug.com/1065112
-      "4DBFC1C52D6660DD90791976DF7FEF7B3D360509"  // Imprivata (login screen) DEV
+      "4DBFC1C52D6660DD90791976DF7FEF7B3D360509", // Imprivata (login screen) crbug.com/1065112
+      "CDA6A10BE50CE65C59B766D0CE6A27E8E0A1533F", // Imprivata (login screen) crbug.com/1065112
+      "D85454743B32D9F5ABF3E5F18DF78809F3A0ABD4", // Imprivata (login screen) crbug.com/1065112
+      "04569B963251EB28C0906099668D98EE65ECA2D8", // Imprivata (login screen) crbug.com/1065112
+      "7BF5B69C3ACA9E6ACA5C480661B8073EB9FA32A9", // Imprivata (login screen) crbug.com/1065112
+      "5F2EF8E9F7E975090278D6A0AD039860430C5684", // Imprivata (login screen) crbug.com/1065112
+      "97A4DC8AFC1FCF665C71B624A55675C297AB256C", // Imprivata (login screen) crbug.com/1065112
+      "A00EB72B456C374F1EA86C09833C7DBB6CD95CAE", // Imprivata (login screen) crbug.com/1065112
+      "51DDBADA37EF4D25AD03CB1BB6451799456FE183", // Imprivata (login screen) crbug.com/1065112
+      "DD97CAE4D8658003658140109BC119188A19A5B8", // Imprivata (login screen) crbug.com/1065112
+      "320857126E2180A5751AA384B7B7332A4964BD8C"  // Imprivata (login screen) crbug.com/1065112
    ]
  }],
  "allow_deprecated_audio_api": {

--- a/extensions/common/api/_permission_features.json
+++ b/extensions/common/api/_permission_features.json
@@ -583,9 +583,19 @@
      "extension_types": ["login_screen_extension"],
      "min_manifest_version": 2,
      "whitelist": [
-        "E219EE36A3B40612FD2A8CD6937B03EF0C97D3FE", // Imprivata (login screen)
+        "7FE4A999359A456C4B0FB7B7AD85CEA29CA50519",  // Login screen APIs test extension
-        "4DBFC1C52D6660DD90791976DF7FEF7B3D360509", // Imprivata (login screen) DEV
+        "E219EE36A3B40612FD2A8CD6937B03EF0C97D3FE", // Imprivata (login screen) crbug.com/1065112
-        "7FE4A999359A456C4B0FB7B7AD85CEA29CA50519"  // Login screen APIs test extension
+        "4DBFC1C52D6660DD90791976DF7FEF7B3D360509", // Imprivata (login screen) crbug.com/1065112
+        "CDA6A10BE50CE65C59B766D0CE6A27E8E0A1533F", // Imprivata (login screen) crbug.com/1065112
+        "D85454743B32D9F5ABF3E5F18DF78809F3A0ABD4", // Imprivata (login screen) crbug.com/1065112
+        "04569B963251EB28C0906099668D98EE65ECA2D8", // Imprivata (login screen) crbug.com/1065112
+        "7BF5B69C3ACA9E6ACA5C480661B8073EB9FA32A9", // Imprivata (login screen) crbug.com/1065112
+        "5F2EF8E9F7E975090278D6A0AD039860430C5684", // Imprivata (login screen) crbug.com/1065112
+        "97A4DC8AFC1FCF665C71B624A55675C297AB256C", // Imprivata (login screen) crbug.com/1065112
+        "A00EB72B456C374F1EA86C09833C7DBB6CD95CAE", // Imprivata (login screen) crbug.com/1065112
+        "51DDBADA37EF4D25AD03CB1BB6451799456FE183", // Imprivata (login screen) crbug.com/1065112
+        "DD97CAE4D8658003658140109BC119188A19A5B8", // Imprivata (login screen) crbug.com/1065112
+        "320857126E2180A5751AA384B7B7332A4964BD8C"  // Imprivata (login screen) crbug.com/1065112
      ]
    }
  ],

