device_policy_decoder_chromeos.cc revision a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/device_policy_decoder_chromeos.h" 6 7#include <limits> 8 9#include "base/callback.h" 10#include "base/logging.h" 11#include "base/values.h" 12#include "chrome/browser/chromeos/policy/device_local_account.h" 13#include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" 14#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" 15#include "chromeos/dbus/dbus_thread_manager.h" 16#include "chromeos/dbus/update_engine_client.h" 17#include "chromeos/settings/cros_settings_names.h" 18#include "components/policy/core/common/external_data_fetcher.h" 19#include "components/policy/core/common/policy_map.h" 20#include "policy/policy_constants.h" 21#include "third_party/cros_system_api/dbus/service_constants.h" 22 23using google::protobuf::RepeatedField; 24using google::protobuf::RepeatedPtrField; 25 26namespace em = enterprise_management; 27 28namespace policy { 29 30namespace { 31 32// Decodes a protobuf integer to an IntegerValue. The caller assumes ownership 33// of the return Value*. Returns NULL in case the input value is out of bounds. 34Value* DecodeIntegerValue(google::protobuf::int64 value) { 35 if (value < std::numeric_limits<int>::min() || 36 value > std::numeric_limits<int>::max()) { 37 LOG(WARNING) << "Integer value " << value 38 << " out of numeric limits, ignoring."; 39 return NULL; 40 } 41 42 return Value::CreateIntegerValue(static_cast<int>(value)); 43} 44 45Value* DecodeConnectionType(int value) { 46 static const char* const kConnectionTypes[] = { 47 shill::kTypeEthernet, 48 shill::kTypeWifi, 49 shill::kTypeWimax, 50 shill::kTypeBluetooth, 51 shill::kTypeCellular, 52 }; 53 54 if (value < 0 || value >= static_cast<int>(arraysize(kConnectionTypes))) 55 return NULL; 56 57 return Value::CreateStringValue(kConnectionTypes[value]); 58} 59 60void DecodeLoginPolicies(const em::ChromeDeviceSettingsProto& policy, 61 PolicyMap* policies) { 62 if (policy.has_guest_mode_enabled()) { 63 const em::GuestModeEnabledProto& container(policy.guest_mode_enabled()); 64 if (container.has_guest_mode_enabled()) { 65 policies->Set(key::kDeviceGuestModeEnabled, 66 POLICY_LEVEL_MANDATORY, 67 POLICY_SCOPE_MACHINE, 68 Value::CreateBooleanValue(container.guest_mode_enabled()), 69 NULL); 70 } 71 } 72 73 if (policy.has_show_user_names()) { 74 const em::ShowUserNamesOnSigninProto& container(policy.show_user_names()); 75 if (container.has_show_user_names()) { 76 policies->Set(key::kDeviceShowUserNamesOnSignin, 77 POLICY_LEVEL_MANDATORY, 78 POLICY_SCOPE_MACHINE, 79 Value::CreateBooleanValue(container.show_user_names()), 80 NULL); 81 } 82 } 83 84 if (policy.has_allow_new_users()) { 85 const em::AllowNewUsersProto& container(policy.allow_new_users()); 86 if (container.has_allow_new_users()) { 87 policies->Set(key::kDeviceAllowNewUsers, 88 POLICY_LEVEL_MANDATORY, 89 POLICY_SCOPE_MACHINE, 90 Value::CreateBooleanValue(container.allow_new_users()), 91 NULL); 92 } 93 } 94 95 if (policy.has_user_whitelist()) { 96 const em::UserWhitelistProto& container(policy.user_whitelist()); 97 ListValue* whitelist = new ListValue(); 98 RepeatedPtrField<std::string>::const_iterator entry; 99 for (entry = container.user_whitelist().begin(); 100 entry != container.user_whitelist().end(); 101 ++entry) { 102 whitelist->Append(Value::CreateStringValue(*entry)); 103 } 104 policies->Set(key::kDeviceUserWhitelist, 