device_local_account_policy_service.h revision d0247b1b59f9c528cb6df88b4f2b9afaf80d181e
15738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project// Use of this source code is governed by a BSD-style license that can be 35738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project// found in the LICENSE file. 45738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 55738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project#ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_ 65738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project#define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_ 75738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 85738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project#include <map> 95738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project#include <string> 105738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 115738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project#include "base/basictypes.h" 125738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project#include "base/compiler_specific.h" 135738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project#include "base/memory/ref_counted.h" 145738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project#include "base/memory/scoped_ptr.h" 155738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project#include "base/memory/weak_ptr.h" 165738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project#include "base/observer_list.h" 175738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project#include "chrome/browser/policy/cloud/cloud_policy_core.h" 185738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project#include "chrome/browser/policy/cloud/cloud_policy_store.h" 195738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project#include "content/public/browser/notification_observer.h" 205738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 215738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Projectnamespace base { 225738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Projectclass SequencedTaskRunner; 235738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project} 245738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 255738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Projectnamespace chromeos { 265738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Projectclass CrosSettings; 275738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Projectclass DeviceSettingsService; 285738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Projectclass SessionManagerClient; 295738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project} 305738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 315cd8bff2dd0337cb52bf48f312e3d2d55a8882fbMike J. Chennamespace policy { 325738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 335738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Projectclass CloudPolicyClient; 345738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Projectclass DeviceLocalAccountPolicyStore; 355738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Projectclass DeviceManagementService; 365738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 375738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project// The main switching central that downloads, caches, refreshes, etc. policy for 385738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project// a single device-local account. 395738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Projectclass DeviceLocalAccountPolicyBroker { 405738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project public: 415738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project // |task_runner| is the runner for policy refresh tasks. 425738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project explicit DeviceLocalAccountPolicyBroker( 435738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project const std::string& user_id, 445738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project scoped_ptr<DeviceLocalAccountPolicyStore> store, 455738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project const scoped_refptr<base::SequencedTaskRunner>& task_runner); 465738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project ~DeviceLocalAccountPolicyBroker(); 475738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 486975b4d711142b885af479721cada448952c6b41Andre Eisenbach const std::string& user_id() const { return user_id_; } 496975b4d711142b885af479721cada448952c6b41Andre Eisenbach 506975b4d711142b885af479721cada448952c6b41Andre Eisenbach CloudPolicyCore* core() { return &core_; } 516975b4d711142b885af479721cada448952c6b41Andre Eisenbach const CloudPolicyCore* core() const { return &core_; } 525738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 535738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project // Establish a cloud connection for the service. 545738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project void Connect(scoped_ptr<CloudPolicyClient> client); 555738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 565738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project // Destroy the cloud connection, stopping policy refreshes. 575738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project void Disconnect(); 585738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 595738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project // Reads the refresh delay from policy and configures the refresh scheduler. 605738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project void UpdateRefreshDelay(); 615738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 625738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project // Retrieves the display name for the account as stored in policy. Returns an 635738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project // empty string if the policy is not present. 645738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project std::string GetDisplayName() const; 655738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 665738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project private: 675738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project const std::string user_id_; 685738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project scoped_ptr<DeviceLocalAccountPolicyStore> store_; 695738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project CloudPolicyCore core_; 705738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 715738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyBroker); 725738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project}; 735738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 745738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project// Manages user policy blobs for device-local accounts present on the device. 755738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project// The actual policy blobs are brokered by session_manager (to prevent file 765738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project// manipulation), and we're making signature checks on the policy blobs to 775738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project// ensure they're issued by the device owner. 785738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Projectclass DeviceLocalAccountPolicyService : public content::NotificationObserver, 795738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project public CloudPolicyStore::Observer { 805738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project public: 815738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project // Interface for interested parties to observe policy changes. 825738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project class Observer { 837fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta public: 847fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta virtual ~Observer() {} 855738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 865738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project // Policy for the given |user_id| has changed. 875738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project virtual void OnPolicyUpdated(const std::string& user_id) = 0; 885738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 895738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project // The list of accounts has been updated. 