device_settings_service.h revision 0529e5d033099cbfc42635f6f6183833b09dff6e
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_SERVICE_H_ 6#define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_SERVICE_H_ 7 8#include <deque> 9#include <string> 10#include <vector> 11 12#include "base/basictypes.h" 13#include "base/callback.h" 14#include "base/compiler_specific.h" 15#include "base/memory/ref_counted.h" 16#include "base/memory/scoped_ptr.h" 17#include "base/observer_list.h" 18#include "base/stl_util.h" 19#include "chromeos/dbus/session_manager_client.h" 20#include "chromeos/tpm_token_loader.h" 21#include "components/policy/core/common/cloud/cloud_policy_validator.h" 22#include "policy/proto/device_management_backend.pb.h" 23 24namespace crypto { 25class RSAPrivateKey; 26} 27 28namespace enterprise_management { 29class ChromeDeviceSettingsProto; 30} 31 32namespace chromeos { 33 34class OwnerKeyUtil; 35class SessionManagerOperation; 36 37// Keeps the public and private halves of the owner key. Both may be missing, 38// but if the private key is present, the public half will be as well. This 39// class is immutable and refcounted in order to allow safe access from any 40// thread. 41class OwnerKey : public base::RefCountedThreadSafe<OwnerKey> { 42 public: 43 OwnerKey(scoped_ptr<std::vector<uint8> > public_key, 44 scoped_ptr<crypto::RSAPrivateKey> private_key); 45 46 const std::vector<uint8>* public_key() { 47 return public_key_.get(); 48 } 49 50 std::string public_key_as_string() { 51 return std::string(reinterpret_cast<const char*>( 52 vector_as_array(public_key_.get())), public_key_->size()); 53 } 54 55 crypto::RSAPrivateKey* private_key() { 56 return private_key_.get(); 57 } 58 59 private: 60 friend class base::RefCountedThreadSafe<OwnerKey>; 61 ~OwnerKey(); 62 63 scoped_ptr<std::vector<uint8> > public_key_; 64 scoped_ptr<crypto::RSAPrivateKey> private_key_; 65 66 DISALLOW_COPY_AND_ASSIGN(OwnerKey); 67}; 68 69// Deals with the low-level interface to Chromium OS device settings. Device 70// settings are stored in a protobuf that's protected by a cryptographic 71// signature generated by a key in the device owner's possession. Key and 72// settings are brokered by the session_manager daemon. 73// 74// The purpose of DeviceSettingsService is to keep track of the current key and 75// settings blob. For reading and writing device settings, use CrosSettings 76// instead, which provides a high-level interface that allows for manipulation 77// of individual settings. 78// 79// DeviceSettingsService generates notifications for key and policy update 80// events so interested parties can reload state as appropriate. 81class DeviceSettingsService : public SessionManagerClient::Observer, 82 public TPMTokenLoader::Observer { 83 public: 84 // Indicates ownership status of the device. 85 enum OwnershipStatus { 86 // Listed in upgrade order. 87 OWNERSHIP_UNKNOWN = 0, 88 OWNERSHIP_NONE, 89 OWNERSHIP_TAKEN 90 }; 91 92 typedef base::Callback<void(OwnershipStatus)> OwnershipStatusCallback; 93 typedef base::Callback<void(bool)> IsCurrentUserOwnerCallback; 94 95 // Status codes for Store(). 96 enum Status { 97 STORE_SUCCESS, 98 STORE_KEY_UNAVAILABLE, // Owner key not yet configured. 99 STORE_POLICY_ERROR, // Failure constructing the settings blob. 100 STORE_OPERATION_FAILED, // IPC to session_manager daemon failed. 101 STORE_NO_POLICY, // No settings blob present. 102 STORE_INVALID_POLICY, // Invalid settings blob. 103 STORE_VALIDATION_ERROR, // Unrecoverable policy validation failure. 104 STORE_TEMP_VALIDATION_ERROR, // Temporary policy validation failure. 105 }; 106 107 // Observer interface. 108 class Observer { 109 public: 110 virtual ~Observer(); 111 112 // Indicates device ownership status changes. 113 virtual void OwnershipStatusChanged() = 0; 114 115 // Gets call after updates to the device settings. 116 virtual void DeviceSettingsUpdated() = 0; 117 }; 118 119 // Manage singleton instance. 120 static void Initialize(); 121 static bool IsInitialized(); 122 static void Shutdown(); 123 static DeviceSettingsService* Get(); 124 125 // Creates a device settings service instance. This is meant for unit tests, 126 // production code uses the singleton returned by Get() above. 127 DeviceSettingsService(); 128 virtual ~DeviceSettingsService(); 129 130 // To be called on startup once threads are initialized and DBus is ready. 131 void SetSessionManager(SessionManagerClient* session_manager_client, 132 scoped_refptr<OwnerKeyUtil> owner_key_util); 133 134 // Prevents the service from making further calls to session_manager_client 135 // and stops any pending operations. 136 void UnsetSessionManager(); 137 138 // Returns the currently active device settings. Returns NULL if the device 139 // settings have not been retrieved from session_manager yet. 140 const enterprise_management::PolicyData* policy_data() { 141 return policy_data_.get(); 142 } 143 const enterprise_management::ChromeDeviceSettingsProto* 144 device_settings() const { 145 return device_settings_.get(); 146 } 147 148 // Returns the currently used owner key. 149 scoped_refptr<OwnerKey> GetOwnerKey(); 150 151 // Returns the status generated by the last operation. 152 Status status() { 153 return store_status_; 154 } 155 156 // Triggers an attempt to pull the public half of the owner key from disk and 157 // load the device settings. 