105 POLICY_LEVEL_MANDATORY, 106 POLICY_SCOPE_MACHINE, 107 whitelist, 108 NULL); 109 } 110 111 if (policy.has_ephemeral_users_enabled()) { 112 const em::EphemeralUsersEnabledProto& container( 113 policy.ephemeral_users_enabled()); 114 if (container.has_ephemeral_users_enabled()) { 115 policies->Set(key::kDeviceEphemeralUsersEnabled, 116 POLICY_LEVEL_MANDATORY, 117 POLICY_SCOPE_MACHINE, 118 Value::CreateBooleanValue( 119 container.ephemeral_users_enabled()), 120 NULL); 121 } 122 } 123 124 if (policy.has_device_local_accounts()) { 125 const em::DeviceLocalAccountsProto& container( 126 policy.device_local_accounts()); 127 const RepeatedPtrField<em::DeviceLocalAccountInfoProto>& accounts = 128 container.account(); 129 scoped_ptr<base::ListValue> account_list(new base::ListValue()); 130 RepeatedPtrField<em::DeviceLocalAccountInfoProto>::const_iterator entry; 131 for (entry = accounts.begin(); entry != accounts.end(); ++entry) { 132 scoped_ptr<base::DictionaryValue> entry_dict( 133 new base::DictionaryValue()); 134 if (entry->has_type()) { 135 if (entry->has_account_id()) { 136 entry_dict->SetStringWithoutPathExpansion( 137 chromeos::kAccountsPrefDeviceLocalAccountsKeyId, 138 entry->account_id()); 139 } 140 entry_dict->SetIntegerWithoutPathExpansion( 141 chromeos::kAccountsPrefDeviceLocalAccountsKeyType, entry->type()); 142 if (entry->kiosk_app().has_app_id()) { 143 entry_dict->SetStringWithoutPathExpansion( 144 chromeos::kAccountsPrefDeviceLocalAccountsKeyKioskAppId, 145 entry->kiosk_app().app_id()); 146 } 147 } else if (entry->has_deprecated_public_session_id()) { 148 // Deprecated public session specification. 149 entry_dict->SetStringWithoutPathExpansion( 150 chromeos::kAccountsPrefDeviceLocalAccountsKeyId, 151 entry->deprecated_public_session_id()); 152 entry_dict->SetIntegerWithoutPathExpansion( 153 chromeos::kAccountsPrefDeviceLocalAccountsKeyType, 154 DeviceLocalAccount::TYPE_PUBLIC_SESSION); 155 } 156 account_list->Append(entry_dict.release()); 157 } 158 policies->Set(key::kDeviceLocalAccounts, 159 POLICY_LEVEL_MANDATORY, 160 POLICY_SCOPE_MACHINE, 161 account_list.release(), 162 NULL); 163 if (container.has_auto_login_id()) { 164 policies->Set(key::kDeviceLocalAccountAutoLoginId, 165 POLICY_LEVEL_MANDATORY, 166 POLICY_SCOPE_MACHINE, 167 Value::CreateStringValue(container.auto_login_id()), 168 NULL); 169 } 170 if (container.has_auto_login_delay()) { 171 policies->Set(key::kDeviceLocalAccountAutoLoginDelay, 172 POLICY_LEVEL_MANDATORY, 173 POLICY_SCOPE_MACHINE, 174 DecodeIntegerValue(container.auto_login_delay()), 175 NULL); 176 } 177 if (container.has_enable_auto_login_bailout()) { 178 policies->Set(key::kDeviceLocalAccountAutoLoginBailoutEnabled, 179 POLICY_LEVEL_MANDATORY, 180 POLICY_SCOPE_MACHINE, 181 Value::CreateBooleanValue( 182 container.enable_auto_login_bailout()), 183 NULL); 184 } 185 if (container.has_prompt_for_network_when_offline()) { 186 policies->Set(key::kDeviceLocalAccountPromptForNetworkWhenOffline, 187 POLICY_LEVEL_MANDATORY, 188 POLICY_SCOPE_MACHINE, 189 Value::CreateBooleanValue( 190 container.prompt_for_network_when_offline()), 191 NULL); 192 } 193 } 194 195 if (policy.has_supervised_users_settings()) { 196 const em::SupervisedUsersSettingsProto& container = 197 policy.supervised_users_settings(); 198 if (container.has_supervised_users_enabled()) { 199 Value* value = Value::CreateBooleanValue( 200 container.supervised_users_enabled()); 201 policies->Set(key::kSupervisedUsersEnabled, 202 POLICY_LEVEL_MANDATORY, 203 POLICY_SCOPE_MACHINE, 204 value, 205 NULL); 206 } 207 } 208} 209 210void DecodeKioskPolicies(const em::ChromeDeviceSettingsProto& policy, 211 PolicyMap* policies, 212 EnterpriseInstallAttributes* install_attributes) { 213 // No policies if this is not KIOSK. 