OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/policy/browser_policy_connector.h" | 5 #include "chrome/browser/policy/browser_policy_connector.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
10 #include "base/file_path.h" | 10 #include "base/file_path.h" |
11 #include "base/message_loop.h" | 11 #include "base/message_loop.h" |
12 #include "base/path_service.h" | 12 #include "base/path_service.h" |
13 #include "base/string_util.h" | 13 #include "base/string_util.h" |
14 #include "base/utf_string_conversions.h" | 14 #include "base/utf_string_conversions.h" |
15 #include "chrome/browser/browser_process.h" | 15 #include "chrome/browser/browser_process.h" |
16 #include "chrome/browser/policy/async_policy_provider.h" | 16 #include "chrome/browser/policy/async_policy_provider.h" |
17 #include "chrome/browser/policy/cloud_policy_client.h" | 17 #include "chrome/browser/policy/cloud_policy_client.h" |
18 #include "chrome/browser/policy/cloud_policy_provider.h" | |
19 #include "chrome/browser/policy/cloud_policy_service.h" | 18 #include "chrome/browser/policy/cloud_policy_service.h" |
20 #include "chrome/browser/policy/cloud_policy_subsystem.h" | |
21 #include "chrome/browser/policy/configuration_policy_provider.h" | 19 #include "chrome/browser/policy/configuration_policy_provider.h" |
22 #include "chrome/browser/policy/device_management_service.h" | 20 #include "chrome/browser/policy/device_management_service.h" |
23 #include "chrome/browser/policy/managed_mode_policy_provider.h" | 21 #include "chrome/browser/policy/managed_mode_policy_provider.h" |
24 #include "chrome/browser/policy/policy_service_impl.h" | 22 #include "chrome/browser/policy/policy_service_impl.h" |
25 #include "chrome/browser/policy/policy_statistics_collector.h" | 23 #include "chrome/browser/policy/policy_statistics_collector.h" |
26 #include "chrome/browser/policy/user_policy_cache.h" | |
27 #include "chrome/browser/policy/user_policy_token_cache.h" | |
28 #include "chrome/browser/prefs/pref_service.h" | 24 #include "chrome/browser/prefs/pref_service.h" |
| 25 #include "chrome/browser/prefs/pref_service_simple.h" |
29 #include "chrome/browser/profiles/profile.h" | 26 #include "chrome/browser/profiles/profile.h" |
30 #include "chrome/browser/signin/token_service.h" | |
31 #include "chrome/common/chrome_notification_types.h" | |
32 #include "chrome/common/chrome_paths.h" | 27 #include "chrome/common/chrome_paths.h" |
33 #include "chrome/common/chrome_switches.h" | 28 #include "chrome/common/chrome_switches.h" |
34 #include "chrome/common/pref_names.h" | 29 #include "chrome/common/pref_names.h" |
35 #include "content/public/browser/notification_details.h" | |
36 #include "content/public/browser/notification_source.h" | |
37 #include "google_apis/gaia/gaia_auth_util.h" | 30 #include "google_apis/gaia/gaia_auth_util.h" |
38 #include "google_apis/gaia/gaia_constants.h" | 31 #include "google_apis/gaia/gaia_constants.h" |
39 #include "grit/generated_resources.h" | 32 #include "grit/generated_resources.h" |
40 #include "policy/policy_constants.h" | 33 #include "policy/policy_constants.h" |
41 #include "third_party/icu/public/i18n/unicode/regex.h" | 34 #include "third_party/icu/public/i18n/unicode/regex.h" |
42 | 35 |
43 #if defined(OS_WIN) | 36 #if defined(OS_WIN) |
44 #include "chrome/browser/policy/policy_loader_win.h" | 37 #include "chrome/browser/policy/policy_loader_win.h" |
45 #elif defined(OS_MACOSX) | 38 #elif defined(OS_MACOSX) |
46 #include "chrome/browser/policy/policy_loader_mac.h" | 39 #include "chrome/browser/policy/policy_loader_mac.h" |
47 #include "chrome/browser/policy/preferences_mac.h" | 40 #include "chrome/browser/policy/preferences_mac.h" |
48 #elif defined(OS_POSIX) | 41 #elif defined(OS_POSIX) |
49 #include "chrome/browser/policy/config_dir_policy_loader.h" | 42 #include "chrome/browser/policy/config_dir_policy_loader.h" |
50 #endif | 43 #endif |
51 | 44 |
52 #if defined(OS_CHROMEOS) | 45 #if defined(OS_CHROMEOS) |
53 #include "base/utf_string_conversions.h" | 46 #include "base/utf_string_conversions.h" |
54 #include "chrome/browser/chromeos/cros/cros_library.h" | 47 #include "chrome/browser/chromeos/cros/cros_library.h" |
55 #include "chrome/browser/chromeos/login/user_manager.h" | 48 #include "chrome/browser/chromeos/login/user_manager.h" |
56 #include "chrome/browser/chromeos/settings/cros_settings.h" | 49 #include "chrome/browser/chromeos/settings/cros_settings.h" |
57 #include "chrome/browser/chromeos/settings/cros_settings_provider.h" | 50 #include "chrome/browser/chromeos/settings/cros_settings_provider.h" |
58 #include "chrome/browser/chromeos/settings/device_settings_service.h" | 51 #include "chrome/browser/chromeos/settings/device_settings_service.h" |
59 #include "chrome/browser/chromeos/system/statistics_provider.h" | 52 #include "chrome/browser/chromeos/system/statistics_provider.h" |
60 #include "chrome/browser/chromeos/system/timezone_settings.h" | 53 #include "chrome/browser/chromeos/system/timezone_settings.h" |
61 #include "chrome/browser/policy/app_pack_updater.h" | 54 #include "chrome/browser/policy/app_pack_updater.h" |
62 #include "chrome/browser/policy/cros_user_policy_cache.h" | |
