[Kiosk] Allow platform apps in web kiosk mode

We need some of these apps like Files app, and possibly in future the settings app. Bug: 1047211 Change-Id: I270e9bc86d849f76470e4befb49b2968fc87e3e0 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2031027 Commit-Queue: Anatoliy Potapchuk <apotapchuk@chromium.org> Reviewed-by: Sergey Poromov <poromov@chromium.org> Cr-Commit-Position: refs/heads/master@{#737360}

[Kiosk] Allow platform apps in web kiosk mode
We need some of these apps like Files app, and possibly in future the settings app. Bug: 1047211 Change-Id: I270e9bc86d849f76470e4befb49b2968fc87e3e0 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2031027 Commit-Queue: Anatoliy Potapchuk <apotapchuk@chromium.org> Reviewed-by: Sergey Poromov <poromov@chromium.org> Cr-Commit-Position: refs/heads/master@{#737360}
9e5cfed8 · Anatoliy Potapchuk · Commit Bot · 559aedde · 9e5cfed8 · 9e5cfed8
Commit 9e5cfed8 authored Jan 31, 2020 by Anatoliy Potapchuk Committed by Commit Bot Jan 31, 2020
2 changed files
--- a/chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.cc
+++ b/chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.cc
@@ -858,18 +858,15 @@ bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad(
        && IsSafeForPublicSession(extension)) {
      return true;
    }
-  } else if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) {
-    // For single-app kiosk sessions, allow platform apps, extesions and shared
+  } else if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP ||
+             account_type_ == policy::DeviceLocalAccount::TYPE_WEB_KIOSK_APP) {
+    // For single-app kiosk sessions, allow platform apps, extensions and shared
    // modules.
    if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP ||
        extension->GetType() == extensions::Manifest::TYPE_SHARED_MODULE ||
        extension->GetType() == extensions::Manifest::TYPE_EXTENSION) {
      return true;
    }
-  } else if (account_type_ == policy::DeviceLocalAccount::TYPE_WEB_KIOSK_APP) {
-    if (extension->GetType() == extensions::Manifest::TYPE_EXTENSION) {
-      return true;
-    }
  }

  // Disallow all other extensions.

--- a/chrome/browser/chromeos/extensions/device_local_account_management_policy_provider_unittest.cc
+++ b/chrome/browser/chromeos/extensions/device_local_account_management_policy_provider_unittest.cc
@@ -589,50 +589,56 @@ TEST(DeviceLocalAccountManagementPolicyProviderTest, PublicSession) {
  }
 }

-TEST(DeviceLocalAccountManagementPolicyProviderTest, KioskAppSession) {
-  DeviceLocalAccountManagementPolicyProvider
-      provider(policy::DeviceLocalAccount::TYPE_KIOSK_APP);
-
-  // Verify that a platform app can be installed.
-  scoped_refptr<const extensions::Extension> extension = CreatePlatformApp();
-  ASSERT_TRUE(extension.get());
-  base::string16 error;
-  EXPECT_TRUE(provider.UserMayLoad(extension.get(), &error));
-  EXPECT_EQ(base::string16(), error);
-  error.clear();
+TEST(DeviceLocalAccountManagementPolicyProviderTest, KioskAppSessions) {
+  std::vector<policy::DeviceLocalAccount::Type> types = {
+      policy::DeviceLocalAccount::TYPE_KIOSK_APP,
+      policy::DeviceLocalAccount::TYPE_WEB_KIOSK_APP};
+
+  for (auto type : types) {
+    LOG(INFO) << "Testing device local account type = "<< static_cast<int>(type);
+    DeviceLocalAccountManagementPolicyProvider provider(type);
+
+    // Verify that a platform app can be installed.
+    scoped_refptr<const extensions::Extension> extension = CreatePlatformApp();
+    ASSERT_TRUE(extension.get());
+    base::string16 error;
+    EXPECT_TRUE(provider.UserMayLoad(extension.get(), &error));
+    EXPECT_EQ(base::string16(), error);
+    error.clear();

-  // Verify that an extension whose location has been whitelisted for use in
-  // other types of device-local accounts cannot be installed in a single-app
-  // kiosk session.
-  extension = CreateExternalComponentExtension();
-  ASSERT_TRUE(extension.get());
-  EXPECT_TRUE(provider.UserMayLoad(extension.get(), &error));
-  EXPECT_EQ(base::string16(), error);
-  error.clear();
+    // Verify that an extension whose location has been whitelisted for use in
+    // other types of device-local accounts cannot be installed in a single-app
+    // kiosk session.
+    extension = CreateExternalComponentExtension();
+    ASSERT_TRUE(extension.get());
+    EXPECT_TRUE(provider.UserMayLoad(extension.get(), &error));
+    EXPECT_EQ(base::string16(), error);
+    error.clear();

-  extension = CreateComponentExtension();
-  ASSERT_TRUE(extension.get());
-  EXPECT_TRUE(provider.UserMayLoad(extension.get(), &error));
-  EXPECT_EQ(base::string16(), error);
-  error.clear();
+    extension = CreateComponentExtension();
+    ASSERT_TRUE(extension.get());
+    EXPECT_TRUE(provider.UserMayLoad(extension.get(), &error));
+    EXPECT_EQ(base::string16(), error);
+    error.clear();

-  // Verify that an extension whose type has been whitelisted for use in other
-  // types of device-local accounts cannot be installed in a single-app kiosk
-  // session.
-  extension = CreateHostedApp();
-  ASSERT_TRUE(extension.get());
-  EXPECT_FALSE(provider.UserMayLoad(extension.get(), &error));
-  EXPECT_NE(base::string16(), error);
-  error.clear();
+    // Verify that an extension whose type has been whitelisted for use in other
+    // types of device-local accounts cannot be installed in a single-app kiosk
+    // session.
+    extension = CreateHostedApp();
+    ASSERT_TRUE(extension.get());
+    EXPECT_FALSE(provider.UserMayLoad(extension.get(), &error));
+    EXPECT_NE(base::string16(), error);
+    error.clear();

-  // Verify that an extension whose ID has been whitelisted for use in other
-  // types of device-local accounts cannot be installed in a single-app kiosk
-  // session.
-  extension = CreateRegularExtension(kWhitelistedId);
-  ASSERT_TRUE(extension.get());
-  EXPECT_TRUE(provider.UserMayLoad(extension.get(), &error));
-  EXPECT_EQ(base::string16(), error);
-  error.clear();
+    // Verify that an extension whose ID has been whitelisted for use in other
+    // types of device-local accounts cannot be installed in a single-app kiosk
+    // session.
+    extension = CreateRegularExtension(kWhitelistedId);
+    ASSERT_TRUE(extension.get());
+    EXPECT_TRUE(provider.UserMayLoad(extension.get(), &error));
+    EXPECT_EQ(base::string16(), error);
+    error.clear();
+  }
 }

 TEST(DeviceLocalAccountManagementPolicyProviderTest, IsWhitelisted) {