Allow all COMPONENT extensions for public/managed guest sessions.

While external component extensions were already allowed for public (managed guest) sessions, (internal) component extensions were not whitelisted. It didn't affect previously as this code was never called for these extensions, but now it's called after https://crrev.com/c/1630229 added explicit check for all extensions and apps during ExtensionService init. This currently leads to complete block of many component extensions/apps in public session, including for example Files app and etc. However, some component apps, such as Camera app are also explicitly separately whitelisted. Bug: 976550 Test: Manual, updated unit tests. Change-Id: Id55402412bbacb0d830de001381610787fc5e57b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1678369Reviewed-by: Ivan Šandrk <isandrk@chromium.org> Commit-Queue: Sergey Poromov <poromov@chromium.org> Cr-Commit-Position: refs/heads/master@{#672523}

Allow all COMPONENT extensions for public/managed guest sessions.
While external component extensions were already allowed for public (managed guest) sessions, (internal) component extensions were not whitelisted. It didn't affect previously as this code was never called for these extensions, but now it's called after https://crrev.com/c/1630229 added explicit check for all extensions and apps during ExtensionService init. This currently leads to complete block of many component extensions/apps in public session, including for example Files app and etc. However, some component apps, such as Camera app are also explicitly separately whitelisted. Bug: 976550 Test: Manual, updated unit tests. Change-Id: Id55402412bbacb0d830de001381610787fc5e57b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1678369Reviewed-by: Ivan Šandrk <isandrk@chromium.org> Commit-Queue: Sergey Poromov <poromov@chromium.org> Cr-Commit-Position: refs/heads/master@{#672523}
8e3525ee · Sergey Poromov · Commit Bot · 9c25905e · 8e3525ee · 8e3525ee
Commit 8e3525ee authored Jun 26, 2019 by Sergey Poromov Committed by Commit Bot Jun 26, 2019
2 changed files
--- a/chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.cc
+++ b/chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.cc
@@ -833,8 +833,9 @@ bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad(
    const extensions::Extension* extension,
    base::string16* error) const {
  if (account_type_ == policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION) {
-    // Allow extension if it is an externally hosted component of Chrome.
+    // Allow extension if it is a component of Chrome.
-    if (extension->location() == extensions::Manifest::EXTERNAL_COMPONENT) {
+    if (extension->location() == extensions::Manifest::EXTERNAL_COMPONENT ||
+        extension->location() == extensions::Manifest::COMPONENT) {
      return true;
    }

--- a/chrome/browser/chromeos/extensions/device_local_account_management_policy_provider_unittest.cc
+++ b/chrome/browser/chromeos/extensions/device_local_account_management_policy_provider_unittest.cc
@@ -59,6 +59,13 @@ scoped_refptr<const extensions::Extension> CreateExternalComponentExtension() {
                                   extensions::Extension::NO_FLAGS);
 }
+scoped_refptr<const extensions::Extension> CreateComponentExtension() {
+  base::DictionaryValue values;
+  return CreateExtensionFromValues(std::string(),
+                                   extensions::Manifest::COMPONENT, &values,
+                                   extensions::Extension::NO_FLAGS);
+}
 scoped_refptr<const extensions::Extension> CreateHostedApp() {
  base::DictionaryValue values;
  values.Set(extensions::manifest_keys::kApp,
@@ -106,6 +113,12 @@ TEST(DeviceLocalAccountManagementPolicyProviderTest, PublicSession) {
  EXPECT_EQ(base::string16(), error);
  error.clear();
+  extension = CreateComponentExtension();
+  ASSERT_TRUE(extension.get());
+  EXPECT_TRUE(provider.UserMayLoad(extension.get(), &error));
+  EXPECT_EQ(base::string16(), error);
+  error.clear();
  // Verify that if an extension's type has been whitelisted for use in
  // device-local accounts, the extension can be installed.
  extension = CreateHostedApp();
@@ -597,6 +610,12 @@ TEST(DeviceLocalAccountManagementPolicyProviderTest, KioskAppSession) {
  EXPECT_EQ(base::string16(), error);
  error.clear();
+  extension = CreateComponentExtension();
+  ASSERT_TRUE(extension.get());
+  EXPECT_TRUE(provider.UserMayLoad(extension.get(), &error));
+  EXPECT_EQ(base::string16(), error);
+  error.clear();
  // Verify that an extension whose type has been whitelisted for use in other
  // types of device-local accounts cannot be installed in a single-app kiosk
  // session.