1c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be
3c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// found in the LICENSE file.
4c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
5c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.h"
6c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
7f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "base/bind.h"
8c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/command_line.h"
9c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/files/file_path.h"
10c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/logging.h"
11d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)#include "base/memory/ref_counted.h"
12d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)#include "base/message_loop/message_loop_proxy.h"
13c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/path_service.h"
14d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)#include "base/sequenced_task_runner.h"
15d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)#include "base/threading/sequenced_worker_pool.h"
1658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)#include "base/time/time.h"
17c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/browser_process.h"
185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/login/login_utils.h"
195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
20d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)#include "chrome/browser/chromeos/policy/user_cloud_external_data_manager.h"
21c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"
22c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"
23c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/chromeos/profiles/profile_helper.h"
24f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "chrome/browser/policy/schema_registry_service.h"
25f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "chrome/browser/policy/schema_registry_service_factory.h"
26c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/profiles/profile.h"
27c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chromeos/chromeos_paths.h"
28c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chromeos/chromeos_switches.h"
29c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chromeos/dbus/dbus_thread_manager.h"
30a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include "components/keyed_service/content/browser_context_dependency_manager.h"
31116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch#include "components/policy/core/browser/browser_policy_connector.h"
32a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "components/policy/core/common/cloud/cloud_external_data_manager.h"
33a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "components/policy/core/common/cloud/device_management_service.h"
345f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "components/user_manager/user.h"
356e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)#include "components/user_manager/user_manager.h"
36116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch#include "components/user_manager/user_type.h"
37d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)#include "content/public/browser/browser_thread.h"
38c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/url_request/url_request_context_getter.h"
39d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)#include "policy/policy_constants.h"
40c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
41c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)namespace policy {
42c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
43c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)namespace {
44c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
45c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Subdirectory in the user's profile for storing legacy user policies.
46c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)const base::FilePath::CharType kDeviceManagementDir[] =
47c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)    FILE_PATH_LITERAL("Device Management");
48f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)
49c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// File in the above directory for storing legacy user policy dmtokens.
50c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)const base::FilePath::CharType kToken[] = FILE_PATH_LITERAL("Token");
51f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)
52c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// This constant is used to build two different paths. It can be a file inside
53c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// kDeviceManagementDir where legacy user policy data is stored, and it can be
54c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// a directory inside the profile directory where other resources are stored.
55c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)const base::FilePath::CharType kPolicy[] = FILE_PATH_LITERAL("Policy");
56f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)
57f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Directory under kPolicy, in the user's profile dir, where policy for
58f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// components is cached.
59f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)const base::FilePath::CharType kComponentsDir[] =
60f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)    FILE_PATH_LITERAL("Components");
61f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)
62d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)// Directory in which to store external policy data. This is specified relative
63d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)// to kPolicy.
64d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)const base::FilePath::CharType kPolicyExternalDataDir[] =
65d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)    FILE_PATH_LITERAL("External Data");
66c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
6758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)// Timeout in seconds after which to abandon the initial policy fetch and start
6858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)// the session regardless.
6958537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)const int kInitialPolicyFetchTimeoutSeconds = 10;
7058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
71c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)}  // namespace
72c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
73c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// static
74c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)UserCloudPolicyManagerFactoryChromeOS*
75c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)    UserCloudPolicyManagerFactoryChromeOS::GetInstance() {
76c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  return Singleton<UserCloudPolicyManagerFactoryChromeOS>::get();
77c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)}
78c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
79c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// static
80c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)UserCloudPolicyManagerChromeOS*
81c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)    UserCloudPolicyManagerFactoryChromeOS::GetForProfile(
82c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)        Profile* profile) {
83c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  return GetInstance()->GetManagerForProfile(profile);
84c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)}
85c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
86c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// static
87c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)scoped_ptr<UserCloudPolicyManagerChromeOS>
88c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)    UserCloudPolicyManagerFactoryChromeOS::CreateForProfile(
89c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)        Profile* profile,
908bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles)        bool force_immediate_load,
918bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles)        scoped_refptr<base::SequencedTaskRunner> background_task_runner) {
928bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles)  return GetInstance()->CreateManagerForProfile(
938bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles)      profile, force_immediate_load, background_task_runner);
94c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)}
95c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
96c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)UserCloudPolicyManagerFactoryChromeOS::UserCloudPolicyManagerFactoryChromeOS()
9790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)    : BrowserContextKeyedBaseFactory(
9890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)        "UserCloudPolicyManagerChromeOS",
99f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)        BrowserContextDependencyManager::GetInstance()) {
100f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)  DependsOn(SchemaRegistryServiceFactory::GetInstance());
101f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)}
102c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
103c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)UserCloudPolicyManagerFactoryChromeOS::
104c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)    ~UserCloudPolicyManagerFactoryChromeOS() {}
105c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
106c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)UserCloudPolicyManagerChromeOS*
107c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)    UserCloudPolicyManagerFactoryChromeOS::GetManagerForProfile(
108c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)        Profile* profile) {
109c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  // Get the manager for the original profile, since the PolicyService is
110c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  // also shared between the incognito Profile and the original Profile.