63 #include "chrome/browser/policy/device_cloud_policy_manager_chromeos.h" | 55 #include "chrome/browser/policy/device_cloud_policy_manager_chromeos.h" |
64 #include "chrome/browser/policy/device_cloud_policy_store_chromeos.h" | 56 #include "chrome/browser/policy/device_cloud_policy_store_chromeos.h" |
65 #include "chrome/browser/policy/device_local_account_policy_provider.h" | 57 #include "chrome/browser/policy/device_local_account_policy_provider.h" |
66 #include "chrome/browser/policy/device_local_account_policy_service.h" | 58 #include "chrome/browser/policy/device_local_account_policy_service.h" |
67 #include "chrome/browser/policy/device_policy_cache.h" | 59 #include "chrome/browser/policy/device_status_collector.h" |
| 60 #include "chrome/browser/policy/enterprise_install_attributes.h" |
68 #include "chrome/browser/policy/network_configuration_updater.h" | 61 #include "chrome/browser/policy/network_configuration_updater.h" |
69 #include "chrome/browser/policy/user_cloud_policy_manager_chromeos.h" | 62 #include "chrome/browser/policy/user_cloud_policy_manager_chromeos.h" |
70 #include "chrome/browser/policy/user_cloud_policy_store_chromeos.h" | 63 #include "chrome/browser/policy/user_cloud_policy_store_chromeos.h" |
71 #include "chromeos/dbus/dbus_thread_manager.h" | 64 #include "chromeos/dbus/dbus_thread_manager.h" |
72 #else | 65 #else |
73 #include "chrome/browser/policy/user_cloud_policy_manager.h" | 66 #include "chrome/browser/policy/user_cloud_policy_manager.h" |
74 #include "chrome/browser/policy/user_cloud_policy_manager_factory.h" | 67 #include "chrome/browser/policy/user_cloud_policy_manager_factory.h" |
75 #endif | 68 #endif |
76 | 69 |
77 using content::BrowserThread; | |
78 | |
79 namespace policy { | 70 namespace policy { |
80 | 71 |
81 namespace { | 72 namespace { |
82 | 73 |
83 // Subdirectory in the user's profile for storing user policies. | 74 // Subdirectory in the user's profile for storing user policies. |
84 const FilePath::CharType kPolicyDir[] = FILE_PATH_LITERAL("Device Management"); | 75 const FilePath::CharType kPolicyDir[] = FILE_PATH_LITERAL("Device Management"); |
85 // File in the above directory for stroing user policy dmtokens. | 76 // File in the above directory for stroing user policy dmtokens. |
86 const FilePath::CharType kTokenCacheFile[] = FILE_PATH_LITERAL("Token"); | 77 const FilePath::CharType kTokenCacheFile[] = FILE_PATH_LITERAL("Token"); |
87 // File in the above directory for storing user policy data. | 78 // File in the above directory for storing user policy data. |
88 const FilePath::CharType kPolicyCacheFile[] = FILE_PATH_LITERAL("Policy"); | 79 const FilePath::CharType kPolicyCacheFile[] = FILE_PATH_LITERAL("Policy"); |
89 | 80 |
90 // The following constants define delays applied before the initial policy fetch | 81 // The following constants define delays applied before the initial policy fetch |
91 // on startup. (So that displaying Chrome's GUI does not get delayed.) | 82 // on startup. (So that displaying Chrome's GUI does not get delayed.) |
92 // Delay in milliseconds from startup. | 83 // Delay in milliseconds from startup. |
93 const int64 kServiceInitializationStartupDelay = 5000; | 84 const int64 kServiceInitializationStartupDelay = 5000; |
94 | 85 |
| 86 // Default policy refresh rate. |
| 87 const int64 kDefaultPolicyRefreshRateMs = 3 * 60 * 60 * 1000; // 3 hours. |
| 88 |
95 // The URL for the device management server. | 89 // The URL for the device management server. |
96 const char kDefaultDeviceManagementServerUrl[] = | 90 const char kDefaultDeviceManagementServerUrl[] = |
97 "https://m.google.com/devicemanagement/data/api"; | 91 "https://m.google.com/devicemanagement/data/api"; |
98 | 92 |
99 // Used in BrowserPolicyConnector::SetPolicyProviderForTesting. | 93 // Used in BrowserPolicyConnector::SetPolicyProviderForTesting. |
100 ConfigurationPolicyProvider* g_testing_provider = NULL; | 94 ConfigurationPolicyProvider* g_testing_provider = NULL; |
101 | 95 |
102 } // namespace | 96 } // namespace |
103 | 97 |
104 BrowserPolicyConnector::BrowserPolicyConnector() | 98 BrowserPolicyConnector::BrowserPolicyConnector() |
(...skipping 19 matching lines...) Expand all Loading... |
124 new DeviceManagementService(GetDeviceManagementUrl())); | 118 new DeviceManagementService(GetDeviceManagementUrl())); |
125 } | 119 } |
126 | 120 |
127 #if defined(OS_CHROMEOS) | 121 #if defined(OS_CHROMEOS) |
128 chromeos::CryptohomeLibrary* cryptohome = | 122 chromeos::CryptohomeLibrary* cryptohome = |
129 chromeos::CrosLibrary::Get()->GetCryptohomeLibrary(); | 123 chromeos::CrosLibrary::Get()->GetCryptohomeLibrary(); |
130 install_attributes_.reset(new EnterpriseInstallAttributes(cryptohome)); | 124 install_attributes_.reset(new EnterpriseInstallAttributes(cryptohome)); |
131 install_attributes_->ReadCacheFile( | 125 install_attributes_->ReadCacheFile( |
132 FilePath(policy::EnterpriseInstallAttributes::kCacheFilePath)); | 126 FilePath(policy::EnterpriseInstallAttributes::kCacheFilePath)); |
133 | 127 |
| 128 scoped_ptr<DeviceCloudPolicyStoreChromeOS> device_cloud_policy_store( |
| 129 new DeviceCloudPolicyStoreChromeOS( |
| 130 chromeos::DeviceSettingsService::Get(), |
| 131 install_attributes_.get())); |
