browser_policy_connector_chromeos.cc revision 5f1c94371a64b3196d4be9466099bb892df9b88e
1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" 6 7#include <string> 8#include "base/bind.h" 9#include "base/bind_helpers.h" 10#include "base/command_line.h" 11#include "base/files/file_path.h" 12#include "base/location.h" 13#include "base/logging.h" 14#include "base/message_loop/message_loop.h" 15#include "base/message_loop/message_loop_proxy.h" 16#include "base/path_service.h" 17#include "base/prefs/pref_registry_simple.h" 18#include "base/sequenced_task_runner.h" 19#include "base/strings/utf_string_conversions.h" 20#include "base/threading/sequenced_worker_pool.h" 21#include "chrome/browser/chromeos/policy/app_pack_updater.h" 22#include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h" 23#include "chrome/browser/chromeos/policy/device_cloud_policy_invalidator.h" 24#include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" 25#include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" 26#include "chrome/browser/chromeos/policy/device_local_account.h" 27#include "chrome/browser/chromeos/policy/device_local_account_policy_service.h" 28#include "chrome/browser/chromeos/policy/device_network_configuration_updater.h" 29#include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" 30#include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h" 31#include "chrome/browser/chromeos/settings/cros_settings.h" 32#include "chrome/browser/chromeos/settings/device_settings_service.h" 33#include "chrome/browser/policy/device_management_service_configuration.h" 34#include "chrome/common/pref_names.h" 35#include "chromeos/chromeos_paths.h" 36#include "chromeos/chromeos_switches.h" 37#include "chromeos/cryptohome/system_salt_getter.h" 38#include "chromeos/dbus/dbus_thread_manager.h" 39#include "chromeos/network/network_handler.h" 40#include "chromeos/network/onc/onc_certificate_importer_impl.h" 41#include "chromeos/settings/cros_settings_names.h" 42#include "chromeos/settings/cros_settings_provider.h" 43#include "chromeos/settings/timezone_settings.h" 44#include "components/policy/core/common/cloud/cloud_policy_client.h" 45#include "components/policy/core/common/cloud/cloud_policy_refresh_scheduler.h" 46#include "components/policy/core/common/proxy_policy_provider.h" 47#include "content/public/browser/browser_thread.h" 48#include "google_apis/gaia/gaia_auth_util.h" 49#include "net/url_request/url_request_context_getter.h" 50 51using content::BrowserThread; 52 53namespace policy { 54 55namespace { 56 57// TODO(davidyu): Update the URL to the real one once it is ready. 58// http://crbug.com/366491. 59// 60// The URL for the consumer device management server. 61const char kDefaultConsumerDeviceManagementServerUrl[] = 62 "https://m.google.com/devicemanagement/data/api"; 63 64// Install attributes for tests. 65EnterpriseInstallAttributes* g_testing_install_attributes = NULL; 66 67// Helper that returns a new SequencedTaskRunner backed by the blocking pool. 68// Each SequencedTaskRunner returned is independent from the others. 69scoped_refptr<base::SequencedTaskRunner> GetBackgroundTaskRunner() { 70 base::SequencedWorkerPool* pool = BrowserThread::GetBlockingPool(); 71 CHECK(pool); 72 return pool->GetSequencedTaskRunnerWithShutdownBehavior( 73 pool->GetSequenceToken(), base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); 74} 75 76std::string GetConsumerDeviceManagementServerUrl() { 77 const CommandLine* command_line = CommandLine::ForCurrentProcess(); 78 if (command_line->HasSwitch( 79 chromeos::switches::kConsumerDeviceManagementUrl)) { 80 return command_line->GetSwitchValueASCII( 81 chromeos::switches::kConsumerDeviceManagementUrl); 82 } 83 return kDefaultConsumerDeviceManagementServerUrl; 84} 85 86} // namespace 87 88BrowserPolicyConnectorChromeOS::BrowserPolicyConnectorChromeOS() 89 : device_cloud_policy_manager_(NULL), 90 global_user_cloud_policy_provider_(NULL), 91 weak_ptr_factory_(this) { 92 if (g_testing_install_attributes) { 93 install_attributes_.reset(g_testing_install_attributes); 94 g_testing_install_attributes = NULL; 95 } 96 97 // SystemSaltGetter or DBusThreadManager may be uninitialized on unit tests. 