user_cloud_policy_manager_factory_chromeos.cc revision a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7
1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.h" 6 7#include "base/bind.h" 8#include "base/command_line.h" 9#include "base/files/file_path.h" 10#include "base/logging.h" 11#include "base/memory/ref_counted.h" 12#include "base/message_loop/message_loop_proxy.h" 13#include "base/path_service.h" 14#include "base/sequenced_task_runner.h" 15#include "base/threading/sequenced_worker_pool.h" 16#include "base/time/time.h" 17#include "chrome/browser/browser_process.h" 18#include "chrome/browser/chromeos/login/user.h" 19#include "chrome/browser/chromeos/login/user_manager.h" 20#include "chrome/browser/chromeos/policy/user_cloud_external_data_manager.h" 21#include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h" 22#include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" 23#include "chrome/browser/chromeos/profiles/profile_helper.h" 24#include "chrome/browser/policy/browser_policy_connector.h" 25#include "chrome/browser/policy/schema_registry_service.h" 26#include "chrome/browser/policy/schema_registry_service_factory.h" 27#include "chrome/browser/profiles/profile.h" 28#include "chromeos/chromeos_paths.h" 29#include "chromeos/chromeos_switches.h" 30#include "chromeos/dbus/dbus_thread_manager.h" 31#include "components/browser_context_keyed_service/browser_context_dependency_manager.h" 32#include "components/policy/core/common/cloud/cloud_external_data_manager.h" 33#include "components/policy/core/common/cloud/device_management_service.h" 34#include "content/public/browser/browser_thread.h" 35#include "net/url_request/url_request_context_getter.h" 36#include "policy/policy_constants.h" 37 38namespace policy { 39 40namespace { 41 42// Subdirectory in the user's profile for storing legacy user policies. 43const base::FilePath::CharType kDeviceManagementDir[] = 44 FILE_PATH_LITERAL("Device Management"); 45 46// File in the above directory for storing legacy user policy dmtokens. 47const base::FilePath::CharType kToken[] = FILE_PATH_LITERAL("Token"); 48 49// This constant is used to build two different paths. It can be a file inside 50// kDeviceManagementDir where legacy user policy data is stored, and it can be 51// a directory inside the profile directory where other resources are stored. 52const base::FilePath::CharType kPolicy[] = FILE_PATH_LITERAL("Policy"); 53 54// Directory under kPolicy, in the user's profile dir, where policy for 55// components is cached. 56const base::FilePath::CharType kComponentsDir[] = 57 FILE_PATH_LITERAL("Components"); 58 59// Directory in which to store external policy data. This is specified relative 60// to kPolicy. 61const base::FilePath::CharType kPolicyExternalDataDir[] = 62 FILE_PATH_LITERAL("External Data"); 63 64// Timeout in seconds after which to abandon the initial policy fetch and start 65// the session regardless. 66const int kInitialPolicyFetchTimeoutSeconds = 10; 67 68} // namespace 69 70// static 71UserCloudPolicyManagerFactoryChromeOS* 72 UserCloudPolicyManagerFactoryChromeOS::GetInstance() { 73 return Singleton<UserCloudPolicyManagerFactoryChromeOS>::get(); 74} 75 76// static 77UserCloudPolicyManagerChromeOS* 78 UserCloudPolicyManagerFactoryChromeOS::GetForProfile( 79 Profile* profile) { 80 return GetInstance()->GetManagerForProfile(profile); 81} 82 83// static 84scoped_ptr<UserCloudPolicyManagerChromeOS> 85 UserCloudPolicyManagerFactoryChromeOS::CreateForProfile( 86 Profile* profile, 87 bool force_immediate_load, 88 scoped_refptr<base::SequencedTaskRunner> background_task_runner) { 89 return GetInstance()->CreateManagerForProfile( 90 profile, force_immediate_load, background_task_runner); 91} 92 93UserCloudPolicyManagerFactoryChromeOS::UserCloudPolicyManagerFactoryChromeOS() 94 : BrowserContextKeyedBaseFactory( 95 "UserCloudPolicyManagerChromeOS", 96 BrowserContextDependencyManager::GetInstance()) { 97 DependsOn(SchemaRegistryServiceFactory::GetInstance()); 98} 99 100UserCloudPolicyManagerFactoryChromeOS:: 101 ~UserCloudPolicyManagerFactoryChromeOS() {} 102 103UserCloudPolicyManagerChromeOS* 104 UserCloudPolicyManagerFactoryChromeOS::GetManagerForProfile( 105 Profile* profile) { 106 // Get the manager for the original profile, since the PolicyService is 107 // also shared between the incognito Profile and the original Profile. 108 ManagerMap::const_iterator it = managers_.find(profile->GetOriginalProfile()); 109 return it != managers_.end() ? it->second : NULL; 110} 111 112scoped_ptr<UserCloudPolicyManagerChromeOS> 113 UserCloudPolicyManagerFactoryChromeOS::CreateManagerForProfile( 114 Profile* profile, 115 bool force_immediate_load, 116 scoped_refptr<base::SequencedTaskRunner> background_task_runner) { 117 const CommandLine* command_line = CommandLine::ForCurrentProcess(); 118 // Don't initialize cloud policy for the signin profile. 