OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CHROME_BROWSER_POLICY_BROWSER_POLICY_CONNECTOR_H_ | 5 #ifndef CHROME_BROWSER_POLICY_BROWSER_POLICY_CONNECTOR_H_ |
6 #define CHROME_BROWSER_POLICY_BROWSER_POLICY_CONNECTOR_H_ | 6 #define CHROME_BROWSER_POLICY_BROWSER_POLICY_CONNECTOR_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
12 #include "base/memory/weak_ptr.h" | 12 #include "base/memory/weak_ptr.h" |
13 #include "chrome/browser/policy/cloud_policy_constants.h" | 13 #include "chrome/browser/policy/cloud_policy_constants.h" |
14 #include "chrome/browser/policy/configuration_policy_handler_list.h" | 14 #include "chrome/browser/policy/configuration_policy_handler_list.h" |
15 #include "chrome/browser/policy/enterprise_install_attributes.h" | |
16 #include "chrome/browser/policy/proxy_policy_provider.h" | 15 #include "chrome/browser/policy/proxy_policy_provider.h" |
17 #include "content/public/browser/notification_observer.h" | |
18 #include "content/public/browser/notification_registrar.h" | |
19 | 16 |
| 17 class PrefServiceSimple; |
20 class Profile; | 18 class Profile; |
21 class TokenService; | |
22 | 19 |
23 namespace policy { | 20 namespace policy { |
24 | 21 |
| 22 class ConfigurationPolicyProvider; |
| 23 class DeviceManagementService; |
| 24 class PolicyService; |
| 25 class PolicyStatisticsCollector; |
| 26 |
| 27 #if defined(OS_CHROMEOS) |
25 class AppPackUpdater; | 28 class AppPackUpdater; |
26 class CloudPolicyDataStore; | |
27 class CloudPolicyProvider; | |
28 class CloudPolicySubsystem; | |
29 class ConfigurationPolicyProvider; | |
30 class DeviceCloudPolicyManagerChromeOS; | 29 class DeviceCloudPolicyManagerChromeOS; |
31 class DeviceLocalAccountPolicyProvider; | 30 class DeviceLocalAccountPolicyProvider; |
32 class DeviceLocalAccountPolicyService; | 31 class DeviceLocalAccountPolicyService; |
33 class DeviceManagementService; | 32 class EnterpriseInstallAttributes; |
34 class NetworkConfigurationUpdater; | 33 class NetworkConfigurationUpdater; |
35 class PolicyService; | |
36 class PolicyStatisticsCollector; | |
37 class UserCloudPolicyManagerChromeOS; | 34 class UserCloudPolicyManagerChromeOS; |
38 class UserPolicyTokenCache; | 35 #endif |
39 | 36 |
40 // Manages the lifecycle of browser-global policy infrastructure, such as the | 37 // Manages the lifecycle of browser-global policy infrastructure, such as the |
41 // platform policy providers, device- and the user-cloud policy infrastructure. | 38 // platform policy providers, device- and the user-cloud policy infrastructure. |
42 // TODO(gfeher,mnissler): Factor out device and user specific methods into their | 39 class BrowserPolicyConnector { |
43 // respective classes. | |
44 class BrowserPolicyConnector : public content::NotificationObserver { | |
45 public: | 40 public: |
46 // Builds an uninitialized BrowserPolicyConnector, suitable for testing. | 41 // Builds an uninitialized BrowserPolicyConnector, suitable for testing. |
47 // Init() should be called to create and start the policy machinery. | 42 // Init() should be called to create and start the policy machinery. |
48 BrowserPolicyConnector(); | 43 BrowserPolicyConnector(); |
49 | 44 |
50 // Invoke Shutdown() before deleting, see below. | 45 // Invoke Shutdown() before deleting, see below. |
51 virtual ~BrowserPolicyConnector(); | 46 virtual ~BrowserPolicyConnector(); |
52 | 47 |
53 // Creates the policy providers and finalizes the initialization of the | 48 // Creates the policy providers and finalizes the initialization of the |
54 // connector. This call can be skipped on tests that don't require the full | 49 // connector. This call can be skipped on tests that don't require the full |
55 // policy system running. | 50 // policy system running. |
56 void Init(); | 51 void Init(); |
57 | 52 |
58 // Stops the policy providers and cleans up the connector before it can be | 53 // Stops the policy providers and cleans up the connector before it can be |
59 // safely deleted. This must be invoked before the destructor and while the | 54 // safely deleted. This must be invoked before the destructor and while the |