98 99 // TODO(satorux): Remove SystemSaltGetter::IsInitialized() when it's ready 100 // (removing it now breaks tests). crbug.com/141016. 101 if (chromeos::SystemSaltGetter::IsInitialized() && 102 chromeos::DBusThreadManager::IsInitialized()) { 103 state_keys_broker_.reset(new ServerBackedStateKeysBroker( 104 chromeos::DBusThreadManager::Get()->GetSessionManagerClient(), 105 base::MessageLoopProxy::current())); 106 107 chromeos::CryptohomeClient* cryptohome_client = 108 chromeos::DBusThreadManager::Get()->GetCryptohomeClient(); 109 if (!install_attributes_) { 110 install_attributes_.reset( 111 new EnterpriseInstallAttributes(cryptohome_client)); 112 } 113 base::FilePath install_attrs_file; 114 CHECK(PathService::Get(chromeos::FILE_INSTALL_ATTRIBUTES, 115 &install_attrs_file)); 116 install_attributes_->ReadCacheFile(install_attrs_file); 117 118 scoped_ptr<DeviceCloudPolicyStoreChromeOS> device_cloud_policy_store( 119 new DeviceCloudPolicyStoreChromeOS( 120 chromeos::DeviceSettingsService::Get(), 121 install_attributes_.get(), 122 GetBackgroundTaskRunner())); 123 device_cloud_policy_manager_ = 124 new DeviceCloudPolicyManagerChromeOS(device_cloud_policy_store.Pass(), 125 base::MessageLoopProxy::current(), 126 state_keys_broker_.get()); 127 AddPolicyProvider( 128 scoped_ptr<ConfigurationPolicyProvider>(device_cloud_policy_manager_)); 129 } 130 131 global_user_cloud_policy_provider_ = new ProxyPolicyProvider(); 132 AddPolicyProvider(scoped_ptr<ConfigurationPolicyProvider>( 133 global_user_cloud_policy_provider_)); 134} 135 136BrowserPolicyConnectorChromeOS::~BrowserPolicyConnectorChromeOS() {} 137 138void BrowserPolicyConnectorChromeOS::Init( 139 PrefService* local_state, 140 scoped_refptr<net::URLRequestContextGetter> request_context) { 141 ChromeBrowserPolicyConnector::Init(local_state, request_context); 142 143 scoped_ptr<DeviceManagementService::Configuration> configuration( 144 new DeviceManagementServiceConfiguration( 145 GetConsumerDeviceManagementServerUrl())); 146 consumer_device_management_service_.reset( 147 new DeviceManagementService(configuration.Pass())); 148 consumer_device_management_service_->ScheduleInitialization( 149 kServiceInitializationStartupDelay); 150 151 if (device_cloud_policy_manager_) { 152 // Note: for now the |device_cloud_policy_manager_| is using the global 153 // schema registry. Eventually it will have its own registry, once device 154 // cloud policy for extensions is introduced. That means it'd have to be 155 // initialized from here instead of BrowserPolicyConnector::Init(). 156 157 device_cloud_policy_manager_->Initialize(local_state); 158 159 device_cloud_policy_initializer_.reset( 160 new DeviceCloudPolicyInitializer( 161 local_state, 162 device_management_service(), 163 consumer_device_management_service(), 164 GetBackgroundTaskRunner(), 165 install_attributes_.get(), 166 state_keys_broker_.get(), 167 device_cloud_policy_manager_->device_store(), 168 device_cloud_policy_manager_, 169 chromeos::DeviceSettingsService::Get(), 170 base::Bind(&BrowserPolicyConnectorChromeOS:: 171 OnDeviceCloudPolicyManagerConnected, 172 base::Unretained(this)))); 173 } 174 175 device_local_account_policy_service_.reset( 176 new DeviceLocalAccountPolicyService( 177 chromeos::DBusThreadManager::Get()->GetSessionManagerClient(), 178 chromeos::DeviceSettingsService::Get(), 179 chromeos::CrosSettings::Get(), 180 GetBackgroundTaskRunner(), 181 GetBackgroundTaskRunner(), 182 GetBackgroundTaskRunner(), 183 content::BrowserThread::GetMessageLoopProxyForThread( 184 content::BrowserThread::IO), 185 request_context)); 186 device_local_account_policy_service_->Connect(device_management_service()); 187 device_cloud_policy_invalidator_.reset(new DeviceCloudPolicyInvalidator); 188 189 // request_context is NULL in unit tests. 190 if (request_context && install_attributes_) { 191 app_pack_updater_.reset( 192 new AppPackUpdater(request_context, install_attributes_.get())); 193 } 194 195 SetTimezoneIfPolicyAvailable(); 196 197 network_configuration_updater_ = 198 DeviceNetworkConfigurationUpdater::CreateForDevicePolicy( 199 GetPolicyService(), 200 chromeos::NetworkHandler::Get() 201 ->managed_network_configuration_handler(), 202 chromeos::NetworkHandler::Get()->network_device_handler(), 203 chromeos::CrosSettings::Get()); 204} 205 206void BrowserPolicyConnectorChromeOS::ShutdownInvalidator() { 207 device_cloud_policy_invalidator_.reset(); 208} 209 210void BrowserPolicyConnectorChromeOS::Shutdown() { 211 // Verify that ShutdownInvalidator() has been called first. 