| 132 device_cloud_policy_manager_.reset( |
| 133 new DeviceCloudPolicyManagerChromeOS( |
| 134 device_cloud_policy_store.Pass(), |
| 135 install_attributes_.get())); |
| 136 |
134 CommandLine* command_line = CommandLine::ForCurrentProcess(); | 137 CommandLine* command_line = CommandLine::ForCurrentProcess(); |
135 if (!command_line->HasSwitch(switches::kDisableCloudPolicyService)) { | 138 if (!command_line->HasSwitch(switches::kDisableLocalAccounts)) { |
136 scoped_ptr<DeviceCloudPolicyStoreChromeOS> device_cloud_policy_store( | 139 device_local_account_policy_service_.reset( |
137 new DeviceCloudPolicyStoreChromeOS( | 140 new DeviceLocalAccountPolicyService( |
138 chromeos::DeviceSettingsService::Get(), | 141 chromeos::DBusThreadManager::Get()->GetSessionManagerClient(), |
139 install_attributes_.get())); | 142 chromeos::DeviceSettingsService::Get())); |
140 device_cloud_policy_manager_.reset( | |
141 new DeviceCloudPolicyManagerChromeOS( | |
142 device_cloud_policy_store.Pass(), | |
143 install_attributes_.get())); | |
144 if (!command_line->HasSwitch(switches::kDisableLocalAccounts)) { | |
145 device_local_account_policy_service_.reset( | |
146 new DeviceLocalAccountPolicyService( | |
147 chromeos::DBusThreadManager::Get()->GetSessionManagerClient(), | |
148 chromeos::DeviceSettingsService::Get())); | |
149 } | |
150 } else { | |
151 cloud_provider_.reset(new CloudPolicyProvider(this)); | |
152 } | 143 } |
153 | |
154 InitializeDevicePolicy(); | |
155 #endif | 144 #endif |
156 | 145 |
157 // Complete the initialization once the message loops are spinning. | 146 // Complete the initialization once the message loops are spinning. |
158 MessageLoop::current()->PostTask( | 147 MessageLoop::current()->PostTask( |
159 FROM_HERE, | 148 FROM_HERE, |
160 base::Bind(&BrowserPolicyConnector::CompleteInitialization, | 149 base::Bind(&BrowserPolicyConnector::CompleteInitialization, |
161 weak_ptr_factory_.GetWeakPtr())); | 150 weak_ptr_factory_.GetWeakPtr())); |
162 | 151 |
163 is_initialized_ = true; | 152 is_initialized_ = true; |
164 } | 153 } |
165 | 154 |
166 void BrowserPolicyConnector::Shutdown() { | 155 void BrowserPolicyConnector::Shutdown() { |
167 is_initialized_ = false; | 156 is_initialized_ = false; |
168 | 157 |
169 if (g_testing_provider) | 158 if (g_testing_provider) |
170 g_testing_provider->Shutdown(); | 159 g_testing_provider->Shutdown(); |
171 // Drop g_testing_provider so that tests executed with --single_process can | 160 // Drop g_testing_provider so that tests executed with --single_process can |
172 // call SetPolicyProviderForTesting() again. It is still owned by the test. | 161 // call SetPolicyProviderForTesting() again. It is still owned by the test. |
173 g_testing_provider = NULL; | 162 g_testing_provider = NULL; |
174 if (platform_provider_) | 163 if (platform_provider_) |
175 platform_provider_->Shutdown(); | 164 platform_provider_->Shutdown(); |
176 // The |cloud_provider_| must be shut down before destroying the cloud | |
177 // policy subsystems, which own the caches that |cloud_provider_| uses. | |
178 if (cloud_provider_) | |
179 cloud_provider_->Shutdown(); | |
180 | 165 |
181 #if defined(OS_CHROMEOS) | 166 #if defined(OS_CHROMEOS) |
182 // Shutdown device cloud policy. | |
183 if (device_cloud_policy_subsystem_) | |
184 device_cloud_policy_subsystem_->Shutdown(); | |
185 // The AppPackUpdater may be observing the |device_cloud_policy_subsystem_|. | 167 // The AppPackUpdater may be observing the |device_cloud_policy_subsystem_|. |
186 // Delete it first. | 168 // Delete it first. |
187 app_pack_updater_.reset(); | 169 app_pack_updater_.reset(); |
188 device_cloud_policy_subsystem_.reset(); | |
189 device_data_store_.reset(); | |
190 | 170 |
191 if (device_cloud_policy_manager_) | 171 if (device_cloud_policy_manager_) |
192 device_cloud_policy_manager_->Shutdown(); | 172 device_cloud_policy_manager_->Shutdown(); |
193 if (device_local_account_policy_provider_) | 173 if (device_local_account_policy_provider_) |
194 device_local_account_policy_provider_->Shutdown(); | 174 device_local_account_policy_provider_->Shutdown(); |
195 if (device_local_account_policy_service_) | 175 if (device_local_account_policy_service_) |
196 device_local_account_policy_service_->Disconnect(); | 176 device_local_account_policy_service_->Disconnect(); |
197 if (user_cloud_policy_manager_) | 177 if (user_cloud_policy_manager_) |
198 user_cloud_policy_manager_->Shutdown(); | 178 user_cloud_policy_manager_->Shutdown(); |
199 global_user_cloud_policy_provider_.Shutdown(); | 179 global_user_cloud_policy_provider_.Shutdown(); |
200 #endif | 180 #endif |
201 | 181 |
202 // Shutdown user cloud policy. | |
203 if (user_cloud_policy_subsystem_) | |
204 user_cloud_policy_subsystem_->Shutdown(); | |
205 user_cloud_policy_subsystem_.reset(); | |
206 user_policy_token_cache_.reset(); | |
207 user_data_store_.reset(); | |
208 | |
209 device_management_service_.reset(); | 182 device_management_service_.reset(); |
210 } | 183 } |
211 | 184 |
212 scoped_ptr<PolicyService> BrowserPolicyConnector::CreatePolicyService( | 185 scoped_ptr<PolicyService> BrowserPolicyConnector::CreatePolicyService( |
213 Profile* profile) { | 186 Profile* profile) { |
214 DCHECK(profile); | 187 DCHECK(profile); |
