user_cloud_policy_manager_factory_chromeos.cc revision 6d86b77056ed63eb6871182f42a9fd5f07550f90 
1// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.h"
6
7#include "base/bind.h"
8#include "base/command_line.h"
9#include "base/files/file_path.h"
10#include "base/logging.h"
11#include "base/memory/ref_counted.h"
12#include "base/message_loop/message_loop_proxy.h"
13#include "base/path_service.h"
14#include "base/sequenced_task_runner.h"
15#include "base/threading/sequenced_worker_pool.h"
16#include "base/time/time.h"
17#include "chrome/browser/browser_process.h"
18#include "chrome/browser/chromeos/login/login_utils.h"
19#include "chrome/browser/chromeos/login/users/user.h"
20#include "chrome/browser/chromeos/login/users/user_manager.h"
21#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
22#include "chrome/browser/chromeos/policy/user_cloud_external_data_manager.h"
23#include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"
24#include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"
25#include "chrome/browser/chromeos/profiles/profile_helper.h"
26#include "chrome/browser/policy/schema_registry_service.h"
27#include "chrome/browser/policy/schema_registry_service_factory.h"
28#include "chrome/browser/profiles/profile.h"
29#include "chromeos/chromeos_paths.h"
30#include "chromeos/chromeos_switches.h"
31#include "chromeos/dbus/dbus_thread_manager.h"
32#include "components/keyed_service/content/browser_context_dependency_manager.h"
33#include "components/policy/core/common/cloud/cloud_external_data_manager.h"
34#include "components/policy/core/common/cloud/device_management_service.h"
35#include "content/public/browser/browser_thread.h"
36#include "net/url_request/url_request_context_getter.h"
37#include "policy/policy_constants.h"
38
39namespace policy {
40
41namespace {
42
43// Subdirectory in the user's profile for storing legacy user policies.
44const base::FilePath::CharType kDeviceManagementDir[] =
45    FILE_PATH_LITERAL("Device Management");
46
47// File in the above directory for storing legacy user policy dmtokens.
48const base::FilePath::CharType kToken[] = FILE_PATH_LITERAL("Token");
49
50// This constant is used to build two different paths. It can be a file inside
51// kDeviceManagementDir where legacy user policy data is stored, and it can be
52// a directory inside the profile directory where other resources are stored.
53const base::FilePath::CharType kPolicy[] = FILE_PATH_LITERAL("Policy");
54
55// Directory under kPolicy, in the user's profile dir, where policy for
56// components is cached.
57const base::FilePath::CharType kComponentsDir[] =
58    FILE_PATH_LITERAL("Components");
59
60// Directory in which to store external policy data. This is specified relative
61// to kPolicy.
62const base::FilePath::CharType kPolicyExternalDataDir[] =
63    FILE_PATH_LITERAL("External Data");
64
65// Timeout in seconds after which to abandon the initial policy fetch and start
66// the session regardless.
67const int kInitialPolicyFetchTimeoutSeconds = 10;
68
69}  // namespace
70
71// static
72UserCloudPolicyManagerFactoryChromeOS*
73    UserCloudPolicyManagerFactoryChromeOS::GetInstance() {
74  return Singleton<UserCloudPolicyManagerFactoryChromeOS>::get();
75}
76
77// static
78UserCloudPolicyManagerChromeOS*
79    UserCloudPolicyManagerFactoryChromeOS::GetForProfile(
80        Profile* profile) {
81  return GetInstance()->GetManagerForProfile(profile);
82}
83
84// static
85scoped_ptr<UserCloudPolicyManagerChromeOS>
86    UserCloudPolicyManagerFactoryChromeOS::CreateForProfile(
87        Profile* profile,
88        bool force_immediate_load,
89        scoped_refptr<base::SequencedTaskRunner> background_task_runner) {
90  return GetInstance()->CreateManagerForProfile(
91      profile, force_immediate_load, background_task_runner);
92}
93
94UserCloudPolicyManagerFactoryChromeOS::UserCloudPolicyManagerFactoryChromeOS()
95    : BrowserContextKeyedBaseFactory(
96        "UserCloudPolicyManagerChromeOS",
97        BrowserContextDependencyManager::GetInstance()) {
98  DependsOn(SchemaRegistryServiceFactory::GetInstance());
99}
100
101UserCloudPolicyManagerFactoryChromeOS::
102    ~UserCloudPolicyManagerFactoryChromeOS() {}
103
104UserCloudPolicyManagerChromeOS*
105    UserCloudPolicyManagerFactoryChromeOS::GetManagerForProfile(
106        Profile* profile) {
107  // Get the manager for the original profile, since the PolicyService is
108  // also shared between the incognito Profile and the original Profile.
109  ManagerMap::const_iterator it = managers_.find(profile->GetOriginalProfile());
110  return it != managers_.end() ? it->second : NULL;
111}
112
113scoped_ptr<UserCloudPolicyManagerChromeOS>
114    UserCloudPolicyManagerFactoryChromeOS::CreateManagerForProfile(
115        Profile* profile,
116        bool force_immediate_load,
117        scoped_refptr<base::SequencedTaskRunner> background_task_runner) {
118  const CommandLine* command_line = CommandLine::ForCurrentProcess();
119  // Don't initialize cloud policy for the signin profile.
120  if (chromeos::ProfileHelper::IsSigninProfile(profile))
121    return scoped_ptr<UserCloudPolicyManagerChromeOS>();
122
123  // |user| should never be NULL except for the signin profile. This object is
124  // created as part of the Profile creation, which happens right after
125  // sign-in. The just-signed-in User is the active user during that time.
126  chromeos::UserManager* user_manager = chromeos::UserManager::Get();
127  chromeos::User* user = user_manager->GetUserByProfile(profile);
128  CHECK(user);
129
130  // Only USER_TYPE_REGULAR users have user cloud policy.
