policy_watcher_linux.cc revision a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// Most of this code is copied from various classes in
6// src/chrome/browser/policy. In particular, look at
7//
8//   file_based_policy_loader.{h,cc}
9//   config_dir_policy_provider.{h,cc}
10//
11// This is a reduction of the functionality in those classes.
12
13#include <set>
14
15#include "remoting/host/policy_hack/policy_watcher.h"
16
17#include "base/bind.h"
18#include "base/compiler_specific.h"
19#include "base/file_util.h"
20#include "base/files/file_enumerator.h"
21#include "base/files/file_path.h"
22#include "base/files/file_path_watcher.h"
23#include "base/json/json_file_value_serializer.h"
24#include "base/memory/scoped_ptr.h"
25#include "base/memory/weak_ptr.h"
26#include "base/single_thread_task_runner.h"
27#include "base/synchronization/waitable_event.h"
28#include "base/time/time.h"
29#include "base/values.h"
30
31namespace remoting {
32namespace policy_hack {
33
34namespace {
35
36const base::FilePath::CharType kPolicyDir[] =
37  // Always read the Chrome policies (even on Chromium) so that policy
38  // enforcement can't be bypassed by running Chromium.
39  FILE_PATH_LITERAL("/etc/opt/chrome/policies/managed");
40
41// Amount of time we wait for the files on disk to settle before trying to load
42// them. This alleviates the problem of reading partially written files and
43// makes it possible to batch quasi-simultaneous changes.
44const int kSettleIntervalSeconds = 5;
45
46}  // namespace
47
48class PolicyWatcherLinux : public PolicyWatcher {
49 public:
50  PolicyWatcherLinux(scoped_refptr<base::SingleThreadTaskRunner> task_runner,
51                     const base::FilePath& config_dir)
52      : PolicyWatcher(task_runner),
53        config_dir_(config_dir),
54        weak_factory_(this) {
55  }
56
57  virtual ~PolicyWatcherLinux() {}
58
59 protected:
60  virtual void StartWatchingInternal() OVERRIDE {
61    DCHECK(OnPolicyWatcherThread());
62    watcher_.reset(new base::FilePathWatcher());
63
64    if (!config_dir_.empty() &&
65        !watcher_->Watch(
66            config_dir_, false,
67            base::Bind(&PolicyWatcherLinux::OnFilePathChanged,
68                       weak_factory_.GetWeakPtr()))) {
69      OnFilePathChanged(config_dir_, true);
70    }
71
72    // There might have been changes to the directory in the time between
73    // construction of the loader and initialization of the watcher. Call reload
74    // to detect if that is the case.
75    Reload();
76
77    ScheduleFallbackReloadTask();
78  }
79
80  virtual void StopWatchingInternal() OVERRIDE {
81    DCHECK(OnPolicyWatcherThread());
82
83    // Stop watching for changes to files in the policies directory.
84    watcher_.reset();
85
86    // Orphan any pending OnFilePathChanged tasks.
87    weak_factory_.InvalidateWeakPtrs();
88  }
89
90 private:
91  void OnFilePathChanged(const base::FilePath& path, bool error) {
92    DCHECK(OnPolicyWatcherThread());
93
94    if (!error)
95      Reload();
96    else
97      LOG(ERROR) << "PolicyWatcherLinux on " << path.value() << " failed.";
98  }
99
100  base::Time GetLastModification() {
101    DCHECK(OnPolicyWatcherThread());
102    base::Time last_modification = base::Time();
103    base::PlatformFileInfo file_info;
104
105    // If the path does not exist or points to a directory, it's safe to load.
106    if (!base::GetFileInfo(config_dir_, &file_info) ||
107        !file_info.is_directory) {
108      return last_modification;
109    }
110
111    // Enumerate the files and find the most recent modification timestamp.
112    base::FileEnumerator file_enumerator(config_dir_,
113                                         false,
114                                         base::FileEnumerator::FILES);
115    for (base::FilePath config_file = file_enumerator.Next();
116         !config_file.empty();
117         config_file = file_enumerator.Next()) {
118      if (base::GetFileInfo(config_file, &file_info) &&
119          !file_info.is_directory) {
120        last_modification = std::max(last_modification,
121                                     file_info.last_modified);
122      }
123    }
124
125    return last_modification;
126  }
127
128  // Returns NULL if the policy dictionary couldn't be read.
129  scoped_ptr<DictionaryValue> Load() {
130    DCHECK(OnPolicyWatcherThread());
131    // Enumerate the files and sort them lexicographically.
