15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 52a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/bind.h" 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/bind_helpers.h" 9a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include "base/command_line.h" 10effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch#include "base/port.h" 11868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#include "base/prefs/pref_registry_simple.h" 12868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#include "base/prefs/pref_service.h" 13effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch#include "base/strings/string_number_conversions.h" 14effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch#include "base/time/time.h" 15c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/chromeos/attestation/attestation_policy_observer.h" 16c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch#include "chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h" 174e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles)#include "chrome/browser/chromeos/login/startup_utils.h" 182a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" 19010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)#include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h" 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "chrome/common/pref_names.h" 2190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#include "chromeos/chromeos_constants.h" 22a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include "chromeos/chromeos_switches.h" 234e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles)#include "chromeos/system/statistics_provider.h" 24a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "components/policy/core/common/cloud/cloud_policy_store.h" 25f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "content/public/browser/browser_thread.h" 26a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include "crypto/sha2.h" 27a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "policy/proto/device_management_backend.pb.h" 28a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "url/gurl.h" 29f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 30f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)using content::BrowserThread; 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 322a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)namespace em = enterprise_management; 332a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace policy { 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace { 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 38a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)const char kNoRequisition[] = "none"; 39a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)const char kRemoraRequisition[] = "remora"; 40116680a4aac90f2aa7413d9095a592090648e557Ben Murdochconst char kSharkRequisition[] = "shark"; 41a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// These are the machine serial number keys that we check in order until we 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// find a non-empty serial number. The VPD spec says the serial number should be 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// in the "serial_number" key for v2+ VPDs. However, legacy devices used a 45effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch// different key to report their serial number, which we fall back to if 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// "serial_number" is not present. 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Product_S/N is still special-cased due to inconsistencies with serial 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// numbers on Lumpy devices: On these devices, serial_number is identical to 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Product_S/N with an appended checksum. Unfortunately, the sticker on the 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// packaging doesn't include that checksum either (the sticker on the device 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// does though!). The former sticker is the source of the serial number used by 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// device management service, so we prefer Product_S/N over serial number to 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// match the server. 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// TODO(mnissler): Move serial_number back to the top once the server side uses 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// the correct serial number. 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const char* kMachineInfoSerialNumberKeys[] = { 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) "Product_S/N", // Lumpy/Alex devices 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) "serial_number", // VPD v2+ devices 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) "Product_SN", // Mario 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) "sn", // old ZGB devices (more recent ones use serial_number) 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 65868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)// Fetches a machine statistic value from StatisticsProvider, returns an empty 66868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)// string on failure. 6790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)std::string GetMachineStatistic(const std::string& key) { 6890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) std::string value; 6990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) chromeos::system::StatisticsProvider* provider = 7090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) chromeos::system::StatisticsProvider::GetInstance(); 7190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) if (!provider->GetMachineStatistic(key, &value)) 72ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch return std::string(); 7390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 7490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) return value; 7590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)} 7690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 77868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)// Gets a machine flag from StatisticsProvider, returns the given 78868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)// |default_value| if not present. 79868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)bool GetMachineFlag(const std::string& key, bool default_value) { 80868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) bool value = default_value; 81868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) chromeos::system::StatisticsProvider* provider = 82868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) chromeos::system::StatisticsProvider::GetInstance(); 83ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch if (!provider->GetMachineFlag(key, &value)) 84868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) return default_value; 85868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) 86868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) return value; 87868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)} 88868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) 89010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)// Checks whether forced re-enrollment is enabled. 