158 void Load(); 159 160 // Signs |settings| with the private half of the owner key and sends the 161 // resulting policy blob to session manager for storage. The result of the 162 // operation is reported through |callback|. If successful, the updated device 163 // settings are present in policy_data() and device_settings() when the 164 // callback runs. 165 void SignAndStore( 166 scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> new_settings, 167 const base::Closure& callback); 168 169 // Sets the management related settings in PolicyData. Note that if 170 // |management_mode| is NOT_MANAGED, |request_token| and |device_id| should be 171 // empty strings. 172 void SetManagementSettings( 173 enterprise_management::PolicyData::ManagementMode management_mode, 174 const std::string& request_token, 175 const std::string& device_id, 176 const base::Closure& callback); 177 178 // Stores a policy blob to session_manager. The result of the operation is 179 // reported through |callback|. If successful, the updated device settings are 180 // present in policy_data() and device_settings() when the callback runs. 181 void Store(scoped_ptr<enterprise_management::PolicyFetchResponse> policy, 182 const base::Closure& callback); 183 184 // Returns the ownership status. May return OWNERSHIP_UNKNOWN if the disk 185 // hasn't been checked yet. 186 OwnershipStatus GetOwnershipStatus(); 187 188 // Determines the ownership status and reports the result to |callback|. This 189 // is guaranteed to never return OWNERSHIP_UNKNOWN. 190 void GetOwnershipStatusAsync(const OwnershipStatusCallback& callback); 191 192 // Checks whether we have the private owner key. 193 bool HasPrivateOwnerKey(); 194 195 // Determines whether the current user is the owner. The callback is 196 // guaranteed not to be called before it is possible to determine if the 197 // current user is the owner (by testing existence of the private owner key). 198 void IsCurrentUserOwnerAsync(const IsCurrentUserOwnerCallback& callback); 199 200 // Sets the identity of the user that's interacting with the service. This is 201 // relevant only for writing settings through SignAndStore(). 202 void SetUsername(const std::string& username); 203 const std::string& GetUsername() const; 204 205 // Adds an observer. 206 void AddObserver(Observer* observer); 207 // Removes an observer. 208 void RemoveObserver(Observer* observer); 209 210 // SessionManagerClient::Observer: 211 virtual void OwnerKeySet(bool success) OVERRIDE; 212 virtual void PropertyChangeComplete(bool success) OVERRIDE; 213 214 // TPMTokenLoader::Observer: 215 virtual void OnTPMTokenReady() OVERRIDE; 216 217 private: 218 // Enqueues a new operation. Takes ownership of |operation| and starts it 219 // right away if there is no active operation currently. 220 void Enqueue(SessionManagerOperation* operation); 221 222 // Enqueues a load operation. 223 void EnqueueLoad(bool force_key_load); 224 225 // Makes sure there's a reload operation so changes to the settings (and key, 226 // in case force_key_load is set) are getting picked up. 227 void EnsureReload(bool force_key_load); 228 229 // Runs the next pending operation. 230 void StartNextOperation(); 231 232 // Updates status, policy data and owner key from a finished operation. 233 // Starts the next pending operation if available. 234 void HandleCompletedOperation(const base::Closure& callback, 235 SessionManagerOperation* operation, 236 Status status); 237 238 // Assembles PolicyData based on |settings| and the current |policy_data_| 239 // and |username_|. 240 scoped_ptr<enterprise_management::PolicyData> AssemblePolicy( 241 const enterprise_management::ChromeDeviceSettingsProto& settings); 242 243 SessionManagerClient* session_manager_client_; 244 scoped_refptr<OwnerKeyUtil> owner_key_util_; 245 246 Status store_status_; 247 248 std::vector<OwnershipStatusCallback> pending_ownership_status_callbacks_; 249 std::vector<IsCurrentUserOwnerCallback> 250 pending_is_current_user_owner_callbacks_; 251 252 std::string username_; 253 scoped_refptr<OwnerKey> owner_key_; 254 // Whether TPM token still needs to be initialized. 255 bool waiting_for_tpm_token_; 256 // Whether TPM token was ready when the current owner key was set. 257 // Implies that the current user is owner iff the private owner key is set. 258 bool owner_key_loaded_with_tpm_token_; 259 260 scoped_ptr<enterprise_management::PolicyData> policy_data_; 261 scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> device_settings_; 262 263 // The queue of pending operations. The first operation on the queue is 264 // currently active; it gets removed and destroyed once it completes. 265 std::deque<SessionManagerOperation*> pending_operations_; 266 267 ObserverList<Observer, true> observers_; 268 269 // For recoverable load errors how many retries are left before we give up. 270 int load_retries_left_; 271 272 base::WeakPtrFactory<DeviceSettingsService> weak_factory_; 273 274 DISALLOW_COPY_AND_ASSIGN(DeviceSettingsService); 275}; 276 277// Helper class for tests. Initializes the DeviceSettingsService singleton on 278// construction and tears it down again on destruction. 279class ScopedTestDeviceSettingsService { 280 public: 281 ScopedTestDeviceSettingsService(); 282 ~ScopedTestDeviceSettingsService(); 283 284 private: 285 DISALLOW_COPY_AND_ASSIGN(ScopedTestDeviceSettingsService); 286}; 287 288} // namespace chromeos 289 290#endif // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_SERVICE_H_ 291