Disabled OSSettings only by SystemFeaturesDisableList

Changed OSSettings to be only disabled by SystemFeaturesDisableList policy as a lot of domains use ExtensionsWhiteList policy and OsSettings isn't whitelisted. Bug: 1068558 Change-Id: I6055f625993b842d2b129d2f65cad6ef344dfbdd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2144041 Commit-Queue: Aya Elsayed <ayaelattar@google.com> Reviewed-by: Sergey Poromov <poromov@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#758799}

Disabled OSSettings only by SystemFeaturesDisableList
Changed OSSettings to be only disabled by SystemFeaturesDisableList policy as a lot of domains use ExtensionsWhiteList policy and OsSettings isn't whitelisted. Bug: 1068558 Change-Id: I6055f625993b842d2b129d2f65cad6ef344dfbdd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2144041 Commit-Queue: Aya Elsayed <ayaelattar@google.com> Reviewed-by: Sergey Poromov <poromov@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#758799}
d980fda4 · Aya ElAttar · Commit Bot · b27d40f0 · d980fda4 · d980fda4
Commit d980fda4 authored Apr 14, 2020 by Aya ElAttar Committed by Commit Bot Apr 14, 2020
2 changed files
--- a/chrome/browser/extensions/standard_management_policy_provider.cc
+++ b/chrome/browser/extensions/standard_management_policy_provider.cc
@@ -23,7 +23,11 @@
 #endif  // BUILDFLAG(ENABLE_SUPERVISED_USERS)

 #if defined(OS_CHROMEOS)
+#include "chrome/browser/browser_process.h"
 #include "chrome/browser/chromeos/extensions/default_web_app_ids.h"
+#include "chrome/browser/chromeos/policy/system_features_disable_list_policy_handler.h"
+#include "components/policy/core/common/policy_pref_names.h"
+#include "components/prefs/pref_service.h"
 #endif  // defined(OS_CHROMEOS)

 namespace extensions {
@@ -63,6 +67,21 @@ bool AdminPolicyIsModifiable(const Extension* source_extension,
  return false;
 }

+#if defined(OS_CHROMEOS)
+bool IsOsSettingsDisabledBySystemFeaturesPolicy() {
+  PrefService* const local_state = g_browser_process->local_state();
+  if (!local_state)
+    return false;
+
+  const base::ListValue* system_features_pref =
+      local_state->GetList(policy::policy_prefs::kSystemFeaturesDisableList);
+
+  return system_features_pref && system_features_pref->Find(base::Value(
+                                     policy::SystemFeature::OS_SETTINGS)) !=
+                                     system_features_pref->end();
+}
+#endif
+
 }  // namespace

 StandardManagementPolicyProvider::StandardManagementPolicyProvider(
@@ -93,7 +112,8 @@ bool StandardManagementPolicyProvider::UserMayLoad(
 #if defined(OS_CHROMEOS)
  if (extension->id() == chromeos::default_web_apps::kOsSettingsAppId &&
      (installation_mode == ExtensionManagement::INSTALLATION_BLOCKED ||
-       installation_mode == ExtensionManagement::INSTALLATION_REMOVED)) {
+       installation_mode == ExtensionManagement::INSTALLATION_REMOVED) &&
+      IsOsSettingsDisabledBySystemFeaturesPolicy()) {
    return ReturnLoadError(extension, error);
  }
 #endif  // defined(OS_CHROMEOS)

--- a/chrome/browser/policy/extension_policy_browsertest.cc
+++ b/chrome/browser/policy/extension_policy_browsertest.cc
@@ -347,7 +347,7 @@ IN_PROC_BROWSER_TEST_F(ExtensionPolicyTest,
 }

 IN_PROC_BROWSER_TEST_F(ExtensionPolicyTest,
-                       ExtensionInstallBlacklistOsSettings) {
+                       SystemFeaturesDisableListOsSettings) {
  extensions::ExtensionPrefs* extension_prefs =
      extensions::ExtensionPrefs::Get(browser()->profile());

@@ -357,12 +357,12 @@ IN_PROC_BROWSER_TEST_F(ExtensionPolicyTest,
  ASSERT_TRUE(registry->enabled_extensions().GetByID(
      chromeos::default_web_apps::kOsSettingsAppId));

-  base::ListValue blacklist;
-  blacklist.AppendString(chromeos::default_web_apps::kOsSettingsAppId);
+  base::ListValue feature_list;
+  feature_list.AppendString("os_settings");
  PolicyMap policies;
-  policies.Set(key::kExtensionInstallBlacklist, POLICY_LEVEL_MANDATORY,
+  policies.Set(key::kSystemFeaturesDisableList, POLICY_LEVEL_MANDATORY,
               POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
-               blacklist.CreateDeepCopy(), nullptr);
+               feature_list.CreateDeepCopy(), nullptr);
  UpdateProviderPolicy(policies);

  EXPECT_EQ(1u, registry->disabled_extensions().size());
@@ -374,20 +374,22 @@ IN_PROC_BROWSER_TEST_F(ExtensionPolicyTest,
                chromeos::default_web_apps::kOsSettingsAppId));
 }

-// Ensure that OS Settings is not blocked by the ExtensionAllowedTypes policy.
-IN_PROC_BROWSER_TEST_F(ExtensionPolicyTest, ExtensionAllowedTypesOsSettings) {
+// Ensure that OS Settings is only blocked by the SystemFeaturesDisableList
+// policy.
+IN_PROC_BROWSER_TEST_F(ExtensionPolicyTest,
+                       ExtensionInstallBlacklistOsSettings) {
  extensions::ExtensionRegistry* registry = extension_registry();
  const extensions::Extension* bookmark_app = InstallOSSettings();
  ASSERT_TRUE(bookmark_app);
  ASSERT_TRUE(registry->enabled_extensions().GetByID(
      chromeos::default_web_apps::kOsSettingsAppId));

-  base::ListValue allowed_types;
-  allowed_types.AppendString("theme");
+  base::ListValue blacklist;
+  blacklist.AppendString(chromeos::default_web_apps::kOsSettingsAppId);
  PolicyMap policies;
-  policies.Set(key::kExtensionAllowedTypes, POLICY_LEVEL_MANDATORY,
+  policies.Set(key::kExtensionInstallBlacklist, POLICY_LEVEL_MANDATORY,
               POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
-               allowed_types.CreateDeepCopy(), nullptr);
+               blacklist.CreateDeepCopy(), nullptr);
  UpdateProviderPolicy(policies);

  extensions::ExtensionService* service = extension_service();