X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=src%2Fchrome%2Fbrowser%2Fchromeos%2Fsettings%2Fdevice_settings_service.cc;h=53b2a561ef37ed801968059f856c29a60fa6d1cf;hb=3545e9f2671f595d2a2f3ee75ca0393b01e35ef6;hp=c05cd0cc857649ef4a48c64028f987825a12bdf5;hpb=7d210d4c7e9ba36e635eabc5b5780495f8a63292;p=platform%2Fframework%2Fweb%2Fcrosswalk.git diff --git a/src/chrome/browser/chromeos/settings/device_settings_service.cc b/src/chrome/browser/chromeos/settings/device_settings_service.cc index c05cd0c..53b2a56 100644 --- a/src/chrome/browser/chromeos/settings/device_settings_service.cc +++ b/src/chrome/browser/chromeos/settings/device_settings_service.cc @@ -11,8 +11,8 @@ #include "base/time/time.h" #include "chrome/browser/chrome_notification_types.h" #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" -#include "chrome/browser/chromeos/settings/owner_key_util.h" #include "chrome/browser/chromeos/settings/session_manager_operation.h" +#include "components/ownership/owner_key_util.h" #include "components/policy/core/common/cloud/cloud_policy_constants.h" #include "content/public/browser/browser_thread.h" #include "content/public/browser/notification_service.h" @@ -21,6 +21,9 @@ namespace em = enterprise_management; +using ownership::OwnerKeyUtil; +using ownership::PublicKey; + namespace { // Delay between load retries when there was a validation error. @@ -32,6 +35,62 @@ int kLoadRetryDelayMs = 1000 * 5; // of retry time. int kMaxLoadRetries = (1000 * 60 * 10) / kLoadRetryDelayMs; +// Assembles PolicyData based on |settings|, |policy_data| and +// |user_id|. +scoped_ptr AssemblePolicy( + const std::string& user_id, + const em::PolicyData* policy_data, + const em::ChromeDeviceSettingsProto* settings) { + scoped_ptr policy(new em::PolicyData()); + if (policy_data) { + // Preserve management settings. + if (policy_data->has_management_mode()) + policy->set_management_mode(policy_data->management_mode()); + if (policy_data->has_request_token()) + policy->set_request_token(policy_data->request_token()); + if (policy_data->has_device_id()) + policy->set_device_id(policy_data->device_id()); + } else { + // If there's no previous policy data, this is the first time the device + // setting is set. We set the management mode to NOT_MANAGED initially. + policy->set_management_mode(em::PolicyData::NOT_MANAGED); + } + policy->set_policy_type(policy::dm_protocol::kChromeDevicePolicyType); + policy->set_timestamp( + (base::Time::Now() - base::Time::UnixEpoch()).InMilliseconds()); + policy->set_username(user_id); + if (!settings->SerializeToString(policy->mutable_policy_value())) + return scoped_ptr(); + + return policy.Pass(); +} + +// Returns true if it is okay to transfer from the current mode to the new +// mode. This function should be called in SetManagementMode(). +bool CheckManagementModeTransition(em::PolicyData::ManagementMode current_mode, + em::PolicyData::ManagementMode new_mode) { + // Mode is not changed. + if (current_mode == new_mode) + return true; + + switch (current_mode) { + case em::PolicyData::NOT_MANAGED: + // For consumer management enrollment. + return new_mode == em::PolicyData::CONSUMER_MANAGED; + + case em::PolicyData::ENTERPRISE_MANAGED: + // Management mode cannot be set when it is currently ENTERPRISE_MANAGED. + return false; + + case em::PolicyData::CONSUMER_MANAGED: + // For consumer management unenrollment. + return new_mode == em::PolicyData::NOT_MANAGED; + } + + NOTREACHED(); + return false; +} + } // namespace namespace chromeos { @@ -113,10 +172,18 @@ void DeviceSettingsService::Load() { void DeviceSettingsService::SignAndStore( scoped_ptr new_settings, const base::Closure& callback) { - if (!delegate_) + if (!owner_settings_service_) { HandleError(STORE_KEY_UNAVAILABLE, callback); - else - delegate_->SignAndStoreAsync(new_settings.Pass(), callback); + return; + } + scoped_ptr policy = + AssemblePolicy(GetUsername(), policy_data(), new_settings.get()); + if (!policy) { + HandleError(STORE_POLICY_ERROR, callback); + return; + } + + owner_settings_service_->SignAndStorePolicyAsync(policy.Pass(), callback); } void DeviceSettingsService::SetManagementSettings( @@ -124,12 +191,34 @@ void DeviceSettingsService::SetManagementSettings( const std::string& request_token, const std::string& device_id, const base::Closure& callback) { - if (!delegate_) { + if (!owner_settings_service_) { HandleError(STORE_KEY_UNAVAILABLE, callback); - } else { - delegate_->SetManagementSettingsAsync( - management_mode, request_token, device_id, callback); + return; + } + + em::PolicyData::ManagementMode current_mode = em::PolicyData::NOT_MANAGED; + if (policy_data() && policy_data()->has_management_mode()) + current_mode = policy_data()->management_mode(); + + if (!CheckManagementModeTransition(current_mode, management_mode)) { + LOG(ERROR) << "Invalid management mode transition: current mode = " + << current_mode << ", new mode = " << management_mode; + HandleError(DeviceSettingsService::STORE_POLICY_ERROR, callback); + return; + } + + scoped_ptr policy = + AssemblePolicy(GetUsername(), policy_data(), device_settings()); + if (!policy) { + HandleError(DeviceSettingsService::STORE_POLICY_ERROR, callback); + return; } + + policy->set_management_mode(management_mode); + policy->set_request_token(request_token); + policy->set_device_id(device_id); + + owner_settings_service_->SignAndStorePolicyAsync(policy.Pass(), callback); } void DeviceSettingsService::Store(scoped_ptr policy, @@ -144,14 +233,14 @@ void DeviceSettingsService::Store(scoped_ptr policy, DeviceSettingsService::OwnershipStatus DeviceSettingsService::GetOwnershipStatus() { - if (public_key_) + if (public_key_.get()) return public_key_->is_loaded() ? OWNERSHIP_TAKEN : OWNERSHIP_NONE; return OWNERSHIP_UNKNOWN; } void DeviceSettingsService::GetOwnershipStatusAsync( const OwnershipStatusCallback& callback) { - if (public_key_) { + if (public_key_.get()) { // If there is a key, report status immediately. base::MessageLoop::current()->PostTask( FROM_HERE, base::Bind(callback, GetOwnershipStatus())); @@ -166,18 +255,19 @@ void DeviceSettingsService::GetOwnershipStatusAsync( } bool DeviceSettingsService::HasPrivateOwnerKey() { - return delegate_ && delegate_->IsOwner(); + return owner_settings_service_ && owner_settings_service_->IsOwner(); } void DeviceSettingsService::InitOwner( const std::string& username, - const base::WeakPtr& delegate) { + const base::WeakPtr& + owner_settings_service) { // When InitOwner() is called twice with the same |username| it's // worth to reload settings since owner key may become available. if (!username_.empty() && username_ != username) return; username_ = username; - delegate_ = delegate; + owner_settings_service_ = owner_settings_service; EnsureReload(true); } @@ -227,14 +317,15 @@ void DeviceSettingsService::EnqueueLoad(bool force_key_load) { base::Closure())); operation->set_force_key_load(force_key_load); operation->set_username(username_); - operation->set_delegate(delegate_); + operation->set_owner_settings_service(owner_settings_service_); Enqueue(operation); } void DeviceSettingsService::EnsureReload(bool force_key_load) { if (!pending_operations_.empty()) { pending_operations_.front()->set_username(username_); - pending_operations_.front()->set_delegate(delegate_); + pending_operations_.front()->set_owner_settings_service( + owner_settings_service_); pending_operations_.front()->RestartLoad(force_key_load); } else { EnqueueLoad(force_key_load);