1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
// Copyright 2023 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/chrome_browser_main_extra_parts_nacl_deprecation.h"
#include "base/command_line.h"
#include "base/feature_list.h"
#include "build/build_config.h"
#include "chrome/browser/browser_process.h"
#include "chrome/common/chrome_switches.h"
#include "chrome/common/ppapi_utils.h"
#include "chrome/common/pref_names.h"
#include "components/nacl/common/buildflags.h"
#include "components/prefs/pref_service.h"
#if BUILDFLAG(IS_CHROMEOS)
#include "chrome/browser/ash/policy/core/browser_policy_connector_ash.h"
#include "chrome/browser/browser_process_platform_part_ash.h"
#endif // BUILDFLAG(IS_CHROMEOS)
namespace {
#if BUILDFLAG(ENABLE_NACL)
bool ShouldNaClBeAllowed() {
#if BUILDFLAG(IS_CHROMEOS)
// ForceEnabled by policy.
// kDeviceNativeClientForceAllowed might not be properly initialized at this
// point, so we also check kDeviceNativeClientForceAllowedCache which has the
// last known value of kDeviceNativeClientForceAllowed.
if (g_browser_process->local_state()->GetBoolean(
prefs::kDeviceNativeClientForceAllowedCache)) {
return true;
}
// On unmanaged devices we consider NaCl enabled until we will implement a
// device owner settings to emulate the functionality of the device policy
// above.
// TODO(crbug.com/377443982): Modify after device owner settings is
// implemented.
BrowserProcessPlatformPart* platform_part =
g_browser_process->platform_part();
if (platform_part) {
policy::BrowserPolicyConnectorAsh* connector =
platform_part->browser_policy_connector_ash();
if (connector && !connector->IsDeviceEnterpriseManaged()) {
return true;
}
}
#endif // BUILDFLAG(IS_CHROMEOS)
return base::FeatureList::IsEnabled(kNaclAllow);
}
#endif
} // namespace
BASE_FEATURE(kNaclAllow, "NaclAllow", base::FEATURE_DISABLED_BY_DEFAULT);
void ChromeBrowserMainExtraPartsNaclDeprecation::PostEarlyInitialization() {
#if BUILDFLAG(ENABLE_NACL)
if (!ShouldNaClBeAllowed()) {
DisallowNacl();
}
#if BUILDFLAG(IS_CHROMEOS)
// Observe policy changes and write them to the cache pref.
pref_change_registrar_.Init(g_browser_process->local_state());
pref_change_registrar_.Add(
prefs::kDeviceNativeClientForceAllowed,
base::BindRepeating(
&ChromeBrowserMainExtraPartsNaclDeprecation::NaclAllowedChanged,
base::Unretained(this)));
// If the policy is not set at all, the update won't trigger.
// Default to it's current value.
bool current_value = g_browser_process->local_state()->GetBoolean(
prefs::kDeviceNativeClientForceAllowed);
g_browser_process->local_state()->SetBoolean(
prefs::kDeviceNativeClientForceAllowedCache, current_value);
#endif // BUILDFLAG(IS_CHROMEOS)
#endif // BUILDFLAG(ENABLE_NACL)
}
void ChromeBrowserMainExtraPartsNaclDeprecation::PostMainMessageLoopRun() {
#if BUILDFLAG(IS_CHROMEOS)
pref_change_registrar_.Reset();
#endif // BUILDFLAG(IS_CHROMEOS)
}
void ChromeBrowserMainExtraPartsNaclDeprecation::NaclAllowedChanged() {
#if BUILDFLAG(IS_CHROMEOS)
// Update the cache with the new value.
bool new_value = g_browser_process->local_state()->GetBoolean(
prefs::kDeviceNativeClientForceAllowed);
g_browser_process->local_state()->SetBoolean(
prefs::kDeviceNativeClientForceAllowedCache, new_value);
#endif // BUILDFLAG(IS_CHROMEOS)
}
|
