15d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved.
25d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be
35d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// found in the LICENSE file.
45d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
55d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
65d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
75c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu#include <string>
8116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch#include "base/bind.h"
9116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch#include "base/bind_helpers.h"
105c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu#include "base/command_line.h"
115d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/files/file_path.h"
12116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch#include "base/location.h"
135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/logging.h"
14116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch#include "base/message_loop/message_loop.h"
155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/message_loop/message_loop_proxy.h"
165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/path_service.h"
175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/prefs/pref_registry_simple.h"
185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/sequenced_task_runner.h"
195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/strings/utf_string_conversions.h"
205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/threading/sequenced_worker_pool.h"
215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/policy/app_pack_updater.h"
226e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)#include "chrome/browser/chromeos/policy/consumer_management_service.h"
23116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch#include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h"
24116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch#include "chrome/browser/chromeos/policy/device_cloud_policy_invalidator.h"
255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/policy/device_local_account.h"
285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/policy/device_network_configuration_updater.h"
305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
31010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)#include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h"
325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/settings/cros_settings.h"
335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/settings/device_settings_service.h"
345c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu#include "chrome/browser/policy/device_management_service_configuration.h"
355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/common/pref_names.h"
365d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chromeos/chromeos_paths.h"
375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chromeos/chromeos_switches.h"
385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chromeos/cryptohome/system_salt_getter.h"
396e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)#include "chromeos/dbus/cryptohome_client.h"
405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chromeos/dbus/dbus_thread_manager.h"
415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chromeos/network/network_handler.h"
425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chromeos/network/onc/onc_certificate_importer_impl.h"
435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chromeos/settings/cros_settings_names.h"
445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chromeos/settings/cros_settings_provider.h"
455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chromeos/settings/timezone_settings.h"
465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "components/policy/core/common/cloud/cloud_policy_client.h"
475d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "components/policy/core/common/cloud/cloud_policy_refresh_scheduler.h"
485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "components/policy/core/common/proxy_policy_provider.h"
495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "content/public/browser/browser_thread.h"
505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "google_apis/gaia/gaia_auth_util.h"
515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "net/url_request/url_request_context_getter.h"
525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)using content::BrowserThread;
545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)namespace policy {
565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)namespace {
585d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
595c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu// TODO(davidyu): Update the URL to the real one once it is ready.
605c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu// http://crbug.com/366491.
615c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu//
625c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu// The URL for the consumer device management server.
635c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liuconst char kDefaultConsumerDeviceManagementServerUrl[] =
645c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu    "https://m.google.com/devicemanagement/data/api";
655c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu
665d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Install attributes for tests.
675d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)EnterpriseInstallAttributes* g_testing_install_attributes = NULL;
685d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
695d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Helper that returns a new SequencedTaskRunner backed by the blocking pool.
705d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Each SequencedTaskRunner returned is independent from the others.
715d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)scoped_refptr<base::SequencedTaskRunner> GetBackgroundTaskRunner() {
725d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  base::SequencedWorkerPool* pool = BrowserThread::GetBlockingPool();
735d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  CHECK(pool);
745d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  return pool->GetSequencedTaskRunnerWithShutdownBehavior(
755d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      pool->GetSequenceToken(), base::SequencedWorkerPool::SKIP_ON_SHUTDOWN);
765d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}
775d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
786e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)std::string GetDeviceManagementServerUrlForConsumer() {
795c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu  const CommandLine* command_line = CommandLine::ForCurrentProcess();
805c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu  if (command_line->HasSwitch(
815c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu          chromeos::switches::kConsumerDeviceManagementUrl)) {
825c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu    return command_line->GetSwitchValueASCII(
835c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu        chromeos::switches::kConsumerDeviceManagementUrl);
845c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu  }
855c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu  return kDefaultConsumerDeviceManagementServerUrl;
86116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch}
875c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu
885d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}  // namespace
895d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
905d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)BrowserPolicyConnectorChromeOS::BrowserPolicyConnectorChromeOS()
915d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    : device_cloud_policy_manager_(NULL),
925d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      global_user_cloud_policy_provider_(NULL),
935d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      weak_ptr_factory_(this) {
945c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu  if (g_testing_install_attributes) {
955d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    install_attributes_.reset(g_testing_install_attributes);
965c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu    g_testing_install_attributes = NULL;
975c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu  }
985d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
995d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // SystemSaltGetter or DBusThreadManager may be uninitialized on unit tests.