212 DCHECK(!device_cloud_policy_invalidator_); 213 214 // The AppPackUpdater may be observing the |device_cloud_policy_manager_|. 215 // Delete it first. 216 app_pack_updater_.reset(); 217 218 network_configuration_updater_.reset(); 219 220 if (device_local_account_policy_service_) 221 device_local_account_policy_service_->Shutdown(); 222 223 if (device_cloud_policy_initializer_) 224 device_cloud_policy_initializer_->Shutdown(); 225 226 ChromeBrowserPolicyConnector::Shutdown(); 227} 228 229bool BrowserPolicyConnectorChromeOS::IsEnterpriseManaged() { 230 return install_attributes_ && install_attributes_->IsEnterpriseDevice(); 231} 232 233std::string BrowserPolicyConnectorChromeOS::GetEnterpriseDomain() { 234 return install_attributes_ ? install_attributes_->GetDomain() : std::string(); 235} 236 237DeviceMode BrowserPolicyConnectorChromeOS::GetDeviceMode() { 238 return install_attributes_ ? install_attributes_->GetMode() 239 : DEVICE_MODE_NOT_SET; 240} 241 242UserAffiliation BrowserPolicyConnectorChromeOS::GetUserAffiliation( 243 const std::string& user_name) { 244 // An empty username means incognito user in case of ChromiumOS and 245 // no logged-in user in case of Chromium (SigninService). Many tests use 246 // nonsense email addresses (e.g. 'test') so treat those as non-enterprise 247 // users. 248 if (user_name.empty() || user_name.find('@') == std::string::npos) 249 return USER_AFFILIATION_NONE; 250 251 if (install_attributes_ && 252 (gaia::ExtractDomainName(gaia::CanonicalizeEmail(user_name)) == 253 install_attributes_->GetDomain() || 254 policy::IsDeviceLocalAccountUser(user_name, NULL))) { 255 return USER_AFFILIATION_MANAGED; 256 } 257 258 return USER_AFFILIATION_NONE; 259} 260 261AppPackUpdater* BrowserPolicyConnectorChromeOS::GetAppPackUpdater() { 262 return app_pack_updater_.get(); 263} 264 265void BrowserPolicyConnectorChromeOS::SetUserPolicyDelegate( 266 ConfigurationPolicyProvider* user_policy_provider) { 267 global_user_cloud_policy_provider_->SetDelegate(user_policy_provider); 268} 269 270void BrowserPolicyConnectorChromeOS::SetInstallAttributesForTesting( 271 EnterpriseInstallAttributes* attributes) { 272 DCHECK(!g_testing_install_attributes); 273 g_testing_install_attributes = attributes; 274} 275 276void BrowserPolicyConnectorChromeOS::RemoveInstallAttributesForTesting() { 277 if (g_testing_install_attributes) { 278 delete g_testing_install_attributes; 279 g_testing_install_attributes = NULL; 280 } 281} 282 283// static 284void BrowserPolicyConnectorChromeOS::RegisterPrefs( 285 PrefRegistrySimple* registry) { 286 registry->RegisterIntegerPref( 287 prefs::kDevicePolicyRefreshRate, 288 CloudPolicyRefreshScheduler::kDefaultRefreshDelayMs); 289} 290 291void BrowserPolicyConnectorChromeOS::SetTimezoneIfPolicyAvailable() { 292 typedef chromeos::CrosSettingsProvider Provider; 293 Provider::TrustedStatus result = 294 chromeos::CrosSettings::Get()->PrepareTrustedValues(base::Bind( 295 &BrowserPolicyConnectorChromeOS::SetTimezoneIfPolicyAvailable, 296 weak_ptr_factory_.GetWeakPtr())); 297 298 if (result != Provider::TRUSTED) 299 return; 300 301 std::string timezone; 302 if (chromeos::CrosSettings::Get()->GetString(chromeos::kSystemTimezonePolicy, 303 &timezone) && 304 !timezone.empty()) { 305 chromeos::system::TimezoneSettings::GetInstance()->SetTimezoneFromID( 306 base::UTF8ToUTF16(timezone)); 307 } 308} 309 310void BrowserPolicyConnectorChromeOS::OnDeviceCloudPolicyManagerConnected() { 311 // This function is invoked by DCPInitializer, so we should release the 312 // initializer after this function returns. 313 if (device_cloud_policy_initializer_) { 314 device_cloud_policy_initializer_->Shutdown(); 315 base::MessageLoop::current()->DeleteSoon( 316 FROM_HERE, device_cloud_policy_initializer_.release()); 317 } 318} 319 320} // namespace policy 321