Added kSystemFeaturesDisableList to ExtensionManagement

kSystemFeaturesDisableList pref represents a list of system features
(camera, settings, ..etc) to be disabled by an admin policy.
It should disable those features regardless of their underlying
implementation (PWA, Chrome App, Web App,..).

Bug: 1063404
Change-Id: Ica2e523aba36378fb9049820e73dde0afcad6cd5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2124655Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Reviewed-by: Sergey Poromov <poromov@chromium.org>
Commit-Queue: Aya Elsayed <ayaelattar@google.com>
Cr-Commit-Position: refs/heads/master@{#755253}

chrome/browser/extensions/extension_management.cc

@@ -44,7 +44,12 @@
 #include "url/gurl.h"
 
 #if defined(OS_CHROMEOS)
+#include "chrome/browser/browser_process.h"
+#include "chrome/browser/chromeos/extensions/default_web_app_ids.h"
+#include "chrome/browser/chromeos/policy/system_features_disable_list_policy_handler.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
+#include "components/policy/core/common/policy_pref_names.h"
+#include "extensions/common/constants.h"
 #endif
 
 namespace extensions {
@@ -55,12 +60,18 @@ ExtensionManagement::ExtensionManagement(Profile* profile)
       is_child_(profile_->IsChild()) {
   TRACE_EVENT0("browser,startup",
                "ExtensionManagement::ExtensionManagement::ctor");
+  base::Closure pref_change_callback = base::Bind(
+      &ExtensionManagement::OnExtensionPrefChanged, base::Unretained(this));
 #if defined(OS_CHROMEOS)
   is_signin_profile_ = chromeos::ProfileHelper::IsSigninProfile(profile);
+  PrefService* const local_state = g_browser_process->local_state();
+  if (local_state) {  // Sometimes it's not available in tests.
+    local_state_pref_change_registrar_.Init(local_state);
+    local_state_pref_change_registrar_.Add(
+        policy::policy_prefs::kSystemFeaturesDisableList, pref_change_callback);
+  }
 #endif
   pref_change_registrar_.Init(pref_service_);
-  base::Closure pref_change_callback = base::Bind(
-      &ExtensionManagement::OnExtensionPrefChanged, base::Unretained(this));
   pref_change_registrar_.Add(pref_names::kInstallAllowList,
                              pref_change_callback);
   pref_change_registrar_.Add(pref_names::kInstallDenyList,
@@ -95,6 +106,7 @@ ExtensionManagement::~ExtensionManagement() {
 
 void ExtensionManagement::Shutdown() {
   pref_change_registrar_.RemoveAll();
+  local_state_pref_change_registrar_.RemoveAll();
   pref_service_ = nullptr;
 }
 
@@ -496,6 +508,30 @@ void ExtensionManagement::Refresh() {
       }
     }
   }
+
+#if defined(OS_CHROMEOS)
+  const base::Value* system_features_disable_list_pref = nullptr;
+  PrefService* const local_state = g_browser_process->local_state();
+  if (local_state) {  // Sometimes it's not available in tests.
+    system_features_disable_list_pref =
+        local_state->GetList(policy::policy_prefs::kSystemFeaturesDisableList);
+  }
+
+  if (system_features_disable_list_pref) {
+    for (const auto& entry : system_features_disable_list_pref->GetList()) {
+      switch (entry.GetInt()) {
+        case policy::SystemFeature::CAMERA:
+          AccessById(extension_misc::kCameraAppId)->installation_mode =
+              INSTALLATION_BLOCKED;
+          break;
+        case policy::SystemFeature::SETTINGS:
+          AccessById(chromeos::default_web_apps::kOsSettingsAppId)
+              ->installation_mode = INSTALLATION_BLOCKED;
+          break;
+      }
+    }
+  }
+#endif
 }
 
 const base::Value* ExtensionManagement::LoadPreference(

chrome/browser/extensions/extension_management.h

@@ -253,6 +253,7 @@ class ExtensionManagement : public KeyedService {
 
   base::ObserverList<Observer, true>::Unchecked observer_list_;
   PrefChangeRegistrar pref_change_registrar_;
+  PrefChangeRegistrar local_state_pref_change_registrar_;
   std::vector<std::unique_ptr<ManagementPolicy::Provider>> providers_;
 