111c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  ManagerMap::const_iterator it = managers_.find(profile->GetOriginalProfile());
112c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  return it != managers_.end() ? it->second : NULL;
113c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)}
114c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
115c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)scoped_ptr<UserCloudPolicyManagerChromeOS>
116c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)    UserCloudPolicyManagerFactoryChromeOS::CreateManagerForProfile(
117c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)        Profile* profile,
1188bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles)        bool force_immediate_load,
1198bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles)        scoped_refptr<base::SequencedTaskRunner> background_task_runner) {
120c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  const CommandLine* command_line = CommandLine::ForCurrentProcess();
121c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  // Don't initialize cloud policy for the signin profile.
122c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  if (chromeos::ProfileHelper::IsSigninProfile(profile))
123c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)    return scoped_ptr<UserCloudPolicyManagerChromeOS>();
124c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
125c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  // |user| should never be NULL except for the signin profile. This object is
126c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  // created as part of the Profile creation, which happens right after
127c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  // sign-in. The just-signed-in User is the active user during that time.
1285f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)  user_manager::User* user =
129116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch      chromeos::ProfileHelper::Get()->GetUserByProfile(profile);
130c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  CHECK(user);
131c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
132c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  // Only USER_TYPE_REGULAR users have user cloud policy.
13358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // USER_TYPE_RETAIL_MODE, USER_TYPE_KIOSK_APP, USER_TYPE_GUEST and
1345f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)  // USER_TYPE_SUPERVISED are not signed in and can't authenticate the
13558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // policy registration.
136c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  // USER_TYPE_PUBLIC_ACCOUNT gets its policy from the
137c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  // DeviceLocalAccountPolicyService.
138116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch  // Non-managed domains will be skipped by the below check
139c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  const std::string& username = user->email();
140116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch  if (user->GetType() != user_manager::USER_TYPE_REGULAR ||
141c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)      BrowserPolicyConnector::IsNonEnterpriseUser(username)) {
142c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)    return scoped_ptr<UserCloudPolicyManagerChromeOS>();
143c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  }
144c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
1455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  policy::BrowserPolicyConnectorChromeOS* connector =
1465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      g_browser_process->platform_part()->browser_policy_connector_chromeos();
147c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  UserAffiliation affiliation = connector->GetUserAffiliation(username);
148116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch  const bool is_affiliated_user = affiliation == USER_AFFILIATION_MANAGED;
149c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  const bool is_browser_restart =
150116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch      command_line->HasSwitch(chromeos::switches::kLoginUser);
151116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch  const bool wait_for_initial_policy =
152116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch      !is_browser_restart &&
1536e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)      (user_manager::UserManager::Get()->IsCurrentUserNew() ||
1546e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)       is_affiliated_user);
155116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch
156116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch  const base::TimeDelta initial_policy_fetch_timeout =
1576e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)      user_manager::UserManager::Get()->IsCurrentUserNew()
158116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch          ? base::TimeDelta::Max()
159116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch          : base::TimeDelta::FromSeconds(kInitialPolicyFetchTimeoutSeconds);
160c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
161c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  DeviceManagementService* device_management_service =
162c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)      connector->device_management_service();
163c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  if (wait_for_initial_policy)
164c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)    device_management_service->ScheduleInitialization(0);
165c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
166c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  base::FilePath profile_dir = profile->GetPath();
167c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  const base::FilePath legacy_dir = profile_dir.Append(kDeviceManagementDir);
168c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  const base::FilePath policy_cache_file = legacy_dir.Append(kPolicy);
169c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  const base::FilePath token_cache_file = legacy_dir.Append(kToken);
170f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)  const base::FilePath component_policy_cache_dir =
171f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)      profile_dir.Append(kPolicy).Append(kComponentsDir);
172d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)  const base::FilePath external_data_dir =
173d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)        profile_dir.Append(kPolicy).Append(kPolicyExternalDataDir);
174c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  base::FilePath policy_key_dir;
175c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  CHECK(PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &policy_key_dir));
176c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
177bbcdd45c55eb7c4641ab97aef9889b0fc828e7d3Ben Murdoch  scoped_ptr<UserCloudPolicyStoreChromeOS> store(
178c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)      new UserCloudPolicyStoreChromeOS(
179c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)          chromeos::DBusThreadManager::Get()->GetCryptohomeClient(),
180c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)          chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
1818bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles)          background_task_runner,
182c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)          username, policy_key_dir, token_cache_file, policy_cache_file));