60 // threads are still running. The policy providers are still valid but won't | 55 // threads are still running. The policy providers are still valid but won't |
61 // update anymore after this call. | 56 // update anymore after this call. |
62 void Shutdown(); | 57 void Shutdown(); |
63 | 58 |
64 // Returns true if Init() has been called but Shutdown() hasn't been yet. | 59 // Returns true if Init() has been called but Shutdown() hasn't been yet. |
65 bool is_initialized() const { return is_initialized_; } | 60 bool is_initialized() const { return is_initialized_; } |
66 | 61 |
67 // Creates a new policy service for the given profile. | 62 // Creates a new policy service for the given profile. |
68 scoped_ptr<PolicyService> CreatePolicyService(Profile* profile); | 63 scoped_ptr<PolicyService> CreatePolicyService(Profile* profile); |
69 | 64 |
70 // Returns the browser-global PolicyService, that contains policies for the | 65 // Returns the browser-global PolicyService, that contains policies for the |
71 // whole browser. | 66 // whole browser. |
72 PolicyService* GetPolicyService(); | 67 PolicyService* GetPolicyService(); |
73 | 68 |
74 // Returns a weak pointer to the CloudPolicySubsystem corresponding to the | |
75 // device policy managed by this policy connector, or NULL if no such | |
76 // subsystem exists (i.e. when running outside ChromeOS). | |
77 CloudPolicySubsystem* device_cloud_policy_subsystem() { | |
78 #if defined(OS_CHROMEOS) | 69 #if defined(OS_CHROMEOS) |
79 return device_cloud_policy_subsystem_.get(); | |
80 #else | |
81 return NULL; | |
82 #endif | |
83 } | |
84 | |
85 // Returns a weak pointer to the CloudPolicySubsystem corresponding to the | |
86 // user policy managed by this policy connector, or NULL if no such | |
87 // subsystem exists (i.e. when user cloud policy is not active due to | |
88 // unmanaged or not logged in). | |
89 CloudPolicySubsystem* user_cloud_policy_subsystem() { | |
90 return user_cloud_policy_subsystem_.get(); | |
91 } | |
92 | |
93 // Triggers registration for device policy, using the |owner_email| account. | |
94 // |token| is an oauth token to authenticate the registration request, and | |
95 // |known_machine_id| is true if the server should do additional checks based | |
96 // on the machine_id used for the request. | |
97 void RegisterForDevicePolicy(const std::string& owner_email, | |
98 const std::string& token, | |
99 bool known_machine_id, | |
100 bool reregister); | |
101 | |
102 // Returns true if this device is managed by an enterprise (as opposed to | 70 // Returns true if this device is managed by an enterprise (as opposed to |
103 // a local owner). | 71 // a local owner). |
104 bool IsEnterpriseManaged(); | 72 bool IsEnterpriseManaged(); |
105 | 73 |
106 // Locks the device to an enterprise domain. | |
107 EnterpriseInstallAttributes::LockResult LockDevice(const std::string& user); | |
108 | |
109 // Returns the enterprise domain if device is managed. | 74 // Returns the enterprise domain if device is managed. |
110 std::string GetEnterpriseDomain(); | 75 std::string GetEnterpriseDomain(); |
111 | 76 |
112 // Returns the device mode. For ChromeOS this function will return the mode | 77 // Returns the device mode. For ChromeOS this function will return the mode |
113 // stored in the lockbox, or DEVICE_MODE_CONSUMER if the lockbox has been | 78 // stored in the lockbox, or DEVICE_MODE_CONSUMER if the lockbox has been |
114 // locked empty, or DEVICE_MODE_UNKNOWN if the device has not been owned yet. | 79 // locked empty, or DEVICE_MODE_UNKNOWN if the device has not been owned yet. |
115 // For other OSes the function will always return DEVICE_MODE_CONSUMER. | 80 // For other OSes the function will always return DEVICE_MODE_CONSUMER. |
116 DeviceMode GetDeviceMode(); | 81 DeviceMode GetDeviceMode(); |
117 | 82 #endif |
118 // Reset the device policy machinery. This stops any automatic retry behavior | |
119 // and clears the error flags, so potential retries have a chance to succeed. | |
120 void ResetDevicePolicy(); | |
121 | |
122 // Initiates device and user policy fetches, if possible. Pending fetches | |