214 if (install_attributes->GetMode() != DEVICE_MODE_RETAIL_KIOSK) 215 return; 216 217 if (policy.has_forced_logout_timeouts()) { 218 const em::ForcedLogoutTimeoutsProto& container( 219 policy.forced_logout_timeouts()); 220 if (container.has_idle_logout_timeout()) { 221 policies->Set(key::kDeviceIdleLogoutTimeout, 222 POLICY_LEVEL_MANDATORY, 223 POLICY_SCOPE_MACHINE, 224 DecodeIntegerValue(container.idle_logout_timeout()), 225 NULL); 226 } 227 if (container.has_idle_logout_warning_duration()) { 228 policies->Set(key::kDeviceIdleLogoutWarningDuration, 229 POLICY_LEVEL_MANDATORY, 230 POLICY_SCOPE_MACHINE, 231 DecodeIntegerValue( 232 container.idle_logout_warning_duration()), 233 NULL); 234 } 235 } 236 237 if (policy.has_login_screen_saver()) { 238 const em::ScreenSaverProto& container( 239 policy.login_screen_saver()); 240 if (container.has_screen_saver_extension_id()) { 241 policies->Set(key::kDeviceLoginScreenSaverId, 242 POLICY_LEVEL_MANDATORY, 243 POLICY_SCOPE_MACHINE, 244 Value::CreateStringValue( 245 container.screen_saver_extension_id()), 246 NULL); 247 } 248 if (container.has_screen_saver_timeout()) { 249 policies->Set(key::kDeviceLoginScreenSaverTimeout, 250 POLICY_LEVEL_MANDATORY, 251 POLICY_SCOPE_MACHINE, 252 DecodeIntegerValue(container.screen_saver_timeout()), 253 NULL); 254 } 255 } 256 257 if (policy.has_app_pack()) { 258 const em::AppPackProto& container(policy.app_pack()); 259 base::ListValue* app_pack_list = new base::ListValue(); 260 for (int i = 0; i < container.app_pack_size(); ++i) { 261 const em::AppPackEntryProto& entry(container.app_pack(i)); 262 if (entry.has_extension_id() && entry.has_update_url()) { 263 base::DictionaryValue* dict = new base::DictionaryValue(); 264 dict->SetString(chromeos::kAppPackKeyExtensionId, entry.extension_id()); 265 dict->SetString(chromeos::kAppPackKeyUpdateUrl, entry.update_url()); 266 app_pack_list->Append(dict); 267 } 268 } 269 policies->Set(key::kDeviceAppPack, 270 POLICY_LEVEL_MANDATORY, 271 POLICY_SCOPE_MACHINE, 272 app_pack_list, 273 NULL); 274 } 275 276 if (policy.has_pinned_apps()) { 277 const em::PinnedAppsProto& container(policy.pinned_apps()); 278 base::ListValue* pinned_apps_list = new base::ListValue(); 279 for (int i = 0; i < container.app_id_size(); ++i) 280 pinned_apps_list->Append(Value::CreateStringValue(container.app_id(i))); 281 282 policies->Set(key::kPinnedLauncherApps, 283 POLICY_LEVEL_RECOMMENDED, 284 POLICY_SCOPE_MACHINE, 285 pinned_apps_list, 286 NULL); 287 } 288} 289 290void DecodeNetworkPolicies(const em::ChromeDeviceSettingsProto& policy, 291 PolicyMap* policies, 292 EnterpriseInstallAttributes* install_attributes) { 293 if (policy.has_device_proxy_settings()) { 294 const em::DeviceProxySettingsProto& container( 295 policy.device_proxy_settings()); 296 scoped_ptr<DictionaryValue> proxy_settings(new DictionaryValue); 297 if (container.has_proxy_mode()) 298 proxy_settings->SetString(key::kProxyMode, container.proxy_mode()); 299 if (container.has_proxy_server()) 300 