browser_policy_connector_chromeos.cc revision 5c02ac1a9c1b504631c0a3d2b6e737b5d738bae1
1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" 6 7#include <string> 8#include "base/command_line.h" 9#include "base/files/file_path.h" 10#include "base/logging.h" 11#include "base/message_loop/message_loop_proxy.h" 12#include "base/path_service.h" 13#include "base/prefs/pref_registry_simple.h" 14#include "base/sequenced_task_runner.h" 15#include "base/strings/utf_string_conversions.h" 16#include "base/threading/sequenced_worker_pool.h" 17#include "chrome/browser/chromeos/policy/app_pack_updater.h" 18#include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" 19#include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" 20#include "chrome/browser/chromeos/policy/device_local_account.h" 21#include "chrome/browser/chromeos/policy/device_local_account_policy_service.h" 22#include "chrome/browser/chromeos/policy/device_network_configuration_updater.h" 23#include "chrome/browser/chromeos/policy/device_status_collector.h" 24#include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" 25#include "chrome/browser/chromeos/settings/cros_settings.h" 26#include "chrome/browser/chromeos/settings/device_settings_service.h" 27#include "chrome/browser/policy/device_management_service_configuration.h" 28#include "chrome/common/pref_names.h" 29#include "chromeos/chromeos_paths.h" 30#include "chromeos/chromeos_switches.h" 31#include "chromeos/cryptohome/system_salt_getter.h" 32#include "chromeos/dbus/dbus_thread_manager.h" 33#include "chromeos/network/network_handler.h" 34#include "chromeos/network/onc/onc_certificate_importer_impl.h" 35#include "chromeos/settings/cros_settings_names.h" 36#include "chromeos/settings/cros_settings_provider.h" 37#include "chromeos/settings/timezone_settings.h" 38#include "chromeos/system/statistics_provider.h" 39#include "components/policy/core/common/cloud/cloud_policy_client.h" 40#include "components/policy/core/common/cloud/cloud_policy_refresh_scheduler.h" 41#include "components/policy/core/common/proxy_policy_provider.h" 42#include "content/public/browser/browser_thread.h" 43#include "google_apis/gaia/gaia_auth_util.h" 44#include "net/url_request/url_request_context_getter.h" 45 46using content::BrowserThread; 47 48namespace policy { 49 50namespace { 51 52// TODO(davidyu): Update the URL to the real one once it is ready. 53// http://crbug.com/366491. 54// 55// The URL for the consumer device management server. 56const char kDefaultConsumerDeviceManagementServerUrl[] = 57 "https://m.google.com/devicemanagement/data/api"; 58 59// Install attributes for tests. 60EnterpriseInstallAttributes* g_testing_install_attributes = NULL; 61 62// Helper that returns a new SequencedTaskRunner backed by the blocking pool. 63// Each SequencedTaskRunner returned is independent from the others. 64scoped_refptr<base::SequencedTaskRunner> GetBackgroundTaskRunner() { 65 base::SequencedWorkerPool* pool = BrowserThread::GetBlockingPool(); 66 CHECK(pool); 67 return pool->GetSequencedTaskRunnerWithShutdownBehavior( 68 pool->GetSequenceToken(), base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); 69} 70 71std::string GetConsumerDeviceManagementServerUrl() { 72 const CommandLine* command_line = CommandLine::ForCurrentProcess(); 73 if (command_line->HasSwitch( 74 chromeos::switches::kConsumerDeviceManagementUrl)) { 75 return command_line->GetSwitchValueASCII( 76 chromeos::switches::kConsumerDeviceManagementUrl); 77 } 78 return kDefaultConsumerDeviceManagementServerUrl; 79}; 80 81} // namespace 82 83BrowserPolicyConnectorChromeOS::BrowserPolicyConnectorChromeOS() 84 : device_cloud_policy_manager_(NULL), 85 global_user_cloud_policy_provider_(NULL), 86 weak_ptr_factory_(this) { 87 if (g_testing_install_attributes) { 88 install_attributes_.reset(g_testing_install_attributes); 89 g_testing_install_attributes = NULL; 90 } 91 92 // SystemSaltGetter or DBusThreadManager may be uninitialized on unit tests. 