215 ConfigurationPolicyProvider* user_cloud_policy_provider = NULL; | 188 ConfigurationPolicyProvider* user_cloud_policy_provider = NULL; |
216 #if defined(OS_CHROMEOS) | 189 #if defined(OS_CHROMEOS) |
217 user_cloud_policy_provider = user_cloud_policy_manager_.get(); | 190 user_cloud_policy_provider = user_cloud_policy_manager_.get(); |
218 #else | 191 #else |
219 user_cloud_policy_provider = | 192 user_cloud_policy_provider = |
220 UserCloudPolicyManagerFactory::GetForProfile(profile); | 193 UserCloudPolicyManagerFactory::GetForProfile(profile); |
221 #endif | 194 #endif |
222 return CreatePolicyServiceWithProviders( | 195 return CreatePolicyServiceWithProviders( |
223 user_cloud_policy_provider, | 196 user_cloud_policy_provider, |
224 profile->GetManagedModePolicyProvider()); | 197 profile->GetManagedModePolicyProvider()); |
225 } | 198 } |
226 | 199 |
227 PolicyService* BrowserPolicyConnector::GetPolicyService() { | 200 PolicyService* BrowserPolicyConnector::GetPolicyService() { |
228 if (!policy_service_) | 201 if (!policy_service_) |
229 policy_service_ = CreatePolicyServiceWithProviders(NULL, NULL); | 202 policy_service_ = CreatePolicyServiceWithProviders(NULL, NULL); |
230 return policy_service_.get(); | 203 return policy_service_.get(); |
231 } | 204 } |
232 | 205 |
233 void BrowserPolicyConnector::RegisterForDevicePolicy( | |
234 const std::string& owner_email, | |
235 const std::string& token, | |
236 bool known_machine_id, | |
237 bool reregister) { | |
238 #if defined(OS_CHROMEOS) | 206 #if defined(OS_CHROMEOS) |
239 if (device_data_store_.get()) { | |
240 if (!device_data_store_->device_token().empty()) { | |
241 LOG(ERROR) << "Device policy data store already has a DMToken; " | |
242 << "RegisterForDevicePolicy won't trigger a new registration."; | |
243 } | |
244 | |
245 device_data_store_->set_user_name(owner_email); | |
246 device_data_store_->set_known_machine_id(known_machine_id); | |
247 if (reregister) { | |
248 device_data_store_->set_device_id(install_attributes_->GetDeviceId()); | |
249 device_data_store_->set_reregister(true); | |
250 } | |
251 device_data_store_->set_policy_fetching_enabled(false); | |
252 device_data_store_->SetOAuthToken(token); | |
253 } | |
254 #endif | |
255 } | |
256 | |
257 bool BrowserPolicyConnector::IsEnterpriseManaged() { | 207 bool BrowserPolicyConnector::IsEnterpriseManaged() { |
258 #if defined(OS_CHROMEOS) | |
259 return install_attributes_.get() && install_attributes_->IsEnterpriseDevice(); | 208 return install_attributes_.get() && install_attributes_->IsEnterpriseDevice(); |
260 #else | |
261 return false; | |
262 #endif | |
263 } | |
264 | |
265 EnterpriseInstallAttributes::LockResult | |
266 BrowserPolicyConnector::LockDevice(const std::string& user) { | |
267 #if defined(OS_CHROMEOS) | |
268 if (install_attributes_.get()) { | |
269 return install_attributes_->LockDevice(user, | |
270 device_data_store_->device_mode(), | |
271 device_data_store_->device_id()); | |
272 } | |
273 #endif | |
274 | |
275 return EnterpriseInstallAttributes::LOCK_BACKEND_ERROR; | |
276 } | 209 } |
277 | 210 |
278 std::string BrowserPolicyConnector::GetEnterpriseDomain() { | 211 std::string BrowserPolicyConnector::GetEnterpriseDomain() { |
279 #if defined(OS_CHROMEOS) | 212 return install_attributes_.get() ? install_attributes_->GetDomain() |
280 if (install_attributes_.get()) | 213 : std::string(); |
281 return install_attributes_->GetDomain(); | |
282 #endif | |
283 | |
284 return std::string(); | |
285 } | 214 } |
286 | 215 |
287 DeviceMode BrowserPolicyConnector::GetDeviceMode() { | 216 DeviceMode BrowserPolicyConnector::GetDeviceMode() { |
288 #if defined(OS_CHROMEOS) | 217 return install_attributes_.get() ? install_attributes_->GetMode() |
289 if (install_attributes_.get()) | 218 : DEVICE_MODE_NOT_SET; |
290 return install_attributes_->GetMode(); | 219 } |
291 else | |
292 return DEVICE_MODE_NOT_SET; | |
293 #endif | 220 #endif |
294 | 221 |
295 // We only have the notion of "enterprise" device on ChromeOS for now. | |
296 return DEVICE_MODE_CONSUMER; | |
297 } | |
298 | |
299 void BrowserPolicyConnector::ResetDevicePolicy() { | |
300 #if defined(OS_CHROMEOS) | |
301 if (device_cloud_policy_subsystem_.get()) | |
302 device_cloud_policy_subsystem_->Reset(); | |
303 #endif | |
304 } | |
305 | |
306 void BrowserPolicyConnector::FetchCloudPolicy() { | |
307 #if defined(OS_CHROMEOS) | |
308 if (device_cloud_policy_subsystem_.get()) | |
309 device_cloud_policy_subsystem_->RefreshPolicies(false); | |
310 if (user_cloud_policy_subsystem_.get()) | |
311 user_cloud_policy_subsystem_->RefreshPolicies(true); // wait_for_auth_token | |
312 #endif | |
313 } | |
314 | |
315 void BrowserPolicyConnector::ScheduleServiceInitialization( | 222 void BrowserPolicyConnector::ScheduleServiceInitialization( |
316 int64 delay_milliseconds) { | 223 int64 delay_milliseconds) { |
317 if (device_management_service_.get()) | 224 device_management_service_->ScheduleInitialization(delay_milliseconds); |
318 device_management_service_->ScheduleInitialization(delay_milliseconds); | |
319 if (user_cloud_policy_subsystem_.get()) { | |
320 user_cloud_policy_subsystem_-> | |
321 ScheduleServiceInitialization(delay_milliseconds); | |