90010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)bool ForcedReEnrollmentEnabled() { 91010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) return chromeos::AutoEnrollmentController::GetMode() == 92010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) chromeos::AutoEnrollmentController::MODE_FORCED_RE_ENROLLMENT; 93010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)} 94effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch 95010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)} // namespace 96effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)DeviceCloudPolicyManagerChromeOS::DeviceCloudPolicyManagerChromeOS( 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<DeviceCloudPolicyStoreChromeOS> store, 99d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles) const scoped_refptr<base::SequencedTaskRunner>& task_runner, 100010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) ServerBackedStateKeysBroker* state_keys_broker) 1012a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) : CloudPolicyManager( 1022a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) PolicyNamespaceKey(dm_protocol::kChromeDevicePolicyType, 1032a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) std::string()), 104d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles) store.get(), 105f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) task_runner, 106f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) BrowserThread::GetMessageLoopProxyForThread(BrowserThread::FILE), 107f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO)), 1082a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) device_store_(store.Pass()), 109010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) state_keys_broker_(state_keys_broker), 110010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) local_state_(NULL) { 111010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)} 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)DeviceCloudPolicyManagerChromeOS::~DeviceCloudPolicyManagerChromeOS() {} 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 115116680a4aac90f2aa7413d9095a592090648e557Ben Murdochvoid DeviceCloudPolicyManagerChromeOS::Initialize(PrefService* local_state) { 1165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK(local_state); 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) local_state_ = local_state; 1195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 120010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) state_keys_update_subscription_ = state_keys_broker_->RegisterUpdateCallback( 121010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) base::Bind(&DeviceCloudPolicyManagerChromeOS::OnStateKeysUpdated, 122010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) base::Unretained(this))); 123010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 124010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) InitializeRequisition(); 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 127868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)std::string DeviceCloudPolicyManagerChromeOS::GetDeviceRequisition() const { 128868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) std::string requisition; 129868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) const PrefService::Preference* pref = local_state_->FindPreference( 130868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) prefs::kDeviceEnrollmentRequisition); 131a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) if (!pref->IsDefaultValue()) 132868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) pref->GetValue()->GetAsString(&requisition); 133a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 134a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) if (requisition == kNoRequisition) 135a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) requisition.clear(); 136868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) 137868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) return requisition; 138868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)} 139868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) 140868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)void DeviceCloudPolicyManagerChromeOS::SetDeviceRequisition( 141868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) const std::string& requisition) { 142116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch VLOG(1) << "SetDeviceRequisition " << requisition; 143868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) if (local_state_) { 144868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) if (requisition.empty()) { 145868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) local_state_->ClearPref(prefs::kDeviceEnrollmentRequisition); 146868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) local_state_->ClearPref(prefs::kDeviceEnrollmentAutoStart); 147868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) local_state_->ClearPref(prefs::kDeviceEnrollmentCanExit); 148868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) } else { 149868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) local_state_->SetString(prefs::kDeviceEnrollmentRequisition, requisition); 150a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) if (requisition == kNoRequisition) { 151a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) local_state_->ClearPref(prefs::kDeviceEnrollmentAutoStart); 152a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) local_state_->ClearPref(prefs::kDeviceEnrollmentCanExit); 153a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) } else { 154a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) local_state_->SetBoolean(prefs::kDeviceEnrollmentAutoStart, true); 155a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) local_state_->SetBoolean(prefs::kDeviceEnrollmentCanExit, false); 156a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) } 157868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) } 158868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) } 159868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)} 160868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) 161116680a4aac90f2aa7413d9095a592090648e557Ben Murdochbool DeviceCloudPolicyManagerChromeOS::IsRemoraRequisition() const { 162116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch return GetDeviceRequisition() == kRemoraRequisition; 163868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)} 164868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) 165116680a4aac90f2aa7413d9095a592090648e557Ben Murdochbool DeviceCloudPolicyManagerChromeOS::IsSharkRequisition() const { 166116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch return GetDeviceRequisition() == kSharkRequisition; 167effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch} 168effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch 169c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void DeviceCloudPolicyManagerChromeOS::Shutdown() { 170010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) state_keys_update_subscription_.reset(); 171c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CloudPolicyManager::Shutdown(); 1725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 175868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)void DeviceCloudPolicyManagerChromeOS::RegisterPrefs( 176868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) PrefRegistrySimple* registry) { 177868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) registry->RegisterStringPref(prefs::kDeviceEnrollmentRequisition, 