configuration_policy_handler_chromeos.cc revision 8bcbed890bc3ce4d7a057a8f32cab53fa534672e
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/configuration_policy_handler_chromeos.h" 6 7#include <string> 8 9#include "ash/magnifier/magnifier_constants.h" 10#include "base/callback.h" 11#include "base/json/json_reader.h" 12#include "base/json/json_writer.h" 13#include "base/memory/scoped_ptr.h" 14#include "base/prefs/pref_value_map.h" 15#include "base/strings/string_util.h" 16#include "base/values.h" 17#include "chrome/browser/chromeos/policy/login_screen_power_management_policy.h" 18#include "chrome/browser/policy/external_data_fetcher.h" 19#include "chrome/browser/policy/policy_error_map.h" 20#include "chrome/browser/policy/policy_map.h" 21#include "chrome/browser/ui/ash/chrome_launcher_prefs.h" 22#include "chrome/common/pref_names.h" 23#include "chromeos/dbus/power_policy_controller.h" 24#include "chromeos/network/onc/onc_signature.h" 25#include "chromeos/network/onc/onc_utils.h" 26#include "chromeos/network/onc/onc_validator.h" 27#include "components/onc/onc_constants.h" 28#include "grit/generated_resources.h" 29#include "policy/policy_constants.h" 30 31namespace policy { 32 33// static 34NetworkConfigurationPolicyHandler* 35NetworkConfigurationPolicyHandler::CreateForUserPolicy() { 36 return new NetworkConfigurationPolicyHandler( 37 key::kOpenNetworkConfiguration, 38 onc::ONC_SOURCE_USER_POLICY, 39 prefs::kOpenNetworkConfiguration); 40} 41 42// static 43NetworkConfigurationPolicyHandler* 44NetworkConfigurationPolicyHandler::CreateForDevicePolicy() { 45 return new NetworkConfigurationPolicyHandler( 46 key::kDeviceOpenNetworkConfiguration, 47 onc::ONC_SOURCE_DEVICE_POLICY, 48 prefs::kDeviceOpenNetworkConfiguration); 49} 50 51NetworkConfigurationPolicyHandler::~NetworkConfigurationPolicyHandler() {} 52 53bool NetworkConfigurationPolicyHandler::CheckPolicySettings( 54 const PolicyMap& policies, 55 PolicyErrorMap* errors) { 56 const base::Value* value; 57 if (!CheckAndGetValue(policies, errors, &value)) 58 return false; 59 60 if (value) { 61 std::string onc_blob; 62 value->GetAsString(&onc_blob); 63 scoped_ptr<base::DictionaryValue> root_dict = 64 chromeos::onc::ReadDictionaryFromJson(onc_blob); 65 if (root_dict.get() == NULL) { 66 errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_PARSE_FAILED); 67 return false; 68 } 69 70 // Validate the ONC dictionary. We are liberal and ignore unknown field 71 // names and ignore invalid field names in kRecommended arrays. 72 chromeos::onc::Validator validator( 73 false, // Ignore unknown fields. 74 false, // Ignore invalid recommended field names. 75 true, // Fail on missing fields. 76 true); // Validate for managed ONC 77 validator.SetOncSource(onc_source_); 78 79 // ONC policies are always unencrypted. 80 chromeos::onc::Validator::Result validation_result; 81 root_dict = validator.ValidateAndRepairObject( 82 &chromeos::onc::kToplevelConfigurationSignature, *root_dict, 83 &validation_result); 84 if (validation_result == chromeos::onc::Validator::VALID_WITH_WARNINGS) 85 errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_IMPORT_PARTIAL); 86 else if (validation_result == chromeos::onc::Validator::INVALID) 87 errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_IMPORT_FAILED); 88 89 // In any case, don't reject the policy as some networks or certificates 90 // could still be applied. 91 } 92 93 return true; 94} 95 96void NetworkConfigurationPolicyHandler::ApplyPolicySettings( 97 const PolicyMap& policies, 98 PrefValueMap* prefs) { 99 const base::Value* value = policies.GetValue(policy_name()); 100 if (!value) 101 return; 102 103 std::string onc_blob; 104 value->GetAsString(&onc_blob); 105 106 scoped_ptr<base::ListValue> network_configs(new base::ListValue); 107 base::ListValue certificates; 108 base::DictionaryValue global_network_config; 109 chromeos::onc::ParseAndValidateOncForImport(onc_blob, 110 onc_source_, 111 "", 112 network_configs.get(), 113 &global_network_config, 114 &certificates); 115 116 // Currently, only the per-network configuration is stored in a pref. Ignore 117 // |global_network_config| and |certificates|. 