#include "chrome/browser/browser_process.h"
#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
#include "chrome/browser/chromeos/policy/device_local_account.h"
+#include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
#include "chrome/browser/chromeos/settings/cros_settings.h"
#include "chrome/browser/chromeos/settings/device_settings_cache.h"
-#include "chrome/browser/ui/options/options_util.h"
+#include "chrome/browser/metrics/metrics_reporting_state.h"
#include "chrome/installer/util/google_update_settings.h"
#include "chromeos/chromeos_switches.h"
+#include "chromeos/dbus/cryptohome_client.h"
+#include "chromeos/dbus/dbus_thread_manager.h"
#include "chromeos/settings/cros_settings_names.h"
-#include "components/policy/core/common/cloud/cloud_policy_constants.h"
#include "policy/proto/device_management_backend.pb.h"
using google::protobuf::RepeatedField;
kAccountsPrefEphemeralUsersEnabled,
kAccountsPrefShowUserNamesOnSignIn,
kAccountsPrefSupervisedUsersEnabled,
+ kAccountsPrefTransferSAMLCookies,
kAccountsPrefUsers,
kAllowRedeemChromeOsRegistrationOffers,
kAllowedConnectionTypesForUpdate,
// immediate.
DCHECK(!store_callback_factory_.HasWeakPtrs());
+ trusted_status_ = TEMPORARILY_UNTRUSTED;
// Apply the locally-accumulated device settings on top of the initial
// settings from the service and write back the result.
if (device_settings_service_->device_settings()) {
guest->set_guest_mode_enabled(guest_value);
else
NOTREACHED();
+ } else if (prop == kAccountsPrefSupervisedUsersEnabled) {
+ em::SupervisedUsersSettingsProto* supervised =
+ device_settings_.mutable_supervised_users_settings();
+ bool supervised_value;
+ if (value->GetAsBoolean(&supervised_value))
+ supervised->set_supervised_users_enabled(supervised_value);
+ else
+ NOTREACHED();
} else if (prop == kAccountsPrefShowUserNamesOnSignIn) {
em::ShowUserNamesOnSigninProto* show =
device_settings_.mutable_show_user_names();
} else {
// The remaining settings don't support Set(), since they are not
// intended to be customizable by the user:
- // kAccountsPrefSupervisedUsersEnabled
+ // kAccountsPrefTransferSAMLCookies
// kAppPack
// kDeviceAttestationEnabled
// kDeviceOwner
// true is default permissive value and false is safe prohibitive value.
// Exceptions:
// kAccountsPrefEphemeralUsersEnabled has a default value of false.
+ // kAccountsPrefSupervisedUsersEnabled has a default value of false
+ // for enterprise devices and true for consumer devices.
+ // kAccountsPrefTransferSAMLCookies has a default value of false.
if (policy.has_allow_new_users() &&
policy.allow_new_users().has_allow_new_users()) {
if (policy.allow_new_users().allow_new_users()) {
!policy.guest_mode_enabled().has_guest_mode_enabled() ||
policy.guest_mode_enabled().guest_mode_enabled());
+ policy::BrowserPolicyConnectorChromeOS* connector =
+ g_browser_process->platform_part()->browser_policy_connector_chromeos();
+ bool supervised_users_enabled = false;
+ if (connector->IsEnterpriseManaged()) {
+ supervised_users_enabled =
+ policy.has_supervised_users_settings() &&
+ policy.supervised_users_settings().has_supervised_users_enabled() &&
+ policy.supervised_users_settings().supervised_users_enabled();
+ } else {
+ supervised_users_enabled =
+ !policy.has_supervised_users_settings() ||
+ !policy.supervised_users_settings().has_supervised_users_enabled() ||
+ policy.supervised_users_settings().supervised_users_enabled();
+ }
+ new_values_cache->SetBoolean(
+ kAccountsPrefSupervisedUsersEnabled, supervised_users_enabled);
+
new_values_cache->SetBoolean(
kAccountsPrefShowUserNamesOnSignIn,
!policy.has_show_user_names() ||
policy.ephemeral_users_enabled().has_ephemeral_users_enabled() &&
policy.ephemeral_users_enabled().ephemeral_users_enabled());
- new_values_cache->SetBoolean(
- kAccountsPrefSupervisedUsersEnabled,
- policy.has_supervised_users_settings() &&
- policy.supervised_users_settings().supervised_users_enabled());
-
base::ListValue* list = new base::ListValue();
const em::UserWhitelistProto& whitelist_proto = policy.user_whitelist();
const RepeatedPtrField<std::string>& whitelist =
}
new_values_cache->SetValue(kStartUpFlags, list);
}
+
+ if (policy.has_saml_settings()) {
+ new_values_cache->SetBoolean(
+ kAccountsPrefTransferSAMLCookies,
+ policy.saml_settings().transfer_saml_cookies());
+ }
}
void DeviceSettingsProvider::DecodeKioskPolicies(
if (use_file) {
new_value = HasOldMetricsFile();
// Make sure the values will get eventually written to the policy file.
- migration_values_.SetValue(kStatsReportingPref,
- base::Value::CreateBooleanValue(new_value));
+ migration_values_.SetBoolean(kStatsReportingPref, new_value);
AttemptMigration();
VLOG(1) << "No metrics policy set will revert to checking "
<< "consent file which is "
<< "(use file : " << use_file << ")";
// TODO(pastarmovj): Remove this once we don't need to regenerate the
// consent file for the GUID anymore.
- OptionsUtil::ResolveMetricsReportingEnabled(new_value);
+ ResolveMetricsReportingEnabled(new_value);
}
void DeviceSettingsProvider::ApplySideEffects(