178868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) std::string()); 179868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) registry->RegisterBooleanPref(prefs::kDeviceEnrollmentAutoStart, false); 180868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) registry->RegisterBooleanPref(prefs::kDeviceEnrollmentCanExit, true); 181a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) registry->RegisterDictionaryPref(prefs::kServerBackedDeviceState); 182868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)} 183868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) 184868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)// static 1855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)std::string DeviceCloudPolicyManagerChromeOS::GetMachineID() { 1865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string machine_id; 1875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) chromeos::system::StatisticsProvider* provider = 1885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) chromeos::system::StatisticsProvider::GetInstance(); 1895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) for (size_t i = 0; i < arraysize(kMachineInfoSerialNumberKeys); i++) { 1905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (provider->GetMachineStatistic(kMachineInfoSerialNumberKeys[i], 1915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) &machine_id) && 1925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) !machine_id.empty()) { 1935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 1945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (machine_id.empty()) 1985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(WARNING) << "Failed to get machine id."; 1995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return machine_id; 2015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 2045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)std::string DeviceCloudPolicyManagerChromeOS::GetMachineModel() { 205effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch return GetMachineStatistic(chromeos::system::kHardwareClassKey); 2065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 208116680a4aac90f2aa7413d9095a592090648e557Ben Murdochvoid DeviceCloudPolicyManagerChromeOS::StartConnection( 209116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch scoped_ptr<CloudPolicyClient> client_to_connect, 210116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch scoped_ptr<CloudPolicyClient::StatusProvider> device_status_provider) { 211116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch CHECK(!service()); 2125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 213116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch device_status_provider_ = device_status_provider.Pass(); 2145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 215010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) // Set state keys here so the first policy fetch submits them to the server. 216010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) if (ForcedReEnrollmentEnabled()) 217010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) client_to_connect->SetStateKeysToUpload(state_keys_broker_->state_keys()); 218010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 219a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) core()->Connect(client_to_connect.Pass()); 220a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) core()->StartRefreshScheduler(); 221a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) core()->TrackRefreshDelayPref(local_state_, 222a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) prefs::kDevicePolicyRefreshRate); 223a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) attestation_policy_observer_.reset( 224a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) new chromeos::attestation::AttestationPolicyObserver(client())); 225a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)} 226a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 227010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)void DeviceCloudPolicyManagerChromeOS::OnStateKeysUpdated() { 228116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch if (client() && ForcedReEnrollmentEnabled()) 229116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch client()->SetStateKeysToUpload(state_keys_broker_->state_keys()); 230010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)} 231010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 232010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)void DeviceCloudPolicyManagerChromeOS::InitializeRequisition() { 233a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // OEM statistics are only loaded when OOBE is not completed. 234a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) if (chromeos::StartupUtils::IsOobeCompleted()) 235a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) return; 236a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 237a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) const PrefService::Preference* pref = local_state_->FindPreference( 238a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) prefs::kDeviceEnrollmentRequisition); 239a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) if (pref->IsDefaultValue()) { 240a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) std::string requisition = 241a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) GetMachineStatistic(chromeos::system::kOemDeviceRequisitionKey); 242a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 243a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) if (!requisition.empty()) { 244a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) local_state_->SetString(prefs::kDeviceEnrollmentRequisition, 245a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) requisition); 246116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch if (requisition == kRemoraRequisition || 247116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch requisition == kSharkRequisition) { 248a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) local_state_->SetBoolean(prefs::kDeviceEnrollmentAutoStart, true); 249a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) local_state_->SetBoolean(prefs::kDeviceEnrollmentCanExit, false); 250a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) } else { 251a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) local_state_->SetBoolean( 252a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) prefs::kDeviceEnrollmentAutoStart, 253a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) GetMachineFlag(chromeos::system::kOemIsEnterpriseManagedKey, 254a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) false)); 255a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) local_state_->SetBoolean( 256a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) prefs::kDeviceEnrollmentCanExit, 257a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) GetMachineFlag(chromeos::system::kOemCanExitEnterpriseEnrollmentKey, 258a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) false)); 259a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) } 260a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) } 261a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) } 262a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)} 263a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 2645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace policy 265