1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
8 #include "base/bind_helpers.h"
9 #include "base/prefs/pref_registry_simple.h"
10 #include "base/prefs/pref_service.h"
11 #include "chrome/browser/chromeos/attestation/attestation_policy_observer.h"
12 #include "chrome/browser/chromeos/login/startup_utils.h"
13 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
14 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h"
15 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
16 #include "chrome/browser/policy/cloud/cloud_policy_constants.h"
17 #include "chrome/browser/policy/cloud/cloud_policy_store.h"
18 #include "chrome/browser/policy/cloud/device_management_service.h"
19 #include "chrome/browser/policy/proto/cloud/device_management_backend.pb.h"
20 #include "chrome/common/pref_names.h"
21 #include "chromeos/chromeos_constants.h"
22 #include "chromeos/system/statistics_provider.h"
24 namespace em = enterprise_management;
30 // MachineInfo key names.
31 const char kMachineInfoSystemHwqual[] = "hardware_class";
33 // These are the machine serial number keys that we check in order until we
34 // find a non-empty serial number. The VPD spec says the serial number should be
35 // in the "serial_number" key for v2+ VPDs. However, legacy devices used a
36 // different keys to report their serial number, which we fall back to if
37 // "serial_number" is not present.
39 // Product_S/N is still special-cased due to inconsistencies with serial
40 // numbers on Lumpy devices: On these devices, serial_number is identical to
41 // Product_S/N with an appended checksum. Unfortunately, the sticker on the
42 // packaging doesn't include that checksum either (the sticker on the device
43 // does though!). The former sticker is the source of the serial number used by
44 // device management service, so we prefer Product_S/N over serial number to
47 // TODO(mnissler): Move serial_number back to the top once the server side uses
48 // the correct serial number.
49 const char* kMachineInfoSerialNumberKeys[] = {
50 "Product_S/N", // Lumpy/Alex devices
51 "serial_number", // VPD v2+ devices
52 "Product_SN", // Mario
53 "sn", // old ZGB devices (more recent ones use serial_number)
56 // Fetches a machine statistic value from StatisticsProvider, returns an empty
58 std::string GetMachineStatistic(const std::string& key) {
60 chromeos::system::StatisticsProvider* provider =
61 chromeos::system::StatisticsProvider::GetInstance();
62 if (!provider->GetMachineStatistic(key, &value))
68 // Gets a machine flag from StatisticsProvider, returns the given
69 // |default_value| if not present.
70 bool GetMachineFlag(const std::string& key, bool default_value) {
71 bool value = default_value;
72 chromeos::system::StatisticsProvider* provider =
73 chromeos::system::StatisticsProvider::GetInstance();
74 if (!provider->GetMachineFlag(key, &value))
82 DeviceCloudPolicyManagerChromeOS::DeviceCloudPolicyManagerChromeOS(
83 scoped_ptr<DeviceCloudPolicyStoreChromeOS> store,
84 const scoped_refptr<base::SequencedTaskRunner>& task_runner,
85 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner,
86 EnterpriseInstallAttributes* install_attributes)
88 PolicyNamespaceKey(dm_protocol::kChromeDevicePolicyType,
92 device_store_(store.Pass()),
93 background_task_runner_(background_task_runner),
94 install_attributes_(install_attributes),
95 device_management_service_(NULL),
98 DeviceCloudPolicyManagerChromeOS::~DeviceCloudPolicyManagerChromeOS() {}
100 void DeviceCloudPolicyManagerChromeOS::Connect(
101 PrefService* local_state,
102 DeviceManagementService* device_management_service,
103 scoped_ptr<CloudPolicyClient::StatusProvider> device_status_provider) {
104 CHECK(!device_management_service_);
105 CHECK(device_management_service);
108 local_state_ = local_state;
109 device_management_service_ = device_management_service;
110 device_status_provider_ = device_status_provider.Pass();
115 void DeviceCloudPolicyManagerChromeOS::StartEnrollment(
116 const std::string& auth_token,
117 bool is_auto_enrollment,
118 const AllowedDeviceModes& allowed_device_modes,
119 const EnrollmentCallback& callback) {
120 CHECK(device_management_service_);
121 core()->Disconnect();
123 enrollment_handler_.reset(
124 new EnrollmentHandlerChromeOS(
125 device_store_.get(), install_attributes_, CreateClient(),
126 background_task_runner_, auth_token,
127 install_attributes_->GetDeviceId(), is_auto_enrollment,
128 GetDeviceRequisition(), allowed_device_modes,
129 base::Bind(&DeviceCloudPolicyManagerChromeOS::EnrollmentCompleted,
130 base::Unretained(this), callback)));
131 enrollment_handler_->StartEnrollment();
134 void DeviceCloudPolicyManagerChromeOS::CancelEnrollment() {
135 if (enrollment_handler_.get()) {
136 enrollment_handler_.reset();
141 std::string DeviceCloudPolicyManagerChromeOS::GetDeviceRequisition() const {
142 std::string requisition;
143 const PrefService::Preference* pref = local_state_->FindPreference(
144 prefs::kDeviceEnrollmentRequisition);
145 if (pref->IsDefaultValue() && !chromeos::StartupUtils::IsOobeCompleted()) {
146 // OEM statistics are only loaded when OOBE is not completed.
