configuration_policy_handler_chromeos.cc revision 5e3f23d412006dc4db4e659864679f29341e113f 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/chromeos/policy/configuration_policy_handler_chromeos.h"
6
7#include <string>
8
9#include "ash/magnifier/magnifier_constants.h"
10#include "base/json/json_reader.h"
11#include "base/json/json_writer.h"
12#include "base/memory/scoped_ptr.h"
13#include "base/prefs/pref_value_map.h"
14#include "base/strings/string_util.h"
15#include "base/values.h"
16#include "chrome/browser/policy/policy_error_map.h"
17#include "chrome/browser/policy/policy_map.h"
18#include "chrome/browser/ui/ash/chrome_launcher_prefs.h"
19#include "chrome/common/pref_names.h"
20#include "chromeos/network/onc/onc_constants.h"
21#include "chromeos/network/onc/onc_signature.h"
22#include "chromeos/network/onc/onc_utils.h"
23#include "chromeos/network/onc/onc_validator.h"
24#include "grit/generated_resources.h"
25#include "policy/policy_constants.h"
26
27namespace onc = chromeos::onc;
28
29namespace policy {
30
31// static
32NetworkConfigurationPolicyHandler*
33NetworkConfigurationPolicyHandler::CreateForUserPolicy() {
34  return new NetworkConfigurationPolicyHandler(
35      key::kOpenNetworkConfiguration, onc::ONC_SOURCE_USER_POLICY);
36}
37
38// static
39NetworkConfigurationPolicyHandler*
40NetworkConfigurationPolicyHandler::CreateForDevicePolicy() {
41  return new NetworkConfigurationPolicyHandler(
42      key::kDeviceOpenNetworkConfiguration, onc::ONC_SOURCE_DEVICE_POLICY);
43}
44
45NetworkConfigurationPolicyHandler::~NetworkConfigurationPolicyHandler() {}
46
47bool NetworkConfigurationPolicyHandler::CheckPolicySettings(
48    const PolicyMap& policies,
49    PolicyErrorMap* errors) {
50  const base::Value* value;
51  if (!CheckAndGetValue(policies, errors, &value))
52    return false;
53
54  if (value) {
55    std::string onc_blob;
56    value->GetAsString(&onc_blob);
57    scoped_ptr<base::DictionaryValue> root_dict =
58        onc::ReadDictionaryFromJson(onc_blob);
59    if (root_dict.get() == NULL) {
60      errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_PARSE_FAILED);
61      return false;
62    }
63
64    // Validate the ONC dictionary. We are liberal and ignore unknown field
65    // names and ignore invalid field names in kRecommended arrays.
66    onc::Validator validator(false,  // Ignore unknown fields.
67                             false,  // Ignore invalid recommended field names.
68                             true,  // Fail on missing fields.
69                             true);  // Validate for managed ONC
70    validator.SetOncSource(onc_source_);
71
72    // ONC policies are always unencrypted.
73    onc::Validator::Result validation_result;
74    root_dict = validator.ValidateAndRepairObject(
75        &onc::kToplevelConfigurationSignature, *root_dict, &validation_result);
76    if (validation_result == onc::Validator::VALID_WITH_WARNINGS) {
77      errors->AddError(policy_name(),
78                       IDS_POLICY_NETWORK_CONFIG_IMPORT_PARTIAL);
79    } else if (validation_result == onc::Validator::INVALID) {
80      errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_IMPORT_FAILED);
81    }
82
83    // In any case, don't reject the policy as some networks or certificates
84    // could still be applied.
85  }
86
87  return true;
88}
89
90void NetworkConfigurationPolicyHandler::ApplyPolicySettings(
91    const PolicyMap& policies,
92    PrefValueMap* prefs) {
93  // Network policy is read directly from the provider and injected into
94  // NetworkLibrary, so no need to convert the policy settings into prefs.