322 } | |
323 #if defined(OS_CHROMEOS) | |
324 if (device_cloud_policy_subsystem_.get()) { | |
325 device_cloud_policy_subsystem_-> | |
326 ScheduleServiceInitialization(delay_milliseconds); | |
327 } | |
328 #endif | |
329 } | 225 } |
330 | 226 |
| 227 #if defined(OS_CHROMEOS) |
331 void BrowserPolicyConnector::InitializeUserPolicy( | 228 void BrowserPolicyConnector::InitializeUserPolicy( |
332 const std::string& user_name, | 229 const std::string& user_name, |
333 bool is_public_account, | 230 bool is_public_account, |
334 bool wait_for_policy_fetch) { | 231 bool wait_for_policy_fetch) { |
335 #if defined(OS_CHROMEOS) | |
336 // If the user is managed then importing certificates from ONC policy is | 232 // If the user is managed then importing certificates from ONC policy is |
337 // allowed, otherwise it's not. Update this flag once the user has signed in, | 233 // allowed, otherwise it's not. Update this flag once the user has signed in, |
338 // and before user policy is loaded. | 234 // and before user policy is loaded. |
339 GetNetworkConfigurationUpdater()->set_allow_web_trust( | 235 GetNetworkConfigurationUpdater()->set_allow_web_trust( |
340 GetUserAffiliation(user_name) == USER_AFFILIATION_MANAGED); | 236 GetUserAffiliation(user_name) == USER_AFFILIATION_MANAGED); |
341 | 237 |
342 // Re-initializing user policy is disallowed for two reasons: | 238 // Re-initializing user policy is disallowed for two reasons: |
343 // (a) Existing profiles may hold pointers to |user_cloud_policy_manager_|. | 239 // (a) Existing profiles may hold pointers to |user_cloud_policy_manager_|. |
344 // (b) Implementing UserCloudPolicyManager::IsInitializationComplete() | 240 // (b) Implementing UserCloudPolicyManager::IsInitializationComplete() |
345 // correctly is impossible for re-initialization. | 241 // correctly is impossible for re-initialization. |
346 CHECK(!user_cloud_policy_manager_.get()); | 242 CHECK(!user_cloud_policy_manager_.get()); |
347 #endif | |
348 | |
349 // Throw away the old backend. | |
350 user_cloud_policy_subsystem_.reset(); | |
351 user_policy_token_cache_.reset(); | |
352 user_data_store_.reset(); | |
353 token_service_ = NULL; | |
354 registrar_.RemoveAll(); | |
355 | 243 |
356 CommandLine* command_line = CommandLine::ForCurrentProcess(); | 244 CommandLine* command_line = CommandLine::ForCurrentProcess(); |
357 | 245 |
358 int64 startup_delay = | 246 int64 startup_delay = |
359 wait_for_policy_fetch ? 0 : kServiceInitializationStartupDelay; | 247 wait_for_policy_fetch ? 0 : kServiceInitializationStartupDelay; |
360 | 248 |
361 FilePath profile_dir; | 249 FilePath profile_dir; |
362 PathService::Get(chrome::DIR_USER_DATA, &profile_dir); | 250 PathService::Get(chrome::DIR_USER_DATA, &profile_dir); |
363 #if defined(OS_CHROMEOS) | |
364 profile_dir = profile_dir.Append( | 251 profile_dir = profile_dir.Append( |
365 command_line->GetSwitchValuePath(switches::kLoginProfile)); | 252 command_line->GetSwitchValuePath(switches::kLoginProfile)); |
366 #endif | |
367 const FilePath policy_dir = profile_dir.Append(kPolicyDir); | 253 const FilePath policy_dir = profile_dir.Append(kPolicyDir); |
368 const FilePath policy_cache_file = policy_dir.Append(kPolicyCacheFile); | 254 const FilePath policy_cache_file = policy_dir.Append(kPolicyCacheFile); |
369 const FilePath token_cache_file = policy_dir.Append(kTokenCacheFile); | 255 const FilePath token_cache_file = policy_dir.Append(kTokenCacheFile); |
370 | 256 |
371 if (!command_line->HasSwitch(switches::kDisableCloudPolicyService)) { | 257 device_management_service_->ScheduleInitialization(startup_delay); |
372 #if defined(OS_CHROMEOS) | 258 if (is_public_account && device_local_account_policy_service_.get()) { |
373 device_management_service_->ScheduleInitialization(startup_delay); | 259 device_local_account_policy_provider_.reset( |
374 if (is_public_account && device_local_account_policy_service_.get()) { | 260 new DeviceLocalAccountPolicyProvider( |
375 device_local_account_policy_provider_.reset( | 261 user_name, device_local_account_policy_service_.get())); |
376 new DeviceLocalAccountPolicyProvider( | |
377 user_name, device_local_account_policy_service_.get())); | |
378 | 262 |
379 device_local_account_policy_provider_->Init(); | 263 device_local_account_policy_provider_->Init(); |
380 global_user_cloud_policy_provider_.SetDelegate( | 264 global_user_cloud_policy_provider_.SetDelegate( |
381 device_local_account_policy_provider_.get()); | 265 device_local_account_policy_provider_.get()); |
382 } else if (!IsNonEnterpriseUser(user_name)) { | 266 } else if (!IsNonEnterpriseUser(user_name)) { |
383 scoped_ptr<CloudPolicyStore> store( | 267 scoped_ptr<CloudPolicyStore> store( |
384 new UserCloudPolicyStoreChromeOS( | 268 new UserCloudPolicyStoreChromeOS( |
385 chromeos::DBusThreadManager::Get()->GetSessionManagerClient(), | 269 chromeos::DBusThreadManager::Get()->GetSessionManagerClient(), |
386 user_name, policy_cache_file, token_cache_file)); | 270 user_name, policy_cache_file, token_cache_file)); |
387 user_cloud_policy_manager_.reset( | 271 user_cloud_policy_manager_.reset( |
388 new UserCloudPolicyManagerChromeOS(store.Pass(), | 272 new UserCloudPolicyManagerChromeOS(store.Pass(), |