123 // will be cancelled. | |
124 void FetchCloudPolicy(); | |
125 | 83 |
126 // Schedules initialization of the cloud policy backend services, if the | 84 // Schedules initialization of the cloud policy backend services, if the |
127 // services are already constructed. | 85 // services are already constructed. |
128 void ScheduleServiceInitialization(int64 delay_milliseconds); | 86 void ScheduleServiceInitialization(int64 delay_milliseconds); |
129 | 87 |
| 88 #if defined(OS_CHROMEOS) |
130 // Initializes the user cloud policy infrastructure. | 89 // Initializes the user cloud policy infrastructure. |
131 // If |wait_for_policy_fetch| is true, the user policy will only become fully | 90 // If |wait_for_policy_fetch| is true, the user policy will only become fully |
132 // initialized after a policy fetch is attempted. Note that Profile creation | 91 // initialized after a policy fetch is attempted. Note that Profile creation |
133 // is blocked until this initialization is complete. | 92 // is blocked until this initialization is complete. |
134 void InitializeUserPolicy(const std::string& user_name, | 93 void InitializeUserPolicy(const std::string& user_name, |
135 bool is_public_account, | 94 bool is_public_account, |
136 bool wait_for_policy_fetch); | 95 bool wait_for_policy_fetch); |
137 | 96 #endif |
138 // Installs a token service for user policy. | |
139 void SetUserPolicyTokenService(TokenService* token_service); | |
140 | |
141 // Registers for user policy (if not already registered), using the passed | |
142 // OAuth V2 token for authentication. |oauth_token| can be empty to signal | |
143 // that an attempt to fetch the token was made but failed, or that oauth | |
144 // isn't being used. | |
145 void RegisterForUserPolicy(const std::string& oauth_token); | |
146 | |
147 // The data stores should be considered read-only for everyone except for | |
148 // tests. | |
149 CloudPolicyDataStore* GetDeviceCloudPolicyDataStore(); | |
150 CloudPolicyDataStore* GetUserCloudPolicyDataStore(); | |
151 | 97 |
152 const ConfigurationPolicyHandlerList* GetHandlerList() const; | 98 const ConfigurationPolicyHandlerList* GetHandlerList() const; |
153 | 99 |
154 // Works out the user affiliation by checking the given |user_name| against | 100 // Works out the user affiliation by checking the given |user_name| against |
155 // the installation attributes. | 101 // the installation attributes. |
156 UserAffiliation GetUserAffiliation(const std::string& user_name); | 102 UserAffiliation GetUserAffiliation(const std::string& user_name); |
157 | 103 |
158 AppPackUpdater* GetAppPackUpdater(); | |
159 | |
160 NetworkConfigurationUpdater* GetNetworkConfigurationUpdater(); | |
161 | |
162 DeviceManagementService* device_management_service() { | 104 DeviceManagementService* device_management_service() { |
163 return device_management_service_.get(); | 105 return device_management_service_.get(); |
164 } | 106 } |
165 | 107 |
166 #if defined(OS_CHROMEOS) | 108 #if defined(OS_CHROMEOS) |
| 109 AppPackUpdater* GetAppPackUpdater(); |
| 110 |
| 111 NetworkConfigurationUpdater* GetNetworkConfigurationUpdater(); |
| 112 |
167 DeviceCloudPolicyManagerChromeOS* GetDeviceCloudPolicyManager() { | 113 DeviceCloudPolicyManagerChromeOS* GetDeviceCloudPolicyManager() { |
168 return device_cloud_policy_manager_.get(); | 114 return device_cloud_policy_manager_.get(); |
169 } | 115 } |
170 UserCloudPolicyManagerChromeOS* GetUserCloudPolicyManager() { | 116 UserCloudPolicyManagerChromeOS* GetUserCloudPolicyManager() { |
171 return user_cloud_policy_manager_.get(); | 117 return user_cloud_policy_manager_.get(); |
172 } | 118 } |
173 DeviceLocalAccountPolicyService* GetDeviceLocalAccountPolicyService() { | 119 DeviceLocalAccountPolicyService* GetDeviceLocalAccountPolicyService() { |
174 return device_local_account_policy_service_.get(); | 120 return device_local_account_policy_service_.get(); |
175 } | 121 } |
176 EnterpriseInstallAttributes* GetInstallAttributes() { | 122 EnterpriseInstallAttributes* GetInstallAttributes() { |
(...skipping 17 matching lines...) Expand all Loading... |
194 | 140 |