95}
96
97void NetworkConfigurationPolicyHandler::PrepareForDisplaying(
98    PolicyMap* policies) const {
99  const PolicyMap::Entry* entry = policies->Get(policy_name());
100  if (!entry)
101    return;
102  base::Value* sanitized_config = SanitizeNetworkConfig(entry->value);
103  if (!sanitized_config)
104    sanitized_config = base::Value::CreateNullValue();
105
106  policies->Set(policy_name(), entry->level, entry->scope, sanitized_config);
107}
108
109NetworkConfigurationPolicyHandler::NetworkConfigurationPolicyHandler(
110    const char* policy_name,
111    chromeos::onc::ONCSource onc_source)
112    : TypeCheckingPolicyHandler(policy_name, base::Value::TYPE_STRING),
113      onc_source_(onc_source) {
114}
115
116// static
117base::Value* NetworkConfigurationPolicyHandler::SanitizeNetworkConfig(
118    const base::Value* config) {
119  std::string json_string;
120  if (!config->GetAsString(&json_string))
121    return NULL;
122
123  scoped_ptr<base::DictionaryValue> toplevel_dict =
124      onc::ReadDictionaryFromJson(json_string);
125  if (!toplevel_dict)
126    return NULL;
127
128  // Placeholder to insert in place of the filtered setting.
129  const char kPlaceholder[] = "********";
130
131  toplevel_dict = onc::MaskCredentialsInOncObject(
132      onc::kToplevelConfigurationSignature,
133      *toplevel_dict,
134      kPlaceholder);
135
136  base::JSONWriter::WriteWithOptions(toplevel_dict.get(),
137                                     base::JSONWriter::OPTIONS_DO_NOT_ESCAPE |
138                                         base::JSONWriter::OPTIONS_PRETTY_PRINT,
139                                     &json_string);
140  return base::Value::CreateStringValue(json_string);
141}
142
143PinnedLauncherAppsPolicyHandler::PinnedLauncherAppsPolicyHandler()
144    : ExtensionListPolicyHandler(key::kPinnedLauncherApps,
145                                 prefs::kPinnedLauncherApps,
146                                 false) {}
147
148PinnedLauncherAppsPolicyHandler::~PinnedLauncherAppsPolicyHandler() {}
149
150void PinnedLauncherAppsPolicyHandler::ApplyPolicySettings(
151    const PolicyMap& policies,
152    PrefValueMap* prefs) {
153  PolicyErrorMap errors;
154  const base::Value* policy_value = policies.GetValue(policy_name());
155  const base::ListValue* policy_list = NULL;
156  if (policy_value && policy_value->GetAsList(&policy_list) && policy_list) {
157    base::ListValue* pinned_apps_list = new base::ListValue();
158    for (base::ListValue::const_iterator entry(policy_list->begin());
159         entry != policy_list->end(); ++entry) {
160      std::string id;
161      if ((*entry)->GetAsString(&id)) {
162        base::DictionaryValue* app_dict = new base::DictionaryValue();
163        app_dict->SetString(ash::kPinnedAppsPrefAppIDPath, id);
164        pinned_apps_list->Append(app_dict);
165      }
166    }
167    prefs->SetValue(pref_path(), pinned_apps_list);
168  }
169}
170
171ScreenMagnifierPolicyHandler::ScreenMagnifierPolicyHandler()
172    : IntRangePolicyHandlerBase(key::kScreenMagnifierType,
173                                0, ash::MAGNIFIER_FULL, false) {
174}
175
176ScreenMagnifierPolicyHandler::~ScreenMagnifierPolicyHandler() {
177}
178
179void ScreenMagnifierPolicyHandler::ApplyPolicySettings(
180    const PolicyMap& policies,
181    PrefValueMap* prefs) {
182  const base::Value* value = policies.GetValue(policy_name());
183  int value_in_range;
184  if (value && EnsureInRange(value, &value_in_range, NULL)) {
185    prefs->SetValue(prefs::kScreenMagnifierEnabled,
186                    base::Value::CreateBooleanValue(value_in_range != 0));
187    prefs->SetValue(prefs::kScreenMagnifierType,
188                    base::Value::CreateIntegerValue(value_in_range));
189  }
190}
191
192}  // namespace policy
193