389 wait_for_policy_fetch)); | 273 wait_for_policy_fetch)); |
390 | 274 |
391 user_cloud_policy_manager_->Init(); | 275 user_cloud_policy_manager_->Init(); |
392 user_cloud_policy_manager_->Connect(g_browser_process->local_state(), | 276 user_cloud_policy_manager_->Connect(g_browser_process->local_state(), |
393 device_management_service_.get(), | 277 device_management_service_.get(), |
394 GetUserAffiliation(user_name)); | 278 GetUserAffiliation(user_name)); |
395 global_user_cloud_policy_provider_.SetDelegate( | 279 global_user_cloud_policy_provider_.SetDelegate( |
396 user_cloud_policy_manager_.get()); | 280 user_cloud_policy_manager_.get()); |
397 } | |
398 #endif | |
399 } else { | |
400 CloudPolicyCacheBase* user_policy_cache = NULL; | |
401 | |
402 user_data_store_.reset(CloudPolicyDataStore::CreateForUserPolicies()); | |
403 #if defined(OS_CHROMEOS) | |
404 user_policy_cache = | |
405 new CrosUserPolicyCache( | |
406 chromeos::DBusThreadManager::Get()->GetSessionManagerClient(), | |
407 user_data_store_.get(), | |
408 wait_for_policy_fetch, | |
409 token_cache_file, | |
410 policy_cache_file); | |
411 #else | |
412 user_policy_cache = new UserPolicyCache(policy_cache_file, | |
413 wait_for_policy_fetch); | |
414 user_policy_token_cache_.reset( | |
415 new UserPolicyTokenCache(user_data_store_.get(), token_cache_file)); | |
416 | |
417 // Initiate the DM-Token load. | |
418 user_policy_token_cache_->Load(); | |
419 #endif | |
420 | |
421 user_cloud_policy_subsystem_.reset(new CloudPolicySubsystem( | |
422 user_data_store_.get(), | |
423 user_policy_cache, | |
424 GetDeviceManagementUrl())); | |
425 | |
426 user_data_store_->set_user_name(user_name); | |
427 user_data_store_->set_user_affiliation(GetUserAffiliation(user_name)); | |
428 | |
429 user_cloud_policy_subsystem_->CompleteInitialization( | |
430 prefs::kUserPolicyRefreshRate, | |
431 startup_delay); | |
432 | |
433 cloud_provider_->SetUserPolicyCache(user_policy_cache); | |
434 } | 281 } |
435 } | 282 } |
436 | |
437 void BrowserPolicyConnector::SetUserPolicyTokenService( | |
438 TokenService* token_service) { | |
439 token_service_ = token_service; | |
440 registrar_.Add(this, | |
441 chrome::NOTIFICATION_TOKEN_AVAILABLE, | |
442 content::Source<TokenService>(token_service_)); | |
443 | |
444 if (token_service_->HasTokenForService( | |
445 GaiaConstants::kDeviceManagementService)) { | |
446 user_data_store_->SetGaiaToken(token_service_->GetTokenForService( | |
447 GaiaConstants::kDeviceManagementService)); | |
448 } | |
449 } | |
450 | |
451 void BrowserPolicyConnector::RegisterForUserPolicy( | |
452 const std::string& oauth_token) { | |
453 if (oauth_token.empty()) { | |
454 // An attempt to fetch the dm service oauth token has failed. Notify | |
455 // the user policy cache of this, so that a potential blocked login | |
456 // proceeds without waiting for user policy. | |
457 if (user_cloud_policy_subsystem_.get()) { | |
458 user_cloud_policy_subsystem_->GetCloudPolicyCacheBase()-> | |
459 SetFetchingDone(); | |
460 } | |
461 } else { | |
462 if (user_data_store_.get()) | |
463 user_data_store_->SetOAuthToken(oauth_token); | |
464 } | |
465 } | |
466 | |
467 CloudPolicyDataStore* BrowserPolicyConnector::GetDeviceCloudPolicyDataStore() { | |
468 #if defined(OS_CHROMEOS) | |
469 return device_data_store_.get(); | |
470 #else | |
471 return NULL; | |
472 #endif | 283 #endif |
473 } | |
474 | |
475 CloudPolicyDataStore* BrowserPolicyConnector::GetUserCloudPolicyDataStore() { | |
476 return user_data_store_.get(); | |
477 } | |
478 | 284 |
479 const ConfigurationPolicyHandlerList* | 285 const ConfigurationPolicyHandlerList* |
480 BrowserPolicyConnector::GetHandlerList() const { | 286 BrowserPolicyConnector::GetHandlerList() const { |
481 return &handler_list_; | 287 return &handler_list_; |
482 } | 288 } |
483 | 289 |
484 UserAffiliation BrowserPolicyConnector::GetUserAffiliation( | 290 UserAffiliation BrowserPolicyConnector::GetUserAffiliation( |
485 const std::string& user_name) { | 291 const std::string& user_name) { |
486 #if defined(OS_CHROMEOS) | 292 #if defined(OS_CHROMEOS) |
487 if (install_attributes_.get() && | 293 if (install_attributes_.get() && |
488 gaia::ExtractDomainName(gaia::CanonicalizeEmail(user_name)) == | 294 gaia::ExtractDomainName(gaia::CanonicalizeEmail(user_name)) == |
489 install_attributes_->GetDomain()) { | 295 install_attributes_->GetDomain()) { |
490 return USER_AFFILIATION_MANAGED; | 296 return USER_AFFILIATION_MANAGED; |
491 } | 297 } |
492 #endif | 298 #endif |
493 | 299 |
494 return USER_AFFILIATION_NONE; | 300 return USER_AFFILIATION_NONE; |
495 } | 301 } |
496 | 302 |
| 303 #if defined(OS_CHROMEOS) |
497 AppPackUpdater* BrowserPolicyConnector::GetAppPackUpdater() { | 304 AppPackUpdater* BrowserPolicyConnector::GetAppPackUpdater() { |
498 #if defined(OS_CHROMEOS) | |
499 if (!app_pack_updater_.get()) { | 305 if (!app_pack_updater_.get()) { |
500 // system_request_context() is NULL in unit tests. | 306 // system_request_context() is NULL in unit tests. |
501 net::URLRequestContextGetter* request_context = | 307 net::URLRequestContextGetter* request_context = |
