profile_policy_connector.cc revision a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7
1c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// found in the LICENSE file. 4c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 5c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/policy/profile_policy_connector.h" 6c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 7c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include <vector> 8c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 9f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "base/bind.h" 10c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/logging.h" 11c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/browser_process.h" 12c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/policy/browser_policy_connector.h" 13f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "chrome/browser/policy/policy_transformations.h" 14a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "components/policy/core/common/cloud/cloud_policy_manager.h" 15a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "components/policy/core/common/configuration_policy_provider.h" 16a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "components/policy/core/common/forwarding_policy_provider.h" 17a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "components/policy/core/common/policy_service_impl.h" 18c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 19c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#if defined(OS_CHROMEOS) 20c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/chromeos/login/user.h" 21c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/chromeos/login/user_manager.h" 22f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" 23c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h" 24eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "chrome/browser/chromeos/policy/login_profile_policy_provider.h" 25c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#endif 26c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 27c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)namespace policy { 28c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 29f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)ProfilePolicyConnector::ProfilePolicyConnector() 30c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#if defined(OS_CHROMEOS) 31f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) : is_primary_user_(false) 32c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#endif 33f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) {} 34c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 35c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)ProfilePolicyConnector::~ProfilePolicyConnector() {} 36c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 370f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)void ProfilePolicyConnector::Init( 380f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) bool force_immediate_load, 390f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)#if defined(OS_CHROMEOS) 400f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) const chromeos::User* user, 410f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)#endif 42f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) SchemaRegistry* schema_registry, 430f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) CloudPolicyManager* user_cloud_policy_manager) { 44c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // |providers| contains a list of the policy providers available for the 45f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // PolicyService of this connector, in decreasing order of priority. 46f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // 47f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Note: all the providers appended to this vector must eventually become 48f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // initialized for every policy domain, otherwise some subsystems will never 49f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // use the policies exposed by the PolicyService! 50f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // The default ConfigurationPolicyProvider::IsInitializationComplete() 51f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // result is true, so take care if a provider overrides that. 52c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) std::vector<ConfigurationPolicyProvider*> providers; 53c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 54f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) BrowserPolicyConnector* connector = 55f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) g_browser_process->browser_policy_connector(); 56f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 57f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) if (connector->GetPlatformProvider()) { 58f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) forwarding_policy_provider_.reset( 59f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) new ForwardingPolicyProvider(connector->GetPlatformProvider())); 60f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) forwarding_policy_provider_->Init(schema_registry); 61f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) providers.push_back(forwarding_policy_provider_.get()); 62f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) } 63f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 64f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#if defined(OS_CHROMEOS) 65f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) if (connector->GetDeviceCloudPolicyManager()) 66f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) providers.push_back(connector->GetDeviceCloudPolicyManager()); 67f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#endif 68f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 690f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) if (user_cloud_policy_manager) 700f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) providers.push_back(user_cloud_policy_manager); 71c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 720f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)#if defined(OS_CHROMEOS) 730f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) if (!user) { 74f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) DCHECK(schema_registry); 750f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) // This case occurs for the signin profile. 760f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) special_user_policy_provider_.reset( 770f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) new LoginProfilePolicyProvider(connector->GetPolicyService())); 78f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) special_user_policy_provider_->Init(schema_registry); 79eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch } else { 80c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // |user| should never be NULL except for the signin profile. 810f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) is_primary_user_ = user == chromeos::UserManager::Get()->GetPrimaryUser(); 82f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) if (user->GetType() == chromeos::User::USER_TYPE_PUBLIC_ACCOUNT) { 83f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) InitializeDeviceLocalAccountPolicyProvider(user->email(), 84f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) schema_registry); 85f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) } 86c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 87eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch if (special_user_policy_provider_) 88eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch providers.push_back(special_user_policy_provider_.get()); 89c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#endif 90c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 91f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) policy_service_.reset(new PolicyServiceImpl( 92f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) providers, base::Bind(&policy::FixDeprecatedPolicies))); 93c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 94c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#if defined(OS_CHROMEOS) 95c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) if (is_primary_user_) { 960f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) if (user_cloud_policy_manager) 970f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) connector->SetUserPolicyDelegate(user_cloud_policy_manager); 98eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch else if (special_user_policy_provider_) 99eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch connector->SetUserPolicyDelegate(special_user_policy_provider_.get()); 100c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 101c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#endif 102c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 103c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 104c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void ProfilePolicyConnector::InitForTesting(scoped_ptr<PolicyService> service) { 105c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) policy_service_ = service.Pass(); 106c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 107c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 108c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void ProfilePolicyConnector::Shutdown() { 109c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#if defined(OS_CHROMEOS) 110424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) if (is_primary_user_) 111424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) g_browser_process->browser_policy_connector()->SetUserPolicyDelegate(NULL); 112eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch if (special_user_policy_provider_) 113eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch special_user_policy_provider_->Shutdown(); 114c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#endif 115f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) if (forwarding_policy_provider_) 116f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) forwarding_policy_provider_->Shutdown(); 117c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 118c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 119424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles)#if defined(OS_CHROMEOS) 120c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void ProfilePolicyConnector::InitializeDeviceLocalAccountPolicyProvider( 121f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) const std::string& username, 122f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) SchemaRegistry* schema_registry) { 123c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) BrowserPolicyConnector* connector = 124c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) g_browser_process->browser_policy_connector(); 125c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) DeviceLocalAccountPolicyService* device_local_account_policy_service = 126c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) connector->GetDeviceLocalAccountPolicyService(); 127c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) if (!device_local_account_policy_service) 128c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) return; 129eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch special_user_policy_provider_.reset(new DeviceLocalAccountPolicyProvider( 130eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch username, device_local_account_policy_service)); 131f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) special_user_policy_provider_->Init(schema_registry); 132c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 133c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#endif 134c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 135c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} // namespace policy 136