src/chrome/browser/chromeos/policy/browser_policy_connector_chromeos.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
   6
   7 #include "base/command_line.h"
   8 #include "base/files/file_path.h"
   9 #include "base/logging.h"
  10 #include "base/message_loop/message_loop_proxy.h"
  11 #include "base/path_service.h"
  12 #include "base/prefs/pref_registry_simple.h"
  13 #include "base/sequenced_task_runner.h"
  14 #include "base/strings/utf_string_conversions.h"
  15 #include "base/threading/sequenced_worker_pool.h"
  16 #include "chrome/browser/chromeos/policy/app_pack_updater.h"
  17 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
  18 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
  19 #include "chrome/browser/chromeos/policy/device_local_account.h"
  20 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
  21 #include "chrome/browser/chromeos/policy/device_network_configuration_updater.h"
  22 #include "chrome/browser/chromeos/policy/device_status_collector.h"
  23 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
  24 #include "chrome/browser/chromeos/settings/cros_settings.h"
  25 #include "chrome/browser/chromeos/settings/device_settings_service.h"
  26 #include "chrome/common/pref_names.h"
  27 #include "chromeos/chromeos_paths.h"
  28 #include "chromeos/chromeos_switches.h"
  29 #include "chromeos/cryptohome/system_salt_getter.h"
  30 #include "chromeos/dbus/dbus_thread_manager.h"
  31 #include "chromeos/network/network_handler.h"
  32 #include "chromeos/network/onc/onc_certificate_importer_impl.h"
  33 #include "chromeos/settings/cros_settings_names.h"
  34 #include "chromeos/settings/cros_settings_provider.h"
  35 #include "chromeos/settings/timezone_settings.h"
  36 #include "chromeos/system/statistics_provider.h"
  37 #include "components/policy/core/common/cloud/cloud_policy_client.h"
  38 #include "components/policy/core/common/cloud/cloud_policy_refresh_scheduler.h"
  39 #include "components/policy/core/common/proxy_policy_provider.h"
  40 #include "content/public/browser/browser_thread.h"
  41 #include "google_apis/gaia/gaia_auth_util.h"
  42 #include "net/url_request/url_request_context_getter.h"
  43
  44 using content::BrowserThread;
  45
  46 namespace policy {
  47
  48 namespace {
  49
  50 // Install attributes for tests.
  51 EnterpriseInstallAttributes* g_testing_install_attributes = NULL;
  52
  53 // Helper that returns a new SequencedTaskRunner backed by the blocking pool.
  54 // Each SequencedTaskRunner returned is independent from the others.
  55 scoped_refptr<base::SequencedTaskRunner> GetBackgroundTaskRunner() {
  56   base::SequencedWorkerPool* pool = BrowserThread::GetBlockingPool();
  57   CHECK(pool);
  58   return pool->GetSequencedTaskRunnerWithShutdownBehavior(
  59       pool->GetSequenceToken(), base::SequencedWorkerPool::SKIP_ON_SHUTDOWN);
  60 }
  61
  62 }  // namespace
  63
  64 BrowserPolicyConnectorChromeOS::BrowserPolicyConnectorChromeOS()
  65     : device_cloud_policy_manager_(NULL),
  66       global_user_cloud_policy_provider_(NULL),
  67       weak_ptr_factory_(this) {
  68   if (g_testing_install_attributes)
  69     install_attributes_.reset(g_testing_install_attributes);
  70
  71   // SystemSaltGetter or DBusThreadManager may be uninitialized on unit tests.
  72
  73   // TODO(satorux): Remove SystemSaltGetter::IsInitialized() when it's ready
  74   // (removing it now breaks tests). crbug.com/141016.