502 g_browser_process->system_request_context(); | 308 g_browser_process->system_request_context(); |
503 if (request_context) { | 309 if (request_context) { |
504 app_pack_updater_.reset( | 310 app_pack_updater_.reset( |
505 new AppPackUpdater(request_context, install_attributes_.get())); | 311 new AppPackUpdater(request_context, install_attributes_.get())); |
506 } | 312 } |
507 } | 313 } |
508 return app_pack_updater_.get(); | 314 return app_pack_updater_.get(); |
509 #else | 315 } |
510 return NULL; | |
511 #endif | 316 #endif |
512 } | |
513 | 317 |
| 318 #if defined(OS_CHROMEOS) |
514 NetworkConfigurationUpdater* | 319 NetworkConfigurationUpdater* |
515 BrowserPolicyConnector::GetNetworkConfigurationUpdater() { | 320 BrowserPolicyConnector::GetNetworkConfigurationUpdater() { |
516 #if defined(OS_CHROMEOS) | |
517 if (!network_configuration_updater_.get()) { | 321 if (!network_configuration_updater_.get()) { |
518 network_configuration_updater_.reset(new NetworkConfigurationUpdater( | 322 network_configuration_updater_.reset(new NetworkConfigurationUpdater( |
519 g_browser_process->policy_service(), | 323 g_browser_process->policy_service(), |
520 chromeos::CrosLibrary::Get()->GetNetworkLibrary())); | 324 chromeos::CrosLibrary::Get()->GetNetworkLibrary())); |
521 } | 325 } |
522 return network_configuration_updater_.get(); | 326 return network_configuration_updater_.get(); |
523 #else | 327 } |
524 return NULL; | |
525 #endif | 328 #endif |
526 } | |
527 | 329 |
528 void BrowserPolicyConnector::SetDeviceManagementServiceForTesting( | 330 void BrowserPolicyConnector::SetDeviceManagementServiceForTesting( |
529 scoped_ptr<DeviceManagementService> service) { | 331 scoped_ptr<DeviceManagementService> service) { |
530 device_management_service_ = service.Pass(); | 332 device_management_service_ = service.Pass(); |
531 } | 333 } |
532 | 334 |
533 // static | 335 // static |
534 void BrowserPolicyConnector::SetPolicyProviderForTesting( | 336 void BrowserPolicyConnector::SetPolicyProviderForTesting( |
535 ConfigurationPolicyProvider* provider) { | 337 ConfigurationPolicyProvider* provider) { |
536 CHECK(!g_browser_process) << "Must be invoked before the browser is created"; | 338 CHECK(!g_browser_process) << "Must be invoked before the browser is created"; |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
590 const string16 domain = | 392 const string16 domain = |
591 UTF8ToUTF16(gaia::ExtractDomainName(gaia::CanonicalizeEmail(username))); | 393 UTF8ToUTF16(gaia::ExtractDomainName(gaia::CanonicalizeEmail(username))); |
592 for (size_t i = 0; i < arraysize(kNonManagedDomainPatterns); i++) { | 394 for (size_t i = 0; i < arraysize(kNonManagedDomainPatterns); i++) { |
593 string16 pattern = WideToUTF16(kNonManagedDomainPatterns[i]); | 395 string16 pattern = WideToUTF16(kNonManagedDomainPatterns[i]); |
594 if (MatchDomain(domain, pattern)) | 396 if (MatchDomain(domain, pattern)) |
595 return true; | 397 return true; |
596 } | 398 } |
597 return false; | 399 return false; |
598 } | 400 } |
599 | 401 |
600 void BrowserPolicyConnector::Observe( | 402 // static |
601 int type, | 403 void BrowserPolicyConnector::RegisterPrefs(PrefServiceSimple* local_state) { |
602 const content::NotificationSource& source, | 404 local_state->RegisterIntegerPref(prefs::kUserPolicyRefreshRate, |
603 const content::NotificationDetails& details) { | 405 kDefaultPolicyRefreshRateMs); |
604 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
605 if (type == chrome::NOTIFICATION_TOKEN_AVAILABLE) { | |
606 const TokenService* token_source = | |
607 content::Source<const TokenService>(source).ptr(); | |
608 DCHECK_EQ(token_service_, token_source); | |
609 const TokenService::TokenAvailableDetails* token_details = | |
610 content::Details<const TokenService::TokenAvailableDetails>(details). | |
611 ptr(); | |
612 if (token_details->service() == GaiaConstants::kDeviceManagementService) { | |
613 if (user_data_store_.get()) { | |
614 user_data_store_->SetGaiaToken(token_details->token()); | |
615 } | |
616 } | |
617 } else { | |
618 NOTREACHED(); | |
619 } | |
620 } | |
621 | |
622 void BrowserPolicyConnector::InitializeDevicePolicy() { | |
623 #if defined(OS_CHROMEOS) | 406 #if defined(OS_CHROMEOS) |
624 // Throw away the old backend. | 407 local_state->RegisterIntegerPref(prefs::kDevicePolicyRefreshRate, |
625 device_cloud_policy_subsystem_.reset(); | 408 kDefaultPolicyRefreshRateMs); |
626 device_data_store_.reset(); | |
627 | |
628 CommandLine* command_line = CommandLine::ForCurrentProcess(); | |
629 if (command_line->HasSwitch(switches::kDisableCloudPolicyService)) { | |
630 device_data_store_.reset(CloudPolicyDataStore::CreateForDevicePolicies()); | |
631 DevicePolicyCache* device_policy_cache = | |
632 new DevicePolicyCache(device_data_store_.get(), | |
633 install_attributes_.get()); | |
634 | |
635 cloud_provider_->SetDevicePolicyCache(device_policy_cache); | |
636 | |
637 device_cloud_policy_subsystem_.reset(new CloudPolicySubsystem( | |
638 device_data_store_.get(), | |
639 device_policy_cache, | |
640 GetDeviceManagementUrl())); | |
641 } | |
642 #endif | 409 #endif |
643 } | 410 } |
644 | 411 |
645 void BrowserPolicyConnector::CompleteInitialization() { | 412 void BrowserPolicyConnector::CompleteInitialization() { |