--- a/third_party/blink/renderer/modules/webusb/usb_device.cc
+++ b/third_party/blink/renderer/modules/webusb/usb_device.cc
@@ -5,6 +5,7 @@
 #include "third_party/blink/renderer/modules/webusb/usb_device.h"
 #include <algorithm>
+#include <iterator>
 #include <utility>
 #include "third_party/blink/public/platform/platform.h"
@@ -51,15 +52,50 @@ const char kInterfaceNotFound[] =
 const char kInterfaceStateChangeInProgress[] =
    "An operation that changes interface state is in progress.";
 const char kOpenRequired[] = "The device must be opened first.";
+#if defined(OS_CHROMEOS)
 const char kExtensionProtocol[] = "chrome-extension";
-const char kImprivataLoginScreenProdExtensionId[] =
-    "lpimkpkllnkdlcigdbgmabfplniahkgm";
+// These whitelisted Imprivata extensions can claim the protected HID interface
-const char kImprivataLoginScreenDevExtensionId[] =
+// class (used as badge readers), see crbug.com/1065112 and crbug.com/995294.
-    "cdgickkdpbekbnalbmpgochbninibkko";
+// This list needs to be alphabetically sorted for quick access via binary
-const char kImprivataInSessionProdExtensionId[] =
+// search.
-    "cokoeepjbmmnhgdhlkpahohdaiedfjgn";
+const char* kImprivataExtensionIds[] = {
-const char kImprivataInSessionDevExtensionId[] =
+    "baobpecgllpajfeojepgedjdlnlfffde", "bnfoibgpjolimhppjmligmcgklpboloj",
-    "omificdfgpipkkpdhbjmefgfgbppehke";
+    "cdgickkdpbekbnalbmpgochbninibkko", "cjakdianfealdjlapagfagpdpemoppba",
+    "cokoeepjbmmnhgdhlkpahohdaiedfjgn", "dahgfgiifpnaoajmloofonkndaaafacp",
+    "dbknmmkopacopifbkgookcdbhfnggjjh", "ddcjglpbfbibgepfffpklmpihphbcdco",
+    "dhodapiemamlmhlhblgcibabhdkohlen", "dlahpllbhpbkfnoiedkgombmegnnjopi",
+    "egfpnfjeaopimgpiioeedbpmojdapaip", "fnbibocngjnefolmcodjkkghijpdlnfm",
+    "jcnflhjcfjkplgkcinikhbgbhfldkadl", "jkfjfbelolphkjckiolfcakgalloegek",
+    "kmhpgpnbglclbaccjjgoioogjlnfgbne", "lpimkpkllnkdlcigdbgmabfplniahkgm",
+    "odehonhhkcjnbeaomlodfkjaecbmhklm", "olnmflhcfkifkgbiegcoabineoknmbjc",
+    "omificdfgpipkkpdhbjmefgfgbppehke", "phjobickjiififdadeoepbdaciefacfj",
+    "pkeacbojooejnjolgjdecbpnloibpafm", "pllbepacblmgialkkpcceohmjakafnbb",
+    "plpogimmgnkkiflhpidbibfmgpkaofec", "pmhiabnkkchjeaehcodceadhdpfejmmd",
+};
+const char** kExtensionNameMappingsEnd = std::end(kImprivataExtensionIds);
+bool IsCStrBefore(const char* first, const char* second) {
+  return strcmp(first, second) < 0;
+}
+bool IsClassWhitelistedForExtension(uint8_t class_code, const KURL& url) {
+  if (url.Protocol() != kExtensionProtocol)
+    return false;
+  switch (class_code) {
+    case 0x03:  // HID
+      DCHECK(std::is_sorted(kImprivataExtensionIds, kExtensionNameMappingsEnd,
+                            IsCStrBefore));
+      return std::binary_search(kImprivataExtensionIds,
+                                kExtensionNameMappingsEnd,
+                                url.Host().Utf8().c_str(), IsCStrBefore);
+    default:
+      return false;
+  }
+}
+#endif  // defined(OS_CHROMEOS)
 DOMException* ConvertFatalTransferStatus(const UsbTransferStatus& status) {
  switch (status) {
@@ -626,30 +662,18 @@ bool USBDevice::IsProtectedInterfaceClass(wtf_size_t interface_index) const {
    if (std::binary_search(std::begin(kProtectedClasses),
                           std::end(kProtectedClasses),
                           alternate->class_code)) {
-      return !IsClassWhitelistedForExtension(alternate->class_code);
+#if defined(OS_CHROMEOS)
+      return !IsClassWhitelistedForExtension(alternate->class_code,
+                                             GetExecutionContext()->Url());
+#else
+      return true;
+#endif
    }
  }
  return false;
 }
-bool USBDevice::IsClassWhitelistedForExtension(uint8_t class_code) const {
-  const KURL& url = GetExecutionContext()->Url();
-  if (url.Protocol() != kExtensionProtocol)
-    return false;
-  const String host = url.Host();
-  switch (class_code) {
-    case 0x03:  // HID
-      return host == kImprivataLoginScreenProdExtensionId ||
-             host == kImprivataLoginScreenDevExtensionId ||
-             host == kImprivataInSessionProdExtensionId ||
-             host == kImprivataInSessionDevExtensionId;
-    default:
-      return false;
-  }
-}
 bool USBDevice::EnsureNoDeviceChangeInProgress(
    ScriptPromiseResolver* resolver) const {
  if (!device_) {

--- a/third_party/blink/renderer/modules/webusb/usb_device.h
+++ b/third_party/blink/renderer/modules/webusb/usb_device.h
@@ -109,7 +109,6 @@ class USBDevice : public ScriptWrappable,
  wtf_size_t FindAlternateIndex(wtf_size_t interface_index,
                                uint8_t alternate_setting) const;
  bool IsProtectedInterfaceClass(wtf_size_t interface_index) const;
-  bool IsClassWhitelistedForExtension(uint8_t class_code) const;
  bool EnsureNoDeviceChangeInProgress(ScriptPromiseResolver*) const;
  bool EnsureNoDeviceOrInterfaceChangeInProgress(ScriptPromiseResolver*) const;
  bool EnsureDeviceConfigured(ScriptPromiseResolver*) const;