  75   if (chromeos::SystemSaltGetter::IsInitialized() &&
  76       chromeos::DBusThreadManager::IsInitialized()) {
  77     chromeos::CryptohomeClient* cryptohome_client =
  78         chromeos::DBusThreadManager::Get()->GetCryptohomeClient();
  79     if (!g_testing_install_attributes) {
  80       install_attributes_.reset(
  81           new EnterpriseInstallAttributes(cryptohome_client));
  82     }
  83     base::FilePath install_attrs_file;
  84     CHECK(PathService::Get(chromeos::FILE_INSTALL_ATTRIBUTES,
  85                            &install_attrs_file));
  86     install_attributes_->ReadCacheFile(install_attrs_file);
  87
  88     scoped_ptr<DeviceCloudPolicyStoreChromeOS> device_cloud_policy_store(
  89         new DeviceCloudPolicyStoreChromeOS(
  90             chromeos::DeviceSettingsService::Get(),
  91             install_attributes_.get(),
  92             GetBackgroundTaskRunner()));
  93     device_cloud_policy_manager_ =
  94         new DeviceCloudPolicyManagerChromeOS(device_cloud_policy_store.Pass(),
  95                                              base::MessageLoopProxy::current(),
  96                                              GetBackgroundTaskRunner(),
  97                                              install_attributes_.get());
  98     AddPolicyProvider(
  99         scoped_ptr<ConfigurationPolicyProvider>(device_cloud_policy_manager_));
 100   }
 101
 102   global_user_cloud_policy_provider_ = new ProxyPolicyProvider();
 103   AddPolicyProvider(scoped_ptr<ConfigurationPolicyProvider>(
 104       global_user_cloud_policy_provider_));
 105 }
 106
 107 BrowserPolicyConnectorChromeOS::~BrowserPolicyConnectorChromeOS() {}
 108
 109 void BrowserPolicyConnectorChromeOS::Init(
 110     PrefService* local_state,
 111     scoped_refptr<net::URLRequestContextGetter> request_context) {
 112   ChromeBrowserPolicyConnector::Init(local_state, request_context);
 113
 114   if (device_cloud_policy_manager_) {
 115     // Note: for now the |device_cloud_policy_manager_| is using the global
 116     // schema registry. Eventually it will have its own registry, once device
 117     // cloud policy for extensions is introduced. That means it'd have to be
 118     // initialized from here instead of BrowserPolicyConnector::Init().
 119
 120     scoped_ptr<CloudPolicyClient::StatusProvider> status_provider(
 121         new DeviceStatusCollector(
 122             local_state,
 123             chromeos::system::StatisticsProvider::GetInstance(),
 124             NULL));
 125     device_cloud_policy_manager_->Connect(
 126         local_state, device_management_service(), status_provider.Pass());
 127   }
 128
 129   CommandLine* command_line = CommandLine::ForCurrentProcess();
 130   if (!command_line->HasSwitch(chromeos::switches::kDisableLocalAccounts)) {
 131     device_local_account_policy_service_.reset(
 132         new DeviceLocalAccountPolicyService(
 133             chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
 134             chromeos::DeviceSettingsService::Get(),
 135             chromeos::CrosSettings::Get(),
 136             GetBackgroundTaskRunner(),
 137             GetBackgroundTaskRunner(),
 138             GetBackgroundTaskRunner(),
 139             content::BrowserThread::GetMessageLoopProxyForThread(
 140                 content::BrowserThread::IO),
 141             request_context));
 142     device_local_account_policy_service_->Connect(device_management_service());
 143   }
 144
 145   // request_context is NULL in unit tests.
 146   if (request_context && install_attributes_) {
 147     app_pack_updater_.reset(
 148         new AppPackUpdater(request_context, install_attributes_.get()));
 149   }
 150
 151   SetTimezoneIfPolicyAvailable();
 152
 153   network_configuration_updater_ =
 154       DeviceNetworkConfigurationUpdater::CreateForDevicePolicy(
 155           GetPolicyService(),
 156           chromeos::NetworkHandler::Get()
 157               ->managed_network_configuration_handler(),
 158           chromeos::NetworkHandler::Get()->network_device_handler(),
 159           chromeos::CrosSettings::Get());
 160 }
 161
 162 void BrowserPolicyConnectorChromeOS::Shutdown() {
 163   // The AppPackUpdater may be observing the |device_cloud_policy_manager_|.