118 prefs->SetValue(pref_path_, network_configs.release()); 119} 120 121void NetworkConfigurationPolicyHandler::PrepareForDisplaying( 122 PolicyMap* policies) const { 123 const PolicyMap::Entry* entry = policies->Get(policy_name()); 124 if (!entry) 125 return; 126 base::Value* sanitized_config = SanitizeNetworkConfig(entry->value); 127 if (!sanitized_config) 128 sanitized_config = base::Value::CreateNullValue(); 129 130 policies->Set(policy_name(), entry->level, entry->scope, 131 sanitized_config, NULL); 132} 133 134NetworkConfigurationPolicyHandler::NetworkConfigurationPolicyHandler( 135 const char* policy_name, 136 onc::ONCSource onc_source, 137 const char* pref_path) 138 : TypeCheckingPolicyHandler(policy_name, base::Value::TYPE_STRING), 139 onc_source_(onc_source), 140 pref_path_(pref_path) { 141} 142 143// static 144base::Value* NetworkConfigurationPolicyHandler::SanitizeNetworkConfig( 145 const base::Value* config) { 146 std::string json_string; 147 if (!config->GetAsString(&json_string)) 148 return NULL; 149 150 scoped_ptr<base::DictionaryValue> toplevel_dict = 151 chromeos::onc::ReadDictionaryFromJson(json_string); 152 if (!toplevel_dict) 153 return NULL; 154 155 // Placeholder to insert in place of the filtered setting. 156 const char kPlaceholder[] = "********"; 157 158 toplevel_dict = chromeos::onc::MaskCredentialsInOncObject( 159 chromeos::onc::kToplevelConfigurationSignature, 160 *toplevel_dict, 161 kPlaceholder); 162 163 base::JSONWriter::WriteWithOptions(toplevel_dict.get(), 164 base::JSONWriter::OPTIONS_DO_NOT_ESCAPE | 165 base::JSONWriter::OPTIONS_PRETTY_PRINT, 166 &json_string); 167 return base::Value::CreateStringValue(json_string); 168} 169 170PinnedLauncherAppsPolicyHandler::PinnedLauncherAppsPolicyHandler() 171 : ExtensionListPolicyHandler(key::kPinnedLauncherApps, 172 prefs::kPinnedLauncherApps, 173 false) {} 174 175PinnedLauncherAppsPolicyHandler::~PinnedLauncherAppsPolicyHandler() {} 176 177void PinnedLauncherAppsPolicyHandler::ApplyPolicySettings( 178 const PolicyMap& policies, 179 PrefValueMap* prefs) { 180 PolicyErrorMap errors; 181 const base::Value* policy_value = policies.GetValue(policy_name()); 182 const base::ListValue* policy_list = NULL; 183 if (policy_value && policy_value->GetAsList(&policy_list) && policy_list) { 184 base::ListValue* pinned_apps_list = new base::ListValue(); 185 for (base::ListValue::const_iterator entry(policy_list->begin()); 186 entry != policy_list->end(); ++entry) { 187 std::string id; 188 if ((*entry)->GetAsString(&id)) { 189 base::DictionaryValue* app_dict = new base::DictionaryValue(); 190 app_dict->SetString(ash::kPinnedAppsPrefAppIDPath, id); 191 pinned_apps_list->Append(app_dict); 192 } 193 } 194 prefs->SetValue(pref_path(), pinned_apps_list); 195 } 196} 197 198ScreenMagnifierPolicyHandler::ScreenMagnifierPolicyHandler() 199 : IntRangePolicyHandlerBase(key::kScreenMagnifierType, 200 0, ash::MAGNIFIER_FULL, false) { 201} 202 203ScreenMagnifierPolicyHandler::~ScreenMagnifierPolicyHandler() { 204} 205 206void ScreenMagnifierPolicyHandler::ApplyPolicySettings( 207 const PolicyMap& policies, 208 PrefValueMap* prefs) { 209 const base::Value* value = policies.GetValue(policy_name()); 210 int value_in_range; 211 if (value && EnsureInRange(value, &value_in_range, NULL)) { 212 prefs->SetValue(prefs::kScreenMagnifierEnabled, 213 base::Value::CreateBooleanValue(value_in_range != 0)); 214 prefs->SetValue(prefs::kScreenMagnifierType, 215 base::Value::CreateIntegerValue(value_in_range)); 216 } 217} 218 219LoginScreenPowerManagementPolicyHandler:: 220 LoginScreenPowerManagementPolicyHandler() 221 : TypeCheckingPolicyHandler(key::kDeviceLoginScreenPowerManagement, 222 base::Value::TYPE_STRING) { 223} 224 225LoginScreenPowerManagementPolicyHandler:: 226 ~LoginScreenPowerManagementPolicyHandler() { 227} 228 229bool LoginScreenPowerManagementPolicyHandler::CheckPolicySettings( 230 const PolicyMap& policies, 231 PolicyErrorMap* errors) { 232 const base::Value* value; 233 if (!CheckAndGetValue(policies, errors, &value)) 234 return false; 235 236 if (!value) 237 return true; 238 239 std::string json; 240 value->GetAsString(&json); 241 return LoginScreenPowerManagementPolicy().Init(json, errors); 242} 243 244void LoginScreenPowerManagementPolicyHandler::ApplyPolicySettings( 245 const PolicyMap& policies, 246 PrefValueMap* prefs) { 247} 248 249DeprecatedIdleActionHandler::DeprecatedIdleActionHandler() 250 : IntRangePolicyHandlerBase( 251 key::kIdleAction, 252 chromeos::PowerPolicyController::ACTION_SUSPEND, 253 chromeos::PowerPolicyController::ACTION_DO_NOTHING, 254 false) {} 255 256DeprecatedIdleActionHandler::~DeprecatedIdleActionHandler() {} 257 258void DeprecatedIdleActionHandler::ApplyPolicySettings(const PolicyMap& policies, 259 PrefValueMap* prefs) { 260 const base::Value* value = policies.GetValue(policy_name()); 261 if (value && EnsureInRange(value, NULL, NULL)) { 262 if (!prefs->GetValue(prefs::kPowerAcIdleAction, NULL)) 263 prefs->SetValue(prefs::kPowerAcIdleAction, value->DeepCopy()); 264 if (!prefs->GetValue(prefs::kPowerBatteryIdleAction, NULL)) 265 prefs->SetValue(prefs::kPowerBatteryIdleAction, value->DeepCopy()); 266 } 267} 268 269} // namespace policy 270