148 GetMachineStatistic(chromeos::system::kOemDeviceRequisitionKey);
150 pref->GetValue()->GetAsString(&requisition);
156 void DeviceCloudPolicyManagerChromeOS::SetDeviceRequisition(
157 const std::string& requisition) {
159 if (requisition.empty()) {
160 local_state_->ClearPref(prefs::kDeviceEnrollmentRequisition);
161 local_state_->ClearPref(prefs::kDeviceEnrollmentAutoStart);
162 local_state_->ClearPref(prefs::kDeviceEnrollmentCanExit);
164 local_state_->SetString(prefs::kDeviceEnrollmentRequisition, requisition);
165 local_state_->SetBoolean(prefs::kDeviceEnrollmentAutoStart, true);
166 local_state_->SetBoolean(prefs::kDeviceEnrollmentCanExit, false);
171 bool DeviceCloudPolicyManagerChromeOS::ShouldAutoStartEnrollment() const {
172 if (local_state_->HasPrefPath(prefs::kDeviceEnrollmentAutoStart))
173 return local_state_->GetBoolean(prefs::kDeviceEnrollmentAutoStart);
175 return GetMachineFlag(chromeos::system::kOemIsEnterpriseManagedKey, false);
178 bool DeviceCloudPolicyManagerChromeOS::CanExitEnrollment() const {
179 if (local_state_->HasPrefPath(prefs::kDeviceEnrollmentCanExit))
180 return local_state_->GetBoolean(prefs::kDeviceEnrollmentCanExit);
182 return GetMachineFlag(chromeos::system::kOemCanExitEnterpriseEnrollmentKey,
186 void DeviceCloudPolicyManagerChromeOS::Shutdown() {
187 CloudPolicyManager::Shutdown();
188 device_status_provider_.reset();
191 void DeviceCloudPolicyManagerChromeOS::OnStoreLoaded(CloudPolicyStore* store) {
192 CloudPolicyManager::OnStoreLoaded(store);
194 if (!enrollment_handler_.get())
199 void DeviceCloudPolicyManagerChromeOS::RegisterPrefs(
200 PrefRegistrySimple* registry) {
201 registry->RegisterStringPref(prefs::kDeviceEnrollmentRequisition,
203 registry->RegisterBooleanPref(prefs::kDeviceEnrollmentAutoStart, false);
204 registry->RegisterBooleanPref(prefs::kDeviceEnrollmentCanExit, true);
208 std::string DeviceCloudPolicyManagerChromeOS::GetMachineID() {
209 std::string machine_id;
210 chromeos::system::StatisticsProvider* provider =
211 chromeos::system::StatisticsProvider::GetInstance();
212 for (size_t i = 0; i < arraysize(kMachineInfoSerialNumberKeys); i++) {
213 if (provider->GetMachineStatistic(kMachineInfoSerialNumberKeys[i],
215 !machine_id.empty()) {
220 if (machine_id.empty())
221 LOG(WARNING) << "Failed to get machine id.";
227 std::string DeviceCloudPolicyManagerChromeOS::GetMachineModel() {
228 return GetMachineStatistic(kMachineInfoSystemHwqual);
231 std::string DeviceCloudPolicyManagerChromeOS::GetRobotAccountId() {
232 const enterprise_management::PolicyData* policy = device_store_->policy();
233 return policy ? policy->service_account_identity() : std::string();
236 scoped_ptr<CloudPolicyClient> DeviceCloudPolicyManagerChromeOS::CreateClient() {
237 return make_scoped_ptr(
238 new CloudPolicyClient(GetMachineID(), GetMachineModel(),
239 USER_AFFILIATION_NONE,
240 device_status_provider_.get(),
241 device_management_service_));
244 void DeviceCloudPolicyManagerChromeOS::EnrollmentCompleted(
245 const EnrollmentCallback& callback,
246 EnrollmentStatus status) {
247 if (status.status() == EnrollmentStatus::STATUS_SUCCESS) {
248 core()->Connect(enrollment_handler_->ReleaseClient());
249 core()->StartRefreshScheduler();
250 core()->TrackRefreshDelayPref(local_state_,
251 prefs::kDevicePolicyRefreshRate);
252 attestation_policy_observer_.reset(
253 new chromeos::attestation::AttestationPolicyObserver(client()));
258 enrollment_handler_.reset();
259 if (!callback.is_null())
260 callback.Run(status);
263 void DeviceCloudPolicyManagerChromeOS::StartIfManaged() {
264 if (device_management_service_ &&
266 store()->is_initialized() &&
267 store()->is_managed() &&
269 core()->Connect(CreateClient());
270 core()->StartRefreshScheduler();
271 core()->TrackRefreshDelayPref(local_state_,
272 prefs::kDevicePolicyRefreshRate);
273 attestation_policy_observer_.reset(
274 new chromeos::attestation::AttestationPolicyObserver(client()));
278 } // namespace policy