user_cloud_policy_manager_factory_chromeos.cc revision a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7 
1// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.h"
6
7#include "base/bind.h"
8#include "base/command_line.h"
9#include "base/files/file_path.h"
10#include "base/logging.h"
11#include "base/memory/ref_counted.h"
12#include "base/message_loop/message_loop_proxy.h"
13#include "base/path_service.h"
14#include "base/sequenced_task_runner.h"
15#include "base/threading/sequenced_worker_pool.h"
16#include "base/time/time.h"
17#include "chrome/browser/browser_process.h"
18#include "chrome/browser/chromeos/login/user.h"
19#include "chrome/browser/chromeos/login/user_manager.h"
20#include "chrome/browser/chromeos/policy/user_cloud_external_data_manager.h"
21#include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"
22#include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"
23#include "chrome/browser/chromeos/profiles/profile_helper.h"
24#include "chrome/browser/policy/browser_policy_connector.h"
25#include "chrome/browser/policy/schema_registry_service.h"
26#include "chrome/browser/policy/schema_registry_service_factory.h"
27#include "chrome/browser/profiles/profile.h"
28#include "chromeos/chromeos_paths.h"
29#include "chromeos/chromeos_switches.h"
30#include "chromeos/dbus/dbus_thread_manager.h"
31#include "components/browser_context_keyed_service/browser_context_dependency_manager.h"
32#include "components/policy/core/common/cloud/cloud_external_data_manager.h"
33#include "components/policy/core/common/cloud/device_management_service.h"
34#include "content/public/browser/browser_thread.h"
35#include "net/url_request/url_request_context_getter.h"
36#include "policy/policy_constants.h"
37
38namespace policy {
39
40namespace {
41
42// Subdirectory in the user's profile for storing legacy user policies.
43const base::FilePath::CharType kDeviceManagementDir[] =
44    FILE_PATH_LITERAL("Device Management");
45
46// File in the above directory for storing legacy user policy dmtokens.
47const base::FilePath::CharType kToken[] = FILE_PATH_LITERAL("Token");
48
49// This constant is used to build two different paths. It can be a file inside
50// kDeviceManagementDir where legacy user policy data is stored, and it can be
51// a directory inside the profile directory where other resources are stored.
52const base::FilePath::CharType kPolicy[] = FILE_PATH_LITERAL("Policy");
53
54// Directory under kPolicy, in the user's profile dir, where policy for
55// components is cached.
56const base::FilePath::CharType kComponentsDir[] =
57    FILE_PATH_LITERAL("Components");
58
59// Directory in which to store external policy data. This is specified relative
60// to kPolicy.
61const base::FilePath::CharType kPolicyExternalDataDir[] =
62    FILE_PATH_LITERAL("External Data");
63
64// Timeout in seconds after which to abandon the initial policy fetch and start
65// the session regardless.
66const int kInitialPolicyFetchTimeoutSeconds = 10;
67
68}  // namespace
69
70// static
71UserCloudPolicyManagerFactoryChromeOS*
72    UserCloudPolicyManagerFactoryChromeOS::GetInstance() {
73  return Singleton<UserCloudPolicyManagerFactoryChromeOS>::get();
74}
75
76// static
77UserCloudPolicyManagerChromeOS*
78    UserCloudPolicyManagerFactoryChromeOS::GetForProfile(
79        Profile* profile) {
80  return GetInstance()->GetManagerForProfile(profile);
81}
82
83// static
84scoped_ptr<UserCloudPolicyManagerChromeOS>
85    UserCloudPolicyManagerFactoryChromeOS::CreateForProfile(
86        Profile* profile,
87        bool force_immediate_load,
88        scoped_refptr<base::SequencedTaskRunner> background_task_runner) {
89  return GetInstance()->CreateManagerForProfile(
90      profile, force_immediate_load, background_task_runner);
91}
92
93UserCloudPolicyManagerFactoryChromeOS::UserCloudPolicyManagerFactoryChromeOS()
94    : BrowserContextKeyedBaseFactory(
95        "UserCloudPolicyManagerChromeOS",
96        BrowserContextDependencyManager::GetInstance()) {
97  DependsOn(SchemaRegistryServiceFactory::GetInstance());
98}
99
100UserCloudPolicyManagerFactoryChromeOS::
101    ~UserCloudPolicyManagerFactoryChromeOS() {}
102
103UserCloudPolicyManagerChromeOS*
104    UserCloudPolicyManagerFactoryChromeOS::GetManagerForProfile(
105        Profile* profile) {
106  // Get the manager for the original profile, since the PolicyService is
107  // also shared between the incognito Profile and the original Profile.
108  ManagerMap::const_iterator it = managers_.find(profile->GetOriginalProfile());
109  return it != managers_.end() ? it->second : NULL;
110}
111
112scoped_ptr<UserCloudPolicyManagerChromeOS>
113    UserCloudPolicyManagerFactoryChromeOS::CreateManagerForProfile(
114        Profile* profile,
115        bool force_immediate_load,
116        scoped_refptr<base::SequencedTaskRunner> background_task_runner) {
117  const CommandLine* command_line = CommandLine::ForCurrentProcess();
118  // Don't initialize cloud policy for the signin profile.
119  if (chromeos::ProfileHelper::IsSigninProfile(profile))
120    return scoped_ptr<UserCloudPolicyManagerChromeOS>();
121
122  // |user| should never be NULL except for the signin profile. This object is
123  // created as part of the Profile creation, which happens right after
124  // sign-in. The just-signed-in User is the active user during that time.