646 if (g_testing_provider) | 413 if (g_testing_provider) |
647 g_testing_provider->Init(); | 414 g_testing_provider->Init(); |
648 if (platform_provider_) | 415 if (platform_provider_) |
649 platform_provider_->Init(); | 416 platform_provider_->Init(); |
650 if (cloud_provider_) | |
651 cloud_provider_->Init(); | |
652 | 417 |
653 #if defined(OS_CHROMEOS) | 418 #if defined(OS_CHROMEOS) |
654 global_user_cloud_policy_provider_.Init(); | 419 global_user_cloud_policy_provider_.Init(); |
655 | 420 |
656 // Create the AppPackUpdater to start updating the cache. It requires the | 421 // Create the AppPackUpdater to start updating the cache. It requires the |
657 // system request context, which isn't available in Init(); therefore it is | 422 // system request context, which isn't available in Init(); therefore it is |
658 // created only once the loops are running. | 423 // created only once the loops are running. |
659 GetAppPackUpdater(); | 424 GetAppPackUpdater(); |
660 | 425 |
661 if (device_cloud_policy_subsystem_.get()) { | |
662 // Read serial number and machine model. This must be done before we call | |
663 // CompleteInitialization() below such that the serial number is available | |
664 // for re-submission in case we're doing serial number recovery. | |
665 if (device_data_store_->machine_id().empty() || | |
666 device_data_store_->machine_model().empty()) { | |
667 device_data_store_->set_machine_id( | |
668 DeviceCloudPolicyManagerChromeOS::GetMachineID()); | |
669 device_data_store_->set_machine_model( | |
670 DeviceCloudPolicyManagerChromeOS::GetMachineModel()); | |
671 } | |
672 | |
673 device_cloud_policy_subsystem_->CompleteInitialization( | |
674 prefs::kDevicePolicyRefreshRate, | |
675 kServiceInitializationStartupDelay); | |
676 } | |
677 | |
678 if (device_data_store_.get()) { | |
679 device_data_store_->set_device_status_collector( | |
680 new DeviceStatusCollector( | |
681 g_browser_process->local_state(), | |
682 chromeos::system::StatisticsProvider::GetInstance(), | |
683 NULL)); | |
684 } | |
685 | |
686 if (device_cloud_policy_manager_.get()) { | 426 if (device_cloud_policy_manager_.get()) { |
687 device_cloud_policy_manager_->Init(); | 427 device_cloud_policy_manager_->Init(); |
688 scoped_ptr<CloudPolicyClient::StatusProvider> status_provider( | 428 scoped_ptr<CloudPolicyClient::StatusProvider> status_provider( |
689 new DeviceStatusCollector(g_browser_process->local_state(), | 429 new DeviceStatusCollector(g_browser_process->local_state(), |
690 chromeos::system::StatisticsProvider::GetInstance(), | 430 chromeos::system::StatisticsProvider::GetInstance(), |
691 NULL)); | 431 NULL)); |
692 device_cloud_policy_manager_->Connect( | 432 device_cloud_policy_manager_->Connect( |
693 g_browser_process->local_state(), | 433 g_browser_process->local_state(), |
694 device_management_service_.get(), | 434 device_management_service_.get(), |
695 status_provider.Pass()); | 435 status_provider.Pass()); |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
737 BrowserPolicyConnector::CreatePolicyServiceWithProviders( | 477 BrowserPolicyConnector::CreatePolicyServiceWithProviders( |
738 ConfigurationPolicyProvider* user_cloud_policy_provider, | 478 ConfigurationPolicyProvider* user_cloud_policy_provider, |
739 ConfigurationPolicyProvider* managed_mode_policy_provider) { | 479 ConfigurationPolicyProvider* managed_mode_policy_provider) { |
740 PolicyServiceImpl::Providers providers; | 480 PolicyServiceImpl::Providers providers; |
741 if (g_testing_provider) { | 481 if (g_testing_provider) { |
742 providers.push_back(g_testing_provider); | 482 providers.push_back(g_testing_provider); |
743 } else { | 483 } else { |
744 // |providers| in decreasing order of priority. | 484 // |providers| in decreasing order of priority. |
745 if (platform_provider_) | 485 if (platform_provider_) |
746 providers.push_back(platform_provider_.get()); | 486 providers.push_back(platform_provider_.get()); |
747 if (cloud_provider_) | |
748 providers.push_back(cloud_provider_.get()); | |
749 | 487 |
750 #if defined(OS_CHROMEOS) | 488 #if defined(OS_CHROMEOS) |
751 if (device_cloud_policy_manager_.get()) | 489 if (device_cloud_policy_manager_.get()) |
752 providers.push_back(device_cloud_policy_manager_.get()); | 490 providers.push_back(device_cloud_policy_manager_.get()); |
753 if (!user_cloud_policy_provider) | 491 if (!user_cloud_policy_provider) |
754 user_cloud_policy_provider = &global_user_cloud_policy_provider_; | 492 user_cloud_policy_provider = &global_user_cloud_policy_provider_; |
755 #endif | 493 #endif |
756 | 494 |
757 if (user_cloud_policy_provider) | 495 if (user_cloud_policy_provider) |
758 providers.push_back(user_cloud_policy_provider); | 496 providers.push_back(user_cloud_policy_provider); |
(...skipping 23 matching lines...) Expand all Loading... |
782 return new AsyncPolicyProvider(loader.Pass()); | 520 return new AsyncPolicyProvider(loader.Pass()); |
783 } else { | 521 } else { |
784 return NULL; | 522 return NULL; |
785 } | 523 } |
786 #else | 524 #else |
787 return NULL; | 525 return NULL; |
788 #endif | 526 #endif |
789 } | 527 } |
790 | 528 |
791 } // namespace policy | 529 } // namespace policy |
OLD | NEW |