New issue
Advanced search Search tips

Issue 754448 link

Starred by 2 users
Status: Fixed
Owner:
karandeepb@chromium.org
Closed: Sep 2017
Cc:
rdevlin....@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Disabled policy blacklisted extensions can be re-enabled.

Project Member Reported by karandeepb@chromium.org, Aug 10 2017 
Chrome Version: (copy from chrome://version)
OS: (e.g. Win7, OSX 10.9.5, etc...)

What steps will reproduce the problem?
(1) Disable an extension.
(2) Add it to management policy blacklist.
(3) Re-enable the extension.

What is the expected result?
The extension shouldn't be enabled.

What happens instead?
It is enabled.

Please use labels and text to provide additional information.


For graphics-related bugs, please copy/paste the contents of the about:gpu
page at the end of this report.
Project Member

Comment 1 by bugdroid1@chromium.org, Aug 23 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2a1172308ad040e0d6abb2f20b824f5fef92ca68

commit 2a1172308ad040e0d6abb2f20b824f5fef92ca68
Author: Karan Bhatia <karandeepb@chromium.org>
Date: Wed Aug 23 00:24:56 2017

Extensions: Change how ManagementPolicy::UserMayLoad is handled.

Currently when an enabled extension is blocked by ManagementPolicy::UserMayLoad,
it is unloaded without its preferences being removed. Also, ExtensionPrefs shows
the state of such extensions as enabled. This can lead to bugs where unloaded
policy blacklisted extensions can have side-effects. Also,
ManagementPolicy::UserMayLoad is not checked while enabling a disabled
extension. This can cause blacklisted extensions to become enabled.

This CL brings the following changes:
  - A new disabled reason DISABLE_BLOCKED_BY_POLICY is introduced.
  - When an enabled extension fails ManagementPolicy::UserMayLoad, it is
    disabled with DISABLE_BLOCKED_BY_POLICY.
  - Hence extensions which fail UserMayLoad checks are now visible to the user 
    on chrome://extensions page, instead of silently remaining installed.
  - They are re-enabled automatically when they satisfy the policy. 
  - ManagementPolicy::MustRemainDisabled also checks
    ManagementPolicy::UserMayLoad now. This leads to cleaner code at call sites
    and helps avoid inconsistent checking of the management policy.
  - Some cases in which disabled policy blacklisted extensions could be 
    re-enabled are fixed.

BUG= 709264 ,  754448 , 461747
TEST=Install EvilProxy (https://chrome.google.com/webstore/detail/evilproxy/jndopnbadbiahpmbnfadmmadjhpjbmon). 
Ensure navigating to tools.google.com causes a 404. Add the extension to policy
blacklist. Ensure navigating to tools.google.com works fine. Restart browser. 
Ensure navigating to tools.google.com works fine.
TEST=Install EvilProxy. Ensure navigating to tools.google.com causes a 404. 
Close browser. Add the extension to policy blacklist. Start browser. Ensure 
navigating to tools.google.com works fine. 
TEST=Install EvilProxy. Add the extension to policy blacklist. Close browser.
Remove extension from policy blacklist. Start browser. Ensure navigating to 
tools.google.com causes a 404.
TEST=Install EvilProxy. Add the extension to policy blacklist. Ensure navigating
to tools.google.com works fine. Remove extension from policy blacklist. Ensure
navigating to tools.google.com causes a 404.
TEST=Install EvilProxy. Disable the extension from chrome://extensions page. Add
it to policy blacklist. Ensure it can't be enabled from chrome://extensions.

Change-Id: Ia25d7a2a49bd1c006a435c26397c834ffa5ae632
Reviewed-on: https://chromium-review.googlesource.com/611662
Commit-Queue: Karan Bhatia <karandeepb@chromium.org>
Reviewed-by: Ilya Sherman <isherman@chromium.org>
Reviewed-by: Maksim Ivanov <emaxx@chromium.org>
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#496521}
[modify] https://crrev.com/2a1172308ad040e0d6abb2f20b824f5fef92ca68/chrome/browser/extensions/api/proxy/proxy_apitest.cc
[modify] https://crrev.com/2a1172308ad040e0d6abb2f20b824f5fef92ca68/chrome/browser/extensions/crx_installer_browsertest.cc
[modify] https://crrev.com/2a1172308ad040e0d6abb2f20b824f5fef92ca68/chrome/browser/extensions/extension_service.cc
[modify] https://crrev.com/2a1172308ad040e0d6abb2f20b824f5fef92ca68/chrome/browser/extensions/extension_service_sync_unittest.cc
[modify] https://crrev.com/2a1172308ad040e0d6abb2f20b824f5fef92ca68/chrome/browser/extensions/extension_service_unittest.cc
[modify] https://crrev.com/2a1172308ad040e0d6abb2f20b824f5fef92ca68/chrome/browser/extensions/extension_sync_service.cc
[modify] https://crrev.com/2a1172308ad040e0d6abb2f20b824f5fef92ca68/chrome/browser/extensions/extension_util.cc
[modify] https://crrev.com/2a1172308ad040e0d6abb2f20b824f5fef92ca68/chrome/browser/extensions/installed_loader.cc
[modify] https://crrev.com/2a1172308ad040e0d6abb2f20b824f5fef92ca68/chrome/browser/policy/policy_browsertest.cc
[modify] https://crrev.com/2a1172308ad040e0d6abb2f20b824f5fef92ca68/components/policy/resources/policy_templates.json
[modify] https://crrev.com/2a1172308ad040e0d6abb2f20b824f5fef92ca68/extensions/browser/management_policy.cc
[modify] https://crrev.com/2a1172308ad040e0d6abb2f20b824f5fef92ca68/extensions/browser/management_policy.h
[modify] https://crrev.com/2a1172308ad040e0d6abb2f20b824f5fef92ca68/extensions/common/disable_reason.h
[modify] https://crrev.com/2a1172308ad040e0d6abb2f20b824f5fef92ca68/extensions/common/manifest_constants.cc
[modify] https://crrev.com/2a1172308ad040e0d6abb2f20b824f5fef92ca68/extensions/common/manifest_constants.h
[modify] https://crrev.com/2a1172308ad040e0d6abb2f20b824f5fef92ca68/tools/metrics/histograms/enums.xml
[modify] https://crrev.com/2a1172308ad040e0d6abb2f20b824f5fef92ca68/tools/metrics/histograms/histograms.xml

Comment 2 by karandeepb@chromium.org, Sep 12 2017

Status: Fixed (was: Assigned)

Sign in to add a comment