// Copyright 2018 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "components/policy/content/policy_blocklist_service.h" #include <utility> #include "base/functional/bind.h" #include "components/keyed_service/content/browser_context_dependency_manager.h" #include "components/policy/core/common/policy_pref_names.h" #include "components/prefs/pref_service.h" #include "components/user_prefs/user_prefs.h" #include "content/public/browser/browser_context.h" #include "content/public/browser/storage_partition.h" #if BUILDFLAG(IS_CHROMEOS) #include "base/functional/callback_forward.h" #endif #if BUILDFLAG(IS_CHROMEOS) constexpr char kAllTrafficWildcard[] = "*"; // Returns a URL filter that covers all URL navigations. base::Value::List GetAllTrafficFilter() { base::Value::List all_traffic; all_traffic.Append(kAllTrafficWildcard); return all_traffic; } // BlocklistSource implementation that blocks all traffic with the // exception of URLs specified by the admin via the policy // AlwaysOnVpnPreConnectUrlAllowlist. // Note that this implementation only supports one observer at a time. Adding a // new observer will remove the previous one. class AlwaysOnVpnPreConnectBlocklistSource : public policy::BlocklistSource { public: AlwaysOnVpnPreConnectBlocklistSource(PrefService* pref_service) : blocklist_(GetAllTrafficFilter()) { pref_change_registrar_.Init(pref_service); } AlwaysOnVpnPreConnectBlocklistSource( const AlwaysOnVpnPreConnectBlocklistSource&) = delete; AlwaysOnVpnPreConnectBlocklistSource& operator=( const AlwaysOnVpnPreConnectBlocklistSource&) = delete; ~AlwaysOnVpnPreConnectBlocklistSource() override = default; const base::Value::List* GetBlocklistSpec() const override { return &blocklist_; } const base::Value::List* GetAllowlistSpec() const override { return &pref_change_registrar_.prefs()->GetList( policy::policy_prefs::kAlwaysOnVpnPreConnectUrlAllowlist); } // Adds an observer which will be notified when the blocklist is updated, i.e. // when the preference ` // policy::policy_prefs::kAlwaysOnVpnPreConnectUrlAllowlist` has a new value. // If an observer already exists, it will be removed. void SetBlocklistObserver(base::RepeatingClosure observer) override { pref_change_registrar_.RemoveAll(); pref_change_registrar_.Add( policy::policy_prefs::kAlwaysOnVpnPreConnectUrlAllowlist, observer); } private: const base::Value::List blocklist_; PrefChangeRegistrar pref_change_registrar_; }; #endif PolicyBlocklistService::PolicyBlocklistService( std::unique_ptr<policy::URLBlocklistManager> url_blocklist_manager, PrefService* user_prefs) : … { … } PolicyBlocklistService::~PolicyBlocklistService() = default; policy::URLBlocklist::URLBlocklistState PolicyBlocklistService::GetURLBlocklistState(const GURL& url) const { … } #if BUILDFLAG(IS_CHROMEOS) void PolicyBlocklistService::SetAlwaysOnVpnPreConnectUrlAllowlistEnforced( bool enforced) { if (enforced) { url_blocklist_manager_->SetOverrideBlockListSource( std::make_unique<AlwaysOnVpnPreConnectBlocklistSource>(user_prefs_)); return; } url_blocklist_manager_->SetOverrideBlockListSource(nullptr); } #endif // static PolicyBlocklistFactory* PolicyBlocklistFactory::GetInstance() { … } // static PolicyBlocklistService* PolicyBlocklistFactory::GetForBrowserContext( content::BrowserContext* context) { … } PolicyBlocklistFactory::PolicyBlocklistFactory() : … { … } PolicyBlocklistFactory::~PolicyBlocklistFactory() = default; std::unique_ptr<KeyedService> PolicyBlocklistFactory::BuildServiceInstanceForBrowserContext( content::BrowserContext* context) const { … } content::BrowserContext* PolicyBlocklistFactory::GetBrowserContextToUse( content::BrowserContext* context) const { … }
Codebase Browser
chromium