 164   // Delete it first.
 165   app_pack_updater_.reset();
 166
 167   network_configuration_updater_.reset();
 168
 169   if (device_local_account_policy_service_)
 170     device_local_account_policy_service_->Shutdown();
 171
 172   ChromeBrowserPolicyConnector::Shutdown();
 173 }
 174
 175 bool BrowserPolicyConnectorChromeOS::IsEnterpriseManaged() {
 176   return install_attributes_ && install_attributes_->IsEnterpriseDevice();
 177 }
 178
 179 std::string BrowserPolicyConnectorChromeOS::GetEnterpriseDomain() {
 180   return install_attributes_ ? install_attributes_->GetDomain() : std::string();
 181 }
 182
 183 DeviceMode BrowserPolicyConnectorChromeOS::GetDeviceMode() {
 184   return install_attributes_ ? install_attributes_->GetMode()
 185                              : DEVICE_MODE_NOT_SET;
 186 }
 187
 188 UserAffiliation BrowserPolicyConnectorChromeOS::GetUserAffiliation(
 189     const std::string& user_name) {
 190   // An empty username means incognito user in case of ChromiumOS and
 191   // no logged-in user in case of Chromium (SigninService). Many tests use
 192   // nonsense email addresses (e.g. 'test') so treat those as non-enterprise
 193   // users.
 194   if (user_name.empty() || user_name.find('@') == std::string::npos)
 195     return USER_AFFILIATION_NONE;
 196
 197   if (install_attributes_ &&
 198       (gaia::ExtractDomainName(gaia::CanonicalizeEmail(user_name)) ==
 199            install_attributes_->GetDomain() ||
 200        policy::IsDeviceLocalAccountUser(user_name, NULL))) {
 201     return USER_AFFILIATION_MANAGED;
 202   }
 203
 204   return USER_AFFILIATION_NONE;
 205 }
 206
 207 AppPackUpdater* BrowserPolicyConnectorChromeOS::GetAppPackUpdater() {
 208   return app_pack_updater_.get();
 209 }
 210
 211 void BrowserPolicyConnectorChromeOS::SetUserPolicyDelegate(
 212     ConfigurationPolicyProvider* user_policy_provider) {
 213   global_user_cloud_policy_provider_->SetDelegate(user_policy_provider);
 214 }
 215
 216 void BrowserPolicyConnectorChromeOS::SetInstallAttributesForTesting(
 217     EnterpriseInstallAttributes* attributes) {
 218   DCHECK(!g_testing_install_attributes);
 219   g_testing_install_attributes = attributes;
 220 }
 221
 222 // static
 223 void BrowserPolicyConnectorChromeOS::RegisterPrefs(
 224     PrefRegistrySimple* registry) {
 225   registry->RegisterIntegerPref(
 226       prefs::kDevicePolicyRefreshRate,
 227       CloudPolicyRefreshScheduler::kDefaultRefreshDelayMs);
 228 }
 229
 230 void BrowserPolicyConnectorChromeOS::SetTimezoneIfPolicyAvailable() {
 231   typedef chromeos::CrosSettingsProvider Provider;
 232   Provider::TrustedStatus result =
 233       chromeos::CrosSettings::Get()->PrepareTrustedValues(base::Bind(
 234           &BrowserPolicyConnectorChromeOS::SetTimezoneIfPolicyAvailable,
 235           weak_ptr_factory_.GetWeakPtr()));
 236
 237   if (result != Provider::TRUSTED)
 238     return;
 239
 240   std::string timezone;
 241   if (chromeos::CrosSettings::Get()->GetString(chromeos::kSystemTimezonePolicy,
 242                                                &timezone) &&
 243       !timezone.empty()) {
 244     chromeos::system::TimezoneSettings::GetInstance()->SetTimezoneFromID(
 245         base::UTF8ToUTF16(timezone));
 246   }
 247 }
 248
 249 }  // namespace policy