Commit b4773b8e authored by Julian Pastarmov's avatar Julian Pastarmov Committed by Commit Bot

Only allow protocol whitelisting on centrally managed Windows instances

Only trust the URLWhitelist policy for external protocol handlers if the
computer is part of an AD or AAD domain.

BUG=1052093

Change-Id: Ie0d3ecb24ae6117248ff4e00e875a9104255ef41
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2152585Reviewed-by: default avatarAvi Drissman <avi@chromium.org>
Commit-Queue: Julian Pastarmov <pastarmovj@chromium.org>
Cr-Commit-Position: refs/heads/master@{#761000}
parent 3e1566b9
...@@ -358,6 +358,8 @@ ...@@ -358,6 +358,8 @@
#if defined(OS_WIN) #if defined(OS_WIN)
#include "base/strings/string_tokenizer.h" #include "base/strings/string_tokenizer.h"
#include "base/win/win_util.h"
#include "base/win/windows_version.h"
#include "chrome/browser/chrome_browser_main_win.h" #include "chrome/browser/chrome_browser_main_win.h"
#include "chrome/install_static/install_util.h" #include "chrome/install_static/install_util.h"
#include "sandbox/win/src/sandbox_policy.h" #include "sandbox/win/src/sandbox_policy.h"
...@@ -922,6 +924,23 @@ mojo::PendingRemote<chrome::mojom::PrerenderCanceler> GetPrerenderCanceler( ...@@ -922,6 +924,23 @@ mojo::PendingRemote<chrome::mojom::PrerenderCanceler> GetPrerenderCanceler(
return canceler; return canceler;
} }
// Encapculates logic to determine if enterprise policies should be honored.
// This is a copy of the code in policy_loader_win.cc but it's ok to duplicate
// as a new central class to replace those checks is in the making.
bool ShouldHonorPolicies() {
#if defined(OS_WIN)
bool is_enterprise_version =
base::win::OSInfo::GetInstance()->version_type() != base::win::SUITE_HOME;
return base::win::IsEnrolledToDomain() ||
(base::win::IsDeviceRegisteredWithManagement() &&
is_enterprise_version);
#else // defined(OS_WIN)
// TODO(pastarmovj): Replace this with check for MacOS and the new management
// service once it is ready.
return true;
#endif // defined(OS_WIN)
}
void LaunchURL(const GURL& url, void LaunchURL(const GURL& url,
content::WebContents::OnceGetter web_contents_getter, content::WebContents::OnceGetter web_contents_getter,
ui::PageTransition page_transition, ui::PageTransition page_transition,
...@@ -954,7 +973,7 @@ void LaunchURL(const GURL& url, ...@@ -954,7 +973,7 @@ void LaunchURL(const GURL& url,
PolicyBlacklistService* service = PolicyBlacklistService* service =
PolicyBlacklistFactory::GetForBrowserContext( PolicyBlacklistFactory::GetForBrowserContext(
web_contents->GetBrowserContext()); web_contents->GetBrowserContext());
if (service) { if (ShouldHonorPolicies() && service) {
const policy::URLBlacklist::URLBlacklistState url_state = const policy::URLBlacklist::URLBlacklistState url_state =
service->GetURLBlacklistState(url); service->GetURLBlacklistState(url);
is_whitelisted = is_whitelisted =
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment