Add Supervised Users pref for extension permissions

Adds a pref for Supervised Users to determine whether the user is allowed to grant permissions to extensions (and, by extension, whether the user is allowed to install extensions with parental approval). The pref is controlled by Sync settings for the supervised user, ultimately determined by the custodian checking the "Allow sites and apps to ask for permissions" checkbox in the Chrome family dashboard. For now, we will rely on the fact that this checkbox also sets the GeolocationDisabled setting. In the future, the Kids Management server should send a separate setting for extension permissions; that will give us flexibility in the future to break the checkbox into multiple settings. Bug: 1018956 Change-Id: Ifda14018dc7f4a018b493159c6e80b00c2e18b7a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1885216Reviewed-by: Dan S <danan@chromium.org> Commit-Queue: Michael Giuffrida <michaelpg@chromium.org> Auto-Submit: Michael Giuffrida <michaelpg@chromium.org> Cr-Commit-Position: refs/heads/master@{#710991}

Add Supervised Users pref for extension permissions
Adds a pref for Supervised Users to determine whether the user is allowed to grant permissions to extensions (and, by extension, whether the user is allowed to install extensions with parental approval). The pref is controlled by Sync settings for the supervised user, ultimately determined by the custodian checking the "Allow sites and apps to ask for permissions" checkbox in the Chrome family dashboard. For now, we will rely on the fact that this checkbox also sets the GeolocationDisabled setting. In the future, the Kids Management server should send a separate setting for extension permissions; that will give us flexibility in the future to break the checkbox into multiple settings. Bug: 1018956 Change-Id: Ifda14018dc7f4a018b493159c6e80b00c2e18b7a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1885216Reviewed-by: Dan S <danan@chromium.org> Commit-Queue: Michael Giuffrida <michaelpg@chromium.org> Auto-Submit: Michael Giuffrida <michaelpg@chromium.org> Cr-Commit-Position: refs/heads/master@{#710991}
77681878 · Michael Giuffrida · Commit Bot · 2a5f2c04 · 77681878 · 77681878
Commit 77681878 authored Oct 30, 2019 by Michael Giuffrida Committed by Commit Bot Oct 30, 2019
5 changed files
--- a/chrome/browser/supervised_user/supervised_user_pref_store.cc
+++ b/chrome/browser/supervised_user/supervised_user_pref_store.cc
@@ -22,6 +22,7 @@
 #include "components/ntp_snippets/pref_names.h"
 #include "components/prefs/pref_value_map.h"
 #include "components/signin/public/base/signin_pref_names.h"
+#include "extensions/buildflags/buildflags.h"
 namespace {
@@ -162,6 +163,20 @@ void SupervisedUserPrefStore::OnNewSettingsAvailable(
          force_safe_search ? safe_search_util::YOUTUBE_RESTRICT_MODERATE
                            : safe_search_util::YOUTUBE_RESTRICT_OFF);
    }
+#if BUILDFLAG(ENABLE_EXTENSIONS)
+    {
+      // TODO(michaelpg): Update Kids Management server to set a new bit for
+      // extension permissions. Until then, rely on other side effects of the
+      // "allow sites and apps to ask for permissions" setting, like
+      // geolocation being disallowed.
+      bool permissions_disallowed = true;
+      settings->GetBoolean(supervised_users::kGeolocationDisabled,
+                           &permissions_disallowed);
+      prefs_->SetBoolean(prefs::kSupervisedUserExtensionsMayRequestPermissions,
+                         !permissions_disallowed);
+    }
+#endif
  }
  if (!old_prefs) {