93 94 // TODO(satorux): Remove SystemSaltGetter::IsInitialized() when it's ready 95 // (removing it now breaks tests). crbug.com/141016. 96 if (chromeos::SystemSaltGetter::IsInitialized() && 97 chromeos::DBusThreadManager::IsInitialized()) { 98 chromeos::CryptohomeClient* cryptohome_client = 99 chromeos::DBusThreadManager::Get()->GetCryptohomeClient(); 100 if (!install_attributes_) { 101 install_attributes_.reset( 102 new EnterpriseInstallAttributes(cryptohome_client)); 103 } 104 base::FilePath install_attrs_file; 105 CHECK(PathService::Get(chromeos::FILE_INSTALL_ATTRIBUTES, 106 &install_attrs_file)); 107 install_attributes_->ReadCacheFile(install_attrs_file); 108 109 scoped_ptr<DeviceCloudPolicyStoreChromeOS> device_cloud_policy_store( 110 new DeviceCloudPolicyStoreChromeOS( 111 chromeos::DeviceSettingsService::Get(), 112 install_attributes_.get(), 113 GetBackgroundTaskRunner())); 114 device_cloud_policy_manager_ = 115 new DeviceCloudPolicyManagerChromeOS(device_cloud_policy_store.Pass(), 116 base::MessageLoopProxy::current(), 117 GetBackgroundTaskRunner(), 118 install_attributes_.get()); 119 AddPolicyProvider( 120 scoped_ptr<ConfigurationPolicyProvider>(device_cloud_policy_manager_)); 121 } 122 123 global_user_cloud_policy_provider_ = new ProxyPolicyProvider(); 124 AddPolicyProvider(scoped_ptr<ConfigurationPolicyProvider>( 125 global_user_cloud_policy_provider_)); 126} 127 128BrowserPolicyConnectorChromeOS::~BrowserPolicyConnectorChromeOS() {} 129 130void BrowserPolicyConnectorChromeOS::Init( 131 PrefService* local_state, 132 scoped_refptr<net::URLRequestContextGetter> request_context) { 133 ChromeBrowserPolicyConnector::Init(local_state, request_context); 134 135 scoped_ptr<DeviceManagementService::Configuration> configuration( 136 new DeviceManagementServiceConfiguration( 137 GetConsumerDeviceManagementServerUrl())); 138 consumer_device_management_service_.reset( 139 new DeviceManagementService(configuration.Pass())); 140 consumer_device_management_service_->ScheduleInitialization( 141 kServiceInitializationStartupDelay); 142 143 if (device_cloud_policy_manager_) { 144 // Note: for now the |device_cloud_policy_manager_| is using the global 145 // schema registry. Eventually it will have its own registry, once device 146 // cloud policy for extensions is introduced. That means it'd have to be 147 // initialized from here instead of BrowserPolicyConnector::Init(). 148 149 scoped_ptr<CloudPolicyClient::StatusProvider> status_provider( 150 new DeviceStatusCollector( 151 local_state, 152 chromeos::system::StatisticsProvider::GetInstance(), 153 NULL)); 154 device_cloud_policy_manager_->Connect( 155 local_state, device_management_service(), status_provider.Pass()); 156 } 157 158 device_local_account_policy_service_.reset( 159 new DeviceLocalAccountPolicyService( 160 chromeos::DBusThreadManager::Get()->GetSessionManagerClient(), 161 chromeos::DeviceSettingsService::Get(), 162 chromeos::CrosSettings::Get(), 163 GetBackgroundTaskRunner(), 164 GetBackgroundTaskRunner(), 165 GetBackgroundTaskRunner(), 166 content::BrowserThread::GetMessageLoopProxyForThread( 167 content::BrowserThread::IO), 168 request_context)); 169 device_local_account_policy_service_->Connect(device_management_service()); 170 171 // request_context is NULL in unit tests. 