1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
7 #include "base/command_line.h"
8 #include "base/files/file_path.h"
9 #include "base/logging.h"
10 #include "base/message_loop/message_loop_proxy.h"
11 #include "base/path_service.h"
12 #include "base/prefs/pref_registry_simple.h"
13 #include "base/sequenced_task_runner.h"
14 #include "base/strings/utf_string_conversions.h"
15 #include "base/threading/sequenced_worker_pool.h"
16 #include "chrome/browser/chromeos/policy/app_pack_updater.h"
17 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
18 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
19 #include "chrome/browser/chromeos/policy/device_local_account.h"
20 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
21 #include "chrome/browser/chromeos/policy/device_network_configuration_updater.h"
22 #include "chrome/browser/chromeos/policy/device_status_collector.h"
23 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
24 #include "chrome/browser/chromeos/settings/cros_settings.h"
25 #include "chrome/browser/chromeos/settings/device_settings_service.h"
26 #include "chrome/common/pref_names.h"
27 #include "chromeos/chromeos_paths.h"
28 #include "chromeos/chromeos_switches.h"
29 #include "chromeos/cryptohome/system_salt_getter.h"
30 #include "chromeos/dbus/dbus_thread_manager.h"
31 #include "chromeos/network/network_handler.h"
32 #include "chromeos/network/onc/onc_certificate_importer_impl.h"
33 #include "chromeos/settings/cros_settings_names.h"
34 #include "chromeos/settings/cros_settings_provider.h"
35 #include "chromeos/settings/timezone_settings.h"
36 #include "chromeos/system/statistics_provider.h"
37 #include "components/policy/core/common/cloud/cloud_policy_client.h"
38 #include "components/policy/core/common/cloud/cloud_policy_refresh_scheduler.h"
39 #include "components/policy/core/common/proxy_policy_provider.h"
40 #include "content/public/browser/browser_thread.h"
41 #include "google_apis/gaia/gaia_auth_util.h"
42 #include "net/url_request/url_request_context_getter.h"
44 using content::BrowserThread;
50 // Install attributes for tests.
51 EnterpriseInstallAttributes* g_testing_install_attributes = NULL;
53 // Helper that returns a new SequencedTaskRunner backed by the blocking pool.
54 // Each SequencedTaskRunner returned is independent from the others.
55 scoped_refptr<base::SequencedTaskRunner> GetBackgroundTaskRunner() {
56 base::SequencedWorkerPool* pool = BrowserThread::GetBlockingPool();
58 return pool->GetSequencedTaskRunnerWithShutdownBehavior(
59 pool->GetSequenceToken(), base::SequencedWorkerPool::SKIP_ON_SHUTDOWN);
64 BrowserPolicyConnectorChromeOS::BrowserPolicyConnectorChromeOS()
65 : device_cloud_policy_manager_(NULL),
66 global_user_cloud_policy_provider_(NULL),
67 weak_ptr_factory_(this) {
68 if (g_testing_install_attributes)
69 install_attributes_.reset(g_testing_install_attributes);
71 // SystemSaltGetter or DBusThreadManager may be uninitialized on unit tests.
73 // TODO(satorux): Remove SystemSaltGetter::IsInitialized() when it's ready
74 // (removing it now breaks tests). crbug.com/141016.
75 if (chromeos::SystemSaltGetter::IsInitialized() &&
76 chromeos::DBusThreadManager::IsInitialized()) {
77 chromeos::CryptohomeClient* cryptohome_client =
78 chromeos::DBusThreadManager::Get()->GetCryptohomeClient();
79 if (!g_testing_install_attributes) {
80 install_attributes_.reset(
81 new EnterpriseInstallAttributes(cryptohome_client));
83 base::FilePath install_attrs_file;
84 CHECK(PathService::Get(chromeos::FILE_INSTALL_ATTRIBUTES,
85 &install_attrs_file));
86 install_attributes_->ReadCacheFile(install_attrs_file);
88 scoped_ptr<DeviceCloudPolicyStoreChromeOS> device_cloud_policy_store(
89 new DeviceCloudPolicyStoreChromeOS(
90 chromeos::DeviceSettingsService::Get(),
91 install_attributes_.get(),
92 GetBackgroundTaskRunner()));
93 device_cloud_policy_manager_ =
94 new DeviceCloudPolicyManagerChromeOS(device_cloud_policy_store.Pass(),
95 base::MessageLoopProxy::current(),
96 GetBackgroundTaskRunner(),
97 install_attributes_.get());
99 scoped_ptr<ConfigurationPolicyProvider>(device_cloud_policy_manager_));
102 global_user_cloud_policy_provider_ = new ProxyPolicyProvider();
103 AddPolicyProvider(scoped_ptr<ConfigurationPolicyProvider>(
104 global_user_cloud_policy_provider_));
107 BrowserPolicyConnectorChromeOS::~BrowserPolicyConnectorChromeOS() {}
109 void BrowserPolicyConnectorChromeOS::Init(
110 PrefService* local_state,
111 scoped_refptr<net::URLRequestContextGetter> request_context) {
112 ChromeBrowserPolicyConnector::Init(local_state, request_context);
114 if (device_cloud_policy_manager_) {
115 // Note: for now the |device_cloud_policy_manager_| is using the global
116 // schema registry. Eventually it will have its own registry, once device
117 // cloud policy for extensions is introduced. That means it'd have to be
118 // initialized from here instead of BrowserPolicyConnector::Init().