195 // Gets the URL of the DM server (either the default or a URL provided via the | 141 // Gets the URL of the DM server (either the default or a URL provided via the |
196 // command line). | 142 // command line). |
197 static std::string GetDeviceManagementUrl(); | 143 static std::string GetDeviceManagementUrl(); |
198 | 144 |
199 // Check whether a user is known to be non-enterprise. Domains such as | 145 // Check whether a user is known to be non-enterprise. Domains such as |
200 // gmail.com and googlemail.com are known to not be managed. Also returns | 146 // gmail.com and googlemail.com are known to not be managed. Also returns |
201 // false if the username is empty. | 147 // false if the username is empty. |
202 static bool IsNonEnterpriseUser(const std::string& username); | 148 static bool IsNonEnterpriseUser(const std::string& username); |
203 | 149 |
| 150 // Registers refresh rate prefs. |
| 151 static void RegisterPrefs(PrefServiceSimple* local_state); |
| 152 |
204 private: | 153 private: |
205 // content::NotificationObserver method overrides: | |
206 virtual void Observe(int type, | |
207 const content::NotificationSource& source, | |
208 const content::NotificationDetails& details) OVERRIDE; | |
209 | |
210 // Initializes the device cloud policy infrasturcture. | |
211 void InitializeDevicePolicy(); | |
212 | |
213 // Complete initialization once the message loops are running and the | 154 // Complete initialization once the message loops are running and the |
214 // local_state is initialized. | 155 // local_state is initialized. |
215 void CompleteInitialization(); | 156 void CompleteInitialization(); |
216 | 157 |
217 // Set the timezone as soon as the policies are available. | 158 // Set the timezone as soon as the policies are available. |
218 void SetTimezoneIfPolicyAvailable(); | 159 void SetTimezoneIfPolicyAvailable(); |
219 | 160 |
220 // Creates a new PolicyService with the shared policy providers and the given | 161 // Creates a new PolicyService with the shared policy providers and the given |
221 // |user_cloud_policy_provider| and |managed_mode_policy_provider|, which are | 162 // |user_cloud_policy_provider| and |managed_mode_policy_provider|, which are |
222 // optional. | 163 // optional. |
223 scoped_ptr<PolicyService> CreatePolicyServiceWithProviders( | 164 scoped_ptr<PolicyService> CreatePolicyServiceWithProviders( |
224 ConfigurationPolicyProvider* user_cloud_policy_provider, | 165 ConfigurationPolicyProvider* user_cloud_policy_provider, |
225 ConfigurationPolicyProvider* managed_mode_policy_provider); | 166 ConfigurationPolicyProvider* managed_mode_policy_provider); |
226 | 167 |
227 static ConfigurationPolicyProvider* CreatePlatformProvider(); | 168 static ConfigurationPolicyProvider* CreatePlatformProvider(); |
228 | 169 |
229 // Whether Init() but not Shutdown() has been invoked. | 170 // Whether Init() but not Shutdown() has been invoked. |
230 bool is_initialized_; | 171 bool is_initialized_; |
231 | 172 |
232 // Used to convert policies to preferences. The providers declared below | 173 // Used to convert policies to preferences. The providers declared below |
233 // may trigger policy updates during shutdown, which will result in | 174 // may trigger policy updates during shutdown, which will result in |
234 // |handler_list_| being consulted for policy translation. | 175 // |handler_list_| being consulted for policy translation. |
235 // Therefore, it's important to destroy |handler_list_| after the providers. | 176 // Therefore, it's important to destroy |handler_list_| after the providers. |
236 ConfigurationPolicyHandlerList handler_list_; | 177 ConfigurationPolicyHandlerList handler_list_; |
237 | 178 |
238 scoped_ptr<ConfigurationPolicyProvider> platform_provider_; | 179 scoped_ptr<ConfigurationPolicyProvider> platform_provider_; |
239 scoped_ptr<CloudPolicyProvider> cloud_provider_; | |
240 | 180 |
241 // Components of the new-style cloud policy implementation. | 181 // Components of the new-style cloud policy implementation. |
242 // TODO(mnissler): Remove the old-style components below once we have | 182 // TODO(mnissler): Remove the old-style components below once we have |