905738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project virtual void OnDeviceLocalAccountsChanged() = 0; 917fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta }; 927fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 937fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta DeviceLocalAccountPolicyService( 947fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta chromeos::SessionManagerClient* session_manager_client, 957fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta chromeos::DeviceSettingsService* device_settings_service, 965738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project chromeos::CrosSettings* cros_settings); 975738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project virtual ~DeviceLocalAccountPolicyService(); 985738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 995738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project // Initializes the cloud policy service connection. 1005738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project void Connect(DeviceManagementService* device_management_service); 1015738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 1025738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project // Prevents further policy fetches from the cloud. 1035738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project void Disconnect(); 1045738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 1055738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project // Get the policy broker for a given |user_id|. Returns NULL if that |user_id| 1065738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project // does not belong to an existing device-local account. 1075738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project DeviceLocalAccountPolicyBroker* GetBrokerForUser(const std::string& user_id); 1085738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project 1095738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project // Indicates whether policy has been successfully fetched for the given 1105738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project // |user_id|. 1115738f83aeb59361a0a2eda2460113f6dc919427The Android Open Source Project bool IsPolicyAvailableForUser(const std::string& user_id); 1127fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1137fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta void AddObserver(Observer* observer); 1147fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta void RemoveObserver(Observer* observer); 1157fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1167fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta // NotificationObserver: 1177fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta virtual void Observe(int type, 1187fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta const content::NotificationSource& source, 1197fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta const content::NotificationDetails& details) OVERRIDE; 1207fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1217fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta // CloudPolicyStore::Observer: 1227fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE; 1237fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE; 1247fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1257fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta private: 1267fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta struct PolicyBrokerWrapper { 1277fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta PolicyBrokerWrapper(); 1287fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1297fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta // Return the |broker|, creating it first if necessary. 1307fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta DeviceLocalAccountPolicyBroker* GetBroker(); 1317fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1327fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta // Fire up the cloud connection for fetching policy for the account from the 1337fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta // cloud if this is an enterprise-managed device. 1347fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta void ConnectIfPossible(); 1357fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1367fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta // Destroy the cloud connection. 1377fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta void Disconnect(); 1387fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1397fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta // Delete the broker. 1407fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta void DeleteBroker(); 1417fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1427fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta std::string user_id; 1437fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta std::string account_id; 1447fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta DeviceLocalAccountPolicyService* parent; 1457fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta DeviceLocalAccountPolicyBroker* broker; 1467fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta }; 1477fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1487fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta typedef std::map<std::string, PolicyBrokerWrapper> PolicyBrokerMap; 1497fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1507fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta // Re-queries the list of defined device-local accounts from device settings 1517fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta // and updates |policy_brokers_| to match that list. 1527fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta void UpdateAccountList(); 1537fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1547fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta // Deletes brokers in |map| and clears it. 1557fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta void DeleteBrokers(PolicyBrokerMap* map); 1567fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1577fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta // Find the broker for a given |store|. Returns NULL if |store| is unknown. 1587fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta DeviceLocalAccountPolicyBroker* GetBrokerForStore(CloudPolicyStore* store); 1597fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1607fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta chromeos::SessionManagerClient* session_manager_client_; 1617fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta chromeos::DeviceSettingsService* device_settings_service_; 1627fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta chromeos::CrosSettings* cros_settings_; 1637fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1647fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta DeviceManagementService* device_management_service_; 1657fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1667fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta // The device-local account policy brokers, keyed by user ID. 1677fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta PolicyBrokerMap policy_brokers_; 1687fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1697fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta ObserverList<Observer, true> observers_; 1707fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1717fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta // Weak pointer factory for cros_settings_->PrepareTrustedValues() callbacks. 1727fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta base::WeakPtrFactory<DeviceLocalAccountPolicyService> 1737fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta cros_settings_callback_factory_; 1747fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1757fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyService); 1767fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta}; 1777fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1787fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta} // namespace policy 1797fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta 1807fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta#endif // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_ 1817fa4fba6f59f97df00aff07dbe8fb21b114b3c2cGanesh Ganapathi Batta