183d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)
184d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)  scoped_refptr<base::SequencedTaskRunner> backend_task_runner =
185d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)      content::BrowserThread::GetBlockingPool()->GetSequencedTaskRunner(
186d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)          content::BrowserThread::GetBlockingPool()->GetSequenceToken());
187d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)  scoped_refptr<base::SequencedTaskRunner> io_task_runner =
188d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)      content::BrowserThread::GetMessageLoopProxyForThread(
189d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)          content::BrowserThread::IO);
190d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)  scoped_ptr<CloudExternalDataManager> external_data_manager(
191f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)      new UserCloudExternalDataManager(base::Bind(&GetChromePolicyDetails),
192d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)                                       backend_task_runner,
193d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)                                       io_task_runner,
194d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)                                       external_data_dir,
195d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)                                       store.get()));
196bbcdd45c55eb7c4641ab97aef9889b0fc828e7d3Ben Murdoch  if (force_immediate_load)
197bbcdd45c55eb7c4641ab97aef9889b0fc828e7d3Ben Murdoch    store->LoadImmediately();
198bbcdd45c55eb7c4641ab97aef9889b0fc828e7d3Ben Murdoch
199f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)  scoped_refptr<base::SequencedTaskRunner> file_task_runner =
200f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)      content::BrowserThread::GetMessageLoopProxyForThread(
201f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)          content::BrowserThread::FILE);
202bbcdd45c55eb7c4641ab97aef9889b0fc828e7d3Ben Murdoch
203c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  scoped_ptr<UserCloudPolicyManagerChromeOS> manager(
20458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)      new UserCloudPolicyManagerChromeOS(
20558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)          store.PassAs<CloudPolicyStore>(),
206d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)          external_data_manager.Pass(),
207f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)          component_policy_cache_dir,
20858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)          wait_for_initial_policy,
209116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch          initial_policy_fetch_timeout,
210f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)          base::MessageLoopProxy::current(),
211f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)          file_task_runner,
212f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)          io_task_runner));
2135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
2145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  bool wildcard_match = false;
2155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  if (connector->IsEnterpriseManaged() &&
2165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      chromeos::LoginUtils::IsWhitelisted(username, &wildcard_match) &&
2175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      wildcard_match &&
2185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      !connector->IsNonEnterpriseUser(username)) {
2195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    manager->EnableWildcardLoginCheck(username);
2205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  }
2215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
2226d86b77056ed63eb6871182f42a9fd5f07550f90Torne (Richard Coles)  manager->Init(
2236d86b77056ed63eb6871182f42a9fd5f07550f90Torne (Richard Coles)      SchemaRegistryServiceFactory::GetForContext(profile)->registry());
224c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  manager->Connect(g_browser_process->local_state(),
225c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)                   device_management_service,
226c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)                   g_browser_process->system_request_context(),
227c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)                   affiliation);
228c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
229c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  DCHECK(managers_.find(profile) == managers_.end());
230c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  managers_[profile] = manager.get();
231c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  return manager.Pass();
232c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)}
233c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
23490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)void UserCloudPolicyManagerFactoryChromeOS::BrowserContextShutdown(
235c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)    content::BrowserContext* context) {
236c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  Profile* profile = static_cast<Profile*>(context);
237c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  if (profile->IsOffTheRecord())
238c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)    return;
239c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  UserCloudPolicyManagerChromeOS* manager = GetManagerForProfile(profile);
240c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  if (manager)
241c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)    manager->Shutdown();
242c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)}
243c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
24490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)void UserCloudPolicyManagerFactoryChromeOS::BrowserContextDestroyed(
245c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)    content::BrowserContext* context) {
246c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  Profile* profile = static_cast<Profile*>(context);
247c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  managers_.erase(profile);
24890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)  BrowserContextKeyedBaseFactory::BrowserContextDestroyed(context);
249c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)}
250c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
251c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void UserCloudPolicyManagerFactoryChromeOS::SetEmptyTestingFactory(
252c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)    content::BrowserContext* context) {}
253c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
254116680a4aac90f2aa7413d9095a592090648e557Ben Murdochbool UserCloudPolicyManagerFactoryChromeOS::HasTestingFactory(
255116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch    content::BrowserContext* context) {
256116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch  return false;
257116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch}
258116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch
259c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void UserCloudPolicyManagerFactoryChromeOS::CreateServiceNow(
260c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)    content::BrowserContext* context) {}
261c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
262c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)}  // namespace policy
263