243 // completed the switch to the new cloud policy implementation. | 183 // completed the switch to the new cloud policy implementation. |
244 #if defined(OS_CHROMEOS) | 184 #if defined(OS_CHROMEOS) |
245 scoped_ptr<EnterpriseInstallAttributes> install_attributes_; | 185 scoped_ptr<EnterpriseInstallAttributes> install_attributes_; |
246 scoped_ptr<DeviceCloudPolicyManagerChromeOS> device_cloud_policy_manager_; | 186 scoped_ptr<DeviceCloudPolicyManagerChromeOS> device_cloud_policy_manager_; |
247 scoped_ptr<DeviceLocalAccountPolicyService> | 187 scoped_ptr<DeviceLocalAccountPolicyService> |
248 device_local_account_policy_service_; | 188 device_local_account_policy_service_; |
249 scoped_ptr<DeviceLocalAccountPolicyProvider> | 189 scoped_ptr<DeviceLocalAccountPolicyProvider> |
250 device_local_account_policy_provider_; | 190 device_local_account_policy_provider_; |
251 scoped_ptr<UserCloudPolicyManagerChromeOS> user_cloud_policy_manager_; | 191 scoped_ptr<UserCloudPolicyManagerChromeOS> user_cloud_policy_manager_; |
252 | 192 |
253 // This policy provider is used on Chrome OS to feed user policy into the | 193 // This policy provider is used on Chrome OS to feed user policy into the |
254 // global PolicyService instance. This works by installing | 194 // global PolicyService instance. This works by installing |
255 // |user_cloud_policy_manager_| or |device_local_account_policy_provider_|, | 195 // |user_cloud_policy_manager_| or |device_local_account_policy_provider_|, |
256 // respectively as the delegate after login. | 196 // respectively as the delegate after login. |
257 ProxyPolicyProvider global_user_cloud_policy_provider_; | 197 ProxyPolicyProvider global_user_cloud_policy_provider_; |
258 #endif | 198 #endif |
259 | 199 |
260 // Must be deleted before all the policy providers. | 200 // Must be deleted before all the policy providers. |
261 scoped_ptr<PolicyService> policy_service_; | 201 scoped_ptr<PolicyService> policy_service_; |
262 | 202 |
263 #if defined(OS_CHROMEOS) | |
264 scoped_ptr<CloudPolicyDataStore> device_data_store_; | |
265 scoped_ptr<CloudPolicySubsystem> device_cloud_policy_subsystem_; | |
266 #endif | |
267 | |
268 scoped_ptr<UserPolicyTokenCache> user_policy_token_cache_; | |
269 scoped_ptr<CloudPolicyDataStore> user_data_store_; | |
270 scoped_ptr<CloudPolicySubsystem> user_cloud_policy_subsystem_; | |
271 | |
272 scoped_ptr<PolicyStatisticsCollector> policy_statistics_collector_; | 203 scoped_ptr<PolicyStatisticsCollector> policy_statistics_collector_; |
273 | 204 |
274 scoped_ptr<DeviceManagementService> device_management_service_; | 205 scoped_ptr<DeviceManagementService> device_management_service_; |
275 | 206 |
276 // Used to initialize the device policy subsystem once the message loops | 207 // Used to initialize the device policy subsystem once the message loops |
277 // are spinning. | 208 // are spinning. |
278 base::WeakPtrFactory<BrowserPolicyConnector> weak_ptr_factory_; | 209 base::WeakPtrFactory<BrowserPolicyConnector> weak_ptr_factory_; |
279 | 210 |
280 // Registers the provider for notification of successful Gaia logins. | |
281 content::NotificationRegistrar registrar_; | |
282 | |
283 // Weak reference to the TokenService we are listening to for user cloud | |
284 // policy authentication tokens. | |
285 TokenService* token_service_; | |
286 | |
287 #if defined(OS_CHROMEOS) | 211 #if defined(OS_CHROMEOS) |
288 scoped_ptr<AppPackUpdater> app_pack_updater_; | 212 scoped_ptr<AppPackUpdater> app_pack_updater_; |
289 scoped_ptr<NetworkConfigurationUpdater> network_configuration_updater_; | 213 scoped_ptr<NetworkConfigurationUpdater> network_configuration_updater_; |
290 #endif | 214 #endif |
291 | 215 |
292 DISALLOW_COPY_AND_ASSIGN(BrowserPolicyConnector); | 216 DISALLOW_COPY_AND_ASSIGN(BrowserPolicyConnector); |
293 }; | 217 }; |
294 | 218 |
295 } // namespace policy | 219 } // namespace policy |
296 | 220 |
297 #endif // CHROME_BROWSER_POLICY_BROWSER_POLICY_CONNECTOR_H_ | 221 #endif // CHROME_BROWSER_POLICY_BROWSER_POLICY_CONNECTOR_H_ |
OLD | NEW |