1005d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
1015d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // TODO(satorux): Remove SystemSaltGetter::IsInitialized() when it's ready
1025d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // (removing it now breaks tests). crbug.com/141016.
1035d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  if (chromeos::SystemSaltGetter::IsInitialized() &&
1045d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      chromeos::DBusThreadManager::IsInitialized()) {
105010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)    state_keys_broker_.reset(new ServerBackedStateKeysBroker(
106010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)        chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
107010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)        base::MessageLoopProxy::current()));
108010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)
1095d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    chromeos::CryptohomeClient* cryptohome_client =
1105d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)        chromeos::DBusThreadManager::Get()->GetCryptohomeClient();
1115c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu    if (!install_attributes_) {
1125d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      install_attributes_.reset(
1135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)          new EnterpriseInstallAttributes(cryptohome_client));
1145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    }
1155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    base::FilePath install_attrs_file;
1165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    CHECK(PathService::Get(chromeos::FILE_INSTALL_ATTRIBUTES,
1175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)                           &install_attrs_file));
1185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    install_attributes_->ReadCacheFile(install_attrs_file);
1195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
1205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    scoped_ptr<DeviceCloudPolicyStoreChromeOS> device_cloud_policy_store(
1215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)        new DeviceCloudPolicyStoreChromeOS(
1225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)            chromeos::DeviceSettingsService::Get(),
1235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)            install_attributes_.get(),
1245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)            GetBackgroundTaskRunner()));
1255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    device_cloud_policy_manager_ =
1265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)        new DeviceCloudPolicyManagerChromeOS(device_cloud_policy_store.Pass(),
1275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)                                             base::MessageLoopProxy::current(),
128010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)                                             state_keys_broker_.get());
1295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    AddPolicyProvider(
1305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)        scoped_ptr<ConfigurationPolicyProvider>(device_cloud_policy_manager_));
1315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  }
1325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
1335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  global_user_cloud_policy_provider_ = new ProxyPolicyProvider();
1345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  AddPolicyProvider(scoped_ptr<ConfigurationPolicyProvider>(
1355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      global_user_cloud_policy_provider_));
1365d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}
1375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
1385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)BrowserPolicyConnectorChromeOS::~BrowserPolicyConnectorChromeOS() {}
1395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
1405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)void BrowserPolicyConnectorChromeOS::Init(
1415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    PrefService* local_state,
1425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    scoped_refptr<net::URLRequestContextGetter> request_context) {
1435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  ChromeBrowserPolicyConnector::Init(local_state, request_context);
1445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
1455c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu  scoped_ptr<DeviceManagementService::Configuration> configuration(
1465c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu      new DeviceManagementServiceConfiguration(
1476e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)          GetDeviceManagementServerUrlForConsumer()));
1485c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu  consumer_device_management_service_.reset(
1495c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu      new DeviceManagementService(configuration.Pass()));
1505c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu  consumer_device_management_service_->ScheduleInitialization(
1515c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu      kServiceInitializationStartupDelay);
1525c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu
1536e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)  const CommandLine* command_line = CommandLine::ForCurrentProcess();
1546e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)  if (command_line->HasSwitch(chromeos::switches::kEnableConsumerManagement)) {
1556e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)    chromeos::CryptohomeClient* cryptohome_client =
1566e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)        chromeos::DBusThreadManager::Get()->GetCryptohomeClient();
1576e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)    consumer_management_service_.reset(
1581320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci        new ConsumerManagementService(cryptohome_client,
1591320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci                                      chromeos::DeviceSettingsService::Get()));
1606e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)  }
1616e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)
1625d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  if (device_cloud_policy_manager_) {
1635d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    // Note: for now the |device_cloud_policy_manager_| is using the global
1645d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    // schema registry. Eventually it will have its own registry, once device
1655d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    // cloud policy for extensions is introduced. That means it'd have to be
1665d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    // initialized from here instead of BrowserPolicyConnector::Init().