proxy_settings->SetString(key::kProxyServer, container.proxy_server()); 301 if (container.has_proxy_pac_url()) 302 proxy_settings->SetString(key::kProxyPacUrl, container.proxy_pac_url()); 303 if (container.has_proxy_bypass_list()) { 304 proxy_settings->SetString(key::kProxyBypassList, 305 container.proxy_bypass_list()); 306 } 307 308 // Figure out the level. Proxy policy is mandatory in kiosk mode. 309 PolicyLevel level = POLICY_LEVEL_RECOMMENDED; 310 if (install_attributes->GetMode() == DEVICE_MODE_RETAIL_KIOSK) 311 level = POLICY_LEVEL_MANDATORY; 312 313 if (!proxy_settings->empty()) { 314 policies->Set(key::kProxySettings, 315 level, 316 POLICY_SCOPE_MACHINE, 317 proxy_settings.release(), 318 NULL); 319 } 320 } 321 322 if (policy.has_data_roaming_enabled()) { 323 const em::DataRoamingEnabledProto& container(policy.data_roaming_enabled()); 324 if (container.has_data_roaming_enabled()) { 325 policies->Set(key::kDeviceDataRoamingEnabled, 326 POLICY_LEVEL_MANDATORY, 327 POLICY_SCOPE_MACHINE, 328 Value::CreateBooleanValue( 329 container.data_roaming_enabled()), 330 NULL); 331 } 332 } 333 334 if (policy.has_open_network_configuration() && 335 policy.open_network_configuration().has_open_network_configuration()) { 336 std::string config( 337 policy.open_network_configuration().open_network_configuration()); 338 policies->Set(key::kDeviceOpenNetworkConfiguration, 339 POLICY_LEVEL_MANDATORY, 340 POLICY_SCOPE_MACHINE, 341 Value::CreateStringValue(config), 342 NULL); 343 } 344} 345 346void DecodeReportingPolicies(const em::ChromeDeviceSettingsProto& policy, 347 PolicyMap* policies) { 348 if (policy.has_device_reporting()) { 349 const em::DeviceReportingProto& container(policy.device_reporting()); 350 if (container.has_report_version_info()) { 351 policies->Set(key::kReportDeviceVersionInfo, 352 POLICY_LEVEL_MANDATORY, 353 POLICY_SCOPE_MACHINE, 354 Value::CreateBooleanValue(container.report_version_info()), 355 NULL); 356 } 357 if (container.has_report_activity_times()) { 358 policies->Set(key::kReportDeviceActivityTimes, 359 POLICY_LEVEL_MANDATORY, 360 POLICY_SCOPE_MACHINE, 361 Value::CreateBooleanValue( 362 container.report_activity_times()), 363 NULL); 364 } 365 if (container.has_report_boot_mode()) { 366 policies->Set(key::kReportDeviceBootMode, 367 POLICY_LEVEL_MANDATORY, 368 POLICY_SCOPE_MACHINE, 369 Value::CreateBooleanValue(container.report_boot_mode()), 370 NULL); 371 } 372 if (container.has_report_location()) { 373 policies->Set(key::kReportDeviceLocation, 374 POLICY_LEVEL_MANDATORY, 375 POLICY_SCOPE_MACHINE, 376 Value::CreateBooleanValue(container.report_location()), 377 NULL); 378 } 379 if (container.has_report_network_interfaces()) { 380 policies->Set(key::kReportDeviceNetworkInterfaces, 381 POLICY_LEVEL_MANDATORY, 382 POLICY_SCOPE_MACHINE, 383 Value::CreateBooleanValue( 384 container.report_network_interfaces()), 385 NULL); 386 } 387 if (container.has_report_users()) { 388 policies->Set(key::kReportDeviceUsers, 389 POLICY_LEVEL_MANDATORY, 390 POLICY_SCOPE_MACHINE, 391 Value::CreateBooleanValue(container.report_users()), 392 NULL); 393 } 394 } 395} 396 397void DecodeAutoUpdatePolicies(const em::ChromeDeviceSettingsProto& policy, 398 PolicyMap* policies) { 399 if (policy.has_release_channel()) { 400 const em::ReleaseChannelProto& container(policy.release_channel()); 401 if (container.has_release_channel()) { 402 std::string channel(container.release_channel()); 403 policies->Set(key::kChromeOsReleaseChannel, 404 POLICY_LEVEL_MANDATORY, 405 POLICY_SCOPE_MACHINE, 406 Value::CreateStringValue(channel), 407 NULL); 408 // TODO(dubroy): Once http://crosbug.com/17015 is implemented, we won't 409 // have to pass the channel in here, only ping the update engine to tell 410 // it to fetch the channel from the policy. 