131  // USER_TYPE_RETAIL_MODE, USER_TYPE_KIOSK_APP, USER_TYPE_GUEST and
132  // USER_TYPE_LOCALLY_MANAGED are not signed in and can't authenticate the
133  // policy registration.
134  // USER_TYPE_PUBLIC_ACCOUNT gets its policy from the
135  // DeviceLocalAccountPolicyService.
136  const std::string& username = user->email();
137  if (user->GetType() != chromeos::User::USER_TYPE_REGULAR ||
138      BrowserPolicyConnector::IsNonEnterpriseUser(username)) {
139    return scoped_ptr<UserCloudPolicyManagerChromeOS>();
140  }
141
142  policy::BrowserPolicyConnectorChromeOS* connector =
143      g_browser_process->platform_part()->browser_policy_connector_chromeos();
144  UserAffiliation affiliation = connector->GetUserAffiliation(username);
145  const bool is_managed_user = affiliation == USER_AFFILIATION_MANAGED;
146  const bool is_browser_restart =
147      command_line->HasSwitch(chromeos::switches::kLoginUser) &&
148      !command_line->HasSwitch(chromeos::switches::kLoginPassword);
149  const bool wait_for_initial_policy = is_managed_user && !is_browser_restart;
150
151  DeviceManagementService* device_management_service =
152      connector->device_management_service();
153  if (wait_for_initial_policy)
154    device_management_service->ScheduleInitialization(0);
155
156  base::FilePath profile_dir = profile->GetPath();
157  const base::FilePath legacy_dir = profile_dir.Append(kDeviceManagementDir);
158  const base::FilePath policy_cache_file = legacy_dir.Append(kPolicy);
159  const base::FilePath token_cache_file = legacy_dir.Append(kToken);
160  const base::FilePath component_policy_cache_dir =
161      profile_dir.Append(kPolicy).Append(kComponentsDir);
162  const base::FilePath external_data_dir =
163        profile_dir.Append(kPolicy).Append(kPolicyExternalDataDir);
164  base::FilePath policy_key_dir;
165  CHECK(PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &policy_key_dir));
166
167  scoped_ptr<UserCloudPolicyStoreChromeOS> store(
168      new UserCloudPolicyStoreChromeOS(
169          chromeos::DBusThreadManager::Get()->GetCryptohomeClient(),
170          chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
171          background_task_runner,
172          username, policy_key_dir, token_cache_file, policy_cache_file));
173
174  scoped_refptr<base::SequencedTaskRunner> backend_task_runner =
175      content::BrowserThread::GetBlockingPool()->GetSequencedTaskRunner(
176          content::BrowserThread::GetBlockingPool()->GetSequenceToken());
177  scoped_refptr<base::SequencedTaskRunner> io_task_runner =
178      content::BrowserThread::GetMessageLoopProxyForThread(
179          content::BrowserThread::IO);
180  scoped_ptr<CloudExternalDataManager> external_data_manager(
181      new UserCloudExternalDataManager(base::Bind(&GetChromePolicyDetails),
182                                       backend_task_runner,
183                                       io_task_runner,
184                                       external_data_dir,
185                                       store.get()));
186  if (force_immediate_load)
187    store->LoadImmediately();
188
189  scoped_refptr<base::SequencedTaskRunner> file_task_runner =
190      content::BrowserThread::GetMessageLoopProxyForThread(
191          content::BrowserThread::FILE);
192
193  scoped_ptr<UserCloudPolicyManagerChromeOS> manager(
194      new UserCloudPolicyManagerChromeOS(
195          store.PassAs<CloudPolicyStore>(),
196          external_data_manager.Pass(),
197          component_policy_cache_dir,
198          wait_for_initial_policy,
199          base::TimeDelta::FromSeconds(kInitialPolicyFetchTimeoutSeconds),
200          base::MessageLoopProxy::current(),
201          file_task_runner,
202          io_task_runner));
203
204  bool wildcard_match = false;
205  if (connector->IsEnterpriseManaged() &&
206      chromeos::LoginUtils::IsWhitelisted(username, &wildcard_match) &&
207      wildcard_match &&
208      !connector->IsNonEnterpriseUser(username)) {
209    manager->EnableWildcardLoginCheck(username);
210  }
211
212  manager->Init(
213      SchemaRegistryServiceFactory::GetForContext(profile)->registry());
214  manager->Connect(g_browser_process->local_state(),
215                   device_management_service,
216                   g_browser_process->system_request_context(),
217                   affiliation);
218
219  DCHECK(managers_.find(profile) == managers_.end());
220  managers_[profile] = manager.get();
221  return manager.Pass();
222}
223
224void UserCloudPolicyManagerFactoryChromeOS::BrowserContextShutdown(
225    content::BrowserContext* context) {
226  Profile* profile = static_cast<Profile*>(context);
227  if (profile->IsOffTheRecord())
228    return;
229  UserCloudPolicyManagerChromeOS* manager = GetManagerForProfile(profile);
230  if (manager)
231    manager->Shutdown();
232}
233
234void UserCloudPolicyManagerFactoryChromeOS::BrowserContextDestroyed(
235    content::BrowserContext* context) {
236  Profile* profile = static_cast<Profile*>(context);
237  managers_.erase(profile);
238  BrowserContextKeyedBaseFactory::BrowserContextDestroyed(context);
239}
240
241void UserCloudPolicyManagerFactoryChromeOS::SetEmptyTestingFactory(
242    content::BrowserContext* context) {}
243
244void UserCloudPolicyManagerFactoryChromeOS::CreateServiceNow(
245    content::BrowserContext* context) {}
246
247}  // namespace policy
248