browser_policy_connector_chromeos.cc revision 5c02ac1a9c1b504631c0a3d2b6e737b5d738bae1 
1// Copyright 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
6
7#include <string>
8#include "base/command_line.h"
9#include "base/files/file_path.h"
10#include "base/logging.h"
11#include "base/message_loop/message_loop_proxy.h"
12#include "base/path_service.h"
13#include "base/prefs/pref_registry_simple.h"
14#include "base/sequenced_task_runner.h"
15#include "base/strings/utf_string_conversions.h"
16#include "base/threading/sequenced_worker_pool.h"
17#include "chrome/browser/chromeos/policy/app_pack_updater.h"
18#include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
19#include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
20#include "chrome/browser/chromeos/policy/device_local_account.h"
21#include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
22#include "chrome/browser/chromeos/policy/device_network_configuration_updater.h"
23#include "chrome/browser/chromeos/policy/device_status_collector.h"
24#include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
25#include "chrome/browser/chromeos/settings/cros_settings.h"
26#include "chrome/browser/chromeos/settings/device_settings_service.h"
27#include "chrome/browser/policy/device_management_service_configuration.h"
28#include "chrome/common/pref_names.h"
29#include "chromeos/chromeos_paths.h"
30#include "chromeos/chromeos_switches.h"
31#include "chromeos/cryptohome/system_salt_getter.h"
32#include "chromeos/dbus/dbus_thread_manager.h"
33#include "chromeos/network/network_handler.h"
34#include "chromeos/network/onc/onc_certificate_importer_impl.h"
35#include "chromeos/settings/cros_settings_names.h"
36#include "chromeos/settings/cros_settings_provider.h"
37#include "chromeos/settings/timezone_settings.h"
38#include "chromeos/system/statistics_provider.h"
39#include "components/policy/core/common/cloud/cloud_policy_client.h"
40#include "components/policy/core/common/cloud/cloud_policy_refresh_scheduler.h"
41#include "components/policy/core/common/proxy_policy_provider.h"
42#include "content/public/browser/browser_thread.h"
43#include "google_apis/gaia/gaia_auth_util.h"
44#include "net/url_request/url_request_context_getter.h"
45
46using content::BrowserThread;
47
48namespace policy {
49
50namespace {
51
52// TODO(davidyu): Update the URL to the real one once it is ready.
53// http://crbug.com/366491.
54//
55// The URL for the consumer device management server.
56const char kDefaultConsumerDeviceManagementServerUrl[] =
57    "https://m.google.com/devicemanagement/data/api";
58
59// Install attributes for tests.
60EnterpriseInstallAttributes* g_testing_install_attributes = NULL;
61
62// Helper that returns a new SequencedTaskRunner backed by the blocking pool.
63// Each SequencedTaskRunner returned is independent from the others.
64scoped_refptr<base::SequencedTaskRunner> GetBackgroundTaskRunner() {
65  base::SequencedWorkerPool* pool = BrowserThread::GetBlockingPool();
66  CHECK(pool);
67  return pool->GetSequencedTaskRunnerWithShutdownBehavior(
68      pool->GetSequenceToken(), base::SequencedWorkerPool::SKIP_ON_SHUTDOWN);
69}
70
71std::string GetConsumerDeviceManagementServerUrl() {
72  const CommandLine* command_line = CommandLine::ForCurrentProcess();
73  if (command_line->HasSwitch(
74          chromeos::switches::kConsumerDeviceManagementUrl)) {
75    return command_line->GetSwitchValueASCII(
76        chromeos::switches::kConsumerDeviceManagementUrl);
77  }
78  return kDefaultConsumerDeviceManagementServerUrl;
79};
80
81}  // namespace
82
83BrowserPolicyConnectorChromeOS::BrowserPolicyConnectorChromeOS()
84    : device_cloud_policy_manager_(NULL),
85      global_user_cloud_policy_provider_(NULL),
86      weak_ptr_factory_(this) {
87  if (g_testing_install_attributes) {
88    install_attributes_.reset(g_testing_install_attributes);
89    g_testing_install_attributes = NULL;
90  }
91
92  // SystemSaltGetter or DBusThreadManager may be uninitialized on unit tests.
