configuration_policy_handler_chromeos.cc revision 7dbb3d5cf0c15f500944d211057644d6a2f37371 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/chromeos/policy/configuration_policy_handler_chromeos.h"
6
7#include <string>
8
9#include "ash/magnifier/magnifier_constants.h"
10#include "base/callback.h"
11#include "base/json/json_reader.h"
12#include "base/json/json_writer.h"
13#include "base/memory/scoped_ptr.h"
14#include "base/prefs/pref_value_map.h"
15#include "base/strings/string_util.h"
16#include "base/values.h"
17#include "chrome/browser/policy/external_data_fetcher.h"
18#include "chrome/browser/policy/policy_error_map.h"
19#include "chrome/browser/policy/policy_map.h"
20#include "chrome/browser/ui/ash/chrome_launcher_prefs.h"
21#include "chrome/common/pref_names.h"
22#include "chromeos/network/onc/onc_constants.h"
23#include "chromeos/network/onc/onc_signature.h"
24#include "chromeos/network/onc/onc_utils.h"
25#include "chromeos/network/onc/onc_validator.h"
26#include "grit/generated_resources.h"
27#include "policy/policy_constants.h"
28
29namespace onc = chromeos::onc;
30
31namespace policy {
32
33// static
34NetworkConfigurationPolicyHandler*
35NetworkConfigurationPolicyHandler::CreateForUserPolicy() {
36  return new NetworkConfigurationPolicyHandler(
37      key::kOpenNetworkConfiguration, onc::ONC_SOURCE_USER_POLICY);
38}
39
40// static
41NetworkConfigurationPolicyHandler*
42NetworkConfigurationPolicyHandler::CreateForDevicePolicy() {
43  return new NetworkConfigurationPolicyHandler(
44      key::kDeviceOpenNetworkConfiguration, onc::ONC_SOURCE_DEVICE_POLICY);
45}
46
47NetworkConfigurationPolicyHandler::~NetworkConfigurationPolicyHandler() {}
48
49bool NetworkConfigurationPolicyHandler::CheckPolicySettings(
50    const PolicyMap& policies,
51    PolicyErrorMap* errors) {
52  const base::Value* value;
53  if (!CheckAndGetValue(policies, errors, &value))
54    return false;
55
56  if (value) {
57    std::string onc_blob;
58    value->GetAsString(&onc_blob);
59    scoped_ptr<base::DictionaryValue> root_dict =
60        onc::ReadDictionaryFromJson(onc_blob);
61    if (root_dict.get() == NULL) {
62      errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_PARSE_FAILED);
63      return false;
64    }
65
66    // Validate the ONC dictionary. We are liberal and ignore unknown field
67    // names and ignore invalid field names in kRecommended arrays.
68    onc::Validator validator(false,  // Ignore unknown fields.
69                             false,  // Ignore invalid recommended field names.
70                             true,  // Fail on missing fields.
71                             true);  // Validate for managed ONC
72    validator.SetOncSource(onc_source_);
73
74    // ONC policies are always unencrypted.
75    onc::Validator::Result validation_result;
76    root_dict = validator.ValidateAndRepairObject(
77        &onc::kToplevelConfigurationSignature, *root_dict, &validation_result);
78    if (validation_result == onc::Validator::VALID_WITH_WARNINGS) {
79      errors->AddError(policy_name(),
80                       IDS_POLICY_NETWORK_CONFIG_IMPORT_PARTIAL);
81    } else if (validation_result == onc::Validator::INVALID) {
82      errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_IMPORT_FAILED);
83    }
84
85    // In any case, don't reject the policy as some networks or certificates
86    // could still be applied.
87  }
88
89  return true;
90}
91
92void NetworkConfigurationPolicyHandler::ApplyPolicySettings(
93    const PolicyMap& policies,
94    PrefValueMap* prefs) {
95  // Network policy is read directly from the provider and injected into
96  // NetworkLibrary, so no need to convert the policy settings into prefs.