--- a/chrome/browser/supervised_user/supervised_user_pref_store_unittest.cc
+++ b/chrome/browser/supervised_user/supervised_user_pref_store_unittest.cc
@@ -13,6 +13,7 @@
 #include "chrome/common/net/safe_search_util.h"
 #include "chrome/common/pref_names.h"
 #include "components/prefs/testing_pref_store.h"
+#include "extensions/buildflags/buildflags.h"
 #include "testing/gtest/include/gtest/gtest.h"
 using base::DictionaryValue;
@@ -57,7 +58,7 @@ SupervisedUserPrefStoreFixture::~SupervisedUserPrefStoreFixture() {
 void SupervisedUserPrefStoreFixture::OnPrefValueChanged(
    const std::string& key) {
-  const base::Value* value = NULL;
+  const base::Value* value = nullptr;
  ASSERT_TRUE(pref_store_->GetValue(key, &value));
  changed_prefs_.Set(key, std::make_unique<base::Value>(value->Clone()));
 }
@@ -110,7 +111,7 @@ TEST_F(SupervisedUserPrefStoreTest, ConfigureSettings) {
  EXPECT_FALSE(allow_deleting_browser_history);
  // kSupervisedModeManualHosts does not have a hardcoded value.
-  base::DictionaryValue* manual_hosts = NULL;
+  base::DictionaryValue* manual_hosts = nullptr;
  EXPECT_FALSE(fixture.changed_prefs()->GetDictionary(
      prefs::kSupervisedUserManualHosts, &manual_hosts));
@@ -126,28 +127,36 @@ TEST_F(SupervisedUserPrefStoreTest, ConfigureSettings) {
  EXPECT_EQ(force_youtube_restrict,
            safe_search_util::YOUTUBE_RESTRICT_MODERATE);
+#if BUILDFLAG(ENABLE_EXTENSIONS)
+  // Permissions requests default to disallowed.
+  bool extensions_may_request_permissions = false;
+  EXPECT_TRUE(fixture.changed_prefs()->GetBoolean(
+      prefs::kSupervisedUserExtensionsMayRequestPermissions,
+      &extensions_may_request_permissions));
+  EXPECT_FALSE(extensions_may_request_permissions);
+#endif
  // Activating the service again should not change anything.
  fixture.changed_prefs()->Clear();
  service_.SetActive(true);
  EXPECT_EQ(0u, fixture.changed_prefs()->size());
  // kSupervisedModeManualHosts can be configured by the custodian.
-  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue);
+  base::Value hosts(base::Value::Type::DICTIONARY);
-  dict->SetBoolean("example.com", true);
+  hosts.SetBoolKey("example.com", true);
-  dict->SetBoolean("moose.org", false);
+  hosts.SetBoolKey("moose.org", false);
  service_.SetLocalSetting(supervised_users::kContentPackManualBehaviorHosts,
-                           std::unique_ptr<base::Value>(dict->DeepCopy()));
+                           std::make_unique<base::Value>(hosts.Clone()));
  EXPECT_EQ(1u, fixture.changed_prefs()->size());
  ASSERT_TRUE(fixture.changed_prefs()->GetDictionary(
      prefs::kSupervisedUserManualHosts, &manual_hosts));
-  EXPECT_TRUE(manual_hosts->Equals(dict.get()));
+  EXPECT_TRUE(*manual_hosts == hosts);
  // kForceGoogleSafeSearch and kForceYouTubeRestrict can be configured by the
  // custodian, overriding the hardcoded default.
  fixture.changed_prefs()->Clear();
-  service_.SetLocalSetting(
+  service_.SetLocalSetting(supervised_users::kForceSafeSearch,
-      supervised_users::kForceSafeSearch,
+                           std::make_unique<base::Value>(false));
-      std::unique_ptr<base::Value>(new base::Value(false)));
  EXPECT_EQ(1u, fixture.changed_prefs()->size());
  EXPECT_TRUE(fixture.changed_prefs()->GetBoolean(prefs::kForceGoogleSafeSearch,
                                                  &force_google_safesearch));
@@ -155,6 +164,21 @@ TEST_F(SupervisedUserPrefStoreTest, ConfigureSettings) {
                                                  &force_youtube_restrict));
  EXPECT_FALSE(force_google_safesearch);
  EXPECT_EQ(force_youtube_restrict, safe_search_util::YOUTUBE_RESTRICT_OFF);
+#if BUILDFLAG(ENABLE_EXTENSIONS)
+  // The custodian can allow sites and apps to request permissions.
+  // Currently tested indirectly by enabling geolocation requests.
+  // TODO(michaelpg): Update Kids Management server to set a new bit for
+  // extension permissions and update this test.
+  fixture.changed_prefs()->Clear();
+  service_.SetLocalSetting(supervised_users::kGeolocationDisabled,
+                           std::make_unique<base::Value>(false));
+  EXPECT_EQ(1u, fixture.changed_prefs()->size());
+  EXPECT_TRUE(fixture.changed_prefs()->GetBoolean(
+      prefs::kSupervisedUserExtensionsMayRequestPermissions,
+      &extensions_may_request_permissions));
+  EXPECT_TRUE(extensions_may_request_permissions);
+#endif
 }
 TEST_F(SupervisedUserPrefStoreTest, ActivateSettingsBeforeInitialization) {

--- a/chrome/browser/supervised_user/supervised_user_service.cc
+++ b/chrome/browser/supervised_user/supervised_user_service.cc
@@ -121,6 +121,10 @@ SupervisedUserService::~SupervisedUserService() {
 void SupervisedUserService::RegisterProfilePrefs(
    user_prefs::PrefRegistrySyncable* registry) {
  registry->RegisterDictionaryPref(prefs::kSupervisedUserApprovedExtensions);
+#if BUILDFLAG(ENABLE_EXTENSIONS)
+  registry->RegisterBooleanPref(
+      prefs::kSupervisedUserExtensionsMayRequestPermissions, false);
+#endif
  registry->RegisterDictionaryPref(prefs::kSupervisedUserManualHosts);
  registry->RegisterDictionaryPref(prefs::kSupervisedUserManualURLs);
  registry->RegisterIntegerPref(prefs::kDefaultSupervisedUserFilteringBehavior,

--- a/chrome/common/pref_names.cc
+++ b/chrome/common/pref_names.cc
@@ -155,6 +155,12 @@ const char kSupervisedUserCustodianProfileImageURL[] =
 const char kSupervisedUserCustodianProfileURL[] =
    "profile.managed.custodian_profile_url";
+// Whether the supervised user may approve extension permission requests. If
+// false, extensions should not be able to request new permissions, and new
+// extensions should not be installable.
+const char kSupervisedUserExtensionsMayRequestPermissions[] =
+    "profile.managed.extensions_may_request_permissions";
 // Maps host names to whether the host is manually allowed or blocked.
 const char kSupervisedUserManualHosts[] = "profile.managed.manual_hosts";

--- a/chrome/common/pref_names.h
+++ b/chrome/common/pref_names.h
@@ -49,6 +49,7 @@ extern const char kSupervisedUserCustodianName[];
 extern const char kSupervisedUserCustodianObfuscatedGaiaId[];
 extern const char kSupervisedUserCustodianProfileImageURL[];
 extern const char kSupervisedUserCustodianProfileURL[];
+extern const char kSupervisedUserExtensionsMayRequestPermissions[];
 extern const char kSupervisedUserManualHosts[];
 extern const char kSupervisedUserManualURLs[];
 extern const char kSupervisedUserSafeSites[];