411 chromeos::DBusThreadManager::Get()->GetUpdateEngineClient()-> 412 SetChannel(channel, false); 413 } 414 if (container.has_release_channel_delegated()) { 415 policies->Set(key::kChromeOsReleaseChannelDelegated, 416 POLICY_LEVEL_MANDATORY, 417 POLICY_SCOPE_MACHINE, 418 Value::CreateBooleanValue( 419 container.release_channel_delegated()), 420 NULL); 421 } 422 } 423 424 if (policy.has_auto_update_settings()) { 425 const em::AutoUpdateSettingsProto& container(policy.auto_update_settings()); 426 if (container.has_update_disabled()) { 427 policies->Set(key::kDeviceAutoUpdateDisabled, 428 POLICY_LEVEL_MANDATORY, 429 POLICY_SCOPE_MACHINE, 430 Value::CreateBooleanValue(container.update_disabled()), 431 NULL); 432 } 433 434 if (container.has_target_version_prefix()) { 435 policies->Set(key::kDeviceTargetVersionPrefix, 436 POLICY_LEVEL_MANDATORY, 437 POLICY_SCOPE_MACHINE, 438 Value::CreateStringValue( 439 container.target_version_prefix()), 440 NULL); 441 } 442 443 // target_version_display_name is not actually a policy, but a display 444 // string for target_version_prefix, so we ignore it. 445 446 if (container.has_scatter_factor_in_seconds()) { 447 policies->Set(key::kDeviceUpdateScatterFactor, 448 POLICY_LEVEL_MANDATORY, 449 POLICY_SCOPE_MACHINE, 450 Value::CreateIntegerValue( 451 container.scatter_factor_in_seconds()), 452 NULL); 453 } 454 455 if (container.allowed_connection_types_size()) { 456 ListValue* allowed_connection_types = new ListValue(); 457 RepeatedField<int>::const_iterator entry; 458 for (entry = container.allowed_connection_types().begin(); 459 entry != container.allowed_connection_types().end(); 460 ++entry) { 461 base::Value* value = DecodeConnectionType(*entry); 462 if (value) 463 allowed_connection_types->Append(value); 464 } 465 policies->Set(key::kDeviceUpdateAllowedConnectionTypes, 466 POLICY_LEVEL_MANDATORY, 467 POLICY_SCOPE_MACHINE, 468 allowed_connection_types, 469 NULL); 470 } 471 472 if (container.has_http_downloads_enabled()) { 473 policies->Set( 474 key::kDeviceUpdateHttpDownloadsEnabled, 475 POLICY_LEVEL_MANDATORY, 476 POLICY_SCOPE_MACHINE, 477 Value::CreateBooleanValue(container.http_downloads_enabled()), 478 NULL); 479 } 480 481 if (container.has_reboot_after_update()) { 482 policies->Set(key::kRebootAfterUpdate, 483 POLICY_LEVEL_MANDATORY, 484 POLICY_SCOPE_MACHINE, 485 Value::CreateBooleanValue(container.reboot_after_update()), 486 NULL); 487 } 488 489 if (container.has_p2p_enabled()) { 490 policies->Set(key::kDeviceAutoUpdateP2PEnabled, 491 POLICY_LEVEL_MANDATORY, 492 POLICY_SCOPE_MACHINE, 493 Value::CreateBooleanValue(container.p2p_enabled()), 494 NULL); 495 } 496 } 497} 498 499void DecodeAccessibilityPolicies(const em::ChromeDeviceSettingsProto& policy, 500 PolicyMap* policies) { 501 if (policy.has_accessibility_settings()) { 502 const em::AccessibilitySettingsProto& 503 container(policy.accessibility_settings()); 504 505 if (container.has_login_screen_default_large_cursor_enabled()) { 506 policies->Set( 507 key::kDeviceLoginScreenDefaultLargeCursorEnabled, 