125  chromeos::UserManager* user_manager = chromeos::UserManager::Get();
126  chromeos::User* user = user_manager->GetUserByProfile(profile);
127  CHECK(user);
128
129  // Only USER_TYPE_REGULAR users have user cloud policy.
130  // USER_TYPE_RETAIL_MODE, USER_TYPE_KIOSK_APP, USER_TYPE_GUEST and
131  // USER_TYPE_LOCALLY_MANAGED are not signed in and can't authenticate the
132  // policy registration.
133  // USER_TYPE_PUBLIC_ACCOUNT gets its policy from the
134  // DeviceLocalAccountPolicyService.
135  const std::string& username = user->email();
136  if (user->GetType() != chromeos::User::USER_TYPE_REGULAR ||
137      BrowserPolicyConnector::IsNonEnterpriseUser(username)) {
138    return scoped_ptr<UserCloudPolicyManagerChromeOS>();
139  }
140
141  BrowserPolicyConnector* connector =
142      g_browser_process->browser_policy_connector();
143  UserAffiliation affiliation = connector->GetUserAffiliation(username);
144  const bool is_managed_user = affiliation == USER_AFFILIATION_MANAGED;
145  const bool is_browser_restart =
146      command_line->HasSwitch(chromeos::switches::kLoginUser) &&
147      !command_line->HasSwitch(chromeos::switches::kLoginPassword);
148  const bool wait_for_initial_policy = is_managed_user && !is_browser_restart;
149
150  DeviceManagementService* device_management_service =
151      connector->device_management_service();
152  if (wait_for_initial_policy)
153    device_management_service->ScheduleInitialization(0);
154
155  base::FilePath profile_dir = profile->GetPath();
156  const base::FilePath legacy_dir = profile_dir.Append(kDeviceManagementDir);
157  const base::FilePath policy_cache_file = legacy_dir.Append(kPolicy);
158  const base::FilePath token_cache_file = legacy_dir.Append(kToken);
159  const base::FilePath component_policy_cache_dir =
160      profile_dir.Append(kPolicy).Append(kComponentsDir);
161  const base::FilePath external_data_dir =
162        profile_dir.Append(kPolicy).Append(kPolicyExternalDataDir);
163  base::FilePath policy_key_dir;
164  CHECK(PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &policy_key_dir));
165
166  scoped_ptr<UserCloudPolicyStoreChromeOS> store(
167      new UserCloudPolicyStoreChromeOS(
168          chromeos::DBusThreadManager::Get()->GetCryptohomeClient(),
169          chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
170          background_task_runner,
171          username, policy_key_dir, token_cache_file, policy_cache_file));
172
173  scoped_refptr<base::SequencedTaskRunner> backend_task_runner =
174      content::BrowserThread::GetBlockingPool()->GetSequencedTaskRunner(
175          content::BrowserThread::GetBlockingPool()->GetSequenceToken());
176  scoped_refptr<base::SequencedTaskRunner> io_task_runner =
177      content::BrowserThread::GetMessageLoopProxyForThread(
178          content::BrowserThread::IO);
179  scoped_ptr<CloudExternalDataManager> external_data_manager(
180      new UserCloudExternalDataManager(base::Bind(&GetChromePolicyDetails),
181                                       backend_task_runner,
182                                       io_task_runner,
183                                       external_data_dir,
184                                       store.get()));
185  if (force_immediate_load)
186    store->LoadImmediately();
187
188  scoped_refptr<base::SequencedTaskRunner> file_task_runner =
189      content::BrowserThread::GetMessageLoopProxyForThread(
190          content::BrowserThread::FILE);
191
192  scoped_ptr<UserCloudPolicyManagerChromeOS> manager(
193      new UserCloudPolicyManagerChromeOS(
194          store.PassAs<CloudPolicyStore>(),
195          external_data_manager.Pass(),
196          component_policy_cache_dir,
197          wait_for_initial_policy,
198          base::TimeDelta::FromSeconds(kInitialPolicyFetchTimeoutSeconds),
199          base::MessageLoopProxy::current(),
200          file_task_runner,
201          io_task_runner));
202  manager->Init(SchemaRegistryServiceFactory::GetForContext(profile));
203  manager->Connect(g_browser_process->local_state(),
204                   device_management_service,
205                   g_browser_process->system_request_context(),
206                   affiliation);
207
208  DCHECK(managers_.find(profile) == managers_.end());
209  managers_[profile] = manager.get();
210  return manager.Pass();
211}
212
213void UserCloudPolicyManagerFactoryChromeOS::BrowserContextShutdown(
214    content::BrowserContext* context) {
215  Profile* profile = static_cast<Profile*>(context);
216  if (profile->IsOffTheRecord())
217    return;
218  UserCloudPolicyManagerChromeOS* manager = GetManagerForProfile(profile);
219  if (manager)
220    manager->Shutdown();
221}
222
223void UserCloudPolicyManagerFactoryChromeOS::BrowserContextDestroyed(
224    content::BrowserContext* context) {
225  Profile* profile = static_cast<Profile*>(context);
226  managers_.erase(profile);
227  BrowserContextKeyedBaseFactory::BrowserContextDestroyed(context);
228}
229
230void UserCloudPolicyManagerFactoryChromeOS::SetEmptyTestingFactory(
231    content::BrowserContext* context) {}
232
233void UserCloudPolicyManagerFactoryChromeOS::CreateServiceNow(
234    content::BrowserContext* context) {}
235
236}  // namespace policy
237