120 scoped_ptr<CloudPolicyClient::StatusProvider> status_provider(
121 new DeviceStatusCollector(
123 chromeos::system::StatisticsProvider::GetInstance(),
125 device_cloud_policy_manager_->Connect(
126 local_state, device_management_service(), status_provider.Pass());
129 CommandLine* command_line = CommandLine::ForCurrentProcess();
130 if (!command_line->HasSwitch(chromeos::switches::kDisableLocalAccounts)) {
131 device_local_account_policy_service_.reset(
132 new DeviceLocalAccountPolicyService(
133 chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
134 chromeos::DeviceSettingsService::Get(),
135 chromeos::CrosSettings::Get(),
136 GetBackgroundTaskRunner(),
137 GetBackgroundTaskRunner(),
138 GetBackgroundTaskRunner(),
139 content::BrowserThread::GetMessageLoopProxyForThread(
140 content::BrowserThread::IO),
142 device_local_account_policy_service_->Connect(device_management_service());
145 // request_context is NULL in unit tests.
146 if (request_context && install_attributes_) {
147 app_pack_updater_.reset(
148 new AppPackUpdater(request_context, install_attributes_.get()));
151 SetTimezoneIfPolicyAvailable();
153 network_configuration_updater_ =
154 DeviceNetworkConfigurationUpdater::CreateForDevicePolicy(
156 chromeos::NetworkHandler::Get()
157 ->managed_network_configuration_handler(),
158 chromeos::NetworkHandler::Get()->network_device_handler(),
159 chromeos::CrosSettings::Get());
162 void BrowserPolicyConnectorChromeOS::Shutdown() {
163 // The AppPackUpdater may be observing the |device_cloud_policy_manager_|.
165 app_pack_updater_.reset();
167 network_configuration_updater_.reset();
169 if (device_local_account_policy_service_)
170 device_local_account_policy_service_->Shutdown();
172 ChromeBrowserPolicyConnector::Shutdown();
175 bool BrowserPolicyConnectorChromeOS::IsEnterpriseManaged() {
176 return install_attributes_ && install_attributes_->IsEnterpriseDevice();
179 std::string BrowserPolicyConnectorChromeOS::GetEnterpriseDomain() {
180 return install_attributes_ ? install_attributes_->GetDomain() : std::string();
183 DeviceMode BrowserPolicyConnectorChromeOS::GetDeviceMode() {
184 return install_attributes_ ? install_attributes_->GetMode()
185 : DEVICE_MODE_NOT_SET;
188 UserAffiliation BrowserPolicyConnectorChromeOS::GetUserAffiliation(
189 const std::string& user_name) {
190 // An empty username means incognito user in case of ChromiumOS and
191 // no logged-in user in case of Chromium (SigninService). Many tests use
192 // nonsense email addresses (e.g. 'test') so treat those as non-enterprise
194 if (user_name.empty() || user_name.find('@') == std::string::npos)
195 return USER_AFFILIATION_NONE;
197 if (install_attributes_ &&
198 (gaia::ExtractDomainName(gaia::CanonicalizeEmail(user_name)) ==
199 install_attributes_->GetDomain() ||
200 policy::IsDeviceLocalAccountUser(user_name, NULL))) {
201 return USER_AFFILIATION_MANAGED;
204 return USER_AFFILIATION_NONE;
207 AppPackUpdater* BrowserPolicyConnectorChromeOS::GetAppPackUpdater() {
208 return app_pack_updater_.get();
211 void BrowserPolicyConnectorChromeOS::SetUserPolicyDelegate(
212 ConfigurationPolicyProvider* user_policy_provider) {
213 global_user_cloud_policy_provider_->SetDelegate(user_policy_provider);
216 void BrowserPolicyConnectorChromeOS::SetInstallAttributesForTesting(
217 EnterpriseInstallAttributes* attributes) {
218 DCHECK(!g_testing_install_attributes);
219 g_testing_install_attributes = attributes;
223 void BrowserPolicyConnectorChromeOS::RegisterPrefs(
224 PrefRegistrySimple* registry) {
225 registry->RegisterIntegerPref(
226 prefs::kDevicePolicyRefreshRate,
227 CloudPolicyRefreshScheduler::kDefaultRefreshDelayMs);
230 void BrowserPolicyConnectorChromeOS::SetTimezoneIfPolicyAvailable() {
231 typedef chromeos::CrosSettingsProvider Provider;
232 Provider::TrustedStatus result =
233 chromeos::CrosSettings::Get()->PrepareTrustedValues(base::Bind(
234 &BrowserPolicyConnectorChromeOS::SetTimezoneIfPolicyAvailable,
235 weak_ptr_factory_.GetWeakPtr()));
237 if (result != Provider::TRUSTED)
240 std::string timezone;
241 if (chromeos::CrosSettings::Get()->GetString(chromeos::kSystemTimezonePolicy,
244 chromeos::system::TimezoneSettings::GetInstance()->SetTimezoneFromID(
245 base::UTF8ToUTF16(timezone));
249 } // namespace policy