172 if (request_context && install_attributes_) { 173 app_pack_updater_.reset( 174 new AppPackUpdater(request_context, install_attributes_.get())); 175 } 176 177 SetTimezoneIfPolicyAvailable(); 178 179 network_configuration_updater_ = 180 DeviceNetworkConfigurationUpdater::CreateForDevicePolicy( 181 GetPolicyService(), 182 chromeos::NetworkHandler::Get() 183 ->managed_network_configuration_handler(), 184 chromeos::NetworkHandler::Get()->network_device_handler(), 185 chromeos::CrosSettings::Get()); 186} 187 188void BrowserPolicyConnectorChromeOS::Shutdown() { 189 // The AppPackUpdater may be observing the |device_cloud_policy_manager_|. 190 // Delete it first. 191 app_pack_updater_.reset(); 192 193 network_configuration_updater_.reset(); 194 195 if (device_local_account_policy_service_) 196 device_local_account_policy_service_->Shutdown(); 197 198 ChromeBrowserPolicyConnector::Shutdown(); 199} 200 201bool BrowserPolicyConnectorChromeOS::IsEnterpriseManaged() { 202 return install_attributes_ && install_attributes_->IsEnterpriseDevice(); 203} 204 205std::string BrowserPolicyConnectorChromeOS::GetEnterpriseDomain() { 206 return install_attributes_ ? install_attributes_->GetDomain() : std::string(); 207} 208 209DeviceMode BrowserPolicyConnectorChromeOS::GetDeviceMode() { 210 return install_attributes_ ? install_attributes_->GetMode() 211 : DEVICE_MODE_NOT_SET; 212} 213 214UserAffiliation BrowserPolicyConnectorChromeOS::GetUserAffiliation( 215 const std::string& user_name) { 216 // An empty username means incognito user in case of ChromiumOS and 217 // no logged-in user in case of Chromium (SigninService). Many tests use 218 // nonsense email addresses (e.g. 'test') so treat those as non-enterprise 219 // users. 220 if (user_name.empty() || user_name.find('@') == std::string::npos) 221 return USER_AFFILIATION_NONE; 222 223 if (install_attributes_ && 224 (gaia::ExtractDomainName(gaia::CanonicalizeEmail(user_name)) == 225 install_attributes_->GetDomain() || 226 policy::IsDeviceLocalAccountUser(user_name, NULL))) { 227 return USER_AFFILIATION_MANAGED; 228 } 229 230 return USER_AFFILIATION_NONE; 231} 232 233AppPackUpdater* BrowserPolicyConnectorChromeOS::GetAppPackUpdater() { 234 return app_pack_updater_.get(); 235} 236 237void BrowserPolicyConnectorChromeOS::SetUserPolicyDelegate( 238 ConfigurationPolicyProvider* user_policy_provider) { 239 global_user_cloud_policy_provider_->SetDelegate(user_policy_provider); 240} 241 242void BrowserPolicyConnectorChromeOS::SetInstallAttributesForTesting( 243 EnterpriseInstallAttributes* attributes) { 244 DCHECK(!g_testing_install_attributes); 245 g_testing_install_attributes = attributes; 246} 247 248void BrowserPolicyConnectorChromeOS::RemoveInstallAttributesForTesting() { 249 if (g_testing_install_attributes) { 250 delete g_testing_install_attributes; 251 g_testing_install_attributes = NULL; 252 } 253} 254 255// static 256void BrowserPolicyConnectorChromeOS::RegisterPrefs( 257 PrefRegistrySimple* registry) { 258 registry->RegisterIntegerPref( 259 prefs::kDevicePolicyRefreshRate, 260 CloudPolicyRefreshScheduler::kDefaultRefreshDelayMs); 261} 262 263void BrowserPolicyConnectorChromeOS::SetTimezoneIfPolicyAvailable() { 264 typedef chromeos::CrosSettingsProvider Provider; 265 Provider::TrustedStatus result = 266 chromeos::CrosSettings::Get()->PrepareTrustedValues(base::Bind( 267 &BrowserPolicyConnectorChromeOS::SetTimezoneIfPolicyAvailable, 268 weak_ptr_factory_.GetWeakPtr())); 269 270 if (result != Provider::TRUSTED) 271 return; 272 273 std::string timezone; 274 if (chromeos::CrosSettings::Get()->GetString(chromeos::kSystemTimezonePolicy, 275 &timezone) && 276 !timezone.empty()) { 277 chromeos::system::TimezoneSettings::GetInstance()->SetTimezoneFromID( 278 base::UTF8ToUTF16(timezone)); 279 } 280} 281 282} // namespace policy 283