user_cloud_policy_manager_factory_chromeos.cc revision bbcdd45c55eb7c4641ab97aef9889b0fc828e7d3
1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.h" 6 7#include "base/command_line.h" 8#include "base/files/file_path.h" 9#include "base/logging.h" 10#include "base/path_service.h" 11#include "chrome/browser/browser_process.h" 12#include "chrome/browser/chromeos/login/user.h" 13#include "chrome/browser/chromeos/login/user_manager.h" 14#include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h" 15#include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" 16#include "chrome/browser/chromeos/profiles/profile_helper.h" 17#include "chrome/browser/policy/browser_policy_connector.h" 18#include "chrome/browser/policy/cloud/device_management_service.h" 19#include "chrome/browser/policy/cloud/resource_cache.h" 20#include "chrome/browser/profiles/profile.h" 21#include "chrome/common/chrome_switches.h" 22#include "chromeos/chromeos_paths.h" 23#include "chromeos/chromeos_switches.h" 24#include "chromeos/dbus/dbus_thread_manager.h" 25#include "components/browser_context_keyed_service/browser_context_dependency_manager.h" 26#include "net/url_request/url_request_context_getter.h" 27 28namespace policy { 29 30namespace { 31 32// Subdirectory in the user's profile for storing legacy user policies. 33const base::FilePath::CharType kDeviceManagementDir[] = 34 FILE_PATH_LITERAL("Device Management"); 35// File in the above directory for storing legacy user policy dmtokens. 36const base::FilePath::CharType kToken[] = FILE_PATH_LITERAL("Token"); 37// This constant is used to build two different paths. It can be a file inside 38// kDeviceManagementDir where legacy user policy data is stored, and it can be 39// a directory inside the profile directory where other resources are stored. 40const base::FilePath::CharType kPolicy[] = FILE_PATH_LITERAL("Policy"); 41// Directory under kPolicy, in the user's profile dir, where external policy 42// resources are stored. 43const base::FilePath::CharType kResourceDir[] = FILE_PATH_LITERAL("Resources"); 44 45} // namespace 46 47// static 48UserCloudPolicyManagerFactoryChromeOS* 49 UserCloudPolicyManagerFactoryChromeOS::GetInstance() { 50 return Singleton<UserCloudPolicyManagerFactoryChromeOS>::get(); 51} 52 53// static 54UserCloudPolicyManagerChromeOS* 55 UserCloudPolicyManagerFactoryChromeOS::GetForProfile( 56 Profile* profile) { 57 return GetInstance()->GetManagerForProfile(profile); 58} 59 60// static 61scoped_ptr<UserCloudPolicyManagerChromeOS> 62 UserCloudPolicyManagerFactoryChromeOS::CreateForProfile( 63 Profile* profile, 64 bool force_immediate_load) { 65 return GetInstance()->CreateManagerForProfile(profile, force_immediate_load); 66} 67 68UserCloudPolicyManagerFactoryChromeOS::UserCloudPolicyManagerFactoryChromeOS() 69 : BrowserContextKeyedBaseFactory( 70 "UserCloudPolicyManagerChromeOS", 71 BrowserContextDependencyManager::GetInstance()) {} 72 73UserCloudPolicyManagerFactoryChromeOS:: 74 ~UserCloudPolicyManagerFactoryChromeOS() {} 75 76UserCloudPolicyManagerChromeOS* 77 UserCloudPolicyManagerFactoryChromeOS::GetManagerForProfile( 78 Profile* profile) { 79 // Get the manager for the original profile, since the PolicyService is 80 // also shared between the incognito Profile and the original Profile. 81 ManagerMap::const_iterator it = managers_.find(profile->GetOriginalProfile()); 82 return it != managers_.end() ? it->second : NULL; 83} 84 85scoped_ptr<UserCloudPolicyManagerChromeOS> 86 UserCloudPolicyManagerFactoryChromeOS::CreateManagerForProfile( 87 Profile* profile, 88 bool force_immediate_load) { 89 const CommandLine* command_line = CommandLine::ForCurrentProcess(); 90 // Don't initialize cloud policy for the signin profile. 