97}
98
99void NetworkConfigurationPolicyHandler::PrepareForDisplaying(
100    PolicyMap* policies) const {
101  const PolicyMap::Entry* entry = policies->Get(policy_name());
102  if (!entry)
103    return;
104  base::Value* sanitized_config = SanitizeNetworkConfig(entry->value);
105  if (!sanitized_config)
106    sanitized_config = base::Value::CreateNullValue();
107
108  policies->Set(policy_name(), entry->level, entry->scope,
109                sanitized_config, NULL);
110}
111
112NetworkConfigurationPolicyHandler::NetworkConfigurationPolicyHandler(
113    const char* policy_name,
114    chromeos::onc::ONCSource onc_source)
115    : TypeCheckingPolicyHandler(policy_name, base::Value::TYPE_STRING),
116      onc_source_(onc_source) {
117}
118
119// static
120base::Value* NetworkConfigurationPolicyHandler::SanitizeNetworkConfig(
121    const base::Value* config) {
122  std::string json_string;
123  if (!config->GetAsString(&json_string))
124    return NULL;
125
126  scoped_ptr<base::DictionaryValue> toplevel_dict =
127      onc::ReadDictionaryFromJson(json_string);
128  if (!toplevel_dict)
129    return NULL;
130
131  // Placeholder to insert in place of the filtered setting.
132  const char kPlaceholder[] = "********";
133
134  toplevel_dict = onc::MaskCredentialsInOncObject(
135      onc::kToplevelConfigurationSignature,
136      *toplevel_dict,
137      kPlaceholder);
138
139  base::JSONWriter::WriteWithOptions(toplevel_dict.get(),
140                                     base::JSONWriter::OPTIONS_DO_NOT_ESCAPE |
141                                         base::JSONWriter::OPTIONS_PRETTY_PRINT,
142                                     &json_string);
143  return base::Value::CreateStringValue(json_string);
144}
145
146PinnedLauncherAppsPolicyHandler::PinnedLauncherAppsPolicyHandler()
147    : ExtensionListPolicyHandler(key::kPinnedLauncherApps,
148                                 prefs::kPinnedLauncherApps,
149                                 false) {}
150
151PinnedLauncherAppsPolicyHandler::~PinnedLauncherAppsPolicyHandler() {}
152
153void PinnedLauncherAppsPolicyHandler::ApplyPolicySettings(
154    const PolicyMap& policies,
155    PrefValueMap* prefs) {
156  PolicyErrorMap errors;
157  const base::Value* policy_value = policies.GetValue(policy_name());
158  const base::ListValue* policy_list = NULL;
159  if (policy_value && policy_value->GetAsList(&policy_list) && policy_list) {
160    base::ListValue* pinned_apps_list = new base::ListValue();
161    for (base::ListValue::const_iterator entry(policy_list->begin());
162         entry != policy_list->end(); ++entry) {
163      std::string id;
164      if ((*entry)->GetAsString(&id)) {
165        base::DictionaryValue* app_dict = new base::DictionaryValue();
166        app_dict->SetString(ash::kPinnedAppsPrefAppIDPath, id);
167        pinned_apps_list->Append(app_dict);
168      }
169    }
170    prefs->SetValue(pref_path(), pinned_apps_list);
171  }
172}
173
174ScreenMagnifierPolicyHandler::ScreenMagnifierPolicyHandler()
175    : IntRangePolicyHandlerBase(key::kScreenMagnifierType,
176                                0, ash::MAGNIFIER_FULL, false) {
177}
178
179ScreenMagnifierPolicyHandler::~ScreenMagnifierPolicyHandler() {
180}
181
182void ScreenMagnifierPolicyHandler::ApplyPolicySettings(
183    const PolicyMap& policies,
184    PrefValueMap* prefs) {
185  const base::Value* value = policies.GetValue(policy_name());
186  int value_in_range;
187  if (value && EnsureInRange(value, &value_in_range, NULL)) {
188    prefs->SetValue(prefs::kScreenMagnifierEnabled,
189                    base::Value::CreateBooleanValue(value_in_range != 0));
190    prefs->SetValue(prefs::kScreenMagnifierType,
191                    base::Value::CreateIntegerValue(value_in_range));
192  }
193}
194
195}  // namespace policy
196