   DISALLOW_COPY_AND_ASSIGN(ExtensionManagement);

chrome/browser/extensions/extension_management_unittest.cc

@@ -20,6 +20,8 @@
 #include "chrome/common/chrome_features.h"
 #include "chrome/common/extensions/extension_constants.h"
 #include "chrome/common/pref_names.h"
+#include "chrome/test/base/scoped_testing_local_state.h"
+#include "chrome/test/base/testing_browser_process.h"
 #include "chrome/test/base/testing_profile.h"
 #include "components/sync_preferences/testing_pref_service_syncable.h"
 #include "content/public/test/browser_task_environment.h"
@@ -33,6 +35,13 @@
 #include "testing/gtest/include/gtest/gtest.h"
 #include "url/gurl.h"
 
+#if defined(OS_CHROMEOS)
+#include "chrome/browser/chromeos/extensions/default_web_app_ids.h"
+#include "chrome/browser/chromeos/policy/system_features_disable_list_policy_handler.h"
+#include "components/policy/core/common/policy_pref_names.h"
+#include "extensions/common/constants.h"
+#endif
+
 namespace extensions {
 
 namespace {
@@ -113,8 +122,9 @@ class ExtensionManagementServiceTest : public testing::Test {
       sync_preferences::TestingPrefServiceSyncable>
       PrefUpdater;
 
-  ExtensionManagementServiceTest() {}
-  ~ExtensionManagementServiceTest() override {}
+  ExtensionManagementServiceTest()
+      : scoped_local_state_(TestingBrowserProcess::GetGlobal()) {}
+  ~ExtensionManagementServiceTest() override = default;
 
   // testing::Test:
   void SetUp() override { InitPrefService(); }
@@ -143,6 +153,10 @@ class ExtensionManagementServiceTest : public testing::Test {
       pref_service_->RemoveUserPref(path);
   }
 
+  void SetPrefLocalState(const char* path, base::Value value) {
+    scoped_local_state_.Get()->Set(path, std::move(value));
+  }
+
   const internal::GlobalSettings* ReadGlobalSettings() {
     return extension_management_->global_settings_.get();
   }
@@ -267,7 +281,7 @@ class ExtensionManagementServiceTest : public testing::Test {
   }
 
   content::BrowserTaskEnvironment task_environment_;
-
+  ScopedTestingLocalState scoped_local_state_;
   std::unique_ptr<TestingProfile> profile_;
   sync_preferences::TestingPrefServiceSyncable* pref_service_;
   std::unique_ptr<ExtensionManagement> extension_management_;
@@ -889,6 +903,21 @@ TEST_F(ExtensionManagementServiceTest, IsInstallationExplicitlyBlocked) {
       extension_management_->IsInstallationExplicitlyBlocked(not_specified));
 }
 
+#if defined(OS_CHROMEOS)
+TEST_F(ExtensionManagementServiceTest, SystemFeaturesDisableList) {
+  base::Value system_features_list = base::Value(base::Value::Type::LIST);
+  system_features_list.Append(policy::SystemFeature::CAMERA);
+  system_features_list.Append(policy::SystemFeature::SETTINGS);
+  SetPrefLocalState(policy::policy_prefs::kSystemFeaturesDisableList,
+                    std::move(system_features_list));
+  EXPECT_EQ(ExtensionManagement::INSTALLATION_BLOCKED,
+            GetInstallationModeById(extension_misc::kCameraAppId));
+  EXPECT_EQ(
+      ExtensionManagement::INSTALLATION_BLOCKED,
+      GetInstallationModeById(chromeos::default_web_apps::kOsSettingsAppId));
+}
+#endif  // !defined(OS_CHROMEOS)
+
 TEST_F(ExtensionManagementServiceTest,
        ExtensionsAreBlockedByDefaultForExtensionRequest) {
   // When extension request policy is set to true, all extensions are blocked by