132    std::set<base::FilePath> files;
133    base::FileEnumerator file_enumerator(config_dir_, false,
134                                         base::FileEnumerator::FILES);
135    for (base::FilePath config_file_path = file_enumerator.Next();
136         !config_file_path.empty(); config_file_path = file_enumerator.Next())
137      files.insert(config_file_path);
138
139    // Start with an empty dictionary and merge the files' contents.
140    scoped_ptr<DictionaryValue> policy(new DictionaryValue());
141    for (std::set<base::FilePath>::iterator config_file_iter = files.begin();
142         config_file_iter != files.end(); ++config_file_iter) {
143      JSONFileValueSerializer deserializer(*config_file_iter);
144      deserializer.set_allow_trailing_comma(true);
145      int error_code = 0;
146      std::string error_msg;
147      scoped_ptr<Value> value(
148          deserializer.Deserialize(&error_code, &error_msg));
149      if (!value.get()) {
150        LOG(WARNING) << "Failed to read configuration file "
151                     << config_file_iter->value() << ": " << error_msg;
152        return scoped_ptr<DictionaryValue>();
153      }
154      if (!value->IsType(Value::TYPE_DICTIONARY)) {
155        LOG(WARNING) << "Expected JSON dictionary in configuration file "
156                     << config_file_iter->value();
157        return scoped_ptr<DictionaryValue>();
158      }
159      policy->MergeDictionary(static_cast<DictionaryValue*>(value.get()));
160    }
161
162    return policy.Pass();
163  }
164
165  virtual void Reload() OVERRIDE {
166    DCHECK(OnPolicyWatcherThread());
167    // Check the directory time in order to see whether a reload is required.
168    base::TimeDelta delay;
169    base::Time now = base::Time::Now();
170    if (!IsSafeToReloadPolicy(now, &delay)) {
171      ScheduleReloadTask(delay);
172      return;
173    }
174
175    // Check again in case the directory has changed while reading it.
176    if (!IsSafeToReloadPolicy(now, &delay)) {
177      ScheduleReloadTask(delay);
178      return;
179    }
180
181    // Load the policy definitions.
182    scoped_ptr<DictionaryValue> new_policy = Load();
183    if (new_policy.get()) {
184      UpdatePolicies(new_policy.get());
185      ScheduleFallbackReloadTask();
186    } else {
187      // A failure to load policy definitions is probably temporary, so try
188      // again soon.
189      ScheduleReloadTask(base::TimeDelta::FromSeconds(kSettleIntervalSeconds));
190    }
191  }
192
193  bool IsSafeToReloadPolicy(const base::Time& now, base::TimeDelta* delay) {
194    DCHECK(OnPolicyWatcherThread());
195    DCHECK(delay);
196    const base::TimeDelta kSettleInterval =
197        base::TimeDelta::FromSeconds(kSettleIntervalSeconds);
198
199    base::Time last_modification = GetLastModification();
200    if (last_modification.is_null())
201      return true;
202
203    if (last_modification_file_.is_null())
204      last_modification_file_ = last_modification;
205
206    // If there was a change since the last recorded modification, wait some
207    // more.
208    if (last_modification != last_modification_file_) {
209      last_modification_file_ = last_modification;
210      last_modification_clock_ = now;
211      *delay = kSettleInterval;
212      return false;
213    }
214
215    // Check whether the settle interval has elapsed.
216    base::TimeDelta age = now - last_modification_clock_;
217    if (age < kSettleInterval) {
218      *delay = kSettleInterval - age;
219      return false;
220    }
221
222    return true;
223  }
224
225  // Managed with a scoped_ptr rather than being declared as an inline member to
226  // decouple the watcher's life cycle from the PolicyWatcherLinux. This
227  // decoupling makes it possible to destroy the watcher before the loader's
228  // destructor is called (e.g. during Stop), since |watcher_| internally holds
229  // a reference to the loader and keeps it alive.
230  scoped_ptr<base::FilePathWatcher> watcher_;
231
232  // Records last known modification timestamp of |config_dir_|.
233  base::Time last_modification_file_;
234
235  // The wall clock time at which the last modification timestamp was
236  // recorded.  It's better to not assume the file notification time and the
237  // wall clock times come from the same source, just in case there is some
238  // non-local filesystem involved.
239  base::Time last_modification_clock_;
240
241  const base::FilePath config_dir_;
242
243  // Allows us to cancel any inflight FileWatcher events or scheduled reloads.
244  base::WeakPtrFactory<PolicyWatcherLinux> weak_factory_;
245};
246
247PolicyWatcher* PolicyWatcher::Create(
248    scoped_refptr<base::SingleThreadTaskRunner> task_runner) {
249  base::FilePath policy_dir(kPolicyDir);
250  return new PolicyWatcherLinux(task_runner, policy_dir);
251}
252
253}  // namespace policy_hack
254}  // namespace remoting
255