configuration_policy_handler_chromeos.cc revision 9ab5563a3196760eb381d102cbb2bc0f7abc6a50
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/configuration_policy_handler_chromeos.h" 6 7#include <string> 8 9#include "ash/magnifier/magnifier_constants.h" 10#include "base/callback.h" 11#include "base/json/json_reader.h" 12#include "base/json/json_writer.h" 13#include "base/memory/scoped_ptr.h" 14#include "base/prefs/pref_value_map.h" 15#include "base/strings/string_util.h" 16#include "base/values.h" 17#include "chrome/browser/chromeos/policy/login_screen_power_management_policy.h" 18#include "chrome/browser/policy/external_data_fetcher.h" 19#include "chrome/browser/policy/policy_error_map.h" 20#include "chrome/browser/policy/policy_map.h" 21#include "chrome/browser/ui/ash/chrome_launcher_prefs.h" 22#include "chrome/common/pref_names.h" 23#include "chromeos/network/onc/onc_constants.h" 24#include "chromeos/network/onc/onc_signature.h" 25#include "chromeos/network/onc/onc_utils.h" 26#include "chromeos/network/onc/onc_validator.h" 27#include "grit/generated_resources.h" 28#include "policy/policy_constants.h" 29 30namespace onc = chromeos::onc; 31 32namespace policy { 33 34// static 35NetworkConfigurationPolicyHandler* 36NetworkConfigurationPolicyHandler::CreateForUserPolicy() { 37 return new NetworkConfigurationPolicyHandler( 38 key::kOpenNetworkConfiguration, onc::ONC_SOURCE_USER_POLICY); 39} 40 41// static 42NetworkConfigurationPolicyHandler* 43NetworkConfigurationPolicyHandler::CreateForDevicePolicy() { 44 return new NetworkConfigurationPolicyHandler( 45 key::kDeviceOpenNetworkConfiguration, onc::ONC_SOURCE_DEVICE_POLICY); 46} 47 48NetworkConfigurationPolicyHandler::~NetworkConfigurationPolicyHandler() {} 49 50bool NetworkConfigurationPolicyHandler::CheckPolicySettings( 51 const PolicyMap& policies, 52 PolicyErrorMap* errors) { 53 const base::Value* value; 54 if (!CheckAndGetValue(policies, errors, &value)) 55 return false; 56 57 if (value) { 58 std::string onc_blob; 59 value->GetAsString(&onc_blob); 60 scoped_ptr<base::DictionaryValue> root_dict = 61 onc::ReadDictionaryFromJson(onc_blob); 62 if (root_dict.get() == NULL) { 63 errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_PARSE_FAILED); 64 return false; 65 } 66 67 // Validate the ONC dictionary. We are liberal and ignore unknown field 68 // names and ignore invalid field names in kRecommended arrays. 69 onc::Validator validator(false, // Ignore unknown fields. 70 false, // Ignore invalid recommended field names. 71 true, // Fail on missing fields. 72 true); // Validate for managed ONC 73 validator.SetOncSource(onc_source_); 74 75 // ONC policies are always unencrypted. 76 onc::Validator::Result validation_result; 77 root_dict = validator.ValidateAndRepairObject( 78 &onc::kToplevelConfigurationSignature, *root_dict, &validation_result); 79 if (validation_result == onc::Validator::VALID_WITH_WARNINGS) { 80 errors->AddError(policy_name(), 81 IDS_POLICY_NETWORK_CONFIG_IMPORT_PARTIAL); 82 } else if (validation_result == onc::Validator::INVALID) { 83 errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_IMPORT_FAILED); 84 } 85 86 // In any case, don't reject the policy as some networks or certificates 87 // could still be applied. 88 } 89 90 return true; 91} 92 93void NetworkConfigurationPolicyHandler::ApplyPolicySettings( 94 const PolicyMap& policies, 95 PrefValueMap* prefs) { 96 // Network policy is read directly from the provider and injected into 97 // NetworkLibrary, so no need to convert the policy settings into prefs. 