93
94  // TODO(satorux): Remove SystemSaltGetter::IsInitialized() when it's ready
95  // (removing it now breaks tests). crbug.com/141016.
96  if (chromeos::SystemSaltGetter::IsInitialized() &&
97      chromeos::DBusThreadManager::IsInitialized()) {
98    chromeos::CryptohomeClient* cryptohome_client =
99        chromeos::DBusThreadManager::Get()->GetCryptohomeClient();
100    if (!install_attributes_) {
101      install_attributes_.reset(
102          new EnterpriseInstallAttributes(cryptohome_client));
103    }
104    base::FilePath install_attrs_file;
105    CHECK(PathService::Get(chromeos::FILE_INSTALL_ATTRIBUTES,
106                           &install_attrs_file));
107    install_attributes_->ReadCacheFile(install_attrs_file);
108
109    scoped_ptr<DeviceCloudPolicyStoreChromeOS> device_cloud_policy_store(
110        new DeviceCloudPolicyStoreChromeOS(
111            chromeos::DeviceSettingsService::Get(),
112            install_attributes_.get(),
113            GetBackgroundTaskRunner()));
114    device_cloud_policy_manager_ =
115        new DeviceCloudPolicyManagerChromeOS(device_cloud_policy_store.Pass(),
116                                             base::MessageLoopProxy::current(),
117                                             GetBackgroundTaskRunner(),
118                                             install_attributes_.get());
119    AddPolicyProvider(
120        scoped_ptr<ConfigurationPolicyProvider>(device_cloud_policy_manager_));
121  }
122
123  global_user_cloud_policy_provider_ = new ProxyPolicyProvider();
124  AddPolicyProvider(scoped_ptr<ConfigurationPolicyProvider>(
125      global_user_cloud_policy_provider_));
126}
127
128BrowserPolicyConnectorChromeOS::~BrowserPolicyConnectorChromeOS() {}
129
130void BrowserPolicyConnectorChromeOS::Init(
131    PrefService* local_state,
132    scoped_refptr<net::URLRequestContextGetter> request_context) {
133  ChromeBrowserPolicyConnector::Init(local_state, request_context);
134
135  scoped_ptr<DeviceManagementService::Configuration> configuration(
136      new DeviceManagementServiceConfiguration(
137          GetConsumerDeviceManagementServerUrl()));
138  consumer_device_management_service_.reset(
139      new DeviceManagementService(configuration.Pass()));
140  consumer_device_management_service_->ScheduleInitialization(
141      kServiceInitializationStartupDelay);
142
143  if (device_cloud_policy_manager_) {
144    // Note: for now the |device_cloud_policy_manager_| is using the global
145    // schema registry. Eventually it will have its own registry, once device
146    // cloud policy for extensions is introduced. That means it'd have to be
147    // initialized from here instead of BrowserPolicyConnector::Init().
148
149    scoped_ptr<CloudPolicyClient::StatusProvider> status_provider(
150        new DeviceStatusCollector(
151            local_state,
152            chromeos::system::StatisticsProvider::GetInstance(),
153            NULL));
154    device_cloud_policy_manager_->Connect(
155        local_state, device_management_service(), status_provider.Pass());
156  }
157
158  device_local_account_policy_service_.reset(
159      new DeviceLocalAccountPolicyService(
160          chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
161          chromeos::DeviceSettingsService::Get(),
162          chromeos::CrosSettings::Get(),
163          GetBackgroundTaskRunner(),
164          GetBackgroundTaskRunner(),
165          GetBackgroundTaskRunner(),
166          content::BrowserThread::GetMessageLoopProxyForThread(
167              content::BrowserThread::IO),
168          request_context));
169  device_local_account_policy_service_->Connect(device_management_service());
170
171  // request_context is NULL in unit tests.
172  if (request_context && install_attributes_) {
173    app_pack_updater_.reset(
174        new AppPackUpdater(request_context, install_attributes_.get()));
175  }
176
177  SetTimezoneIfPolicyAvailable();
178
179  network_configuration_updater_ =
180      DeviceNetworkConfigurationUpdater::CreateForDevicePolicy(
181          GetPolicyService(),
182          chromeos::NetworkHandler::Get()
183              ->managed_network_configuration_handler(),
184          chromeos::NetworkHandler::Get()->network_device_handler(),
185          chromeos::CrosSettings::Get());
186}
187
188void BrowserPolicyConnectorChromeOS::Shutdown() {
189  // The AppPackUpdater may be observing the |device_cloud_policy_manager_|.