1675d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
168116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch    device_cloud_policy_manager_->Initialize(local_state);
169116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch
170116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch    device_cloud_policy_initializer_.reset(
171116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch        new DeviceCloudPolicyInitializer(
1725d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)            local_state,
173116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch            device_management_service(),
1746e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)            GetDeviceManagementServiceForConsumer(),
175116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch            GetBackgroundTaskRunner(),
176116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch            install_attributes_.get(),
177116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch            state_keys_broker_.get(),
178116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch            device_cloud_policy_manager_->device_store(),
179116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch            device_cloud_policy_manager_,
1805f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)            chromeos::DeviceSettingsService::Get(),
181116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch            base::Bind(&BrowserPolicyConnectorChromeOS::
182116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch                           OnDeviceCloudPolicyManagerConnected,
183116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch                       base::Unretained(this))));
18403b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)    device_cloud_policy_initializer_->Init();
1855d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  }
1865d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
187a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)  device_local_account_policy_service_.reset(
188a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)      new DeviceLocalAccountPolicyService(
189a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)          chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
190a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)          chromeos::DeviceSettingsService::Get(),
191a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)          chromeos::CrosSettings::Get(),
192a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)          GetBackgroundTaskRunner(),
193a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)          GetBackgroundTaskRunner(),
194a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)          GetBackgroundTaskRunner(),
195a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)          content::BrowserThread::GetMessageLoopProxyForThread(
196a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)              content::BrowserThread::IO),
197a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)          request_context));
198a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)  device_local_account_policy_service_->Connect(device_management_service());
199116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch  device_cloud_policy_invalidator_.reset(new DeviceCloudPolicyInvalidator);
2005d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
2015d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // request_context is NULL in unit tests.
2021320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci  if (request_context.get() && install_attributes_) {
2035d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    app_pack_updater_.reset(
2041320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci        new AppPackUpdater(request_context.get(), install_attributes_.get()));
2055d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  }
2065d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
2075d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  SetTimezoneIfPolicyAvailable();
2085d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
2095d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  network_configuration_updater_ =
2105d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      DeviceNetworkConfigurationUpdater::CreateForDevicePolicy(
2115d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)          GetPolicyService(),
2125d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)          chromeos::NetworkHandler::Get()
2135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)              ->managed_network_configuration_handler(),
2145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)          chromeos::NetworkHandler::Get()->network_device_handler(),
2155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)          chromeos::CrosSettings::Get());
2165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}
2175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
21803b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)void BrowserPolicyConnectorChromeOS::PreShutdown() {
21903b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)  // Let the |device_cloud_policy_invalidator_| unregister itself as an
22003b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)  // observer of per-Profile InvalidationServices and the device-global
22103b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)  // invalidation::TiclInvalidationService it may have created as an observer of
22203b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)  // the DeviceOAuth2TokenService that is destroyed before Shutdown() is called.
223116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch  device_cloud_policy_invalidator_.reset();
22403b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)
22503b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)  // The |consumer_management_service_| may be observing a
22603b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)  // ProfileOAuth2TokenService and needs to be destroyed before the token
22703b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)  // service.
22803b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)  consumer_management_service_.reset();
229116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch}
230116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch
2315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)void BrowserPolicyConnectorChromeOS::Shutdown() {
23203b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)  // Verify that PreShutdown() has been called first.
233116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch  DCHECK(!device_cloud_policy_invalidator_);
23403b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)  DCHECK(!consumer_management_service_);
235116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch
2365d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // The AppPackUpdater may be observing the |device_cloud_policy_manager_|.
2375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // Delete it first.
2385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  app_pack_updater_.reset();
2395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
2405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  network_configuration_updater_.reset();
2415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
2425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  if (device_local_account_policy_service_)
2435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    device_local_account_policy_service_->Shutdown();
2445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
245116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch  if (device_cloud_policy_initializer_)
246116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch    device_cloud_policy_initializer_->Shutdown();
247116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch
2485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  ChromeBrowserPolicyConnector::Shutdown();
2495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}
2505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
2515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)bool BrowserPolicyConnectorChromeOS::IsEnterpriseManaged() {
2525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  return install_attributes_ && install_attributes_->IsEnterpriseDevice();
2535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}
2545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
2555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)std::string BrowserPolicyConnectorChromeOS::GetEnterpriseDomain() {
2565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  return install_attributes_ ? install_attributes_->GetDomain() : std::string();
2575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}
2585d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
2595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)DeviceMode BrowserPolicyConnectorChromeOS::GetDeviceMode() {
2605d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  return install_attributes_ ? install_attributes_->GetMode()
2615d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)                             : DEVICE_MODE_NOT_SET;
2625d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}
2635d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
2645d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)UserAffiliation BrowserPolicyConnectorChromeOS::GetUserAffiliation(
2655d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    const std::string& user_name) {
2665d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // An empty username means incognito user in case of ChromiumOS and
2675d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // no logged-in user in case of Chromium (SigninService). Many tests use
2685d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // nonsense email addresses (e.g. 'test') so treat those as non-enterprise
2695d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // users.