508 POLICY_LEVEL_MANDATORY, 509 POLICY_SCOPE_MACHINE, 510 Value::CreateBooleanValue( 511 container.login_screen_default_large_cursor_enabled()), 512 NULL); 513 } 514 515 if (container.has_login_screen_default_spoken_feedback_enabled()) { 516 policies->Set( 517 key::kDeviceLoginScreenDefaultSpokenFeedbackEnabled, 518 POLICY_LEVEL_MANDATORY, 519 POLICY_SCOPE_MACHINE, 520 Value::CreateBooleanValue( 521 container.login_screen_default_spoken_feedback_enabled()), 522 NULL); 523 } 524 525 if (container.has_login_screen_default_high_contrast_enabled()) { 526 policies->Set( 527 key::kDeviceLoginScreenDefaultHighContrastEnabled, 528 POLICY_LEVEL_MANDATORY, 529 POLICY_SCOPE_MACHINE, 530 Value::CreateBooleanValue( 531 container.login_screen_default_high_contrast_enabled()), 532 NULL); 533 } 534 535 if (container.has_login_screen_default_screen_magnifier_type()) { 536 policies->Set( 537 key::kDeviceLoginScreenDefaultScreenMagnifierType, 538 POLICY_LEVEL_MANDATORY, 539 POLICY_SCOPE_MACHINE, 540 DecodeIntegerValue( 541 container.login_screen_default_screen_magnifier_type()), 542 NULL); 543 } 544 } 545} 546 547void DecodeGenericPolicies(const em::ChromeDeviceSettingsProto& policy, 548 PolicyMap* policies) { 549 if (policy.has_device_policy_refresh_rate()) { 550 const em::DevicePolicyRefreshRateProto& container( 551 policy.device_policy_refresh_rate()); 552 if (container.has_device_policy_refresh_rate()) { 553 policies->Set(key::kDevicePolicyRefreshRate, 554 POLICY_LEVEL_MANDATORY, 555 POLICY_SCOPE_MACHINE, 556 DecodeIntegerValue(container.device_policy_refresh_rate()), 557 NULL); 558 } 559 } 560 561 if (policy.has_metrics_enabled()) { 562 const em::MetricsEnabledProto& container(policy.metrics_enabled()); 563 if (container.has_metrics_enabled()) { 564 policies->Set(key::kDeviceMetricsReportingEnabled, 565 POLICY_LEVEL_MANDATORY, 566 POLICY_SCOPE_MACHINE, 567 Value::CreateBooleanValue(container.metrics_enabled()), 568 NULL); 569 } 570 } 571 572 if (policy.has_start_up_urls()) { 573 const em::StartUpUrlsProto& container(policy.start_up_urls()); 574 ListValue* urls = new ListValue(); 575 RepeatedPtrField<std::string>::const_iterator entry; 576 for (entry = container.start_up_urls().begin(); 577 entry != container.start_up_urls().end(); 578 ++entry) { 579 urls->Append(Value::CreateStringValue(*entry)); 580 } 581 policies->Set(key::kDeviceStartUpUrls, 582 POLICY_LEVEL_MANDATORY, 583 POLICY_SCOPE_MACHINE, 584 urls, 585 NULL); 586 } 587 588 if (policy.has_system_timezone()) { 589 if (policy.system_timezone().has_timezone()) { 590 policies->Set(key::kSystemTimezone, 591 POLICY_LEVEL_MANDATORY, 592 POLICY_SCOPE_MACHINE, 593 Value::CreateStringValue( 594 policy.system_timezone().timezone()), 595 NULL); 596 } 597 } 598 599 if (policy.has_use_24hour_clock()) { 600 if (policy.use_24hour_clock().has_use_24hour_clock()) { 601 policies->Set(key::kSystemUse24HourClock, 602 POLICY_LEVEL_MANDATORY, 603 POLICY_SCOPE_MACHINE, 604 Value::CreateBooleanValue( 605 policy.use_24hour_clock().use_24hour_clock()), 606 NULL); 607 } 608 } 609 610 if (policy.has_allow_redeem_offers()) { 611 const em::AllowRedeemChromeOsRegistrationOffersProto& container( 612 policy.allow_redeem_offers()); 613 if (container.has_allow_redeem_offers()) { 614 policies->Set(key::kDeviceAllowRedeemChromeOsRegistrationOffers, 615 POLICY_LEVEL_MANDATORY, 616 POLICY_SCOPE_MACHINE, 617 Value::CreateBooleanValue( 