98} 99 100void NetworkConfigurationPolicyHandler::PrepareForDisplaying( 101 PolicyMap* policies) const { 102 const PolicyMap::Entry* entry = policies->Get(policy_name()); 103 if (!entry) 104 return; 105 base::Value* sanitized_config = SanitizeNetworkConfig(entry->value); 106 if (!sanitized_config) 107 sanitized_config = base::Value::CreateNullValue(); 108 109 policies->Set(policy_name(), entry->level, entry->scope, 110 sanitized_config, NULL); 111} 112 113NetworkConfigurationPolicyHandler::NetworkConfigurationPolicyHandler( 114 const char* policy_name, 115 chromeos::onc::ONCSource onc_source) 116 : TypeCheckingPolicyHandler(policy_name, base::Value::TYPE_STRING), 117 onc_source_(onc_source) { 118} 119 120// static 121base::Value* NetworkConfigurationPolicyHandler::SanitizeNetworkConfig( 122 const base::Value* config) { 123 std::string json_string; 124 if (!config->GetAsString(&json_string)) 125 return NULL; 126 127 scoped_ptr<base::DictionaryValue> toplevel_dict = 128 onc::ReadDictionaryFromJson(json_string); 129 if (!toplevel_dict) 130 return NULL; 131 132 // Placeholder to insert in place of the filtered setting. 133 const char kPlaceholder[] = "********"; 134 135 toplevel_dict = onc::MaskCredentialsInOncObject( 136 onc::kToplevelConfigurationSignature, 137 *toplevel_dict, 138 kPlaceholder); 139 140 base::JSONWriter::WriteWithOptions(toplevel_dict.get(), 141 base::JSONWriter::OPTIONS_DO_NOT_ESCAPE | 142 base::JSONWriter::OPTIONS_PRETTY_PRINT, 143 &json_string); 144 return base::Value::CreateStringValue(json_string); 145} 146 147PinnedLauncherAppsPolicyHandler::PinnedLauncherAppsPolicyHandler() 148 : ExtensionListPolicyHandler(key::kPinnedLauncherApps, 149 prefs::kPinnedLauncherApps, 150 false) {} 151 152PinnedLauncherAppsPolicyHandler::~PinnedLauncherAppsPolicyHandler() {} 153 154void PinnedLauncherAppsPolicyHandler::ApplyPolicySettings( 155 const PolicyMap& policies, 156 PrefValueMap* prefs) { 157 PolicyErrorMap errors; 158 const base::Value* policy_value = policies.GetValue(policy_name()); 159 const base::ListValue* policy_list = NULL; 160 if (policy_value && policy_value->GetAsList(&policy_list) && policy_list) { 161 base::ListValue* pinned_apps_list = new base::ListValue(); 162 for (base::ListValue::const_iterator entry(policy_list->begin()); 163 entry != policy_list->end(); ++entry) { 164 std::string id; 165 if ((*entry)->GetAsString(&id)) { 166 base::DictionaryValue* app_dict = new base::DictionaryValue(); 167 app_dict->SetString(ash::kPinnedAppsPrefAppIDPath, id); 168 pinned_apps_list->Append(app_dict); 169 } 170 } 171 prefs->SetValue(pref_path(), pinned_apps_list); 172 } 173} 174 175ScreenMagnifierPolicyHandler::ScreenMagnifierPolicyHandler() 176 : IntRangePolicyHandlerBase(key::kScreenMagnifierType, 177 0, ash::MAGNIFIER_FULL, false) { 178} 179 180ScreenMagnifierPolicyHandler::~ScreenMagnifierPolicyHandler() { 181} 182 183void ScreenMagnifierPolicyHandler::ApplyPolicySettings( 184 const PolicyMap& policies, 185 PrefValueMap* prefs) { 186 const base::Value* value = policies.GetValue(policy_name()); 187 int value_in_range; 188 if (value && EnsureInRange(value, &value_in_range, NULL)) { 189 prefs->SetValue(prefs::kScreenMagnifierEnabled, 190 base::Value::CreateBooleanValue(value_in_range != 0)); 191 prefs->SetValue(prefs::kScreenMagnifierType, 192 base::Value::CreateIntegerValue(value_in_range)); 193 } 194} 195 196LoginScreenPowerManagementPolicyHandler:: 197 LoginScreenPowerManagementPolicyHandler() 198 : TypeCheckingPolicyHandler(key::kDeviceLoginScreenPowerManagement, 199 base::Value::TYPE_STRING) { 200} 201 202LoginScreenPowerManagementPolicyHandler:: 203 ~LoginScreenPowerManagementPolicyHandler() { 204} 205 206bool LoginScreenPowerManagementPolicyHandler::CheckPolicySettings( 207 const PolicyMap& policies, 208 PolicyErrorMap* errors) { 209 const base::Value* value; 210 if (!CheckAndGetValue(policies, errors, &value)) 211 return false; 212 213 if (!value) 214 return true; 215 216 std::string json; 217 value->GetAsString(&json); 218 return LoginScreenPowerManagementPolicy().Init(json, errors); 219} 220 221void LoginScreenPowerManagementPolicyHandler::ApplyPolicySettings( 222 const PolicyMap& policies, 223 PrefValueMap* prefs) { 224} 225 226} // namespace policy 227