190  // Delete it first.
191  app_pack_updater_.reset();
192
193  network_configuration_updater_.reset();
194
195  if (device_local_account_policy_service_)
196    device_local_account_policy_service_->Shutdown();
197
198  ChromeBrowserPolicyConnector::Shutdown();
199}
200
201bool BrowserPolicyConnectorChromeOS::IsEnterpriseManaged() {
202  return install_attributes_ && install_attributes_->IsEnterpriseDevice();
203}
204
205std::string BrowserPolicyConnectorChromeOS::GetEnterpriseDomain() {
206  return install_attributes_ ? install_attributes_->GetDomain() : std::string();
207}
208
209DeviceMode BrowserPolicyConnectorChromeOS::GetDeviceMode() {
210  return install_attributes_ ? install_attributes_->GetMode()
211                             : DEVICE_MODE_NOT_SET;
212}
213
214UserAffiliation BrowserPolicyConnectorChromeOS::GetUserAffiliation(
215    const std::string& user_name) {
216  // An empty username means incognito user in case of ChromiumOS and
217  // no logged-in user in case of Chromium (SigninService). Many tests use
218  // nonsense email addresses (e.g. 'test') so treat those as non-enterprise
219  // users.
220  if (user_name.empty() || user_name.find('@') == std::string::npos)
221    return USER_AFFILIATION_NONE;
222
223  if (install_attributes_ &&
224      (gaia::ExtractDomainName(gaia::CanonicalizeEmail(user_name)) ==
225           install_attributes_->GetDomain() ||
226       policy::IsDeviceLocalAccountUser(user_name, NULL))) {
227    return USER_AFFILIATION_MANAGED;
228  }
229
230  return USER_AFFILIATION_NONE;
231}
232
233AppPackUpdater* BrowserPolicyConnectorChromeOS::GetAppPackUpdater() {
234  return app_pack_updater_.get();
235}
236
237void BrowserPolicyConnectorChromeOS::SetUserPolicyDelegate(
238    ConfigurationPolicyProvider* user_policy_provider) {
239  global_user_cloud_policy_provider_->SetDelegate(user_policy_provider);
240}
241
242void BrowserPolicyConnectorChromeOS::SetInstallAttributesForTesting(
243    EnterpriseInstallAttributes* attributes) {
244  DCHECK(!g_testing_install_attributes);
245  g_testing_install_attributes = attributes;
246}
247
248void BrowserPolicyConnectorChromeOS::RemoveInstallAttributesForTesting() {
249  if (g_testing_install_attributes) {
250    delete g_testing_install_attributes;
251    g_testing_install_attributes = NULL;
252  }
253}
254
255// static
256void BrowserPolicyConnectorChromeOS::RegisterPrefs(
257    PrefRegistrySimple* registry) {
258  registry->RegisterIntegerPref(
259      prefs::kDevicePolicyRefreshRate,
260      CloudPolicyRefreshScheduler::kDefaultRefreshDelayMs);
261}
262
263void BrowserPolicyConnectorChromeOS::SetTimezoneIfPolicyAvailable() {
264  typedef chromeos::CrosSettingsProvider Provider;
265  Provider::TrustedStatus result =
266      chromeos::CrosSettings::Get()->PrepareTrustedValues(base::Bind(
267          &BrowserPolicyConnectorChromeOS::SetTimezoneIfPolicyAvailable,
268          weak_ptr_factory_.GetWeakPtr()));
269
270  if (result != Provider::TRUSTED)
271    return;
272
273  std::string timezone;
274  if (chromeos::CrosSettings::Get()->GetString(chromeos::kSystemTimezonePolicy,
275                                               &timezone) &&
276      !timezone.empty()) {
277    chromeos::system::TimezoneSettings::GetInstance()->SetTimezoneFromID(
278        base::UTF8ToUTF16(timezone));
279  }
280}
281
282}  // namespace policy
283