2705d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  if (user_name.empty() || user_name.find('@') == std::string::npos)
2715d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    return USER_AFFILIATION_NONE;
2725d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
2735d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  if (install_attributes_ &&
2745d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      (gaia::ExtractDomainName(gaia::CanonicalizeEmail(user_name)) ==
2755d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)           install_attributes_->GetDomain() ||
2765d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)       policy::IsDeviceLocalAccountUser(user_name, NULL))) {
2775d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    return USER_AFFILIATION_MANAGED;
2785d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  }
2795d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
2805d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  return USER_AFFILIATION_NONE;
2815d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}
2825d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
2835d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)AppPackUpdater* BrowserPolicyConnectorChromeOS::GetAppPackUpdater() {
2845d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  return app_pack_updater_.get();
2855d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}
2865d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
2875d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)void BrowserPolicyConnectorChromeOS::SetUserPolicyDelegate(
2885d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    ConfigurationPolicyProvider* user_policy_provider) {
2895d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  global_user_cloud_policy_provider_->SetDelegate(user_policy_provider);
2905d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}
2915d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
29203b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)void BrowserPolicyConnectorChromeOS::SetDeviceCloudPolicyInitializerForTesting(
29303b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)    scoped_ptr<DeviceCloudPolicyInitializer> initializer) {
29403b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)  device_cloud_policy_initializer_ = initializer.Pass();
29503b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)}
29603b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)
2975d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)void BrowserPolicyConnectorChromeOS::SetInstallAttributesForTesting(
2985d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    EnterpriseInstallAttributes* attributes) {
2995d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  DCHECK(!g_testing_install_attributes);
3005d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  g_testing_install_attributes = attributes;
3015d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}
3025d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
3035c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liuvoid BrowserPolicyConnectorChromeOS::RemoveInstallAttributesForTesting() {
3045c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu  if (g_testing_install_attributes) {
3055c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu    delete g_testing_install_attributes;
3065c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu    g_testing_install_attributes = NULL;
3075c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu  }
3085c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu}
3095c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu
3105d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// static
3115d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)void BrowserPolicyConnectorChromeOS::RegisterPrefs(
3125d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    PrefRegistrySimple* registry) {
3135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  registry->RegisterIntegerPref(
3145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      prefs::kDevicePolicyRefreshRate,
3155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      CloudPolicyRefreshScheduler::kDefaultRefreshDelayMs);
3165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}
3175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
3185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)void BrowserPolicyConnectorChromeOS::SetTimezoneIfPolicyAvailable() {
3195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  typedef chromeos::CrosSettingsProvider Provider;
3205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  Provider::TrustedStatus result =
3215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      chromeos::CrosSettings::Get()->PrepareTrustedValues(base::Bind(
3225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)          &BrowserPolicyConnectorChromeOS::SetTimezoneIfPolicyAvailable,
3235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)          weak_ptr_factory_.GetWeakPtr()));
3245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
3255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  if (result != Provider::TRUSTED)
3265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    return;
3275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
3285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  std::string timezone;
3295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  if (chromeos::CrosSettings::Get()->GetString(chromeos::kSystemTimezonePolicy,
3305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)                                               &timezone) &&
3315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      !timezone.empty()) {
3325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    chromeos::system::TimezoneSettings::GetInstance()->SetTimezoneFromID(
3335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)        base::UTF8ToUTF16(timezone));
3345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  }
3355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}
3365d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
337116680a4aac90f2aa7413d9095a592090648e557Ben Murdochvoid BrowserPolicyConnectorChromeOS::OnDeviceCloudPolicyManagerConnected() {
338116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch  // This function is invoked by DCPInitializer, so we should release the
339116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch  // initializer after this function returns.
340116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch  if (device_cloud_policy_initializer_) {
341116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch    device_cloud_policy_initializer_->Shutdown();
342116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch    base::MessageLoop::current()->DeleteSoon(
343116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch        FROM_HERE, device_cloud_policy_initializer_.release());
344116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch  }
345116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch}
346116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch
3475d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}  // namespace policy
348