91 if (chromeos::ProfileHelper::IsSigninProfile(profile)) 92 return scoped_ptr<UserCloudPolicyManagerChromeOS>(); 93 94 // |user| should never be NULL except for the signin profile. This object is 95 // created as part of the Profile creation, which happens right after 96 // sign-in. The just-signed-in User is the active user during that time. 97 chromeos::UserManager* user_manager = chromeos::UserManager::Get(); 98 chromeos::User* user = user_manager->GetActiveUser(); 99 CHECK(user); 100 101 // Only USER_TYPE_REGULAR users have user cloud policy. 102 // USER_TYPE_RETAIL_MODE, USER_TYPE_KIOSK_APP and USER_TYPE_GUEST are not 103 // signed in and can't authenticate the policy registration. 104 // USER_TYPE_PUBLIC_ACCOUNT gets its policy from the 105 // DeviceLocalAccountPolicyService. 106 // USER_TYPE_LOCALLY_MANAGED gets its policy from the 107 // ManagedModePolicyProvider. 108 const std::string& username = user->email(); 109 if (user->GetType() != chromeos::User::USER_TYPE_REGULAR || 110 BrowserPolicyConnector::IsNonEnterpriseUser(username)) { 111 return scoped_ptr<UserCloudPolicyManagerChromeOS>(); 112 } 113 114 BrowserPolicyConnector* connector = 115 g_browser_process->browser_policy_connector(); 116 UserAffiliation affiliation = connector->GetUserAffiliation(username); 117 const bool is_managed_user = affiliation == USER_AFFILIATION_MANAGED; 118 const bool is_browser_restart = 119 command_line->HasSwitch(chromeos::switches::kLoginUser) && 120 !command_line->HasSwitch(chromeos::switches::kLoginPassword); 121 const bool wait_for_initial_policy = is_managed_user && !is_browser_restart; 122 123 DeviceManagementService* device_management_service = 124 connector->device_management_service(); 125 if (wait_for_initial_policy) 126 device_management_service->ScheduleInitialization(0); 127 128 base::FilePath profile_dir = profile->GetPath(); 129 const base::FilePath legacy_dir = profile_dir.Append(kDeviceManagementDir); 130 const base::FilePath policy_cache_file = legacy_dir.Append(kPolicy); 131 const base::FilePath token_cache_file = legacy_dir.Append(kToken); 132 const base::FilePath resource_cache_dir = 133 profile_dir.Append(kPolicy).Append(kResourceDir); 134 base::FilePath policy_key_dir; 135 CHECK(PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &policy_key_dir)); 136 137 scoped_ptr<UserCloudPolicyStoreChromeOS> store( 138 new UserCloudPolicyStoreChromeOS( 139 chromeos::DBusThreadManager::Get()->GetCryptohomeClient(), 140 chromeos::DBusThreadManager::Get()->GetSessionManagerClient(), 141 username, policy_key_dir, token_cache_file, policy_cache_file)); 142 if (force_immediate_load) 143 store->LoadImmediately(); 144 145 scoped_ptr<ResourceCache> resource_cache; 146 if (command_line->HasSwitch(switches::kEnableComponentCloudPolicy)) 147 resource_cache.reset(new ResourceCache(resource_cache_dir)); 148 149 scoped_ptr<UserCloudPolicyManagerChromeOS> manager( 150 new UserCloudPolicyManagerChromeOS(store.PassAs<CloudPolicyStore>(), 151 resource_cache.Pass(), 152 wait_for_initial_policy)); 153 manager->Init(); 154 manager->Connect(g_browser_process->local_state(), 155 device_management_service, 156 g_browser_process->system_request_context(), 157 affiliation); 158 159 DCHECK(managers_.find(profile) == managers_.end()); 160 managers_[profile] = manager.get(); 161 return manager.Pass(); 162} 163 164void UserCloudPolicyManagerFactoryChromeOS::BrowserContextShutdown( 165 content::BrowserContext* context) { 166 Profile* profile = static_cast<Profile*>(context); 167 if (profile->IsOffTheRecord()) 168 return; 169 UserCloudPolicyManagerChromeOS* manager = GetManagerForProfile(profile); 170 if (manager) 171 manager->Shutdown(); 172} 173 174void UserCloudPolicyManagerFactoryChromeOS::BrowserContextDestroyed( 175 content::BrowserContext* context) { 176 Profile* profile = static_cast<Profile*>(context); 177 managers_.erase(profile); 178 BrowserContextKeyedBaseFactory::BrowserContextDestroyed(context); 179} 180 181void UserCloudPolicyManagerFactoryChromeOS::SetEmptyTestingFactory( 182 content::BrowserContext* context) {} 183 184void UserCloudPolicyManagerFactoryChromeOS::CreateServiceNow( 185 content::BrowserContext* context) {} 186 187} // namespace policy 188