618 container.allow_redeem_offers()), 619 NULL); 620 } 621 } 622 623 if (policy.has_uptime_limit()) { 624 const em::UptimeLimitProto& container(policy.uptime_limit()); 625 if (container.has_uptime_limit()) { 626 policies->Set(key::kUptimeLimit, 627 POLICY_LEVEL_MANDATORY, 628 POLICY_SCOPE_MACHINE, 629 DecodeIntegerValue(container.uptime_limit()), 630 NULL); 631 } 632 } 633 634 if (policy.has_start_up_flags()) { 635 const em::StartUpFlagsProto& container(policy.start_up_flags()); 636 ListValue* flags = new ListValue(); 637 RepeatedPtrField<std::string>::const_iterator entry; 638 for (entry = container.flags().begin(); 639 entry != container.flags().end(); 640 ++entry) { 641 flags->Append(Value::CreateStringValue(*entry)); 642 } 643 policies->Set(key::kDeviceStartUpFlags, 644 POLICY_LEVEL_MANDATORY, 645 POLICY_SCOPE_MACHINE, 646 flags, 647 NULL); 648 } 649 650 if (policy.has_variations_parameter()) { 651 if (policy.variations_parameter().has_parameter()) { 652 policies->Set(key::kDeviceVariationsRestrictParameter, 653 POLICY_LEVEL_MANDATORY, 654 POLICY_SCOPE_MACHINE, 655 Value::CreateStringValue( 656 policy.variations_parameter().parameter()), 657 NULL); 658 } 659 } 660 661 if (policy.has_attestation_settings()) { 662 if (policy.attestation_settings().has_attestation_enabled()) { 663 policies->Set(key::kAttestationEnabledForDevice, 664 POLICY_LEVEL_MANDATORY, 665 POLICY_SCOPE_MACHINE, 666 Value::CreateBooleanValue( 667 policy.attestation_settings().attestation_enabled()), 668 NULL); 669 } 670 if (policy.attestation_settings().has_content_protection_enabled()) { 671 policies->Set( 672 key::kAttestationForContentProtectionEnabled, 673 POLICY_LEVEL_MANDATORY, 674 POLICY_SCOPE_MACHINE, 675 Value::CreateBooleanValue( 676 policy.attestation_settings().content_protection_enabled()), 677 NULL); 678 } 679 } 680 681 if (policy.has_login_screen_power_management()) { 682 const em::LoginScreenPowerManagementProto& container( 683 policy.login_screen_power_management()); 684 if (container.has_login_screen_power_management()) { 685 policies->Set(key::kDeviceLoginScreenPowerManagement, 686 POLICY_LEVEL_MANDATORY, 687 POLICY_SCOPE_MACHINE, 688 Value::CreateStringValue( 689 container.login_screen_power_management()), 690 NULL); 691 } 692 } 693 if (policy.has_auto_clean_up_settings()) { 694 const em::AutoCleanupSettigsProto& container( 695 policy.auto_clean_up_settings()); 696 if (container.has_clean_up_strategy()) { 697 policies->Set(key::kAutoCleanUpStrategy, 698 POLICY_LEVEL_MANDATORY, 699 POLICY_SCOPE_MACHINE, 700 Value::CreateStringValue( 701 container.clean_up_strategy()), 702 NULL); 703 } 704 } 705} 706 707} // namespace 708 709void DecodeDevicePolicy(const em::ChromeDeviceSettingsProto& policy, 710 PolicyMap* policies, 711 EnterpriseInstallAttributes* install_attributes) { 712 // TODO(achuith): Remove this once crbug.com/263527 is resolved. 713 VLOG(2) << "DecodeDevicePolicy " << policy.SerializeAsString(); 714 715 // Decode the various groups of policies. 716 DecodeLoginPolicies(policy, policies); 717 DecodeKioskPolicies(policy, policies, install_attributes); 718 DecodeNetworkPolicies(policy, policies, install_attributes); 719 DecodeReportingPolicies(policy, policies); 720 DecodeAutoUpdatePolicies(policy, policies); 721 DecodeAccessibilityPolicies(policy, policies); 722 DecodeGenericPolicies(policy, policies); 723} 724 725} // namespace policy 726