119 if (chromeos::ProfileHelper::IsSigninProfile(profile)) 120 return scoped_ptr<UserCloudPolicyManagerChromeOS>(); 121 122 // |user| should never be NULL except for the signin profile. This object is 123 // created as part of the Profile creation, which happens right after 124 // sign-in. The just-signed-in User is the active user during that time. 125 chromeos::UserManager* user_manager = chromeos::UserManager::Get(); 126 chromeos::User* user = user_manager->GetUserByProfile(profile); 127 CHECK(user); 128 129 // Only USER_TYPE_REGULAR users have user cloud policy. 130 // USER_TYPE_RETAIL_MODE, USER_TYPE_KIOSK_APP, USER_TYPE_GUEST and 131 // USER_TYPE_LOCALLY_MANAGED are not signed in and can't authenticate the 132 // policy registration. 133 // USER_TYPE_PUBLIC_ACCOUNT gets its policy from the 134 // DeviceLocalAccountPolicyService. 135 const std::string& username = user->email(); 136 if (user->GetType() != chromeos::User::USER_TYPE_REGULAR || 137 BrowserPolicyConnector::IsNonEnterpriseUser(username)) { 138 return scoped_ptr<UserCloudPolicyManagerChromeOS>(); 139 } 140 141 BrowserPolicyConnector* connector = 142 g_browser_process->browser_policy_connector(); 143 UserAffiliation affiliation = connector->GetUserAffiliation(username); 144 const bool is_managed_user = affiliation == USER_AFFILIATION_MANAGED; 145 const bool is_browser_restart = 146 command_line->HasSwitch(chromeos::switches::kLoginUser) && 147 !command_line->HasSwitch(chromeos::switches::kLoginPassword); 148 const bool wait_for_initial_policy = is_managed_user && !is_browser_restart; 149 150 DeviceManagementService* device_management_service = 151 connector->device_management_service(); 152 if (wait_for_initial_policy) 153 device_management_service->ScheduleInitialization(0); 154 155 base::FilePath profile_dir = profile->GetPath(); 156 const base::FilePath legacy_dir = profile_dir.Append(kDeviceManagementDir); 157 const base::FilePath policy_cache_file = legacy_dir.Append(kPolicy); 158 const base::FilePath token_cache_file = legacy_dir.Append(kToken); 159 const base::FilePath component_policy_cache_dir = 160 profile_dir.Append(kPolicy).Append(kComponentsDir); 161 const base::FilePath external_data_dir = 162 profile_dir.Append(kPolicy).Append(kPolicyExternalDataDir); 163 base::FilePath policy_key_dir; 164 CHECK(PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &policy_key_dir)); 165 166 scoped_ptr<UserCloudPolicyStoreChromeOS> store( 167 new UserCloudPolicyStoreChromeOS( 168 chromeos::DBusThreadManager::Get()->GetCryptohomeClient(), 169 chromeos::DBusThreadManager::Get()->GetSessionManagerClient(), 170 background_task_runner, 171 username, policy_key_dir, token_cache_file, policy_cache_file)); 172 173 scoped_refptr<base::SequencedTaskRunner> backend_task_runner = 174 content::BrowserThread::GetBlockingPool()->GetSequencedTaskRunner( 175 content::BrowserThread::GetBlockingPool()->GetSequenceToken()); 176 scoped_refptr<base::SequencedTaskRunner> io_task_runner = 177 content::BrowserThread::GetMessageLoopProxyForThread( 178 content::BrowserThread::IO); 179 scoped_ptr<CloudExternalDataManager> external_data_manager( 180 new UserCloudExternalDataManager(base::Bind(&GetChromePolicyDetails), 181 backend_task_runner, 182 io_task_runner, 183 external_data_dir, 184 store.get())); 185 if (force_immediate_load) 186 store->LoadImmediately(); 187 188 scoped_refptr<base::SequencedTaskRunner> file_task_runner = 189 content::BrowserThread::GetMessageLoopProxyForThread( 190 content::BrowserThread::FILE); 191 192 scoped_ptr<UserCloudPolicyManagerChromeOS> manager( 193 new UserCloudPolicyManagerChromeOS( 194 store.PassAs<CloudPolicyStore>(), 195 external_data_manager.Pass(), 196 component_policy_cache_dir, 197 wait_for_initial_policy, 198 base::TimeDelta::FromSeconds(kInitialPolicyFetchTimeoutSeconds), 199 base::MessageLoopProxy::current(), 200 file_task_runner, 201 io_task_runner)); 202 manager->Init(SchemaRegistryServiceFactory::GetForContext(profile)); 203 manager->Connect(g_browser_process->local_state(), 204 device_management_service, 205 g_browser_process->system_request_context(), 206 affiliation); 207 208 DCHECK(managers_.find(profile) == managers_.end()); 209 managers_[profile] = manager.get(); 210 return manager.Pass(); 211} 212 213void UserCloudPolicyManagerFactoryChromeOS::BrowserContextShutdown( 214 content::BrowserContext* context) { 215 Profile* profile = static_cast<Profile*>(context); 216 if (profile->IsOffTheRecord()) 217 return; 218 UserCloudPolicyManagerChromeOS* manager = GetManagerForProfile(profile); 219 if (manager) 220 manager->Shutdown(); 221} 222 223void UserCloudPolicyManagerFactoryChromeOS::BrowserContextDestroyed( 224 content::BrowserContext* context) { 225 Profile* profile = static_cast<Profile*>(context); 226 managers_.erase(profile); 227 BrowserContextKeyedBaseFactory::BrowserContextDestroyed(context); 228} 229 230void UserCloudPolicyManagerFactoryChromeOS::SetEmptyTestingFactory( 231 content::BrowserContext* context) {} 232 233void UserCloudPolicyManagerFactoryChromeOS::CreateServiceNow( 234 content::BrowserContext* context) {} 235 236} // namespace policy 237