src/chrome/browser/policy/profile_policy_connector.cc

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/policy/profile_policy_connector.h"
   6
   7 #include <vector>
   8
   9 #include "base/bind.h"
  10 #include "base/logging.h"
  11 #include "base/values.h"
  12 #include "chrome/browser/browser_process.h"
  13 #include "components/policy/core/browser/browser_policy_connector.h"
  14 #include "components/policy/core/common/cloud/cloud_policy_core.h"
  15 #include "components/policy/core/common/cloud/cloud_policy_manager.h"
  16 #include "components/policy/core/common/cloud/cloud_policy_store.h"
  17 #include "components/policy/core/common/configuration_policy_provider.h"
  18 #include "components/policy/core/common/forwarding_policy_provider.h"
  19 #include "components/policy/core/common/policy_service_impl.h"
  20 #include "google_apis/gaia/gaia_auth_util.h"
  21
  22 #if defined(OS_CHROMEOS)
  23 #include "chrome/browser/chromeos/login/users/user.h"
  24 #include "chrome/browser/chromeos/login/users/user_manager.h"
  25 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
  26 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
  27 #include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h"
  28 #include "chrome/browser/chromeos/policy/login_profile_policy_provider.h"
  29 #endif
  30
  31 namespace policy {
  32
  33 namespace {
  34
  35 bool HasChromePolicy(ConfigurationPolicyProvider* provider,
  36                      const char* name) {
  37   if (!provider)
  38     return false;
  39   PolicyNamespace chrome_ns(POLICY_DOMAIN_CHROME, "");
  40   return provider->policies().Get(chrome_ns).Get(name) != NULL;
  41 }
  42
  43 }  // namespace
  44
  45 ProfilePolicyConnector::ProfilePolicyConnector()
  46 #if defined(OS_CHROMEOS)
  47     : is_primary_user_(false),
  48       user_cloud_policy_manager_(NULL)
  49 #else
  50     : user_cloud_policy_manager_(NULL)
  51 #endif
  52       {}
  53
  54 ProfilePolicyConnector::~ProfilePolicyConnector() {}
  55
  56 void ProfilePolicyConnector::Init(
  57     bool force_immediate_load,
  58 #if defined(OS_CHROMEOS)
  59     const chromeos::User* user,
  60 #endif
  61     SchemaRegistry* schema_registry,
  62     CloudPolicyManager* user_cloud_policy_manager) {
  63   user_cloud_policy_manager_ = user_cloud_policy_manager;
  64
  65   // |providers| contains a list of the policy providers available for the
  66   // PolicyService of this connector, in decreasing order of priority.
  67   //
  68   // Note: all the providers appended to this vector must eventually become
  69   // initialized for every policy domain, otherwise some subsystems will never
  70   // use the policies exposed by the PolicyService!
  71   // The default ConfigurationPolicyProvider::IsInitializationComplete()
  72   // result is true, so take care if a provider overrides that.
  73   //
  74   // Note: if you append a new provider then make sure IsPolicyFromCloudPolicy()
  75   // is also updated below.
  76   std::vector<ConfigurationPolicyProvider*> providers;
  77
  78 #if defined(OS_CHROMEOS)
  79   BrowserPolicyConnectorChromeOS* connector =
  80       g_browser_process->platform_part()->browser_policy_connector_chromeos();
  81 #else
  82   BrowserPolicyConnector* connector =
  83       g_browser_process->browser_policy_connector();
  84 #endif
  85
  86   if (connector->GetPlatformProvider()) {
  87     forwarding_policy_provider_.reset(
  88         new ForwardingPolicyProvider(connector->GetPlatformProvider()));
  89     forwarding_policy_provider_->Init(schema_registry);
  90     providers.push_back(forwarding_policy_provider_.get());
  91   }
  92
  93 #if defined(OS_CHROMEOS)
  94   if (connector->GetDeviceCloudPolicyManager())
  95     providers.push_back(connector->GetDeviceCloudPolicyManager());
  96 #endif
  97
  98   if (user_cloud_policy_manager)
  99     providers.push_back(user_cloud_policy_manager);
 100
 101 #if defined(OS_CHROMEOS)
 102   if (!user) {
 103     DCHECK(schema_registry);
 104     // This case occurs for the signin profile.
 105     special_user_policy_provider_.reset(
 106         new LoginProfilePolicyProvider(connector->GetPolicyService()));
 107   } else {
 108     // |user| should never be NULL except for the signin profile.
 109     is_primary_user_ = user == chromeos::UserManager::Get()->GetPrimaryUser();
 110     special_user_policy_provider_ = DeviceLocalAccountPolicyProvider::Create(
 111         user->email(),
 112         connector->GetDeviceLocalAccountPolicyService());
 113   }
 114   if (special_user_policy_provider_) {
 115     special_user_policy_provider_->Init(schema_registry);
 116     providers.push_back(special_user_policy_provider_.get());
 117   }
 118 #endif
 119
 120   policy_service_.reset(new PolicyServiceImpl(providers));
 121
 122 #if defined(OS_CHROMEOS)
 123   if (is_primary_user_) {
 124     if (user_cloud_policy_manager)
 125       connector->SetUserPolicyDelegate(user_cloud_policy_manager);
 126     else if (special_user_policy_provider_)
 127       connector->SetUserPolicyDelegate(special_user_policy_provider_.get());
 128   }
 129 #endif
 130 }
 131
 132 void ProfilePolicyConnector::InitForTesting(scoped_ptr<PolicyService> service) {
 133   policy_service_ = service.Pass();
 134 }
 135
 136 void ProfilePolicyConnector::Shutdown() {
 137 #if defined(OS_CHROMEOS)
 138   BrowserPolicyConnectorChromeOS* connector =
 139       g_browser_process->platform_part()->browser_policy_connector_chromeos();
 140   if (is_primary_user_)
 141     connector->SetUserPolicyDelegate(NULL);
 142   if (special_user_policy_provider_)
 143     special_user_policy_provider_->Shutdown();
 144 #endif
 145   if (forwarding_policy_provider_)
 146     forwarding_policy_provider_->Shutdown();
 147 }
 148
 149 bool ProfilePolicyConnector::IsManaged() const {
 150   return !GetManagementDomain().empty();
 151 }
 152
 153 std::string ProfilePolicyConnector::GetManagementDomain() const {
 154   if (!user_cloud_policy_manager_)
 155     return "";
 156   CloudPolicyStore* store = user_cloud_policy_manager_->core()->store();
 157   if (store && store->is_managed() && store->policy()->has_username())
 158     return gaia::ExtractDomainName(store->policy()->username());
 159   return "";
 160 }
 161
 162 bool ProfilePolicyConnector::IsPolicyFromCloudPolicy(const char* name) const {
 163   if (!HasChromePolicy(user_cloud_policy_manager_, name))
 164     return false;
 165
 166   // Check all the providers that have higher priority than the
 167   // |user_cloud_policy_manager_|. These checks must be kept in sync with the
 168   // order of the providers in Init().
 169
 170   if (HasChromePolicy(forwarding_policy_provider_.get(), name))
 171     return false;
 172
 173 #if defined(OS_CHROMEOS)
 174   BrowserPolicyConnectorChromeOS* connector =
 175       g_browser_process->platform_part()->browser_policy_connector_chromeos();
 176   if (HasChromePolicy(connector->GetDeviceCloudPolicyManager(), name))
 177     return false;
 178 #endif
 179
 180   return true;
 181 }
 182
 183 }  // namespace policy