1// Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef LIBBRILLO_POLICY_DEVICE_POLICY_H_
6#define LIBBRILLO_POLICY_DEVICE_POLICY_H_
7
8#include <stdint.h>
9
10#include <set>
11#include <string>
12#include <vector>
13
14#include <base/macros.h>
15
16#pragma GCC visibility push(default)
17
18namespace policy {
19
20// This class holds device settings that are to be enforced across all users.
21// It is also responsible for loading the policy blob from disk and verifying
22// the signature against the owner's key.
23//
24// This class defines the interface for querying device policy on ChromeOS.
25// The implementation is hidden in DevicePolicyImpl to prevent protobuf
26// definition from leaking into the libraries using this interface.
27class DevicePolicy {
28 public:
29  // Identifiers of a USB device or device family.
30  struct UsbDeviceId {
31    // USB Vendor Identifier (aka idVendor).
32    uint16_t vendor_id;
33
34    // USB Product Identifier (aka idProduct).
35    uint16_t product_id;
36  };
37
38  DevicePolicy();
39  virtual ~DevicePolicy();
40
41  // Load the signed policy off of disk into |policy_|.
42  // Returns true unless there is a policy on disk and loading it fails.
43  virtual bool LoadPolicy() = 0;
44
45  // Writes the value of the DevicePolicyRefreshRate policy in |rate|. Returns
46  // true on success.
47  virtual bool GetPolicyRefreshRate(int* rate) const = 0;
48
49  // Writes the value of the UserWhitelist policy in |user_whitelist|. Returns
50  // true on success.
51  virtual bool GetUserWhitelist(
52      std::vector<std::string>* user_whitelist) const = 0;
53
54  // Writes the value of the GuestModeEnabled policy in |guest_mode_enabled|.
55  // Returns true on success.
56  virtual bool GetGuestModeEnabled(bool* guest_mode_enabled) const = 0;
57
58  // Writes the value of the CameraEnabled policy in |camera_enabled|. Returns
59  // true on success.
60  virtual bool GetCameraEnabled(bool* camera_enabled) const = 0;
61
62  // Writes the value of the ShowUserNamesOnSignIn policy in |show_user_names|.
63  // Returns true on success.
64  virtual bool GetShowUserNames(bool* show_user_names) const = 0;
65
66  // Writes the value of the DataRoamingEnabled policy in |data_roaming_enabled|
67  // Returns true on success.
68  virtual bool GetDataRoamingEnabled(bool* data_roaming_enabled) const = 0;
69
70  // Writes the value of the AllowNewUsers policy in |allow_new_users|. Returns
71  // true on success.
72  virtual bool GetAllowNewUsers(bool* allow_new_users) const = 0;
73
74  // Writes the value of MetricEnabled policy in |metrics_enabled|. Returns true
75  // on success.
76  virtual bool GetMetricsEnabled(bool* metrics_enabled) const = 0;
77
78  // Writes the value of ReportVersionInfo policy in |report_version_info|.
79  // Returns true on success.
80  virtual bool GetReportVersionInfo(bool* report_version_info) const = 0;
81
82  // Writes the value of ReportActivityTimes policy in |report_activity_times|.
83  // Returns true on success.
84  virtual bool GetReportActivityTimes(bool* report_activity_times) const = 0;
85
86  // Writes the value of ReportBootMode policy in |report_boot_mode|. Returns
87  // true on success.
88  virtual bool GetReportBootMode(bool* report_boot_mode) const = 0;
89
90  // Writes the value of the EphemeralUsersEnabled policy in
91  // |ephemeral_users_enabled|. Returns true on success.
92  virtual bool GetEphemeralUsersEnabled(
93      bool* ephemeral_users_enabled) const =  0;
94
95  // Writes the value of the release channel policy in |release_channel|.
96  // Returns true on success.
97  virtual bool GetReleaseChannel(std::string* release_channel) const = 0;
98
99  // Writes the value of the release_channel_delegated policy in
100  // |release_channel_delegated|. Returns true on success.
101  virtual bool GetReleaseChannelDelegated(
102      bool* release_channel_delegated) const = 0;
103
104  // Writes the value of the update_disabled policy in |update_disabled|.
105  // Returns true on success.
106  virtual bool GetUpdateDisabled(bool* update_disabled) const = 0;
107
108  // Writes the value of the target_version_prefix policy in
109  // |target_version_prefix|. Returns true on success.
110  virtual bool GetTargetVersionPrefix(
111      std::string* target_version_prefix) const = 0;
112
113  // Writes the value of the scatter_factor_in_seconds policy in
114  // |scatter_factor_in_seconds|. Returns true on success.
115  virtual bool GetScatterFactorInSeconds(
116      int64_t* scatter_factor_in_seconds) const = 0;
117
118  // Writes the connection types on which updates are allowed to
119  // |connection_types|. The identifiers returned are intended to be consistent
120  // with what the connection manager users: ethernet, wifi, wimax, bluetooth,
121  // cellular.
122  virtual bool GetAllowedConnectionTypesForUpdate(
123      std::set<std::string>* connection_types) const = 0;
124
125  // Writes the value of the OpenNetworkConfiguration policy in
126  // |open_network_configuration|. Returns true on success.
127  virtual bool GetOpenNetworkConfiguration(
128      std::string* open_network_configuration) const = 0;
129
130  // Writes the name of the device owner in |owner|. For enterprise enrolled
131  // devices, this will be an empty string.
132  // Returns true on success.
133  virtual bool GetOwner(std::string* owner) const = 0;
134
135  // Write the value of http_downloads_enabled policy in
136  // |http_downloads_enabled|. Returns true on success.
137  virtual bool GetHttpDownloadsEnabled(bool* http_downloads_enabled) const = 0;
138
139  // Writes the value of au_p2p_enabled policy in
140  // |au_p2p_enabled|. Returns true on success.
141  virtual bool GetAuP2PEnabled(bool* au_p2p_enabled) const = 0;
142
143  // Writes the value of allow_kiosk_app_control_chrome_version policy in
144  // |allow_kiosk_app_control_chrome_version|. Returns true on success.
145  virtual bool GetAllowKioskAppControlChromeVersion(
146      bool* allow_kiosk_app_control_chrome_version) const = 0;
147
148  // Writes the value of the UsbDetachableWhitelist policy in |usb_whitelist|.
149  // Returns true on success.
150  virtual bool GetUsbDetachableWhitelist(
151      std::vector<UsbDeviceId>* usb_whitelist) const = 0;
152
153 private:
154  // Verifies that the policy files are owned by root and exist.
155  virtual bool VerifyPolicyFiles() = 0;
156
157  // Verifies that the policy signature is correct.
158  virtual bool VerifyPolicySignature() = 0;
159
160  DISALLOW_COPY_AND_ASSIGN(DevicePolicy);
161};
162}  // namespace policy
163
164#pragma GCC visibility pop
165
166#endif  // LIBBRILLO_POLICY_DEVICE_POLICY_H_
167